From 8e75e68531ff6391a1a24752106f5dc3a074cabb Mon Sep 17 00:00:00 2001 From: Alexey Skalozub Date: Wed, 13 Jan 2016 21:59:27 +0200 Subject: [PATCH 001/504] Remove redundant i increments Doesn't matter performance-wise, but still... --- library/bignum.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 7841bea43..96769d767 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -949,7 +949,7 @@ static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) while( c != 0 ) { z = ( *d < c ); *d -= c; - c = z; i++; d++; + c = z; d++; } } @@ -1187,8 +1187,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - for( i++; j > 0; j-- ) - mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); + for( ; j > 0; j-- ) + mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] ); X->s = A->s * B->s; From 3f21a35c36fd040d28fa67ae54abf7be12ec073b Mon Sep 17 00:00:00 2001 From: Matthias Weisser Date: Thu, 18 Aug 2016 07:55:05 +0200 Subject: [PATCH 002/504] Added checking for QNX operating system to make mbedtls build on QNX --- library/entropy_poll.c | 2 +- library/net.c | 2 +- library/timing.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index a116e605d..67900c46c 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -44,7 +44,7 @@ #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) + !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" #endif diff --git a/library/net.c b/library/net.c index 8b96321bc..93bf0468b 100644 --- a/library/net.c +++ b/library/net.c @@ -28,7 +28,7 @@ #if defined(MBEDTLS_NET_C) #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) + !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" #endif diff --git a/library/timing.c b/library/timing.c index a7c7ff027..56f29bdb5 100644 --- a/library/timing.c +++ b/library/timing.c @@ -39,7 +39,7 @@ #if !defined(MBEDTLS_TIMING_ALT) #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) + !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) #error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" #endif From e75b88db492a6ca8bf5138667f514f3b2b93ecb0 Mon Sep 17 00:00:00 2001 From: Joris Aerts Date: Fri, 4 Nov 2016 23:05:56 +0100 Subject: [PATCH 003/504] Fix missing void argument declarations #678 --- library/memory_buffer_alloc.c | 12 ++++++------ library/version.c | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 545d5a2c3..c0a72c2ad 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -113,7 +113,7 @@ static void debug_header( memory_header *hdr ) #endif } -static void debug_chain() +static void debug_chain( void ) { memory_header *cur = heap.first; @@ -180,7 +180,7 @@ static int verify_header( memory_header *hdr ) return( 0 ); } -static int verify_chain() +static int verify_chain( void ) { memory_header *prv = heap.first, *cur = heap.first->next; @@ -500,13 +500,13 @@ void mbedtls_memory_buffer_set_verify( int verify ) heap.verify = verify; } -int mbedtls_memory_buffer_alloc_verify() +int mbedtls_memory_buffer_alloc_verify( void ) { return verify_chain(); } #if defined(MBEDTLS_MEMORY_DEBUG) -void mbedtls_memory_buffer_alloc_status() +void mbedtls_memory_buffer_alloc_status( void ) { mbedtls_fprintf( stderr, "Current use: %zu blocks / %zu bytes, max: %zu blocks / " @@ -600,7 +600,7 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) heap.first_free = heap.first; } -void mbedtls_memory_buffer_alloc_free() +void mbedtls_memory_buffer_alloc_free( void ) { #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &heap.mutex ); @@ -620,7 +620,7 @@ static int check_pointer( void *p ) return( 0 ); } -static int check_all_free( ) +static int check_all_free( void ) { if( #if defined(MBEDTLS_MEMORY_DEBUG) diff --git a/library/version.c b/library/version.c index 6ca80d469..fd9675088 100644 --- a/library/version.c +++ b/library/version.c @@ -30,7 +30,7 @@ #include "mbedtls/version.h" #include -unsigned int mbedtls_version_get_number() +unsigned int mbedtls_version_get_number( void ) { return( MBEDTLS_VERSION_NUMBER ); } From 4dab551698f68a327d738a6262378e9b80f0be14 Mon Sep 17 00:00:00 2001 From: aitap Date: Fri, 13 Jan 2017 13:22:31 +0400 Subject: [PATCH 004/504] mbedtls_net_accept: client_ip can be NULL This is currently used in example programs, but not explicitly documented. --- include/mbedtls/net_sockets.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index de335526f..f09f8bf3b 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -117,9 +117,10 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char * * \param bind_ctx Relevant socket * \param client_ctx Will contain the connected client socket - * \param client_ip Will contain the client IP address + * \param client_ip Will contain the client IP address, can be NULL * \param buf_size Size of the client_ip buffer - * \param ip_len Will receive the size of the client IP written + * \param ip_len Will receive the size of the client IP written, + * can be NULL if client_ip == NULL * * \return 0 if successful, or * MBEDTLS_ERR_NET_ACCEPT_FAILED, or From 2fab5c9605c5348be5ad08218a4f8d92f5376549 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 15 Dec 2016 18:51:13 -0800 Subject: [PATCH 005/504] Work around for GCC bug --- library/cmac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index b2fe713a0..9fcb43979 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -765,7 +765,7 @@ static int cmac_test_subkeys( int verbose, int block_size, int num_tests ) { - int i, ret; + int i, ret = 0; mbedtls_cipher_context_t ctx; const mbedtls_cipher_info_t *cipher_info; unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; @@ -847,7 +847,7 @@ static int cmac_test_wth_cipher( int verbose, int num_tests ) { const mbedtls_cipher_info_t *cipher_info; - int i, ret; + int i, ret = 0; unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; cipher_info = mbedtls_cipher_info_from_type( cipher_type ); From a7f51f6e1ff8da886ed26dc8408e1b01f2869440 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 15 May 2017 11:23:55 +0300 Subject: [PATCH 006/504] Remove Yotta module from footprint.sh script Remove Yotta module configuration usd in footprint.sh script --- scripts/footprint.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index d38e50af2..c08ef1c90 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -11,7 +11,6 @@ # # Configurations included: # default include/mbedtls/config.h -# yotta yotta/module/mbedtls/config.h # thread configs/config-thread.h # suite-b configs/config-suite-b.h # psk configs/config-ccm-psk-tls1_2.h @@ -102,11 +101,7 @@ log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION" log "$( arm-none-eabi-gcc --version | head -n1 )" log "CFLAGS=$ARMGCC_FLAGS" -# creates the yotta config -yotta/create-module.sh >/dev/null - doit default include/mbedtls/config.h -doit yotta yotta/module/mbedtls/config.h doit thread configs/config-thread.h doit suite-b configs/config-suite-b.h doit psk configs/config-ccm-psk-tls1_2.h From 4ae7d5df96b29ab275b9040796775aa337116cc3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 May 2017 11:59:29 +0200 Subject: [PATCH 007/504] Clarified documentation of mbedtls_ssl_setup Note that the configuration structure must remain accessible. The previous wording could have been taken as implying that it's ok to change the structure but changes wouldn't be taken into account. Also note that calling this function twice is not supported (it would at least be a memory leak). --- include/mbedtls/ssl.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 495e02cb0..e3fd890cf 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -960,8 +960,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); * \note No copy of the configuration context is made, it can be * shared by many mbedtls_ssl_context structures. * - * \warning Modifying the conf structure after it has been used in this - * function is unsupported! + * \warning The conf structure will be accessed during the session. + * It must not be modified or freed as long as the session + * is active. + * + * \warning This function must be called exactly once per context. + * Calling mbedtls_ssl_setup again is not supported, even + * if no session is active. * * \param ssl SSL context * \param conf SSL configuration to use From 2fd1bb8f02c711e047889e10177d7360d256204c Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Thu, 12 Nov 2015 16:38:31 +0200 Subject: [PATCH 008/504] Add option to use smaller AES tables (table sizes reduced by 6144 bytes) This patch adds MBEDTLS_AES_SMALL_TABLES option to reduce number of AES look-up tables and thus save 6 KiB of memory. Enabling this option cause performance hit MBEDTLS_AES_SMALL_TABLES of ~7% on ARM and ~15% on x86-64. Benchmark on Cortex-A7 (armhf): Before: AES-CBC-128 : 14394 Kb/s, 0 cycles/byte AES-CBC-192 : 12442 Kb/s, 0 cycles/byte AES-CBC-256 : 10958 Kb/s, 0 cycles/byte After: AES-CBC-128 : 13342 Kb/s, 0 cycles/byte AES-CBC-192 : 11469 Kb/s, 0 cycles/byte AES-CBC-256 : 10058 Kb/s, 0 cycles/byte Benchmark on Intel Core i5-4570 (x86_64, 3.2 Ghz, no turbo): Before: AES-CBC-128 : 215759 Kb/s, 14 cycles/byte AES-CBC-192 : 190884 Kb/s, 16 cycles/byte AES-CBC-256 : 171536 Kb/s, 18 cycles/byte After: AES-CBC-128 : 185108 Kb/s, 16 cycles/byte AES-CBC-192 : 162839 Kb/s, 19 cycles/byte AES-CBC-256 : 144700 Kb/s, 21 cycles/byte --- include/mbedtls/config.h | 9 +++ library/aes.c | 140 +++++++++++++++++++++++++------------ library/version_features.c | 3 + 3 files changed, 106 insertions(+), 46 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..44def95b8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -387,6 +387,15 @@ */ //#define MBEDTLS_AES_ROM_TABLES +/** + * \def MBEDTLS_AES_SMALL_TABLES + * + * Use less ROM/RAM for the AES implementation (saves about 6144 bytes). + * + * Uncomment this macro to use less memory for AES. + */ +//#define MBEDTLS_AES_SMALL_TABLES + /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY * diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b..aabacf9f8 100644 --- a/library/aes.c +++ b/library/aes.c @@ -201,6 +201,8 @@ static const unsigned char FSb[256] = static const uint32_t FT0[256] = { FT }; #undef V +#ifndef MBEDTLS_AES_SMALL_TABLES + #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t FT1[256] = { FT }; #undef V @@ -213,6 +215,8 @@ static const uint32_t FT2[256] = { FT }; static const uint32_t FT3[256] = { FT }; #undef V +#endif /* !MBEDTLS_AES_SMALL_TABLES */ + #undef FT /* @@ -328,6 +332,8 @@ static const unsigned char RSb[256] = static const uint32_t RT0[256] = { RT }; #undef V +#ifndef MBEDTLS_AES_SMALL_TABLES + #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t RT1[256] = { RT }; #undef V @@ -340,6 +346,8 @@ static const uint32_t RT2[256] = { RT }; static const uint32_t RT3[256] = { RT }; #undef V +#endif /* !MBEDTLS_AES_SMALL_TABLES */ + #undef RT /* @@ -359,18 +367,22 @@ static const uint32_t RCON[10] = */ static unsigned char FSb[256]; static uint32_t FT0[256]; +#ifndef MBEDTLS_AES_SMALL_TABLES static uint32_t FT1[256]; static uint32_t FT2[256]; static uint32_t FT3[256]; +#endif /* !MBEDTLS_AES_SMALL_TABLES */ /* * Reverse S-box & tables */ static unsigned char RSb[256]; static uint32_t RT0[256]; +#ifndef MBEDTLS_AES_SMALL_TABLES static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; +#endif /* !MBEDTLS_AES_SMALL_TABLES */ /* * Round constants @@ -445,9 +457,11 @@ static void aes_gen_tables( void ) ( (uint32_t) x << 16 ) ^ ( (uint32_t) z << 24 ); +#ifndef MBEDTLS_AES_SMALL_TABLES FT1[i] = ROTL8( FT0[i] ); FT2[i] = ROTL8( FT1[i] ); FT3[i] = ROTL8( FT2[i] ); +#endif /* !MBEDTLS_AES_SMALL_TABLES */ x = RSb[i]; @@ -456,14 +470,48 @@ static void aes_gen_tables( void ) ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ ( (uint32_t) MUL( 0x0B, x ) << 24 ); +#ifndef MBEDTLS_AES_SMALL_TABLES RT1[i] = ROTL8( RT0[i] ); RT2[i] = ROTL8( RT1[i] ); RT3[i] = ROTL8( RT2[i] ); +#endif /* !MBEDTLS_AES_SMALL_TABLES */ } } +#undef ROTL8 + #endif /* MBEDTLS_AES_ROM_TABLES */ +#ifdef MBEDTLS_AES_SMALL_TABLES + +#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) +#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) ) +#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) ) + +#define AES_RT0(idx) RT0[idx] +#define AES_RT1(idx) ROTL8( RT0[idx] ) +#define AES_RT2(idx) ROTL16( RT0[idx] ) +#define AES_RT3(idx) ROTL24( RT0[idx] ) + +#define AES_FT0(idx) FT0[idx] +#define AES_FT1(idx) ROTL8( FT0[idx] ) +#define AES_FT2(idx) ROTL16( FT0[idx] ) +#define AES_FT3(idx) ROTL24( FT0[idx] ) + +#else /* MBEDTLS_AES_SMALL_TABLES */ + +#define AES_RT0(idx) RT0[idx] +#define AES_RT1(idx) RT1[idx] +#define AES_RT2(idx) RT2[idx] +#define AES_RT3(idx) RT3[idx] + +#define AES_FT0(idx) FT0[idx] +#define AES_FT1(idx) FT1[idx] +#define AES_FT2(idx) FT2[idx] +#define AES_FT3(idx) FT3[idx] + +#endif /* MBEDTLS_AES_SMALL_TABLES */ + void mbedtls_aes_init( mbedtls_aes_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_aes_context ) ); @@ -641,10 +689,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, { for( j = 0; j < 4; j++, SK++ ) { - *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^ - RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^ - RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^ - RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ]; + *RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^ + AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^ + AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^ + AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] ); } } @@ -660,50 +708,50 @@ exit: } #endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ -#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ -{ \ - X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \ - FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ - FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ - FT3[ ( Y3 >> 24 ) & 0xFF ]; \ - \ - X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \ - FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ - FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ - FT3[ ( Y0 >> 24 ) & 0xFF ]; \ - \ - X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \ - FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ - FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ - FT3[ ( Y1 >> 24 ) & 0xFF ]; \ - \ - X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \ - FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ - FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ - FT3[ ( Y2 >> 24 ) & 0xFF ]; \ +#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ +{ \ + X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \ + AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \ + AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \ + AES_FT3( ( Y3 >> 24 ) & 0xFF ); \ + \ + X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \ + AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \ + AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \ + AES_FT3( ( Y0 >> 24 ) & 0xFF ); \ + \ + X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \ + AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \ + AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \ + AES_FT3( ( Y1 >> 24 ) & 0xFF ); \ + \ + X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \ + AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \ + AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \ + AES_FT3( ( Y2 >> 24 ) & 0xFF ); \ } -#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ -{ \ - X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \ - RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ - RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ - RT3[ ( Y1 >> 24 ) & 0xFF ]; \ - \ - X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \ - RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ - RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ - RT3[ ( Y2 >> 24 ) & 0xFF ]; \ - \ - X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \ - RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ - RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ - RT3[ ( Y3 >> 24 ) & 0xFF ]; \ - \ - X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \ - RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ - RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ - RT3[ ( Y0 >> 24 ) & 0xFF ]; \ +#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ +{ \ + X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \ + AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \ + AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \ + AES_RT3( ( Y1 >> 24 ) & 0xFF ); \ + \ + X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \ + AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \ + AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \ + AES_RT3( ( Y2 >> 24 ) & 0xFF ); \ + \ + X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \ + AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \ + AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \ + AES_RT3( ( Y3 >> 24 ) & 0xFF ); \ + \ + X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \ + AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \ + AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \ + AES_RT3( ( Y0 >> 24 ) & 0xFF ); \ } /* diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..2b651996c 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -198,6 +198,9 @@ static const char *features[] = { #if defined(MBEDTLS_AES_ROM_TABLES) "MBEDTLS_AES_ROM_TABLES", #endif /* MBEDTLS_AES_ROM_TABLES */ +#if defined(MBEDTLS_AES_SMALL_TABLES) + "MBEDTLS_AES_SMALL_TABLES", +#endif /* MBEDTLS_AES_SMALL_TABLES */ #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) "MBEDTLS_CAMELLIA_SMALL_MEMORY", #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ From 88ec2381d6af23935c491272375cea85d942d894 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 May 2017 13:51:16 +0100 Subject: [PATCH 009/504] Add configuration options for verification and blinding This commit defines some configuration options to control the mandatory use of blinding and verification in RSA private key operations. --- include/mbedtls/config.h | 72 +++++++++++++++++++++++++++++++++++++++- include/mbedtls/rsa.h | 35 ++++++++++++++++++- 2 files changed, 105 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..1ce92c5a1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -970,16 +970,86 @@ */ #define MBEDTLS_PKCS1_V21 +/** + * \def MBEDTLS_RSA_FORCE_BLINDING + * + * Force the use of blinding in RSA private key operations. + * This makes these operations fail when the caller doesn't + * provide a PRNG. + * + * Comment this macro to allow RSA private key operations + * without blinding. + * + * \warning Disabling this can be a security risk! + * Blinding RSA private key operations is a way + * to prevent statistical timing attacks as in + * [P. Kocher ', Timing Attacks on Implementations + * of Diffie-Hellman, RSA, DSS, and Other Systems] + * + * \note Disabling this does not mean that blinding + * will never be used, but instead makes private + * key operations fail if, perhaps unintentionally, + * the user failed to call them with a PRNG. + * + * \note For more on the use of blinding in RSA + * private key operations, see the documentation + * of \c mbedtls_rsa_private. + */ +#define MBEDTLS_RSA_FORCE_BLINDING + /** * \def MBEDTLS_RSA_NO_CRT * - * Do not use the Chinese Remainder Theorem for the RSA private operation. + * Do not use the Chinese Remainder Theorem + * for the RSA private operation. * * Uncomment this macro to disable the use of CRT in RSA. * */ //#define MBEDTLS_RSA_NO_CRT +/** + * \def MBEDTLS_RSA_FORCE_CRT_VERIFICATION + * + * Force verification of results of RSA private key operations + * when RSA-CRT is used. + * + * Comment this macro to disable RSA-CRT verification. + * + * \warning Disabling this can be a security risk! + * Omitting verification makes the RSA-CRT + * signing vulnerable to the Bellcore + * glitch attack leading to private key + * compromise if an attacker can cause a + * glitch in a certain timeframe during + * the signing operation. Uncomment only + * if you're sure that glitches are out of + * your attack model. + */ +#define MBEDTLS_RSA_FORCE_CRT_VERIFICATION + +/** + * \def MBEDTLS_RSA_FORCE_VERIFICATION + * + * Force verification of results of any RSA private key + * operation regardless of the algorithm used. + * + * Uncomment this to enable unconditional RSA verification. + * + * \note This is to prevent the RSA signing operation + * (regardless of the particular algorithm chosen) + * from potential future glitch attacks. We are + * currently not aware of any such for our default + * implementation, therefore disabling the option + * by default. + * + * \note Enabling it comes at the cost of roughly an + * additional public key operation at the end of + * signing (low compared to private key operations), + * as well as minor memory consumption. + */ +//#define MBEDTLS_RSA_FORCE_VERIFICATION + /** * \def MBEDTLS_SELF_TEST * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdc..e34fea0f2 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -63,6 +63,15 @@ #define MBEDTLS_RSA_SALT_LEN_ANY -1 +/* + * RSA configuration + */ +#if defined(MBEDTLS_RSA_FORCE_VERIFICATION) || \ + ( ! defined(MBEDTLS_RSA_NO_CRT) && \ + defined(MBEDTLS_RSA_FORCE_CRT_VERIFICATION ) ) +#define MBEDTLS_RSA_REQUIRE_VERIFICATION +#endif + /* * The above constants may be used even if the RSA module is compile out, * eg for alternative (PKCS#11) RSA implemenations in the PK layers. @@ -220,7 +229,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \brief Do an RSA private key operation * * \param ctx RSA context - * \param f_rng RNG function (Needed for blinding) + * \param f_rng RNG function (used for blinding) * \param p_rng RNG parameter * \param input input buffer * \param output output buffer @@ -229,6 +238,30 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). + * + * \note Enabling and disabling of blinding: + * - If f_rng is NULL and MBEDTLS_RSA_FORCE_BLINDING + * is disabled, blinding is disabled. + * - If f_rng is NULL and MBEDTLS_RSA_FORCE_BLINDING + * is enabled, the function fails. + * + * \note If blinding is used, both the base of exponentation + * and the exponent are blinded, preventing both statistical + * timing and power analysis attacks. + * + * \note Depending on the way RSA is implemented, a failure + * in the computation can lead to disclosure of the private + * key if the wrong result is passed to attacker - e.g., + * implementing RSA through CRT is vulnerable to the + * Bellcore glitch attack. + * + * As a remedy, the user can force double checking the + * result of the private key operation through the option + * MBEDTLS_RSA_FORCE_VERIFICATION. If verification is + * to be enabled only when RSA-CRT is used (as controlled + * by the configuration option MBEDTLS_RSA_NO_CRT), the + * option MBEDTLS_RSA_FORCE_CRT_VERIFICATION can be used. + * */ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From 5bc8729b9e7738d8f9a32e96b8e1fb2f597e3609 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 May 2017 15:09:31 +0100 Subject: [PATCH 010/504] Correct memory leak in RSA self test The RSA self test didn't free the RSA context on failure. --- library/rsa.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 122bc1360..c8090044a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1772,7 +1772,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) @@ -1786,7 +1787,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) @@ -1799,7 +1801,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) @@ -1807,7 +1810,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) @@ -1825,7 +1829,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) @@ -1837,7 +1842,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) From a540068a56efcadb6cf05b7a197021aa7c4788b5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 May 2017 16:43:15 +0100 Subject: [PATCH 011/504] Modify PK test suite to provide PRNG to RSA signature function To prepare for the option of mandatory blinding, this commit changes the PK test suite to always call signature functions with a PRNG. --- tests/suites/test_suite_pk.function | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5fa8a693a..33453ac6f 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -43,7 +43,7 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) { - return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen, + return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, @@ -51,7 +51,9 @@ int mbedtls_rsa_sign_func( void *ctx, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, + ((void) f_rng); + ((void) p_rng); + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) From 06811ced27d809610cfde1db85dd138452f40436 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 May 2017 15:10:34 +0100 Subject: [PATCH 012/504] Put configuration options for RSA blinding and verification to work. --- library/rsa.c | 132 +++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 108 insertions(+), 24 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index c8090044a..d3feeba88 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -398,24 +398,68 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, { int ret; size_t olen; - mbedtls_mpi T, T1, T2; + + /* Temporary holding the result */ + mbedtls_mpi T; + + /* Temporaries holding P-1, Q-1 and the + * exponent blinding factor, respectively. */ mbedtls_mpi P1, Q1, R; -#if defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi D_blind; - mbedtls_mpi *D = &ctx->D; -#else + +#if !defined(MBEDTLS_RSA_NO_CRT) + /* Temporaries holding the results mod p resp. mod q. */ + mbedtls_mpi TP, TQ; + + /* Temporaries holding the blinded exponents for + * the mod p resp. mod q computation (if used). */ mbedtls_mpi DP_blind, DQ_blind; + + /* Pointers to actual exponents to be used - either the unblinded + * or the blinded ones, depending on the presence of a PRNG. */ mbedtls_mpi *DP = &ctx->DP; mbedtls_mpi *DQ = &ctx->DQ; +#else + /* Temporary holding the blinded exponent (if used). */ + mbedtls_mpi D_blind; + + /* Pointer to actual exponent to be used - either the unblinded + * or the blinded one, depending on the presence of a PRNG. */ + mbedtls_mpi *D = &ctx->D; +#endif + +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + /* Temporaries holding input mod p resp. mod q. */ + mbedtls_mpi IP, IQ; + + /* Temporaries holding double check results mod p resp. mod q; + * should in the end have the same values as IP and IQ. */ + mbedtls_mpi CP, CQ; + + /* Comparison results */ + int check = 0; +#endif + +#if defined(MBEDTLS_RSA_FORCE_BLINDING) + if( f_rng == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); #endif /* Make sure we have private key info, prevent possible misuse */ if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); +#if defined(MBEDTLS_THREADING_C) + if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) + return( ret ); +#endif + /* MPI Initialization */ + + mbedtls_mpi_init( &T ); + + mbedtls_mpi_init( &P1 ); + mbedtls_mpi_init( &Q1 ); + mbedtls_mpi_init( &R ); if( f_rng != NULL ) { @@ -427,12 +471,17 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, #endif } - -#if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); +#if !defined(MBEDTLS_RSA_NO_CRT) + mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); #endif +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + mbedtls_mpi_init( &IP ); mbedtls_mpi_init( &IQ ); + mbedtls_mpi_init( &CP ); mbedtls_mpi_init( &CQ ); +#endif + + /* End of MPI initialization */ + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) ); if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) { @@ -440,6 +489,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, goto cleanup; } +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IP, &T, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IQ, &T, &ctx->Q ) ); +#endif + if( f_rng != NULL ) { /* @@ -498,24 +552,25 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, /* * Faster decryption using the CRT * - * T1 = input ^ dP mod P - * T2 = input ^ dQ mod Q + * TP = input ^ dP mod P + * TQ = input ^ dQ mod Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, DP, &ctx->P, &ctx->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, DQ, &ctx->Q, &ctx->RQ ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) ); /* - * T = (T1 - T2) * (Q^-1 mod P) mod P + * T = (TP - TQ) * (Q^-1 mod P) mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T1, &T2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->QP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T1, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) ); /* - * T = T2 + T * Q + * T = TQ + T * Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &T2, &T1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) ); #endif /* MBEDTLS_RSA_NO_CRT */ if( f_rng != NULL ) @@ -528,6 +583,23 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); } + /* If requested by the config, verify the result to prevent glitching attacks. + * For that, check the two prime moduli separately. */ +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CP, &T, &ctx->E, &ctx->P, &ctx->RP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CQ, &T, &ctx->E, &ctx->Q, &ctx->RQ ) ); + + check |= mbedtls_mpi_cmp_mpi( &CP, &IP ); + check |= mbedtls_mpi_cmp_mpi( &CQ, &IQ ); + + if( check != 0 ) + { + /* Verification failed */ + ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; + goto cleanup; + } +#endif /* MBEDTLS_RSA_REQUIRE_VERIFICATION */ + olen = ctx->len; MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); @@ -537,8 +609,9 @@ cleanup: return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); #endif - mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &R ); + mbedtls_mpi_free( &P1 ); + mbedtls_mpi_free( &Q1 ); + mbedtls_mpi_free( &R ); if( f_rng != NULL ) { @@ -550,6 +623,17 @@ cleanup: #endif } + mbedtls_mpi_free( &T ); + +#if !defined(MBEDTLS_RSA_NO_CRT) + mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ ); +#endif + +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + mbedtls_mpi_free( &IP ); mbedtls_mpi_free( &IQ ); + mbedtls_mpi_free( &CP ); mbedtls_mpi_free( &CQ ); +#endif + if( ret != 0 ) return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret ); From b624b85b04e3b335ba6e03f1d06d7c5167bf7843 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 May 2017 09:00:08 +0100 Subject: [PATCH 013/504] Adapt ChangeLog --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 08edd7796..b6ab9665a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix memory leak in RSA self test. + +Security + * Add option for mandatory use of blinding in RSA private key operations. + * Add options for verification of RSA private key operations to defend + against Bellcore glitch attack. + = mbed TLS 2.x.x branch released xxxx-xx-xx Security From 177d3cf7bbc60e3576387fcc7563a465c7fb086e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Jun 2017 15:52:48 +0100 Subject: [PATCH 014/504] Rename and document new configuration option for packing AES tables This commit renames the new AES table packing option introduced in the previous MBEDTLS_AES_PACK_TABLES and documents its use and memory vs. speed tradeoff. It also enhances the documentation of the other AES-related option MBEDTLS_AES_ROM_TABLES. --- include/mbedtls/config.h | 33 +++++++++++++++++++++++++++------ library/aes.c | 30 +++++++++++++++--------------- library/version_features.c | 6 +++--- 3 files changed, 45 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 44def95b8..37a9d079a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -381,20 +381,41 @@ /** * \def MBEDTLS_AES_ROM_TABLES * - * Store the AES tables in ROM. + * Use precomputed AES tables stored in ROM. + * + * Uncomment this macro to use precomputed AES tables stored in ROM. + * Comment this macro to generate AES tables in RAM at runtime. + * + * Tradeoff: Using precomputed ROM tables reduces the time to setup + * an AES context but comes at the cost of additional 8192b ROM use + * (resp. 2048b if \c MBEDTLS_AES_FEWER_TABLES below is used). + * + * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * - * Uncomment this macro to store the AES tables in ROM. */ //#define MBEDTLS_AES_ROM_TABLES /** - * \def MBEDTLS_AES_SMALL_TABLES + * \def MBEDTLS_AES_FEWER_TABLES * - * Use less ROM/RAM for the AES implementation (saves about 6144 bytes). + * Use less ROM/RAM for AES tables. + * + * Uncommenting this macro omits 75% of the AES tables from + * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) + * by computing their values on the fly during operations + * (the tables are entry-wise rotations of one another). + * + * Tradeoff: Uncommenting this reduces the RAM / ROM footprint + * by 6144b but at the cost of more arithmetic operations during + * runtime. Specifically, one has to compare 4 accesses within + * different tables to 4 accesses with additional arithmetic + * operations within the same table. The performance gain/loss + * depends on the system and memory details. + * + * This option is independent of \c MBEDTLS_AES_ROM_TABLES. * - * Uncomment this macro to use less memory for AES. */ -//#define MBEDTLS_AES_SMALL_TABLES +//#define MBEDTLS_AES_FEWER_TABLES /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY diff --git a/library/aes.c b/library/aes.c index aabacf9f8..de43306a2 100644 --- a/library/aes.c +++ b/library/aes.c @@ -201,7 +201,7 @@ static const unsigned char FSb[256] = static const uint32_t FT0[256] = { FT }; #undef V -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t FT1[256] = { FT }; @@ -215,7 +215,7 @@ static const uint32_t FT2[256] = { FT }; static const uint32_t FT3[256] = { FT }; #undef V -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ #undef FT @@ -332,7 +332,7 @@ static const unsigned char RSb[256] = static const uint32_t RT0[256] = { RT }; #undef V -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t RT1[256] = { RT }; @@ -346,7 +346,7 @@ static const uint32_t RT2[256] = { RT }; static const uint32_t RT3[256] = { RT }; #undef V -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ #undef RT @@ -367,22 +367,22 @@ static const uint32_t RCON[10] = */ static unsigned char FSb[256]; static uint32_t FT0[256]; -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES static uint32_t FT1[256]; static uint32_t FT2[256]; static uint32_t FT3[256]; -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ /* * Reverse S-box & tables */ static unsigned char RSb[256]; static uint32_t RT0[256]; -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ /* * Round constants @@ -457,11 +457,11 @@ static void aes_gen_tables( void ) ( (uint32_t) x << 16 ) ^ ( (uint32_t) z << 24 ); -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES FT1[i] = ROTL8( FT0[i] ); FT2[i] = ROTL8( FT1[i] ); FT3[i] = ROTL8( FT2[i] ); -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ x = RSb[i]; @@ -470,11 +470,11 @@ static void aes_gen_tables( void ) ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ ( (uint32_t) MUL( 0x0B, x ) << 24 ); -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES RT1[i] = ROTL8( RT0[i] ); RT2[i] = ROTL8( RT1[i] ); RT3[i] = ROTL8( RT2[i] ); -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ } } @@ -482,7 +482,7 @@ static void aes_gen_tables( void ) #endif /* MBEDTLS_AES_ROM_TABLES */ -#ifdef MBEDTLS_AES_SMALL_TABLES +#ifdef MBEDTLS_AES_FEWER_TABLES #define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) #define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) ) @@ -498,7 +498,7 @@ static void aes_gen_tables( void ) #define AES_FT2(idx) ROTL16( FT0[idx] ) #define AES_FT3(idx) ROTL24( FT0[idx] ) -#else /* MBEDTLS_AES_SMALL_TABLES */ +#else /* MBEDTLS_AES_FEWER_TABLES */ #define AES_RT0(idx) RT0[idx] #define AES_RT1(idx) RT1[idx] @@ -510,7 +510,7 @@ static void aes_gen_tables( void ) #define AES_FT2(idx) FT2[idx] #define AES_FT3(idx) FT3[idx] -#endif /* MBEDTLS_AES_SMALL_TABLES */ +#endif /* MBEDTLS_AES_FEWER_TABLES */ void mbedtls_aes_init( mbedtls_aes_context *ctx ) { diff --git a/library/version_features.c b/library/version_features.c index 2b651996c..549f40d46 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -198,9 +198,9 @@ static const char *features[] = { #if defined(MBEDTLS_AES_ROM_TABLES) "MBEDTLS_AES_ROM_TABLES", #endif /* MBEDTLS_AES_ROM_TABLES */ -#if defined(MBEDTLS_AES_SMALL_TABLES) - "MBEDTLS_AES_SMALL_TABLES", -#endif /* MBEDTLS_AES_SMALL_TABLES */ +#if defined(MBEDTLS_AES_FEWER_TABLES) + "MBEDTLS_AES_FEWER_TABLES", +#endif /* MBEDTLS_AES_FEWER_TABLES */ #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) "MBEDTLS_CAMELLIA_SMALL_MEMORY", #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ From 371f31c281fd986c33defafa4a99e08bd793728a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Jun 2017 15:56:54 +0100 Subject: [PATCH 015/504] Adapt ChangeLog --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1b6a3542d..1d0a90d65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,11 @@ Bugfix * In SSLv3, if refusing a renegotiation attempt, don't process any further data. +Features + * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables + during runtime, thereby reducing the RAM/ROM footprint by 6144 bytes. Suggested + and contributed by jkivilin in #394. + Changes * Send fatal alerts in many more cases instead of dropping the connection. From 9f4e670b14b41ac2978469852acae943f8a2b19c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 12 Jun 2017 10:23:19 +0100 Subject: [PATCH 016/504] Correct documentation for RSA_FORCE_BLINDING option --- include/mbedtls/config.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1ce92c5a1..d54f0c382 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -987,9 +987,12 @@ * of Diffie-Hellman, RSA, DSS, and Other Systems] * * \note Disabling this does not mean that blinding - * will never be used, but instead makes private - * key operations fail if, perhaps unintentionally, - * the user failed to call them with a PRNG. + * will never be used: if a PRNG is provided, + * blinding will be in place. Instead, disabling this + * option may result in private key operations being + * performed in a way potentially leaking sensitive + * information through side-channels when no PRNG + * is supplied by the user. * * \note For more on the use of blinding in RSA * private key operations, see the documentation From ad049a973c4b55eb4284d6b71f7dbcce01fbfa4d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 19 Jun 2017 16:31:54 +0100 Subject: [PATCH 017/504] Replace #if(n)def by #if (!)defined --- library/aes.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/aes.c b/library/aes.c index de43306a2..6ed0956bf 100644 --- a/library/aes.c +++ b/library/aes.c @@ -201,7 +201,7 @@ static const unsigned char FSb[256] = static const uint32_t FT0[256] = { FT }; #undef V -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t FT1[256] = { FT }; @@ -332,7 +332,7 @@ static const unsigned char RSb[256] = static const uint32_t RT0[256] = { RT }; #undef V -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t RT1[256] = { RT }; @@ -367,7 +367,7 @@ static const uint32_t RCON[10] = */ static unsigned char FSb[256]; static uint32_t FT0[256]; -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t FT1[256]; static uint32_t FT2[256]; static uint32_t FT3[256]; @@ -378,7 +378,7 @@ static uint32_t FT3[256]; */ static unsigned char RSb[256]; static uint32_t RT0[256]; -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; @@ -457,7 +457,7 @@ static void aes_gen_tables( void ) ( (uint32_t) x << 16 ) ^ ( (uint32_t) z << 24 ); -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) FT1[i] = ROTL8( FT0[i] ); FT2[i] = ROTL8( FT1[i] ); FT3[i] = ROTL8( FT2[i] ); @@ -470,7 +470,7 @@ static void aes_gen_tables( void ) ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ ( (uint32_t) MUL( 0x0B, x ) << 24 ); -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) RT1[i] = ROTL8( RT0[i] ); RT2[i] = ROTL8( RT1[i] ); RT3[i] = ROTL8( RT2[i] ); @@ -482,7 +482,7 @@ static void aes_gen_tables( void ) #endif /* MBEDTLS_AES_ROM_TABLES */ -#ifdef MBEDTLS_AES_FEWER_TABLES +#if defined(MBEDTLS_AES_FEWER_TABLES) #define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) #define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) ) From 08a5c187730c733485931ac2bb0c9ab245667378 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 19 Jun 2017 16:33:58 +0100 Subject: [PATCH 018/504] Be less specific about memory usage predictions --- ChangeLog | 2 +- include/mbedtls/config.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1d0a90d65..da5c64e97 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,7 +20,7 @@ Bugfix Features * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables - during runtime, thereby reducing the RAM/ROM footprint by 6144 bytes. Suggested + during runtime, thereby reducing the RAM/ROM footprint by ~6kb. Suggested and contributed by jkivilin in #394. Changes diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 37a9d079a..94e3efbc0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -387,8 +387,8 @@ * Comment this macro to generate AES tables in RAM at runtime. * * Tradeoff: Using precomputed ROM tables reduces the time to setup - * an AES context but comes at the cost of additional 8192b ROM use - * (resp. 2048b if \c MBEDTLS_AES_FEWER_TABLES below is used). + * an AES context but comes at the cost of additional ~8kb ROM use + * (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used). * * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * @@ -406,7 +406,7 @@ * (the tables are entry-wise rotations of one another). * * Tradeoff: Uncommenting this reduces the RAM / ROM footprint - * by 6144b but at the cost of more arithmetic operations during + * by ~6kb but at the cost of more arithmetic operations during * runtime. Specifically, one has to compare 4 accesses within * different tables to 4 accesses with additional arithmetic * operations within the same table. The performance gain/loss From 83ebf78404e49324ce3802c2e4f3184386f1920f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Jul 2017 12:29:15 +0100 Subject: [PATCH 019/504] Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh --- tests/scripts/all.sh | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2c..49b1653bd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -428,6 +428,40 @@ make msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" make test +msg "build: default config with AES_FEWER_TABLES enabled" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_AES_FEWER_TABLES +CC=gcc CFLAGS='-Werror -Wall -Wextra' make + +msg "test: AES_FEWER_TABLES" +make test + +msg "build: default config with AES_ROM_TABLES enabled" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_AES_ROM_TABLES +CC=gcc CFLAGS='-Werror -Wall -Wextra' make + +msg "test: AES_ROM_TABLES" +make test + +msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_AES_FEWER_TABLES +scripts/config.pl set MBEDTLS_AES_ROM_TABLES +CC=gcc CFLAGS='-Werror -Wall -Wextra' make + +msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" +make test + +if uname -a | grep -F Linux >/dev/null; then +msg "build/test: make shared" # ~ 40s +cleanup +make SHARED=1 all check +fi + if uname -a | grep -F Linux >/dev/null; then msg "build/test: make shared" # ~ 40s cleanup @@ -572,4 +606,3 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup - From e507c82084a31a674d70e3b2337cf65e54b55c2c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 14:04:40 +0100 Subject: [PATCH 020/504] Fix typo and bracketing in macro args --- library/net_sockets.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a..31c42db05 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -63,8 +63,8 @@ #endif #endif /* _MSC_VER */ -#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0) -#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0) +#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) +#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) #define close(fd) closesocket(fd) static int wsa_init_done = 0; @@ -85,7 +85,7 @@ static int wsa_init_done = 0; #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* Some MS functions want int and MSVC warns if we pass size_t, - * but the standard fucntions use socklen_t, so cast only for MSVC */ + * but the standard functions use socklen_t, so cast only for MSVC */ #if defined(_MSC_VER) #define MSVC_INT_CAST (int) #else From 49c80f72dfec725e598c52680b382a7175d89716 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 021/504] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- include/mbedtls/rsa.h | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdc..7d7469d50 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -329,9 +329,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -355,9 +361,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -383,9 +395,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From 78b1473ff37b4577359ae78063f4e5e91ff22c37 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 022/504] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 7 ++++++- include/mbedtls/threading.h | 3 --- library/ecp.c | 20 -------------------- library/threading.c | 9 --------- 4 files changed, 6 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index 66883d4bb..da9ee0b1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.y.z released YYYY-MM-DD += mbed TLS 2.x.x released xxxx-xx-xx Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, @@ -18,6 +18,11 @@ API changes verification of the peer's certificate failed due to an overlong chain or a fatal error in the vrfy callback. +Changes + * Removed mutexes from ECP hardware accelerator code. Now all hardware + accelerator code in the library leaves concurrency handling to the + platform. Reported by Steven Cooreman. #863 + = mbed TLS 2.5.1 released 2017-06-21 Security diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a89fd6496..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,9 +97,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex; -#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/ecp.c b/library/ecp.c index 56f22c272..1cfd4b10f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1690,11 +1690,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return( ret ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1719,11 +1714,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ return( ret ); } @@ -1831,11 +1821,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1853,11 +1838,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); diff --git a/library/threading.c b/library/threading.c index 55091e8db..07586756f 100644 --- a/library/threading.c +++ b/library/threading.c @@ -113,9 +113,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_init( &mbedtls_threading_ecp_mutex ); -#endif } /* @@ -125,9 +122,6 @@ void mbedtls_threading_free_alt( void ) { mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_free( &mbedtls_threading_ecp_mutex ); -#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -139,8 +133,5 @@ void mbedtls_threading_free_alt( void ) #endif mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT; -#endif #endif /* MBEDTLS_THREADING_C */ From 7501f052bad4408a828977ddc433fa4f723f7384 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 13:05:44 +0100 Subject: [PATCH 023/504] Enable MBEDTLS_AES_ROM_TABLES in config-no-entropy Enable the MBEDTLS_AES_ROM_TABLES option in the configs/config-no-entropy.h to place AES lookup tables in ROM. This saves considerable RAM space, a resource that is very limited in small devices that use this configuration. --- configs/config-no-entropy.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 95f17d456..73758602a 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -80,6 +80,9 @@ #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C +/* Miscellaneous options */ +#define MBEDTLS_AES_ROM_TABLES + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ From d0e15d7ebed944661f51c1b211fc58cdb6c81fd9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 12:57:44 +0100 Subject: [PATCH 024/504] Add ChangeLog entry for config-no-entropy.h change --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index da9ee0b1d..c349a66e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 + * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file + config-no-entropy.h to reduce the RAM footprint. = mbed TLS 2.5.1 released 2017-06-21 From 53c2e47a1b111038c06b67be53b0573969392e34 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Jun 2017 15:23:23 +0300 Subject: [PATCH 025/504] Minor: Fix typos in program comments Fix a couple of typos and writer's mistakes, in some reference program applications --- programs/pkey/ecdh_curve25519.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index aa15c4687..e7ead9a93 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -204,7 +204,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Verification: are the computed secret equal? + * Verification: are the computed secrets equal? */ mbedtls_printf( " . Checking if both computed secrets are equal..." ); fflush( stdout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e6366cec..a25886824 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2168,7 +2168,7 @@ handshake: #if defined(MBEDTLS_X509_CRT_PARSE_C) /* - * 5. Verify the server certificate + * 5. Verify the client certificate */ mbedtls_printf( " . Verifying peer X.509 certificate..." ); From e2efaeaafce11b05f62d941835fd8f4b49944da1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 026/504] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 ++- library/gcm.c | 6 ++- tests/suites/test_suite_gcm.aes128_de.data | 4 ++ tests/suites/test_suite_gcm.aes128_en.data | 4 ++ tests/suites/test_suite_gcm.aes192_de.data | 4 ++ tests/suites/test_suite_gcm.aes192_en.data | 4 ++ tests/suites/test_suite_gcm.aes256_de.data | 4 ++ tests/suites/test_suite_gcm.aes256_en.data | 4 ++ tests/suites/test_suite_gcm.function | 43 ++++++++++++++++++++++ 9 files changed, 76 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c349a66e8..9034b42c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/gcm.c b/library/gcm.c index f1210c52c..fccb092bd 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -277,8 +277,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t use_len, olen = 0; /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ - if( ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) + /* IV is not allowed to be zero length */ + if( iv_len == 0 || + ( (uint64_t) iv_len ) >> 61 != 0 || + ( (uint64_t) add_len ) >> 61 != 0 ) { return( MBEDTLS_ERR_GCM_BAD_INPUT ); } diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index 6eaa711b9..2a2e32f0d 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index d8bee9d56..9453ffa70 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data index 841c6fa36..9e7bad00f 100644 --- a/tests/suites/test_suite_gcm.aes192_de.data +++ b/tests/suites/test_suite_gcm.aes192_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data index 18e56e79c..5ea110186 100644 --- a/tests/suites/test_suite_gcm.aes192_en.data +++ b/tests/suites/test_suite_gcm.aes192_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data index 0fe848978..9696a62be 100644 --- a/tests/suites/test_suite_gcm.aes256_de.data +++ b/tests/suites/test_suite_gcm.aes256_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data index 23d1689cc..0ff716d5d 100644 --- a/tests/suites/test_suite_gcm.aes256_en.data +++ b/tests/suites/test_suite_gcm.aes256_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 56c7e1899..308e14bb4 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -7,6 +7,49 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void gcm_bad_parameters( int cipher_id, int direction, + char *hex_key_string, char *hex_src_string, + char *hex_iv_string, char *hex_add_string, + int tag_len_bits, int gcm_result ) +{ + unsigned char key_str[128]; + unsigned char src_str[128]; + unsigned char dst_str[257]; + unsigned char iv_str[128]; + unsigned char add_str[128]; + unsigned char tag_str[128]; + unsigned char output[128]; + unsigned char tag_output[16]; + mbedtls_gcm_context ctx; + unsigned int key_len; + size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; + + mbedtls_gcm_init( &ctx ); + + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( add_str, 0x00, sizeof( add_str ) ); + memset( tag_str, 0x00, sizeof( tag_str ) ); + memset( output, 0x00, sizeof( output ) ); + memset( tag_output, 0x00, sizeof( tag_output ) ); + + key_len = unhexify( key_str, hex_key_string ); + pt_len = unhexify( src_str, hex_src_string ); + iv_len = unhexify( iv_str, hex_iv_string ); + add_len = unhexify( add_str, hex_add_string ); + + TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len, + add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result ); + +exit: + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, char *hex_key_string, char *hex_src_string, From 6314068d42c9dca7145a2eb44012742f09a68aab Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 027/504] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ library/x509_crt.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9034b42c7..7a72030fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_crt.c b/library/x509_crt.c index 3b8614125..d7b857e58 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1171,13 +1171,13 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( dir == NULL ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) { closedir( dir ); return( ret ); } -#endif +#endif /* MBEDTLS_THREADING_C */ while( ( entry = readdir( dir ) ) != NULL ) { @@ -1210,10 +1210,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) cleanup: closedir( dir ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; -#endif +#endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ From 36d904218bbec471dff85e7d337fae63be68940d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 028/504] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7a72030fa..c81c259e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_crt.c b/library/x509_crt.c index d7b857e58..5ec855192 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1146,7 +1146,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + { + ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } w_ret = mbedtls_x509_crt_parse_file( chain, filename ); if( w_ret < 0 ) @@ -1159,6 +1162,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( GetLastError() != ERROR_NO_MORE_FILES ) ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; +cleanup: FindClose( hFind ); #else /* _WIN32 */ int t_ret; From ca6ff5884d362ef2e5410f6cf1a405f583241aff Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 029/504] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ library/dhm.c | 6 +++--- library/ecp.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c81c259e3..96f4b31f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/dhm.c b/library/dhm.c index a4715d170..bec52a11d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -165,7 +165,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -251,7 +251,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -324,7 +324,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, count = 0; do { - mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); diff --git a/library/ecp.c b/library/ecp.c index 1cfd4b10f..5ad686398 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1128,7 +1128,7 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); @@ -1527,7 +1527,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); From ff1b846b67641d0e0373a6285bf5a016603dd446 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Jun 2017 14:31:29 +0100 Subject: [PATCH 030/504] Undo API change The previous commit b3e6872c9381ed4ce020d631dda1e0126c42b64f changed to public functions from ssl_ciphersuite.h to static inline. This commit reverts this change. --- include/mbedtls/ssl_ciphersuites.h | 36 ++---------------------------- library/ssl_ciphersuites.c | 36 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 931c1b3c3..9101d9cc7 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -359,23 +359,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciph mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -static inline int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) @@ -429,23 +414,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) { switch( info->key_exchange ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index c1a92d67d..95e6163cc 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1834,6 +1834,42 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers return( MBEDTLS_PK_NONE ); } } + #endif /* MBEDTLS_PK_C */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_PSK: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ From 59df56e9b6c0c7c24a829cd068d38264953388ab Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 11:25:37 +0100 Subject: [PATCH 031/504] Undo API change from SHA1 deprecation The previous commit bd5ceee484f201b90a384636ba12de86bd330cba removed the definition of the global constants - mbedtls_test_ca_crt_rsa_len, - mbedtls_test_cli_crt_rsa_len, - mbedtls_test_ca_crt_rsa, and - mbedtls_test_cli_crt_rsa. This commit restores these to maintain ABI compatibility. Further, it was noticed that without SHA256_C being enabled the previous code failed to compile because because the SHA1 resp. SHA256 certificates were only defined when the respective SHAXXX_C options were set, but the emission of the global variable mbedtls_test_ca_crt was unconditionally defined through the SHA256 certificate. Previously, the RSA SHA1 certificate was unconditionally defined and used for that. As a remedy, this commit makes sure some RSA certificate is defined and exported through the following rule: 1. If SHA256_C is active, define an RSA SHA256 certificate and export it as mbedtls_test_ca_crt. Also, define SHA1 certificates only if SHA1_C is set. 2. If SHA256_C is not set, always define SHA1 certificate and export it as mbedtls_test_ca_crt. --- library/certs.c | 75 +++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/library/certs.c b/library/certs.c index 5c0199891..f1379b8cb 100644 --- a/library/certs.c +++ b/library/certs.c @@ -116,31 +116,6 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec ); #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA1_C) -#define TEST_CA_CRT_RSA_SHA1 \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ -"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ -"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ -"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ -"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ -"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ -"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ -"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ -"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ -"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ -"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ -"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ -"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ -"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ -"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ -"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ -"-----END CERTIFICATE-----\r\n" -static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -#endif #if defined(MBEDTLS_SHA256_C) #define TEST_CA_CRT_RSA_SHA256 \ @@ -165,7 +140,46 @@ static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; "ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \ "n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \ "-----END CERTIFICATE-----\r\n" + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#define TEST_CA_CRT_RSA_SOME + static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; + +#endif + +#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C) +#define TEST_CA_CRT_RSA_SHA1 \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ +"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ +"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ +"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ +"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ +"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ +"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ +"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ +"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ +"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ +"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ +"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ +"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ +"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ +"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ +"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ +"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ +"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +#if !defined (TEST_CA_CRT_RSA_SOME) +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#endif + +static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; + #endif const char mbedtls_test_ca_key_rsa[] = @@ -257,7 +271,7 @@ const char mbedtls_test_srv_key_rsa[] = "-----END RSA PRIVATE KEY-----\r\n"; const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); -static const char mbedtls_test_cli_crt_rsa_sha256[] = +const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" @@ -279,6 +293,7 @@ static const char mbedtls_test_cli_crt_rsa_sha256[] = "ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n" "c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n" "-----END CERTIFICATE-----\r\n"; +const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); const char mbedtls_test_cli_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" @@ -354,19 +369,19 @@ const size_t mbedtls_test_cas_len[] = { }; #if defined(MBEDTLS_RSA_C) -const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256; +const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */ const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa; const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa; const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa; const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa; -const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256; +const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa; const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa; -const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa ); const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa ); const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1; const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa ); const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa ); -const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 ); +const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa ); const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa ); #else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */ const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec; From a5723f454acaa6cb29871c8c9d7e8f52aec3b001 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:19 +0100 Subject: [PATCH 032/504] Clarify documentation for alternative AES implementations The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been superseded by mbedtls_aes_internal_decrypt and mbedtls_aes_internal_encrypt, respectively. Alternative implementations should now only replace the latter, and leave the maintenance wrapper definitions of the former untouched. This commit clarifies this in the documentation of the respective configuration options MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 12 +++++++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc81..6044a51aa 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,9 +287,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) + * \brief Old AES block encryption function without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -306,9 +304,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( } /** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) + * \brief Old AES block decryption function without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..2a2209a35 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -273,9 +273,15 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * have to stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. * * Uncomment a macro to enable alternate implementation of the corresponding * function. From 09b30789e5f1b8185b25097bdf677a2f8925beb1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:56 +0100 Subject: [PATCH 033/504] Export mbedtls_aes_(en/de)crypt to retain for API compatibility The commit f5bf7189d303e602992c750c09e429e23c7b2abf made the AES functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing the library's API. This commit reverts this. --- include/mbedtls/aes.h | 20 ++++++-------------- library/aes.c | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 6044a51aa..4a546acc9 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -295,13 +295,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); /** * \brief Old AES block decryption function without return value. @@ -312,13 +308,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( * \param input Ciphertext block * \param output Output (plaintext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b..58603849c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,6 +765,13 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_encrypt( ctx, input, output ); +} + /* * AES-ECB block decryption */ @@ -824,6 +831,13 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_decrypt( ctx, input, output ); +} + /* * AES-ECB block encryption/decryption */ From 2de930fdec745c831bf770d27770afd64bb8e177 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Jul 2017 09:50:59 +0100 Subject: [PATCH 034/504] Make minor changes to documentation --- include/mbedtls/aes.h | 6 ++++-- include/mbedtls/config.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4a546acc9..1829f7240 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,7 +287,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Old AES block encryption function without return value. + * \brief Deprecated internal AES block encryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -300,7 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ); /** - * \brief Old AES block decryption function without return value. + * \brief Deprecated internal AES block decryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a2209a35..b10d87375 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -277,7 +277,7 @@ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * have to stay untouched. + * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES From ab6704317824848a6e12024da8d025698c947c08 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 20 Jul 2017 12:33:41 +0200 Subject: [PATCH 035/504] Update Changelog for API/ABI fixes to revert interface --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 96f4b31f0..e7b596fab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the + API consistent with mbed TLS 2.5.0. Specifically removed the inline + qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 From d9e7ada52aa79670eaad35894b31dd424c94b699 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:03:23 +0100 Subject: [PATCH 036/504] Add library setup and teardown APIs Add the following two functions to allow platform setup and teardown operations for the full library to be hooked in: * mbedtls_platform_setup() * mbedtls_platform_teardown() An mbedtls_platform_context C structure is also added and two internal functions that are called by the corresponding setup and teardown functions above: * mbedtls_internal_platform_setup() * mbedtls_internal_plartform_teardown() Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow mbedtls_platform_context and internal function to be overriden by the user as needed for a platform. --- include/mbedtls/config.h | 1 + include/mbedtls/platform.h | 45 ++++++++++++++++++++++++++++++++++++++ library/platform.c | 30 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b10d87375..ffeeb34af 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,6 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_SETUP_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index b1b019e55..a9ff7e421 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,6 +288,51 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +typedef struct mbedtls_platform_context mbedtls_platform_context; +#else +#include "platform_alt.h" +#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ + +/** + * \brief Perform any platform initialisation operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be called before any other library function + */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Perform any platform teardown operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be after every other mbed TLS module has been + * correctly freed using the appropriate free function. + */ +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); + +/** + * \brief Internal function to perform any platform initialisation operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + * + * \return 0 if successful + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Internal function to perform any platform teardown operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 8b336c38e..2ac67cbe9 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,4 +304,34 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) +{ + return( mbedtls_internal_platform_setup( ctx ) ); +} + +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) +{ + mbedtls_internal_platform_teardown( ctx ); +} + +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +/* + * Placeholder internal platform setup that does nothing by default + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +{ + (void)ctx; + + return( 0 ); +} + +/* + * Placeholder internal platform teardown that does nothing by default + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +{ + (void)ctx; +} +#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ + #endif /* MBEDTLS_PLATFORM_C */ From 2187e03817b8b8f902eb14d50f6dfe9aa940ac08 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:19:13 +0100 Subject: [PATCH 037/504] Add ChangeLog entry for platform setup and teardown --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index e7b596fab..18273fb82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() + to perform platform-specific setup and teardown operations. Furthermore, + the internal functions mbedtls_internal_platform_setup() and + mbedtls_internal_platform_teardown() to allow platform-specific hooks to + be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT + allows the internal functions to be overridden. This new APIs are + specially useful in some embedded environments that have hardware + acceleration support. + API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline From d24f5feb59369a90e5c8e78f45951e679a3c442d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:25:17 +0100 Subject: [PATCH 038/504] Remove internal functions from setup API --- include/mbedtls/platform.h | 21 ++++----------------- library/platform.c | 18 ++++-------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a9ff7e421..29b80cd3e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,6 +289,10 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +struct mbedtls_platform_context { + char dummy; /**< Placeholder member as empty structs are not portable */ +}; + typedef struct mbedtls_platform_context mbedtls_platform_context; #else #include "platform_alt.h" @@ -316,23 +320,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform initialisation operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - * - * \return 0 if successful - */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform teardown operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 2ac67cbe9..f739f2f0f 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,21 +304,11 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) -{ - return( mbedtls_internal_platform_setup( ctx ) ); -} - -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) -{ - mbedtls_internal_platform_teardown( ctx ); -} - #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) /* - * Placeholder internal platform setup that does nothing by default + * Placeholder platform setup that does nothing by default */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) { (void)ctx; @@ -326,9 +316,9 @@ int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) } /* - * Placeholder internal platform teardown that does nothing by default + * Placeholder platform teardown that does nothing by default */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } From 24f36416171b6f594f3545c1f3bf15dff4621384 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:27:05 +0100 Subject: [PATCH 039/504] Modify ChangeLog according to API changes --- ChangeLog | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 18273fb82..5b8f5e887 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,11 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - to perform platform-specific setup and teardown operations. Furthermore, - the internal functions mbedtls_internal_platform_setup() and - mbedtls_internal_platform_teardown() to allow platform-specific hooks to - be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT - allows the internal functions to be overridden. This new APIs are - specially useful in some embedded environments that have hardware - acceleration support. + and the context struct mbedtls_platform_context to perform + platform-specific setup and teardown operations. The macro + MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the + user in a platform_alt.h file. This new APIs are specially useful in some + embedded environments that have hardware acceleration support. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the From 3d3aadc736920ea976edd3d11a2f601a4261c90b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:32:40 +0100 Subject: [PATCH 040/504] Improve documentation for mbedtls_platform_context --- include/mbedtls/platform.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 29b80cd3e..88a0bdf33 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,11 +289,18 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) -struct mbedtls_platform_context { - char dummy; /**< Placeholder member as empty structs are not portable */ -}; -typedef struct mbedtls_platform_context mbedtls_platform_context; +/** + * \brief Platform context structure + * + * \note This structure may be used to assist platform-specific + * setup/teardown operations. + */ +typedef struct { + char dummy; /**< Placeholder member as empty structs are not portable */ +} +mbedtls_platform_context; + #else #include "platform_alt.h" #endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ From 59c202618e02391a602002026e32e9a2152551ee Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:23:04 +0100 Subject: [PATCH 041/504] Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive as this macro enables/disables both functions. --- include/mbedtls/config.h | 2 +- include/mbedtls/platform.h | 4 ++-- library/platform.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ffeeb34af..de9993848 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,7 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 88a0bdf33..712bbe937 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,7 +288,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /** * \brief Platform context structure @@ -303,7 +303,7 @@ mbedtls_platform_context; #else #include "platform_alt.h" -#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** * \brief Perform any platform initialisation operations diff --git a/library/platform.c b/library/platform.c index f739f2f0f..af3b2f15e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,7 +304,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /* * Placeholder platform setup that does nothing by default */ @@ -322,6 +322,6 @@ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } -#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #endif /* MBEDTLS_PLATFORM_C */ From 5478bc79ae49a4a4801b5cde95d9942d0bf839d4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:24:26 +0100 Subject: [PATCH 042/504] Fix typo in ChangeLog and update macro name --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b8f5e887..ed00182bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,8 @@ Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the - user in a platform_alt.h file. This new APIs are specially useful in some + MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden + by the user in a platform_alt.h file. This new APIs are required in some embedded environments that have hardware acceleration support. API Changes From 8c14b2e24be49e91cf780bd6749391c6174a40d3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 043/504] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ed00182bc..d8d02c263 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 70505ac981625214bcd126a36d2009dfa4f74bd7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 044/504] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d8d02c263..75cd44bd7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 4aa02719c0bd0da10df731c017fa12117c02b623 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 045/504] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 75cd44bd7..4937cbb84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 23a99c46fd35bfd6a6bc24c518d9b74d79555262 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 046/504] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4937cbb84..963def14c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 410b74205fa4df583ae2f30692caa9a76bffa56b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 047/504] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 963def14c..f157caf84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 11757be5e1399e7ed451e139dd656ec94e1e405d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 01:48:17 +0200 Subject: [PATCH 048/504] Correct order of sections in the ChangeLog --- ChangeLog | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f157caf84..ed00182bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,18 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From 0a1f94775cca25e0429a4fe7a651b1c75b8a2bf5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 02:08:00 +0200 Subject: [PATCH 049/504] Add additional comments to platform setup/teardown functions --- include/mbedtls/platform.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 712bbe937..25b5d2129 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -312,7 +312,13 @@ mbedtls_platform_context; * * \return 0 if successful * - * \note This function should be called before any other library function + * \note This function is intended to allow platform specific initialisation, + * and should be called before any other library functions. Its + * implementation is platform specific, and by default, unless platform + * specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** @@ -322,8 +328,13 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \return 0 if successful * - * \note This function should be after every other mbed TLS module has been - * correctly freed using the appropriate free function. + * \note This function should be called after every other mbed TLS module has + * been correctly freed using the appropriate free function. + * Its implementation is platform specific, and by default, unless + * platform specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From 9469919447456ac6bbc08eaa0b881eb9ea882297 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 23:48:55 +0100 Subject: [PATCH 050/504] Fix platform setup/teardown feature and comments Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it as a feature in 'version_features.c'. --- include/mbedtls/platform.h | 2 -- library/version_features.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 25b5d2129..35010f885 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -326,8 +326,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \param ctx mbed TLS context * - * \return 0 if successful - * * \note This function should be called after every other mbed TLS module has * been correctly freed using the appropriate free function. * Its implementation is platform specific, and by default, unless diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..bb172f298 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -69,6 +69,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) "MBEDTLS_PLATFORM_NV_SEED_ALT", #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ From b820bf8e452fe8ce5568e639a593651233114c56 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:05:55 +0100 Subject: [PATCH 051/504] Enable 64-bit compilation with ARM Compiler 6 This patch fixes the conditional preprocessor directives in include/mbedtls/bignum.h to enable 64-bit compilation with ARM Compiler 6. --- ChangeLog | 2 ++ include/mbedtls/bignum.h | 68 ++++++++++++++++++++++++---------------- 2 files changed, 43 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed00182bc..6f902fadb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix conditional preprocessor directives in bignum.h to enable 64-bit + compilation when using ARM Compiler 6. Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 1a5b4b675..ac89069dc 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -106,33 +106,47 @@ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM */ -#if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(_MSC_VER) && defined(_M_AMD64) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; -#else - #if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - (defined(__sparc__) && defined(__arch64__)) || \ - defined(__s390x__) || defined(__mips64) ) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #else - #define MBEDTLS_HAVE_INT32 - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */ -#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */ +#if !defined(MBEDTLS_HAVE_INT32) + #if defined(_MSC_VER) && defined(_M_AMD64) + /* Always choose 64-bit when using MSC */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #elif defined(__GNUC__) && ( \ + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + ( defined(__sparc__) && defined(__arch64__) ) || \ + defined(__s390x__) || defined(__mips64) ) + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #elif defined(__ARMCC_VERSION) && defined(__aarch64__) + /* __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif +#endif /* !MBEDTLS_HAVE_INT32 */ + +#if !defined(MBEDTLS_HAVE_INT64) + /* Default to 32-bit compilation */ + #if !defined(MBEDTLS_HAVE_INT32) + #define MBEDTLS_HAVE_INT32 + #endif /* !MBEDTLS_HAVE_INT32 */ + typedef int32_t mbedtls_mpi_sint; + typedef uint32_t mbedtls_mpi_uint; + typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus extern "C" { From 84e6ce899fb939700c4a5fed17846fd8a07c00b8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:35:51 +0100 Subject: [PATCH 052/504] Add all.sh test to force 32-bit compilation --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2c..743735e39 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -438,6 +438,17 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + +msg "build: gcc, force 32-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + +msg "test: gcc, force 32-bit compilation" +make test fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From 6316ceb4b5ade8a38ec2724b62c2cc8d4840778a Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 11:49:32 +0100 Subject: [PATCH 053/504] Allow forcing 64-bit integer type Allow forcing 64-bit integer type for bignum operations. Also introduce the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length integer in unknown compilers. --- include/mbedtls/bignum.h | 61 ++++++++++++++++++++++++++-------- include/mbedtls/check_config.h | 10 ++++++ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ac89069dc..3b76c1cac 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -103,13 +103,28 @@ /* * Define the base integer type, architecture-wise. * - * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) - * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM + * 32 or 64-bit integer types can be forced regardless of the underlying + * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 + * respectively and undefining MBEDTLS_HAVE_ASM. + * + * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * disabled by defining MBEDTLS_NO_UDBL_DIVISION. + * + * The double length integer types can be configured by defining + * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the + * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL + * must be a complete statement of the form: + * typedef mbedtls_t_udbl + * for example: + * #define MBEDTLS_TYPE_UDBL \ + * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) /* Always choose 64-bit when using MSC */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; #elif defined(__GNUC__) && ( \ @@ -118,22 +133,39 @@ defined(__ia64__) || defined(__alpha__) || \ ( defined(__sparc__) && defined(__arch64__) ) || \ defined(__s390x__) || defined(__mips64) ) - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* __ARMCC_VERSION is defined for both armcc and armclang and + /* + * __ARMCC_VERSION is defined for both armcc and armclang and * __aarch64__ is only defined by armclang when compiling 64-bit code */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ + #elif defined(MBEDTLS_HAVE_INT64) + /* Force 64-bit integers with unknown compiler */ + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) + MBEDTLS_TYPE_UDBL; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -144,8 +176,9 @@ #endif /* !MBEDTLS_HAVE_INT32 */ typedef int32_t mbedtls_mpi_sint; typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + typedef uint64_t mbedtls_t_udbl; + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index dab1113d8..7261e7da9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -650,6 +650,16 @@ #error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) +#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" +#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ + +#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ + defined(MBEDTLS_HAVE_ASM +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" + "defined simultaneously" +#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From ed942f84e6e444a27d66880257b773018f3bcff5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Jun 2017 15:19:20 +0200 Subject: [PATCH 054/504] MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION Changed the option to disable the use of 64-bit division, to an option to disable the use of double-width division, whether that's 64 or 128-bit. --- ChangeLog | 7 +++++++ include/mbedtls/config.h | 25 +++++++++++++++++++++++++ tests/scripts/all.sh | 7 +++++++ 3 files changed, 39 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6f902fadb..96c83e097 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. +Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. + * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the + double-width integer type used in the bignum module when the compiler is + unknown. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index de9993848..a921f4787 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -55,6 +55,31 @@ */ #define MBEDTLS_HAVE_ASM +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. + */ +//#define MBEDTLS_NO_UDBL_DIVISION + /** * \def MBEDTLS_HAVE_SSE2 * diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 743735e39..630ddfb36 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -468,6 +468,13 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s +cleanup +scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +echo "Checking that software 64-bit division is not required" +! grep __aeabi_uldiv library/*.o + msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 04d6c3da3ffea597552d449e9008526504ee897c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2017 18:01:54 +0200 Subject: [PATCH 055/504] Checked names --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index bb172f298..5cbe8aca3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -36,6 +36,9 @@ static const char *features[] = { #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_NO_UDBL_DIVISION) + "MBEDTLS_NO_UDBL_DIVISION", +#endif /* MBEDTLS_NO_UDBL_DIVISION */ #if defined(MBEDTLS_HAVE_SSE2) "MBEDTLS_HAVE_SSE2", #endif /* MBEDTLS_HAVE_SSE2 */ From 99716caf5da922c3fedfd015788b71a5f3ce38c4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 12:11:19 +0100 Subject: [PATCH 056/504] Fix typo in check_config.h --- include/mbedtls/bignum.h | 4 ++-- include/mbedtls/check_config.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3b76c1cac..c8d94c920 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -107,10 +107,10 @@ * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 * respectively and undefining MBEDTLS_HAVE_ASM. * - * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. * - * The double length integer types can be configured by defining + * The double-width integer types can be configured by defining * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL * must be a complete statement of the form: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7261e7da9..e846b429a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -654,8 +654,8 @@ #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ -#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ - defined(MBEDTLS_HAVE_ASM +#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ + defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" "defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ From 75c0b2c19280eb6071bfc09a8c917a0bb049489e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:15 +0100 Subject: [PATCH 057/504] Fix check_config.h #error directive --- include/mbedtls/check_config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e846b429a..fa72454e5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -656,8 +656,7 @@ #if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" - "defined simultaneously" +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ /* From fe843a359bece3827d8dfb5af95b573506bb43df Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:34 +0100 Subject: [PATCH 058/504] Add tests for 64 and 32-bit int types compilation --- tests/scripts/all.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 630ddfb36..7466b5403 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,10 +447,31 @@ scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "test: gcc, force 32-bit compilation" +msg "build: gcc, force 64-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + +msg "test: gcc, force 64-bit compilation" make test + +msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make fi # x86_64 +msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 05931979a678273cd38a96d958efc9f6b5b12ef4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:27:35 +0100 Subject: [PATCH 059/504] Fix no 64-bit division test in all.sh --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7466b5403..1f5bad44b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -491,6 +491,18 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +scripts/config.pl full +scripts/config.pl unset MBEDTLS_NET_C +scripts/config.pl unset MBEDTLS_TIMING_C +scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY +# following things are not in the default config +scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c +scripts/config.pl unset MBEDTLS_THREADING_PTHREAD +scripts/config.pl unset MBEDTLS_THREADING_C +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib echo "Checking that software 64-bit division is not required" From 031622ffa248bf04f4e07087956b62083d106a3f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 17:33:09 +0100 Subject: [PATCH 060/504] Remove MBEDTLS_TYPE_UDBL option --- ChangeLog | 3 --- include/mbedtls/bignum.h | 14 +------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 96c83e097..e654c1ff0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,9 +19,6 @@ API Changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. - * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the - double-width integer type used in the bignum module when the compiler is - unknown. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index c8d94c920..456a80420 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -109,15 +109,6 @@ * * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. - * - * The double-width integer types can be configured by defining - * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the - * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL - * must be a complete statement of the form: - * typedef mbedtls_t_udbl - * for example: - * #define MBEDTLS_TYPE_UDBL \ - * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) @@ -162,10 +153,6 @@ /* Force 64-bit integers with unknown compiler */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) - MBEDTLS_TYPE_UDBL; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -178,6 +165,7 @@ typedef uint32_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ From 72df64a2bf6a70ca0b7cee8b75df72cacb128ab9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:50:25 +0100 Subject: [PATCH 061/504] Remove MBEDTLS_TYPE_UDBL tests from all.sh --- tests/scripts/all.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f5bad44b..65dc47175 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -458,20 +458,15 @@ CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make msg "test: gcc, force 64-bit compilation" make test -msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +msg "build: gcc, force 64-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 -msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make - msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 2801d00c6a96131795378fe4ea80ee2349bcaeb7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:56:22 +0100 Subject: [PATCH 062/504] Improve MBEDTLS_NO_UDBL_DIVISION description --- include/mbedtls/config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a921f4787..47c719640 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -76,7 +76,10 @@ * * Note that division for the native integer type is always required. * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. */ //#define MBEDTLS_NO_UDBL_DIVISION From b85291c364fe627229b834c26baad0b7568abf9e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 063/504] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e654c1ff0..741d1f4db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() @@ -16,10 +16,6 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. - Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 @@ -51,6 +47,8 @@ API changes a fatal error in the vrfy callback. Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From fb46c32ecbd4ce2ba14c666267e17384bac7ae64 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 064/504] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 741d1f4db..4f7a00500 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 9e0bb50e7b037c673d3ba2c436747ab05f49f479 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 065/504] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4f7a00500..148f4e730 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From c44b5a0068dca4d10501f1383120008889434a5f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 066/504] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 148f4e730..5a83ec705 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 84ccfe03283649155bcca179f82cddf8681abce5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 067/504] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5a83ec705..422d137de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From a85ae63de1aab871f82480c46f46301de4f5a2b4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 22 Jul 2017 11:49:55 +0200 Subject: [PATCH 068/504] Added missing credit to Changelog and format fixes --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 422d137de..d3d1e0bf2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 + Found by James Cowgill. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -60,7 +61,7 @@ API changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. + 64-bit division. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 940737f43b792e7a2468e224b0711fd3cce40683 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 23 Jul 2017 13:42:36 +0200 Subject: [PATCH 069/504] Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them. --- tests/scripts/all.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65dc47175..d9c5bbfa4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -486,6 +486,7 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -526,11 +527,20 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean +# ARM Compiler 6 - Target ARMv7-A armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + +# ARM Compiler 6 - Target ARMv7-M armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + +# ARM Compiler 6 - Target ARMv8-A - AArch32 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + +# ARM Compiler 6 - Target ARMv8-M armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -armc6_build_test "--target=aarch64-arm-none-eabi" + +# ARM Compiler 6 - Target ARMv8-A - AArch64 +armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" msg "build: allow SHA1 in certificates by default" cleanup From fe617367f850012ab9428e9880eed5ffdf45e519 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 21 Jun 2017 14:57:25 +0300 Subject: [PATCH 070/504] github templates Add templates for github, for templates to be used in new issues and new PRs --- .github/issue_template.md | 40 ++++++++++++++++++++++++++++++++ .github/pull_request_template.md | 39 +++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 .github/issue_template.md create mode 100644 .github/pull_request_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md new file mode 100644 index 000000000..3398f49e6 --- /dev/null +++ b/.github/issue_template.md @@ -0,0 +1,40 @@ +Note: This is just a template, so feel free to use/remove the unnecessary things + +### Description +- Type: Bug | Enhancement\Feature Request | Question +- Priority: Blocker | Major | Minor + +--------------------------------------------------------------- +## Bug + +**OS** +linux|windows|?? + +**mbed TLS build:** +Version: x.x.x or git commit id +Configuration: please attach config.h file +Compiler and options (if you used a pre-built binary, please indicate how you obtained it): +Additional environment information: + +**peer device TLS stack and version** +openSSL | GnuTls | other +version: + +**Expected behavior** + +**Actual behavior** + +**Steps to reproduce** + +---------------------------------------------------------------- +## Enhancement\Feature Request + +**Incentive for change** + +**Suggested enhancement** + +----------------------------------------------------------------- + +## Question + +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..dac8bde2a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,39 @@ +Notes: +* Pull requests will not be accepted until: +- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) + or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) +- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) +* This is just a template, so feel free to use/remove the unnecessary things +## Description +A few sentences describing the overall goals of the pull request's commits. + + +## Status +**READY/IN DEVELOPMENT/HOLD** + +## Requires Backporting +When there is a bug fix, it should be backported to legacy supported branches. +legacy supported branches will not be backported if: +- This PR is a new feature\enhancement +- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch + +Yes | NO +What branch? + +## Migrations +If there is any API change, what's the incentive and logic for it. + +YES | NO + +## Additional comments +Any additional information that could be of interest + +## Todos +- [ ] Tests +- [ ] Documentation +- [ ] Changelog updated +- [ ] Backported + + +## Steps to test or reproduce +Outline the steps to test or reproduce the PR here. \ No newline at end of file From d7f057f36826658edd40ac97673fc7331a734704 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 13:28:48 +0300 Subject: [PATCH 071/504] Update after Simon's comment Update the comment with Simon's comments --- .github/issue_template.md | 11 ++++++----- .github/pull_request_template.md | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 3398f49e6..772d98b33 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,16 +8,17 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -linux|windows|?? +mbed-OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id -Configuration: please attach config.h file +OS version: x.x.x +Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: **peer device TLS stack and version** -openSSL | GnuTls | other +openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other version: **Expected behavior** @@ -29,7 +30,7 @@ version: ---------------------------------------------------------------- ## Enhancement\Feature Request -**Incentive for change** +**Justification - why does the library need this feature?** **Suggested enhancement** @@ -37,4 +38,4 @@ version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index dac8bde2a..fa0c7e964 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ Notes: -* Pull requests will not be accepted until: +* Pull requests cannot be accepted until: - The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) - or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) + or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) - The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) * This is just a template, so feel free to use/remove the unnecessary things ## Description @@ -18,7 +18,7 @@ legacy supported branches will not be backported if: - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch Yes | NO -What branch? +Which branch? ## Migrations If there is any API change, what's the incentive and logic for it. @@ -36,4 +36,4 @@ Any additional information that could be of interest ## Steps to test or reproduce -Outline the steps to test or reproduce the PR here. \ No newline at end of file +Outline the steps to test or reproduce the PR here. From b9f00a7f14df374d2bba23e7c089a205c9b74f4e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 24 Jul 2017 14:19:02 +0200 Subject: [PATCH 072/504] Minor typo fixes in the github template files --- .github/issue_template.md | 6 +++--- .github/pull_request_template.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 772d98b33..33f68fba1 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -17,9 +17,9 @@ Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: -**peer device TLS stack and version** -openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other -version: +**Peer device TLS stack and version** +OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other +Version: **Expected behavior** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fa0c7e964..485b54195 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -12,8 +12,8 @@ A few sentences describing the overall goals of the pull request's commits. **READY/IN DEVELOPMENT/HOLD** ## Requires Backporting -When there is a bug fix, it should be backported to legacy supported branches. -legacy supported branches will not be backported if: +When there is a bug fix, it should be backported to all maintained and supported branches. +Changes do not have to be backported if: - This PR is a new feature\enhancement - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch From 2f43032f1a489204ea2c7f389aa574fbfea158c0 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 073/504] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 +++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++ tests/scripts/check-names.sh | 2 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 000000000..d0ed4a38f --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 000000000..6b2da10ed --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 191594ce0..4c66440e2 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -12,7 +12,7 @@ set -eu if grep --version|head -n1|grep GNU >/dev/null; then :; else - echo "This script requires GNU grep." + echo "This script requires GNU grep.">&2 exit 1 fi From c898a3baf0c8e23ec21de6443a0ea618e4e3b135 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 074/504] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f..f78df991d 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 98df169a4dd340665fbc721c6a6962b3a0f5b3e1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 075/504] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d..400d63ee5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 205672fc192a94faa580f514bd88677d200cd5e6 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 076/504] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee5..6bd9110c5 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed..ee54a6cff 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From ab8e04094aa966ffed73cb617f747a330854f169 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 077/504] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- {test => tests}/git-scripts/README.md | 4 ++-- {test => tests}/git-scripts/pre-push.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename {test => tests}/git-scripts/README.md (67%) rename {test => tests}/git-scripts/pre-push.sh (100%) diff --git a/test/git-scripts/README.md b/tests/git-scripts/README.md similarity index 67% rename from test/git-scripts/README.md rename to tests/git-scripts/README.md index 6bd9110c5..29d7501b3 100644 --- a/test/git-scripts/README.md +++ b/tests/git-scripts/README.md @@ -4,12 +4,12 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tesst/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` +`ln -s ../../tests/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** diff --git a/test/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh similarity index 100% rename from test/git-scripts/pre-push.sh rename to tests/git-scripts/pre-push.sh From c0fbf784b6b59ff5e1430391a8959cc0902d71c6 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 078/504] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ library/x509_crl.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3d1e0bf2..58ee285a5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/library/x509_crl.c b/library/x509_crl.c index 76c49f135..55d12acd0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -352,14 +352,14 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, return( ret ); } - crl->version++; - - if( crl->version > 2 ) + if( crl->version < 0 || crl->version > 1 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crl->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) From f00baffdc18b251795d99a2bb2a0b96aff41949e Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 10:57:34 +0000 Subject: [PATCH 079/504] Add CSR DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ea56f3fbc..daa92e9ee 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1543,6 +1543,9 @@ X509 CSR ASN.1 (extra data after signature) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CSR ASN.1 (invalid version overflow) +mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 File parse (no issues) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 From fff826cfd60335cb70be4d6d5435d6c4219d0f62 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 11:11:12 +0000 Subject: [PATCH 080/504] Add CRL DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index daa92e9ee..3437a2a22 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1182,6 +1182,12 @@ X509 CRL ASN1 (TBSCertList, no entries) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 +X509 CRL ASN1 (invalid version 2) +x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 CRL ASN1 (invalid version overflow) +x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From 7d97e669f0efb221b036f444ad27cd49167bb6dd Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 15:29:07 +0000 Subject: [PATCH 081/504] Add CRT DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 3437a2a22..b8c902e23 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1118,6 +1118,12 @@ X509 Certificate ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 Certificate ASN1 (invalid version 3) +x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 Certificate ASN1 (invalid version overflow) +x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 7ca4a039554670ce3011a1ef649b54a66e2cc7da Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 082/504] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 58ee285a5..567e98883 100644 --- a/ChangeLog +++ b/ChangeLog @@ -228,6 +228,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509_crt.c b/library/x509_crt.c index 5ec855192..c6209fb40 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -748,14 +748,14 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * return( ret ); } - crt->version++; - - if( crt->version > 3 ) + if( crt->version < 0 || crt->version > 2 ) { mbedtls_x509_crt_free( crt ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crt->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) From 2e65a54d5a2414b8fd3dc36ee1cca3ab9a36586c Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 17 Feb 2017 13:54:43 +0000 Subject: [PATCH 083/504] Prevent signed integer overflow in CSR parsing Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard. --- ChangeLog | 4 ++++ library/x509_csr.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 567e98883..eea691958 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,10 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_csr.c b/library/x509_csr.c index f92b66c58..26a06db4f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */ From 5deb518d052eb395ad38b030ca83c9f9fbd94fd9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 26 Jul 2017 17:25:55 +0100 Subject: [PATCH 084/504] Fix merge errors in ChangeLog --- ChangeLog | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index eea691958..55595640e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -46,10 +30,17 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER encoded X509 CSRs. The overflow would enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, @@ -232,9 +223,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From f85c90a61d00e231849febe35be9d2c87d7a0704 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 27 Jul 2017 15:11:52 +0100 Subject: [PATCH 085/504] Fixes running order of sections in Changelog --- ChangeLog | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 55595640e..55cccd5e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's + X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA + (default: 8) intermediates, even when it was not trusted. Could be + triggered remotely on both sides. (With auth_mode set to required + (default), the handshake was correctly aborted.) + Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -16,6 +24,12 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 Found by James Cowgill. + * Certificate verification functions now set flags to -1 in case the full + chain was not verified due to an internal error (including in the verify + callback) or chain length limitations. + * With authmode set to optional, handshake is now aborted if the + verification of the peer's certificate failed due to an overlong chain or + a fatal error in the vrfy callback. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -42,22 +56,6 @@ Bugfix encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. -Security - * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, - mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's - X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) - -API changes - * Certificate verification functions now set flags to -1 in case the full - chain was not verified due to an internal error (including in the verify - callback) or chain length limitations. - * With authmode set to optional, handshake is now aborted if the - verification of the peer's certificate failed due to an overlong chain or - a fatal error in the vrfy callback. - Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. #708 From 9e24b5184c4d5defdc9af2bdfb37e9bfdc1124ad Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 12:15:13 +0100 Subject: [PATCH 086/504] Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA --- tests/ssl-opt.sh | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d7e0b8c01..92acd4e1f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,7 +2106,7 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -: ${MAX_IM_CA:='20'} +: ${MAX_IM_CA:='19'} MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 34164a83f..0dfdd61c2 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -7,7 +7,7 @@ #include "mbedtls/oid.h" #include "mbedtls/base64.h" -#if MBEDTLS_X509_MAX_INTERMEDIATE_CA >= 19 +#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 #error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ than the current threshold 19. To test larger values, please \ adapt the script tests/data_files/dir-max/long.sh." From f145a9dac20b4ab84888c79dd228ed52d22e4fe2 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 15:59:35 +0100 Subject: [PATCH 087/504] Fix the check for max CA intermediates in ssl-opt.sh The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA so the check has been changed to confirm the default value, and to show an error otherwise. --- tests/ssl-opt.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 92acd4e1f..280fc6348 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,22 +2106,17 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -: ${MAX_IM_CA:='19'} +MAX_IM_CA='8' MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) -if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then +if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then printf "The ${CONFIG_H} file contains a value for the configuration of\n" - printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is greater than the script’s\n" + printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" printf "test value of ${MAX_IM_CA}. \n" printf "\n" - printf "By default, this value cannot be higher as there are insufficient\n" - printf "test certificate files available to test with.\n" + printf "The tests assume this value and if it changes, the tests in this\n" + printf "script should also be adjusted.\n" printf "\n" - printf "To generate additional test certificates use the script:\n" - printf " tests/data_files/dir-maxpath/long.sh\n" - printf "\n" - printf "To test using an alternative value, please set the environment variable\n" - printf "MAX_IM_CA or change the default value in the script tests/ssl-opt.sh.\n" exit 1 fi From 26b9f7d33be8c6f41833eab3ab514416a5e00d58 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 28 Jul 2017 16:36:51 +0100 Subject: [PATCH 088/504] Fix get option in config.pl script --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 2757f17fe..406413bd5 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -205,7 +205,7 @@ for my $line (@config_lines) { $done = 1; } } elsif (!$done && $action eq "get") { - if ($line =~ /^\s*#define\s*$name\s*(.*)\s*\b/) { + if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) { $value = $1; $done = 1; } From e54931f489ad986125c3dfd2642222d3cc742283 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 May 2017 12:04:25 +0200 Subject: [PATCH 089/504] Add "profile" arg to X.509 test function Unused yet, tests using it will be added in the next commit --- tests/suites/test_suite_x509parse.data | 20 ++++++++++---------- tests/suites/test_suite_x509parse.function | 19 ++++++++++++++----- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b8c902e23..a3f0c7e69 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1220,43 +1220,43 @@ mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxp X509 CRT verify chain #1 (zero pathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"" X509 CRT verify chain #2 (zero pathlen root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"" X509 CRT verify chain #3 (nonzero pathlen root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"" X509 CRT verify chain #4 (nonzero pathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"" X509 CRT verify chain #5 (nonzero maxpathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0 +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0:0:"" X509 CRT verify chain #6 (nonzero maxpathlen root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0 +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"" X509 CRT verify chain #7 (maxpathlen root, self signed in path) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0 +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0:0:"" X509 CRT verify chain #8 (self signed maxpathlen root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0 +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"" X509 CRT verify chain #9 (zero pathlen first intermediate, valid) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0 +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0:0:"" X509 CRT verify chain #10 (zero pathlen root, valid) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0 +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0:0:"" X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 0dfdd61c2..48bdee880 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -546,14 +546,15 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result ) +void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, + int flags_result, int result, + char *profile_name ) { char* act; uint32_t flags; - int result, res; + int res; mbedtls_x509_crt trusted, chain; - - result= flags_result?MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:0; + const mbedtls_x509_crt_profile *profile = NULL; mbedtls_x509_crt_init( &chain ); mbedtls_x509_crt_init( &trusted ); @@ -562,7 +563,15 @@ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int fl TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 ); - res = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, NULL, NULL ); + if( strcmp(profile_name, "") == 0 ) + profile = &mbedtls_x509_crt_profile_default; + else if( strcmp(profile_name, "next") == 0 ) + profile = &mbedtls_x509_crt_profile_next; + else if( strcmp(profile_name, "suiteb") == 0 ) + profile = &mbedtls_x509_crt_profile_suiteb; + + res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile, + NULL, &flags, NULL, NULL ); TEST_ASSERT( res == ( result ) ); TEST_ASSERT( flags == (uint32_t)( flags_result ) ); From 9832ceaa2a85b4116df0d26352cac3bab1e13f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 23 May 2017 10:13:40 +0200 Subject: [PATCH 090/504] Set deterministic flags for NULL profile Previously flags was left to whatever value it had before. It's cleaner to make sure it has a definite value, and all bits set looks like the safest way for when it went very wrong. --- tests/suites/test_suite_x509parse.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a3f0c7e69..423c03517 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1258,6 +1258,10 @@ X509 CRT verify chain #10 (zero pathlen root, valid) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0:0:"" +X509 CRT verify chain #11 (valid chain, missing profile) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch" + X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" From 6622fed5246fffee05e9e4a2a5c8b4174f474c21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 23 May 2017 11:29:29 +0200 Subject: [PATCH 091/504] Add tests for profile enforcement Now all checks related to profile are covered in: - verify_with_profile() - verify_child() - verify_top() (that's 10 lines that were previously not covered) Leaving aside profile enforcement in CRLs for now, as the focus is on preparing to refactor cert verification. --- tests/suites/test_suite_x509parse.data | 24 ++++++++++++++++++++++ tests/suites/test_suite_x509parse.function | 22 ++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 423c03517..393dbaba9 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1262,6 +1262,30 @@ X509 CRT verify chain #11 (valid chain, missing profile) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch" +X509 CRT verify chain #12 (suiteb profile, RSA root) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb" + +X509 CRT verify chain #13 (RSA only profile, EC root) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072" + +X509 CRT verify chain #14 (RSA-3072 profile, root key too small) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072" + +X509 CRT verify chain #15 (suiteb profile, rsa intermediate) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb" + +X509 CRT verify chain #16 (RSA-only profile, EC intermediate) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072" + +X509 CRT verify chain #17 (SHA-512 profile) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512" + X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 48bdee880..73727b521 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -28,6 +28,24 @@ const mbedtls_x509_crt_profile compat_profile = 1024, }; +const mbedtls_x509_crt_profile profile_rsa3072 = +{ + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ), + 0, + 3072, +}; + +const mbedtls_x509_crt_profile profile_sha512 = +{ + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + 0xFFFFFFF, /* Any PK alg */ + 0xFFFFFFF, /* Any curve */ + 1024, +}; + int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) { ((void) data); @@ -569,6 +587,10 @@ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, profile = &mbedtls_x509_crt_profile_next; else if( strcmp(profile_name, "suiteb") == 0 ) profile = &mbedtls_x509_crt_profile_suiteb; + else if( strcmp(profile_name, "rsa3072") == 0 ) + profile = &profile_rsa3072; + else if( strcmp(profile_name, "sha512") == 0 ) + profile = &profile_sha512; res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile, NULL, &flags, NULL, NULL ); From 6b9d53f6c88bacc68340f920d6dede2b7a88552e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 23 May 2017 12:26:58 +0200 Subject: [PATCH 092/504] Add ability to test failing vrfy callback --- tests/suites/test_suite_x509parse.data | 34 +++++++++++----------- tests/suites/test_suite_x509parse.function | 21 +++++++++++-- 2 files changed, 36 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 393dbaba9..6f574997d 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1220,71 +1220,71 @@ mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxp X509 CRT verify chain #1 (zero pathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #2 (zero pathlen root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #3 (nonzero pathlen root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #4 (nonzero pathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #5 (nonzero maxpathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0:0:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0:0:"":0 X509 CRT verify chain #6 (nonzero maxpathlen root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0 X509 CRT verify chain #7 (maxpathlen root, self signed in path) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0:0:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0:0:"":0 X509 CRT verify chain #8 (self signed maxpathlen root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0 X509 CRT verify chain #9 (zero pathlen first intermediate, valid) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0:0:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0:0:"":0 X509 CRT verify chain #10 (zero pathlen root, valid) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0:0:"" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0:0:"":0 X509 CRT verify chain #11 (valid chain, missing profile) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch" +mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0 X509 CRT verify chain #12 (suiteb profile, RSA root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb" +mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #13 (RSA only profile, EC root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072" +mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #14 (RSA-3072 profile, root key too small) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072" +mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #15 (suiteb profile, rsa intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb" +mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #16 (RSA-only profile, EC intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072" +mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #17 (SHA-512 profile) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512" +mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0 X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 73727b521..acb40e545 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -66,6 +66,23 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32 return 0; } +int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags ) +{ + int *levels = (int *) data; + + ((void) crt); + ((void) certificate_depth); + + /* Simulate a fatal error in the callback */ + if( *levels & ( 1 << certificate_depth ) ) + { + *flags |= ( 1 << certificate_depth ); + return( -1 ); + } + + return( 0 ); +} + /* strsep() not available on Windows */ char *mystrsep(char **stringp, const char *delim) { @@ -566,7 +583,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result, int result, - char *profile_name ) + char *profile_name, int vrfy_fatal_lvls ) { char* act; uint32_t flags; @@ -593,7 +610,7 @@ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, profile = &profile_sha512; res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile, - NULL, &flags, NULL, NULL ); + NULL, &flags, verify_fatal, &vrfy_fatal_lvls ); TEST_ASSERT( res == ( result ) ); TEST_ASSERT( flags == (uint32_t)( flags_result ) ); From 41859786bed233263222668343db51932ae3a85c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 23 May 2017 12:58:53 +0200 Subject: [PATCH 093/504] Add tests for fatal error in vrfy callback This shows inconsistencies in how flags are handled when callback fails: - sometimes the flags set by the callback are transmitted, sometimes not - when the cert if not trusted, sometimes BADCERT_NOT_TRUSTED is set, sometimes not This adds coverage for 9 lines and 9 branches. Now all lines related to callback failure are covered. --- tests/suites/test_suite_x509parse.data | 32 ++++++++++++++++++++++ tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6f574997d..cd9ec8167 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1286,6 +1286,38 @@ X509 CRT verify chain #17 (SHA-512 profile) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0 +X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C +mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-2:"":2 + +X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C +mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-1:"":1 + +X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca.crt":-1:-1:"":1 + +X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-4:"":8 + +X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-3:"":4 + +X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-2:"":2 + +X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-1:"":1 + +X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8 + X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index acb40e545..c66282f31 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -77,7 +77,7 @@ int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint if( *levels & ( 1 << certificate_depth ) ) { *flags |= ( 1 << certificate_depth ); - return( -1 ); + return( -1 - certificate_depth ); } return( 0 ); From 29d60fb85f2cd31ba1d7e5c40feecee3d0091d22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Jun 2017 10:20:32 +0200 Subject: [PATCH 094/504] Add test for expired cert in longer chain That's two lines that were not covered in verify_child() --- tests/data_files/Makefile | 13 +++++++ tests/data_files/server7-expired.crt | 47 ++++++++++++++++++++++++++ tests/data_files/server7-future.crt | 47 ++++++++++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 +++++ 4 files changed, 115 insertions(+) create mode 100644 tests/data_files/server7-expired.crt create mode 100644 tests/data_files/server7-future.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f7826d435..521e4a29f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -12,6 +12,7 @@ ## Tools OPENSSL ?= openssl +FAKETIME ?= faketime ## Build the generated test data. Note that since the final outputs ## are committed to the repository, this target should do nothing on a @@ -64,6 +65,18 @@ server2-sha256.crt: server2-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ all_final += server2-sha256.crt +test_ca_int_rsa1 = test-int-ca.crt + +server7.csr: server7.key + $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ +all_intermediate += server7.csr +server7-expired.crt: server7.csr $(test_ca_int_rsa1) + $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ +all_final += server7-expired.crt +server7-future.crt: server7.csr $(test_ca_int_rsa1) + $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ +all_final += server7-future.crt + ################################################################ diff --git a/tests/data_files/server7-expired.crt b/tests/data_files/server7-expired.crt new file mode 100644 index 000000000..a25ce4b07 --- /dev/null +++ b/tests/data_files/server7-expired.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTA3MDYwNTA4MTQwM1oXDTE3MDYwNTA4MTQwM1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv +bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBAHcG1ysT8yImc0x3Z2O0SOtSYYjCPS1Gc89j +fWdBSoS5YhPHLgEjHQgDA6XdDNL0eUo3afhucEvSexhqLUABLu89cmi7ST+TsTEb +/lu8qZUgpa1bcMOk1+whl0JllfcDEq2y0aclkO0/6M6JftNNJ3egq2qVBDEszTtY +zcYZIr1o04TNp0fAtmPUH6zjpBkNB0DQyKFhgYPJNwTapj6ZDVi1zBK3wwFfZfgK +s3QvwhWNNbHL4B0sPec/6TiF5dY3SeUM4L8oAGdT7/ELE6E74rFyS/EpjJdVzXDs +FfQvUDPb6PJuWZbr4mNg/FANeGPa3VENcPz+4fj+Azi1vV3wD4OKT7W0zIkRZ+Wq +1hLFuwa/JCSHsn1GWFyWd3+qHIoFJUSU3HNxWho+MZqta0Jx/PGvMdOxnJ2az1QX +TaRwrilvN3KwvjGJ+cvGa7V9x8y9seRHZwfXXOx1ZZ0uEYquZ0jxKpBp/SdhRbA5 +zLmq088npt7tgi+LcrXydorgltBaGZA7P+/OJA2JkbIBBwdSjyfG6T07y4pgQ90h +CeRqzu4jFcZE7mjpTdEyxAQRJa2dhHkhFB7Muq7ZTi3jlml5LZnlbUdPlR5iTgOU +yueZsAAEb//A6EU008WmG/K+EY230JxEUzGNf2l1j1H94HcP9OwjY4bn2PJdVzcb +B8PmaiMB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/data_files/server7-future.crt b/tests/data_files/server7-future.crt new file mode 100644 index 000000000..eeb596fc2 --- /dev/null +++ b/tests/data_files/server7-future.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTI3MDYwNjA4MTQwM1oXDTM3MDYwNjA4MTQwM1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv +bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBAHF4y9PmCUF1yOlBIUCUAAFMZmXJwOGsMNKI +u0+At0sbs+W8J06PVyYt4UxL4TyIxHM6SOvKndFdCQxG7NQY0KU+HBdLVUM1iZy0 +Kopg7yHvEAZ0YWPptgCd10C/wmTz0b0R3cxhSb8FZjlBjNB7dJKhRQsh0za+GMx/ +LXunH/t0oP5an4yO3zTog+4+7bDGGEY7SymQJ9Z8t2gdZpn/r60j9IGhL5XI2BS/ ++cU96DMF3cMmFk24vAfduYicKc8KowhUpGCsIP0bl+TY8Vq6kepBA2lnj7/YOkDs +/f+wIS/Id/hdw9KxRUPX+cQLUt0/C7JktDVudZ5zLt1y0A971R+23ARtJGUBJGSp +5tkVX8+hK8sT6AVOkcvA51IOBsVxmuoWk/WcjBDdOjyIK2JFdbcJYvR8cpRbL+j8 +HdQEu+LorvGp28m3Q5mBTKZLKgyUeQWrbYDqeub1OvYYkuvZPZWFEDP2VYcS7AXN +IoUSTcMyhLNuncQl/z0Jbkto59+il6cQ2HIqkubLBk2X8uwMw2tloROlmklweHqR +ta6aRlLxBMgccJpK7cU5H8TMb6aR9GJGyzQJ2vET3jPBq/uEwbvK8HRVJ7Ld68k6 +ZMCwXGdTeYuDWt0ngAhf+i+GNexJRSLvzRGt18DOrpmj2X3naarNSTfRArm4EINW +WKW7hd8h +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index cd9ec8167..e497869ec 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -411,6 +411,14 @@ X509 Certificate verification #8b (Future Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" +X509 Certificate verification #8c (Expired Cert, longer chain) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" + +X509 Certificate verification #8d (Future Cert, longer chain) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" + X509 Certificate verification #9 (Not trusted Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" From 4dfc04a66f2c8f86d86c6b2dbe0d1c8fba61abd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Jun 2017 11:12:13 +0200 Subject: [PATCH 095/504] Add test for bad signature with longer chain This is one line that wasn't covered in verify_child() --- tests/data_files/Makefile | 5 +-- tests/data_files/server7-badsign.crt | 47 ++++++++++++++++++++++++++ tests/suites/test_suite_x509parse.data | 4 +++ 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/server7-badsign.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 521e4a29f..8cc757a21 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -76,8 +76,9 @@ all_final += server7-expired.crt server7-future.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-future.crt - - +server7-badsign.crt: server7.crt $(test_ca_int_rsa1) + { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt +all_final += server7-badsign.crt ################################################################ #### Meta targets diff --git a/tests/data_files/server7-badsign.crt b/tests/data_files/server7-badsign.crt new file mode 100644 index 000000000..954b53a5b --- /dev/null +++ b/tests/data_files/server7-badsign.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index e497869ec..b0445e083 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -575,6 +575,10 @@ X509 Certificate verification #45 (Corrupted signature, RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" +X509 Certificate verification #45b (Corrupted signature, intermediate CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" + X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" From b341dd58c59f6cb02eb6e042075590ac990cef43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Jun 2017 10:25:43 +0200 Subject: [PATCH 096/504] Add tests for spurious certs in the chain We have code to skip them but didn't have explicit tests ensuring they are (the corresponding branch was never taken). While at it, remove extra copy of the chain in server10*.crt, which was duplicated for no reason. --- tests/data_files/Readme-x509.txt | 2 + tests/data_files/server10_int3_int-ca2.crt | 40 ------------ tests/data_files/server10_int3_int-ca2_ca.crt | 40 ------------ .../server10_int3_spurious_int-ca2.crt | 64 ++++++++++++++++++ tests/data_files/server7_spurious_int-ca.crt | 65 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 +++ 6 files changed, 139 insertions(+), 80 deletions(-) create mode 100644 tests/data_files/server10_int3_spurious_int-ca2.crt create mode 100644 tests/data_files/server7_spurious_int-ca.crt diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index 60b0fd4a2..b56346ab3 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -74,10 +74,12 @@ List of certificates: - server7*.crt: I1 E L P1*: EC signed by RSA signed by EC *P1 except 7.crt, P2 _int-ca_ca2.crt *_space: with PEM error(s) + _spurious: has spurious cert in its chain (S7 + I2 + I1) - server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2) - server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS *CRL for: 9.crt, -badsign, -with-ca (P1) - server10*.crt: I3 E L P2/P3 + _spurious: S10 + I3 + I1(spurious) + I2 Certificate revocation lists ---------------------------- diff --git a/tests/data_files/server10_int3_int-ca2.crt b/tests/data_files/server10_int3_int-ca2.crt index dfe889a70..0df2c653b 100644 --- a/tests/data_files/server10_int3_int-ca2.crt +++ b/tests/data_files/server10_int3_int-ca2.crt @@ -9,46 +9,6 @@ rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ AzO3pJx7WJAApZuBX1Q= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBwjCCAUegAwIBAgIBSTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTEzNDIxOFoXDTI1MDgyOTEzNDIxOFowSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU -ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCB4Aw -CgYIKoZIzj0EAwIDaQAwZgIxAJ9RX38bht+RNsQI2GUpNhC/Y+Tb1OU74O4iEa6+ -CkjBWTpLtHRKVdZq7ST0wk1LsQIxAIUi8L1Vx4DuUP0bJxIX/nuJqlBnBG+qRhSf -VgHKgSyHidpZAJpaRi4IkY504CY/Yg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl -WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 -ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW -BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG diff --git a/tests/data_files/server10_int3_int-ca2_ca.crt b/tests/data_files/server10_int3_int-ca2_ca.crt index e85cc4a2b..c25482b8b 100644 --- a/tests/data_files/server10_int3_int-ca2_ca.crt +++ b/tests/data_files/server10_int3_int-ca2_ca.crt @@ -9,46 +9,6 @@ rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ AzO3pJx7WJAApZuBX1Q= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBwjCCAUegAwIBAgIBSTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTEzNDIxOFoXDTI1MDgyOTEzNDIxOFowSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU -ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCB4Aw -CgYIKoZIzj0EAwIDaQAwZgIxAJ9RX38bht+RNsQI2GUpNhC/Y+Tb1OU74O4iEa6+ -CkjBWTpLtHRKVdZq7ST0wk1LsQIxAIUi8L1Vx4DuUP0bJxIX/nuJqlBnBG+qRhSf -VgHKgSyHidpZAJpaRi4IkY504CY/Yg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl -WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 -ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW -BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG diff --git a/tests/data_files/server10_int3_spurious_int-ca2.crt b/tests/data_files/server10_int3_spurious_int-ca2.crt new file mode 100644 index 000000000..c9d6715f4 --- /dev/null +++ b/tests/data_files/server10_int3_spurious_int-ca2.crt @@ -0,0 +1,64 @@ +-----BEGIN CERTIFICATE----- +MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp +YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD +VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq +oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY +Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io +rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ +AzO3pJx7WJAApZuBX1Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo +ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt +Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt +pz590JvGWfM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl +WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 +ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW +BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw +FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 +yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M +ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf +7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M +CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut +ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +-----END CERTIFICATE----- diff --git a/tests/data_files/server7_spurious_int-ca.crt b/tests/data_files/server7_spurious_int-ca.crt new file mode 100644 index 000000000..632c4fd13 --- /dev/null +++ b/tests/data_files/server7_spurious_int-ca.crt @@ -0,0 +1,65 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl +WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 +ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW +BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw +FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 +yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M +ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf +7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M +CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut +ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b0445e083..092b9e86e 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -747,6 +747,14 @@ X509 Certificate verification #87 (Expired CA and invalid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" +X509 Certificate verification #88 (Spurious cert in the chain) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" + +X509 Certificate verification #89 (Spurious cert later in the chain) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From 42a4d30a0409d6145c129e3df25e4c19d3dc5aae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Jun 2017 10:54:01 +0200 Subject: [PATCH 097/504] Add new test script depends-hashes.pl This is step 1 of a plan to get rid once and for all of missing depends_on in the X509 test suite (step 2 will be RSA/ECDSA, and step 0 was curves.pl). --- tests/scripts/depends-hashes.pl | 71 +++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100755 tests/scripts/depends-hashes.pl diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl new file mode 100755 index 000000000..76e1b730f --- /dev/null +++ b/tests/scripts/depends-hashes.pl @@ -0,0 +1,71 @@ +#!/usr/bin/perl + +# depends-hashes.pl +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# +# To test the code dependencies on individual hashes in each test suite. This +# is a verification step to ensure we don't ship test suites that do not work +# for some build options. +# +# The process is: +# for each possible hash +# build the library and test suites with the hash disabled +# execute the test suites +# +# And any test suite with the wrong dependencies will fail. +# +# Usage: tests/scripts/depends-hashes.pl +# +# This script should be executed from the root of the project directory. + +use warnings; +use strict; + +-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; + +my $config_h = 'include/mbedtls/config.h'; + +# as many SSL options depend on specific hashes, +# and SSL is not in the test suites anyways, +# disable it to avoid dependcies issues +my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; +my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` ); + +my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p'; +my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p'; +my @hashes = split( /\s+/, + `sed -n -e '$mdx_sed_cmd' -e '$sha_sed_cmd' $config_h` ); +system( "cp $config_h $config_h.bak" ) and die; +sub abort { + system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + die $_[0]; +} + +for my $hash (@hashes) { + system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n"; + system( "make clean" ) and die; + + print "\n******************************************\n"; + print "* Testing without hash: $hash\n"; + print "******************************************\n"; + + system( "scripts/config.pl unset $hash" ) + and abort "Failed to disable $hash\n"; + + for my $opt (@ssl) { + system( "scripts/config.pl unset $opt" ) + and abort "Failed to disable $opt\n"; + } + + system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) + and abort "Failed to build lib: $hash\n"; + system( "cd tests && make" ) and abort "Failed to build tests: $hash\n"; + system( "make test" ) and abort "Failed test suite: $hash\n"; +} + +system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n"; +system( "make clean" ) and die; +exit 0; From 1fe6bb9f256e14d382037650d26a451ac3954541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Jun 2017 11:36:16 +0200 Subject: [PATCH 098/504] Fix missing depends_on:SHA/MD in x509 tests --- tests/scripts/all.sh | 4 ++++ tests/suites/test_suite_x509parse.data | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9c5bbfa4..aac78a1b5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -348,6 +348,10 @@ cleanup cmake -D CMAKE_BUILD_TYPE:String=Debug . tests/scripts/curves.pl +msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min +cleanup +tests/scripts/depends-hashes.pl + msg "test/build: key-exchanges (gcc)" # ~ 1 min cleanup cmake -D CMAKE_BUILD_TYPE:String=Check . diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 092b9e86e..5ba02329a 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -199,7 +199,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CRL Malformed Input (trailing spaces at end of file) -depends_on:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA512_C mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT X509 CSR Information RSA with MD4 @@ -1283,7 +1283,7 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0 X509 CRT verify chain #12 (suiteb profile, RSA root) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #13 (RSA only profile, EC root) @@ -1291,7 +1291,7 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384 mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #14 (RSA-3072 profile, root key too small) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #15 (suiteb profile, rsa intermediate) @@ -1299,7 +1299,7 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384 mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #16 (RSA-only profile, EC intermediate) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #17 (SHA-512 profile) From 9ba9dfb1c628df4b3915dfd4deee7a845c6d0173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Jun 2017 11:51:34 +0200 Subject: [PATCH 099/504] Fix usage of {curves,key-exchanges}.pl in all.sh --- tests/scripts/all.sh | 2 -- tests/scripts/curves.pl | 5 ++++- tests/scripts/depends-hashes.pl | 3 +++ tests/scripts/key-exchanges.pl | 19 ++++++++++++++++++- 4 files changed, 25 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index aac78a1b5..160cb45a7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -345,7 +345,6 @@ OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUT msg "test/build: curves.pl (gcc)" # ~ 4 min cleanup -cmake -D CMAKE_BUILD_TYPE:String=Debug . tests/scripts/curves.pl msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min @@ -354,7 +353,6 @@ tests/scripts/depends-hashes.pl msg "test/build: key-exchanges (gcc)" # ~ 1 min cleanup -cmake -D CMAKE_BUILD_TYPE:String=Check . tests/scripts/key-exchanges.pl msg "build: Unix make, -Os (gcc)" # ~ 30s diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index bd13f52cc..f4942c624 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -17,9 +17,12 @@ # # And any test suite with the wrong dependencies will fail. # -# Usage: curves.pl +# Usage: tests/scripts/curves.pl # # This script should be executed from the root of the project directory. +# +# For best effect, run either with cmake disabled, or cmake enabled in a mode +# that includes -Werror. use warnings; use strict; diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index 76e1b730f..f27eb9e1b 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -20,6 +20,9 @@ # Usage: tests/scripts/depends-hashes.pl # # This script should be executed from the root of the project directory. +# +# For best effect, run either with cmake disabled, or cmake enabled in a mode +# that includes -Werror. use warnings; use strict; diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl index 46826c3de..528812a00 100755 --- a/tests/scripts/key-exchanges.pl +++ b/tests/scripts/key-exchanges.pl @@ -1,8 +1,25 @@ #!/usr/bin/perl -# test that all configs with only a single key exchange enabled build +# key-exchanges.pl +# +# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved +# +# Purpose +# +# To test the code dependencies on individual key exchanges in the SSL module. +# is a verification step to ensure we don't ship SSL code that do not work +# for some build options. +# +# The process is: +# for each possible key exchange +# build the library with all but that key exchange disabled # # Usage: tests/scripts/key-exchanges.pl +# +# This script should be executed from the root of the project directory. +# +# For best effect, run either with cmake disabled, or cmake enabled in a mode +# that includes -Werror. use warnings; use strict; From 5be9533cdf5c6f4057a0fd4eb136fcee00ad60f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Jun 2017 12:13:19 +0200 Subject: [PATCH 100/504] Fix depends_on:curve in x509 tests --- tests/suites/test_suite_x509parse.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 5ba02329a..2b91e9997 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1283,7 +1283,7 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0 X509 CRT verify chain #12 (suiteb profile, RSA root) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #13 (RSA only profile, EC root) @@ -1303,7 +1303,7 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384 mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #17 (SHA-512 profile) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0 X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1) From 902bb6a018d05ee4ee0c471724d9640dcc8f835a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Jun 2017 12:42:41 +0200 Subject: [PATCH 101/504] Add new test script depends-pkalgs.pl --- tests/scripts/depends-pkalgs.pl | 84 +++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100755 tests/scripts/depends-pkalgs.pl diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl new file mode 100755 index 000000000..703b41fa4 --- /dev/null +++ b/tests/scripts/depends-pkalgs.pl @@ -0,0 +1,84 @@ +#!/usr/bin/perl + +# depends-pkalgs.pl +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# +# To test the code dependencies on individual PK algs in each test suite. This +# is a verification step to ensure we don't ship test suites that do not work +# for some build options. +# +# The process is: +# for each possible PK alg +# build the library and test suites with that alg disabled +# execute the test suites +# +# And any test suite with the wrong dependencies will fail. +# +# Usage: tests/scripts/depends-pkalgs.pl +# +# This script should be executed from the root of the project directory. +# +# For best effect, run either with cmake disabled, or cmake enabled in a mode +# that includes -Werror. + +use warnings; +use strict; + +-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; + +my $config_h = 'include/mbedtls/config.h'; + +# as many SSL options depend on specific algs +# and SSL is not in the test suites anyways, +# disable it to avoid dependcies issues +my $ssl_sed = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; +my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p'; +my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` ); + +my %algs = ( + 'MBEDTLS_ECDSA_C' => [], + 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'], + 'MBEDTLS_X509_RSASSA_PSS_SUPPORT' => [], + 'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], + 'MBEDTLS_PKCS1_V15' => [], + 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], +); + +system( "cp $config_h $config_h.bak" ) and die; +sub abort { + system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + die $_[0]; +} + +while( my ($alg, $extras) = each %algs ) { + system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n"; + system( "make clean" ) and die; + + print "\n******************************************\n"; + print "* Testing without alg: $alg\n"; + print "******************************************\n"; + + system( "scripts/config.pl unset $alg" ) + and abort "Failed to disable $alg\n"; + for my $opt (@$extras) { + system( "scripts/config.pl unset $opt" ) + and abort "Failed to disable $opt\n"; + } + + for my $opt (@ssl) { + system( "scripts/config.pl unset $opt" ) + and abort "Failed to disable $opt\n"; + } + + system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) + and abort "Failed to build lib: $alg\n"; + system( "cd tests && make" ) and abort "Failed to build tests: $alg\n"; + system( "make test" ) and abort "Failed test suite: $alg\n"; +} + +system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n"; +system( "make clean" ) and die; +exit 0; From 43be6cda4719af291691e684a11e3cdd567953f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Jun 2017 09:53:42 +0200 Subject: [PATCH 102/504] Fix depends_on:pk_alg in test suites --- tests/scripts/all.sh | 4 + tests/suites/test_suite_pk.data | 4 +- tests/suites/test_suite_rsa.function | 7 +- tests/suites/test_suite_x509parse.data | 252 ++++++++++++------------- 4 files changed, 138 insertions(+), 129 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 160cb45a7..f0fa027f0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -351,6 +351,10 @@ msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min cleanup tests/scripts/depends-hashes.pl +msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min +cleanup +tests/scripts/depends-pkalgs.pl + msg "test/build: key-exchanges (gcc)" # ~ 1 min cleanup tests/scripts/key-exchanges.pl diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f6ea378ff..dc24cfdd3 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -139,11 +139,11 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA Check pair #3 (RSA, OK) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0 Check pair #4 (RSA, bad) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED Check pair #5 (RSA vs EC) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d48bc8595..1dd20f280 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -162,6 +162,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); +#if defined(MBEDTLS_PKCS1_V15) /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) { @@ -176,6 +177,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); } +#endif /* MBEDTLS_PKCS1_V15 */ exit: mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); @@ -194,7 +196,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, unsigned char result_str[1000]; unsigned char output[1000]; mbedtls_rsa_context ctx; - size_t hash_len, olen; + size_t hash_len; mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); @@ -214,10 +216,12 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_len, hash_result, result_str ) == correct ); +#if defined(MBEDTLS_PKCS1_V15) /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) { int ok; + size_t olen; TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, @@ -229,6 +233,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, else TEST_ASSERT( ok == 0 ); } +#endif /* MBEDTLS_PKCS1_V15 */ exit: mbedtls_rsa_free( &ctx ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2b91e9997..f3f9df6dc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -63,23 +63,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 Certificate information, NS Cert Type @@ -111,7 +111,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information EC signed by RSA -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" X509 Certificate information Bitstring in subject name @@ -123,11 +123,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n" X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD2 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n" X509 CRL Information MD4 Digest @@ -135,27 +135,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n" X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest @@ -179,75 +179,75 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CRL Malformed Input (trailing spaces at end of file) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT X509 CSR Information RSA with MD4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with MD5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA224 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA256 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA384 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA512 -depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n" X509 CSR Information RSA-PSS with SHA1 @@ -332,27 +332,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA1 mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_to":0 X509 Time Future #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0 X509 Time Future #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1 X509 Time Future #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1 X509 Time Future #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1 X509 Time Future #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_from":0 X509 Time Future #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1 X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN) @@ -360,7 +360,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #2 (Revoked Cert, Expired CRL) @@ -368,7 +368,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #2a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch) @@ -376,7 +376,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #4 (Valid Cert, Expired CRL) @@ -384,7 +384,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #4a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #5 (Revoked Cert) @@ -400,23 +400,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #8 (Valid Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #8a (Expired Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #8b (Future Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #8c (Expired Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #8d (Future Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #9 (Not trusted Cert) @@ -520,35 +520,35 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #32 (Valid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #33 (Valid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #34 (Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #35 (Revoked, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #40 (Valid, depth 0, RSA, CA) @@ -556,7 +556,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C: x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #41 (Valid, depth 0, EC, CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #42 (Depth 0, not CA, RSA) @@ -568,7 +568,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED: x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #44 (Corrupted signature, EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #45 (Corrupted signature, RSA) @@ -576,31 +576,31 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #45b (Corrupted signature, intermediate CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #50 (Valid, multiple CAs) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #51 (Valid, multiple CAs, reverse order) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #52 (CA keyUsage valid) @@ -612,7 +612,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHE x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #55 (CA keyUsage missing keyCertSign) @@ -624,7 +624,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHE x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224) @@ -652,7 +652,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature) @@ -660,7 +660,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults) @@ -688,15 +688,15 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C: x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #73 (selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #74 (signed by selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 Certificate verification #75 (encoding mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #76 (multiple CRLs, not revoked) @@ -716,43 +716,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED: x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #80 (multiple CRLs, first future, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #81 (multiple CRLs, none relevant) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #82 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #83 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #84 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #85 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #86 (Not yet valid CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #87 (Expired CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #88 (Spurious cert in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #89 (Spurious cert later in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification callback: trusted EE cert @@ -776,35 +776,35 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" X509 Certificate verification callback: intermediate ca -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" X509 Certificate verification callback: intermediate ca, root included -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" X509 Certificate verification callback: intermediate ca trusted -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" X509 Certificate verification callback: two intermediates -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" X509 Certificate verification callback: two intermediates, root included -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" X509 Certificate verification callback: two intermediates, top int trusted -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" X509 Certificate verification callback: two intermediates, low int trusted -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" X509 Parse Selftest -depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_selftest: X509 Certificate ASN1 (Incorrect first tag) @@ -1047,15 +1047,15 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (ExtKeyUsage, bad second tag) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (SubjectAltName repeated) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 Certificate ASN1 (ExtKeyUsage repeated) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 Certificate ASN1 (correct pubkey, no sig_alg) @@ -1131,11 +1131,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 X509 Certificate ASN1 (ECDSA signature, EC key) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 X509 Certificate ASN1 (RSA signature, EC key) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 X509 Certificate ASN1 (invalid version 3) @@ -1255,19 +1255,19 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #5 (nonzero maxpathlen intermediate) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0:0:"":0 X509 CRT verify chain #6 (nonzero maxpathlen root) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0 X509 CRT verify chain #7 (maxpathlen root, self signed in path) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0:0:"":0 X509 CRT verify chain #8 (self signed maxpathlen root) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0 X509 CRT verify chain #9 (zero pathlen first intermediate, valid) @@ -1283,7 +1283,7 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0 X509 CRT verify chain #12 (suiteb profile, RSA root) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #13 (RSA only profile, EC root) @@ -1291,19 +1291,19 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384 mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #14 (RSA-3072 profile, root key too small) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #15 (suiteb profile, rsa intermediate) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #16 (RSA-only profile, EC intermediate) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #17 (SHA-512 profile) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0 X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1) @@ -1407,31 +1407,31 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 X509 crt extendedKeyUsage #1 (no extension, serverAuth) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.crt":"2B06010505070301":0 X509 crt extendedKeyUsage #2 (single value, present) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2B06010505070301":0 X509 crt extendedKeyUsage #3 (single value, absent) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2B06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt extendedKeyUsage #4 (two values, first) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070301":0 X509 crt extendedKeyUsage #5 (two values, second) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070302":0 X509 crt extendedKeyUsage #6 (two values, other) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt extendedKeyUsage #7 (any, random) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2B060105050703FF":0 X509 RSASSA-PSS parameters ASN1 (good, all defaults) @@ -1546,7 +1546,7 @@ X509 RSASSA-PSS parameters ASN1 (trailerField not 1) x509_parse_rsassa_pss_params:"A303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG X509 CSR ASN.1 (OK) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0 X509 CSR ASN.1 (bad first tag) @@ -1592,66 +1592,66 @@ X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong) mbedtls_x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad attributes: missing) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad attributes: bad tag) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad attributes: overlong) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: missing) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: not a sequence) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad sigAlg: overlong) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: unknown) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG X509 CSR ASN.1 (bad sig: missing) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sig: not a bit string) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad sig: overlong) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (extra data after signature) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CSR ASN.1 (invalid version overflow) mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 File parse (no issues) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 X509 File parse (extra space in one certificate) -depends_on:MBEDTLS_ECP_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C x509parse_crt_file:"data_files/server7_pem_space.crt":1 X509 File parse (all certificates fail) -depends_on:MBEDTLS_ECP_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER X509 File parse (trailing spaces, OK) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C x509parse_crt_file:"data_files/server7_trailing_space.crt":0 X509 Get time (UTC no issues) From 602544e659d373acb66bbacfdc83ecac1bba3081 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Jun 2017 10:49:24 +0200 Subject: [PATCH 103/504] Fix usage of CFLAGS with cmake in all.sh With cmake, CFLAGS has to be set when invoking cmake, not make (which totally ignores the value of CFLAGS when it runs and only keeps the one from cmake). Also, in that case the flags were either redundant (-Werror etc) or wrong (-std=c99 -pedantic) as some parts of the library will not build with -pedantic (see the other -pedantic tests, which are correct, for what needs to be disabled). --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f0fa027f0..4057f46e4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -326,16 +326,16 @@ OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min tests/ssl-opt.sh -msg "build: cmake, full config, clang, C99" # ~ 50s +msg "build: cmake, full config, clang" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . -CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' make +make msg "test: main suites (full config)" # ~ 5s -CFLAGS='-Werror -Wall -Wextra' make test +make test msg "test: ssl-opt.sh default (full config)" # ~ 1s tests/ssl-opt.sh -f Default From a4a206e834f576e3c7d242d5354995b80c466326 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Jun 2017 09:35:44 +0200 Subject: [PATCH 104/504] Clarify documentation for directly-trusted certs The fact that self-signed end-entity certs can be explicitly trusted by putting them in the CA list even if they don't have the CA bit was not documented though it's intentional, and tested by "Certificate verification #73 (selfsigned trusted without CA bit)" in test_suite_x509parse.data It is unclear to me whether the restriction that explicitly trusted end-entity certs must be self-signed is a good one. However, it seems intentional as it is tested in tests #42 and #43, so I'm not touching it for now. --- include/mbedtls/ssl.h | 4 ++++ include/mbedtls/x509_crt.h | 9 ++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc0007006..ff1cca447 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1586,6 +1586,10 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, /** * \brief Set the data required to verify peer certificate * + * \note See \c mbedtls_x509_verify() for notes regarding the + * parameters ca_chain (maps to trust_ca for that function) + * and ca_crl. + * * \param conf SSL configuration * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) * \param ca_crl trusted CA CRLs diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 06166d8b1..c589a5e17 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -286,8 +286,15 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * used to sign the certificate, CRL verification is skipped * silently, that is *without* setting any flag. * + * \note The \c trust_ca list can contain two type of certificates: + * (1) those of trusted root CAs, so that certificates + * chaining up to those CAs will be trusted, and (2) + * self-signed end-entity certificates to be trusted (for + * specific peers you know) - in that case, the self-signed + * certificate doens't need to have the CA bit set. + * * \param crt a certificate (chain) to be verified - * \param trust_ca the list of trusted CAs + * \param trust_ca the list of trusted CAs (see note above) * \param ca_crl the list of CRLs for trusted CAs (see note above) * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) From 329e78c7fa7bd3d10a4b4bd937a773560801749e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Jun 2017 12:22:17 +0200 Subject: [PATCH 105/504] Improve handling of md errors in X.509 md() already checks for md_info == NULL. Also, in the future it might also return other errors (eg hardware errors if acceleration is used), so it make more sense to check its return value than to check for NULL ourselves and then assume no other error can occur. Also, currently, md_info == NULL can never happen except if the MD and OID modules get out of sync, or if the user messes with members of the x509_crt structure directly. This commit does not change the current behaviour, which is to treat MD errors the same way as a bad signature or no trusted root. --- library/x509_crt.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c6209fb40..1adf8bfd1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1675,17 +1675,13 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCRL_BAD_PK; md_info = mbedtls_md_info_from_type( crl_list->sig_md ); - if( md_info == NULL ) + if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 ) { - /* - * Cannot check 'unknown' hash - */ + /* Note: this can't happen except after an internal error */ flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } - mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ); - if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 ) flags |= MBEDTLS_X509_BADCERT_BAD_KEY; @@ -1930,15 +1926,12 @@ static int x509_crt_verify_top( *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; md_info = mbedtls_md_info_from_type( child->sig_md ); - if( md_info == NULL ) + if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) { - /* - * Cannot check 'unknown', no need to try any CA - */ + /* Note: this can't happen except after an internal error */ + /* Cannot check signature, no need to try any CA */ trust_ca = NULL; } - else - mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ); for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next ) { From ffa42efa1ccc4622533818262553094220c52784 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Jun 2017 12:29:29 +0200 Subject: [PATCH 106/504] Add ability to test flags value in vrfy callback So far there was no test ensuring that the flags passed to the vrfy callback are correct (ie the flags for the current certificate, not including those of the parent). Actual tests case making use of that test function will be added in the next commit. --- tests/suites/test_suite_x509parse.data | 24 +++++++++++----------- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f3f9df6dc..94eac42cd 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -757,51 +757,51 @@ x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca. X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" +x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x0000\n" X509 Certificate verification callback: simple depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" X509 Certificate verification callback: two trusted roots depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" X509 Certificate verification callback: two trusted roots, reversed order depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" X509 Certificate verification callback: root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n" +x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" X509 Certificate verification callback: intermediate ca depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" +x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: intermediate ca, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" +x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: intermediate ca trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n" +x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two intermediates depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two intermediates, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two intermediates, top int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two intermediates, low int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" X509 Parse Selftest depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c66282f31..9bc682176 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -145,7 +145,7 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n" ); + ret = mbedtls_snprintf( p, n, " - flags 0x%04x\n", *flags ); MBEDTLS_X509_SAFE_SNPRINTF; ctx->p = p; From bc313017a52e595e7eb89c695f54e5937dc96686 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Jun 2017 12:51:52 +0200 Subject: [PATCH 107/504] Add tests for flags passed to f_vrfy The tests cover chains of length 0, 1 and 2, with one error, located at any of the available levels in the chain. This exercises all three call sites of f_vrfy (two in verify_top, one in verify_child). Chains of greater length would not cover any new code path or behaviour that I can see. --- tests/data_files/Makefile | 18 ++++++++++ tests/data_files/server5-ss-expired.crt | 12 +++++++ tests/data_files/server7_int-ca-exp.crt | 47 +++++++++++++++++++++++++ tests/data_files/test-ca2-expired.crt | 13 +++++++ tests/data_files/test-int-ca-exp.crt | 24 +++++++++++++ tests/suites/test_suite_x509parse.data | 24 +++++++++++++ 6 files changed, 138 insertions(+) create mode 100644 tests/data_files/server5-ss-expired.crt create mode 100644 tests/data_files/server7_int-ca-exp.crt create mode 100644 tests/data_files/test-ca2-expired.crt create mode 100644 tests/data_files/test-int-ca-exp.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 8cc757a21..7476bf784 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -45,6 +45,16 @@ test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@ all_final += test-ca-sha256.crt +test_ca_crt_file_ec = test-ca2.crt +test_ca_key_file_ec = test-ca2.key + +test-int-ca.csr: test-int-ca.key $(test_ca_config_file) + $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ +all_intermediate += test-int-ca.csr +test-int-ca-exp.crt: $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr + $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ +all_final += test-int-ca-exp.crt + cli_crt_key_file_rsa = cli-rsa.key cli_crt_extensions_file = cli.opensslconf @@ -79,6 +89,14 @@ all_final += server7-future.crt server7-badsign.crt: server7.crt $(test_ca_int_rsa1) { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt all_final += server7-badsign.crt +server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt + cat server7.crt test-int-ca-exp.crt > $@ +all_final += server7_int-ca-exp.crt + +server5-ss-expired.crt: server5.key + $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ +all_final += server5-ss-expired.crt + ################################################################ #### Meta targets diff --git a/tests/data_files/server5-ss-expired.crt b/tests/data_files/server5-ss-expired.crt new file mode 100644 index 000000000..287ce9820 --- /dev/null +++ b/tests/data_files/server5-ss-expired.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIJANhkYQXjo814MAoGCCqGSM49BAMCMEgxCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzESMBAGA1UECwwJdGVzdHN1aXRlMRIwEAYD +VQQDDAlsb2NhbGhvc3QwHhcNMDcwNjI3MDkyNzE1WhcNMTcwNjI3MDkyNzE1WjBI +MQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMxEjAQBgNVBAsMCXRlc3Rz +dWl0ZTESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d +Fr2KiMJrdw1VzYoqDvoByLTt/6NQME4wHQYDVR0OBBYEFFBhpY/UB9nXggEM5WV/ +jGNGpxO+MB8GA1UdIwQYMBaAFFBhpY/UB9nXggEM5WV/jGNGpxO+MAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgIAQ47gmTsbA8pphQ1jBeLQDp7W99qr6P +oTl7/vYSJJcCICxNSJGLrNu8TfWLhgJiRsozMR9jGhp+tse1rlGUUJL6 +-----END CERTIFICATE----- diff --git a/tests/data_files/server7_int-ca-exp.crt b/tests/data_files/server7_int-ca-exp.crt new file mode 100644 index 000000000..fc0051772 --- /dev/null +++ b/tests/data_files/server7_int-ca-exp.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX +Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep +773Ap7Gxpk168id1EFhvW22YabKs +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt new file mode 100644 index 000000000..22e4797f3 --- /dev/null +++ b/tests/data_files/test-ca2-expired.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca-exp.crt b/tests/data_files/test-int-ca-exp.crt new file mode 100644 index 000000000..c549654b0 --- /dev/null +++ b/tests/data_files/test-int-ca-exp.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX +Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep +773Ap7Gxpk168id1EFhvW22YabKs +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 94eac42cd..24e7d7ad3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -759,10 +759,22 @@ X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x0000\n" +X509 Certificate verification callback: trusted EE cert, expired +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x0001\n" + X509 Certificate verification callback: simple depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +X509 Certificate verification callback: simple, EE expired +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" + +X509 Certificate verification callback: simple, root expired +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" + X509 Certificate verification callback: two trusted roots depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" @@ -787,6 +799,18 @@ X509 Certificate verification callback: intermediate ca trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +X509 Certificate verification callback: intermediate ca, EE expired +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" + +X509 Certificate verification callback: intermediate ca, int expired +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" + +X509 Certificate verification callback: intermediate ca, root expired +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" + X509 Certificate verification callback: two intermediates depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" From d0922776835ef63f20671594231983b1a98d335b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Jun 2017 13:26:43 +0200 Subject: [PATCH 108/504] Add test for profile on trusted EE cert --- tests/suites/test_suite_x509parse.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 24e7d7ad3..8f4daa999 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1314,6 +1314,10 @@ X509 CRT verify chain #13 (RSA only profile, EC root) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 +X509 CRT verify chain #13 (RSA only profile, EC trusted EE) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 + X509 CRT verify chain #14 (RSA-3072 profile, root key too small) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 From c10afdb3229b7cd8cc52a23cf8d539a4b54743aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 29 Jun 2017 09:48:08 +0200 Subject: [PATCH 109/504] Add test for CA forgery attempt As we accept EE certs that are explicitly trusted (in the list of trusted roots) and usually look for parent by subject, and in the future we might want to avoid checking the self-signature on trusted certs, there could a risk that we incorrectly accept a cert that looks like a trusted root except it doesn't have the same key. This test ensures this will never happen. --- tests/data_files/Makefile | 7 +++++++ tests/data_files/server5-ss-forgeca.crt | 11 +++++++++++ tests/data_files/test-ca.opensslconf | 3 +++ tests/suites/test_suite_x509parse.data | 4 ++++ 4 files changed, 25 insertions(+) create mode 100644 tests/data_files/server5-ss-forgeca.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7476bf784..e0f7b9d2a 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -97,6 +97,13 @@ server5-ss-expired.crt: server5.key $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ all_final += server5-ss-expired.crt +# try to forge a copy of test-int-ca3 with different key +server5-ss-forgeca.crt: server5.key + $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ +all_final += server5-ss-forgeca.crt + + + ################################################################ #### Meta targets diff --git a/tests/data_files/server5-ss-forgeca.crt b/tests/data_files/server5-ss-forgeca.crt new file mode 100644 index 000000000..bfd7b706a --- /dev/null +++ b/tests/data_files/server5-ss-forgeca.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBlDCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp +YXRlIENBIDMwHhcNMTUwOTAxMTIwODQzWhcNMjUwODI5MTIwODQzWjBKMQswCQYD +VQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRl +c3QgaW50ZXJtZWRpYXRlIENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3 +zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI +wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kA +MEYCIQDF5pY54AUMNbhy3jk+8sdgsZS6bmeH/QI4D0I6UiIhXQIhAO7Y8V7Z8bx2 +gZyyk/wZpswb53ZaIP2XsJiJ/CPMCCVq +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index 12835dfa5..343d75eca 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -11,3 +11,6 @@ commonName = PolarSSL Test CA subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true + +[noext_ca] +basicConstraints = CA:true diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 8f4daa999..3bc4cc2b5 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -755,6 +755,10 @@ X509 Certificate verification #89 (Spurious cert later in the chain) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" +X509 Certificate verification #90 (EE with same name as trusted root) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"default":"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x0000\n" From 2d825d42bb2ec644d03e8a57be72ab762843e18b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 18:06:38 +0200 Subject: [PATCH 110/504] Add test for same CA with different keys When a trusted CA is rolling its root keys, it could happen that for some users the list of trusted roots contains two versions of the same CA with the same name but different keys. Currently this is supported but wasn't tested. Note: the intermediate file test-ca-alt.csr is commited on purpose, as not commiting intermediate files causes make to regenerate files that we don't want it to touch. --- tests/data_files/Makefile | 17 +++++++++++ tests/data_files/test-ca-alt-good.crt | 42 ++++++++++++++++++++++++++ tests/data_files/test-ca-alt.crt | 21 +++++++++++++ tests/data_files/test-ca-alt.csr | 16 ++++++++++ tests/data_files/test-ca-alt.key | 27 +++++++++++++++++ tests/data_files/test-ca-good-alt.crt | 42 ++++++++++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 +++++ 7 files changed, 173 insertions(+) create mode 100644 tests/data_files/test-ca-alt-good.crt create mode 100644 tests/data_files/test-ca-alt.crt create mode 100644 tests/data_files/test-ca-alt.csr create mode 100644 tests/data_files/test-ca-alt.key create mode 100644 tests/data_files/test-ca-good-alt.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index e0f7b9d2a..3c7fd41b3 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -45,6 +45,23 @@ test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@ all_final += test-ca-sha256.crt +test_ca_key_file_rsa_alt = test-ca-alt.key + +$(test_ca_key_file_rsa_alt): + $(OPENSSL) genrsa -out $@ 2048 +test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) + $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ +all_intermediate += test-ca-alt.csr +test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr + $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ +all_final += test-ca-alt.crt +test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt + cat test-ca-alt.crt test-ca-sha256.crt > $@ +all_final += test-ca-alt-good.crt +test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt + cat test-ca-sha256.crt test-ca-alt.crt > $@ +all_final += test-ca-good-alt.crt + test_ca_crt_file_ec = test-ca2.crt test_ca_key_file_ec = test-ca2.key diff --git a/tests/data_files/test-ca-alt-good.crt b/tests/data_files/test-ca-alt-good.crt new file mode 100644 index 000000000..50c145358 --- /dev/null +++ b/tests/data_files/test-ca-alt-good.crt @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT +/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1 +wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ +aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7 +He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB +UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj +gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA +FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE +CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV +dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud +X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3 +zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl +QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT +n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA +FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE +CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j +4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w +XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB +G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57 +ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY +n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-alt.crt b/tests/data_files/test-ca-alt.crt new file mode 100644 index 000000000..7399e43d8 --- /dev/null +++ b/tests/data_files/test-ca-alt.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT +/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1 +wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ +aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7 +He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB +UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj +gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA +FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE +CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV +dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud +X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3 +zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl +QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT +n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-alt.csr b/tests/data_files/test-ca-alt.csr new file mode 100644 index 000000000..898c9e6a1 --- /dev/null +++ b/tests/data_files/test-ca-alt.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgDCCAWgCAQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAtnK4qxQhSmuSeMseIAvvz3tpJCKaE/0hL83n8SfLIjyZdl0FQ61B +XpzQvFM8PO/92e7Vt7iynm5+fvkBFWA7c+RwFn3JNcMGpxhS+p6B8O6oEOWpOhzK +IqTwoQ+2emymwUYMdiFSqCG2l4dEJieKpWmHPayhmWh/b5rOacD8A05UKp5vlXpx +uk4RWo1i3i/zJb3BneKSxwFoy+kthNL1OVkEeq3r+x3vaXbQ/7yzt9Jzjyeibg6f +tYAeVCJtfoz/VsPDrEFSRxsqe9vXbyLxInIKfDUjQVAbQWR6UlSTPgT5cyqVyFW4 +iO6VNNat8btJpXr3lMy9LRNJ/WE+biHHpwIDAQABoAAwDQYJKoZIhvcNAQELBQAD +ggEBAGHWUwqKMe+XwZ44u+1RKsH3jCXmxkBW4rwJwqtkrW8dzjCqFGmQoJeFivOA +o0TPchkpQXGUNssFPbXZZsq7OBt1hPkH7wMxknztu+D4F9wJ2Oxpy8x44WeUr3pI +rnl/VivUaywiIPMwR3W+7IIFTmzKfcSYf0l6uv4/A8BiSvtI4U9InfSvU+ENHuNH +rb0ynhYEqy9NHA2exD0A/gQb40CAHtJL+sTVTRgxOx8xT8K8WAQufk0HSB6iel6M +I+6VLnVjGJ5P/t6zPI4jcLzyg4V9DS282a/SadRFGc0uwPWxJW906BO5g6PNMaA8 +BdcuWaWwa2KQ/LuUCmumy+fC68E= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/test-ca-alt.key b/tests/data_files/test-ca-alt.key new file mode 100644 index 000000000..84b8fab60 --- /dev/null +++ b/tests/data_files/test-ca-alt.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtnK4qxQhSmuSeMseIAvvz3tpJCKaE/0hL83n8SfLIjyZdl0F +Q61BXpzQvFM8PO/92e7Vt7iynm5+fvkBFWA7c+RwFn3JNcMGpxhS+p6B8O6oEOWp +OhzKIqTwoQ+2emymwUYMdiFSqCG2l4dEJieKpWmHPayhmWh/b5rOacD8A05UKp5v +lXpxuk4RWo1i3i/zJb3BneKSxwFoy+kthNL1OVkEeq3r+x3vaXbQ/7yzt9Jzjyei +bg6ftYAeVCJtfoz/VsPDrEFSRxsqe9vXbyLxInIKfDUjQVAbQWR6UlSTPgT5cyqV +yFW4iO6VNNat8btJpXr3lMy9LRNJ/WE+biHHpwIDAQABAoIBAAT6+rmI0iPS7euo +N8lOKhyy1LrsyuHyzf4dE9DMckob92B4x5UCXL91bmlFqGZNctOJJoJeY1nZ0FAt +Ae+Qce8G9FxY0K5MBZl4G4PF4ewux522dzkj4gyyDfOHl0aeQqsR+3MaE8SNLwvR +4HVeLPW4/L0dQkgKxzfHtQzD/N0mMW2/iywyiLYmvLBSHl3eZ+te0Q+5/JEm8fjU +FkVytSvJ6Z/c5U2PR0N6ampVgB7X7Uf6nEhDJW21q+u85JC60ujIn7TEZKd4bfIM +dMZF8LFczSzQ4mWISfhfRKVRew457tJalA/8qwg14jeggEuiDBE1FnR2f/JdHA9I +e/VyrnkCgYEA32bBltrgz9V6Z1x9XD2+T2aot/u1XHORM7EPZJMA9gP4wMBcbyy8 +zdpGf1hrJX3JMoKBDy6Xty8Cs9WJytWUwfwd92Sz01It4XeLsIeqYBq51gjGN+Fp +auw/8zifKdAEPMJXNhUX9sSuUz1LaT6wFI3vatWliliMPPbdgyoRmKMCgYEA0RIj ++huEwNkHWEaj47aDafekpRoVs81IjUjrXx6c0cabco10YR+TPX9+dwmjV4O5Y2f2 +Ph+ivXlPiOpf7Psx0PFlMPawWeoKIZjKPR92bMiLDXC0uF9frTujKm7VRNbAVjFE +7tvrVJnoDITSHMGXMui69o844klJUMwNpGFOcS0CgYEAkENaBiHIBU5VIgQvC+7v +Q3UGxPCtmEsk3B2d1BO+DiBYdZiC2GQqdEBdQAUIBAjrcUunLfenj2qzMxBVT/+G +dZJqg4SrP26VJEE/mrqxAiigEyBNaG6O1bZEQbsxxR2IbvgMu2b5t6gg7q3pUchi +ipNxpSrcIK+3t/Ku7vGutUMCgYEAl5t0A1YZOk8nCFiRV/tt6FXwStlTi4L9bZbH +N77XMTe4WaVCE3v2Jc5iQqf2juuyb+dfpUUDmipyBnMPBKZTRZUHMC5zS4BvwFUv +sosyMUhrrV9hbaGbm993ProIZVblOpuXxS4sxLimkQ1v3/JyVjR1/310XoOOaszN +x7nYTDECgYEAoLAWorWXzAO5GOAc3sf51dtTNnm2gJQ8v4FlJ0kWrjStUmb+aLR0 +20MCjIDuW/zWP5bVcD+pw8YW6UN0C5m45vTpUQgF59Ic1UMC+0H4z31N+QafaRfJ +yk5Nd2sIrJSkwuI23CnEh5khhiNTE2zvgNaHs5vkJu57xDxjg0GH45k= +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/test-ca-good-alt.crt b/tests/data_files/test-ca-good-alt.crt new file mode 100644 index 000000000..9edf4c228 --- /dev/null +++ b/tests/data_files/test-ca-good-alt.crt @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA +FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE +CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j +4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w +XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB +G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57 +ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY +n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT +/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1 +wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ +aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7 +He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB +UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj +gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA +FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE +CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV +dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud +X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3 +zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl +QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT +n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw== +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 3bc4cc2b5..7112162bc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -759,6 +759,14 @@ X509 Certificate verification #90 (EE with same name as trusted root) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"default":"NULL" +X509 Certificate verification #91 (same CA with good then bad key) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C +x509_verify:"data_files/server1.crt":"data_files/test-ca-good-alt.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" + +X509 Certificate verification #91 (same CA with bad then good key) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C +x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x0000\n" From a656825aef07724da9f6d3917176b3277ab660f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Jul 2017 18:14:38 +0200 Subject: [PATCH 111/504] Add test for bad name and callback This ensures that the callback can actually clear that flag, and that it is seen by the callback at the right level. This flag is not set at the same place than others, and this difference will get bigger in the upcoming refactor, so let's ensure we don't break anything here. --- tests/suites/test_suite_x509parse.data | 44 +++++++++++++--------- tests/suites/test_suite_x509parse.function | 7 +++- 2 files changed, 31 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 7112162bc..2a6ab71d8 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -767,77 +767,85 @@ X509 Certificate verification #91 (same CA with bad then good key) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" +X509 Certificate verification #92 (bad name, allowing callback) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"default":"verify_all" + +X509 Certificate verification callback: bad name +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0004\n" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x0000\n" +x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x0000\n" X509 Certificate verification callback: trusted EE cert, expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x0001\n" X509 Certificate verification callback: simple depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" X509 Certificate verification callback: simple, EE expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" X509 Certificate verification callback: simple, root expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two trusted roots depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" X509 Certificate verification callback: two trusted roots, reversed order depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" X509 Certificate verification callback: root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" X509 Certificate verification callback: intermediate ca depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: intermediate ca, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: intermediate ca trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: intermediate ca, EE expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" X509 Certificate verification callback: intermediate ca, int expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: intermediate ca, root expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two intermediates depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two intermediates, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two intermediates, top int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" X509 Certificate verification callback: two intermediates, low int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" X509 Parse Selftest depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 9bc682176..eadda6413 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -316,7 +316,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_verify_callback( char *crt_file, char *ca_file, +void x509_verify_callback( char *crt_file, char *ca_file, char *name, int exp_ret, char *exp_vrfy_out ) { int ret; @@ -332,9 +332,12 @@ void x509_verify_callback( char *crt_file, char *ca_file, TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); + if( strcmp( name, "NULL" ) == 0 ) + name = NULL; + ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL, &compat_profile, - NULL, &flags, + name, &flags, verify_print, &vrfy_ctx ); TEST_ASSERT( ret == exp_ret ); From 9bc860c3ad85741b2c278acf3e76da0830d24d7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 14 Jul 2017 11:32:38 +0200 Subject: [PATCH 112/504] Add test for callback and bad signatures Our current behaviour is a bit inconsistent here: - when the bad signature is made by a trusted CA, we stop here and don't include the trusted CA in the chain (don't call vrfy on it) - otherwise, we just add NOT_TRUSTED to the flags but keep building the chain and call vrfy on the upper certs --- tests/suites/test_suite_x509parse.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2a6ab71d8..1922439fb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -847,6 +847,14 @@ X509 Certificate verification callback: two intermediates, low int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +X509 Certificate verification callback: no intermediate, bad signature +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0008\n" + +X509 Certificate verification callback: one intermediate, bad signature +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0008\n" + X509 Parse Selftest depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_selftest: From 35407c7764da7998adbd13ce2efeef5c7802af59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 29 Jun 2017 10:45:25 +0200 Subject: [PATCH 113/504] Add comments on chain verification cases This is the beginning of a series of commits refactoring the chain building/verification functions in order to: - make it simpler to understand and work with - prepare integration of restartable ECC --- library/x509_crt.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index 1adf8bfd1..09ad19239 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1893,6 +1893,27 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, return( 0 ); } +/* + * Verify a certificate no parent inside the chain + * (either the parent is a trusted root, or there is no parent) + * + * See comments for mbedtls_x509_crt_verify_with_profile() + * (also for notation used belowe) + * + * This function is called in two cases: + * - child was found to have a parent in trusted roots, in which case we're + * called with trust_ca pointing directly to that parent (not the full list) + * - this happens in cases 1, 2 and 3 of the comment on verify() + * - case 1 is special as child and trust_ca point to copies of the same + * certificate then + * - child was found to have no parent either in the chain or in trusted CAs + * - this is cases 4 and 5 of the comment on verify() + * + * For historical reasons, the function currently does not assume that + * trust_ca points directly to the right root in the first case, and it + * doesn't know in which case it starts, so it always starts by searching for + * a parent in trust_ca. + */ static int x509_crt_verify_top( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, @@ -2033,6 +2054,11 @@ static int x509_crt_verify_top( return( 0 ); } +/* + * Verify a certificate with a parent inside the chain + * + * See comments for mbedtls_x509_crt_verify_with_profile() + */ static int x509_crt_verify_child( mbedtls_x509_crt *child, mbedtls_x509_crt *parent, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, @@ -2182,6 +2208,30 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, /* * Verify the certificate validity, with profile + * + * The chain building/verification is spread accross 4 functions: + * - this one + * - x509_crt_verify_child() + * - x509_crt_verify_top() + * - x509_crt_check_parent() + * + * There are five main cases to consider. Let's introduce some notation: + * - E means the end-entity certificate + * - I and intermediate CA + * - R the trusted root CA this chain anchors to + * - T the list of trusted roots (R and possible some others) + * + * The main cases with the calling sequence of the crt_verify_xxx() are: + * 1. E = R (explicitly trusted EE cert) + * verify(E, T) -> verify_top(E, R) + * 2. E -> R (EE signed by trusted root) + * verify(E, T) -> verify_top(E, R) + * 3. E -> I -> R (EE signed by intermediate signed by trusted root) + * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, R) + * 4. E -> I (EE signed by intermediate that's not trusted) + * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, T) + * 5. E (EE not trusted) + * verify(E, T) -> verify_top(E, T) */ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, From b8acfd2ba82b0cf5d46363a45f57e298f867f519 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 29 Jun 2017 11:32:44 +0200 Subject: [PATCH 114/504] Fix calls to check_parent() When we're looking for a parent, in trusted CAs, 'top' should be 1. This only impacted which call site for verify_top() was chosen, and the error was then fixed inside verify_top() by iterating over CAs again, this time correctly setting 'top' to 1. --- library/x509_crt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 09ad19239..a5cf45098 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2130,7 +2130,7 @@ static int x509_crt_verify_child( grandparent = grandparent->next ) { if( x509_crt_check_parent( parent, grandparent, - 0, path_cnt == 0 ) == 0 ) + 1, path_cnt == 0 ) == 0 ) break; } @@ -2321,7 +2321,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, /* Look for a parent in trusted CAs */ for( parent = trust_ca; parent != NULL; parent = parent->next ) { - if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) + if( x509_crt_check_parent( crt, parent, 1, pathlen == 0 ) == 0 ) break; } From c61e5c930484140f4c6961cd68bfe55d64f5d77e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 29 Jun 2017 11:47:06 +0200 Subject: [PATCH 115/504] Don't search twice for a non-existing parent --- library/x509_crt.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index a5cf45098..332c02daa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1906,13 +1906,13 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * - this happens in cases 1, 2 and 3 of the comment on verify() * - case 1 is special as child and trust_ca point to copies of the same * certificate then - * - child was found to have no parent either in the chain or in trusted CAs + * - child was found to have no parent either in the chain or in trusted CAs, + * in which case we're called with trust_ca set to NULL * - this is cases 4 and 5 of the comment on verify() * * For historical reasons, the function currently does not assume that - * trust_ca points directly to the right root in the first case, and it - * doesn't know in which case it starts, so it always starts by searching for - * a parent in trust_ca. + * trust_ca points directly to the right root in the first case, so it always + * starts by searching for a parent in trust_ca. */ static int x509_crt_verify_top( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, @@ -1946,6 +1946,10 @@ static int x509_crt_verify_top( */ *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + /* Special case #1: no root, stop here */ + if( trust_ca == NULL ) + goto callback; + md_info = mbedtls_md_info_from_type( child->sig_md ); if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) { @@ -2042,6 +2046,7 @@ static int x509_crt_verify_top( } } +callback: /* Call callback on top cert */ if( NULL != f_vrfy ) { @@ -2173,7 +2178,7 @@ static int x509_crt_verify_child( } else { - ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile, + ret = x509_crt_verify_top( parent, NULL, ca_crl, profile, path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) @@ -2349,7 +2354,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, } else { - ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile, + ret = x509_crt_verify_top( crt, NULL, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) goto exit; From 17f4a6a609af0eb3ad2c580e11d1bdb28d201eb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 29 Jun 2017 11:57:01 +0200 Subject: [PATCH 116/504] Take shortcut for directly trusted EE cert This is a slight change of behaviour in that the previous condition was: - same subject - signature matches while the new condition is: - exact same certificate However the documentation for mbedtls_x509_crt_verify() (note on trust_ca) mentions the new condition, so code that respected the documentation will keep working. In addition, this is a bit faster as it doesn't check the self-signature (which never needs to be checked for certs in the trusted list). --- library/x509_crt.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 332c02daa..be5a87ef3 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1924,7 +1924,6 @@ static int x509_crt_verify_top( { int ret; uint32_t ca_flags = 0; - int check_path_cnt; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; mbedtls_x509_crt *future_past_ca = NULL; @@ -1950,6 +1949,14 @@ static int x509_crt_verify_top( if( trust_ca == NULL ) goto callback; + /* Special case #2: child == trust_ca: trust and that's it */ + if( child->raw.len == trust_ca->raw.len && + memcmp( child->raw.p, trust_ca->raw.p, child->raw.len ) == 0 ) + { + *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED; + goto callback; + } + md_info = mbedtls_md_info_from_type( child->sig_md ); if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) { @@ -1963,22 +1970,9 @@ static int x509_crt_verify_top( if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 ) continue; - check_path_cnt = path_cnt + 1; - - /* - * Reduce check_path_cnt to check against if top of the chain is - * the same as the trusted CA - */ - if( child->subject_raw.len == trust_ca->subject_raw.len && - memcmp( child->subject_raw.p, trust_ca->subject_raw.p, - child->issuer_raw.len ) == 0 ) - { - check_path_cnt--; - } - /* Self signed certificates do not count towards the limit */ if( trust_ca->max_pathlen > 0 && - trust_ca->max_pathlen < check_path_cnt - self_cnt ) + trust_ca->max_pathlen < 1 + path_cnt - self_cnt ) { continue; } @@ -2018,10 +2012,7 @@ static int x509_crt_verify_top( * to the callback for any issues with validity and CRL presence for the * trusted CA certificate. */ - if( trust_ca != NULL && - ( child->subject_raw.len != trust_ca->subject_raw.len || - memcmp( child->subject_raw.p, trust_ca->subject_raw.p, - child->issuer_raw.len ) != 0 ) ) + if( trust_ca != NULL ) { #if defined(MBEDTLS_X509_CRL_PARSE_C) /* Check trusted CA's CRL for the chain's top crt */ From 2f1c33dc33b0671fc378b4dad4b7c0d691839b63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 29 Jun 2017 12:27:23 +0200 Subject: [PATCH 117/504] Factor repeated code into function There are 3 instance that were replaced, but 2 instances of variants of this function exist and will be handled next (the extra parameter that isn't used so far is in preparation for that): - one in verify_child() where path_cnt constraint is handled too - one in verify_top() where there is extra logic to skip parents that are expired or future, but only if there are better parents to be found --- library/x509_crt.c | 44 ++++++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index be5a87ef3..1913dd987 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1893,6 +1893,30 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, return( 0 ); } +/* + * Find a suitable parent for child in candidates + */ +static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, + mbedtls_x509_crt *candidates, + int top, + int path_cnt, + int self_cnt ) +{ + mbedtls_x509_crt *parent; + + (void) self_cnt; + + for( parent = candidates; parent != NULL; parent = parent->next ) + { + if( x509_crt_check_parent( child, parent, top, path_cnt == 0 ) != 0 ) + continue; + + break; + } + + return parent; +} + /* * Verify a certificate no parent inside the chain * (either the parent is a trusted root, or there is no parent) @@ -2121,14 +2145,8 @@ static int x509_crt_verify_child( #endif /* Look for a grandparent in trusted CAs */ - for( grandparent = trust_ca; - grandparent != NULL; - grandparent = grandparent->next ) - { - if( x509_crt_check_parent( parent, grandparent, - 1, path_cnt == 0 ) == 0 ) - break; - } + /* path_cnt +1 because current step is not yet accounted for */ + grandparent = x509_crt_find_parent( parent, trust_ca, 1, path_cnt + 1, self_cnt ); if( grandparent != NULL ) { @@ -2315,11 +2333,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Look for a parent in trusted CAs */ - for( parent = trust_ca; parent != NULL; parent = parent->next ) - { - if( x509_crt_check_parent( crt, parent, 1, pathlen == 0 ) == 0 ) - break; - } + parent = x509_crt_find_parent( crt, trust_ca, 1, pathlen, 0 ); if( parent != NULL ) { @@ -2331,9 +2345,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, else { /* Look for a parent upwards the chain */ - for( parent = crt->next; parent != NULL; parent = parent->next ) - if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) - break; + parent = x509_crt_find_parent( crt, crt->next, 0, pathlen, 0 ); /* Are we part of the chain or at the top? */ if( parent != NULL ) From 9c6118c498c13be6a2fadd7f79ec2b577fb5450f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 29 Jun 2017 12:38:42 +0200 Subject: [PATCH 118/504] Factor one more occurrence of code into function This may look like a behaviour change because one check has been added to the function that was previously done in only one of the 3 call sites. However it is not, because: - for the 2 call sites in verify(), the test always succeeds as path_cnt is 0. - for the call site in verify_child(), the same test was done later anyway in verify_top() --- library/x509_crt.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 1913dd987..ee79e893c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1904,13 +1904,18 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, { mbedtls_x509_crt *parent; - (void) self_cnt; - for( parent = candidates; parent != NULL; parent = parent->next ) { if( x509_crt_check_parent( child, parent, top, path_cnt == 0 ) != 0 ) continue; + /* +1 because stored max_pathlen is 1 higher that the actual value */ + if( parent->max_pathlen > 0 && + parent->max_pathlen < 1 + path_cnt - self_cnt ) + { + continue; + } + break; } @@ -2158,23 +2163,9 @@ static int x509_crt_verify_child( else { /* Look for a grandparent upwards the chain */ - for( grandparent = parent->next; - grandparent != NULL; - grandparent = grandparent->next ) - { - /* +2 because the current step is not yet accounted for - * and because max_pathlen is one higher than it should be. - * Also self signed certificates do not count to the limit. */ - if( grandparent->max_pathlen > 0 && - grandparent->max_pathlen < 2 + path_cnt - self_cnt ) - { - continue; - } - - if( x509_crt_check_parent( parent, grandparent, - 0, path_cnt == 0 ) == 0 ) - break; - } + /* path_cnt +1 because current step is not yet accounted for */ + grandparent = x509_crt_find_parent( parent, parent->next, 0, + path_cnt + 1, self_cnt ); /* Is our parent part of the chain or at the top? */ if( grandparent != NULL ) From 3e329b8e8da608174828d7f4a21eea10868c9966 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 29 Jun 2017 12:55:27 +0200 Subject: [PATCH 119/504] Add badtime-skipping feature to new function This is from the morally 5th (and soon obsolete) invocation of this function in verify_top(). Doing this badtime-skipping when we search for a parent in the provided chain is a change of behaviour, but it's backwards-compatible: it can only cause us to accept valid chains that we used to reject before. Eg if the peer has a chain with two version of an intermediate certificate with different validity periods, the first non valid and the second valid - such cases are probably rare or users would have complained already, but it doesn't hurt to handle it properly as it allows for more uniform code. --- library/x509_crt.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index ee79e893c..7f181a602 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1894,7 +1894,23 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, } /* - * Find a suitable parent for child in candidates + * Find a suitable parent for child in candidates, or return NULL. + * + * Here suitable is defined as: + * - subject name matches child's issuer + * - if necessary, the CA bit is set and key usage allows signing certs + * - pathlen constraints are satisfied + * + * Stop at the first suitable candidate, except if it's not time-valid (not + * expired nor future) *and* there is a later suitable candidate that is + * time-valid. + * + * The rationale for this rule is that someone could have a list of trusted + * roots with two versions on the same root with different validity periods. + * (At least one user reported having such a list and wanted it to just work.) + * The reason we don't just require time-validity is that generally there is + * only one version, and if it's expired we want the flags to state that + * rather than NOT_TRUSTED, as would be the case if we required it here. */ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, @@ -1902,7 +1918,7 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, int path_cnt, int self_cnt ) { - mbedtls_x509_crt *parent; + mbedtls_x509_crt *parent, *badtime_parent = NULL; for( parent = candidates; parent != NULL; parent = parent->next ) { @@ -1916,9 +1932,21 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, continue; } + if( mbedtls_x509_time_is_past( &parent->valid_to ) || + mbedtls_x509_time_is_future( &parent->valid_from ) ) + { + if( badtime_parent == NULL ) + badtime_parent = parent; + + continue; + } + break; } + if( parent == NULL ) + parent = badtime_parent; + return parent; } From 2f09d59456f1f9152ec6e6360d4b068d486e236e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 18:30:43 +0200 Subject: [PATCH 120/504] Add badkey-skipping to find_parent() This is the last step towards removing the now-duplicated parent-searching code in verify_top() --- library/x509_crt.c | 40 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 7f181a602..10ace0ee7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -27,6 +27,8 @@ * * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf + * + * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -1897,9 +1899,10 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * Find a suitable parent for child in candidates, or return NULL. * * Here suitable is defined as: - * - subject name matches child's issuer - * - if necessary, the CA bit is set and key usage allows signing certs - * - pathlen constraints are satisfied + * 1. subject name matches child's issuer + * 2. if necessary, the CA bit is set and key usage allows signing certs + * 3. for trusted roots, the signature is correct + * 4. pathlen constraints are satisfied * * Stop at the first suitable candidate, except if it's not time-valid (not * expired nor future) *and* there is a later suitable candidate that is @@ -1911,6 +1914,12 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * The reason we don't just require time-validity is that generally there is * only one version, and if it's expired we want the flags to state that * rather than NOT_TRUSTED, as would be the case if we required it here. + * + * The rationale for rule 3 (signature for trusted roots) is that users might + * have two versions of the same CA with different keys in their list, and the + * way we select the correct one is by checking the signature. (This is one + * way users might choose to handle key rollover, the other one relies on + * self-issued certs, see [SIRO].) */ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, @@ -1919,9 +1928,12 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, int self_cnt ) { mbedtls_x509_crt *parent, *badtime_parent = NULL; + const mbedtls_md_info_t *md_info; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; for( parent = candidates; parent != NULL; parent = parent->next ) { + /* basic parenting skills (name, CA bit, key usage) */ if( x509_crt_check_parent( child, parent, top, path_cnt == 0 ) != 0 ) continue; @@ -1932,6 +1944,25 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, continue; } + /* Signature */ + if( top ) + { + md_info = mbedtls_md_info_from_type( child->sig_md ); + if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) + { + /* Note: this can't happen except after an internal error */ + continue; + } + + if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, + child->sig_md, hash, mbedtls_md_get_size( md_info ), + child->sig.p, child->sig.len ) != 0 ) + { + continue; + } + } + + /* optionnal time check */ if( mbedtls_x509_time_is_past( &parent->valid_to ) || mbedtls_x509_time_is_future( &parent->valid_from ) ) { @@ -2126,7 +2157,8 @@ static int x509_crt_verify_child( mbedtls_x509_crt *grandparent; const mbedtls_md_info_t *md_info; - /* Counting intermediate self signed certificates */ + /* Counting intermediate self-issued (not necessarily self-signed) certs + * These can occur with some strategies for key rollover, see [SIRO] */ if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) self_cnt++; From 6038cb6909e2b5ca50e68a3f4efe6c33373c118a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 18:45:13 +0200 Subject: [PATCH 121/504] Remove duplicate parent-searching in verify_top() --- library/x509_crt.c | 41 ++--------------------------------------- 1 file changed, 2 insertions(+), 39 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 10ace0ee7..b1288e848 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2016,6 +2016,8 @@ static int x509_crt_verify_top( const mbedtls_md_info_t *md_info; mbedtls_x509_crt *future_past_ca = NULL; + (void) self_cnt; + if( mbedtls_x509_time_is_past( &child->valid_to ) ) *flags |= MBEDTLS_X509_BADCERT_EXPIRED; @@ -2045,45 +2047,6 @@ static int x509_crt_verify_top( goto callback; } - md_info = mbedtls_md_info_from_type( child->sig_md ); - if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) - { - /* Note: this can't happen except after an internal error */ - /* Cannot check signature, no need to try any CA */ - trust_ca = NULL; - } - - for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next ) - { - if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 ) - continue; - - /* Self signed certificates do not count towards the limit */ - if( trust_ca->max_pathlen > 0 && - trust_ca->max_pathlen < 1 + path_cnt - self_cnt ) - { - continue; - } - - if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, - child->sig_md, hash, mbedtls_md_get_size( md_info ), - child->sig.p, child->sig.len ) != 0 ) - { - continue; - } - - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) || - mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) - { - if ( future_past_ca == NULL ) - future_past_ca = trust_ca; - - continue; - } - - break; - } - if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) { /* From 32fdc60c7bdcf9f94226442a986bfca0bd260141 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 18:57:51 +0200 Subject: [PATCH 122/504] Unnest code in verify_top() We now know that trust_ca != NULL till the end of the function --- library/x509_crt.c | 62 +++++++++++++++++----------------------------- 1 file changed, 23 insertions(+), 39 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index b1288e848..26c40bd79 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2012,9 +2012,6 @@ static int x509_crt_verify_top( { int ret; uint32_t ca_flags = 0; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; - mbedtls_x509_crt *future_past_ca = NULL; (void) self_cnt; @@ -2030,66 +2027,53 @@ static int x509_crt_verify_top( if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_PK; - /* - * Child is the top of the chain. Check against the trust_ca list. - */ - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - /* Special case #1: no root, stop here */ if( trust_ca == NULL ) + { + *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; goto callback; + } /* Special case #2: child == trust_ca: trust and that's it */ if( child->raw.len == trust_ca->raw.len && memcmp( child->raw.p, trust_ca->raw.p, child->raw.len ) == 0 ) { - *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED; goto callback; } - if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL ) - { - /* - * Top of chain is signed by a trusted CA - */ - *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED; - - if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - } - /* - * If top of chain is not the same as the trusted CA send a verify request - * to the callback for any issues with validity and CRL presence for the - * trusted CA certificate. + * General case: we have a trusted root, distinct from child */ - if( trust_ca != NULL ) - { + + /* this wasn't checked by find_parent() */ + if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) + *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + + /* Check trusted CA's CRL for the chain's top crt */ #if defined(MBEDTLS_X509_CRL_PARSE_C) - /* Check trusted CA's CRL for the chain's top crt */ - *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile ); + *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile ); #else - ((void) ca_crl); + ((void) ca_crl); #endif - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) - ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; + /* Check time-validity of the parent */ + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) + ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; - if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) - ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; + if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; - if( NULL != f_vrfy ) + /* Call callback on trusted root */ + if( NULL != f_vrfy ) + { + if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 ) { - if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, - &ca_flags ) ) != 0 ) - { - return( ret ); - } + return( ret ); } } callback: - /* Call callback on top cert */ + /* Call callback on child */ if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 ) From f82a4d5aba2d4fad4581ae5154dd033d57be6ab8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 19:26:25 +0200 Subject: [PATCH 123/504] Factor duplicated code into function --- library/x509_crt.c | 69 +++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 38 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 26c40bd79..de9a05d31 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1849,6 +1849,32 @@ static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b return( 0 ); } +/* + * Check the signature of a certificate by its parent + */ +static int x509_crt_check_signature( const mbedtls_x509_crt *child, + mbedtls_x509_crt *parent ) +{ + const mbedtls_md_info_t *md_info; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; + + md_info = mbedtls_md_info_from_type( child->sig_md ); + if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) + { + /* Note: this can't happen except after an internal error */ + return( -1 ); + } + + if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, + child->sig_md, hash, mbedtls_md_get_size( md_info ), + child->sig.p, child->sig.len ) != 0 ) + { + return( -1 ); + } + + return( 0 ); +} + /* * Check if 'parent' is a suitable parent (signing CA) for 'child'. * Return 0 if yes, -1 if not. @@ -1928,8 +1954,6 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, int self_cnt ) { mbedtls_x509_crt *parent, *badtime_parent = NULL; - const mbedtls_md_info_t *md_info; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; for( parent = candidates; parent != NULL; parent = parent->next ) { @@ -1945,21 +1969,9 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, } /* Signature */ - if( top ) + if( top && x509_crt_check_signature( child, parent ) != 0 ) { - md_info = mbedtls_md_info_from_type( child->sig_md ); - if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) - { - /* Note: this can't happen except after an internal error */ - continue; - } - - if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, - child->sig_md, hash, mbedtls_md_get_size( md_info ), - child->sig.p, child->sig.len ) != 0 ) - { - continue; - } + continue; } /* optionnal time check */ @@ -2100,9 +2112,7 @@ static int x509_crt_verify_child( { int ret; uint32_t parent_flags = 0; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_x509_crt *grandparent; - const mbedtls_md_info_t *md_info; /* Counting intermediate self-issued (not necessarily self-signed) certs * These can occur with some strategies for key rollover, see [SIRO] */ @@ -2128,28 +2138,11 @@ static int x509_crt_verify_child( if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_PK; - md_info = mbedtls_md_info_from_type( child->sig_md ); - if( md_info == NULL ) - { - /* - * Cannot check 'unknown' hash - */ + if( x509_crt_check_signature( child, parent ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - } - else - { - mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ); - if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - - if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, - child->sig_md, hash, mbedtls_md_get_size( md_info ), - child->sig.p, child->sig.len ) != 0 ) - { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - } - } + if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) + *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; #if defined(MBEDTLS_X509_CRL_PARSE_C) /* Check trusted CA's CRL for the given crt */ From 8f8c282de9398e42afa5fc9ea97da8af7a7f9992 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 21:25:10 +0200 Subject: [PATCH 124/504] Merge near-duplicated (grand)parent finding code Besides avoiding near-duplication, this avoids having three generations of certificate (child, parent, grandparent) in one function, with all the off-by-one opportunities that come with it. This also allows to simplify the signature of verify_child(), which will be done in next commit. --- library/x509_crt.c | 99 +++++++++++++++------------------------------- 1 file changed, 31 insertions(+), 68 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index de9a05d31..63d1289eb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2112,7 +2112,29 @@ static int x509_crt_verify_child( { int ret; uint32_t parent_flags = 0; - mbedtls_x509_crt *grandparent; + mbedtls_x509_crt *grandparent = NULL; + + (void) parent; + + /* Look for a parent in trusted CAs */ + parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt ); + + /* Found one? Let verify_top() handle that case */ + if( parent != NULL ) + { + return( x509_crt_verify_top( child, parent, ca_crl, profile, + path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) ); + } + + /* Look for a parent upwards the chain */ + parent = x509_crt_find_parent( child, child->next, 0, path_cnt, 0 ); + + /* No parent at all? Let verify_top() handle that case */ + if( parent == NULL ) + { + return( x509_crt_verify_top( child, NULL, ca_crl, profile, + path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) ); + } /* Counting intermediate self-issued (not necessarily self-signed) certs * These can occur with some strategies for key rollover, see [SIRO] */ @@ -2149,42 +2171,12 @@ static int x509_crt_verify_child( *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); #endif - /* Look for a grandparent in trusted CAs */ - /* path_cnt +1 because current step is not yet accounted for */ - grandparent = x509_crt_find_parent( parent, trust_ca, 1, path_cnt + 1, self_cnt ); - - if( grandparent != NULL ) - { - ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile, - path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); - if( ret != 0 ) - return( ret ); - } - else - { - /* Look for a grandparent upwards the chain */ - /* path_cnt +1 because current step is not yet accounted for */ - grandparent = x509_crt_find_parent( parent, parent->next, 0, - path_cnt + 1, self_cnt ); - - /* Is our parent part of the chain or at the top? */ - if( grandparent != NULL ) - { - ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, - profile, path_cnt + 1, self_cnt, &parent_flags, - f_vrfy, p_vrfy ); - if( ret != 0 ) - return( ret ); - } - else - { - ret = x509_crt_verify_top( parent, NULL, ca_crl, profile, - path_cnt + 1, self_cnt, &parent_flags, - f_vrfy, p_vrfy ); - if( ret != 0 ) - return( ret ); - } - } + /* verify the rest of the chain starting from parent */ + ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, + profile, path_cnt + 1, self_cnt, &parent_flags, + f_vrfy, p_vrfy ); + if( ret != 0 ) + return( ret ); /* child is verified to be a child of the parent, call verify callback */ if( NULL != f_vrfy ) @@ -2323,37 +2315,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - /* Look for a parent in trusted CAs */ - parent = x509_crt_find_parent( crt, trust_ca, 1, pathlen, 0 ); - - if( parent != NULL ) - { - ret = x509_crt_verify_top( crt, parent, ca_crl, profile, - pathlen, selfsigned, flags, f_vrfy, p_vrfy ); - if( ret != 0 ) - goto exit; - } - else - { - /* Look for a parent upwards the chain */ - parent = x509_crt_find_parent( crt, crt->next, 0, pathlen, 0 ); - - /* Are we part of the chain or at the top? */ - if( parent != NULL ) - { - ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile, - pathlen, selfsigned, flags, f_vrfy, p_vrfy ); - if( ret != 0 ) - goto exit; - } - else - { - ret = x509_crt_verify_top( crt, NULL, ca_crl, profile, - pathlen, selfsigned, flags, f_vrfy, p_vrfy ); - if( ret != 0 ) - goto exit; - } - } + ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile, + pathlen, selfsigned, flags, f_vrfy, p_vrfy ); exit: /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by From 58dcd2d9b27bb059a5398c960d179f0b2b7da4dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 21:35:04 +0200 Subject: [PATCH 125/504] Get rid of unused variables/arguments --- library/x509_crt.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 63d1289eb..3e1877f7c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2103,7 +2103,7 @@ callback: * See comments for mbedtls_x509_crt_verify_with_profile() */ static int x509_crt_verify_child( - mbedtls_x509_crt *child, mbedtls_x509_crt *parent, + mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, int path_cnt, int self_cnt, uint32_t *flags, @@ -2111,10 +2111,8 @@ static int x509_crt_verify_child( void *p_vrfy ) { int ret; + mbedtls_x509_crt *parent; uint32_t parent_flags = 0; - mbedtls_x509_crt *grandparent = NULL; - - (void) parent; /* Look for a parent in trusted CAs */ parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt ); @@ -2172,7 +2170,7 @@ static int x509_crt_verify_child( #endif /* verify the rest of the chain starting from parent */ - ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, + ret = x509_crt_verify_child( parent, trust_ca, ca_crl, profile, path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) @@ -2240,8 +2238,6 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, { size_t cn_len; int ret; - int pathlen = 0, selfsigned = 0; - mbedtls_x509_crt *parent; mbedtls_x509_name *name; mbedtls_x509_sequence *cur = NULL; mbedtls_pk_type_t pk_type; @@ -2315,8 +2311,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile, - pathlen, selfsigned, flags, f_vrfy, p_vrfy ); + ret = x509_crt_verify_child( crt, trust_ca, ca_crl, profile, + 0, 0, flags, f_vrfy, p_vrfy ); exit: /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by From 66fac75f8b0bfac336267e6dba1b19fd080999e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 21:39:21 +0200 Subject: [PATCH 126/504] Merge duplicated checks between child() and top() --- library/x509_crt.c | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 3e1877f7c..899660f13 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2027,18 +2027,6 @@ static int x509_crt_verify_top( (void) self_cnt; - if( mbedtls_x509_time_is_past( &child->valid_to ) ) - *flags |= MBEDTLS_X509_BADCERT_EXPIRED; - - if( mbedtls_x509_time_is_future( &child->valid_from ) ) - *flags |= MBEDTLS_X509_BADCERT_FUTURE; - - if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_MD; - - if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_PK; - /* Special case #1: no root, stop here */ if( trust_ca == NULL ) { @@ -2114,6 +2102,18 @@ static int x509_crt_verify_child( mbedtls_x509_crt *parent; uint32_t parent_flags = 0; + if( mbedtls_x509_time_is_past( &child->valid_to ) ) + *flags |= MBEDTLS_X509_BADCERT_EXPIRED; + + if( mbedtls_x509_time_is_future( &child->valid_from ) ) + *flags |= MBEDTLS_X509_BADCERT_FUTURE; + + if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) + *flags |= MBEDTLS_X509_BADCERT_BAD_MD; + + if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) + *flags |= MBEDTLS_X509_BADCERT_BAD_PK; + /* Look for a parent in trusted CAs */ parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt ); @@ -2146,18 +2146,6 @@ static int x509_crt_verify_child( return( MBEDTLS_ERR_X509_FATAL_ERROR ); } - if( mbedtls_x509_time_is_past( &child->valid_to ) ) - *flags |= MBEDTLS_X509_BADCERT_EXPIRED; - - if( mbedtls_x509_time_is_future( &child->valid_from ) ) - *flags |= MBEDTLS_X509_BADCERT_FUTURE; - - if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_MD; - - if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_PK; - if( x509_crt_check_signature( child, parent ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; From b9983be73ac28212befc6d84afa74769e87fe518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 22:51:07 +0200 Subject: [PATCH 127/504] Move one special case from verify_top() to child() --- library/x509_crt.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 899660f13..7a5ebef7e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2000,15 +2000,12 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, * See comments for mbedtls_x509_crt_verify_with_profile() * (also for notation used belowe) * - * This function is called in two cases: + * This function is called in one circumstance with two sub-cases: * - child was found to have a parent in trusted roots, in which case we're * called with trust_ca pointing directly to that parent (not the full list) * - this happens in cases 1, 2 and 3 of the comment on verify() * - case 1 is special as child and trust_ca point to copies of the same * certificate then - * - child was found to have no parent either in the chain or in trusted CAs, - * in which case we're called with trust_ca set to NULL - * - this is cases 4 and 5 of the comment on verify() * * For historical reasons, the function currently does not assume that * trust_ca points directly to the right root in the first case, so it always @@ -2027,14 +2024,7 @@ static int x509_crt_verify_top( (void) self_cnt; - /* Special case #1: no root, stop here */ - if( trust_ca == NULL ) - { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - goto callback; - } - - /* Special case #2: child == trust_ca: trust and that's it */ + /* Special case: child == trust_ca: trust and that's it */ if( child->raw.len == trust_ca->raw.len && memcmp( child->raw.p, trust_ca->raw.p, child->raw.len ) == 0 ) { @@ -2127,11 +2117,11 @@ static int x509_crt_verify_child( /* Look for a parent upwards the chain */ parent = x509_crt_find_parent( child, child->next, 0, path_cnt, 0 ); - /* No parent at all? Let verify_top() handle that case */ + /* No parent at all? We're done here */ if( parent == NULL ) { - return( x509_crt_verify_top( child, NULL, ca_crl, profile, - path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) ); + *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + goto callback; } /* Counting intermediate self-issued (not necessarily self-signed) certs @@ -2164,7 +2154,8 @@ static int x509_crt_verify_child( if( ret != 0 ) return( ret ); - /* child is verified to be a child of the parent, call verify callback */ +callback: + /* chain upwards of child done, call callback on child */ if( NULL != f_vrfy ) if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 ) return( ret ); From 784aee33667adcc5d971018c2fa3321da096fdd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 23:04:06 +0200 Subject: [PATCH 128/504] Move other special case from top() to child() --- library/x509_crt.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 7a5ebef7e..afd2d3ea4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1994,22 +1994,14 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, } /* - * Verify a certificate no parent inside the chain - * (either the parent is a trusted root, or there is no parent) + * Verify a certificate whose parent is a trusted root * * See comments for mbedtls_x509_crt_verify_with_profile() - * (also for notation used belowe) + * (also for notation used below) * - * This function is called in one circumstance with two sub-cases: - * - child was found to have a parent in trusted roots, in which case we're - * called with trust_ca pointing directly to that parent (not the full list) - * - this happens in cases 1, 2 and 3 of the comment on verify() - * - case 1 is special as child and trust_ca point to copies of the same - * certificate then - * - * For historical reasons, the function currently does not assume that - * trust_ca points directly to the right root in the first case, so it always - * starts by searching for a parent in trust_ca. + * This function is called when child was found to have a parent in trusted roots, + * and trust_ca pointing directly to that parent (not the full list). + * - this happens in cases 2 and 3 of the comment on verify() */ static int x509_crt_verify_top( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, @@ -2024,17 +2016,6 @@ static int x509_crt_verify_top( (void) self_cnt; - /* Special case: child == trust_ca: trust and that's it */ - if( child->raw.len == trust_ca->raw.len && - memcmp( child->raw.p, trust_ca->raw.p, child->raw.len ) == 0 ) - { - goto callback; - } - - /* - * General case: we have a trusted root, distinct from child - */ - /* this wasn't checked by find_parent() */ if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; @@ -2062,7 +2043,6 @@ static int x509_crt_verify_top( } } -callback: /* Call callback on child */ if( NULL != f_vrfy ) { @@ -2110,6 +2090,13 @@ static int x509_crt_verify_child( /* Found one? Let verify_top() handle that case */ if( parent != NULL ) { + /* Special case: child == trust_ca: trust and that's it */ + if( child->raw.len == trust_ca->raw.len && + memcmp( child->raw.p, trust_ca->raw.p, child->raw.len ) == 0 ) + { + goto callback; + } + return( x509_crt_verify_top( child, parent, ca_crl, profile, path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) ); } From 6e786747fbe32111f383fc16b190328ea07d7b7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 23:47:44 +0200 Subject: [PATCH 129/504] Move top()'s checks on child to child() --- library/x509_crt.c | 48 ++++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index afd2d3ea4..bae12c0cb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2015,17 +2015,8 @@ static int x509_crt_verify_top( uint32_t ca_flags = 0; (void) self_cnt; - - /* this wasn't checked by find_parent() */ - if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - - /* Check trusted CA's CRL for the chain's top crt */ -#if defined(MBEDTLS_X509_CRL_PARSE_C) - *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile ); -#else ((void) ca_crl); -#endif + (void) profile; /* Check time-validity of the parent */ if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) @@ -2071,6 +2062,7 @@ static int x509_crt_verify_child( int ret; mbedtls_x509_crt *parent; uint32_t parent_flags = 0; + int parent_is_trusted = 0; if( mbedtls_x509_time_is_past( &child->valid_to ) ) *flags |= MBEDTLS_X509_BADCERT_EXPIRED; @@ -2097,18 +2089,19 @@ static int x509_crt_verify_child( goto callback; } - return( x509_crt_verify_top( child, parent, ca_crl, profile, - path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) ); + parent_is_trusted = 1; } - - /* Look for a parent upwards the chain */ - parent = x509_crt_find_parent( child, child->next, 0, path_cnt, 0 ); - - /* No parent at all? We're done here */ - if( parent == NULL ) + else { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - goto callback; + /* Look for a parent upwards the chain */ + parent = x509_crt_find_parent( child, child->next, 0, path_cnt, 0 ); + + /* No parent at all? We're done here */ + if( parent == NULL ) + { + *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + goto callback; + } } /* Counting intermediate self-issued (not necessarily self-signed) certs @@ -2116,14 +2109,17 @@ static int x509_crt_verify_child( if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) self_cnt++; - /* path_cnt is 0 for the first intermediate CA */ - if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) + /* path_cnt is 0 for the first intermediate CA, + * and if parent is trusted it's not an intermediate CA */ + if( ! parent_is_trusted && + 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { /* return immediately as the goal is to avoid unbounded recursion */ return( MBEDTLS_ERR_X509_FATAL_ERROR ); } - if( x509_crt_check_signature( child, parent ) != 0 ) + /* if parent is trusted, the signature was checked by find_parent() */ + if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) @@ -2134,6 +2130,12 @@ static int x509_crt_verify_child( *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); #endif + if( parent_is_trusted ) + { + return( x509_crt_verify_top( child, parent, ca_crl, profile, + path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) ); + } + /* verify the rest of the chain starting from parent */ ret = x509_crt_verify_child( parent, trust_ca, ca_crl, profile, path_cnt + 1, self_cnt, &parent_flags, From 63642776b13d11edbf0ba898b8a34563365d9411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 Jul 2017 23:57:11 +0200 Subject: [PATCH 130/504] Let verify_top() handle only the parent It felt wrong for it to call the vrfy callback on two certs. --- library/x509_crt.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index bae12c0cb..5a41ee51c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2017,6 +2017,7 @@ static int x509_crt_verify_top( (void) self_cnt; ((void) ca_crl); (void) profile; + (void) child; /* Check time-validity of the parent */ if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) @@ -2034,13 +2035,6 @@ static int x509_crt_verify_top( } } - /* Call callback on child */ - if( NULL != f_vrfy ) - { - if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 ) - return( ret ); - } - *flags |= ca_flags; return( 0 ); @@ -2132,14 +2126,16 @@ static int x509_crt_verify_child( if( parent_is_trusted ) { - return( x509_crt_verify_top( child, parent, ca_crl, profile, - path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) ); + ret = x509_crt_verify_top( child, parent, ca_crl, profile, + path_cnt, self_cnt, &parent_flags, f_vrfy, p_vrfy ); + } + else + { + /* verify the rest of the chain starting from parent */ + ret = x509_crt_verify_child( parent, trust_ca, ca_crl, + profile, path_cnt + 1, self_cnt, &parent_flags, + f_vrfy, p_vrfy ); } - - /* verify the rest of the chain starting from parent */ - ret = x509_crt_verify_child( parent, trust_ca, ca_crl, - profile, path_cnt + 1, self_cnt, &parent_flags, - f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); From cb39610093b5362f2d4fd232bce061798168674c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Jul 2017 00:00:24 +0200 Subject: [PATCH 131/504] Finally merge the remains of top() into child() --- library/x509_crt.c | 70 ++++++---------------------------------------- 1 file changed, 9 insertions(+), 61 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5a41ee51c..a24c806dc 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1993,53 +1993,6 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, return parent; } -/* - * Verify a certificate whose parent is a trusted root - * - * See comments for mbedtls_x509_crt_verify_with_profile() - * (also for notation used below) - * - * This function is called when child was found to have a parent in trusted roots, - * and trust_ca pointing directly to that parent (not the full list). - * - this happens in cases 2 and 3 of the comment on verify() - */ -static int x509_crt_verify_top( - mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - int path_cnt, int self_cnt, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ - int ret; - uint32_t ca_flags = 0; - - (void) self_cnt; - ((void) ca_crl); - (void) profile; - (void) child; - - /* Check time-validity of the parent */ - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) - ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; - - if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) - ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; - - /* Call callback on trusted root */ - if( NULL != f_vrfy ) - { - if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 ) - { - return( ret ); - } - } - - *flags |= ca_flags; - - return( 0 ); -} - /* * Verify a certificate with a parent inside the chain * @@ -2049,7 +2002,7 @@ static int x509_crt_verify_child( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, - int path_cnt, int self_cnt, uint32_t *flags, + int top, int path_cnt, int self_cnt, uint32_t *flags, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { @@ -2064,6 +2017,9 @@ static int x509_crt_verify_child( if( mbedtls_x509_time_is_future( &child->valid_from ) ) *flags |= MBEDTLS_X509_BADCERT_FUTURE; + if( top ) + goto callback; + if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_MD; @@ -2124,18 +2080,10 @@ static int x509_crt_verify_child( *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); #endif - if( parent_is_trusted ) - { - ret = x509_crt_verify_top( child, parent, ca_crl, profile, - path_cnt, self_cnt, &parent_flags, f_vrfy, p_vrfy ); - } - else - { - /* verify the rest of the chain starting from parent */ - ret = x509_crt_verify_child( parent, trust_ca, ca_crl, - profile, path_cnt + 1, self_cnt, &parent_flags, - f_vrfy, p_vrfy ); - } + /* verify the rest of the chain starting from parent */ + ret = x509_crt_verify_child( parent, trust_ca, ca_crl, profile, + parent_is_trusted, path_cnt + 1, self_cnt, + &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); @@ -2276,7 +2224,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; ret = x509_crt_verify_child( crt, trust_ca, ca_crl, profile, - 0, 0, flags, f_vrfy, p_vrfy ); + 0, 0, 0, flags, f_vrfy, p_vrfy ); exit: /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by From bdc54402322f57738ab9b78e4e34b7590286236e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Jul 2017 00:33:39 +0200 Subject: [PATCH 132/504] Update comments --- library/x509_crt.c | 61 +++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 31 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index a24c806dc..c58582cbc 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1943,9 +1943,9 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * * The rationale for rule 3 (signature for trusted roots) is that users might * have two versions of the same CA with different keys in their list, and the - * way we select the correct one is by checking the signature. (This is one - * way users might choose to handle key rollover, the other one relies on - * self-issued certs, see [SIRO].) + * way we select the correct one is by checking the signature (as we don't + * rely on key identifier extensions). (This is one way users might choose to + * handle key rollover, another relies on self-issued certs, see [SIRO].) */ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, @@ -1994,11 +1994,28 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, } /* - * Verify a certificate with a parent inside the chain + * Verify a certificate chain * - * See comments for mbedtls_x509_crt_verify_with_profile() + * There are three main cases to consider. Let's introduce some notation: + * - E means the end-entity certificate + * - I an intermediate CA + * - R the trusted root CA this chain anchors to + * + * The main cases are: + * 1. E = R: explicitly trusted EE cert + * 2. E (-> I)* -> R: EE (signed by intermediate) signed by trusted root + * 3. E (-> I)*: EE (signed by intermediate) not trusted + * + * Arguments: + * - child: the current bottom of the chain to verify + * - trust_ca, ca_crl, profile: as in verify_with_profile() + * - top: 1 if child is known to be locally trusted + * - path_cnt: current depth as passed to f_vrfy() (EE = 0, etc) + * - self_cnt: number of self-issued certs seen so far in the chain + * - flags: output: flags for the current certificate + * - f_vrfy, p_vrfy: as in verify_with_profile() */ -static int x509_crt_verify_child( +static int x509_crt_verify_chain( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, @@ -2081,7 +2098,7 @@ static int x509_crt_verify_child( #endif /* verify the rest of the chain starting from parent */ - ret = x509_crt_verify_child( parent, trust_ca, ca_crl, profile, + ret = x509_crt_verify_chain( parent, trust_ca, ca_crl, profile, parent_is_trusted, path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) @@ -2116,29 +2133,10 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, /* * Verify the certificate validity, with profile * - * The chain building/verification is spread accross 4 functions: - * - this one - * - x509_crt_verify_child() - * - x509_crt_verify_top() - * - x509_crt_check_parent() - * - * There are five main cases to consider. Let's introduce some notation: - * - E means the end-entity certificate - * - I and intermediate CA - * - R the trusted root CA this chain anchors to - * - T the list of trusted roots (R and possible some others) - * - * The main cases with the calling sequence of the crt_verify_xxx() are: - * 1. E = R (explicitly trusted EE cert) - * verify(E, T) -> verify_top(E, R) - * 2. E -> R (EE signed by trusted root) - * verify(E, T) -> verify_top(E, R) - * 3. E -> I -> R (EE signed by intermediate signed by trusted root) - * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, R) - * 4. E -> I (EE signed by intermediate that's not trusted) - * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, T) - * 5. E (EE not trusted) - * verify(E, T) -> verify_top(E, T) + * This function only checks the requested CN (if any) and then delegates + * chain building/verification to verify_chain(). Before that, it checks the + * key size of the EE certificate, as verify_chain() will only verify that of + * parent certificates. */ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, @@ -2223,7 +2221,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - ret = x509_crt_verify_child( crt, trust_ca, ca_crl, profile, + /* Check the chain */ + ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, 0, 0, 0, flags, f_vrfy, p_vrfy ); exit: From 27e94797aa81fb093c3e7f86c88368629e264b3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Jul 2017 00:49:31 +0200 Subject: [PATCH 133/504] Simplify handling of locally trusted EE certs Though this might require one more walk of the list in some cases, this avoid having a check for that deep inside check_parent(). --- library/x509_crt.c | 56 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c58582cbc..eaabad0fe 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1884,7 +1884,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, */ static int x509_crt_check_parent( const mbedtls_x509_crt *child, const mbedtls_x509_crt *parent, - int top, int bottom ) + int top ) { int need_ca_bit; @@ -1899,14 +1899,6 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, if( top && parent->version < 3 ) need_ca_bit = 0; - /* Exception: self-signed end-entity certs that are locally trusted. */ - if( top && bottom && - child->raw.len == parent->raw.len && - memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 ) - { - need_ca_bit = 0; - } - if( need_ca_bit && ! parent->ca_istrue ) return( -1 ); @@ -1958,7 +1950,7 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, for( parent = candidates; parent != NULL; parent = parent->next ) { /* basic parenting skills (name, CA bit, key usage) */ - if( x509_crt_check_parent( child, parent, top, path_cnt == 0 ) != 0 ) + if( x509_crt_check_parent( child, parent, top ) != 0 ) continue; /* +1 because stored max_pathlen is 1 higher that the actual value */ @@ -1993,6 +1985,36 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, return parent; } +/* + * Check if an end-entity certificate is locally trusted + * + * Currently we require such certificates to be self-signed (actually only + * check for self-issued as self-signatures are not checked) + */ +static int x509_crt_check_ee_locally_trusted( + mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca ) +{ + mbedtls_x509_crt *cur; + + /* must be self-issued */ + if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 ) + return( -1 ); + + /* look for an exact match with trusted cert */ + for( cur = trust_ca; cur != NULL; cur = cur->next ) + { + if( crt->raw.len == cur->raw.len && + memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 ) + { + return( 0 ); + } + } + + /* too bad */ + return( -1 ); +} + /* * Verify a certificate chain * @@ -2043,19 +2065,19 @@ static int x509_crt_verify_chain( if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_PK; + /* Special case: EE certs that are locally trusted */ + if( path_cnt == 0 && + x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) + { + goto callback; + } + /* Look for a parent in trusted CAs */ parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt ); /* Found one? Let verify_top() handle that case */ if( parent != NULL ) { - /* Special case: child == trust_ca: trust and that's it */ - if( child->raw.len == trust_ca->raw.len && - memcmp( child->raw.p, trust_ca->raw.p, child->raw.len ) == 0 ) - { - goto callback; - } - parent_is_trusted = 1; } else From 6368612a8f0c64c2b01e07c3e52b34cd0a47605a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Jul 2017 01:01:39 +0200 Subject: [PATCH 134/504] Move code to separate function for readability --- library/x509_crt.c | 60 +++++++++++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 22 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index eaabad0fe..d42384f7c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1939,11 +1939,11 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * rely on key identifier extensions). (This is one way users might choose to * handle key rollover, another relies on self-issued certs, see [SIRO].) */ -static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, - mbedtls_x509_crt *candidates, - int top, - int path_cnt, - int self_cnt ) +static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, + mbedtls_x509_crt *candidates, + int top, + int path_cnt, + int self_cnt ) { mbedtls_x509_crt *parent, *badtime_parent = NULL; @@ -1985,6 +1985,32 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, return parent; } +/* + * Find a parent in trusted CAs or the provided chain, or return NULL. + * + * Searches in trusted CAs first, and return the first suitable parent found + * (see find_parent_in() for definition of suitable). + */ +static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, + mbedtls_x509_crt *trust_ca, + int *parent_is_trusted, + int path_cnt, + int self_cnt ) +{ + mbedtls_x509_crt *parent; + + /* Look for a parent in trusted CAs */ + *parent_is_trusted = 1; + parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt ); + + if( parent != NULL ) + return parent; + + /* Look for a parent upwards the chain */ + *parent_is_trusted = 0; + return( x509_crt_find_parent_in( child, child->next, 0, path_cnt, self_cnt ) ); +} + /* * Check if an end-entity certificate is locally trusted * @@ -2072,25 +2098,15 @@ static int x509_crt_verify_chain( goto callback; } - /* Look for a parent in trusted CAs */ - parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt ); + /* Look for a parent in trusted CAs or up the chain */ + parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted, + path_cnt, self_cnt ); - /* Found one? Let verify_top() handle that case */ - if( parent != NULL ) + /* No parent? We're done here */ + if( parent == NULL ) { - parent_is_trusted = 1; - } - else - { - /* Look for a parent upwards the chain */ - parent = x509_crt_find_parent( child, child->next, 0, path_cnt, 0 ); - - /* No parent at all? We're done here */ - if( parent == NULL ) - { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - goto callback; - } + *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + goto callback; } /* Counting intermediate self-issued (not necessarily self-signed) certs From 1300e99eb1ea94bcfec8c1f98c83a62fc85469a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Jul 2017 01:13:44 +0200 Subject: [PATCH 135/504] Extract name checking to separate function Just copy-paste and unindent --- library/x509_crt.c | 117 ++++++++++++++++++++++++--------------------- 1 file changed, 63 insertions(+), 54 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index d42384f7c..0285af743 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2153,6 +2153,67 @@ callback: return( 0 ); } +/* + * Verify the requested CN - only call this if cn is not NULL! + */ +static void x509_crt_verify_name( mbedtls_x509_crt *crt, + const char *cn, + uint32_t *flags ) +{ + mbedtls_x509_name *name; + mbedtls_x509_sequence *cur = NULL; + size_t cn_len; + + name = &crt->subject; + cn_len = strlen( cn ); + + if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) + { + cur = &crt->subject_alt_names; + + while( cur != NULL ) + { + if( cur->buf.len == cn_len && + x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 ) + break; + + if( cur->buf.len > 2 && + memcmp( cur->buf.p, "*.", 2 ) == 0 && + x509_check_wildcard( cn, &cur->buf ) == 0 ) + { + break; + } + + cur = cur->next; + } + + if( cur == NULL ) + *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; + } + else + { + while( name != NULL ) + { + if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 ) + { + if( name->val.len == cn_len && + x509_memcasecmp( name->val.p, cn, cn_len ) == 0 ) + break; + + if( name->val.len > 2 && + memcmp( name->val.p, "*.", 2 ) == 0 && + x509_check_wildcard( cn, &name->val ) == 0 ) + break; + } + + name = name->next; + } + + if( name == NULL ) + *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; + } +} + /* * Verify the certificate validity */ @@ -2167,7 +2228,6 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) ); } - /* * Verify the certificate validity, with profile * @@ -2184,10 +2244,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - size_t cn_len; int ret; - mbedtls_x509_name *name; - mbedtls_x509_sequence *cur = NULL; mbedtls_pk_type_t pk_type; *flags = 0; @@ -2198,57 +2255,9 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, goto exit; } + /* check name if requested */ if( cn != NULL ) - { - name = &crt->subject; - cn_len = strlen( cn ); - - if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) - { - cur = &crt->subject_alt_names; - - while( cur != NULL ) - { - if( cur->buf.len == cn_len && - x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 ) - break; - - if( cur->buf.len > 2 && - memcmp( cur->buf.p, "*.", 2 ) == 0 && - x509_check_wildcard( cn, &cur->buf ) == 0 ) - { - break; - } - - cur = cur->next; - } - - if( cur == NULL ) - *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; - } - else - { - while( name != NULL ) - { - if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 ) - { - if( name->val.len == cn_len && - x509_memcasecmp( name->val.p, cn, cn_len ) == 0 ) - break; - - if( name->val.len > 2 && - memcmp( name->val.p, "*.", 2 ) == 0 && - x509_check_wildcard( cn, &name->val ) == 0 ) - break; - } - - name = name->next; - } - - if( name == NULL ) - *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; - } - } + x509_crt_verify_name( crt, cn, flags ); /* Check the type and size of the key */ pk_type = mbedtls_pk_get_type( &crt->pk ); From a468eb1764cb612f21cda2b80f5f913dc20ba5c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Jul 2017 01:31:59 +0200 Subject: [PATCH 136/504] verify_name(): factor duplicated code to function --- library/x509_crt.c | 69 +++++++++++++++++++++++----------------------- 1 file changed, 35 insertions(+), 34 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 0285af743..661a8b834 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1752,7 +1752,7 @@ static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) /* * Return 0 if name matches wildcard, -1 otherwise */ -static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name ) +static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) { size_t i; size_t cn_idx = 0, cn_len = strlen( cn ); @@ -2153,38 +2153,47 @@ callback: return( 0 ); } +/* + * Check for CN match + */ +static int x509_crt_check_cn( const mbedtls_x509_buf *name, + const char *cn, size_t cn_len ) +{ + /* try exact match */ + if( name->len == cn_len && + x509_memcasecmp( cn, name->p, cn_len ) == 0 ) + { + return( 0 ); + } + + /* try wildcard match */ + if( name->len > 2 && + memcmp( name->p, "*.", 2 ) == 0 && + x509_check_wildcard( cn, name ) == 0 ) + { + return( 0 ); + } + + return( -1 ); +} + /* * Verify the requested CN - only call this if cn is not NULL! */ -static void x509_crt_verify_name( mbedtls_x509_crt *crt, +static void x509_crt_verify_name( const mbedtls_x509_crt *crt, const char *cn, uint32_t *flags ) { - mbedtls_x509_name *name; - mbedtls_x509_sequence *cur = NULL; - size_t cn_len; - - name = &crt->subject; - cn_len = strlen( cn ); + const mbedtls_x509_name *name; + const mbedtls_x509_sequence *cur; + size_t cn_len = strlen( cn ); if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) { - cur = &crt->subject_alt_names; - - while( cur != NULL ) + for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) { - if( cur->buf.len == cn_len && - x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 ) + if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 ) break; - - if( cur->buf.len > 2 && - memcmp( cur->buf.p, "*.", 2 ) == 0 && - x509_check_wildcard( cn, &cur->buf ) == 0 ) - { - break; - } - - cur = cur->next; } if( cur == NULL ) @@ -2192,21 +2201,13 @@ static void x509_crt_verify_name( mbedtls_x509_crt *crt, } else { - while( name != NULL ) + for( name = &crt->subject; name != NULL; name = name->next ) { - if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 ) + if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && + x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) { - if( name->val.len == cn_len && - x509_memcasecmp( name->val.p, cn, cn_len ) == 0 ) - break; - - if( name->val.len > 2 && - memcmp( name->val.p, "*.", 2 ) == 0 && - x509_check_wildcard( cn, &name->val ) == 0 ) - break; + break; } - - name = name->next; } if( name == NULL ) From c547d1ab1f0683b6f45e16a8689a983468aec73c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Jul 2017 13:28:45 +0200 Subject: [PATCH 137/504] Start using an explicit stack for callback info This is the first step towards making verify_chain() iterative. While from a readability point of view the current recursive version is fine, one of the goals of this refactoring is to prepare for restartable ECC integration, which will need the explicit stack anyway. --- library/x509_crt.c | 58 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 46 insertions(+), 12 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 661a8b834..1126f1045 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -77,6 +77,19 @@ #endif /* !_WIN32 || EFIX64 || EFI32 */ #endif +/* + * Item in a verification chain: cert and flags for it + */ +typedef struct { + mbedtls_x509_crt *crt; + uint32_t flags; +} x509_crt_verify_chain_item; + +/* + * Max size of verification chain: end-entity + intermediates + trusted root + */ +#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -2069,7 +2082,8 @@ static int x509_crt_verify_chain( const mbedtls_x509_crt_profile *profile, int top, int path_cnt, int self_cnt, uint32_t *flags, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) + void *p_vrfy, + x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE] ) { int ret; mbedtls_x509_crt *parent; @@ -2138,17 +2152,14 @@ static int x509_crt_verify_chain( /* verify the rest of the chain starting from parent */ ret = x509_crt_verify_chain( parent, trust_ca, ca_crl, profile, parent_is_trusted, path_cnt + 1, self_cnt, - &parent_flags, f_vrfy, p_vrfy ); + &parent_flags, f_vrfy, p_vrfy, ver_chain ); if( ret != 0 ) return( ret ); callback: - /* chain upwards of child done, call callback on child */ - if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 ) - return( ret ); - - *flags |= parent_flags; + /* chain upwards of child done, add to callback stack */ + ver_chain[path_cnt].crt = child; + ver_chain[path_cnt].flags = *flags; return( 0 ); } @@ -2247,8 +2258,13 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, { int ret; mbedtls_pk_type_t pk_type; + x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE]; + size_t i; + uint32_t cur_flags; + uint32_t *ee_flags = &ver_chain[0].flags; *flags = 0; + memset( ver_chain, 0, sizeof( ver_chain ) ); if( profile == NULL ) { @@ -2258,20 +2274,38 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, /* check name if requested */ if( cn != NULL ) - x509_crt_verify_name( crt, cn, flags ); + x509_crt_verify_name( crt, cn, ee_flags ); /* Check the type and size of the key */ pk_type = mbedtls_pk_get_type( &crt->pk ); if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_PK; + *ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Check the chain */ ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, - 0, 0, 0, flags, f_vrfy, p_vrfy ); + 0, 0, 0, &ver_chain[0].flags, + f_vrfy, p_vrfy, ver_chain ); + if( ret != 0 ) + goto exit; + + /* Build final flags, calling calback on the way if any */ + for( i = X509_MAX_VERIFY_CHAIN_SIZE; i != 0; --i ) + { + if( ver_chain[i-1].crt == NULL ) + continue; + + cur_flags = ver_chain[i-1].flags; + + if( NULL != f_vrfy ) + if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, i-1, &cur_flags ) ) != 0 ) + goto exit; + + *flags |= cur_flags; + } exit: /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by From f86f491f259baeaba195a8ae12636fa1507da7c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Jul 2017 16:43:44 +0200 Subject: [PATCH 138/504] Rm unneeded function arguments & update comments --- library/x509_crt.c | 74 ++++++++++++++++++++++++---------------------- 1 file changed, 39 insertions(+), 35 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 1126f1045..d4e5112ed 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2055,17 +2055,20 @@ static int x509_crt_check_ee_locally_trusted( } /* - * Verify a certificate chain + * Build and verify a certificate chain * - * There are three main cases to consider. Let's introduce some notation: - * - E means the end-entity certificate - * - I an intermediate CA - * - R the trusted root CA this chain anchors to + * Given a peer-provided list of certificates EE, C1, ..., Cn and + * a list of trusted certs R1, ... Rp, try to build and verify a chain + * EE, Ci1, ... Ciq, Rj + * such that every cert in the chain is a child of the next one, + * jumping to a trusted root as early as possible. * - * The main cases are: - * 1. E = R: explicitly trusted EE cert - * 2. E (-> I)* -> R: EE (signed by intermediate) signed by trusted root - * 3. E (-> I)*: EE (signed by intermediate) not trusted + * Verify that chain and return it with flags for all issues found. + * + * Special cases: + * - EE == Rj -> return a one-element list containing it + * - EE, Ci1, ..., Ciq cannot be continued with a trusted root + * -> return that chain with NOT_TRUSTED set on Ciq * * Arguments: * - child: the current bottom of the chain to verify @@ -2073,32 +2076,40 @@ static int x509_crt_check_ee_locally_trusted( * - top: 1 if child is known to be locally trusted * - path_cnt: current depth as passed to f_vrfy() (EE = 0, etc) * - self_cnt: number of self-issued certs seen so far in the chain - * - flags: output: flags for the current certificate - * - f_vrfy, p_vrfy: as in verify_with_profile() + * - [out] ver_chain: the built and verified chain + * + * Return value: + * - non-zero if the chain could not be fully built and examined + * - 0 is the chain was successfully built and examined, + * even if it was found to be invalid */ static int x509_crt_verify_chain( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, - int top, int path_cnt, int self_cnt, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, + int top, int path_cnt, int self_cnt, x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE] ) { - int ret; + uint32_t *flags; mbedtls_x509_crt *parent; - uint32_t parent_flags = 0; int parent_is_trusted = 0; + /* Add certificate to the verification chain */ + ver_chain[path_cnt].crt = child; + flags = &ver_chain[path_cnt].flags; + + /* Check time-validity (all certificates) */ if( mbedtls_x509_time_is_past( &child->valid_to ) ) *flags |= MBEDTLS_X509_BADCERT_EXPIRED; if( mbedtls_x509_time_is_future( &child->valid_from ) ) *flags |= MBEDTLS_X509_BADCERT_FUTURE; + /* Stop here for trusted roots (but not for trusted EE certs) */ if( top ) - goto callback; + return( 0 ); + /* Check signature algorithm: MD & PK algs */ if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_MD; @@ -2109,7 +2120,7 @@ static int x509_crt_verify_chain( if( path_cnt == 0 && x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) { - goto callback; + return( 0 ); } /* Look for a parent in trusted CAs or up the chain */ @@ -2120,11 +2131,12 @@ static int x509_crt_verify_chain( if( parent == NULL ) { *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - goto callback; + return( 0 ); } - /* Counting intermediate self-issued (not necessarily self-signed) certs - * These can occur with some strategies for key rollover, see [SIRO] */ + /* Count intermediate self-issued (not necessarily self-signed) certs. + * These can occur with some strategies for key rollover, see [SIRO], + * and should be excluded from max_pathlen checks. */ if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) self_cnt++; @@ -2133,7 +2145,7 @@ static int x509_crt_verify_chain( if( ! parent_is_trusted && 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { - /* return immediately as the goal is to avoid unbounded recursion */ + /* return immediately to avoid overflow the chain array */ return( MBEDTLS_ERR_X509_FATAL_ERROR ); } @@ -2141,6 +2153,7 @@ static int x509_crt_verify_chain( if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + /* check size of signing key */ if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; @@ -2150,18 +2163,9 @@ static int x509_crt_verify_chain( #endif /* verify the rest of the chain starting from parent */ - ret = x509_crt_verify_chain( parent, trust_ca, ca_crl, profile, + return( x509_crt_verify_chain( parent, trust_ca, ca_crl, profile, parent_is_trusted, path_cnt + 1, self_cnt, - &parent_flags, f_vrfy, p_vrfy, ver_chain ); - if( ret != 0 ) - return( ret ); - -callback: - /* chain upwards of child done, add to callback stack */ - ver_chain[path_cnt].crt = child; - ver_chain[path_cnt].flags = *flags; - - return( 0 ); + ver_chain ) ); } /* @@ -2287,8 +2291,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, /* Check the chain */ ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, - 0, 0, 0, &ver_chain[0].flags, - f_vrfy, p_vrfy, ver_chain ); + 0, 0, 0, + ver_chain ); if( ret != 0 ) goto exit; From ce6e52ff42e7fbc97310f42323980f40a9ddcb62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Jul 2017 17:05:03 +0200 Subject: [PATCH 139/504] Make verify_chain() iterative --- library/x509_crt.c | 141 ++++++++++++++++++++++++--------------------- 1 file changed, 74 insertions(+), 67 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index d4e5112ed..291f71419 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2071,11 +2071,9 @@ static int x509_crt_check_ee_locally_trusted( * -> return that chain with NOT_TRUSTED set on Ciq * * Arguments: - * - child: the current bottom of the chain to verify - * - trust_ca, ca_crl, profile: as in verify_with_profile() - * - top: 1 if child is known to be locally trusted - * - path_cnt: current depth as passed to f_vrfy() (EE = 0, etc) - * - self_cnt: number of self-issued certs seen so far in the chain + * - [in] crt: the cert list EE, C1, ..., Cn + * - [in] trust_ca: the trusted list R1, ..., Rp + * - [in] ca_crl, profile: as in verify_with_profile() * - [out] ver_chain: the built and verified chain * * Return value: @@ -2084,88 +2082,99 @@ static int x509_crt_check_ee_locally_trusted( * even if it was found to be invalid */ static int x509_crt_verify_chain( - mbedtls_x509_crt *child, - mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, - int top, int path_cnt, int self_cnt, x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE] ) { uint32_t *flags; + mbedtls_x509_crt *child; mbedtls_x509_crt *parent; int parent_is_trusted = 0; + int child_is_trusted = 0; + int path_cnt = 0; + int self_cnt = 0; - /* Add certificate to the verification chain */ - ver_chain[path_cnt].crt = child; - flags = &ver_chain[path_cnt].flags; + child = crt; - /* Check time-validity (all certificates) */ - if( mbedtls_x509_time_is_past( &child->valid_to ) ) - *flags |= MBEDTLS_X509_BADCERT_EXPIRED; + while( 1 ) { + /* Add certificate to the verification chain */ + ver_chain[path_cnt].crt = child; + flags = &ver_chain[path_cnt].flags; - if( mbedtls_x509_time_is_future( &child->valid_from ) ) - *flags |= MBEDTLS_X509_BADCERT_FUTURE; + /* Check time-validity (all certificates) */ + if( mbedtls_x509_time_is_past( &child->valid_to ) ) + *flags |= MBEDTLS_X509_BADCERT_EXPIRED; - /* Stop here for trusted roots (but not for trusted EE certs) */ - if( top ) - return( 0 ); + if( mbedtls_x509_time_is_future( &child->valid_from ) ) + *flags |= MBEDTLS_X509_BADCERT_FUTURE; - /* Check signature algorithm: MD & PK algs */ - if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_MD; + /* Stop here for trusted roots (but not for trusted EE certs) */ + if( child_is_trusted ) + return( 0 ); - if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_PK; + /* Check signature algorithm: MD & PK algs */ + if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) + *flags |= MBEDTLS_X509_BADCERT_BAD_MD; - /* Special case: EE certs that are locally trusted */ - if( path_cnt == 0 && - x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) - { - return( 0 ); - } + if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) + *flags |= MBEDTLS_X509_BADCERT_BAD_PK; - /* Look for a parent in trusted CAs or up the chain */ - parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted, - path_cnt, self_cnt ); + /* Special case: EE certs that are locally trusted */ + if( path_cnt == 0 && + x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) + { + return( 0 ); + } - /* No parent? We're done here */ - if( parent == NULL ) - { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - return( 0 ); - } + /* Look for a parent in trusted CAs or up the chain */ + parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted, + path_cnt, self_cnt ); - /* Count intermediate self-issued (not necessarily self-signed) certs. - * These can occur with some strategies for key rollover, see [SIRO], - * and should be excluded from max_pathlen checks. */ - if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) - self_cnt++; + /* No parent? We're done here */ + if( parent == NULL ) + { + *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + return( 0 ); + } - /* path_cnt is 0 for the first intermediate CA, - * and if parent is trusted it's not an intermediate CA */ - if( ! parent_is_trusted && - 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) - { - /* return immediately to avoid overflow the chain array */ - return( MBEDTLS_ERR_X509_FATAL_ERROR ); - } + /* Count intermediate self-issued (not necessarily self-signed) certs. + * These can occur with some strategies for key rollover, see [SIRO], + * and should be excluded from max_pathlen checks. */ + if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) + self_cnt++; - /* if parent is trusted, the signature was checked by find_parent() */ - if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + /* path_cnt is 0 for the first intermediate CA, + * and if parent is trusted it's not an intermediate CA */ + if( ! parent_is_trusted && + 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) + { + /* return immediately to avoid overflow the chain array */ + return( MBEDTLS_ERR_X509_FATAL_ERROR ); + } - /* check size of signing key */ - if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) - *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + /* if parent is trusted, the signature was checked by find_parent() */ + if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 ) + *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; + + /* check size of signing key */ + if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) + *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; #if defined(MBEDTLS_X509_CRL_PARSE_C) - /* Check trusted CA's CRL for the given crt */ - *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); + /* Check trusted CA's CRL for the given crt */ + *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); +#else + (void) ca_crl; #endif - /* verify the rest of the chain starting from parent */ - return( x509_crt_verify_chain( parent, trust_ca, ca_crl, profile, - parent_is_trusted, path_cnt + 1, self_cnt, - ver_chain ) ); + /* prepare for next iteration */ + child = parent; + parent = NULL; + child_is_trusted = parent_is_trusted; + ++path_cnt; + } } /* @@ -2290,9 +2299,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Check the chain */ - ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, - 0, 0, 0, - ver_chain ); + ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, ver_chain ); if( ret != 0 ) goto exit; From a707e1d1ef5398c6a6208184ac116e385d0a2ad4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Jul 2017 17:18:42 +0200 Subject: [PATCH 140/504] Extract code to separate function for readablity --- library/x509_crt.c | 48 ++++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 291f71419..676dcfb43 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2239,6 +2239,36 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt, } } +/* + * Merge the flags for all certs in the chain, after calling callback + */ +static int x509_crt_merge_flags_with_cb( + uint32_t *flags, + x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE], + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + int ret; + size_t i, j; + uint32_t cur_flags; + + for( i = X509_MAX_VERIFY_CHAIN_SIZE; i != 0; --i ) + { + if( ver_chain[i-1].crt == NULL ) + continue; + + cur_flags = ver_chain[i-1].flags; + + if( NULL != f_vrfy ) + if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, i-1, &cur_flags ) ) != 0 ) + return( ret ); + + *flags |= cur_flags; + } + + return( 0 ); +} + /* * Verify the certificate validity */ @@ -2272,8 +2302,6 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, int ret; mbedtls_pk_type_t pk_type; x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE]; - size_t i; - uint32_t cur_flags; uint32_t *ee_flags = &ver_chain[0].flags; *flags = 0; @@ -2303,20 +2331,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, if( ret != 0 ) goto exit; - /* Build final flags, calling calback on the way if any */ - for( i = X509_MAX_VERIFY_CHAIN_SIZE; i != 0; --i ) - { - if( ver_chain[i-1].crt == NULL ) - continue; - - cur_flags = ver_chain[i-1].flags; - - if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, i-1, &cur_flags ) ) != 0 ) - goto exit; - - *flags |= cur_flags; - } + /* Build final flags, calling callback on the way if any */ + ret = x509_crt_merge_flags_with_cb( flags, ver_chain, f_vrfy, p_vrfy ); exit: /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by From 505c3953c73e0dc2761c66a8556d55864413a3bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Jul 2017 17:36:47 +0200 Subject: [PATCH 141/504] Make the ver_chain length explicit --- library/x509_crt.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 676dcfb43..18dffae55 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2086,22 +2086,25 @@ static int x509_crt_verify_chain( mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, - x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE] ) + x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE], + size_t *chain_len ) { uint32_t *flags; mbedtls_x509_crt *child; mbedtls_x509_crt *parent; int parent_is_trusted = 0; int child_is_trusted = 0; - int path_cnt = 0; + int path_cnt = 0; /* like chain_len but not updated at the same time */ int self_cnt = 0; child = crt; + *chain_len = 0; while( 1 ) { /* Add certificate to the verification chain */ ver_chain[path_cnt].crt = child; flags = &ver_chain[path_cnt].flags; + ++*chain_len; /* Check time-validity (all certificates) */ if( mbedtls_x509_time_is_past( &child->valid_to ) ) @@ -2245,18 +2248,16 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt, static int x509_crt_merge_flags_with_cb( uint32_t *flags, x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE], + size_t chain_len, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { int ret; - size_t i, j; + size_t i; uint32_t cur_flags; - for( i = X509_MAX_VERIFY_CHAIN_SIZE; i != 0; --i ) + for( i = chain_len; i != 0; --i ) { - if( ver_chain[i-1].crt == NULL ) - continue; - cur_flags = ver_chain[i-1].flags; if( NULL != f_vrfy ) @@ -2302,10 +2303,12 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, int ret; mbedtls_pk_type_t pk_type; x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE]; + size_t chain_len; uint32_t *ee_flags = &ver_chain[0].flags; *flags = 0; memset( ver_chain, 0, sizeof( ver_chain ) ); + chain_len = 0; if( profile == NULL ) { @@ -2327,12 +2330,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Check the chain */ - ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, ver_chain ); + ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, + ver_chain, &chain_len ); if( ret != 0 ) goto exit; /* Build final flags, calling callback on the way if any */ - ret = x509_crt_merge_flags_with_cb( flags, ver_chain, f_vrfy, p_vrfy ); + ret = x509_crt_merge_flags_with_cb( flags, + ver_chain, chain_len, f_vrfy, p_vrfy ); exit: /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by From 66a36b03c694e15f7124938c1660efe1acb59dce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Jul 2017 12:23:06 +0200 Subject: [PATCH 142/504] Update comments --- library/x509_crt.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 18dffae55..aeeb109b6 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2287,10 +2287,12 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, /* * Verify the certificate validity, with profile * - * This function only checks the requested CN (if any) and then delegates - * chain building/verification to verify_chain(). Before that, it checks the - * key size of the EE certificate, as verify_chain() will only verify that of - * parent certificates. + * This function: + * - checks the requested CN (if any) + * - checks the type and size of the EE cert's key, + * as that isn't done as part of chain building/verification currently + * - builds and verifies the chain + * - then calls the callback and merges the flags */ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, From a7c4c8a46c8f1c7484ae74cbc3a436b3e84198f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Jul 2017 12:15:24 +0200 Subject: [PATCH 143/504] Make some perl scripts usable with git bisect run For that they need to return between 0 and 124 on error, while die returns 255, causing bisect-run to abort. --- tests/scripts/curves.pl | 6 ++++-- tests/scripts/depends-hashes.pl | 3 ++- tests/scripts/depends-pkalgs.pl | 3 ++- tests/scripts/key-exchanges.pl | 3 ++- tests/scripts/test-ref-configs.pl | 3 ++- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index f4942c624..b7cfdf674 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -36,14 +36,16 @@ my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - die $_[0]; + warn $_[0]; + exit 1; } for my $curve (@curves) { system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n"; + system( "make clean" ) and die; + # depends on a specific curve. Also, ignore error if it wasn't enabled system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" ); - system( "make clean" ) and die; print "\n******************************************\n"; print "* Testing without curve: $curve\n"; diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index f27eb9e1b..96cc9020b 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -44,7 +44,8 @@ my @hashes = split( /\s+/, system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - die $_[0]; + warn $_[0]; + exit 1; } for my $hash (@hashes) { diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 703b41fa4..28f13787d 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -50,7 +50,8 @@ my %algs = ( system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - die $_[0]; + warn $_[0]; + exit 1; } while( my ($alg, $extras) = each %algs ) { diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl index 528812a00..5ce890046 100755 --- a/tests/scripts/key-exchanges.pl +++ b/tests/scripts/key-exchanges.pl @@ -33,7 +33,8 @@ my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - die $_[0]; + warn $_[0]; + exit 1; } for my $kex (@kexes) { diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index a9a89f1ce..fe6d154f9 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -55,7 +55,8 @@ my $config_h = 'include/mbedtls/config.h'; system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - die $_[0]; + warn $_[0]; + exit 1; } while( my ($conf, $data) = each %configs ) { From ea2dc14c0caeaf82b24ada110fc5a99699deaac0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2017 11:10:37 +0200 Subject: [PATCH 144/504] Fix some whitespace --- tests/suites/test_suite_x509parse.function | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index eadda6413..cd48e9d0a 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -601,15 +601,15 @@ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 ); - if( strcmp(profile_name, "") == 0 ) + if( strcmp( profile_name, "" ) == 0 ) profile = &mbedtls_x509_crt_profile_default; - else if( strcmp(profile_name, "next") == 0 ) + else if( strcmp( profile_name, "next" ) == 0 ) profile = &mbedtls_x509_crt_profile_next; - else if( strcmp(profile_name, "suiteb") == 0 ) + else if( strcmp( profile_name, "suiteb" ) == 0 ) profile = &mbedtls_x509_crt_profile_suiteb; - else if( strcmp(profile_name, "rsa3072") == 0 ) + else if( strcmp( profile_name, "rsa3072" ) == 0 ) profile = &profile_rsa3072; - else if( strcmp(profile_name, "sha512") == 0 ) + else if( strcmp( profile_name, "sha512" ) == 0 ) profile = &profile_sha512; res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile, From 562df401d3904dedb16c8e2357bf0c1c011e836c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2017 18:09:14 +0200 Subject: [PATCH 145/504] Improve some comments, fix some typos+whitespace --- include/mbedtls/x509_crt.h | 2 +- library/x509_crt.c | 15 +++++++-------- tests/scripts/depends-pkalgs.pl | 9 ++++++--- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index c589a5e17..2b4d3533f 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -291,7 +291,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * chaining up to those CAs will be trusted, and (2) * self-signed end-entity certificates to be trusted (for * specific peers you know) - in that case, the self-signed - * certificate doens't need to have the CA bit set. + * certificate doesn't need to have the CA bit set. * * \param crt a certificate (chain) to be verified * \param trust_ca the list of trusted CAs (see note above) diff --git a/library/x509_crt.c b/library/x509_crt.c index aeeb109b6..418722364 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1893,7 +1893,6 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, * Return 0 if yes, -1 if not. * * top means parent is a locally-trusted certificate - * bottom means child is the end entity cert */ static int x509_crt_check_parent( const mbedtls_x509_crt *child, const mbedtls_x509_crt *parent, @@ -1935,9 +1934,9 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * 3. for trusted roots, the signature is correct * 4. pathlen constraints are satisfied * - * Stop at the first suitable candidate, except if it's not time-valid (not - * expired nor future) *and* there is a later suitable candidate that is - * time-valid. + * If there's a suitable candidate which is also time-valid, return the first + * such. Otherwise, return the first suitable candidate (or NULL if there is + * none). * * The rationale for this rule is that someone could have a list of trusted * roots with two versions on the same root with different validity periods. @@ -1979,7 +1978,7 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, continue; } - /* optionnal time check */ + /* optional time check */ if( mbedtls_x509_time_is_past( &parent->valid_to ) || mbedtls_x509_time_is_future( &parent->valid_from ) ) { @@ -2059,7 +2058,7 @@ static int x509_crt_check_ee_locally_trusted( * * Given a peer-provided list of certificates EE, C1, ..., Cn and * a list of trusted certs R1, ... Rp, try to build and verify a chain - * EE, Ci1, ... Ciq, Rj + * EE, Ci1, ... Ciq [, Rj] * such that every cert in the chain is a child of the next one, * jumping to a trusted root as early as possible. * @@ -2074,7 +2073,7 @@ static int x509_crt_check_ee_locally_trusted( * - [in] crt: the cert list EE, C1, ..., Cn * - [in] trust_ca: the trusted list R1, ..., Rp * - [in] ca_crl, profile: as in verify_with_profile() - * - [out] ver_chain: the built and verified chain + * - [out] ver_chain, chain_len: the built and verified chain * * Return value: * - non-zero if the chain could not be fully built and examined @@ -2167,7 +2166,7 @@ static int x509_crt_verify_chain( #if defined(MBEDTLS_X509_CRL_PARSE_C) /* Check trusted CA's CRL for the given crt */ - *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); + *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile ); #else (void) ca_crl; #endif diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 28f13787d..234c3e3f8 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -6,9 +6,10 @@ # # Purpose # -# To test the code dependencies on individual PK algs in each test suite. This -# is a verification step to ensure we don't ship test suites that do not work -# for some build options. +# To test the code dependencies on individual PK algs (those that can be used +# from the PK layer, so currently signature and encryption but not key +# exchange) in each test suite. This is a verification step to ensure we don't +# ship test suites that do not work for some build options. # # The process is: # for each possible PK alg @@ -38,6 +39,8 @@ my $ssl_sed = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p'; my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` ); +# Some algorithms can't be disabled on their own as others depend on them, so +# we list those reverse-dependencies here to keep check_config.h happy. my %algs = ( 'MBEDTLS_ECDSA_C' => [], 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'], From 7ff243a87c192e8a261ed57b99b06b551df4e5a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2017 18:54:13 +0200 Subject: [PATCH 146/504] Add missing dependency in test-certs Makefile --- tests/data_files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3c7fd41b3..40cbcbe4d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -68,7 +68,7 @@ test_ca_key_file_ec = test-ca2.key test-int-ca.csr: test-int-ca.key $(test_ca_config_file) $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ all_intermediate += test-int-ca.csr -test-int-ca-exp.crt: $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr +test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ all_final += test-int-ca-exp.crt From 24611f93835fbaa669b3fe77d29444d74e64de53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 9 Aug 2017 10:28:07 +0200 Subject: [PATCH 147/504] Remove redundant variable path_cnt was always chain_len - 1 in the loop body --- library/x509_crt.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 418722364..f586fb452 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2093,7 +2093,6 @@ static int x509_crt_verify_chain( mbedtls_x509_crt *parent; int parent_is_trusted = 0; int child_is_trusted = 0; - int path_cnt = 0; /* like chain_len but not updated at the same time */ int self_cnt = 0; child = crt; @@ -2101,8 +2100,8 @@ static int x509_crt_verify_chain( while( 1 ) { /* Add certificate to the verification chain */ - ver_chain[path_cnt].crt = child; - flags = &ver_chain[path_cnt].flags; + ver_chain[*chain_len].crt = child; + flags = &ver_chain[*chain_len].flags; ++*chain_len; /* Check time-validity (all certificates) */ @@ -2124,7 +2123,7 @@ static int x509_crt_verify_chain( *flags |= MBEDTLS_X509_BADCERT_BAD_PK; /* Special case: EE certs that are locally trusted */ - if( path_cnt == 0 && + if( *chain_len == 1 && x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) { return( 0 ); @@ -2132,7 +2131,7 @@ static int x509_crt_verify_chain( /* Look for a parent in trusted CAs or up the chain */ parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted, - path_cnt, self_cnt ); + *chain_len - 1, self_cnt ); /* No parent? We're done here */ if( parent == NULL ) @@ -2144,13 +2143,16 @@ static int x509_crt_verify_chain( /* Count intermediate self-issued (not necessarily self-signed) certs. * These can occur with some strategies for key rollover, see [SIRO], * and should be excluded from max_pathlen checks. */ - if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) + if( *chain_len != 1 && + x509_name_cmp( &child->issuer, &child->subject ) == 0 ) + { self_cnt++; + } /* path_cnt is 0 for the first intermediate CA, * and if parent is trusted it's not an intermediate CA */ if( ! parent_is_trusted && - 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) + *chain_len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { /* return immediately to avoid overflow the chain array */ return( MBEDTLS_ERR_X509_FATAL_ERROR ); @@ -2175,7 +2177,6 @@ static int x509_crt_verify_chain( child = parent; parent = NULL; child_is_trusted = parent_is_trusted; - ++path_cnt; } } From a54f6cc874965f13889d1460c87ddb73616eee37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 9 Aug 2017 10:41:42 +0200 Subject: [PATCH 148/504] Unify name of default profile in X.509 tests --- tests/suites/test_suite_x509parse.data | 8 ++++---- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1922439fb..afa86a1d8 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -441,11 +441,11 @@ x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl. X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES -x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"default":"NULL" +x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"":"NULL" X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES -x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"default":"NULL" +x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" X509 Certificate verification #15 (Valid Cert SHA224 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -757,7 +757,7 @@ x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca. X509 Certificate verification #90 (EE with same name as trusted root) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"default":"NULL" +x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL" X509 Certificate verification #91 (same CA with good then bad key) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C @@ -769,7 +769,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_fil X509 Certificate verification #92 (bad name, allowing callback) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED -x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"default":"verify_all" +x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" X509 Certificate verification callback: bad name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index cd48e9d0a..b3b6f4dce 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -283,7 +283,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, if( strcmp( cn_name_str, "NULL" ) != 0 ) cn_name = cn_name_str; - if( strcmp( profile_str, "default" ) == 0 ) + if( strcmp( profile_str, "" ) == 0 ) profile = &mbedtls_x509_crt_profile_default; else if( strcmp( profile_str, "compat" ) == 0 ) profile = &compat_profile; From b5e6a77010a859e13bd177f96d786de91c6c2212 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 16 Aug 2017 11:23:31 +0300 Subject: [PATCH 149/504] Add Contribution guidelines to github Add Contribution Guidelines that will be shown in github, when PRs are made. --- CONTRIBUTING.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..55ebf15b1 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,40 @@ +We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions: + +- All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. +- To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. +- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. +As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. + +### Making a Contribution + +1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. +2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. +3. Write a test which shows that the bug was fixed or that the feature works as expected. +4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :) + +### Backports + +mbed TLS maintains some legacy branches, which are release as LTS versions. As such, backporting to these branches should be handled according to the following rules: + +1. If the contribution is a new feature\enhancement, no backporting is needed +2. Bug fixes should be backported, as long as the legacy branches have these bugs reproduced +3. Changes in the API, do not require backporting. If a bug fix introduced new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. + +It would be highly appreciated if a contribution would be backported to a legacy branch as well. +At the moment, the legacy branches are: + +1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3) +2. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) +3. [development](https://github.com/ARMmbed/mbedtls/tree/development) + +### Tests + +As mentioned, tests that show the correctness of the feature\bug fix should be added to the Pull Request, if not such test exist. +mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. + +### Continuous Integration Tests + +Once a PR has been made, the Continuous Integration tests ( CI ) are triggered and run. You should follow the result of the CI tests, and fix failures. + + + \ No newline at end of file From 7f888982fd3a2d924b890ca7c8c0d23faf7d79a1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 16 Aug 2017 16:05:52 +0300 Subject: [PATCH 150/504] Modify Contribution Guidelines after comments Modify the Contribution guidelines after comments from Gilles, Andres and Jaeden --- CONTRIBUTING.md | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 55ebf15b1..bfd6cb3d7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,24 +1,32 @@ We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions: + - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. + - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release. + +### Contributor License Agreement ( CLA ) - All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. -- To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. -- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. -As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. +- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. + +### Coding Standards +- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission. +- The code should be written in a clean and readable style. +- The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs. +- The code should be secure, and will be reviewed in a security point of view as well. ### Making a Contribution 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. 2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. -4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :) +4. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) ### Backports -mbed TLS maintains some legacy branches, which are release as LTS versions. As such, backporting to these branches should be handled according to the following rules: +mbed TLS maintains some legacy branches, which are released as LTS versions. mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules: -1. If the contribution is a new feature\enhancement, no backporting is needed -2. Bug fixes should be backported, as long as the legacy branches have these bugs reproduced -3. Changes in the API, do not require backporting. If a bug fix introduced new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. +1. If the contribution is a new feature or enhancement, no backporting is needed. +2. Bug fixes should be backported to the legacy branches containing these bugs. +3. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. It would be highly appreciated if a contribution would be backported to a legacy branch as well. At the moment, the legacy branches are: @@ -29,12 +37,24 @@ At the moment, the legacy branches are: ### Tests -As mentioned, tests that show the correctness of the feature\bug fix should be added to the Pull Request, if not such test exist. +As mentioned, tests that show the correctness of the feature or bug fix should be added to the Pull Request, if no such tests exist. mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. +Sample applications, if needed, should be modified as well. + ### Continuous Integration Tests -Once a PR has been made, the Continuous Integration tests ( CI ) are triggered and run. You should follow the result of the CI tests, and fix failures. +Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. + +### Documentation + +mbed TLS should be well documented. If documentation is needed, speak out! + +1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation. +2. Complex parts in the code should include comments. +3. If needed, a Readme file is advised +4. If a KB article should be added, write this as a comment in the PR description. +5. A Changelog entry should be added for this contribution. \ No newline at end of file From 1680d3dc1929f325f80530b8eb97a11fc96296bf Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 16 Aug 2017 17:28:21 +0300 Subject: [PATCH 151/504] Add a couple of statements to the contribution section Add a notice for short contributions, and for Apache license header that should be added. Added an adivce to enable the git hooks scripts as well. --- CONTRIBUTING.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bfd6cb3d7..95219e544 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,6 +19,8 @@ We gratefully accept bug reports and contributions from the community. There are 2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. 4. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) +5. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. +6. mbed TLS is release with Apache license, and as such, all the added files should include the Apache license header. ### Backports @@ -45,6 +47,7 @@ Sample applications, if needed, should be modified as well. ### Continuous Integration Tests Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. +It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible. ### Documentation From 7766a2c9c0eb5f3d4972fb73574d39b8d97d797a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 21 Aug 2017 10:57:57 +0200 Subject: [PATCH 152/504] Improve some comments --- include/mbedtls/ssl.h | 2 +- tests/scripts/depends-hashes.pl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ff1cca447..61be3383b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1586,7 +1586,7 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, /** * \brief Set the data required to verify peer certificate * - * \note See \c mbedtls_x509_verify() for notes regarding the + * \note See \c mbedtls_x509_crt_verify() for notes regarding the * parameters ca_chain (maps to trust_ca for that function) * and ca_crl. * diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index 96cc9020b..46628a72d 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -37,6 +37,7 @@ my $config_h = 'include/mbedtls/config.h'; my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` ); +# for md we want to catch MD5_C but not MD_C, hence the extra dot my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p'; my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p'; my @hashes = split( /\s+/, From be2f0b5e270a72d43991db690f358d2bc5753fd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 21 Aug 2017 11:00:22 +0200 Subject: [PATCH 153/504] Fix test that didn't check full value of flags --- tests/suites/test_suite_x509parse.data | 42 +++++++++++----------- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index afa86a1d8..717ce33ee 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -773,87 +773,87 @@ x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-e X509 Certificate verification callback: bad name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED -x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0004\n" +x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n" X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x0000\n" +x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n" X509 Certificate verification callback: trusted EE cert, expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: simple depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: simple, EE expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: simple, root expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two trusted roots depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: two trusted roots, reversed order depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, EE expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: intermediate ca, int expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, root expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates, top int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates, low int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: no intermediate, bad signature depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED -x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0008\n" +x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" X509 Certificate verification callback: one intermediate, bad signature depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0008\n" +x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" X509 Parse Selftest depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b3b6f4dce..2e9abb3e7 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -145,7 +145,7 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, " - flags 0x%04x\n", *flags ); + ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags ); MBEDTLS_X509_SAFE_SNPRINTF; ctx->p = p; From c6075cc5acccf5bdd105a31300da7957a16e7ce3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:45:35 +0100 Subject: [PATCH 154/504] Don't use CRT for signature verification If CRT is not used, the helper fields CRT are not assumed to be present in the RSA context structure, so do the verification directly in this case. If CRT is used, verification could be done using CRT, but we're sticking to ordinary verification for uniformity. --- library/rsa.c | 41 +++++++++++------------------------------ 1 file changed, 11 insertions(+), 30 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index d3feeba88..0c5bc4fb5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -428,15 +428,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, #endif #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - /* Temporaries holding input mod p resp. mod q. */ - mbedtls_mpi IP, IQ; - - /* Temporaries holding double check results mod p resp. mod q; - * should in the end have the same values as IP and IQ. */ - mbedtls_mpi CP, CQ; - - /* Comparison results */ - int check = 0; + /* Temporaries holding the initial input and the double + * checked result; should be the same in the end. */ + mbedtls_mpi I, C; #endif #if defined(MBEDTLS_RSA_FORCE_BLINDING) @@ -476,8 +470,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, #endif #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - mbedtls_mpi_init( &IP ); mbedtls_mpi_init( &IQ ); - mbedtls_mpi_init( &CP ); mbedtls_mpi_init( &CQ ); + mbedtls_mpi_init( &I ); + mbedtls_mpi_init( &C ); #endif /* End of MPI initialization */ @@ -490,8 +484,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, } #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IP, &T, &ctx->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IQ, &T, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); #endif if( f_rng != NULL ) @@ -583,18 +576,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); } - /* If requested by the config, verify the result to prevent glitching attacks. - * For that, check the two prime moduli separately. */ + /* If requested by the config, verify the result to prevent glitching attacks. */ #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CP, &T, &ctx->E, &ctx->P, &ctx->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CQ, &T, &ctx->E, &ctx->Q, &ctx->RQ ) ); - - check |= mbedtls_mpi_cmp_mpi( &CP, &IP ); - check |= mbedtls_mpi_cmp_mpi( &CQ, &IQ ); - - if( check != 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, &ctx->N, &ctx->RN ) ); + if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) { - /* Verification failed */ ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } @@ -630,8 +616,8 @@ cleanup: #endif #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - mbedtls_mpi_free( &IP ); mbedtls_mpi_free( &IQ ); - mbedtls_mpi_free( &CP ); mbedtls_mpi_free( &CQ ); + mbedtls_mpi_free( &C ); + mbedtls_mpi_free( &I ); #endif if( ret != 0 ) @@ -1245,11 +1231,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, size_t nb_pad, olen, oid_size = 0; unsigned char *p = sig; const char *oid = NULL; - unsigned char *sig_try = NULL, *verif = NULL; - size_t i; - unsigned char diff; - volatile unsigned char diff_no_optimize; - int ret; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); From 43f94721ab4e331517b71e678d9c5a72b6834958 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:50:00 +0100 Subject: [PATCH 155/504] Add quick-check for presence of relevant parameters in rsa_private --- library/rsa.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 0c5bc4fb5..9b7d346c2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -425,7 +425,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, /* Pointer to actual exponent to be used - either the unblinded * or the blinded one, depending on the presence of a PRNG. */ mbedtls_mpi *D = &ctx->D; -#endif +#endif /* MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) /* Temporaries holding the initial input and the double @@ -438,9 +438,24 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); #endif - /* Make sure we have private key info, prevent possible misuse */ - if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL ) + /* Sanity-check that all relevant fields are at least set, + * but don't perform a full keycheck. */ + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) + { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#if !defined(MBEDTLS_RSA_NO_CRT) + if( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif /* MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) @@ -1294,7 +1309,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, } if( mode == MBEDTLS_RSA_PUBLIC ) - return( mbedtls_rsa_public( ctx, sig, sig ) ); + return( mbedtls_rsa_public( ctx, sig, sig ) ); /* * In order to prevent Lenstra's attack, make the signature in a From cc209ca56d0592404f5019a03f4887e383f956d0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:51:03 +0100 Subject: [PATCH 156/504] Remove signature verification from rsa_rsassa_pkcs1_v15_sign This verification path is redundant now that verification is uniformly done in rsa_private. --- library/rsa.c | 37 +------------------------------------ 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 9b7d346c2..680df0d8e 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1311,42 +1311,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, if( mode == MBEDTLS_RSA_PUBLIC ) return( mbedtls_rsa_public( ctx, sig, sig ) ); - /* - * In order to prevent Lenstra's attack, make the signature in a - * temporary buffer and check it before returning it. - */ - sig_try = mbedtls_calloc( 1, ctx->len ); - if( sig_try == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - - verif = mbedtls_calloc( 1, ctx->len ); - if( verif == NULL ) - { - mbedtls_free( sig_try ); - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - } - - MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) ); - - /* Compare in constant time just in case */ - for( diff = 0, i = 0; i < ctx->len; i++ ) - diff |= verif[i] ^ sig[i]; - diff_no_optimize = diff; - - if( diff_no_optimize != 0 ) - { - ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED; - goto cleanup; - } - - memcpy( sig, sig_try, ctx->len ); - -cleanup: - mbedtls_free( sig_try ); - mbedtls_free( verif ); - - return( ret ); + return( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); } #endif /* MBEDTLS_PKCS1_V15 */ From ea24d75c67d79b31d50499affa66ec88d3756e59 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 31 Aug 2017 17:02:01 +0300 Subject: [PATCH 157/504] Addres Andres' comment Update the document after Andres review comments --- CONTRIBUTING.md | 61 +++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 95219e544..f7bf5f8db 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,63 +1,64 @@ +Contributing +============ We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions: - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release. -### Contributor License Agreement ( CLA ) +Contributor License Agreement (CLA) +----------------------------------- - All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. - To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. -### Coding Standards +Coding Standards +---------------- - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission. - The code should be written in a clean and readable style. - The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs. -- The code should be secure, and will be reviewed in a security point of view as well. - -### Making a Contribution +- The code should be secure, and will be reviewed from a security point of view as well. +Making a Contribution +--------------------- 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. -2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. -3. Write a test which shows that the bug was fixed or that the feature works as expected. -4. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) -5. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. -6. mbed TLS is release with Apache license, and as such, all the added files should include the Apache license header. - -### Backports +1. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis. +1. Write a test which shows that the bug was fixed or that the feature works as expected. +1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) +1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. +1. mbed TLS is release with Apache license, and as such, all the added files should include the Apache license header. +Backports +--------- mbed TLS maintains some legacy branches, which are released as LTS versions. mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules: 1. If the contribution is a new feature or enhancement, no backporting is needed. -2. Bug fixes should be backported to the legacy branches containing these bugs. -3. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. +1. Bug fixes should be backported to the legacy branches containing these bugs. +1. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. It would be highly appreciated if a contribution would be backported to a legacy branch as well. At the moment, the legacy branches are: -1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3) -2. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) -3. [development](https://github.com/ARMmbed/mbedtls/tree/development) - -### Tests +1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3) +1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) +1. [development](https://github.com/ARMmbed/mbedtls/tree/development) +Tests +----- As mentioned, tests that show the correctness of the feature or bug fix should be added to the Pull Request, if no such tests exist. mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. Sample applications, if needed, should be modified as well. -### Continuous Integration Tests - +Continuous Integration Tests +---------------------------- Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible. -### Documentation - +Documentation +------------- mbed TLS should be well documented. If documentation is needed, speak out! 1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation. -2. Complex parts in the code should include comments. -3. If needed, a Readme file is advised -4. If a KB article should be added, write this as a comment in the PR description. -5. A Changelog entry should be added for this contribution. - - - \ No newline at end of file +1. Complex parts in the code should include comments. +1. If needed, a Readme file is advised. +1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description. +1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution. From 533751f98f0890576e30ff6f996abea4c5203338 Mon Sep 17 00:00:00 2001 From: VOLAT Matthieu 22923 Date: Fri, 1 Sep 2017 09:55:40 +0200 Subject: [PATCH 158/504] Use current source paths for config file creation command That way, the project integrate more nicely when used as a cmake sub-project. --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3e47224ea..2883eff27 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -31,7 +31,7 @@ find_package(Perl) if(PERL_FOUND) # If NULL Entropy is configured, display an appropriate warning - execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY + execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY RESULT_VARIABLE result) if(${result} EQUAL 0) message(WARNING ${NULL_ENTROPY_WARNING}) From 0a47d127170a94c76932a9b1dcc4525fd8521435 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 3 Sep 2017 10:20:25 +0300 Subject: [PATCH 159/504] Rephrase the backport sectio Rephrase the backport sectoin, since development branch is not a legacy branch --- CONTRIBUTING.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f7bf5f8db..c1870547b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -34,12 +34,11 @@ mbed TLS maintains some legacy branches, which are released as LTS versions. mbe 1. Bug fixes should be backported to the legacy branches containing these bugs. 1. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. -It would be highly appreciated if a contribution would be backported to a legacy branch as well. +It would be highly appreciated if a contribution would be backported to a legacy branch in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development). At the moment, the legacy branches are: 1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3) 1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) -1. [development](https://github.com/ARMmbed/mbedtls/tree/development) Tests ----- From 4f13195f3b86cbc78ae05600408152fb294b71da Mon Sep 17 00:00:00 2001 From: Gert van Dijk Date: Mon, 4 Sep 2017 14:17:10 +0200 Subject: [PATCH 160/504] Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040 --- tests/suites/test_suite_debug.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index e28d58d64..7f747d07b 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -42,7 +42,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" Debug print mbedtls_mpi #1 From 25d124dc740ed2f06882ec0801e52f9695a2b363 Mon Sep 17 00:00:00 2001 From: Gert van Dijk Date: Tue, 5 Sep 2017 14:25:52 +0200 Subject: [PATCH 161/504] Tests: depends-pkalgs.pl - disable less options Rather than disabling SSL & Key exchanges as a whole, only disable those options required by reverse dependencies. GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040 See also discussion in PR #1074. https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303 --- tests/scripts/depends-pkalgs.pl | 34 +++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 234c3e3f8..3ab161523 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -32,22 +32,29 @@ use strict; my $config_h = 'include/mbedtls/config.h'; -# as many SSL options depend on specific algs -# and SSL is not in the test suites anyways, -# disable it to avoid dependcies issues -my $ssl_sed = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; -my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p'; -my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` ); - # Some algorithms can't be disabled on their own as others depend on them, so # we list those reverse-dependencies here to keep check_config.h happy. my %algs = ( - 'MBEDTLS_ECDSA_C' => [], - 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'], + 'MBEDTLS_ECDSA_C' => ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], + 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', + 'MBEDTLS_ECDH_C', + 'MBEDTLS_ECJPAKE_C', + 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], 'MBEDTLS_X509_RSASSA_PSS_SUPPORT' => [], 'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], - 'MBEDTLS_PKCS1_V15' => [], - 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], + 'MBEDTLS_PKCS1_V15' => ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'], + 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT', + 'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'], ); system( "cp $config_h $config_h.bak" ) and die; @@ -72,11 +79,6 @@ while( my ($alg, $extras) = each %algs ) { and abort "Failed to disable $opt\n"; } - for my $opt (@ssl) { - system( "scripts/config.pl unset $opt" ) - and abort "Failed to disable $opt\n"; - } - system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) and abort "Failed to build lib: $alg\n"; system( "cd tests && make" ) and abort "Failed to build tests: $alg\n"; From bc18eb3b928e861d0b71f7792cafbf2ad4c38972 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 6 Sep 2017 17:49:10 +0300 Subject: [PATCH 162/504] Fix compilation error with Mingw32 Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use `_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by Thomas Glanzmann and Nick Wilson on issue #355 --- ChangeLog | 7 +++++++ library/debug.c | 2 +- library/platform.c | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 227faed6b..f8dcae521 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use `_TRUNCATE` + only if `__MINGW32__` not defined. Fix suggested by Thomas Glanzmann and + Nick Wilson on issue #355 + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/library/debug.c b/library/debug.c index f9229b360..db3924ac5 100644 --- a/library/debug.c +++ b/library/debug.c @@ -91,7 +91,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, va_start( argp, format ); #if defined(_WIN32) -#if defined(_TRUNCATE) +#if defined(_TRUNCATE) && !defined(__MINGW32__) ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp ); #else ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp ); diff --git a/library/platform.c b/library/platform.c index af3b2f15e..68506f544 100644 --- a/library/platform.c +++ b/library/platform.c @@ -74,7 +74,7 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ) return( -1 ); va_start( argp, fmt ); -#if defined(_TRUNCATE) +#if defined(_TRUNCATE) && !defined(__MINGW32__) ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp ); #else ret = _vsnprintf( s, n, fmt, argp ); From 936f72c641c0953cc288d01de30a2dd811b5f8ac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 10:56:10 +0100 Subject: [PATCH 163/504] Disable MBEDTLS_RSA_FORCE_BLINDING by default This commit disables the new MBEDTLS_RSA_FORCE_BLINDING option by default to preserve backwards compatibility. Further, it deprecates disabling to prepare for a future release in which blinding will be unconditionally enforced. --- include/mbedtls/config.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d54f0c382..741ce416a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -980,6 +980,11 @@ * Comment this macro to allow RSA private key operations * without blinding. * + * \deprecated Disabling this option is deprecated and only + * disabled by default for backwards compatibility. + * Future versions of Mbed TLS will remove this + * option and enforce blinding unconditionally. + * * \warning Disabling this can be a security risk! * Blinding RSA private key operations is a way * to prevent statistical timing attacks as in @@ -998,7 +1003,7 @@ * private key operations, see the documentation * of \c mbedtls_rsa_private. */ -#define MBEDTLS_RSA_FORCE_BLINDING +//#define MBEDTLS_RSA_FORCE_BLINDING /** * \def MBEDTLS_RSA_NO_CRT From 6ac972d815107812be6df8ab591e475208709720 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 10:57:48 +0100 Subject: [PATCH 164/504] Style correction in test_suite_pk.function --- tests/suites/test_suite_pk.function | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 33453ac6f..a6372c52a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -43,8 +43,9 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) { - return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode, olen, - input, output, output_max_len ) ); + return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, + rnd_std_rand, NULL, mode, olen, + input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, @@ -107,7 +108,8 @@ void mbedtls_pk_check_pair( char *pub_file, char *prv_file, int ret ) if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA ) { TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ), - mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 ); + mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, + mbedtls_rsa_key_len_func ) == 0 ); TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret ); } #endif From a988a2702ab402e119502f9759347b12d91c0ee4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 11:32:04 +0100 Subject: [PATCH 165/504] Emit deprecation warning if MBEDTLS_RSA_FORCE_BLINDING is not set --- library/rsa.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 680df0d8e..88257aa57 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -66,6 +66,13 @@ #define mbedtls_free free #endif +#if !defined(MBEDTLS_RSA_FORCE_BLINDING) && \ + defined(MBEDTLS_DEPRECATED_WARNING) +#warning Not enforcing blinding checks for RSA private key operations\ + is deprecated. Please uncomment MBEDTLS_RSA_FORCE_BLINDING\ + in config.h to enforce blinding checks. +#endif + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; From b2231fc31a8e7840734b5fd6d9b64d30635ac3d4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 10 Sep 2017 17:32:05 +0300 Subject: [PATCH 166/504] Address review comments Addres review comments done by Hanno --- CONTRIBUTING.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c1870547b..3c6dc74c8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,12 +7,12 @@ We gratefully accept bug reports and contributions from the community. There are Contributor License Agreement (CLA) ----------------------------------- -- All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. -- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. +- All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. +- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given. Coding Standards ---------------- -- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission. +- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections. - The code should be written in a clean and readable style. - The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs. - The code should be secure, and will be reviewed from a security point of view as well. @@ -20,15 +20,15 @@ Coding Standards Making a Contribution --------------------- 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. -1. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis. +1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis. 1. Write a test which shows that the bug was fixed or that the feature works as expected. -1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) +1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) 1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. -1. mbed TLS is release with Apache license, and as such, all the added files should include the Apache license header. +1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header. Backports --------- -mbed TLS maintains some legacy branches, which are released as LTS versions. mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules: +Mbed TLS maintains some legacy branches, which are released as LTS versions. Mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules: 1. If the contribution is a new feature or enhancement, no backporting is needed. 1. Bug fixes should be backported to the legacy branches containing these bugs. @@ -42,8 +42,8 @@ At the moment, the legacy branches are: Tests ----- -As mentioned, tests that show the correctness of the feature or bug fix should be added to the Pull Request, if no such tests exist. -mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. +As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist. +Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. Sample applications, if needed, should be modified as well. @@ -54,7 +54,7 @@ It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtl Documentation ------------- -mbed TLS should be well documented. If documentation is needed, speak out! +Mbed TLS should be well documented. If documentation is needed, speak out! 1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation. 1. Complex parts in the code should include comments. From 714785dcc217a769ce5e46f3dcb915291ed944c7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 28 Aug 2017 13:55:55 +0300 Subject: [PATCH 167/504] Write correct number of ciphersuites in log Change location of log, to fit the correct number of used ciphersuites --- ChangeLog | 7 ++++++- library/ssl_cli.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 227faed6b..000084b77 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,9 @@ -mbed TLS ChangeLog (Sorted per branch, date) +mbed TLS ChangeLog (Sorted per branch, date) + += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Log correct number of ciphersuites used in Client Hello message. Fix for #918. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe..9babb695c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -891,6 +891,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, got %d ciphersuites", n)); + /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ @@ -917,8 +919,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *q++ = (unsigned char)( n >> 7 ); *q++ = (unsigned char)( n << 1 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) ); - #if defined(MBEDTLS_ZLIB_SUPPORT) offer_compress = 1; #else From 147d1429481135cc989fea47dabbca905717e978 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 5 Sep 2017 16:09:53 +0300 Subject: [PATCH 168/504] Add log and fix stle issues Address Andres comments of PR --- library/ssl_cli.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9babb695c..8a48f7b00 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -891,7 +891,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, got %d ciphersuites", n)); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -900,6 +900,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) #endif { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; From 4a2fb4c6be50134cbf6198ed6cc904f7d71af77b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 10 Sep 2017 17:03:50 +0300 Subject: [PATCH 169/504] Addres review comments Resolves comments raised in the review --- library/ssl_cli.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8a48f7b00..36086e9d9 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -891,7 +891,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -900,7 +900,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) #endif { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; From 2f73c9342fd9d31728c0bf4fb34266fdcc489a88 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 26 Sep 2017 15:06:56 +0300 Subject: [PATCH 170/504] Fix Changelog notation Remove backticks, since ChangeLog is not in MarkDown --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f8dcae521..4eb52fb8f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use `_TRUNCATE` - only if `__MINGW32__` not defined. Fix suggested by Thomas Glanzmann and + * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE + only if __MINGW32__ not defined. Fix suggested by Thomas Glanzmann and Nick Wilson on issue #355 = mbed TLS 2.6.0 branch released 2017-08-10 From 8d1dd1b5b9ffd1e615d1dea6524c8ea53a13216a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 11:02:24 +0100 Subject: [PATCH 171/504] Fix bug in mbedtls_mpi_exp_mod Calling `mbedtls_mpi_exp_mod` with a freshly initialized exponent MPI `N`, i.e. `N.p == NULL`, would lead to a null-pointer dereference. --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 8b9082cdc..e9ac56505 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1614,7 +1614,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; int neg; - if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) + if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); if( mbedtls_mpi_cmp_int( E, 0 ) < 0 ) From 2c9f027e32f3fc83ccb3d24d132a77a711bd141b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 11:04:13 +0100 Subject: [PATCH 172/504] Don't require P,Q if CRT is not used Previously, verification used P,Q regardless of whether CRT was used in the computation, but this has changed in the meantime. --- library/rsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 88257aa57..11ba2019a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -448,15 +448,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, /* Sanity-check that all relevant fields are at least set, * but don't perform a full keycheck. */ if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } #if !defined(MBEDTLS_RSA_NO_CRT) - if( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || + if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 ) { From 7c0f17d1155d8a3e0fd52f831ecc84ce11673f2e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 11:49:46 +0100 Subject: [PATCH 173/504] Add `MBEDTLS_RSA_NO_CRT` to options unaffected by `config.pl full` The effect of `config.pl full` on 'negative' options such as `NO_PLATFORM_ENTROPY` is usually inverted, but `MBEDTLS_RSA_NO_CRT` was not included in the list of such options. This commit adds it. --- scripts/config.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 2757f17fe..e2760b15c 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -17,7 +17,7 @@ # # Full usage description provided below. # -# Things that shouldn't be enabled with "full". +# The following options are disabled instead of enabled with "full". # # MBEDTLS_TEST_NULL_ENTROPY # MBEDTLS_DEPRECATED_REMOVED @@ -30,6 +30,7 @@ # MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_REMOVE_ARC4_CIPHERSUITES # MBEDTLS_SSL_HW_RECORD_ACCEL +# MBEDTLS_RSA_NO_CRT # MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 # MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION # - this could be enabled if the respective tests were adapted @@ -85,6 +86,7 @@ MBEDTLS_ECP_DP_M383_ENABLED MBEDTLS_ECP_DP_M511_ENABLED MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_PLATFORM_ENTROPY +MBEDTLS_RSA_NO_CRT MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 From d5ba5effaa30addc721f27f65b15a97af3f33248 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 12:53:51 +0100 Subject: [PATCH 174/504] Add ASan build-and-test run for MBEDTLS_RSA_NO_CRT in all.sh --- tests/scripts/all.sh | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2c..5fe9191cc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -326,6 +326,22 @@ OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min tests/ssl-opt.sh +msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_RSA_NO_CRT +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s +make test + +msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s +tests/ssl-opt.sh -f RSA + +msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min +tests/compat.sh -t RSA + msg "build: cmake, full config, clang, C99" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -572,4 +588,3 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup - From a6f55394137487b7298ab929202d70b5f210c7c2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 12:56:28 +0100 Subject: [PATCH 175/504] Adapt version_features.c to new config options --- library/version_features.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..f7fa041c4 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -345,9 +345,18 @@ static const char *features[] = { #if defined(MBEDTLS_PKCS1_V21) "MBEDTLS_PKCS1_V21", #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_RSA_FORCE_BLINDING) + "MBEDTLS_RSA_FORCE_BLINDING", +#endif /* MBEDTLS_RSA_FORCE_BLINDING */ #if defined(MBEDTLS_RSA_NO_CRT) "MBEDTLS_RSA_NO_CRT", #endif /* MBEDTLS_RSA_NO_CRT */ +#if defined(MBEDTLS_RSA_FORCE_CRT_VERIFICATION) + "MBEDTLS_RSA_FORCE_CRT_VERIFICATION", +#endif /* MBEDTLS_RSA_FORCE_CRT_VERIFICATION */ +#if defined(MBEDTLS_RSA_FORCE_VERIFICATION) + "MBEDTLS_RSA_FORCE_VERIFICATION", +#endif /* MBEDTLS_RSA_FORCE_VERIFICATION */ #if defined(MBEDTLS_SELF_TEST) "MBEDTLS_SELF_TEST", #endif /* MBEDTLS_SELF_TEST */ From 2fdffe0da0bf74cb94682730fe2db6b0ba8472fa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 15:19:28 +0100 Subject: [PATCH 176/504] Check exactly for the RSA context fields required in rsa_private Previously, the code was also checking for the presence of D for RSA-CRT, which is not needed in this case. --- library/rsa.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 11ba2019a..d866c7aa3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -447,14 +447,19 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, /* Sanity-check that all relevant fields are at least set, * but don't perform a full keycheck. */ +#if defined(MBEDTLS_RSA_NO_CRT) if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } -#if !defined(MBEDTLS_RSA_NO_CRT) - if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || +#else /* ! MBEDTLS_RSA_NO_CRT */ + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || @@ -462,7 +467,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } -#endif /* MBEDTLS_RSA_NO_CRT */ +#endif /* ! MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) From 4e1be398f64170a10495561e91ccc27aa31f94a3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 15:56:48 +0100 Subject: [PATCH 177/504] Remove FORCE_VERIFICATION and FORCE_BLINDING --- include/mbedtls/config.h | 77 -------------------------------------- include/mbedtls/rsa.h | 31 +++------------ library/rsa.c | 22 ----------- library/version_features.c | 9 ----- 4 files changed, 5 insertions(+), 134 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 741ce416a..52556262a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -970,41 +970,6 @@ */ #define MBEDTLS_PKCS1_V21 -/** - * \def MBEDTLS_RSA_FORCE_BLINDING - * - * Force the use of blinding in RSA private key operations. - * This makes these operations fail when the caller doesn't - * provide a PRNG. - * - * Comment this macro to allow RSA private key operations - * without blinding. - * - * \deprecated Disabling this option is deprecated and only - * disabled by default for backwards compatibility. - * Future versions of Mbed TLS will remove this - * option and enforce blinding unconditionally. - * - * \warning Disabling this can be a security risk! - * Blinding RSA private key operations is a way - * to prevent statistical timing attacks as in - * [P. Kocher ', Timing Attacks on Implementations - * of Diffie-Hellman, RSA, DSS, and Other Systems] - * - * \note Disabling this does not mean that blinding - * will never be used: if a PRNG is provided, - * blinding will be in place. Instead, disabling this - * option may result in private key operations being - * performed in a way potentially leaking sensitive - * information through side-channels when no PRNG - * is supplied by the user. - * - * \note For more on the use of blinding in RSA - * private key operations, see the documentation - * of \c mbedtls_rsa_private. - */ -//#define MBEDTLS_RSA_FORCE_BLINDING - /** * \def MBEDTLS_RSA_NO_CRT * @@ -1016,48 +981,6 @@ */ //#define MBEDTLS_RSA_NO_CRT -/** - * \def MBEDTLS_RSA_FORCE_CRT_VERIFICATION - * - * Force verification of results of RSA private key operations - * when RSA-CRT is used. - * - * Comment this macro to disable RSA-CRT verification. - * - * \warning Disabling this can be a security risk! - * Omitting verification makes the RSA-CRT - * signing vulnerable to the Bellcore - * glitch attack leading to private key - * compromise if an attacker can cause a - * glitch in a certain timeframe during - * the signing operation. Uncomment only - * if you're sure that glitches are out of - * your attack model. - */ -#define MBEDTLS_RSA_FORCE_CRT_VERIFICATION - -/** - * \def MBEDTLS_RSA_FORCE_VERIFICATION - * - * Force verification of results of any RSA private key - * operation regardless of the algorithm used. - * - * Uncomment this to enable unconditional RSA verification. - * - * \note This is to prevent the RSA signing operation - * (regardless of the particular algorithm chosen) - * from potential future glitch attacks. We are - * currently not aware of any such for our default - * implementation, therefore disabling the option - * by default. - * - * \note Enabling it comes at the cost of roughly an - * additional public key operation at the end of - * signing (low compared to private key operations), - * as well as minor memory consumption. - */ -//#define MBEDTLS_RSA_FORCE_VERIFICATION - /** * \def MBEDTLS_SELF_TEST * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e34fea0f2..bc2f810ae 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -63,15 +63,6 @@ #define MBEDTLS_RSA_SALT_LEN_ANY -1 -/* - * RSA configuration - */ -#if defined(MBEDTLS_RSA_FORCE_VERIFICATION) || \ - ( ! defined(MBEDTLS_RSA_NO_CRT) && \ - defined(MBEDTLS_RSA_FORCE_CRT_VERIFICATION ) ) -#define MBEDTLS_RSA_REQUIRE_VERIFICATION -#endif - /* * The above constants may be used even if the RSA module is compile out, * eg for alternative (PKCS#11) RSA implemenations in the PK layers. @@ -239,28 +230,16 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). * - * \note Enabling and disabling of blinding: - * - If f_rng is NULL and MBEDTLS_RSA_FORCE_BLINDING - * is disabled, blinding is disabled. - * - If f_rng is NULL and MBEDTLS_RSA_FORCE_BLINDING - * is enabled, the function fails. + * \note Blinding is used if and onlf if a PRNG is provided. * * \note If blinding is used, both the base of exponentation * and the exponent are blinded, preventing both statistical * timing and power analysis attacks. * - * \note Depending on the way RSA is implemented, a failure - * in the computation can lead to disclosure of the private - * key if the wrong result is passed to attacker - e.g., - * implementing RSA through CRT is vulnerable to the - * Bellcore glitch attack. - * - * As a remedy, the user can force double checking the - * result of the private key operation through the option - * MBEDTLS_RSA_FORCE_VERIFICATION. If verification is - * to be enabled only when RSA-CRT is used (as controlled - * by the configuration option MBEDTLS_RSA_NO_CRT), the - * option MBEDTLS_RSA_FORCE_CRT_VERIFICATION can be used. + * \warning It is deprecated and a security risk to not provide + * a PRNG here and thereby prevent the use of blinding. + * Future versions of the library may enforce the presence + * of a PRNG. * */ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, diff --git a/library/rsa.c b/library/rsa.c index d866c7aa3..de684b39c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -66,13 +66,6 @@ #define mbedtls_free free #endif -#if !defined(MBEDTLS_RSA_FORCE_BLINDING) && \ - defined(MBEDTLS_DEPRECATED_WARNING) -#warning Not enforcing blinding checks for RSA private key operations\ - is deprecated. Please uncomment MBEDTLS_RSA_FORCE_BLINDING\ - in config.h to enforce blinding checks. -#endif - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; @@ -434,16 +427,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi *D = &ctx->D; #endif /* MBEDTLS_RSA_NO_CRT */ -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) /* Temporaries holding the initial input and the double * checked result; should be the same in the end. */ mbedtls_mpi I, C; -#endif - -#if defined(MBEDTLS_RSA_FORCE_BLINDING) - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); -#endif /* Sanity-check that all relevant fields are at least set, * but don't perform a full keycheck. */ @@ -496,10 +482,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); #endif -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) mbedtls_mpi_init( &I ); mbedtls_mpi_init( &C ); -#endif /* End of MPI initialization */ @@ -510,9 +494,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, goto cleanup; } -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); -#endif if( f_rng != NULL ) { @@ -604,14 +586,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, } /* If requested by the config, verify the result to prevent glitching attacks. */ -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, &ctx->N, &ctx->RN ) ); if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } -#endif /* MBEDTLS_RSA_REQUIRE_VERIFICATION */ olen = ctx->len; MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); @@ -642,10 +622,8 @@ cleanup: mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ ); #endif -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) mbedtls_mpi_free( &C ); mbedtls_mpi_free( &I ); -#endif if( ret != 0 ) return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret ); diff --git a/library/version_features.c b/library/version_features.c index f7fa041c4..9f97c7bc3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -345,18 +345,9 @@ static const char *features[] = { #if defined(MBEDTLS_PKCS1_V21) "MBEDTLS_PKCS1_V21", #endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_RSA_FORCE_BLINDING) - "MBEDTLS_RSA_FORCE_BLINDING", -#endif /* MBEDTLS_RSA_FORCE_BLINDING */ #if defined(MBEDTLS_RSA_NO_CRT) "MBEDTLS_RSA_NO_CRT", #endif /* MBEDTLS_RSA_NO_CRT */ -#if defined(MBEDTLS_RSA_FORCE_CRT_VERIFICATION) - "MBEDTLS_RSA_FORCE_CRT_VERIFICATION", -#endif /* MBEDTLS_RSA_FORCE_CRT_VERIFICATION */ -#if defined(MBEDTLS_RSA_FORCE_VERIFICATION) - "MBEDTLS_RSA_FORCE_VERIFICATION", -#endif /* MBEDTLS_RSA_FORCE_VERIFICATION */ #if defined(MBEDTLS_SELF_TEST) "MBEDTLS_SELF_TEST", #endif /* MBEDTLS_SELF_TEST */ From 2dec5e8b00d25f2fd6946172eb3b30177a4b124e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 07:49:52 +0100 Subject: [PATCH 178/504] Correct outdated comment --- library/rsa.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index de684b39c..56f434563 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -585,8 +585,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); } - /* If requested by the config, verify the result to prevent glitching attacks. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, &ctx->N, &ctx->RN ) ); + /* Verify the result to prevent glitching attacks. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, + &ctx->N, &ctx->RN ) ); if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; From 36855d66bbdc5c204013b125a0d60ea4b3b061f4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 9 Oct 2017 17:22:07 +0100 Subject: [PATCH 179/504] Change generate_errors.pl to call perl grep Change the script generate_errors.pl to call the grep function in Perl instead of calling the external tool grep directly as this causes problems when ANSI escape sequences are included in the grep output string. --- scripts/generate_errors.pl | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index cfcf07c8f..040a48895 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -46,7 +46,14 @@ close(FORMAT_FILE); $/ = $line_separator; -open(GREP, "grep \"define MBEDTLS_ERR_\" $include_dir/* |") || die("Failure when calling grep: $!"); +my @files = <$include_dir/*>; +my @matches; +foreach my $file (@files) { + open(FILE, "$file"); + my @grep_res = grep(/define MBEDTLS_ERR_/, ); + push(@matches, @grep_res); + close FILE; +} my $ll_old_define = ""; my $hl_old_define = ""; @@ -58,7 +65,8 @@ my $headers = ""; my %error_codes_seen; -while (my $line = ) + +foreach my $line (@matches) { next if ($line =~ /compat-1.2.h/); my ($error_name, $error_code) = $line =~ /(MBEDTLS_ERR_\w+)\s+\-(0x\w+)/; From 17c0493ca887091e39e541de4b2c6955e0a62036 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 14:44:53 +0100 Subject: [PATCH 180/504] Allow default arguments for client/server/proxy in ssl-opt.sh ssl-opt.sh checks whether the client, server and proxy commands are names of executable files, forbidding the use of default arguments by by e.g. setting P_SRV="ssl_server2 debug_level=3". This commit relaxes this check, only considering the part of the command string prior to the first whitespace. --- tests/ssl-opt.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc6348..7f5510cce 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -597,16 +597,22 @@ fi get_options "$@" # sanity checks, avoid an avalanche of errors -if [ ! -x "$P_SRV" ]; then - echo "Command '$P_SRV' is not an executable file" +P_SRV_BIN=$(echo "$P_SRV" | sed -r -n "s/^([^ ]*).*$/\1/p") +echo "Server binary: ${P_SRV_BIN}" +P_CLI_BIN=$(echo "$P_CLI" | sed -r -n "s/^([^ ]*).*$/\1/p") +echo "Client binary: ${P_CLI_BIN}" +P_PXY_BIN=$(echo "$P_PXY" | sed -r -n "s/^([^ ]*).*$/\1/p") +echo "Proxy binary: ${P_PXY_BIN}" +if [ ! -x "$P_SRV_BIN" ]; then + echo "Command '$P_SRV_BIN' is not an executable file" exit 1 fi -if [ ! -x "$P_CLI" ]; then - echo "Command '$P_CLI' is not an executable file" +if [ ! -x "$P_CLI_BIN" ]; then + echo "Command '$P_CLI_BIN' is not an executable file" exit 1 fi -if [ ! -x "$P_PXY" ]; then - echo "Command '$P_PXY' is not an executable file" +if [ ! -x "$P_PXY_BIN" ]; then + echo "Command '$P_PXY_BIN' is not an executable file" exit 1 fi if [ "$MEMCHECK" -gt 0 ]; then From f65ca329b6e9b75694fce075f5eef8d19681e4a6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 14:44:57 +0100 Subject: [PATCH 181/504] Introduce UDP proxy wrapper script This commit introduces the script `programs/test/udp_proxy_wrapper.sh` which can be used to wrap the SSL server binary `programs/ssl/ssl_server2` by the UDP proxy application `programs/test/udp_proxy` while maintaining the same interface from the command line. Specifically, given UDP proxy arguments ARGS_UDP and SSL server arguments ARGS_SSL, the command line > ./udp_proxy_wrapper.sh ARGS_UDP -- ARGS_SSL behaves like > ./ssl_server2 ARGS_SSL wrapped by > ./udp_proxy ARGS_UDP The motivation and benefit of this is that scripts like `ssl-opt.sh` can be used with the server command line `P_SRV` modified to `./udp_proxy_wrapper.sh ARGS_UDP -- DEFAULT_ARGS_SSL` which will result in all tests being executed for an SSL server behind a UDP proxy. --- programs/test/udp_proxy_wrapper.sh | 103 +++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100755 programs/test/udp_proxy_wrapper.sh diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh new file mode 100755 index 000000000..415f88399 --- /dev/null +++ b/programs/test/udp_proxy_wrapper.sh @@ -0,0 +1,103 @@ +#!/bin/sh + +set -u + +MBEDTLS_BASE="$(pwd)/$(dirname $0)/../../" +TPXY_BIN="$MBEDTLS_BASE/test/udp_proxy" +SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2" + +: ${VERBOSE:=0} +VERBOSE=1 + +PARAM_SEP="^(.*)--(.*)$" +PROXY_PARAMS=$(echo $@ | sed -n -r "s/$PARAM_SEP/\1/p") +SERVER_PARAMS=$(echo $@ | sed -n -r "s/$PARAM_SEP/\2/p") + +stop_proxy() { + test -n "${TPXY_PID:-}" && + ( + echo "\n * Killing proxy (pid $TPXY_PID) ..." + kill $TPXY_PID + ) +} + +stop_server() { + test -n "${SRV_PID:-}" && + ( + echo "\n * Killing server (pid $SRV_PID) ..." + kill $SRV_PID >/dev/null 2>/dev/null + ) +} + +cleanup() { + stop_server + stop_proxy + return 1 +} + +trap cleanup INT TERM HUP + +DTLS_ENABLED=$(echo "$SERVER_PARAMS" | grep -v "::1" | grep "dtls=1") +if [ -z "$DTLS_ENABLED" ]; then + echo " * Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." + if [ $VERBOSE -gt 0 ]; then + echo "[ $SRV_BIN $SERVER_PARAMS ]" + fi + $SRV_BIN $SERVER_PARAMS >&1 2>&1 & + SRV_PID=$! + wait $SRV_PID + exit 0 +fi + +SERVER_PORT_ORIG=$(echo "$SERVER_PARAMS" | sed -n -r "s/^.*server_port=([0-9]+).*$/\1/p") +if [ -z "$SERVER_PORT_ORIG" ]; then + echo " * No server port specified - exit" + exit 1 +fi + +SERVER_ADDR_ORIG=$(echo "$SERVER_PARAMS" | sed -n -r "s/^.*server_addr=([a-zA-Z0-9\.]+).*$/\1/p") +if [ -z "$SERVER_ADDR_ORIG" ]; then + echo " * No server address specified - exit" + exit 1 +fi + +echo " * Server address: $SERVER_ADDR_ORIG" +echo " * Server port: $SERVER_PORT_ORIG" + +SERVER_PORT=$(( $SERVER_PORT_ORIG + 1 )) +echo " * Intermediate port: $SERVER_PORT" + +TPXY_CMD=\ +"$TPXY_BIN $PROXY_PARAMS "\ +"listen_port=$SERVER_PORT_ORIG "\ +"server_port=$SERVER_PORT "\ +"server_addr=$SERVER_ADDR_ORIG "\ +"listen_addr=$SERVER_ADDR_ORIG" + +echo " * Start proxy in background ..." +if [ $VERBOSE -gt 0 ]; then + echo "[ $TPXY_CMD ]" +fi + +$TPXY_CMD >/dev/null 2>&1 & +TPXY_PID=$! + +if [ $VERBOSE -gt 0 ]; then + echo " * Proxy ID: $TPXY_PID" +fi + +SERVER_PARAMS_NEW=$(echo $SERVER_PARAMS | sed -n -r "s/^(.*server_port=)[0-9]+(.*)$/\1$SERVER_PORT\2/p") +SRV_CMD="$SRV_BIN $SERVER_PARAMS_NEW" + +echo " * Starting server ..." +if [ $VERBOSE -gt 0 ]; then + echo "[ $SRV_CMD ]" +fi + +$SRV_CMD >&2 & +SRV_PID=$! + +wait $SRV_PID + +stop_proxy +return 0 From 1dd62ea81139e9fff902b6ee9e5701f342d4e022 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 22 May 2017 14:30:59 +0100 Subject: [PATCH 182/504] Add packing option to UDP proxy This commit provides the new option pack=TIME for the udp proxy ./programs/test/udp_proxy. If used, udp packets with the same destination will be queued and concatenated for up to TIME milliseconds before being delivered. This is useful to test how mbed TLS's deals with multiple DTLS records within a single datagram. --- programs/test/udp_proxy.c | 137 +++++++++++++++++++++++++++++++++++--- 1 file changed, 128 insertions(+), 9 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 20624d227..bb5537ff1 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -85,6 +85,7 @@ int main( void ) #define DFL_SERVER_PORT "4433" #define DFL_LISTEN_ADDR "localhost" #define DFL_LISTEN_PORT "5556" +#define DFL_PACK 0 #define USAGE \ "\n usage: udp_proxy param=<>...\n" \ @@ -108,6 +109,8 @@ int main( void ) " protect_len=%%d default: (don't protect packets of this size)\n" \ "\n" \ " seed=%%d default: (use current time)\n" \ + " pack=%%d default: 0 (don't merge)\n" \ + " options: t > 0 (merge for t milliseconds)\n" \ "\n" /* @@ -128,6 +131,8 @@ static struct options int bad_ad; /* inject corrupted ApplicationData record */ int protect_hvr; /* never drop or delay HelloVerifyRequest */ int protect_len; /* never drop/delay packet of the given size*/ + int merge; /* merge packets into single datagram for + * at most \c merge milliseconds if > 0 */ unsigned int seed; /* seed for "random" events */ } opt; @@ -152,6 +157,7 @@ static void get_options( int argc, char *argv[] ) opt.server_port = DFL_SERVER_PORT; opt.listen_addr = DFL_LISTEN_ADDR; opt.listen_port = DFL_LISTEN_PORT; + opt.merge = DFL_PACK; /* Other members default to 0 */ for( i = 1; i < argc; i++ ) @@ -193,6 +199,10 @@ static void get_options( int argc, char *argv[] ) if( opt.drop < 0 || opt.drop > 20 || opt.drop == 1 ) exit_usage( p, q ); } + else if( strcmp( p, "pack" ) == 0 ) + { + opt.merge = atoi( q ); + } else if( strcmp( p, "mtu" ) == 0 ) { opt.mtu = atoi( q ); @@ -288,6 +298,94 @@ static unsigned long ellapsed_time( void ) #endif } +typedef struct +{ + mbedtls_net_context *ctx; + + const char *description; + + unsigned long packet_lifetime; + size_t num_datagrams; + + unsigned char data[MAX_MSG_SIZE]; + unsigned len; + +} ctx_buffer; + +static ctx_buffer outbuf[2]; + +static int ctx_buffer_flush( ctx_buffer *buf ) +{ + int ret; + + mbedtls_printf( " %05lu flush %s: %u bytes, %lu datagrams, " + "last %ld ms\n", ellapsed_time(), + buf->description, buf->len, buf->num_datagrams, + ellapsed_time() - buf->packet_lifetime ); + + ret = mbedtls_net_send( buf->ctx, buf->data, buf->len ); + + buf->len = 0; + buf->num_datagrams = 0; + + return( ret ); +} + +static inline int ctx_buffer_check( ctx_buffer *buf ) +{ + if( buf->len > 0 && + ellapsed_time() - buf->packet_lifetime >= (size_t) opt.merge ) + { + return( ctx_buffer_flush( buf ) ); + } + + return( 0 ); +} + +static int ctx_buffer_append( ctx_buffer *buf, + const unsigned char * data, + size_t len ) +{ + int ret; + + if( len > sizeof( buf->data ) ) + { + mbedtls_printf( " ! buffer size %lu too large (max %lu)\n", + len, sizeof( buf->data ) ); + return( -1 ); + } + + if( sizeof( buf->data ) - buf->len < len ) + { + if( ( ret = ctx_buffer_flush( buf ) ) <= 0 ) + return( ret ); + } + + memcpy( buf->data + buf->len, data, len ); + + buf->len += len; + if( ++buf->num_datagrams == 1 ) + buf->packet_lifetime = ellapsed_time(); + + return( len ); +} + +static int dispatch_data( mbedtls_net_context *ctx, + const unsigned char * data, + size_t len ) +{ + ctx_buffer *buf = NULL; + if( outbuf[0].ctx == ctx ) + buf = &outbuf[0]; + else if( outbuf[1].ctx == ctx ) + buf = &outbuf[1]; + + if( buf == NULL ) + return( mbedtls_net_send( ctx, data, len ) ); + + return( ctx_buffer_append( buf, data, len ) ); +} + typedef struct { mbedtls_net_context *dst; @@ -301,10 +399,10 @@ typedef struct void print_packet( const packet *p, const char *why ) { if( why == NULL ) - mbedtls_printf( " %05lu %s %s (%u bytes)\n", + mbedtls_printf( " %05lu dispatch %s %s (%u bytes)\n", ellapsed_time(), p->way, p->type, p->len ); else - mbedtls_printf( " %s %s (%u bytes): %s\n", + mbedtls_printf( " dispatch %s %s (%u bytes): %s\n", p->way, p->type, p->len, why ); fflush( stdout ); } @@ -323,17 +421,17 @@ int send_packet( const packet *p, const char *why ) ++buf[p->len - 1]; print_packet( p, "corrupted" ); - if( ( ret = mbedtls_net_send( dst, buf, p->len ) ) <= 0 ) + if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 ) { - mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); + mbedtls_printf( " ! dispatch returned %d\n", ret ); return( ret ); } } print_packet( p, why ); - if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 ) + if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 ) { - mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); + mbedtls_printf( " ! dispatch returned %d\n", ret ); return( ret ); } @@ -344,9 +442,9 @@ int send_packet( const packet *p, const char *why ) { print_packet( p, "duplicated" ); - if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 ) + if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 ) { - mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); + mbedtls_printf( " ! dispatch returned %d\n", ret ); return( ret ); } } @@ -471,10 +569,14 @@ int main( int argc, char *argv[] ) int ret; mbedtls_net_context listen_fd, client_fd, server_fd; + struct timeval tm; int nb_fds; fd_set read_fds; + tm.tv_sec = 0; + tm.tv_usec = 0; + mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); mbedtls_net_init( &server_fd ); @@ -560,6 +662,19 @@ accept: nb_fds = listen_fd.fd; ++nb_fds; + if( opt.merge > 0 ) + { + outbuf[0].ctx = &server_fd; + outbuf[0].description = "S <- C"; + outbuf[0].num_datagrams = 0; + outbuf[0].len = 0; + + outbuf[1].ctx = &client_fd; + outbuf[1].description = "S -> C"; + outbuf[1].num_datagrams = 0; + outbuf[1].len = 0; + } + while( 1 ) { FD_ZERO( &read_fds ); @@ -567,7 +682,10 @@ accept: FD_SET( client_fd.fd, &read_fds ); FD_SET( listen_fd.fd, &read_fds ); - if( ( ret = select( nb_fds, &read_fds, NULL, NULL, NULL ) ) <= 0 ) + ctx_buffer_check( &outbuf[0] ); + ctx_buffer_check( &outbuf[1] ); + + if( ( ret = select( nb_fds, &read_fds, NULL, NULL, &tm ) ) < 0 ) { perror( "select" ); goto exit; @@ -589,6 +707,7 @@ accept: &client_fd, &server_fd ) ) != 0 ) goto accept; } + } exit: From fbb0b701e4d6ee7c5cd30394ddde8cf1e4def5d7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 May 2017 16:55:07 +0100 Subject: [PATCH 183/504] Corrupt application data in the beginning instead of the end in UDP proxy The UDP proxy corrupts application data at the end of the datagram. If there are multiple DTLS records within the same datagram, this leads to the wrong message being corrupted. This commit always corrupts the beginning of the message to prevent this. Overall, the UDP proxy needs reworking if it is supposed to reliably support multiple records within a single datagram, because it determines its actions from the type of the first record in the current datagram only. --- programs/test/udp_proxy.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index bb5537ff1..c978f9047 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -418,9 +418,17 @@ int send_packet( const packet *p, const char *why ) { unsigned char buf[MAX_MSG_SIZE]; memcpy( buf, p->buf, p->len ); - ++buf[p->len - 1]; - print_packet( p, "corrupted" ); + if( p->len <= 13 ) + { + mbedtls_printf( " ! can't corrupt empty AD record" ); + } + else + { + ++buf[13]; + print_packet( p, "corrupted" ); + } + if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 ) { mbedtls_printf( " ! dispatch returned %d\n", ret ); From e65ce7862a40a9abbfda6ae374cb755033029a8d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 22 May 2017 14:47:48 +0100 Subject: [PATCH 184/504] Enhance debugging output in ssl_tls.c Give a note on the debugging output on the following occasions: (1) The timer expires in mbedtls_ssl_fetch_input (2) There's more than one records within a single datagram --- library/ssl_tls.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065..759dca013 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2294,7 +2294,10 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) * that will end up being dropped. */ if( ssl_check_timer( ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) ); ret = MBEDTLS_ERR_SSL_TIMEOUT; + } else { len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); @@ -3921,7 +3924,13 @@ read_record_header: /* Done reading this record, get ready for the next one */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); + if( ssl->next_record_offset < ssl->in_left ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) ); + } + } else #endif ssl->in_left = 0; From e09ca3d9b68486fa9a4c368fd6578c68fc54c242 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 22 May 2017 15:06:06 +0100 Subject: [PATCH 185/504] Add polling function for network contexts This commit adds a function `mbedtls_net_poll` to the network module allowing to check if a network context is available for read or write. --- include/mbedtls/net_sockets.h | 28 ++++++++++++++++++ library/error.c | 4 +++ library/net_sockets.c | 56 +++++++++++++++++++++++++++++++++-- 3 files changed, 86 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index de335526f..2777b79e4 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -45,12 +45,17 @@ #define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ #define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ #define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ +#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 /**< Polling the net context failed. */ +#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 /**< Input invalid. */ #define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ #define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ #define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ +#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */ +#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */ + #ifdef __cplusplus extern "C" { #endif @@ -131,6 +136,29 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, mbedtls_net_context *client_ctx, void *client_ip, size_t buf_size, size_t *ip_len ); +/** + * \brief Check and wait for the context to be ready for read/write + * + * \param ctx Socket to check + * \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and + * MBEDTLS_NET_POLL_WRITE specifying the events + * to wait for: + * - If MBEDTLS_NET_POLL_READ is set, the function + * will return as soon as the net context is available + * for reading. + * - If MBEDTLS_NET_POLL_WRITE is set, the function + * will return as soon as the net context is available + * for writing. + * \param timeout Maximal amount of time to wait before returning, + * in milliseconds. If \c timeout is zero, the + * function returns immediately. If \c timeout is + * -1u, the function blocks potentially indefinitely. + * + * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE + * on success or timeout, or a negative return code otherwise. + */ +int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ); + /** * \brief Set the socket blocking * diff --git a/library/error.c b/library/error.c index db42381c4..8977cc4e5 100644 --- a/library/error.c +++ b/library/error.c @@ -654,6 +654,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" ); if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) ) mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" ); + if( use_ret == -(MBEDTLS_ERR_NET_POLL_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Polling the net context failed" ); + if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "NET - Input invalid" ); #endif /* MBEDTLS_NET_C */ #if defined(MBEDTLS_OID_C) diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a..edd084416 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -433,6 +433,58 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) #endif } +/* + * Check if data is available on the socket + */ + +int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) +{ + int ret; + struct timeval tv; + + fd_set read_fds; + fd_set write_fds; + + int fd = ctx->fd; + + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + FD_ZERO( &read_fds ); + if( rw & MBEDTLS_NET_POLL_READ ) + { + rw &= ~MBEDTLS_NET_POLL_READ; + FD_SET( fd, &read_fds ); + } + + FD_ZERO( &write_fds ); + if( rw & MBEDTLS_NET_POLL_WRITE ) + { + rw &= ~MBEDTLS_NET_POLL_WRITE; + FD_SET( fd, &write_fds ); + } + + if( rw != 0 ) + return( MBEDTLS_ERR_NET_BAD_INPUT_DATA ); + + tv.tv_sec = timeout / 1000; + tv.tv_usec = ( timeout % 1000 ) * 1000; + + ret = select( fd + 1, &read_fds, &write_fds, NULL, + timeout == (uint32_t) -1u ? NULL : &tv ); + + if( ret < 0 ) + return( MBEDTLS_ERR_NET_POLL_FAILED ); + + ret = 0; + if( FD_ISSET( fd, &read_fds ) ) + ret |= MBEDTLS_NET_POLL_READ; + if( FD_ISSET( fd, &write_fds ) ) + ret |= MBEDTLS_NET_POLL_WRITE; + + return( ret ); +} + /* * Portable usleep helper */ @@ -492,8 +544,8 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) /* * Read at most 'len' characters, blocking for at most 'timeout' ms */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ) +int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, + size_t len, uint32_t timeout ) { int ret; struct timeval tv; From 16970d29127332e109f928fbe9efecc0a118c8dc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 15:56:37 +0100 Subject: [PATCH 186/504] Add support for event-driven IO in ssl_client2 and ssl_server2 --- programs/ssl/ssl_client2.c | 302 +++++++++++++++++++++++++++++++------ programs/ssl/ssl_server2.c | 185 +++++++++++++++++++++-- 2 files changed, 429 insertions(+), 58 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5032a9f3d..e82adaa7b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -70,6 +70,7 @@ int main( void ) #define DFL_REQUEST_SIZE -1 #define DFL_DEBUG_LEVEL 0 #define DFL_NBIO 0 +#define DFL_EVENT 0 #define DFL_READ_TIMEOUT 0 #define DFL_MAX_RESEND 0 #define DFL_CA_FILE "" @@ -243,23 +244,25 @@ int main( void ) " server_port=%%d default: 4433\n" \ " request_page=%%s default: \".\"\n" \ " request_size=%%d default: about 34 (basic request)\n" \ - " (minimum: 0, max: 16384)\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " nbio=%%d default: 0 (blocking I/O)\n" \ - " options: 1 (non-blocking), 2 (added delays)\n" \ - " read_timeout=%%d default: 0 ms (no timeout)\n" \ + " (minimum: 0, max: 16384)\n" \ + " debug_level=%%d default: 0 (disabled)\n" \ + " nbio=%%d default: 0 (blocking I/O)\n" \ + " options: 1 (non-blocking), 2 (added delays)\n" \ + " event=%%d default: 0 (loop)\n" \ + " options: 1 (level-triggered, implies nbio=1),\n" \ + " read_timeout=%%d default: 0 ms (no timeout)\n" \ " max_resend=%%d default: 0 (no resend on timeout)\n" \ "\n" \ USAGE_DTLS \ "\n" \ - " auth_mode=%%s default: (library default: none)\n" \ + " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ USAGE_IO \ "\n" \ USAGE_PSK \ USAGE_ECJPAKE \ "\n" \ - " allow_legacy=%%d default: (library default: no)\n" \ + " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ " reconnect=%%d default: 0 (disabled)\n" \ @@ -299,7 +302,8 @@ struct options const char *server_port; /* port on which the ssl service runs */ int debug_level; /* level of debugging */ int nbio; /* should I/O be blocking? */ - uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ + int event; /* loop or event-driven IO? level or edge triggered? */ + uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ int max_resend; /* DTLS times to resend on read timeout */ const char *request_page; /* page on server to request */ int request_size; /* pad request with header to requested size */ @@ -433,6 +437,78 @@ static int ssl_sig_hashes_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ +/* + * Wait for an event from the underlying transport or the timer + * (Used in event-driven IO mode). + */ +#if !defined(MBEDTLS_TIMING_C) +void idle( mbedtls_ssl_context *ssl, + mbedtls_net_context *fd, + int idle_reason ) +{ +#else +void idle( mbedtls_ssl_context *ssl, + mbedtls_net_context *fd, + mbedtls_timing_delay_context *timer, + int idle_reason ) +{ +#if defined(MBEDTLS_DEBUG_C) + struct mbedtls_timing_hr_time tm; + unsigned long time_elapsed; +#endif +#endif + + int poll_type = 0; + + if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) + poll_type = MBEDTLS_NET_POLL_WRITE; + else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ ) + poll_type = MBEDTLS_NET_POLL_READ; +#if !defined(MBEDTLS_TIMING_C) + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: No reason for idling given" ) ); + return; + } +#endif + + /* One should not idle on the underlying transport + * if data is still pending to be processed. */ + if( mbedtls_ssl_check_pending( ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, " + "but idling requested!" ) ); + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); + +#if defined(MBEDTLS_TIMING_C) && defined(MBEDTLS_DEBUG_C) + mbedtls_timing_get_timer( &tm, 1 /* restart */ ); +#endif + + while( 1 ) + { +#if defined(MBEDTLS_TIMING_C) +#if defined(MBEDTLS_DEBUG_C) + time_elapsed = mbedtls_timing_get_timer( &tm, 0 ); +#endif + if( mbedtls_timing_get_delay( timer ) == 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] timer expired - continue", + time_elapsed ) ); + break; + } +#endif + + if( poll_type != 0 && + mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - " + "continue", time_elapsed ) ); + break; + } + } +} + int main( int argc, char *argv[] ) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -516,6 +592,7 @@ int main( int argc, char *argv[] ) opt.server_port = DFL_SERVER_PORT; opt.debug_level = DFL_DEBUG_LEVEL; opt.nbio = DFL_NBIO; + opt.event = DFL_EVENT; opt.read_timeout = DFL_READ_TIMEOUT; opt.max_resend = DFL_MAX_RESEND; opt.request_page = DFL_REQUEST_PAGE; @@ -589,6 +666,12 @@ int main( int argc, char *argv[] ) if( opt.nbio < 0 || opt.nbio > 2 ) goto usage; } + else if( strcmp( p, "event" ) == 0 ) + { + opt.event = atoi( q ); + if( opt.event < 0 || opt.event > 2 ) + goto usage; + } else if( strcmp( p, "read_timeout" ) == 0 ) opt.read_timeout = atoi( q ); else if( strcmp( p, "max_resend" ) == 0 ) @@ -858,6 +941,16 @@ int main( int argc, char *argv[] ) goto usage; } + /* Event-driven IO is incompatible with the above custom + * receive and send functions, as the polling builds on + * refers to the underlying net_context. */ + if( opt.event == 1 && opt.nbio != 1 ) + { + mbedtls_printf( "Warning: event-driven IO mandates nbio=1" + " - overwrite\n" ); + opt.nbio = 1; + } + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif @@ -1092,7 +1185,8 @@ int main( int argc, char *argv[] ) #endif if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1115,7 +1209,8 @@ int main( int argc, char *argv[] ) else #endif #if defined(MBEDTLS_CERTS_C) - ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, + ret = mbedtls_x509_crt_parse( &clicert, + (const unsigned char *) mbedtls_test_cli_crt, mbedtls_test_cli_crt_len ); #else { @@ -1125,7 +1220,8 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1138,7 +1234,8 @@ int main( int argc, char *argv[] ) else #endif #if defined(MBEDTLS_CERTS_C) - ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, + ret = mbedtls_pk_parse_key( &pkey, + (const unsigned char *) mbedtls_test_cli_key, mbedtls_test_cli_key_len, NULL, 0 ); #else { @@ -1148,7 +1245,8 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_key " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1166,11 +1264,13 @@ int main( int argc, char *argv[] ) opt.server_addr, opt.server_port ); fflush( stdout ); - if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) + if( ( ret = mbedtls_net_connect( &server_fd, + opt.server_addr, opt.server_port, + opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? + MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_net_connect " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1180,7 +1280,8 @@ int main( int argc, char *argv[] ) ret = mbedtls_net_set_block( &server_fd ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! net_set_(non)block() " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1197,7 +1298,8 @@ int main( int argc, char *argv[] ) opt.transport, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1220,13 +1322,15 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) - mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max ); + mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, + opt.hs_to_max ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len " + "returned %d\n\n", ret ); goto exit; } #endif @@ -1249,8 +1353,8 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) if( opt.recsplit != DFL_RECSPLIT ) mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit - ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED - : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); + ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED + : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); #endif #if defined(MBEDTLS_DHM_C) @@ -1262,7 +1366,8 @@ int main( int argc, char *argv[] ) if( opt.alpn_string != NULL ) if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols " + "returned %d\n\n", ret ); goto exit; } #endif @@ -1301,7 +1406,8 @@ int main( int argc, char *argv[] ) { if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert " + "returned %d\n\n", ret ); goto exit; } } @@ -1320,16 +1426,19 @@ int main( int argc, char *argv[] ) (const unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk " + "returned %d\n\n", ret ); goto exit; } #endif if( opt.min_version != DFL_MIN_VERSION ) - mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); + mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, + opt.min_version ); if( opt.max_version != DFL_MAX_VERSION ) - mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); + mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, + opt.max_version ); #if defined(MBEDTLS_SSL_FALLBACK_SCSV) if( opt.fallback != DFL_FALLBACK ) @@ -1338,14 +1447,16 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup " + "returned -0x%x\n\n", -ret ); goto exit; } #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname " + "returned %d\n\n", ret ); goto exit; } #endif @@ -1357,7 +1468,8 @@ int main( int argc, char *argv[] ) (const unsigned char *) opt.ecjpake_pw, strlen( opt.ecjpake_pw ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password " + "returned %d\n\n", ret ); goto exit; } } @@ -1366,7 +1478,8 @@ int main( int argc, char *argv[] ) if( opt.nbio == 2 ) mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL ); else - mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, + mbedtls_ssl_set_bio( &ssl, &server_fd, + mbedtls_net_send, mbedtls_net_recv, opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); #if defined(MBEDTLS_TIMING_C) @@ -1384,9 +1497,11 @@ int main( int argc, char *argv[] ) while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { - if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake " + "returned -0x%x\n", -ret ); if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) mbedtls_printf( " Unable to verify the server's certificate. " @@ -1398,10 +1513,21 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n" ); goto exit; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } } mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n", - mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) ); + mbedtls_ssl_get_version( &ssl ), + mbedtls_ssl_get_ciphersuite( &ssl ) ); if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 ) mbedtls_printf( " [ Record expansion is %d ]\n", ret ); @@ -1429,7 +1555,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_get_session " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1448,7 +1575,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " failed\n" ); - mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); + mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), + " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); } @@ -1478,9 +1606,21 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate " + "returned %d\n\n", ret ); goto exit; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } + } mbedtls_printf( " ok\n" ); } @@ -1524,27 +1664,54 @@ send_request: { for( written = 0, frags = 0; written < len; written += ret, frags++ ) { - while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) ) - <= 0 ) + while( ( ret = mbedtls_ssl_write( &ssl, buf + written, + len - written ) ) <= 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_write " + "returned -0x%x\n\n", -ret ); goto exit; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } } } } else /* Not stream, so datagram */ { - do ret = mbedtls_ssl_write( &ssl, buf, len ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( 1 ) + { + ret = mbedtls_ssl_write( &ssl, buf, len ); + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } + } if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_write " + "returned %d\n\n", ret ); goto exit; } @@ -1553,7 +1720,8 @@ send_request: } buf[written] = '\0'; - mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf ); + mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", + written, frags, (char *) buf ); /* * 7. Read the HTTP response @@ -1574,7 +1742,18 @@ send_request: if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) + { + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } continue; + } if( ret <= 0 ) { @@ -1616,9 +1795,24 @@ send_request: len = sizeof( buf ) - 1; memset( buf, 0, sizeof( buf ) ); - do ret = mbedtls_ssl_read( &ssl, buf, len ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( 1 ) + { + ret = mbedtls_ssl_read( &ssl, buf, len ); + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } + } if( ret <= 0 ) { @@ -1671,6 +1865,16 @@ send_request: mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); goto exit; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } } mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a25886824..b317bcca3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -101,6 +101,7 @@ int main( void ) #define DFL_SERVER_PORT "4433" #define DFL_DEBUG_LEVEL 0 #define DFL_NBIO 0 +#define DFL_EVENT 0 #define DFL_READ_TIMEOUT 0 #define DFL_CA_FILE "" #define DFL_CA_PATH "" @@ -331,6 +332,8 @@ int main( void ) " debug_level=%%d default: 0 (disabled)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ " options: 1 (non-blocking), 2 (added delays)\n" \ + " event=%%d default: 0 (loop)\n" \ + " options: 1 (level-triggered, implies nbio=1),\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \ "\n" \ USAGE_DTLS \ @@ -399,6 +402,7 @@ struct options const char *server_port; /* port on which the ssl service runs */ int debug_level; /* level of debugging */ int nbio; /* should I/O be blocking? */ + int event; /* loop or event-driven IO? level or edge triggered? */ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ const char *ca_file; /* the file with the CA certificate(s) */ const char *ca_path; /* the path with the CA certificate(s) reside */ @@ -837,6 +841,78 @@ static int ssl_sig_hashes_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ +/* + * Wait for an event from the underlying transport or the timer + * (Used in event-driven IO mode). + */ +#if !defined(MBEDTLS_TIMING_C) +void idle( mbedtls_ssl_context *ssl, + mbedtls_net_context *fd, + int idle_reason ) +{ +#else +void idle( mbedtls_ssl_context *ssl, + mbedtls_net_context *fd, + mbedtls_timing_delay_context *timer, + int idle_reason ) +{ +#if defined(MBEDTLS_DEBUG_C) + struct mbedtls_timing_hr_time tm; + unsigned long time_elapsed; +#endif +#endif + + int poll_type = 0; + + if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) + poll_type = MBEDTLS_NET_POLL_WRITE; + else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ ) + poll_type = MBEDTLS_NET_POLL_READ; +#if !defined(MBEDTLS_TIMING_C) + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: No reason for idling given" ) ); + return; + } +#endif + + /* One should not idle on the underlying transport + * if data is still pending to be processed. */ + if( mbedtls_ssl_check_pending( ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, " + "but idling requested!" ) ); + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); + +#if defined(MBEDTLS_TIMING_C) && defined(MBEDTLS_DEBUG_C) + mbedtls_timing_get_timer( &tm, 1 /* restart */ ); +#endif + + while( 1 ) + { +#if defined(MBEDTLS_TIMING_C) +#if defined(MBEDTLS_DEBUG_C) + time_elapsed = mbedtls_timing_get_timer( &tm, 0 ); +#endif + if( mbedtls_timing_get_delay( timer ) == 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] timer expired - continue", + time_elapsed ) ); + break; + } +#endif + + if( poll_type != 0 && + mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - " + "continue", time_elapsed ) ); + break; + } + } +} + int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; @@ -969,6 +1045,7 @@ int main( int argc, char *argv[] ) opt.server_addr = DFL_SERVER_ADDR; opt.server_port = DFL_SERVER_PORT; opt.debug_level = DFL_DEBUG_LEVEL; + opt.event = DFL_EVENT; opt.nbio = DFL_NBIO; opt.read_timeout = DFL_READ_TIMEOUT; opt.ca_file = DFL_CA_FILE; @@ -1047,6 +1124,12 @@ int main( int argc, char *argv[] ) if( opt.nbio < 0 || opt.nbio > 2 ) goto usage; } + else if( strcmp( p, "event" ) == 0 ) + { + opt.event = atoi( q ); + if( opt.event < 0 || opt.event > 2 ) + goto usage; + } else if( strcmp( p, "read_timeout" ) == 0 ) opt.read_timeout = atoi( q ); else if( strcmp( p, "ca_file" ) == 0 ) @@ -1328,6 +1411,16 @@ int main( int argc, char *argv[] ) goto usage; } + /* Event-driven IO is incompatible with the above custom + * receive and send functions, as the polling builds on + * refers to the underlying net_context. */ + if( opt.event == 1 && opt.nbio != 1 ) + { + mbedtls_printf( "Warning: event-driven IO mandates nbio=1" + " - overwrite\n" ); + opt.nbio = 1; + } + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif @@ -2113,9 +2206,22 @@ handshake: mbedtls_printf( " . Performing the SSL/TLS handshake..." ); fflush( stdout ); - do ret = mbedtls_ssl_handshake( &ssl ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) + { + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } + } if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { @@ -2221,7 +2327,18 @@ data_exchange: if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) + { + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } + continue; + } if( ret <= 0 ) { @@ -2309,9 +2426,24 @@ data_exchange: len = sizeof( buf ) - 1; memset( buf, 0, sizeof( buf ) ); - do ret = mbedtls_ssl_read( &ssl, buf, len ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( 1 ) + { + ret = mbedtls_ssl_read( &ssl, buf, len ); + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } + } if( ret <= 0 ) { @@ -2352,6 +2484,16 @@ data_exchange: mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret ); goto reset; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } } mbedtls_printf( " ok\n" ); @@ -2386,14 +2528,39 @@ data_exchange: mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); goto reset; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } } } } else /* Not stream, so datagram */ { - do ret = mbedtls_ssl_write( &ssl, buf, len ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( 1 ) + { + ret = mbedtls_ssl_write( &ssl, buf, len ); + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } + } if( ret < 0 ) { From 8b170a0a0b3b1f2b0cf27e572c0125ab3123e04d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 11:51:19 +0100 Subject: [PATCH 187/504] Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport. --- include/mbedtls/ssl.h | 47 +++++++++++++++++++++++++++++++-- library/ssl_tls.c | 61 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc0007006..8b82eff8f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2235,11 +2235,54 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** - * \brief Return the number of data bytes available to read + * \brief Check if there is data already read from the + * underlying transport but not yet processed. * * \param ssl SSL context * - * \return how many bytes are available in the read buffer + * \return 0 if nothing's pending, 1 otherwise. + * + * \note This function is essential when using the library + * with event-driven I/O. The user should not idle + * (waiting for events from the underlying transport + * or from timers) before this function's check passes. + * Otherwise, it's possible to run into a deadlock + * (if processing the pending data involves essential + * communication with the peer) or to accumulate and + * potentially lose data. + * + * \note This is different in purpose and behaviour from + * \c mbedtls_ssl_get_bytes_avail in that it considers + * any kind of unprocessed data, not only unread + * application data. If \c mbedtls_ssl_get_bytes + * returns a non-zero value, this function will + * also signal pending data, but the converse does + * not hold. For example, in DTLS there might be + * further records waiting to be processed from + * the current underlying transport's datagram. + * + * \note If this function returns 0 (data pending), this + * does not imply that a subsequent call to + * \c mbedtls_ssl_read will provide any data; + * e.g., the unprocessed data might turn out + * to be an alert or a handshake message. + */ +int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); + +/** + * \brief Return the number of application data bytes + * remaining to be read from the current record. + * + * \param ssl SSL context + * + * \return How many bytes are available in the application + * data record read buffer. + * + * \note When working over a datagram transport, this is + * useful to detect the current datagram's boundary + * in case \c mbedtls_ssl_read has written the maximal + * amount of data fitting into the input buffer. + * */ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 759dca013..7e8476cc6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6392,6 +6392,67 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); } +int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) +{ + /* + * Case A: We're currently holding back + * a message for further processing. + */ + + if( ssl->keep_current_message == 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record " + "held back for processing" ) ); + return( 1 ); + } + + /* + * Case B: Further records are pending in the current datagram. + */ + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->in_left > ssl->next_record_offset ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records " + "within current datagram" ) ); + return( 1 ); + } +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + + /* + * Case C: A handshake message is being processed. + */ + + /* TODO This needs correction in the same way as + * read_record_layer, see IOTSSL-1414 */ + if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake " + "messages within current record" ) ); + return( 1 ); + } + + /* + * Case D: An application data message is being processed + */ + if( ssl->in_offt != NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data " + "record is being processed" ) ); + return( 1 ); + } + + /* + * In all other cases, the rest of the message can be dropped. + * As in ssl_read_record_layer, this needs to be adapted if + * we implement support for multiple alerts in single records. + */ + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) ); + return( 0 ); +} + uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) { if( ssl->session != NULL ) From cadb5bbe3c332ee460e9a0f60e563cb1cf01d48d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 May 2017 13:56:10 +0100 Subject: [PATCH 188/504] Add slight delay before killing server in ssl-opt.sh for log output It seems that tests from ssl-opt.sh are sometimes failing because the server is killed before its output has been finalized. This commit adds a small delay in ssl-opt.sh before killing the server to prevent that. --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7f5510cce..821df212c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -443,6 +443,8 @@ run_test() { eval "$CLI_CMD" >> $CLI_OUT 2>&1 & wait_client_done + sleep 0.05 + # terminate the server (and the proxy) kill $SRV_PID wait $SRV_PID From d82d84664af1da94aef06febf860418f82f97358 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 29 May 2017 21:37:46 +0100 Subject: [PATCH 189/504] ssl-opt.sh: Kill server via KILL signal if TERM doesn't succeed --- tests/ssl-opt.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 821df212c..fbb689a0b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -447,10 +447,19 @@ run_test() { # terminate the server (and the proxy) kill $SRV_PID - wait $SRV_PID + sleep 0.01 + if kill -0 $SRV_PID >/dev/null 2>&1; then + kill -KILL $SRV_PID + wait $SRV_PID + fi + if [ -n "$PXY_CMD" ]; then kill $PXY_PID >/dev/null 2>&1 - wait $PXY_PID + sleep 0.01 + if kill -0 $PXY_PID >/dev/null 2>&1; then + kill -KILL $pXY_PID + wait $PXY_PID + fi fi # retry only on timeouts From 52c6dc64c675d24b1be65e06d43dd67dc111e762 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 May 2017 16:07:36 +0100 Subject: [PATCH 190/504] Correct length check for DTLS records from old epochs. DTLS records from previous epochs were incorrectly checked against the current epoch transform's minimal content length, leading to the rejection of entire datagrams. This commit fixed that and adapts two test cases accordingly. Internal reference: IOTSSL-1417 --- library/ssl_tls.c | 143 ++++++++++++++++++++++++---------------------- tests/ssl-opt.sh | 10 ++-- 2 files changed, 79 insertions(+), 74 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7e8476cc6..c6aac473c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3522,81 +3522,23 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - /* Check length against bounds of the current transform and version */ - if( ssl->transform_in == NULL ) - { - if( ssl->in_msglen < 1 || - ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } - } - else - { - if( ssl->in_msglen < ssl->transform_in->minlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } - -#if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && - ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * TLS encrypted messages can have up to 256 bytes of padding - */ - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && - ssl->in_msglen > ssl->transform_in->minlen + - MBEDTLS_SSL_MAX_CONTENT_LEN + 256 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } -#endif - } - /* - * DTLS-related tests done last, because most of them may result in - * silently dropping the record (but not the whole datagram), and we only - * want to consider that after ensuring that the "basic" fields (type, - * version, length) are sane. + * DTLS-related tests. + * Check epoch before checking length constraint because + * the latter varies with the epoch. E.g., if a ChangeCipherSpec + * message gets duplicated before the corresponding Finished message, + * the second ChangeCipherSpec should be discarded because it belongs + * to an old epoch, but not because its length is shorter than + * the minimum record length for packets using the new record transform. + * Note that these two kinds of failures are handled differently, + * as an unexpected record is silently skipped but an invalid + * record leads to the entire datagram being dropped. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; - /* Drop unexpected ChangeCipherSpec messages */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && - ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && - ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); - } - - /* Drop unexpected ApplicationData records, - * except at the beginning of renegotiations */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && - ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->state == MBEDTLS_SSL_SERVER_HELLO ) -#endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); - } - /* Check epoch (and sequence number) with DTLS */ if( rec_epoch != ssl->in_epoch ) { @@ -3636,9 +3578,74 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); } #endif + + /* Drop unexpected ChangeCipherSpec messages */ + if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && + ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && + ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + } + + /* Drop unexpected ApplicationData records, + * except at the beginning of renegotiations */ + if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && + ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER +#if defined(MBEDTLS_SSL_RENEGOTIATION) + && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->state == MBEDTLS_SSL_SERVER_HELLO ) +#endif + ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ + + /* Check length against bounds of the current transform and version */ + if( ssl->transform_in == NULL ) + { + if( ssl->in_msglen < 1 || + ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + } + else + { + if( ssl->in_msglen < ssl->transform_in->minlen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && + ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) + /* + * TLS encrypted messages can have up to 256 bytes of padding + */ + if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && + ssl->in_msglen > ssl->transform_in->minlen + + MBEDTLS_SSL_MAX_CONTENT_LEN + 256 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } +#endif + } + return( 0 ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fbb689a0b..57d5e6053 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3702,8 +3702,8 @@ run_test "DTLS proxy: duplicate every packet" \ 0 \ -c "replayed record" \ -s "replayed record" \ - -c "discarding invalid record" \ - -s "discarding invalid record" \ + -c "record from another epoch" \ + -s "record from another epoch" \ -S "resend" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -3715,8 +3715,8 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ 0 \ -c "replayed record" \ -S "replayed record" \ - -c "discarding invalid record" \ - -s "discarding invalid record" \ + -c "record from another epoch" \ + -s "record from another epoch" \ -c "resend" \ -s "resend" \ -s "Extra-header:" \ @@ -3777,8 +3777,6 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ 0 \ -c "record from another epoch" \ -s "record from another epoch" \ - -c "discarding invalid record" \ - -s "discarding invalid record" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" From 4cb1f4d49cff999d0c853bc696ad7eea68888c35 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 15:59:57 +0100 Subject: [PATCH 191/504] Style corrections --- library/ssl_srv.c | 8 ++-- programs/ssl/ssl_client2.c | 94 ++++++++++++++++++++++++-------------- programs/ssl/ssl_server2.c | 41 +++++++++++------ 3 files changed, 90 insertions(+), 53 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce..be961af71 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -785,7 +785,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, const mbedtls_ssl_ciphersuite_t *suite_info; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) + defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) mbedtls_pk_type_t sig_type; #endif @@ -2955,7 +2955,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) dig_signed = p; dig_signed_len = len; #endif @@ -3044,7 +3044,7 @@ curve_matching_done: /* * 3.1: Choose hash algorithm: - * A: For TLS 1.2, obey signature-hash-algorithm extension + * A: For TLS 1.2, obey signature-hash-algorithm extension * to choose appropriate hash. * B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1 * (RFC 4492, Sec. 5.4) @@ -3065,7 +3065,7 @@ curve_matching_done: sig_alg ) ) == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - /* (... because we choose a cipher suite + /* (... because we choose a cipher suite * only if there is a matching hash.) */ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e82adaa7b..5b82693ff 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -354,7 +354,8 @@ static void my_debug( void *ctx, int level, if( *p == '/' || *p == '\\' ) basename = p + 1; - mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str ); + mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", + basename, line, level, str ); fflush( (FILE *) ctx ); } @@ -400,7 +401,8 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len ) /* * Enabled if debug_level > 1 in code below */ -static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags ) +static int my_verify( void *data, mbedtls_x509_crt *crt, + int depth, uint32_t *flags ) { char buf[1024]; ((void) data); @@ -685,7 +687,8 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "request_size" ) == 0 ) { opt.request_size = atoi( q ); - if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + if( opt.request_size < 0 || + opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) goto usage; } else if( strcmp( p, "ca_file" ) == 0 ) @@ -715,16 +718,23 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "renegotiation" ) == 0 ) { - opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : - MBEDTLS_SSL_RENEGOTIATION_DISABLED; + opt.renegotiation = (atoi( q )) ? + MBEDTLS_SSL_RENEGOTIATION_ENABLED : + MBEDTLS_SSL_RENEGOTIATION_DISABLED; } else if( strcmp( p, "allow_legacy" ) == 0 ) { switch( atoi( q ) ) { - case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break; - case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break; - case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break; + case -1: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; + break; + case 0: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; + break; + case 1: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; + break; default: goto usage; } } @@ -781,8 +791,12 @@ int main( int argc, char *argv[] ) { switch( atoi( q ) ) { - case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break; - case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break; + case 0: + opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; + break; + case 1: + opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; + break; default: goto usage; } } @@ -958,19 +972,20 @@ int main( int argc, char *argv[] ) if( opt.force_ciphersuite[0] > 0 ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); + ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); if( opt.max_version != -1 && ciphersuite_info->min_minor_ver > opt.max_version ) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); + mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } if( opt.min_version != -1 && ciphersuite_info->max_minor_ver < opt.min_version ) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); + mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } @@ -996,7 +1011,7 @@ int main( int argc, char *argv[] ) { if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED ) { - mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n"); + mbedtls_printf( "forced RC4 ciphersuite with RC4 disabled\n" ); ret = 2; goto usage; } @@ -1016,7 +1031,7 @@ int main( int argc, char *argv[] ) if( strlen( opt.psk ) % 2 != 0 ) { - mbedtls_printf("pre-shared key not valid hex\n"); + mbedtls_printf( "pre-shared key not valid hex\n" ); goto exit; } @@ -1033,7 +1048,7 @@ int main( int argc, char *argv[] ) c -= 'A' - 10; else { - mbedtls_printf("pre-shared key not valid hex\n"); + mbedtls_printf( "pre-shared key not valid hex\n" ); goto exit; } psk[ j / 2 ] = c << 4; @@ -1047,7 +1062,7 @@ int main( int argc, char *argv[] ) c -= 'A' - 10; else { - mbedtls_printf("pre-shared key not valid hex\n"); + mbedtls_printf( "pre-shared key not valid hex\n" ); goto exit; } psk[ j / 2 ] |= c; @@ -1138,11 +1153,12 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); goto exit; } @@ -1180,13 +1196,13 @@ int main( int argc, char *argv[] ) #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); + mbedtls_printf( "MBEDTLS_CERTS_C not defined." ); } #endif if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", + -ret ); goto exit; } @@ -1771,7 +1787,8 @@ send_request: goto reconnect; default: - mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); + mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", + -ret ); goto exit; } } @@ -1853,7 +1870,8 @@ send_request: if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", + -ret ); goto exit; } @@ -1862,7 +1880,8 @@ send_request: if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", + -ret ); goto exit; } @@ -1921,21 +1940,25 @@ reconnect: if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", + -ret ); goto exit; } if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", + ret ); goto exit; } - if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) + if( ( ret = mbedtls_net_connect( &server_fd, + opt.server_addr, opt.server_port, + opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? + MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", + -ret ); goto exit; } @@ -1946,7 +1969,7 @@ reconnect: if( ret != 0 ) { mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", - -ret ); + -ret ); goto exit; } @@ -1955,7 +1978,8 @@ reconnect: if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", + -ret ); goto exit; } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b317bcca3..d16c53419 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1171,16 +1171,23 @@ int main( int argc, char *argv[] ) opt.version_suites = q; else if( strcmp( p, "renegotiation" ) == 0 ) { - opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : - MBEDTLS_SSL_RENEGOTIATION_DISABLED; + opt.renegotiation = (atoi( q )) ? + MBEDTLS_SSL_RENEGOTIATION_ENABLED : + MBEDTLS_SSL_RENEGOTIATION_DISABLED; } else if( strcmp( p, "allow_legacy" ) == 0 ) { switch( atoi( q ) ) { - case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break; - case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break; - case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break; + case -1: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; + break; + case 0: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; + break; + case 1: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; + break; default: goto usage; } } @@ -1337,8 +1344,12 @@ int main( int argc, char *argv[] ) { switch( atoi( q ) ) { - case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break; - case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break; + case 0: + opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; + break; + case 1: + opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; + break; default: goto usage; } } @@ -1428,19 +1439,20 @@ int main( int argc, char *argv[] ) if( opt.force_ciphersuite[0] > 0 ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); + ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); if( opt.max_version != -1 && ciphersuite_info->min_minor_ver > opt.max_version ) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); + mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } if( opt.min_version != -1 && ciphersuite_info->max_minor_ver < opt.min_version ) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); + mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } @@ -1619,11 +1631,12 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); goto exit; } From 8ec8102c9a6356b420aebf5074d042902b060a2c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 10:35:08 +0100 Subject: [PATCH 192/504] Split WANT_READ in two error codes This commit restricts WANT_READ to indicate that no data is available on the underlying transport. To signal the need for further processing - which was previously also handled through this error code - a new internal error code MBEDTLS_ERR_SSL_CONTINUE_PROCESSING is introduced. --- include/mbedtls/ssl.h | 63 ++++++++++++++++++++++++++++++++++--------- library/error.c | 4 ++- 2 files changed, 53 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8b82eff8f..e811bb907 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -102,13 +102,14 @@ #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */ #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */ #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */ -#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */ +#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */ #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */ #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */ #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ +#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */ /* * Various constants @@ -2397,6 +2398,19 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or * a specific SSL error code. * + * If MBEDTLS_ERR_SSL_WANT_READ is returned, the handshake is + * unfinished and no further data is available from the underlying + * transport. In this case, the function needs to be called again + * at some later stage. + * + * \note Remarks regarding event-driven DTLS: + * If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram + * from the underlying transport layer is currently being processed, + * and it is safe to idle until the timer or the underlying transport + * signal a new event. This is not true for a successful handshake, + * in which case the currently processed underlying transport's datagram + * might or might not contain further DTLS records. + * * \note If this function returns something other than 0 or * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context * becomes unusable, and you should either free it or call @@ -2460,20 +2474,20 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * \param buf buffer that will hold the data * \param len maximum number of bytes to read * - * \return the number of bytes read, or - * 0 for EOF, or - * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or - * MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or - * another negative error code. + * \return One of the following: + * - 0 for EOF, or + * - the (positive) number of bytes read, or + * - a negative error code on failure. * - * \note If this function returns something other than a positive - * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or - * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data + * is available from the underlying transport. In this case, + * the function needs to be called again at some later stage. * - * \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT + * If MBEDTLS_ERR_SSL_WANT_WRITE is returned, a write is pending + * but the underlying transport isn't available for writing. In this + * case, the function needs to be called again at some later stage. + * + * When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT * (which can only happen server-side), it means that a client * is initiating a new connection using the same source port. * You can either treat that as a connection close and wait @@ -2486,6 +2500,29 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * again. WARNING: not validating the identity of the client * again, or not transmitting the new identity to the * application layer, would allow authentication bypass! + * + * If this function returns something other than a positive + * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or + * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context + * becomes unusable, and you should either free it or call + * \c mbedtls_ssl_session_reset() on it before re-using it for + * a new connection; the current connection must be closed. + * + * \note Remarks regarding event-driven DTLS: + * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram + * from the underlying transport layer is currently being processed, + * and it is safe to idle until the timer or the underlying transport + * signal a new event. + * - If the function returns MBEDTLS_ERR_SSL_WANT_READ this does not mean + * that no data was available from the underlying transport in the first place, + * as there might have been delayed or duplicated messages, or a renegotiation + * request from the peer. Therefore, the user must be prepared to receive + * MBEDTLS_ERR_SSL_WANT_READ even when reacting to an incoming-data event + * from the underlying transport. + * - On success, the currently processed underlying transport's datagram + * might or might not contain further DTLS records, and the user should + * consult \c mbedtls_ssl_check_pending in that regard. + * */ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); diff --git a/library/error.c b/library/error.c index 8977cc4e5..c42642467 100644 --- a/library/error.c +++ b/library/error.c @@ -426,7 +426,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) ) mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) ) - mbedtls_snprintf( buf, buflen, "SSL - Connection requires a read call" ); + mbedtls_snprintf( buf, buflen, "SSL - No data of requested type currently available on underlying transport" ); if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) ) mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" ); if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) ) @@ -439,6 +439,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" ); if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) ) mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); + if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) ) + mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signalling that further message-processing should be done" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) From 90333dab855c8f5f5fa02149e23b95183253650e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 11:27:13 +0100 Subject: [PATCH 193/504] Replace wrong usage of WANT_READ by CONTINUE_PROCESSING --- library/ssl_srv.c | 8 ++++-- library/ssl_tls.c | 67 +++++++++++++++++++++++++++-------------------- 2 files changed, 44 insertions(+), 31 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index be961af71..c52aa4737 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3790,7 +3790,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) /* Read the message without adding it to the checksum */ do { - if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) + do ret = mbedtls_ssl_read_record_layer( ssl ); + while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); + + if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); return( ret ); @@ -3798,7 +3801,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_handle_message_type( ssl ); - } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); + } while( MBEDTLS_ERR_SSL_NON_FATAL == ret || + MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret ); if( 0 != ret ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c6aac473c..e2df82242 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3020,7 +3020,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) if( ssl_bitmask_check( bitmask, msg_len ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) ); - return( MBEDTLS_ERR_SSL_WANT_READ ); + return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); } MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) ); @@ -3126,7 +3126,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) ssl->handshake->in_msg_seq ) ); } - return( MBEDTLS_ERR_SSL_WANT_READ ); + return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); } /* Wait until message completion to increment in_msg_seq */ @@ -3734,7 +3734,10 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) { do { - if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) + do ret = mbedtls_ssl_read_record_layer( ssl ); + while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); + + if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); return( ret ); @@ -3742,7 +3745,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_handle_message_type( ssl ); - } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); + } while( MBEDTLS_ERR_SSL_NON_FATAL == ret || + MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret ); if( 0 != ret ) { @@ -3872,12 +3876,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) return( 0 ); } - /* Need to fetch a new record */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -read_record_header: -#endif - /* Current record either fully processed or to be discarded. */ if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) @@ -3912,7 +3910,7 @@ read_record_header: } /* Get next record */ - goto read_record_header; + return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); } #endif return( ret ); @@ -3984,7 +3982,7 @@ read_record_header: ssl->in_left = 0; MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); - goto read_record_header; + return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); } return( ret ); @@ -4089,7 +4087,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) ); /* Will be handled when trying to parse ServerHello */ return( 0 ); } @@ -6868,25 +6866,16 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } /* - * TODO - * - * The logic should be streamlined here: - * - * Instead of - * + * The logic could be streamlined here. Instead of * - Manually checking whether ssl->in_offt is NULL * - Fetching a new record if yes * - Setting ssl->in_offt if one finds an application record * - Resetting keep_current_message after handling the application data - * * one should - * * - Adapt read_record to set ssl->in_offt automatically * when a new application data record is processed. * - Always call mbedtls_ssl_read_record here. - * * This way, the logic of ssl_read would be much clearer: - * * (1) Always call record layer and see what kind of record is on * and have it ready for consumption (in particular, in_offt * properly set for application data records). @@ -6896,13 +6885,11 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * (3) If it's something different from application data, * handle it accordingly, e.g. potentially start a * renegotiation. - * * This will also remove the need to manually reset * ssl->keep_current_message = 0 below. - * */ - if( ssl->in_offt == NULL ) + while( ssl->in_offt == NULL ) { /* Start timer if not already running */ if( ssl->f_get_timer != NULL && @@ -6957,7 +6944,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* With DTLS, drop the packet (probably from last handshake) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + { + continue; + } #endif return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -6972,7 +6961,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* With DTLS, drop the packet (probably from last handshake) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + { + continue; + } #endif return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -7044,7 +7035,25 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } } - return( MBEDTLS_ERR_SSL_WANT_READ ); + /* At this point, we don't know whether the renegotiation has been + * completed or not. The cases to consider are the following: + * 1) The renegotiation is complete. In this case, no new record + * has been read yet. + * 2) The renegotiation is incomplete because the client received + * an application data record while awaiting the ServerHello. + * 3) The renegotiation is incomplete because the client received + * a non-handshake, non-application data message while awaiting + * the ServerHello. + * In each of these case, looping will be the proper action: + * - For 1), the next iteration will read a new record and check + * if it's application data. + * - For 2), the loop condition isn't satisfied as application data + * is present, hence continue is the same as break + * - For 3), the loop condition is satisfied and read_record + * will re-deliver the message that was held back by the client + * when expecting the ServerHello. + */ + continue; } else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { From c76c619dd08eba3210caa6d13a8cca43e3a697fa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 6 Jun 2017 10:03:17 +0100 Subject: [PATCH 194/504] Reconcile resending of previous flights This commit reconciles the code path responsible for resending the final DTLS handshake flight with the path for handling resending of the other flights. --- library/ssl_tls.c | 55 +++++++++++------------------------------------ 1 file changed, 13 insertions(+), 42 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e2df82242..83d3c9698 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3097,9 +3097,11 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) int ret; unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; - /* ssl->handshake is NULL when receiving ClientHello for renego */ if( ssl->handshake != NULL && - recv_msg_seq != ssl->handshake->in_msg_seq ) + ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && + recv_msg_seq != ssl->handshake->in_msg_seq ) || + ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && + ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) { /* Retransmit only on last message from previous flight, to avoid * too many retransmissions. @@ -4003,46 +4005,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) } } - /* - * When we sent the last flight of the handshake, we MUST respond to a - * retransmit of the peer's previous flight with a retransmit. (In - * practice, only the Finished message will make it, other messages - * including CCS use the old transform so they're dropped as invalid.) - * - * If the record we received is not a handshake message, however, it - * means the peer received our last flight so we can clean up - * handshake info. - * - * This check needs to be done before prepare_handshake() due to an edge - * case: if the client immediately requests renegotiation, this - * finishes the current handshake first, avoiding the new ClientHello - * being mistaken for an ancient message in the current handshake. - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL && - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - { - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) ); - - if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); - return( ret ); - } - - return( MBEDTLS_ERR_SSL_WANT_READ ); - } - else - { - ssl_handshake_wrapup_free_hs_transform( ssl ); - } - } -#endif - return( 0 ); } @@ -4109,6 +4071,15 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) return MBEDTLS_ERR_SSL_NON_FATAL; } +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake != NULL && + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + { + ssl_handshake_wrapup_free_hs_transform( ssl ); + } +#endif + return( 0 ); } From 6ea44fabc543867aa76cf9901a0a2aa09ed68561 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 07:46:10 +0100 Subject: [PATCH 195/504] Adapt ChangeLog: API extended by `net_poll` and `check_pending` --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b..50fefacb0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +API changes + * Add function mbedtls_net_poll to public API allowing to wait for a + network context to become ready for reading or writing. + * Add function mbedtls_ssl_check_pending to public API allowing to check + if more data is pending to be processed in the internal message buffers. + This function is necessary to determine when it is safe to idle on the + underlying transport in case event-driven IO is used. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From c53826b459b174bc6be4d6a9f52fc8f528c1494f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 07:46:41 +0100 Subject: [PATCH 196/504] Adapt ChangeLog: Usage restriction for WANT_READ --- ChangeLog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index 50fefacb0..6b0fe3ba5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,15 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Bugfix + * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations + where data needs to be fetched from the underlying transport in order + to make progress. Previously, this error code was also occasionally + returned when unexpected messages were being discarded, ignoring that + further messages could potentially already be pending to be processed + in the internal buffers; these cases lead to deadlocks in case + event-driven I/O was used. Found by Hubert Mis. + API changes * Add function mbedtls_net_poll to public API allowing to wait for a network context to become ready for reading or writing. From da44de60b125b2c9dc8d7b08b7bd7b67935c476f Mon Sep 17 00:00:00 2001 From: Kevin Luty Date: Fri, 13 Oct 2017 13:18:28 -0500 Subject: [PATCH 197/504] Fix for returning correct error code --- programs/pkey/pk_sign.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index daf08a905..5cc190eee 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -100,7 +100,6 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { - ret = 1; mbedtls_printf( " failed\n ! Could not open '%s'\n", argv[1] ); goto exit; } @@ -134,7 +133,6 @@ int main( int argc, char *argv[] ) if( ( f = fopen( filename, "wb+" ) ) == NULL ) { - ret = 1; mbedtls_printf( " failed\n ! Could not create %s\n\n", filename ); goto exit; } From d2da622138a90364438cb1d7ba74b219b3fa3cf7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Oct 2017 21:23:15 +0100 Subject: [PATCH 198/504] Ensure that only .h files are parsed in generate_errors.pl --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 040a48895..96ee1195d 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -46,7 +46,7 @@ close(FORMAT_FILE); $/ = $line_separator; -my @files = <$include_dir/*>; +my @files = <$include_dir/*.h>; my @matches; foreach my $file (@files) { open(FILE, "$file"); From 69944b1e67d63e2c5da0b214a82b04f382995552 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Oct 2017 21:24:56 +0100 Subject: [PATCH 199/504] Make matching more robbust in generate_errors.pl --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 96ee1195d..a07976001 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -50,7 +50,7 @@ my @files = <$include_dir/*.h>; my @matches; foreach my $file (@files) { open(FILE, "$file"); - my @grep_res = grep(/define MBEDTLS_ERR_/, ); + my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, ); push(@matches, @grep_res); close FILE; } From 08eacecc62b182b12d9b64f418ad1575b78f10ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Oct 2017 14:20:24 +0200 Subject: [PATCH 200/504] Fix some style issues and comment typos --- include/mbedtls/x509_crt.h | 2 +- library/x509_crt.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 2b4d3533f..916ff8d9c 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -286,7 +286,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * used to sign the certificate, CRL verification is skipped * silently, that is *without* setting any flag. * - * \note The \c trust_ca list can contain two type of certificates: + * \note The \c trust_ca list can contain two types of certificates: * (1) those of trusted root CAs, so that certificates * chaining up to those CAs will be trusted, and (2) * self-signed end-entity certificates to be trusted (for diff --git a/library/x509_crt.c b/library/x509_crt.c index f586fb452..782a5cabe 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1645,7 +1645,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 /* * Check that the given certificate is not revoked according to the CRL. - * Skip validation is no CRL for the given CA is present. + * Skip validation if no CRL for the given CA is present. */ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, mbedtls_x509_crl *crl_list, @@ -1994,7 +1994,7 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, if( parent == NULL ) parent = badtime_parent; - return parent; + return( parent ); } /* @@ -2016,7 +2016,7 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt ); if( parent != NULL ) - return parent; + return( parent ); /* Look for a parent upwards the chain */ *parent_is_trusted = 0; @@ -2228,7 +2228,7 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt, } else { - for( name = &crt->subject; name != NULL; name = name->next ) + for( name = &crt->subject; name != NULL; name = name->next ) { if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) From 900fba616fe4102575473385205ae7ec7c2eb68f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Oct 2017 14:28:11 +0200 Subject: [PATCH 201/504] Fix check_wildcard() calling convention We shouldn't return a surprising value in case there is no wildcard and then rely on the caller to ensure that this doesn't happen --- library/x509_crt.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 782a5cabe..e8a46da09 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1770,8 +1770,9 @@ static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) size_t i; size_t cn_idx = 0, cn_len = strlen( cn ); + /* We can't have a match if there is no wildcard to match */ if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) - return( 0 ); + return( -1 ); for( i = 0; i < cn_len; ++i ) { @@ -2194,9 +2195,7 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name, } /* try wildcard match */ - if( name->len > 2 && - memcmp( name->p, "*.", 2 ) == 0 && - x509_check_wildcard( cn, name ) == 0 ) + if( x509_check_wildcard( cn, name ) == 0 ) { return( 0 ); } From 08c36635cb9ec160e0b8150ce0fce6437e2ab55e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Oct 2017 14:57:11 +0200 Subject: [PATCH 202/504] Avoid possible miscast of PK key I don't think this can cause a crash as the member accessed is in the beginning of the context, so wouldn't be outside of valid memory if the actual context was RSA. Also, the mismatch will be caught later when checking signature, so the cert chain will be rejected anyway. --- library/x509_crt.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index e8a46da09..8f8f6930c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -208,7 +208,19 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) { - mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; + mbedtls_ecp_group_id gid; + mbedtls_pk_type_t pk_type; + + /* Avoid calling pk_ec() if this is not an EC key */ + pk_type = mbedtls_pk_get_type( pk ); + if( pk_type != MBEDTLS_PK_ECDSA && + pk_type != MBEDTLS_PK_ECKEY && + pk_type != MBEDTLS_PK_ECKEY_DH ) + { + return( -1 ); + } + + gid = mbedtls_pk_ec( *pk )->grp.id; if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) return( 0 ); From ffb1e1ab3da9b235ccf8e28629aa143b6db36f38 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 13:17:42 +0100 Subject: [PATCH 203/504] Documentation improvements --- include/mbedtls/ssl.h | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e811bb907..43ba67cd5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2244,7 +2244,7 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, * \return 0 if nothing's pending, 1 otherwise. * * \note This function is essential when using the library - * with event-driven I/O. The user should not idle + * with event-driven I/O. You should not idle * (waiting for events from the underlying transport * or from timers) before this function's check passes. * Otherwise, it's possible to run into a deadlock @@ -2398,18 +2398,19 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or * a specific SSL error code. * - * If MBEDTLS_ERR_SSL_WANT_READ is returned, the handshake is - * unfinished and no further data is available from the underlying - * transport. In this case, the function needs to be called again - * at some later stage. + * If this function returns MBEDTLS_ERR_SSL_WANT_READ, the + * handshake is unfinished and no further data is available + * from the underlying transport. In this case, you must call + * the function again at some later stage. * * \note Remarks regarding event-driven DTLS: * If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram * from the underlying transport layer is currently being processed, * and it is safe to idle until the timer or the underlying transport * signal a new event. This is not true for a successful handshake, - * in which case the currently processed underlying transport's datagram - * might or might not contain further DTLS records. + * in which case the datagram of the underlying transport that is + * currently being processed might or might not contain further + * DTLS records. * * \note If this function returns something other than 0 or * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context @@ -2475,7 +2476,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * \param len maximum number of bytes to read * * \return One of the following: - * - 0 for EOF, or + * - 0 if the read end of the underlying transport was closed, * - the (positive) number of bytes read, or * - a negative error code on failure. * @@ -2506,22 +2507,21 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context * becomes unusable, and you should either free it or call * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * a new connection. * * \note Remarks regarding event-driven DTLS: * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram * from the underlying transport layer is currently being processed, * and it is safe to idle until the timer or the underlying transport * signal a new event. - * - If the function returns MBEDTLS_ERR_SSL_WANT_READ this does not mean - * that no data was available from the underlying transport in the first place, - * as there might have been delayed or duplicated messages, or a renegotiation - * request from the peer. Therefore, the user must be prepared to receive - * MBEDTLS_ERR_SSL_WANT_READ even when reacting to an incoming-data event - * from the underlying transport. - * - On success, the currently processed underlying transport's datagram - * might or might not contain further DTLS records, and the user should - * consult \c mbedtls_ssl_check_pending in that regard. + * - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was + * initially available on the underlying transport, as this data may have + * been only e.g. duplicated messages or a renegotiation request. + * Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even + * when reacting to an incoming-data event from the underlying transport. + * - On success, the datagram of the underlying transport that is currently + * being processed may contain further DTLS records. You should call + * \c mbedtls_ssl_check_pending to check for remaining records. * */ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); From a6fb089efc6b6b30434f7db5d4c330e204e03896 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 13:17:48 +0100 Subject: [PATCH 204/504] Don't split debug messages --- library/ssl_tls.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 83d3c9698..caa1cd32e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6377,8 +6377,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) if( ssl->keep_current_message == 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record " - "held back for processing" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) ); return( 1 ); } @@ -6390,8 +6389,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ssl->in_left > ssl->next_record_offset ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records " - "within current datagram" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) ); return( 1 ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -6404,8 +6402,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) * read_record_layer, see IOTSSL-1414 */ if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake " - "messages within current record" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) ); return( 1 ); } @@ -6414,8 +6411,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) */ if( ssl->in_offt != NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data " - "record is being processed" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) ); return( 1 ); } From e72489de11067b033a444c13d3b4c305d160cb3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 13:23:50 +0100 Subject: [PATCH 205/504] Remove internal references and use milder wording for some comments --- library/ssl_tls.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index caa1cd32e..80a06fe30 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3790,11 +3790,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) * (2) Alert messages: * Consume whole record content, in_msglen = 0. * - * NOTE: This needs to be fixed, since like for - * handshake messages it is allowed to have - * multiple alerts witin a single record. - * Internal reference IOTSSL-1321. - * * (3) Change cipher spec: * Consume whole record content, in_msglen = 0. * @@ -3822,12 +3817,12 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) */ /* Notes: - * (1) in_hslen is *NOT* necessarily the size of the + * (1) in_hslen is not necessarily the size of the * current handshake content: If DTLS handshake * fragmentation is used, that's the fragment * size instead. Using the total handshake message - * size here is FAULTY and should be changed at - * some point. Internal reference IOTSSL-1414. + * size here is faulty and should be changed at + * some point. * (2) While it doesn't seem to cause problems, one * has to be very careful not to assume that in_hslen * is always <= in_msglen in a sensible communication. @@ -6398,8 +6393,6 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) * Case C: A handshake message is being processed. */ - /* TODO This needs correction in the same way as - * read_record_layer, see IOTSSL-1414 */ if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) ); From e41158ba10b82da1006509edb1f59f2b5cb435a0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 13:30:32 +0100 Subject: [PATCH 206/504] Add comment on the meaning of ssl->in_offt == NULL --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 80a06fe30..a0c19c936 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6849,6 +6849,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * ssl->keep_current_message = 0 below. */ + /* Loop as long as no application data record is available */ while( ssl->in_offt == NULL ) { /* Start timer if not already running */ From 4ac73e78048235902727ed420f04dc2d7f296135 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 15:27:37 +0100 Subject: [PATCH 207/504] Use shell string processing instead of sed in ssl-opt.sh --- tests/ssl-opt.sh | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 57d5e6053..5078c0bcd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -457,7 +457,7 @@ run_test() { kill $PXY_PID >/dev/null 2>&1 sleep 0.01 if kill -0 $PXY_PID >/dev/null 2>&1; then - kill -KILL $pXY_PID + kill -KILL $PXY_PID wait $PXY_PID fi fi @@ -608,12 +608,9 @@ fi get_options "$@" # sanity checks, avoid an avalanche of errors -P_SRV_BIN=$(echo "$P_SRV" | sed -r -n "s/^([^ ]*).*$/\1/p") -echo "Server binary: ${P_SRV_BIN}" -P_CLI_BIN=$(echo "$P_CLI" | sed -r -n "s/^([^ ]*).*$/\1/p") -echo "Client binary: ${P_CLI_BIN}" -P_PXY_BIN=$(echo "$P_PXY" | sed -r -n "s/^([^ ]*).*$/\1/p") -echo "Proxy binary: ${P_PXY_BIN}" +P_SRV_BIN="${P_SRV%%[ ]*}" +P_CLI_BIN="${P_CLI%%[ ]*}" +P_PXY_BIN="${P_PXY%%[ ]*}" if [ ! -x "$P_SRV_BIN" ]; then echo "Command '$P_SRV_BIN' is not an executable file" exit 1 From 22829e9860029eb6e3e333ee481ef232fce0c97a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 15:28:55 +0100 Subject: [PATCH 208/504] Don't use sed -r in udp_proxy_wrapper.sh --- programs/test/udp_proxy_wrapper.sh | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 415f88399..d0a366095 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -2,16 +2,14 @@ set -u -MBEDTLS_BASE="$(pwd)/$(dirname $0)/../../" -TPXY_BIN="$MBEDTLS_BASE/test/udp_proxy" +MBEDTLS_BASE="$(dirname -- "$0")/../.." +TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy" SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2" : ${VERBOSE:=0} -VERBOSE=1 - -PARAM_SEP="^(.*)--(.*)$" -PROXY_PARAMS=$(echo $@ | sed -n -r "s/$PARAM_SEP/\1/p") -SERVER_PARAMS=$(echo $@ | sed -n -r "s/$PARAM_SEP/\2/p") +FULL_PARAMS=$* +PROXY_PARAMS=${FULL_PARAMS%%" -- "*} +SERVER_PARAMS=${FULL_PARAMS#*" -- "} stop_proxy() { test -n "${TPXY_PID:-}" && @@ -49,13 +47,13 @@ if [ -z "$DTLS_ENABLED" ]; then exit 0 fi -SERVER_PORT_ORIG=$(echo "$SERVER_PARAMS" | sed -n -r "s/^.*server_port=([0-9]+).*$/\1/p") +SERVER_PORT_ORIG=$(echo "$SERVER_PARAMS" | sed -n "s/^.*server_port=\([0-9]*\).*$/\1/p") if [ -z "$SERVER_PORT_ORIG" ]; then echo " * No server port specified - exit" exit 1 fi -SERVER_ADDR_ORIG=$(echo "$SERVER_PARAMS" | sed -n -r "s/^.*server_addr=([a-zA-Z0-9\.]+).*$/\1/p") +SERVER_ADDR_ORIG=$(echo "$SERVER_PARAMS" | sed -n "s/^.*server_addr=\([a-zA-Z0-9\.]*\).*$/\1/p") if [ -z "$SERVER_ADDR_ORIG" ]; then echo " * No server address specified - exit" exit 1 @@ -86,7 +84,7 @@ if [ $VERBOSE -gt 0 ]; then echo " * Proxy ID: $TPXY_PID" fi -SERVER_PARAMS_NEW=$(echo $SERVER_PARAMS | sed -n -r "s/^(.*server_port=)[0-9]+(.*)$/\1$SERVER_PORT\2/p") +SERVER_PARAMS_NEW=$(echo "$SERVER_PARAMS" | sed -n "s/^\(.*server_port=\)[0-9]*\(.*\)$/\1$SERVER_PORT\2/p") SRV_CMD="$SRV_BIN $SERVER_PARAMS_NEW" echo " * Starting server ..." From a677cdd4592ebd7d0ef725109e76ca3662d8c477 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 15:29:31 +0100 Subject: [PATCH 209/504] Detect IPv6 in udp_proxy_wrapper.sh grepping for `server_addr=::1` --- programs/test/udp_proxy_wrapper.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index d0a366095..987b8a4ca 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -35,8 +35,10 @@ cleanup() { trap cleanup INT TERM HUP -DTLS_ENABLED=$(echo "$SERVER_PARAMS" | grep -v "::1" | grep "dtls=1") -if [ -z "$DTLS_ENABLED" ]; then +DTLS_ENABLED=$(echo " $SERVER_PARAMS" | grep " dtls=1") +IPV6_IN_USE=$(echo " $SERVER_PARAMS" | grep " server_addr=::1" ) + +if [ -z "$DTLS_ENABLED" ] || [ -n "$IPV6_IN_USE" ]; then echo " * Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." if [ $VERBOSE -gt 0 ]; then echo "[ $SRV_BIN $SERVER_PARAMS ]" From 19773ff8357865b0ebd4af44a0c8c4a09f7d85f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 24 Oct 2017 10:51:26 +0200 Subject: [PATCH 210/504] Avoid comparing size between RSA and EC keys --- library/x509_crt.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 8f8f6930c..a85199817 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -193,9 +193,18 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg, const mbedtls_pk_context *pk ) { + const mbedtls_pk_type_t pk_type = mbedtls_pk_get_type( pk ); + #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) { + /* Avoid comparing size between RSA and ECC */ + if( pk_type != MBEDTLS_PK_RSA && + pk_type != MBEDTLS_PK_RSASSA_PSS ) + { + return( -1 ); + } + if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) return( 0 ); @@ -209,10 +218,8 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, pk_alg == MBEDTLS_PK_ECKEY_DH ) { mbedtls_ecp_group_id gid; - mbedtls_pk_type_t pk_type; /* Avoid calling pk_ec() if this is not an EC key */ - pk_type = mbedtls_pk_get_type( pk ); if( pk_type != MBEDTLS_PK_ECDSA && pk_type != MBEDTLS_PK_ECKEY && pk_type != MBEDTLS_PK_ECKEY_DH ) From afc4f892d1f3afb1f1bd40a5392609392fb5eb12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Oct 2017 10:00:17 +0200 Subject: [PATCH 211/504] udp_proxy_wrapper.sh: more robust Don't mangle arguments containing spaces and other special characters, pass them unchanged to the proxy or server as applicable. More robust parsing of server parameters: don't hit on partial words; use ssl_server2's default values. Minor style improvements. --- programs/test/udp_proxy_wrapper.sh | 124 ++++++++++++++++------------- 1 file changed, 69 insertions(+), 55 deletions(-) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 987b8a4ca..fa13596d6 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -1,4 +1,6 @@ #!/bin/sh +# -*-sh-basic-offset: 4-*- +# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] set -u @@ -7,24 +9,21 @@ TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy" SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2" : ${VERBOSE:=0} -FULL_PARAMS=$* -PROXY_PARAMS=${FULL_PARAMS%%" -- "*} -SERVER_PARAMS=${FULL_PARAMS#*" -- "} stop_proxy() { - test -n "${TPXY_PID:-}" && - ( - echo "\n * Killing proxy (pid $TPXY_PID) ..." - kill $TPXY_PID - ) + if [ -n "${tpxy_pid:-}" ]; then + echo + echo " * Killing proxy (pid $tpxy_pid) ..." + kill $tpxy_pid + fi } stop_server() { - test -n "${SRV_PID:-}" && - ( - echo "\n * Killing server (pid $SRV_PID) ..." - kill $SRV_PID >/dev/null 2>/dev/null - ) + if [ -n "${srv_pid:-}" ]; then + echo + echo " * Killing server (pid $srv_pid) ..." + kill $srv_pid >/dev/null 2>/dev/null + fi } cleanup() { @@ -35,69 +34,84 @@ cleanup() { trap cleanup INT TERM HUP -DTLS_ENABLED=$(echo " $SERVER_PARAMS" | grep " dtls=1") -IPV6_IN_USE=$(echo " $SERVER_PARAMS" | grep " server_addr=::1" ) +# Extract the proxy parameters +tpxy_cmd_snippet='"$TPXY_BIN"' +while [ $# -ne 0 ] && [ "$1" != "--" ]; do + tail="$1" quoted="" + while [ -n "$tail" ]; do + case "$tail" in + *\'*) quoted="${quoted}${tail%%\'*}'\\''" tail="${tail#*\'}";; + *) quoted="${quoted}${tail}"; tail=; false;; + esac + done + tpxy_cmd_snippet="$tpxy_cmd_snippet '$quoted'" + shift +done +unset tail quoted +if [ $# -eq 0 ]; then + echo " * No server arguments (must be preceded by \" -- \") - exit" + exit 3 +fi +shift -if [ -z "$DTLS_ENABLED" ] || [ -n "$IPV6_IN_USE" ]; then - echo " * Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." +dtls_enabled= +ipv6_in_use= +server_port_orig= +server_addr_orig= +for param; do + case "$param" in + server_port=*) server_port_orig="${param#*=}";; + server_addr=*:*) server_addr_orig="${param#*=}"; ipv6_in_use=1;; + server_addr=*) server_addr_orig="${param#*=}";; + dtls=[!0]*) dtls_enabled=1;; + esac +done + +if [ -z "$dtls_enabled" ] || [ -n "$ipv6_in_use" ]; then + echo >&2 "$0: Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." if [ $VERBOSE -gt 0 ]; then - echo "[ $SRV_BIN $SERVER_PARAMS ]" + echo "[ $SRV_BIN $* ]" fi - $SRV_BIN $SERVER_PARAMS >&1 2>&1 & - SRV_PID=$! - wait $SRV_PID - exit 0 + exec "$SRV_BIN" "$@" fi -SERVER_PORT_ORIG=$(echo "$SERVER_PARAMS" | sed -n "s/^.*server_port=\([0-9]*\).*$/\1/p") -if [ -z "$SERVER_PORT_ORIG" ]; then - echo " * No server port specified - exit" - exit 1 +if [ -z "$server_port_orig" ]; then + server_port_orig=4433 +fi +echo " * Server port: $server_port_orig" +tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_port=\$server_port_orig\"" +tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_port=\$server_port\"" + +if [ -n "$server_addr_orig" ]; then + echo " * Server address: $server_addr_orig" + tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_addr=\$server_addr_orig\"" + tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_addr=\$server_addr_orig\"" fi -SERVER_ADDR_ORIG=$(echo "$SERVER_PARAMS" | sed -n "s/^.*server_addr=\([a-zA-Z0-9\.]*\).*$/\1/p") -if [ -z "$SERVER_ADDR_ORIG" ]; then - echo " * No server address specified - exit" - exit 1 -fi - -echo " * Server address: $SERVER_ADDR_ORIG" -echo " * Server port: $SERVER_PORT_ORIG" - -SERVER_PORT=$(( $SERVER_PORT_ORIG + 1 )) -echo " * Intermediate port: $SERVER_PORT" - -TPXY_CMD=\ -"$TPXY_BIN $PROXY_PARAMS "\ -"listen_port=$SERVER_PORT_ORIG "\ -"server_port=$SERVER_PORT "\ -"server_addr=$SERVER_ADDR_ORIG "\ -"listen_addr=$SERVER_ADDR_ORIG" +server_port=$(( server_port_orig + 1 )) +set -- "$@" "server_port=$server_port" +echo " * Intermediate port: $server_port" echo " * Start proxy in background ..." if [ $VERBOSE -gt 0 ]; then - echo "[ $TPXY_CMD ]" + echo "[ $tpxy_cmd_snippet ]" fi - -$TPXY_CMD >/dev/null 2>&1 & -TPXY_PID=$! +eval "$tpxy_cmd_snippet" >/dev/null 2>&1 & +tpxy_pid=$! if [ $VERBOSE -gt 0 ]; then echo " * Proxy ID: $TPXY_PID" fi -SERVER_PARAMS_NEW=$(echo "$SERVER_PARAMS" | sed -n "s/^\(.*server_port=\)[0-9]*\(.*\)$/\1$SERVER_PORT\2/p") -SRV_CMD="$SRV_BIN $SERVER_PARAMS_NEW" - echo " * Starting server ..." if [ $VERBOSE -gt 0 ]; then - echo "[ $SRV_CMD ]" + echo "[ $SRV_BIN $* ]" fi -$SRV_CMD >&2 & -SRV_PID=$! +"$SRV_BIN" "$@" >&2 & +srv_pid=$! -wait $SRV_PID +wait $srv_pid stop_proxy return 0 From 8149321fedd0085f18783d41490a7d4043f7716c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Oct 2017 12:22:40 +0200 Subject: [PATCH 212/504] udp_proxy_wrapper.sh: fix cleanup not cleaning up Fixed cleanup leaving the actual udp_proxy behind and only killing an intermediate shell process. Fixed trap handler cleaning up but then not dying. --- programs/test/udp_proxy_wrapper.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index fa13596d6..29033d5d1 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -29,7 +29,7 @@ stop_server() { cleanup() { stop_server stop_proxy - return 1 + exit 129 } trap cleanup INT TERM HUP @@ -96,7 +96,7 @@ echo " * Start proxy in background ..." if [ $VERBOSE -gt 0 ]; then echo "[ $tpxy_cmd_snippet ]" fi -eval "$tpxy_cmd_snippet" >/dev/null 2>&1 & +eval exec "$tpxy_cmd_snippet" >/dev/null 2>&1 & tpxy_pid=$! if [ $VERBOSE -gt 0 ]; then @@ -108,7 +108,7 @@ if [ $VERBOSE -gt 0 ]; then echo "[ $SRV_BIN $* ]" fi -"$SRV_BIN" "$@" >&2 & +exec "$SRV_BIN" "$@" >&2 & srv_pid=$! wait $srv_pid From 254eec8bb4844cc9b4ac9974ad34d3c5679d9fb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 26 Oct 2017 09:47:36 +0200 Subject: [PATCH 213/504] Document choice of script exit code --- tests/scripts/curves.pl | 1 + tests/scripts/depends-hashes.pl | 1 + tests/scripts/depends-pkalgs.pl | 1 + tests/scripts/key-exchanges.pl | 1 + tests/scripts/test-ref-configs.pl | 1 + 5 files changed, 5 insertions(+) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index b7cfdf674..004181432 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -36,6 +36,7 @@ my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index 46628a72d..29dcfb00c 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -45,6 +45,7 @@ my @hashes = split( /\s+/, system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 3ab161523..14c92b221 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -60,6 +60,7 @@ my %algs = ( system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl index 5ce890046..d167c67c7 100755 --- a/tests/scripts/key-exchanges.pl +++ b/tests/scripts/key-exchanges.pl @@ -33,6 +33,7 @@ my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index fe6d154f9..600fc751e 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -55,6 +55,7 @@ my $config_h = 'include/mbedtls/config.h'; system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } From 3f81691d293f75785f78f0b4fc4683f7bdc0b0b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 26 Oct 2017 10:24:16 +0200 Subject: [PATCH 214/504] Revert to old behaviour of profile_check_key() Was never documented to check for key alg compatibility, so should not start doing so. Just stop relying on the pk_alg argument instead. --- library/x509_crt.c | 34 ++++++++-------------------------- 1 file changed, 8 insertions(+), 26 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index a85199817..bbc0f3c08 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -161,7 +161,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = /* * Check md_alg against profile - * Return 0 if md_alg acceptable for this profile, -1 otherwise + * Return 0 if md_alg is acceptable for this profile, -1 otherwise */ static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, mbedtls_md_type_t md_alg ) @@ -174,7 +174,7 @@ static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, /* * Check pk_alg against profile - * Return 0 if pk_alg acceptable for this profile, -1 otherwise + * Return 0 if pk_alg is acceptable for this profile, -1 otherwise */ static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg ) @@ -187,24 +187,16 @@ static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, /* * Check key against profile - * Return 0 if pk_alg acceptable for this profile, -1 otherwise + * Return 0 if pk is acceptable for this profile, -1 otherwise */ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, - mbedtls_pk_type_t pk_alg, const mbedtls_pk_context *pk ) { - const mbedtls_pk_type_t pk_type = mbedtls_pk_get_type( pk ); + const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk ); #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) { - /* Avoid comparing size between RSA and ECC */ - if( pk_type != MBEDTLS_PK_RSA && - pk_type != MBEDTLS_PK_RSASSA_PSS ) - { - return( -1 ); - } - if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) return( 0 ); @@ -217,17 +209,7 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) { - mbedtls_ecp_group_id gid; - - /* Avoid calling pk_ec() if this is not an EC key */ - if( pk_type != MBEDTLS_PK_ECDSA && - pk_type != MBEDTLS_PK_ECKEY && - pk_type != MBEDTLS_PK_ECKEY_DH ) - { - return( -1 ); - } - - gid = mbedtls_pk_ec( *pk )->grp.id; + const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) return( 0 ); @@ -1716,7 +1698,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, break; } - if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 ) + if( x509_profile_check_key( profile, &ca->pk ) != 0 ) flags |= MBEDTLS_X509_BADCERT_BAD_KEY; if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, @@ -2183,7 +2165,7 @@ static int x509_crt_verify_chain( *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; /* check size of signing key */ - if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) + if( x509_profile_check_key( profile, &parent->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; #if defined(MBEDTLS_X509_CRL_PARSE_C) @@ -2346,7 +2328,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) *ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; - if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) + if( x509_profile_check_key( profile, &crt->pk ) != 0 ) *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Check the chain */ From 7bba968afcb9d2a352d2e39cc9eae5a338d94c53 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 26 Oct 2017 11:53:26 +0100 Subject: [PATCH 215/504] Adapt ChangeLog --- ChangeLog | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b6ab9665a..2f1f0557c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,12 +2,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Fix memory leak in RSA self test. - Security - * Add option for mandatory use of blinding in RSA private key operations. - * Add options for verification of RSA private key operations to defend + * Verify results of RSA private key operations to defend against Bellcore glitch attack. = mbed TLS 2.x.x branch released xxxx-xx-xx From 2412061a5a55410e8fffc583b3ce3a2f0dfc067d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 26 Oct 2017 11:53:35 +0100 Subject: [PATCH 216/504] Correct typo and improve documentation --- include/mbedtls/rsa.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index bc2f810ae..54a1f2520 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -230,11 +230,11 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). * - * \note Blinding is used if and onlf if a PRNG is provided. + * \note Blinding is used if and only if a PRNG is provided. * * \note If blinding is used, both the base of exponentation - * and the exponent are blinded, preventing both statistical - * timing and power analysis attacks. + * and the exponent are blinded, providing protection + * against some side-channel attacks. * * \warning It is deprecated and a security risk to not provide * a PRNG here and thereby prevent the use of blinding. From df4180a235de1990d9769a1010b03cfe9cbed8c2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 27 Oct 2017 13:43:58 +0100 Subject: [PATCH 217/504] Don't break debug messages --- programs/ssl/ssl_client2.c | 78 +++++++++++++++++++------------------- programs/ssl/ssl_server2.c | 24 ++++++------ programs/test/udp_proxy.c | 5 +-- 3 files changed, 53 insertions(+), 54 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5b82693ff..ed3966495 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -478,8 +478,7 @@ void idle( mbedtls_ssl_context *ssl, * if data is still pending to be processed. */ if( mbedtls_ssl_check_pending( ssl ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, " - "but idling requested!" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, but idling requested!" ) ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); @@ -504,8 +503,8 @@ void idle( mbedtls_ssl_context *ssl, if( poll_type != 0 && mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - " - "continue", time_elapsed ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - continue", + time_elapsed ) ); break; } } @@ -960,8 +959,7 @@ int main( int argc, char *argv[] ) * refers to the underlying net_context. */ if( opt.event == 1 && opt.nbio != 1 ) { - mbedtls_printf( "Warning: event-driven IO mandates nbio=1" - " - overwrite\n" ); + mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" ); opt.nbio = 1; } @@ -1236,8 +1234,8 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", + -ret ); goto exit; } @@ -1261,8 +1259,8 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_key " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", + -ret ); goto exit; } @@ -1285,8 +1283,8 @@ int main( int argc, char *argv[] ) opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_connect " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", + -ret ); goto exit; } @@ -1296,8 +1294,8 @@ int main( int argc, char *argv[] ) ret = mbedtls_net_set_block( &server_fd ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! net_set_(non)block() " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", + -ret ); goto exit; } @@ -1314,8 +1312,8 @@ int main( int argc, char *argv[] ) opt.transport, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", + -ret ); goto exit; } @@ -1345,8 +1343,8 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", + ret ); goto exit; } #endif @@ -1382,8 +1380,8 @@ int main( int argc, char *argv[] ) if( opt.alpn_string != NULL ) if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", + ret ); goto exit; } #endif @@ -1422,8 +1420,8 @@ int main( int argc, char *argv[] ) { if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", + ret ); goto exit; } } @@ -1442,8 +1440,8 @@ int main( int argc, char *argv[] ) (const unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", + ret ); goto exit; } #endif @@ -1463,16 +1461,16 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", + -ret ); goto exit; } #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", + ret ); goto exit; } #endif @@ -1484,8 +1482,8 @@ int main( int argc, char *argv[] ) (const unsigned char *) opt.ecjpake_pw, strlen( opt.ecjpake_pw ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", + ret ); goto exit; } } @@ -1516,8 +1514,8 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake " - "returned -0x%x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", + -ret ); if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) mbedtls_printf( " Unable to verify the server's certificate. " @@ -1571,8 +1569,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_get_session " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", + -ret ); goto exit; } @@ -1622,8 +1620,8 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", + ret ); goto exit; } @@ -1686,8 +1684,8 @@ send_request: if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", + -ret ); goto exit; } @@ -1726,8 +1724,8 @@ send_request: if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", + ret ); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d16c53419..d70046c84 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1427,8 +1427,7 @@ int main( int argc, char *argv[] ) * refers to the underlying net_context. */ if( opt.event == 1 && opt.nbio != 1 ) { - mbedtls_printf( "Warning: event-driven IO mandates nbio=1" - " - overwrite\n" ); + mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" ); opt.nbio = 1; } @@ -1733,7 +1732,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", - -ret ); + -ret ); goto exit; } } @@ -1751,8 +1750,7 @@ int main( int argc, char *argv[] ) strcmp( opt.key_file2, "none" ) != 0 ) { #if !defined(MBEDTLS_CERTS_C) - mbedtls_printf( "Not certificated or key provided, and \n" - "MBEDTLS_CERTS_C not defined!\n" ); + mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" ); goto exit; #else #if defined(MBEDTLS_RSA_C) @@ -1760,14 +1758,16 @@ int main( int argc, char *argv[] ) (const unsigned char *) mbedtls_test_srv_crt_rsa, mbedtls_test_srv_crt_rsa_len ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", + -ret ); goto exit; } if( ( ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key_rsa, mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", + -ret ); goto exit; } key_cert_init = 2; @@ -1777,14 +1777,16 @@ int main( int argc, char *argv[] ) (const unsigned char *) mbedtls_test_srv_crt_ec, mbedtls_test_srv_crt_ec_len ) ) != 0 ) { - mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", + -ret ); goto exit; } if( ( ret = mbedtls_pk_parse_key( &pkey2, (const unsigned char *) mbedtls_test_srv_key_ec, mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 ) { - mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", + -ret ); goto exit; } key_cert_init2 = 2; @@ -2190,8 +2192,8 @@ reset: if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl, client_ip, cliip_len ) ) != 0 ) { - mbedtls_printf( " failed\n ! " - "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", + -ret ); goto exit; } } diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index c978f9047..386b1fcad 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -318,9 +318,8 @@ static int ctx_buffer_flush( ctx_buffer *buf ) { int ret; - mbedtls_printf( " %05lu flush %s: %u bytes, %lu datagrams, " - "last %ld ms\n", ellapsed_time(), - buf->description, buf->len, buf->num_datagrams, + mbedtls_printf( " %05lu flush %s: %u bytes, %lu datagrams, last %ld ms\n", + ellapsed_time(), buf->description, buf->len, buf->num_datagrams, ellapsed_time() - buf->packet_lifetime ); ret = mbedtls_net_send( buf->ctx, buf->data, buf->len ); From 197a91cd82c6351beacb23d2bea0522066c9b332 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 10:58:53 +0000 Subject: [PATCH 218/504] Clean up idle() function in ssl_client2 and ssl_server2 --- programs/ssl/ssl_client2.c | 67 ++++++++++++-------------------------- programs/ssl/ssl_server2.c | 64 +++++++++++------------------------- 2 files changed, 40 insertions(+), 91 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ed3966495..289920cbd 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -444,20 +444,14 @@ static int ssl_sig_hashes_for_test[] = { * (Used in event-driven IO mode). */ #if !defined(MBEDTLS_TIMING_C) -void idle( mbedtls_ssl_context *ssl, - mbedtls_net_context *fd, +void idle( mbedtls_net_context *fd, int idle_reason ) { #else -void idle( mbedtls_ssl_context *ssl, - mbedtls_net_context *fd, +void idle( mbedtls_net_context *fd, mbedtls_timing_delay_context *timer, int idle_reason ) { -#if defined(MBEDTLS_DEBUG_C) - struct mbedtls_timing_hr_time tm; - unsigned long time_elapsed; -#endif #endif int poll_type = 0; @@ -468,43 +462,24 @@ void idle( mbedtls_ssl_context *ssl, poll_type = MBEDTLS_NET_POLL_READ; #if !defined(MBEDTLS_TIMING_C) else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: No reason for idling given" ) ); return; - } -#endif - - /* One should not idle on the underlying transport - * if data is still pending to be processed. */ - if( mbedtls_ssl_check_pending( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, but idling requested!" ) ); - } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); - -#if defined(MBEDTLS_TIMING_C) && defined(MBEDTLS_DEBUG_C) - mbedtls_timing_get_timer( &tm, 1 /* restart */ ); #endif while( 1 ) { + /* Check if timer has expired */ #if defined(MBEDTLS_TIMING_C) -#if defined(MBEDTLS_DEBUG_C) - time_elapsed = mbedtls_timing_get_timer( &tm, 0 ); -#endif - if( mbedtls_timing_get_delay( timer ) == 2 ) + if( timer != NULL && + mbedtls_timing_get_delay( timer ) == 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] timer expired - continue", - time_elapsed ) ); break; } -#endif +#endif /* MBEDTLS_TIMING_C */ + /* Check if underlying transport became available */ if( poll_type != 0 && mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - continue", - time_elapsed ) ); break; } } @@ -1532,9 +1507,9 @@ int main( int argc, char *argv[] ) if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } @@ -1629,9 +1604,9 @@ int main( int argc, char *argv[] ) if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } @@ -1693,9 +1668,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } @@ -1715,9 +1690,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } @@ -1761,9 +1736,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } continue; @@ -1822,9 +1797,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } @@ -1887,9 +1862,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d70046c84..c3321d13a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -846,20 +846,14 @@ static int ssl_sig_hashes_for_test[] = { * (Used in event-driven IO mode). */ #if !defined(MBEDTLS_TIMING_C) -void idle( mbedtls_ssl_context *ssl, - mbedtls_net_context *fd, +void idle( mbedtls_net_context *fd, int idle_reason ) { #else -void idle( mbedtls_ssl_context *ssl, - mbedtls_net_context *fd, +void idle( mbedtls_net_context *fd, mbedtls_timing_delay_context *timer, int idle_reason ) { -#if defined(MBEDTLS_DEBUG_C) - struct mbedtls_timing_hr_time tm; - unsigned long time_elapsed; -#endif #endif int poll_type = 0; @@ -870,44 +864,24 @@ void idle( mbedtls_ssl_context *ssl, poll_type = MBEDTLS_NET_POLL_READ; #if !defined(MBEDTLS_TIMING_C) else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: No reason for idling given" ) ); return; - } -#endif - - /* One should not idle on the underlying transport - * if data is still pending to be processed. */ - if( mbedtls_ssl_check_pending( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, " - "but idling requested!" ) ); - } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); - -#if defined(MBEDTLS_TIMING_C) && defined(MBEDTLS_DEBUG_C) - mbedtls_timing_get_timer( &tm, 1 /* restart */ ); #endif while( 1 ) { + /* Check if timer has expired */ #if defined(MBEDTLS_TIMING_C) -#if defined(MBEDTLS_DEBUG_C) - time_elapsed = mbedtls_timing_get_timer( &tm, 0 ); -#endif - if( mbedtls_timing_get_delay( timer ) == 2 ) + if( timer != NULL && + mbedtls_timing_get_delay( timer ) == 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] timer expired - continue", - time_elapsed ) ); break; } -#endif +#endif /* MBEDTLS_TIMING_C */ + /* Check if underlying transport became available */ if( poll_type != 0 && mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - " - "continue", time_elapsed ) ); break; } } @@ -2231,9 +2205,9 @@ handshake: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } @@ -2346,9 +2320,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } @@ -2453,9 +2427,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } @@ -2504,9 +2478,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } @@ -2548,9 +2522,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } @@ -2570,9 +2544,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } From 9b19a1253f56b53e6b093197bf6947bb7b51c344 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 13:00:14 +0000 Subject: [PATCH 219/504] Clarify use of mbedtls_ssl_check_pending --- include/mbedtls/ssl.h | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 43ba67cd5..594c7d6b1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2243,15 +2243,6 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, * * \return 0 if nothing's pending, 1 otherwise. * - * \note This function is essential when using the library - * with event-driven I/O. You should not idle - * (waiting for events from the underlying transport - * or from timers) before this function's check passes. - * Otherwise, it's possible to run into a deadlock - * (if processing the pending data involves essential - * communication with the peer) or to accumulate and - * potentially lose data. - * * \note This is different in purpose and behaviour from * \c mbedtls_ssl_get_bytes_avail in that it considers * any kind of unprocessed data, not only unread @@ -2262,11 +2253,25 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, * further records waiting to be processed from * the current underlying transport's datagram. * - * \note If this function returns 0 (data pending), this + * \note If this function returns 1 (data pending), this * does not imply that a subsequent call to * \c mbedtls_ssl_read will provide any data; * e.g., the unprocessed data might turn out * to be an alert or a handshake message. + * + * \note This function is useful in the following situation: + * If the SSL/TLS module successfully returns from an + * operation - e.g. a handshake or an application record + * read - and you're awaiting incoming data next, you + * must not immediately idle on the underlying transport + * to have data ready, but you need to check the value + * of this function first. The reason is that the desired + * data might already be read but not yet processed. + * If, in contrast, a previous call to the SSL/TLS module + * returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary + * to call this function, as the latter error code entails + * that all internal data has been processed. + * */ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); From 211f44c928293203c82b6781ff58346d9f00739e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 14:08:10 +0000 Subject: [PATCH 220/504] Rename `merge` option in UDP proxy to `pack` --- programs/test/udp_proxy.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 386b1fcad..d0c5b9450 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -131,7 +131,7 @@ static struct options int bad_ad; /* inject corrupted ApplicationData record */ int protect_hvr; /* never drop or delay HelloVerifyRequest */ int protect_len; /* never drop/delay packet of the given size*/ - int merge; /* merge packets into single datagram for + int pack; /* merge packets into single datagram for * at most \c merge milliseconds if > 0 */ unsigned int seed; /* seed for "random" events */ @@ -157,7 +157,7 @@ static void get_options( int argc, char *argv[] ) opt.server_port = DFL_SERVER_PORT; opt.listen_addr = DFL_LISTEN_ADDR; opt.listen_port = DFL_LISTEN_PORT; - opt.merge = DFL_PACK; + opt.pack = DFL_PACK; /* Other members default to 0 */ for( i = 1; i < argc; i++ ) @@ -201,7 +201,7 @@ static void get_options( int argc, char *argv[] ) } else if( strcmp( p, "pack" ) == 0 ) { - opt.merge = atoi( q ); + opt.pack = atoi( q ); } else if( strcmp( p, "mtu" ) == 0 ) { @@ -333,7 +333,7 @@ static int ctx_buffer_flush( ctx_buffer *buf ) static inline int ctx_buffer_check( ctx_buffer *buf ) { if( buf->len > 0 && - ellapsed_time() - buf->packet_lifetime >= (size_t) opt.merge ) + ellapsed_time() - buf->packet_lifetime >= (size_t) opt.pack ) { return( ctx_buffer_flush( buf ) ); } @@ -669,7 +669,7 @@ accept: nb_fds = listen_fd.fd; ++nb_fds; - if( opt.merge > 0 ) + if( opt.pack > 0 ) { outbuf[0].ctx = &server_fd; outbuf[0].description = "S <- C"; From 92474da0a22548b05340857d44020856bc6f3be7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 14:09:30 +0000 Subject: [PATCH 221/504] Use Mbed TLS timing module to obtain ellapsed time in udp_proxy --- programs/test/udp_proxy.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index d0c5b9450..39b3bed4a 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -280,22 +280,17 @@ static const char *msg_type( unsigned char *msg, size_t len ) /* Return elapsed time in milliseconds since the first call */ static unsigned long ellapsed_time( void ) { -#if defined(_WIN32) - return( 0 ); -#else - static struct timeval ref = { 0, 0 }; - struct timeval now; + static int initialized = 0; + static struct mbedtls_timing_hr_time hires; - if( ref.tv_sec == 0 && ref.tv_usec == 0 ) + if( initialized == 0 ) { - gettimeofday( &ref, NULL ); + (void) mbedtls_timing_get_timer( &hires, 1 ); + initialized = 1; return( 0 ); } - gettimeofday( &now, NULL ); - return( 1000 * ( now.tv_sec - ref.tv_sec ) - + ( now.tv_usec - ref.tv_usec ) / 1000 ); -#endif + return( mbedtls_timing_get_timer( &hires, 0 ) ); } typedef struct From 0cc7774dab85d3938b04ead8814e585f76c82f13 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 14:10:07 +0000 Subject: [PATCH 222/504] Only add pack option to UDP proxy if MBEDTLS_TIMING_C is enabled --- programs/test/udp_proxy.c | 57 ++++++++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 9 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 39b3bed4a..7e8d309f4 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -53,6 +53,7 @@ int main( void ) #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/ssl.h" +#include "mbedtls/timing.h" #include @@ -74,11 +75,6 @@ int main( void ) #include #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ -/* For gettimeofday() */ -#if !defined(_WIN32) -#include -#endif - #define MAX_MSG_SIZE 16384 + 2048 /* max record/datagram size */ #define DFL_SERVER_ADDR "localhost" @@ -87,6 +83,14 @@ int main( void ) #define DFL_LISTEN_PORT "5556" #define DFL_PACK 0 +#if defined(MBEDTLS_TIMING_C) +#define USAGE_PACK \ + " pack=%%d default: 0 (don't pack)\n" \ + " options: t > 0 (pack for t milliseconds)\n" +#else +#define USAGE_PACK +#endif + #define USAGE \ "\n usage: udp_proxy param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -106,11 +110,10 @@ int main( void ) " drop packets larger than N bytes\n" \ " bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \ " protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \ - " protect_len=%%d default: (don't protect packets of this size)\n" \ + " protect_len=%%d default: (don't protect packets of this size)\n" \ "\n" \ " seed=%%d default: (use current time)\n" \ - " pack=%%d default: 0 (don't merge)\n" \ - " options: t > 0 (merge for t milliseconds)\n" \ + USAGE_PACK \ "\n" /* @@ -133,7 +136,6 @@ static struct options int protect_len; /* never drop/delay packet of the given size*/ int pack; /* merge packets into single datagram for * at most \c merge milliseconds if > 0 */ - unsigned int seed; /* seed for "random" events */ } opt; @@ -201,7 +203,12 @@ static void get_options( int argc, char *argv[] ) } else if( strcmp( p, "pack" ) == 0 ) { +#if defined(MBEDTLS_TIMING_C) opt.pack = atoi( q ); +#else + mbedtls_printf( " option pack only defined if MBEDTLS_TIMING_C is enabled\n" ); + exit( 1 ); +#endif } else if( strcmp( p, "mtu" ) == 0 ) { @@ -277,6 +284,7 @@ static const char *msg_type( unsigned char *msg, size_t len ) } } +#if defined(MBEDTLS_TIMING_C) /* Return elapsed time in milliseconds since the first call */ static unsigned long ellapsed_time( void ) { @@ -369,6 +377,7 @@ static int dispatch_data( mbedtls_net_context *ctx, size_t len ) { ctx_buffer *buf = NULL; + if( outbuf[0].ctx == ctx ) buf = &outbuf[0]; else if( outbuf[1].ctx == ctx ) @@ -380,6 +389,17 @@ static int dispatch_data( mbedtls_net_context *ctx, return( ctx_buffer_append( buf, data, len ) ); } +#else /* MBEDTLS_TIMING_C */ + +static int dispatch_data( mbedtls_net_context *ctx, + const unsigned char * data, + size_t len ) +{ + return( mbedtls_net_send( ctx, data, len ) ); +} + +#endif /* MBEDTLS_TIMING_C */ + typedef struct { mbedtls_net_context *dst; @@ -392,12 +412,22 @@ typedef struct /* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */ void print_packet( const packet *p, const char *why ) { +#if defined(MBEDTLS_TIMING_C) if( why == NULL ) mbedtls_printf( " %05lu dispatch %s %s (%u bytes)\n", ellapsed_time(), p->way, p->type, p->len ); + else + mbedtls_printf( " %05lu dispatch %s %s (%u bytes): %s\n", + ellapsed_time(), p->way, p->type, p->len, why ); +#else + if( why == NULL ) + mbedtls_printf( " dispatch %s %s (%u bytes)\n", + p->way, p->type, p->len ); else mbedtls_printf( " dispatch %s %s (%u bytes): %s\n", p->way, p->type, p->len, why ); +#endif + fflush( stdout ); } @@ -664,6 +694,7 @@ accept: nb_fds = listen_fd.fd; ++nb_fds; +#if defined(MBEDTLS_TIMING_C) if( opt.pack > 0 ) { outbuf[0].ctx = &server_fd; @@ -676,6 +707,12 @@ accept: outbuf[1].num_datagrams = 0; outbuf[1].len = 0; } + else + { + outbuf[0].ctx = NULL; + outbuf[1].ctx = NULL; + } +#endif /* MBEDTLS_TIMING_C */ while( 1 ) { @@ -684,8 +721,10 @@ accept: FD_SET( client_fd.fd, &read_fds ); FD_SET( listen_fd.fd, &read_fds ); +#if defined(MBEDTLS_TIMING_C) ctx_buffer_check( &outbuf[0] ); ctx_buffer_check( &outbuf[1] ); +#endif if( ( ret = select( nb_fds, &read_fds, NULL, NULL, &tm ) ) < 0 ) { From 77abef5cba14ebd2f396e786615fb0e9de4b9338 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 2 Nov 2017 10:50:28 +0000 Subject: [PATCH 223/504] Don't use busy-waiting in udp_proxy Also, correct inconsistent use of unsigned integer types in udp_proxy. --- programs/test/udp_proxy.c | 125 +++++++++++++++++++++++--------------- 1 file changed, 76 insertions(+), 49 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 7e8d309f4..0dec40932 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -134,7 +134,7 @@ static struct options int bad_ad; /* inject corrupted ApplicationData record */ int protect_hvr; /* never drop or delay HelloVerifyRequest */ int protect_len; /* never drop/delay packet of the given size*/ - int pack; /* merge packets into single datagram for + unsigned pack; /* merge packets into single datagram for * at most \c merge milliseconds if > 0 */ unsigned int seed; /* seed for "random" events */ } opt; @@ -204,7 +204,7 @@ static void get_options( int argc, char *argv[] ) else if( strcmp( p, "pack" ) == 0 ) { #if defined(MBEDTLS_TIMING_C) - opt.pack = atoi( q ); + opt.pack = (unsigned) atoi( q ); #else mbedtls_printf( " option pack only defined if MBEDTLS_TIMING_C is enabled\n" ); exit( 1 ); @@ -286,7 +286,7 @@ static const char *msg_type( unsigned char *msg, size_t len ) #if defined(MBEDTLS_TIMING_C) /* Return elapsed time in milliseconds since the first call */ -static unsigned long ellapsed_time( void ) +static unsigned ellapsed_time( void ) { static int initialized = 0; static struct mbedtls_timing_hr_time hires; @@ -307,8 +307,8 @@ typedef struct const char *description; - unsigned long packet_lifetime; - size_t num_datagrams; + unsigned packet_lifetime; + unsigned num_datagrams; unsigned char data[MAX_MSG_SIZE]; unsigned len; @@ -321,8 +321,9 @@ static int ctx_buffer_flush( ctx_buffer *buf ) { int ret; - mbedtls_printf( " %05lu flush %s: %u bytes, %lu datagrams, last %ld ms\n", - ellapsed_time(), buf->description, buf->len, buf->num_datagrams, + mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n", + ellapsed_time(), buf->description, + buf->len, buf->num_datagrams, ellapsed_time() - buf->packet_lifetime ); ret = mbedtls_net_send( buf->ctx, buf->data, buf->len ); @@ -333,15 +334,17 @@ static int ctx_buffer_flush( ctx_buffer *buf ) return( ret ); } -static inline int ctx_buffer_check( ctx_buffer *buf ) +static unsigned ctx_buffer_time_remaining( ctx_buffer *buf ) { - if( buf->len > 0 && - ellapsed_time() - buf->packet_lifetime >= (size_t) opt.pack ) - { - return( ctx_buffer_flush( buf ) ); - } + unsigned const cur_time = ellapsed_time(); - return( 0 ); + if( buf->num_datagrams == 0 ) + return( (unsigned) -1 ); + + if( cur_time - buf->packet_lifetime >= opt.pack ) + return( 0 ); + + return( opt.pack - ( cur_time - buf->packet_lifetime ) ); } static int ctx_buffer_append( ctx_buffer *buf, @@ -352,8 +355,8 @@ static int ctx_buffer_append( ctx_buffer *buf, if( len > sizeof( buf->data ) ) { - mbedtls_printf( " ! buffer size %lu too large (max %lu)\n", - len, sizeof( buf->data ) ); + mbedtls_printf( " ! buffer size %u too large (max %u)\n", + (unsigned) len, (unsigned) sizeof( buf->data ) ); return( -1 ); } @@ -371,35 +374,31 @@ static int ctx_buffer_append( ctx_buffer *buf, return( len ); } +#endif /* MBEDTLS_TIMING_C */ static int dispatch_data( mbedtls_net_context *ctx, const unsigned char * data, size_t len ) { +#if defined(MBEDTLS_TIMING_C) ctx_buffer *buf = NULL; + if( opt.pack > 0 ) + { + if( outbuf[0].ctx == ctx ) + buf = &outbuf[0]; + else if( outbuf[1].ctx == ctx ) + buf = &outbuf[1]; - if( outbuf[0].ctx == ctx ) - buf = &outbuf[0]; - else if( outbuf[1].ctx == ctx ) - buf = &outbuf[1]; + if( buf == NULL ) + return( -1 ); - if( buf == NULL ) - return( mbedtls_net_send( ctx, data, len ) ); + return( ctx_buffer_append( buf, data, len ) ); + } +#endif /* MBEDTLS_TIMING_C */ - return( ctx_buffer_append( buf, data, len ) ); -} - -#else /* MBEDTLS_TIMING_C */ - -static int dispatch_data( mbedtls_net_context *ctx, - const unsigned char * data, - size_t len ) -{ return( mbedtls_net_send( ctx, data, len ) ); } -#endif /* MBEDTLS_TIMING_C */ - typedef struct { mbedtls_net_context *dst; @@ -414,10 +413,10 @@ void print_packet( const packet *p, const char *why ) { #if defined(MBEDTLS_TIMING_C) if( why == NULL ) - mbedtls_printf( " %05lu dispatch %s %s (%u bytes)\n", + mbedtls_printf( " %05u dispatch %s %s (%u bytes)\n", ellapsed_time(), p->way, p->type, p->len ); else - mbedtls_printf( " %05lu dispatch %s %s (%u bytes): %s\n", + mbedtls_printf( " %05u dispatch %s %s (%u bytes): %s\n", ellapsed_time(), p->way, p->type, p->len, why ); #else if( why == NULL ) @@ -601,14 +600,16 @@ int main( int argc, char *argv[] ) int ret; mbedtls_net_context listen_fd, client_fd, server_fd; + +#if defined( MBEDTLS_TIMING_C ) struct timeval tm; +#endif + + struct timeval *tm_ptr = NULL; int nb_fds; fd_set read_fds; - tm.tv_sec = 0; - tm.tv_usec = 0; - mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); mbedtls_net_init( &server_fd ); @@ -707,26 +708,52 @@ accept: outbuf[1].num_datagrams = 0; outbuf[1].len = 0; } - else - { - outbuf[0].ctx = NULL; - outbuf[1].ctx = NULL; - } #endif /* MBEDTLS_TIMING_C */ while( 1 ) { +#if defined(MBEDTLS_TIMING_C) + if( opt.pack > 0 ) + { + unsigned max_wait_server, max_wait_client, max_wait; + max_wait_server = ctx_buffer_time_remaining( &outbuf[0] ); + max_wait_client = ctx_buffer_time_remaining( &outbuf[1] ); + + max_wait = (unsigned) -1; + + if( max_wait_server == 0 ) + ctx_buffer_flush( &outbuf[0] ); + else + max_wait = max_wait_server; + + if( max_wait_client == 0 ) + ctx_buffer_flush( &outbuf[1] ); + else + { + if( max_wait_client < max_wait ) + max_wait = max_wait_client; + } + + if( max_wait != (unsigned) -1 ) + { + tm.tv_sec = max_wait / 1000; + tm.tv_usec = ( max_wait % 1000 ) * 1000; + + tm_ptr = &tm; + } + else + { + tm_ptr = NULL; + } + } +#endif /* MBEDTLS_TIMING_C */ + FD_ZERO( &read_fds ); FD_SET( server_fd.fd, &read_fds ); FD_SET( client_fd.fd, &read_fds ); FD_SET( listen_fd.fd, &read_fds ); -#if defined(MBEDTLS_TIMING_C) - ctx_buffer_check( &outbuf[0] ); - ctx_buffer_check( &outbuf[1] ); -#endif - - if( ( ret = select( nb_fds, &read_fds, NULL, NULL, &tm ) ) < 0 ) + if( ( ret = select( nb_fds, &read_fds, NULL, NULL, tm_ptr ) ) < 0 ) { perror( "select" ); goto exit; From 298a7b214dd2cb8f7f82a90c1638e00f34f46807 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 6 Nov 2017 10:45:26 +0000 Subject: [PATCH 224/504] Change wording of directions on the usage of SSL context after error --- include/mbedtls/ssl.h | 62 +++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 594c7d6b1..cf98a3cc6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2418,10 +2418,10 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * DTLS records. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. * * \note If DTLS is in use, then you may choose to handle * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging @@ -2438,10 +2438,10 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. * * \param ssl SSL context * @@ -2465,10 +2465,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); * value. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. */ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -2507,12 +2507,12 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * again, or not transmitting the new identity to the * application layer, would allow authentication bypass! * - * If this function returns something other than a positive - * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or - * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection. + * \note If this function returns something other than a positive value + * or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT, + * you must stop using the SSL context for reading or writing, + * and either free it or call \c mbedtls_ssl_session_reset() on it + * before re-using it for a new connection; the current connection + * must be closed. * * \note Remarks regarding event-driven DTLS: * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram @@ -2548,11 +2548,11 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ, * or another negative error code. * - * \note If this function returns something other than a positive - * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * \note If this function returns something other than a positive value + * or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. * * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, * it must be called later with the *same* arguments, @@ -2579,10 +2579,10 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_ * \return 0 if successful, or a specific SSL error code. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. */ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, unsigned char level, @@ -2595,10 +2595,10 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, * \return 0 if successful, or a specific SSL error code. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. */ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); From 7512bf7d6398525b74e248c9a19bd17b1b9c600a Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:12:11 +0100 Subject: [PATCH 225/504] Add macros to ASN.1 module to parse ASN.1 tags The macros simply extract the component bits of an ASN.1 tag value --- include/mbedtls/asn1.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index e159e57ea..8d35c4245 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -87,6 +87,22 @@ #define MBEDTLS_ASN1_PRIMITIVE 0x00 #define MBEDTLS_ASN1_CONSTRUCTED 0x20 #define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 + +/* + * Bit masks for each of the components of an ASN.1 tag as specified in + * Information technnology - ASN.1 encoding rules: Specification of Basic + * Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished + * encoding rules (DER) Section 8.1.2.2: + * + * Bit 8 7 6 5 1 + * +-------+-----+------------+ + * | Class | P/C | Tag number | + * +-------+-----+------------+ + */ +#define MBEDTLS_ASN1_TAG_CLASS_MASK ( 0x03 << 6 ) +#define MBEDTLS_ASN1_TAG_PC_MASK ( 0x01 << 5 ) +#define MBEDTLS_ASN1_TAG_VALUE_MASK ( 0x1F << 0 ) + /* \} name */ /* \} addtogroup asn1_module */ From 849bc65bbfcc8a06b17169274dbfb163de0d59f1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:13:12 +0100 Subject: [PATCH 226/504] Fix x509_get_subject_alt_name to drop invalid tag Fix the x509_get_subject_alt_name() function to not accept invalid tags. The problem was that the ASN.1 class for tags consists of two bits. Simply doing bit-wise and of the CONTEXT_SPECIFIC macro with the input tag has the potential of accepting tag values 0x10 (private) which would indicate that the certificate has an incorrect format. --- library/x509_crt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c6209fb40..6d08d7795 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -472,9 +472,12 @@ static int x509_get_subject_alt_name( unsigned char **p, if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); - if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC ) + if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != + MBEDTLS_ASN1_CONTEXT_SPECIFIC ) + { return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + } /* Skip everything but DNS name */ if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) ) From ceae42659b9d172df9c28a2643a7e6fe7b620cc9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:17:34 +0100 Subject: [PATCH 227/504] Add ChangeLog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index ded60d39f..c81c5d6f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Bugfix * Fix leap year calculation in x509_date_is_valid() to ensure that invalid dates on leap years with 100 and 400 intervals are handled correctly. Found by Nicholas Wilson. #694 + * Fix X509 CRT parsing that would potentially accept an invalid tag when + parsing the subject alternative names. = mbed TLS 2.6.0 branch released 2017-08-10 From 72705c906c73cc15512c04d317ff0fba6bc4c8e0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Nov 2017 20:16:19 +0000 Subject: [PATCH 228/504] Add regression test for parsing subjectAltNames --- tests/suites/test_suite_x509parse.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d4cc11a08..374f1c2cc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1124,6 +1124,10 @@ x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ER X509 Certificate ASN1 (invalid version overflow) x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +X509 Certificate ASN1 (invalid SubjectAltNames tag) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 7786abc16b91897ff185b8141426393f23a5ff7f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Nov 2017 20:21:56 +0000 Subject: [PATCH 229/504] Define ASN1 bitmask macros in more direct way --- include/mbedtls/asn1.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 8d35c4245..75b7b3dfb 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -99,9 +99,9 @@ * | Class | P/C | Tag number | * +-------+-----+------------+ */ -#define MBEDTLS_ASN1_TAG_CLASS_MASK ( 0x03 << 6 ) -#define MBEDTLS_ASN1_TAG_PC_MASK ( 0x01 << 5 ) -#define MBEDTLS_ASN1_TAG_VALUE_MASK ( 0x1F << 0 ) +#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 +#define MBEDTLS_ASN1_TAG_PC_MASK 0x20 +#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F /* \} name */ /* \} addtogroup asn1_module */ From 05c4fc860805c1ffd7c8f3c42eb475105c07d05c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 9 Nov 2017 14:34:06 +0000 Subject: [PATCH 230/504] Correct typo in debugging message --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a0c19c936..abd6f09d0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3752,7 +3752,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) if( 0 != ret ) { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret ); return( ret ); } From 000767123f640648158e4c61564826c9969352ed Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 15 Nov 2017 16:39:08 +0000 Subject: [PATCH 231/504] Add tests for event-driven I/O --- tests/ssl-opt.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5078c0bcd..2ff411092 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2469,6 +2469,64 @@ run_test "Non-blocking I/O: session-id resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +# Tests for event-driven I/O: exercise a variety of handshake flows + +run_test "Event-driven I/O: basic handshake" \ + "$P_SRV event=1 tickets=0 auth_mode=none" \ + "$P_CLI event=1 tickets=0" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: client auth" \ + "$P_SRV event=1 tickets=0 auth_mode=required" \ + "$P_CLI event=1 tickets=0" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: ticket" \ + "$P_SRV event=1 tickets=1 auth_mode=none" \ + "$P_CLI event=1 tickets=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: ticket + client auth" \ + "$P_SRV event=1 tickets=1 auth_mode=required" \ + "$P_CLI event=1 tickets=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: ticket + client auth + resume" \ + "$P_SRV event=1 tickets=1 auth_mode=required" \ + "$P_CLI event=1 tickets=1 reconnect=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: ticket + resume" \ + "$P_SRV event=1 tickets=1 auth_mode=none" \ + "$P_CLI event=1 tickets=1 reconnect=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: session-id resume" \ + "$P_SRV event=1 tickets=0 auth_mode=none" \ + "$P_CLI event=1 tickets=0 reconnect=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + # Tests for version negotiation run_test "Version check: all -> 1.2" \ From 72a4f0338d08712209c909d7cdf9853d2cb4d3cf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 15 Nov 2017 16:39:20 +0000 Subject: [PATCH 232/504] Add tests for UDP proxy packing option --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ff411092..34aa43f99 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3777,6 +3777,22 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" +run_test "DTLS proxy: multiple records in same datagram" \ + -p "$P_PXY pack=10" \ + "$P_SRV dtls=1 debug_level=2" \ + "$P_CLI dtls=1 debug_level=2" \ + 0 \ + -c "next record in same datagram" \ + -s "next record in same datagram" + +run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ + -p "$P_PXY pack=10 duplicate=1" \ + "$P_SRV dtls=1 debug_level=2" \ + "$P_CLI dtls=1 debug_level=2" \ + 0 \ + -c "next record in same datagram" \ + -s "next record in same datagram" + run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ -p "$P_PXY bad_ad=1" \ "$P_SRV dtls=1 debug_level=1" \ From 63073aa3d389500251fcda9bcb0eb3e9d4774f3d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 27 Nov 2017 15:33:18 +0000 Subject: [PATCH 233/504] Don't require P,Q in rsa_private in case of non-blinded non-CRT For non-CRT, P and Q are only used for the purpose of blinding the exponent. --- library/rsa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 56f434563..35ace85c5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -437,8 +437,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 ) + ( f_rng != NULL && mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) || + ( f_rng != NULL && mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 ) ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } From 6e5dd79a437c5ea899b0c14d256caeb4e5f0a1ce Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 28 Nov 2017 14:34:04 +0000 Subject: [PATCH 234/504] Fix compilation warning on MSVC MSVC complains about the negation in `(uint32_t) -1u`. This commit fixes this by using `(uint32_t) -1` instead. --- library/net_sockets.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index edd084416..2d1c1082a 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -471,7 +471,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) tv.tv_usec = ( timeout % 1000 ) * 1000; ret = select( fd + 1, &read_fds, &write_fds, NULL, - timeout == (uint32_t) -1u ? NULL : &tv ); + timeout == (uint32_t) -1 ? NULL : &tv ); if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); From a5e68979cabc0883935fafd3e5cc86418e6a4239 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Dec 2017 08:35:02 +0000 Subject: [PATCH 235/504] Resolve integer type conversion problem on MSVC MSVC rightfully complained that there was some conversion from `size_t` to `unsigned int` that could come with a loss of data. This commit re-types the corresponding struct field `ctx_buffer::len` to `size_t`. Also, the function `ctx_buffer_append` has an integer return value which is supposed to be the (positive) length of the appended data on success, and a check is inserted that the data to be appended does not exceed MAX_INT in length. --- programs/test/udp_proxy.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 0dec40932..5797f3d69 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -311,7 +311,7 @@ typedef struct unsigned num_datagrams; unsigned char data[MAX_MSG_SIZE]; - unsigned len; + size_t len; } ctx_buffer; @@ -323,7 +323,7 @@ static int ctx_buffer_flush( ctx_buffer *buf ) mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n", ellapsed_time(), buf->description, - buf->len, buf->num_datagrams, + (unsigned) buf->len, buf->num_datagrams, ellapsed_time() - buf->packet_lifetime ); ret = mbedtls_net_send( buf->ctx, buf->data, buf->len ); @@ -353,6 +353,9 @@ static int ctx_buffer_append( ctx_buffer *buf, { int ret; + if( len > (size_t) INT_MAX ) + return( -1 ); + if( len > sizeof( buf->data ) ) { mbedtls_printf( " ! buffer size %u too large (max %u)\n", @@ -372,7 +375,7 @@ static int ctx_buffer_append( ctx_buffer *buf, if( ++buf->num_datagrams == 1 ) buf->packet_lifetime = ellapsed_time(); - return( len ); + return( (int) len ); } #endif /* MBEDTLS_TIMING_C */ From 11d3cf477024f3e40d6370833c069176209857ab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2017 15:34:37 +0100 Subject: [PATCH 236/504] Doxygen: don't traverse symbolic links We don't use symbolic links as part of our build process, so tell Doxygen not to traverse them. In particular, if I have a symbolic link to a directory outside the build tree, I don't want Doxygen to follow it. --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 5df1c932d..757a250d2 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -702,7 +702,7 @@ EXCLUDE = configs yotta/module # directories that are symbolic links (a Unix file system feature) are excluded # from the input. -EXCLUDE_SYMLINKS = NO +EXCLUDE_SYMLINKS = YES # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude From b89c472ad5994f3e2e30f51192fe04d49a3da964 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 26 Dec 2017 12:52:53 +0100 Subject: [PATCH 237/504] Improve cmake usage notes in Readme --- README.md | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4270e8069..b9aadc7c0 100644 --- a/README.md +++ b/README.md @@ -84,9 +84,10 @@ In case you find that you need to do something else as well, please let us know ### CMake -In order to build the source using CMake, just enter at the command line: +In order to build the source using CMake in a separate directory (recommended), just enter at the command line: - cmake . + mkdir /path/to/build_dir && cd /path/to/build_dir + cmake /path/to/mbedtls_source make In order to run the tests, enter: @@ -95,7 +96,7 @@ In order to run the tests, enter: The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with: - cmake -DENABLE_TESTING=Off . + cmake -DENABLE_TESTING=Off /path/to/mbedtls_source If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with: @@ -103,7 +104,7 @@ If you disabled the test suites, but kept the programs enabled, you can still ru To configure CMake for building shared libraries, use: - cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . + cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific: @@ -118,16 +119,40 @@ There are many different build modes available within the CMake buildsystem. Mos Switching build modes in CMake is simple. For debug mode, enter at the command line: - cmake -D CMAKE_BUILD_TYPE=Debug . + cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source To list other available CMake options, use: cmake -LH -Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, e.g. (using GNU find): +Note that, with CMake, you can't adjust the compiler of compiler after the +initial invocation of cmake. This means that `CC=your_cc make` and `make +CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables). +These variables need to be adjusted when invoking cmake for the first time, +for example: + + CC=your_cc cmake /path/to/mbedtls_source + +If you already invoked cmake and want to change those settings, you need to +remove the build directory and create it again. + +Note that it is possible to build in-place; this will however overwrite the +provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to +prevent `git status` from showing them as modified). In order to do so, from +the Mbed TLS source directory, use: + + cmake . + make + +If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the +CMake cache. This can be done with the following command using GNU find: find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + - CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake . + +You can not make the desired change: + + CC=your_cc cmake . + make ### Microsoft Visual Studio From 05c92715be05c310bf6e046f2cafcd2569800e58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Dec 2017 09:14:47 +0100 Subject: [PATCH 238/504] readme: clarify CFLAGS prepending/overriding --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b9aadc7c0..d0d81fc76 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,9 @@ You'll still be able to run a much smaller set of tests with: In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available). -Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`. +Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved. + +Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line. Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. @@ -154,6 +156,10 @@ You can not make the desired change: CC=your_cc cmake . make +Regarding variables, also note that if you set CFLAGS when invoking cmake, +your value of CFLAGS doesn't override the content provided by cmake (depending +on the build mode as seen above), it's merely prepended to it. + ### Microsoft Visual Studio The build files for Microsoft Visual Studio are generated for Visual Studio 2010. From 976dd1674a25c242d423503032d446c53f40b4cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jan 2018 10:49:46 +0100 Subject: [PATCH 239/504] Fix typos in previous commits --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d0d81fc76..2c6cc62a0 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,7 @@ To list other available CMake options, use: cmake -LH -Note that, with CMake, you can't adjust the compiler of compiler after the +Note that, with CMake, you can't adjust the compiler or its flags after the initial invocation of cmake. This means that `CC=your_cc make` and `make CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables). These variables need to be adjusted when invoking cmake for the first time, @@ -151,7 +151,7 @@ CMake cache. This can be done with the following command using GNU find: find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + -You can not make the desired change: +You can now make the desired change: CC=your_cc cmake . make From 9736b9d59ab86bd9d7ab00fde866c27fa677f1da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2018 21:54:17 +0100 Subject: [PATCH 240/504] all.sh --keep-going: work if TERM is unset --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2ea31dbc2..945d40485 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -328,7 +328,7 @@ if [ $KEEP_GOING -eq 1 ]; then start_red= end_color= if [ -t 1 ]; then - case "$TERM" in + case "${TERM:-}" in *color*|cygwin|linux|rxvt*|screen|[Eex]term*) start_red=$(printf '\033[31m') end_color=$(printf '\033[0m') From 4e5d23fad792ebfcfcd1ef07c87abfab06c8fe4e Mon Sep 17 00:00:00 2001 From: Johannes H Date: Sat, 6 Jan 2018 09:46:57 +0100 Subject: [PATCH 241/504] corrected a typo in a comment --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 554348f1b..acafb0504 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -937,7 +937,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #endif /* - * We don't support compression with DTLS right now: is many records come + * We don't support compression with DTLS right now: if many records come * in the same datagram, uncompressing one could overwrite the next one. * We don't want to add complexity for handling that case unless there is * an actual need for it. From 5e9f14d4d988222aacb49b8eb15eedd266e9f147 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 28 May 2017 10:46:38 +0300 Subject: [PATCH 242/504] Set correct minimal versions in default conf Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1` --- ChangeLog | 26 +++++++++++++++----------- include/mbedtls/ssl_internal.h | 3 +++ library/ssl_tls.c | 10 ++++++++-- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index a6fa6bbda..6dab645dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,17 +41,6 @@ New deprecations * Direct manipulation of structure fields of RSA contexts is deprecated. Users are advised to use the extended RSA API instead. -API Changes - * Extend RSA interface by multiple functions allowing structure- - independent setup and export of RSA contexts. Most notably, - mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting - up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup private RSA - contexts from keys consisting of N,D,E only, even if P,Q are needed for the - purpose or CRT and/or blinding. - * The configuration option MBEDTLS_RSA_ALT can be used to define alternative - implementations of the RSA interface declared in rsa.h. - Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. @@ -101,6 +90,10 @@ Bugfix RSA test suite where the failure of CTR DRBG initialization lead to freeing an RSA context and several MPI's without proper initialization beforehand. + * Fix setting version TLSv1 as minimal version, even if TLS 1 + is not enabled. Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` + and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead + of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1` Changes * Extend cert_write example program by options to set the CRT version @@ -114,6 +107,17 @@ Changes * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. +API Changes + * Extend RSA interface by multiple functions allowing structure- + independent setup and export of RSA contexts. Most notably, + mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting + up RSA contexts from partial key material and having them completed to the + needs of the implementation automatically. This allows to setup private RSA + contexts from keys consisting of N,D,E only, even if P,Q are needed for the + purpose or CRT and/or blinding. + * The configuration option MBEDTLS_RSA_ALT can be used to define alternative + implementations of the RSA interface declared in rsa.h. + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 756360b18..56e376b88 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -69,6 +69,9 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */ +#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 +#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 + /* Determine maximum supported version */ #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2690e4673..bc98708f6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7602,8 +7602,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, * Default */ default: - conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; - conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */ + conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION > + MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ? + MBEDTLS_SSL_MIN_MAJOR_VERSION : + MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION; + conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION > + MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ? + MBEDTLS_SSL_MIN_MINOR_VERSION : + MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; From 9cf1f96a7b4d6dc5e9bb38cb41b407aa65cfeca2 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 30 Jan 2017 14:34:25 +0000 Subject: [PATCH 243/504] Fix corner case uses of memory_buffer_alloc.c The corner cases fixed include: * Allocating a buffer of size 0. With this change, the allocator now returns a NULL pointer in this case. Note that changes in pem.c and x509_crl.c were required to fix tests that did not work under this assumption. * Initialising the allocator with less memory than required for headers. * Fix header chain checks for uninitialised allocator. --- ChangeLog | 2 ++ library/memory_buffer_alloc.c | 29 ++++++++++++++++++----------- library/pem.c | 4 ++-- library/x509_crl.c | 4 ++-- 4 files changed, 24 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index a200d51fb..4aa66fd82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,8 @@ Bugfix * Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue. * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c. Found and fixed by Martijn de Milliano. + * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found + by Guido Vranken. #639 Changes * Extend cert_write example program by options to set the CRT version diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 545d5a2c3..0d3342dea 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -182,9 +182,9 @@ static int verify_header( memory_header *hdr ) static int verify_chain() { - memory_header *prv = heap.first, *cur = heap.first->next; + memory_header *prv = heap.first, *cur; - if( verify_header( heap.first ) != 0 ) + if( heap.first == NULL || verify_header( heap.first ) != 0 ) { #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_fprintf( stderr, "FATAL: verification of first header " @@ -202,6 +202,8 @@ static int verify_chain() return( 1 ); } + cur = heap.first->next; + while( cur != NULL ) { if( verify_header( cur ) != 0 ) @@ -245,7 +247,9 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) original_len = len = n * size; - if( n != 0 && len / n != size ) + if( n == 0 || size == 0 || len / n != size ) + return( NULL ); + else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE ) return( NULL ); if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) @@ -386,7 +390,7 @@ static void buffer_alloc_free( void *ptr ) if( ptr == NULL || heap.buf == NULL || heap.first == NULL ) return; - if( p < heap.buf || p > heap.buf + heap.len ) + if( p < heap.buf || p >= heap.buf + heap.len ) { #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed " @@ -570,8 +574,7 @@ static void buffer_alloc_free_mutexed( void *ptr ) void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) { - memset( &heap, 0, sizeof(buffer_alloc_ctx) ); - memset( buf, 0, len ); + memset( &heap, 0, sizeof( buffer_alloc_ctx ) ); #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_init( &heap.mutex ); @@ -581,20 +584,24 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free ); #endif - if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) + if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE ) + return; + else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) { /* Adjust len first since buf is used in the computation */ len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE - - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; + - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE - - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; + - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; } + memset( buf, 0, len ); + heap.buf = buf; heap.len = len; - heap.first = (memory_header *) buf; - heap.first->size = len - sizeof(memory_header); + heap.first = (memory_header *)buf; + heap.first->size = len - sizeof( memory_header ); heap.first->magic1 = MAGIC1; heap.first->magic2 = MAGIC2; heap.first_free = heap.first; diff --git a/library/pem.c b/library/pem.c index 87401ba55..d726bd61b 100644 --- a/library/pem.c +++ b/library/pem.c @@ -423,7 +423,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, unsigned char *buf, size_t buf_len, size_t *olen ) { int ret; - unsigned char *encode_buf, *c, *p = buf; + unsigned char *encode_buf = NULL, *c, *p = buf; size_t len = 0, use_len, add_len = 0; mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len ); @@ -435,7 +435,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } - if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) + if( use_len != 0 && ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data, diff --git a/library/x509_crl.c b/library/x509_crl.c index 55d12acd0..c302bb2fb 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -257,7 +257,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, { int ret; size_t len; - unsigned char *p, *end; + unsigned char *p = NULL, *end; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; mbedtls_x509_crl *crl = chain; @@ -294,7 +294,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /* * Copy raw DER-encoded CRL */ - if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) + if( buflen != 0 && ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); From 8ec3bfe1800d7b18e24d9439b641e91c4dd408ed Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 30 Jan 2017 14:35:08 +0000 Subject: [PATCH 244/504] Test corner case uses of memory_buffer_alloc.c --- .../test_suite_memory_buffer_alloc.data | 5 ++++ .../test_suite_memory_buffer_alloc.function | 28 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data index 8d3813a7b..d59f1135a 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.data +++ b/tests/suites/test_suite_memory_buffer_alloc.data @@ -16,3 +16,8 @@ memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0 Memory buffer alloc - Out of Memory test memory_buffer_alloc_oom_test: +Memory buffer small buffer +memory_buffer_small_buffer: + +Memory buffer underalloc +memory_buffer_underalloc: diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index a0c70d8a2..09684c1d4 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -232,3 +232,31 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_small_buffer( ) +{ + unsigned char buf[1]; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_underalloc( ) +{ + unsigned char buf[100]; + size_t i; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + for( i = 1; i < MBEDTLS_MEMORY_ALIGN_MULTIPLE; i++ ) + { + TEST_ASSERT( mbedtls_calloc( 1, + (size_t)-( MBEDTLS_MEMORY_ALIGN_MULTIPLE - i ) ) == NULL ); + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + +exit: + mbedtls_memory_buffer_alloc_free(); +} +/* END_CASE */ From f1ee63562aa6bd42603adc61cda158b9fe109360 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 6 Jul 2017 10:06:58 +0100 Subject: [PATCH 245/504] Style fixes in pem, x509_crl and buf_alloc --- library/memory_buffer_alloc.c | 2 +- library/pem.c | 3 ++- library/x509_crl.c | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 0d3342dea..1cfc27ca6 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -184,7 +184,7 @@ static int verify_chain() { memory_header *prv = heap.first, *cur; - if( heap.first == NULL || verify_header( heap.first ) != 0 ) + if( prv == NULL || verify_header( prv ) != 0 ) { #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_fprintf( stderr, "FATAL: verification of first header " diff --git a/library/pem.c b/library/pem.c index d726bd61b..7b3ae8d3d 100644 --- a/library/pem.c +++ b/library/pem.c @@ -435,7 +435,8 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } - if( use_len != 0 && ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) + if( use_len != 0 && + ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data, diff --git a/library/x509_crl.c b/library/x509_crl.c index c302bb2fb..8f98d8c92 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -257,7 +257,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, { int ret; size_t len; - unsigned char *p = NULL, *end; + unsigned char *p = NULL, *end = NULL; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; mbedtls_x509_crl *crl = chain; @@ -294,7 +294,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /* * Copy raw DER-encoded CRL */ - if( buflen != 0 && ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) + if( buflen != 0 && ( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); From cb5123fa86982c75f2c8061b58ac51c9e9938fdb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Dec 2017 09:39:23 +0000 Subject: [PATCH 246/504] Ensure memcpy is not called with NULL and 0 args in x509 module --- library/x509_crl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index 8f98d8c92..9422457b5 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -294,7 +294,9 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /* * Copy raw DER-encoded CRL */ - if( buflen != 0 && ( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) ) + if( buflen == 0 ) + return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + else if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); From c9d6226d2c7b7a99be6694c6014e4e4be1cc69d7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 12 Dec 2017 20:15:03 +0000 Subject: [PATCH 247/504] Change formatting of allocation check in x509_crl --- library/x509_crl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index 9422457b5..0bb7236bd 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -296,7 +296,9 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, */ if( buflen == 0 ) return( MBEDTLS_ERR_X509_INVALID_FORMAT ); - else if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) + + p = mbedtls_calloc( 1, buflen ); + if( p == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); From e9124b943da5c30899cc75294f390d46ea23c995 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 23 Jan 2018 20:03:52 +0000 Subject: [PATCH 248/504] Ensure that mbedtls_pk_parse_key() does not allocate 0 bytes --- library/pkparse.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index f97d89ea1..491cecf50 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1274,6 +1274,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, { unsigned char *key_copy; + if( keylen == 0 ) + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) return( MBEDTLS_ERR_PK_ALLOC_FAILED ); From 8db3efbc76243971adcae0d5abe439bc3af931f9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Feb 2018 19:16:20 +0100 Subject: [PATCH 249/504] Add missing MBEDTLS_DEPRECATED_REMOVED guards Add missing MBEDTLS_DEPRECATED_REMOVED guards around the definitions of mbedtls_aes_decrypt and mbedtls_aes_encrypt. This fixes the build under -Wmissing-prototypes -Werror. Fixes #1388 --- ChangeLog | 2 ++ library/aes.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5f49c0beb..9a61ec31d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Bugfix * Fix the name of a DHE parameter that was accidentally changed in 2.7.0. Fixes #1358. * Fix test_suite_pk to work on 64-bit ILP32 systems. #849 + * Don't define mbedtls_aes_decrypt and mbedtls_aes_encrypt under + MBEDTLS_DEPRECATED_REMOVED. #1388 Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. diff --git a/library/aes.c b/library/aes.c index dba4a5f57..3d2eac82d 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,12 +765,14 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { mbedtls_internal_aes_encrypt( ctx, input, output ); } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /* * AES-ECB block decryption @@ -831,12 +833,14 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { mbedtls_internal_aes_decrypt( ctx, input, output ); } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /* * AES-ECB block encryption/decryption From 4bbaeb4ffafb57ca8e7901995ae274b05be4572b Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 22 Feb 2018 04:29:04 -0800 Subject: [PATCH 250/504] Add guard to out_left to avoid negative values return error when f_send return a value greater than out_left --- ChangeLog | 2 ++ library/ssl_tls.c | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index 708ecad7e..d82600c07 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ Changes Contributed by Mathieu Briand. * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. * Remove support for the library reference configuration for picocoin. + * Add guard to validate that out_left can not be negative. Raised by + samoconnor in #1245. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 617dedb1b..1de5eaab6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2469,6 +2469,12 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); + if( (size_t)ret > ssl->out_left ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned value greater than out left size" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + ssl->out_left -= ret; } From 060fe37496eba7703af6cd70ae3b8dfe50719ea0 Mon Sep 17 00:00:00 2001 From: ILUXONCHIK Date: Sun, 25 Feb 2018 20:59:09 +0000 Subject: [PATCH 251/504] fix typo in pem.c --- library/pem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pem.c b/library/pem.c index c09651f4a..30ae35b7c 100644 --- a/library/pem.c +++ b/library/pem.c @@ -403,7 +403,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases. * - * Use that as heurisitic to try detecting password mismatchs. + * Use that as a heuristic to try to detect password mismatches. */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { From 5bd15cbfa09bc85b77c905ebff0bd5b57bab3888 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 28 Feb 2018 04:30:59 -0800 Subject: [PATCH 252/504] Avoid wraparound for ssl->in_left Add check to avoid wraparound for ssl->in_left --- library/ssl_tls.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1de5eaab6..0d0660e6f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2422,6 +2422,14 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); + // At this point ret value is positive, verify that adding ret + // value to ssl->in_left doesn't cause a wraparound + if (ssl->in_left + (size_t)ret < ssl->in_left) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "wraparound happened over in_left value" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + ssl->in_left += ret; } } From 693a1d9ca703c902058ad00f6ecedf39f329c855 Mon Sep 17 00:00:00 2001 From: itayzafrir Date: Mon, 26 Feb 2018 12:02:10 +0200 Subject: [PATCH 253/504] Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig. Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig. --- ChangeLog | 2 ++ tests/suites/test_suite_pk.function | 14 +++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 13203a5cf..716567b04 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ Bugfix with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. In the context of SSL, this resulted in handshake failure. #1351 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 + * In test_suite_pk pass valid parameters when testing for hash length + overflow. #1179 Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2180f5c8e..421227f5e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -417,11 +417,15 @@ exit: void pk_rsa_overflow( ) { mbedtls_pk_context pk; - size_t hash_len = SIZE_MAX; + size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX; + unsigned char hash[50], sig[100]; if( SIZE_MAX <= UINT_MAX ) return; + memset( hash, 0x2a, sizeof hash ); + memset( sig, 0, sizeof sig ); + mbedtls_pk_init( &pk ); TEST_ASSERT( mbedtls_pk_setup( &pk, @@ -429,14 +433,14 @@ void pk_rsa_overflow( ) #if defined(MBEDTLS_PKCS1_V21) TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk, - MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) == + MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* MBEDTLS_PKCS1_V21 */ - TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len, - NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len, + sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0, + TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len, rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); exit: From 7deee20cd26d0b54e025f86a0d8727bf865991ae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 25 Sep 2017 10:46:20 +0100 Subject: [PATCH 254/504] Add ChangeLog entry for previous security fix Fixes #825 --- ChangeLog | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 68fb6f5e9..4ee9ea8c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,22 +1,18 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.7.x branch released 2018-xx-xx - -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). += mbed TLS x.x.x branch released xxxx-xx-xx Security * Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix a bug in the X.509 module potentially leading to a buffer overread + during CRT verification or to invalid or omitted checks for certificate + validity. The former can be triggered remotely, while the latter requires + a non DER-compliant certificate correctly signed by a trusted CA, or a + trusted CA with a non DER-compliant certificate. Found by luocm on GitHub. + Fixes #825. Features * Extend PKCS#8 interface by introducing support for the entire SHA @@ -44,6 +40,16 @@ Changes * MD functions deprecated in 2.7.0 are no longer inline, to provide a migration path for those depending on the library's ABI. +Default behavior changes + * The truncated HMAC extension now conforms to RFC 6066. This means + that when both sides of a TLS connection negotiate the truncated + HMAC extension, Mbed TLS can now interoperate with other + compliant implementations, but this breaks interoperability with + prior versions of Mbed TLS. To restore the old behavior, enable + the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in + config.h. Found by Andreas Walz (ivESK, Offenburg University of + Applied Sciences). + = mbed TLS 2.7.0 branch released 2018-02-03 Security From f5bb78183a2a9d8fe3ca5adb154ea7d48ddba28a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Mar 2018 12:48:53 +0100 Subject: [PATCH 255/504] Fix MSVC warnings library\x509_crt.c(2137): warning C4267: 'function' : conversion from 'size_t' to 'int', possible loss of data library\x509_crt.c(2265): warning C4267: 'function' : conversion from 'size_t' to 'int', possible loss of data --- library/x509_crt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5625b94d0..30ec120a2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2009,8 +2009,8 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, int *parent_is_trusted, - int path_cnt, - int self_cnt ) + size_t path_cnt, + size_t self_cnt ) { mbedtls_x509_crt *parent; @@ -2096,7 +2096,7 @@ static int x509_crt_verify_chain( mbedtls_x509_crt *parent; int parent_is_trusted = 0; int child_is_trusted = 0; - int self_cnt = 0; + size_t self_cnt = 0; child = crt; *chain_len = 0; @@ -2262,7 +2262,7 @@ static int x509_crt_merge_flags_with_cb( cur_flags = ver_chain[i-1].flags; if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, i-1, &cur_flags ) ) != 0 ) + if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, (int) i-1, &cur_flags ) ) != 0 ) return( ret ); *flags |= cur_flags; From 8c661b90c71c60a25767c2c5e586750caabc1fc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Mar 2018 10:00:00 +0100 Subject: [PATCH 256/504] Fix section order in the ChangeLog --- ChangeLog | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4ee9ea8c3..a319cf264 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Default behavior changes + * The truncated HMAC extension now conforms to RFC 6066. This means + that when both sides of a TLS connection negotiate the truncated + HMAC extension, Mbed TLS can now interoperate with other + compliant implementations, but this breaks interoperability with + prior versions of Mbed TLS. To restore the old behavior, enable + the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in + config.h. Found by Andreas Walz (ivESK, Offenburg University of + Applied Sciences). + Security * Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the @@ -40,16 +50,6 @@ Changes * MD functions deprecated in 2.7.0 are no longer inline, to provide a migration path for those depending on the library's ABI. -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). - = mbed TLS 2.7.0 branch released 2018-02-03 Security From 05c00ed8b228ef632a299259650faed18f8d960b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Mar 2018 11:33:06 +0100 Subject: [PATCH 257/504] Fix some more MSVC size_t -> int warnings --- library/x509_crt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 30ec120a2..4c959b0fa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1957,8 +1957,8 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, int top, - int path_cnt, - int self_cnt ) + size_t path_cnt, + size_t self_cnt ) { mbedtls_x509_crt *parent, *badtime_parent = NULL; @@ -1970,7 +1970,7 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, /* +1 because stored max_pathlen is 1 higher that the actual value */ if( parent->max_pathlen > 0 && - parent->max_pathlen < 1 + path_cnt - self_cnt ) + (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) { continue; } From cf092b2ccf6fe88ec7b6e075aa89d93cadaa059a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 6 Mar 2018 14:23:38 +0000 Subject: [PATCH 258/504] Deprecate support for record compression --- ChangeLog | 4 ++++ include/mbedtls/check_config.h | 8 ++++++++ include/mbedtls/config.h | 3 +++ 3 files changed, 15 insertions(+) diff --git a/ChangeLog b/ChangeLog index 68fb6f5e9..75a8f1186 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,10 @@ Features OpenVPN Inc. Fixes #1339 * Add support for public keys encoded in PKCS#1 format. #1122 +New deprecations + * Deprecate support for record compression (configuration option + MBEDTLS_ZLIB_SUPPORT). + Bugfix * Fix the name of a DHE parameter that was accidentally changed in 2.7.0. Fixes #1358. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index be8033296..655612e20 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -66,6 +66,14 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif +#if defined(MBEDTLS_ZLIB_SUPPORT) && defined(MBEDTLS_DEPRECATED_WARNING) +#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will likely be removed in a future version of the library" +#endif + +#if defined(MBEDTLS_ZLIB_SUPPORT) && defined(MBEDTLS_DEPRECATED_REMOVED) +#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set" +#endif + #if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_AESNI_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1c98558eb..05f67fa3c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1541,6 +1541,9 @@ * * \note Currently compression can't be used with DTLS. * + * \deprecated This feature is deprecated and will likely be removed + * in a future version of the library. + * * Used in: library/ssl_tls.c * library/ssl_cli.c * library/ssl_srv.c From b2b29d52592b1c632f0b4b79f7c11c74f0798459 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Mon, 21 Aug 2017 15:58:12 +0100 Subject: [PATCH 259/504] Add end-of-buffer check to prevent heap-buffer-overflow Dereference of *p should not happen when it points past the end of the buffer. Internal reference: IOTSSL-1663 --- library/pkparse.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index b4def4f91..89a0c5dbf 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -181,6 +181,9 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, { int ret; + if ( end - *p < 1 ) + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + /* Tag may be either OID or SEQUENCE */ params->tag = **p; if( params->tag != MBEDTLS_ASN1_OID From 7b2e85dd7ccb4c253df76ac0517841874bf72e17 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Wed, 30 Aug 2017 21:10:42 +0100 Subject: [PATCH 260/504] Use both applicable error codes and a proper coding style --- library/pkparse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 89a0c5dbf..6e22ce4f7 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -182,7 +182,8 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, int ret; if ( end - *p < 1 ) - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_OUT_OF_DATA ); /* Tag may be either OID or SEQUENCE */ params->tag = **p; From 90da97d587b1eef67a6742605c891a086f7fb710 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Thu, 31 Aug 2017 12:57:35 +0100 Subject: [PATCH 261/504] Add test case found through fuzzing to pkparse test suite --- tests/suites/test_suite_pkparse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 416f9dfe4..e420fb04e 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -486,3 +486,6 @@ pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100": Key ASN1 (RSAPrivateKey, values present, check_privkey fails) pk_parse_key_rsa:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Key ASN1 (heap-buffer-overflow, unchecked access of tag) +pk_parse_key_rsa:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT From 52895b2b2e2328d0cebdba102ea2f57136ec7175 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Tue, 5 Sep 2017 17:00:54 +0100 Subject: [PATCH 262/504] Add Changelog entry --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db021591..f835e4aa7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix a heap-buffer-overflow during private key parsing. Found through + fuzzing. + = mbed TLS 2.7.0 branch released 2018-02-03 Security From cf79312a6d3688637b6e2dbaf35b7c319fa8e02c Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Thu, 7 Sep 2017 16:33:44 +0100 Subject: [PATCH 263/504] Update changelog entry --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f835e4aa7..64361bed9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Fix a heap-buffer-overflow during private key parsing. Found through - fuzzing. + * Fix a 1-byte heap buffer overflow (read-only) during private key parsing. + Found through fuzz testing. = mbed TLS 2.7.0 branch released 2018-02-03 From bb50113123df6b4d53f28cee14df23ff04a4a710 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Thu, 7 Sep 2017 16:44:06 +0100 Subject: [PATCH 264/504] Rename test and update dependencies --- tests/suites/test_suite_pkparse.data | 25 +++++++++++++++--------- tests/suites/test_suite_pkparse.function | 4 ++-- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index e420fb04e..932d8907b 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -467,25 +467,32 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MB pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 Key ASN1 (Incorrect first tag) -pk_parse_key_rsa:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +pk_parse_key:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, incorrect version tag) -pk_parse_key_rsa:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, version tag missing) -pk_parse_key_rsa:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, invalid version) -pk_parse_key_rsa:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, correct version, incorrect tag) -pk_parse_key_rsa:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, values present, length mismatch) -pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, values present, check_privkey fails) -pk_parse_key_rsa:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Key ASN1 (heap-buffer-overflow, unchecked access of tag) -pk_parse_key_rsa:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +Key ASN1 (ECPrivateKey, empty parameters) +depends_on:MBEDTLS_ECP_C +pk_parse_key:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 4f1a61606..59f7877fc 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -113,8 +113,8 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ -void pk_parse_key_rsa( char *key_data, char *result_str, int result ) +/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */ +void pk_parse_key( char *key_data, char *result_str, int result ) { mbedtls_pk_context pk; unsigned char buf[2000]; From 22797fcc57a59321d2cc18d37bac43c44474edb2 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Fri, 8 Sep 2017 10:58:37 +0100 Subject: [PATCH 265/504] Remove redundant dependency --- tests/suites/test_suite_pkparse.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 59f7877fc..94d25e7eb 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -113,7 +113,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE */ void pk_parse_key( char *key_data, char *result_str, int result ) { mbedtls_pk_context pk; From e57d7438b02e05abfbc81078575f62c9fa5d5b22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 7 Mar 2018 10:00:57 +0100 Subject: [PATCH 266/504] Improve documentation of some internal functions --- library/x509_crt.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index 4c959b0fa..24222d67c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1953,6 +1953,19 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * way we select the correct one is by checking the signature (as we don't * rely on key identifier extensions). (This is one way users might choose to * handle key rollover, another relies on self-issued certs, see [SIRO].) + * + * Arguments: + * - [in] child: certificate for which we're looking for a parent + * - [in] candidates: chained list of potential parents + * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top + * of the chain, 0 otherwise + * - [in] path_cnt: number of intermediates seen so far + * - [in] self_cnt: number of self-signed intermediates seen so far + * (will never be greater than path_cnt) + * + * Return value: + * - the first suitable parent found (see above regarding time-validity) + * - NULL if no suitable parent was found */ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, @@ -2005,6 +2018,19 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, * * Searches in trusted CAs first, and return the first suitable parent found * (see find_parent_in() for definition of suitable). + * + * Arguments: + * - [in] child: certificate for which we're looking for a parent, followed + * by a chain of possible intermediates + * - [in] trust_ca: locally trusted CAs + * - [out] 1 if parent was found in trust_ca, 0 if found in provided chain + * - [in] path_cnt: number of intermediates seen so far + * - [in] self_cnt: number of self-signed intermediates seen so far + * (will always be no greater than path_cnt) + * + * Return value: + * - the first suitable parent found (see find_parent_in() for "suitable") + * - NULL if no suitable parent was found */ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, From e494e20f0c39499badb1a52eaafea23d2f7b02db Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 8 Mar 2018 13:26:12 +0000 Subject: [PATCH 267/504] Move and reword deprecation warning/error on compression support --- include/mbedtls/check_config.h | 8 -------- include/mbedtls/config.h | 4 ++-- include/mbedtls/ssl.h | 9 +++++++++ 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 655612e20..be8033296 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -66,14 +66,6 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif -#if defined(MBEDTLS_ZLIB_SUPPORT) && defined(MBEDTLS_DEPRECATED_WARNING) -#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will likely be removed in a future version of the library" -#endif - -#if defined(MBEDTLS_ZLIB_SUPPORT) && defined(MBEDTLS_DEPRECATED_REMOVED) -#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set" -#endif - #if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_AESNI_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 05f67fa3c..d47e9c7af 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1541,8 +1541,8 @@ * * \note Currently compression can't be used with DTLS. * - * \deprecated This feature is deprecated and will likely be removed - * in a future version of the library. + * \deprecated This feature is deprecated and will be removed + * in the next major revision of the library. * * Used in: library/ssl_tls.c * library/ssl_cli.c diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 51e843ae2..a67971722 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -49,6 +49,15 @@ #endif #if defined(MBEDTLS_ZLIB_SUPPORT) + +#if defined(MBEDTLS_DEPRECATED_WARNING) +#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library" +#endif + +#if defined(MBEDTLS_DEPRECATED_REMOVED) +#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set" +#endif + #include "zlib.h" #endif From 6f486a6fb5c7311a8d07913778b53f128ec37cd8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 8 Mar 2018 13:31:44 +0000 Subject: [PATCH 268/504] Fix merge error --- tests/scripts/all.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 140a90f09..e60530fd7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -881,8 +881,5 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup -<<<<<<< HEAD -======= final_report ->>>>>>> development-restricted From 1ed45ea36b345327d4f6af0344fc0518b22872fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Mar 2018 18:16:45 +0100 Subject: [PATCH 269/504] Refer to X.690 by number It's easier to identify and find by number than by its very wordy title, especially as there was a typo in the title. --- include/mbedtls/asn1.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 75b7b3dfb..86b50e6c8 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -90,9 +90,8 @@ /* * Bit masks for each of the components of an ASN.1 tag as specified in - * Information technnology - ASN.1 encoding rules: Specification of Basic - * Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished - * encoding rules (DER) Section 8.1.2.2: + * ITU X.690 (08/2015), section 8.1 "General rules for encoding", + * paragraph 8.1.2.2: * * Bit 8 7 6 5 1 * +-------+-----+------------+ From e61514d70d3987fa750c3e3a63d7e19c6444d2b6 Mon Sep 17 00:00:00 2001 From: Brendan Shanks Date: Thu, 8 Mar 2018 17:40:56 -0800 Subject: [PATCH 270/504] benchmark: Fix incompatibility with C89 compilers Initializing arrays using non-constant expressions is not permitted in C89, and was causing errors when compiling with Metrowerks CodeWarrior (for classic MacOS) in C89 mode. Clang also produces a warning when compiling with '-Wc99-extensions': test/benchmark.c:670:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions] const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; ^~~~~~~~~~ test/benchmark.c:674:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions] const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 }; ^~~~~~~~~~ Declaring the arrays as 'static' makes them constant expressions. fixes #1353 --- programs/test/benchmark.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 2864caf84..1945b30d9 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -658,13 +658,13 @@ int main( int argc, char *argv[] ) if( todo.dhm ) { int dhm_sizes[] = { 2048, 3072 }; - const unsigned char dhm_P_2048[] = + static const unsigned char dhm_P_2048[] = MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - const unsigned char dhm_P_3072[] = + static const unsigned char dhm_P_3072[] = MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN; - const unsigned char dhm_G_2048[] = + static const unsigned char dhm_G_2048[] = MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - const unsigned char dhm_G_3072[] = + static const unsigned char dhm_G_3072[] = MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN; const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; From 7c2dd5890f945006d838089220c92e66cc1fba66 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 1 Mar 2018 14:53:49 +0000 Subject: [PATCH 271/504] Add script for ABI compatibility checking --- scripts/abi_check.py | 233 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100755 scripts/abi_check.py diff --git a/scripts/abi_check.py b/scripts/abi_check.py new file mode 100755 index 000000000..0f063a3f3 --- /dev/null +++ b/scripts/abi_check.py @@ -0,0 +1,233 @@ +#!/usr/bin/env python3 + +# This script is a small wrapper around the abi-compliance-checker and +# abi-dumper tools, applying them to compare the ABI and API of the library +# files from two different Git revisions within an Mbed TLS repository. +# The results of the comparison are formatted as HTML and stored at +# a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, +# and 2 if there is an error while running the script. +# Note: must be run from Mbed TLS root. + +import os +import sys +import traceback +import shutil +import subprocess +import argparse +import logging +import tempfile + + +class AbiChecker(object): + + def __init__(self, report_dir, old_rev, new_rev, keep_all_reports): + self.repo_path = "." + self.log = None + self.setup_logger() + self.report_dir = os.path.abspath(report_dir) + self.keep_all_reports = keep_all_reports + self.should_keep_report_dir = os.path.isdir(self.report_dir) + self.old_rev = old_rev + self.new_rev = new_rev + self.mbedtls_modules = ["libmbedcrypto", "libmbedtls", "libmbedx509"] + self.old_dumps = {} + self.new_dumps = {} + self.git_command = "git" + self.make_command = "make" + + def check_repo_path(self): + if not __file__ == os.path.join(".", "scripts", "abi_check.py"): + raise Exception("Must be run from Mbed TLS root") + + def setup_logger(self): + self.log = logging.getLogger() + self.log.setLevel(logging.INFO) + self.log.addHandler(logging.StreamHandler()) + + def check_abi_tools_are_installed(self): + for command in ["abi-dumper", "abi-compliance-checker"]: + if not shutil.which(command): + raise Exception("{} not installed, aborting".format(command)) + + def get_clean_worktree_for_git_revision(self, git_rev): + self.log.info( + "Checking out git worktree for revision {}".format(git_rev) + ) + git_worktree_path = tempfile.mkdtemp() + worktree_process = subprocess.Popen( + [self.git_command, "worktree", "add", git_worktree_path, git_rev], + cwd=self.repo_path, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + worktree_output, _ = worktree_process.communicate() + self.log.info(worktree_output.decode("utf-8")) + if worktree_process.returncode != 0: + raise Exception("Checking out worktree failed, aborting") + return git_worktree_path + + def build_shared_libraries(self, git_worktree_path): + my_environment = os.environ.copy() + my_environment["CFLAGS"] = "-g -Og" + my_environment["SHARED"] = "1" + make_process = subprocess.Popen( + self.make_command, + env=my_environment, + cwd=git_worktree_path, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + make_output, _ = make_process.communicate() + self.log.info(make_output.decode("utf-8")) + if make_process.returncode != 0: + raise Exception("make failed, aborting") + + def get_abi_dumps_from_shared_libraries(self, git_ref, git_worktree_path): + abi_dumps = {} + for mbed_module in self.mbedtls_modules: + output_path = os.path.join( + self.report_dir, "{}-{}.dump".format(mbed_module, git_ref) + ) + abi_dump_command = [ + "abi-dumper", + os.path.join( + git_worktree_path, "library", mbed_module + ".so"), + "-o", output_path, + "-lver", git_ref + ] + abi_dump_process = subprocess.Popen( + abi_dump_command, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + abi_dump_output, _ = abi_dump_process.communicate() + self.log.info(abi_dump_output.decode("utf-8")) + if abi_dump_process.returncode != 0: + raise Exception("abi-dumper failed, aborting") + abi_dumps[mbed_module] = output_path + return abi_dumps + + def cleanup_worktree(self, git_worktree_path): + shutil.rmtree(git_worktree_path) + worktree_process = subprocess.Popen( + [self.git_command, "worktree", "prune"], + cwd=self.repo_path, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + worktree_output, _ = worktree_process.communicate() + self.log.info(worktree_output.decode("utf-8")) + if worktree_process.returncode != 0: + raise Exception("Worktree cleanup failed, aborting") + + def get_abi_dump_for_ref(self, git_rev): + git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev) + self.build_shared_libraries(git_worktree_path) + abi_dumps = self.get_abi_dumps_from_shared_libraries( + git_rev, git_worktree_path + ) + self.cleanup_worktree(git_worktree_path) + return abi_dumps + + def get_abi_compatibility_report(self): + compatibility_report = "" + compliance_return_code = 0 + for mbed_module in self.mbedtls_modules: + output_path = os.path.join( + self.report_dir, "{}-{}-{}.html".format( + mbed_module, self.old_rev, self.new_rev + ) + ) + abi_compliance_command = [ + "abi-compliance-checker", + "-l", mbed_module, + "-old", self.old_dumps[mbed_module], + "-new", self.new_dumps[mbed_module], + "-strict", + "-report-path", output_path + ] + abi_compliance_process = subprocess.Popen( + abi_compliance_command, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + abi_compliance_output, _ = abi_compliance_process.communicate() + self.log.info(abi_compliance_output.decode("utf-8")) + if abi_compliance_process.returncode == 0: + compatibility_report += ( + "No compatibility issues for {}\n".format(mbed_module) + ) + if not self.keep_all_reports: + os.remove(output_path) + elif abi_compliance_process.returncode == 1: + compliance_return_code = 1 + self.should_keep_report_dir = True + compatibility_report += ( + "Compatibility issues found for {}, " + "for details see {}\n".format(mbed_module, output_path) + ) + else: + raise Exception( + "abi-compliance-checker failed with a return code of {}," + " aborting".format(abi_compliance_process.returncode) + ) + os.remove(self.old_dumps[mbed_module]) + os.remove(self.new_dumps[mbed_module]) + if not self.should_keep_report_dir and not self.keep_all_reports: + os.rmdir(self.report_dir) + self.log.info(compatibility_report) + return compliance_return_code + + def check_for_abi_changes(self): + self.check_repo_path() + self.check_abi_tools_are_installed() + self.old_dumps = self.get_abi_dump_for_ref(self.old_rev) + self.new_dumps = self.get_abi_dump_for_ref(self.new_rev) + return self.get_abi_compatibility_report() + + +def run_main(): + try: + parser = argparse.ArgumentParser( + description=( + "This script is a small wrapper around the " + "abi-compliance-checker and abi-dumper tools, applying them " + "to compare the ABI and API of the library files from two " + "different Git revisions within an Mbed TLS repository." + " The results of the comparison are formatted as HTML and" + " stored at a configurable location. Returns 0 on success, " + "1 on ABI/API non-compliance, and 2 if there is an error " + "while running the script. # Note: must be run from " + "Mbed TLS root." + ) + ) + parser.add_argument( + "-r", "--report_dir", type=str, default="reports", + help="directory where reports are stored, default is reports", + ) + parser.add_argument( + "-k", "--keep_all_reports", action="store_true", + help="keep all reports, even if there are no compatibility issues", + ) + parser.add_argument( + "-o", "--old_rev", type=str, help="revision for old version", + required=True + ) + parser.add_argument( + "-n", "--new_rev", type=str, help="revision for new version", + required=True + ) + abi_args = parser.parse_args() + abi_check = AbiChecker( + abi_args.report_dir, abi_args.old_rev, + abi_args.new_rev, abi_args.keep_all_reports + ) + return_code = abi_check.check_for_abi_changes() + sys.exit(return_code) + except Exception as error: + traceback.print_exc(error) + sys.exit(2) + + +if __name__ == "__main__": + run_main() From 9c4f4038ddbf0b3999649385846a0b66623b6cbc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 May 2017 14:46:36 +0200 Subject: [PATCH 272/504] Add changelog entry --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 13de8672c..b729d6c7c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released 2017-xx-xx + +Changes + * Clarify the documentation of mbedtls_ssl_setup. + = mbed TLS 2.4.2 branch released 2017-03-08 Security From 08af538ec90af91d530d34ddc129d386f68ebe8e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 11 Mar 2018 00:15:56 +0100 Subject: [PATCH 273/504] Fix grammar in ChangeLog entry --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 716567b04..13adfb590 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,7 +34,7 @@ Bugfix with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. In the context of SSL, this resulted in handshake failure. #1351 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 - * In test_suite_pk pass valid parameters when testing for hash length + * In test_suite_pk, pass valid parameters when testing for hash length overflow. #1179 Changes From 3f1b89d251bd654c77cd61ddf3aac64ebee9be21 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 11 Mar 2018 00:35:39 +0100 Subject: [PATCH 274/504] This fixes #664 --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6dab645dc..40aa075b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -91,9 +91,9 @@ Bugfix freeing an RSA context and several MPI's without proper initialization beforehand. * Fix setting version TLSv1 as minimal version, even if TLS 1 - is not enabled. Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` - and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead - of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1` + is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION + and MBEDTLS_SSL_MIN_MINOR_VERSION instead of + MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664 Changes * Extend cert_write example program by options to set the CRT version From b21a085baeaec8c3c3288b98096c24b279231b01 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Mar 2018 14:24:36 +0100 Subject: [PATCH 275/504] Show build modes in code font This clarifies that it's the string to type and not just some description of it. --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 2c6cc62a0..a2c3c6f21 100644 --- a/README.md +++ b/README.md @@ -110,14 +110,14 @@ To configure CMake for building shared libraries, use: There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific: -- Release. This generates the default code without any unnecessary information in the binary files. -- Debug. This generates debug information and disables optimization of the code. -- Coverage. This generates code coverage information in addition to debug information. -- ASan. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) -- ASanDbg. Same as ASan but slower, with debug information and better stack traces. -- MemSan. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64. -- MemSanDbg. Same as MemSan but slower, with debug information, better stack traces and origin tracking. -- Check. This activates the compiler warnings that depend on optimization and treats all warnings as errors. +- `Release`. This generates the default code without any unnecessary information in the binary files. +- `Debug`. This generates debug information and disables optimization of the code. +- `Coverage`. This generates code coverage information in addition to debug information. +- `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) +- `ASanDbg`. Same as ASan but slower, with debug information and better stack traces. +- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64. +- `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking. +- `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors. Switching build modes in CMake is simple. For debug mode, enter at the command line: From 147b28ec3f93673c82cb6e430b34020348abcced Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Mar 2018 15:26:59 +0100 Subject: [PATCH 276/504] Fix remaining issues found by depend-pkalgs --- tests/suites/test_suite_x509parse.data | 6 +++--- tests/suites/test_suite_x509write.function | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a26b7ad06..e2dc3c9e0 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -776,11 +776,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP19 x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" X509 Certificate verification #94 (Suite B invalid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" X509 Certificate verification #95 (Suite B Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 Certificate verification #96 (next profile Invalid Cert SHA224 Digest) @@ -788,7 +788,7 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" X509 Certificate verification callback: bad name diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index ca76e861d..62f82e8a0 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -130,6 +130,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, issuer_pwd ) == 0 ); +#if defined(MBEDTLS_RSA_C) /* For RSA PK contexts, create a copy as an alternative RSA context. */ if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA ) { @@ -141,6 +142,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, key = &issuer_key_alt; } +#else + (void) rsa_alt; +#endif TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 ); From 88a8dcb38ef7576840a06d98d3e92356008c1997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Mar 2018 15:49:35 +0100 Subject: [PATCH 277/504] Fix remaining issues found by depend-hashes --- tests/suites/test_suite_x509parse.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index e2dc3c9e0..8642eb660 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -784,11 +784,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 Certificate verification #96 (next profile Invalid Cert SHA224 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" X509 Certificate verification callback: bad name From 3ff4a074af5f188c4d7c8ab1ae57bd1d50dd11d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Mar 2018 23:54:20 +0100 Subject: [PATCH 278/504] Fix ChangeLog style. Fix #918 --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 000084b77..edf3eb39a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,9 @@ -mbed TLS ChangeLog (Sorted per branch, date) +mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Log correct number of ciphersuites used in Client Hello message. Fix for #918. + * Log correct number of ciphersuites used in Client Hello message. #918 = mbed TLS 2.6.0 branch released 2017-08-10 From 6dc4a319884d03d967bb00eac3b0d81e7a3d66e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Mar 2018 00:13:06 +0100 Subject: [PATCH 279/504] Add ChangeLog entry. Fixes #678 --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index f96786d72..984ab030e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Use (void) when defining functions with no parameters. Contributed by + Joris Aerts. #678 + = mbed TLS 2.4.0 branch released 2016-10-17 Security From 127c5affce7b419afc9eb9f4a5c37ecdf3498e67 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 12 Mar 2018 15:44:31 +0000 Subject: [PATCH 280/504] Add copyright to abi_check script --- scripts/abi_check.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 0f063a3f3..f9fb7f65d 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,5 +1,11 @@ #!/usr/bin/env python3 - +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2018, Arm Limited, All Rights Reserved +# +# Purpose +# # This script is a small wrapper around the abi-compliance-checker and # abi-dumper tools, applying them to compare the ABI and API of the library # files from two different Git revisions within an Mbed TLS repository. From a1098f81c252b317ad34ea978aea2bc47760b215 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 11:28:49 +0100 Subject: [PATCH 281/504] Add bounds check before signature length read --- library/ssl_cli.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 2534346a4..279a127ba 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2478,6 +2478,14 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) /* * Read signature */ + + if( p > end - 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } sig_len = ( p[0] << 8 ) | p[1]; p += 2; From 027f84c69f4ef30c0693832a6c396ef19e563ca1 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 11:29:24 +0100 Subject: [PATCH 282/504] Prevent arithmetic overflow on bounds check --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 279a127ba..df6abc389 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2489,7 +2489,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) sig_len = ( p[0] << 8 ) | p[1]; p += 2; - if( end != p + sig_len ) + if( p != end - sig_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, From 740b218386083dc708ce98ccc94a63a95cd5629e Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 11:31:14 +0100 Subject: [PATCH 283/504] Add bounds check before length read --- library/ssl_cli.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 2534346a4..585750ef2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2057,6 +2057,12 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * * opaque psk_identity_hint<0..2^16-1>; */ + if( (*p) > end - 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " + "(psk_identity_hint length)" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } len = (*p)[0] << 8 | (*p)[1]; *p += 2; From 5224a7544c95552553e2e6be0b4a789956a6464e Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 11:31:38 +0100 Subject: [PATCH 284/504] Prevent arithmetic overflow on bounds check --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 585750ef2..759a4562a 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2066,7 +2066,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( (*p) + len > end ) + if( (*p) > end - len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); From 62dcbaf567e9f015fc533d2ef29c39ee9271527b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 10:54:43 +0000 Subject: [PATCH 285/504] Improve crediting in ChangeLog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 6b0fe3ba5..b6f61fa71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,7 +9,8 @@ Bugfix returned when unexpected messages were being discarded, ignoring that further messages could potentially already be pending to be processed in the internal buffers; these cases lead to deadlocks in case - event-driven I/O was used. Found by Hubert Mis. + event-driven I/O was used. + Found and reported by Hubert Mis in #772. API changes * Add function mbedtls_net_poll to public API allowing to wait for a From 6a33f59f76092fe86094b71ec4a47cfff481d65b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 11:38:46 +0000 Subject: [PATCH 286/504] Add tests for event-driven I/O in DTLS to ssl-opt.sh --- tests/ssl-opt.sh | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 34aa43f99..4c6512142 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2527,6 +2527,47 @@ run_test "Event-driven I/O: session-id resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +run_test "Event-driven I/O, DTLS: basic handshake" \ + "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 event=1 tickets=0" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: client auth" \ + "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ + "$P_CLI dtls=1 event=1 tickets=0" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: ticket" \ + "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ + "$P_CLI dtls=1 event=1 tickets=1" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: ticket + client auth" \ + "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ + "$P_CLI dtls=1 event=1 tickets=1" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ + "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ + "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: ticket + resume" \ + "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ + "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: session-id resume" \ + "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ + 0 \ + -c "Read from server: .* bytes read" # Tests for version negotiation run_test "Version check: all -> 1.2" \ From ddc3ebbc3f698a6db77da59805c3a02f891454e0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 11:39:09 +0000 Subject: [PATCH 287/504] Exemplify use of `mbedtls_ssl_check_pending` in `ssl_server2.c` --- programs/ssl/ssl_server2.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c3321d13a..74a114271 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2417,21 +2417,37 @@ data_exchange: while( 1 ) { + /* Without the call to `mbedtls_ssl_check_pending`, it might + * happen that the client sends application data in the same + * datagram as the Finished message concluding the handshake. + * In this case, the application data would be ready to be + * processed while the underlying transport wouldn't signal + * any further incoming data. + * + * See the test 'Event-driven I/O: session-id resume, UDP packing' + * in tests/ssl-opt.sh. + */ + + /* For event-driven IO, wait for socket to become available */ + if( mbedtls_ssl_check_pending( &ssl ) == 0 && + opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ ); +#else + idle( &client_fd, MBEDTLS_ERR_SSL_WANT_READ ); +#endif + } + ret = mbedtls_ssl_read( &ssl, buf, len ); + /* Note that even if `mbedtls_ssl_check_pending` returns true, + * it can happen that the subsequent call to `mbedtls_ssl_read` + * returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages + * might be discarded (e.g. because they are retransmissions). */ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) break; - - /* For event-driven IO, wait for socket to become available */ - if( opt.event == 1 /* level triggered IO */ ) - { -#if defined(MBEDTLS_TIMING_C) - idle( &client_fd, &timer, ret ); -#else - idle( &client_fd, ret ); -#endif - } } if( ret <= 0 ) From bc6c1101399a31058cf93b3f31be65a8d11e4bb2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 11:39:40 +0000 Subject: [PATCH 288/504] Add test to ssl-opt.sh demonstrating the need for ssl_check_pending --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4c6512142..4afc527a1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2568,6 +2568,19 @@ run_test "Event-driven I/O, DTLS: session-id resume" \ "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ 0 \ -c "Read from server: .* bytes read" + +# This test demonstrates the need for the mbedtls_ssl_check_pending function. +# During session resumption, the client will send its ApplicationData record +# within the same datagram as the Finished messages. In this situation, the +# server MUST NOT idle on the underlying transport after handshake completion, +# because the ApplicationData request has already been queued internally. +run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ + -p "$P_PXY pack=10" \ + "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ + "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ + 0 \ + -c "Read from server: .* bytes read" + # Tests for version negotiation run_test "Version check: all -> 1.2" \ From ccbd8a4bbbb8b44c4eb241e8ad474e4c8fbf97ca Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 13 Mar 2018 07:52:09 -0400 Subject: [PATCH 289/504] Add a missing bracket in ifdef for __cplusplus --- include/mbedtls/rsa_internal.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index bcb3c9401..12e0f6b48 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -213,4 +213,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *DP, const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); +#ifdef __cplusplus +} +#endif + #endif /* rsa_internal.h */ From 1ba8a3fc55575cae21c39971c325e7f124e7f234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 13 Mar 2018 13:27:14 +0100 Subject: [PATCH 290/504] Yet another dependency issue (PKCS1_V15) Found by running: CC=clang cmake -D CMAKE_BUILD_TYPE="Check" tests/scripts/depend-pkalgs.pl (Also tested with same command but CC=gcc) Another PR will address improving all.sh and/or the depend-xxx.pl scripts themselves to catch this kind of thing. --- library/rsa.c | 2 ++ tests/suites/test_suite_rsa.function | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 6526978e2..7075f131f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -75,6 +75,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } +#if defined(MBEDTLS_PKCS1_V15) /* constant-time buffer comparison */ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) { @@ -88,6 +89,7 @@ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) return( diff ); } +#endif /* MBEDTLS_PKCS1_V15 */ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 953c6338f..fd632dad6 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -122,7 +122,6 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, char *input_N, int radix_E, char *input_E, char *result_hex_str ) { - int res; unsigned char message_str[1000]; unsigned char hash_result[1000]; unsigned char output[1000]; @@ -167,6 +166,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) { + int res; memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); @@ -203,7 +203,6 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, char *input_N, int radix_E, char *input_E, char *result_hex_str, int correct ) { - int res; unsigned char message_str[1000]; unsigned char hash_result[1000]; unsigned char result_str[1000]; @@ -240,6 +239,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) { + int res; int ok; size_t olen; From b6f880b63bc6afd192bd280fc178484b77cf710b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 12:48:37 +0000 Subject: [PATCH 291/504] Revert whitespace change to ease merging --- programs/ssl/ssl_client2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 289920cbd..3d03269e6 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -661,8 +661,7 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "request_size" ) == 0 ) { opt.request_size = atoi( q ); - if( opt.request_size < 0 || - opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) goto usage; } else if( strcmp( p, "ca_file" ) == 0 ) From fd3e4fbae75049810379e0845580402502629d68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 13 Mar 2018 11:53:30 +0100 Subject: [PATCH 292/504] x509: CRL: reject unsupported critical extensions --- ChangeLog | 2 + library/x509_crl.c | 57 ++++++++++++++++++++++++-- tests/data_files/Makefile | 3 ++ tests/data_files/crl-idp.pem | 12 ++++++ tests/data_files/test-ca.opensslconf | 9 ++++ tests/suites/test_suite_x509parse.data | 4 ++ 6 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 tests/data_files/crl-idp.pem diff --git a/ChangeLog b/ChangeLog index cfe27f3eb..0b3dacd1f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Security implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix CRL parsing to reject CRLs containing unsupported critical + extensions. Found by Falko Strenzke and Evangelos Karatsiolis. Features * Extend PKCS#8 interface by introducing support for the entire SHA diff --git a/library/x509_crl.c b/library/x509_crl.c index 0bb7236bd..b0f39d428 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -95,17 +95,23 @@ static int x509_crl_get_version( unsigned char **p, } /* - * X.509 CRL v2 extensions (no extensions parsed yet.) + * X.509 CRL v2 extensions + * + * We currently don't parse any extension's content, but we do check that the + * list of extensions is well-formed and abort on critical extensions (that + * are unsupported as we don't support any extension so far) */ static int x509_get_crl_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext ) { int ret; - size_t len = 0; - /* Get explicit tag */ - if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 ) + /* + * crlExtensions [0] EXPLICIT Extensions OPTIONAL + * -- if present, version MUST be v2 + */ + if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 ) { if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) return( 0 ); @@ -115,11 +121,54 @@ static int x509_get_crl_ext( unsigned char **p, while( *p < end ) { + /* + * Extension ::= SEQUENCE { + * extnID OBJECT IDENTIFIER, + * critical BOOLEAN DEFAULT FALSE, + * extnValue OCTET STRING } + */ + int is_critical = 0; + const unsigned char *end_ext_data; + size_t len; + + /* Get enclosing sequence tag */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + end_ext_data = *p + len; + + /* Get OID (currently ignored) */ + if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, + MBEDTLS_ASN1_OID ) ) != 0 ) + { + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + } *p += len; + + /* Get optional critical */ + if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, + &is_critical ) ) != 0 && + ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) + { + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + } + + /* Data should be octet string type */ + if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, + MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + /* Ignore data so far and just check its length */ + *p += len; + if( *p != end_ext_data ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + /* Abort on (unsupported) critical extensions */ + if( is_critical ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); } if( *p != end ) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 0380633df..46d134f95 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -46,6 +46,9 @@ test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@ all_final += test-ca-sha256.crt +crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) + $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ + cli_crt_key_file_rsa = cli-rsa.key cli_crt_extensions_file = cli.opensslconf diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/crl-idp.pem new file mode 100644 index 000000000..a229e7d6d --- /dev/null +++ b/tests/data_files/crl-idp.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBszCBnAIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE +ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDA3 +MzE0OFoXDTI4MDMxNDA3MzE0OFqgLTArMCkGA1UdHAEB/wQfMB2gG6AZhhdodHRw +Oi8vcGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEAs/vp1Ybq9Lj/ +YM+O2uBqhRNdt494GYSYcZcltbQDwLgDwsFQ9S+q5zBtanhxiF3C6dyDoWS6xyY3 +dkdO9kK2YAQLNaFBCsKRrI9vGKuF5/1uIr0a8cQcqVzyRI9uK0KgGEk9/APGtqob +nj/nt2ryGC+yEh20FmvwFn1vN5xaWK3uUIJCNDTZe+KQn150iAU/mWZG2xDdSXgm +JtpTrY6toBgTwDGyus2wIDvAF6rBc1lRoR0BPuTR1fcUPMvr8jceZqG+xuH+vmkU +j1B4Tu+K27ZmZMlhltfgwLzcgH9Ee1TgWPN2QqMzeZW/vNMyIIvWAWk2cFyCJj6r +16/9upL64w== +-----END X509 CRL----- diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index 12835dfa5..6ca661330 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -11,3 +11,12 @@ commonName = PolarSSL Test CA subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true + +[test_ca] +database = /dev/null + +[crl_ext_idp] +issuingDistributionPoint=critical, @idpdata + +[idpdata] +fullname=URI:http://pki.example.com/ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 73ccead25..71049c751 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -202,6 +202,10 @@ X509 CRL Malformed Input (trailing spaces at end of file) depends_on:MBEDTLS_PEM_PARSE_C mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT +X509 CRL Unsupported critical extension (issuingDistributionPoint) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + X509 CSR Information RSA with MD4 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" From 00bbf572afc5558026a65ccb1000023bd1ce872d Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:14:13 +0100 Subject: [PATCH 293/504] Update change log --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index dfd34bf69..6e497bc1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Security implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause + a crash on invalid input. Features * Extend PKCS#8 interface by introducing support for the entire SHA @@ -44,6 +46,8 @@ Bugfix Nick Wilson on issue #355 * In test_suite_pk, pass valid parameters when testing for hash length overflow. #1179 + * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange() + that could cause a key exchange to fail on valid data. Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 7fa1ae70c85e847fcd5e434b1417c8dc4cc62c72 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 17:17:38 +0100 Subject: [PATCH 294/504] Add Changelog entry --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index dfd34bf69..585c81a1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Security implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a + crash on invalid input. Features * Extend PKCS#8 interface by introducing support for the entire SHA @@ -44,6 +46,8 @@ Bugfix Nick Wilson on issue #355 * In test_suite_pk, pass valid parameters when testing for hash length overflow. #1179 + * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that + could cause a key exchange to fail on valid data. Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 0bdb050b2deffce65f728a7622a388c00a474e82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 14 Mar 2018 11:34:29 +0100 Subject: [PATCH 295/504] x509: CRL: add tests for malformed extensions This covers all lines added in the previous commit. Coverage was tested using: make CFLAGS='--coverage -g3 -O0' (cd tests && ./test_suite_x509parse) make lcov firefox Coverage/index.html # then visual check Test data was generated by taking a copy of tests/data_files/crl-idp.pem, encoding it as hex, and then manually changing the values of some bytes to achieve the desired errors, using https://lapo.it/asn1js/ for help in locating the desired bytes. --- tests/suites/test_suite_x509parse.data | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 71049c751..755c91dd8 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1218,6 +1218,21 @@ x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b060355040 X509 CRL ASN1 (invalid version overflow) x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH + +X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From a63305d134a2223477b4bfc46774518467b687d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 14 Mar 2018 12:23:56 +0100 Subject: [PATCH 296/504] x509: CRL: add tests for non-critical extension The 'critical' boolean can be set to false in two ways: - by leaving it implicit (test data generated by openssl) - by explicitly setting it to false (generated by hand) --- tests/data_files/Makefile | 4 ++++ tests/data_files/test-ca.opensslconf | 3 +++ tests/suites/test_suite_x509parse.data | 7 +++++++ 3 files changed, 14 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 46d134f95..59516bab8 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -48,6 +48,10 @@ all_final += test-ca-sha256.crt crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ +all_final += crl-idp.pem +crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) + $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ +all_final += crl-idpnc.pem cli_crt_key_file_rsa = cli-rsa.key cli_crt_extensions_file = cli.opensslconf diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index 6ca661330..571d96ee4 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -18,5 +18,8 @@ database = /dev/null [crl_ext_idp] issuingDistributionPoint=critical, @idpdata +[crl_ext_idp_nc] +issuingDistributionPoint=@idpdata + [idpdata] fullname=URI:http://pki.example.com/ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 755c91dd8..57d2448b6 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -206,6 +206,10 @@ X509 CRL Unsupported critical extension (issuingDistributionPoint) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +X509 CRL Unsupported non-critical extension (issuingDistributionPoint) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 + X509 CSR Information RSA with MD4 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" @@ -1233,6 +1237,9 @@ x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060 X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From 47a98d4e2c198e68538192ab72cbd0a2850dbb54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 14 Mar 2018 14:08:57 +0100 Subject: [PATCH 297/504] fixup previous commit: add forgotten file --- tests/data_files/crl-idpnc.pem | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 tests/data_files/crl-idpnc.pem diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/crl-idpnc.pem new file mode 100644 index 000000000..0ebe480ee --- /dev/null +++ b/tests/data_files/crl-idpnc.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBsDCBmQIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE +ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDEx +MTQzNloXDTI4MDMxNDExMTQzNlqgKjAoMCYGA1UdHAQfMB2gG6AZhhdodHRwOi8v +cGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEACsszsNwAMkmUrbti +H1wpWN3LIb32MTZkBWZeFWWQ1MyzSFslgnOcu6tesJuTQJVJMGCSXZv7jkVHeeiK +x+BAoHCrR2aRVPbmiaP43Qp/dFOOfHVMM/VVWmuEYuCQaCAeVLQgGbgAYHE9aHQN +vBg8m7NJ95av2svLHMFIhirZlKWsAXM+aCyzoudEIhrP4Ppwt01SCtDl5gyg1Gkd +B3wuOckjTk0xwXdlOSMH9o0SD2fkc41AFDqOZTK2NTQzNChDNFbKXl8sr9SavJCm +k72l7wNJs6UOEhQMygyXEvqp8JbIi9JI+3TD4z4wUt0EnPkw0U48grLXFhjwBLWi +cxyjQQ== +-----END X509 CRL----- From 7b6582b63196bd18f5dccdcaebd9a6bd97858aa3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 09:37:27 +0000 Subject: [PATCH 298/504] Kill server and proxy via SIGQUIT in ssl-opt.sh SIGKILL interferes with memory checking in valgrind. --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4afc527a1..8f64e5423 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -449,7 +449,7 @@ run_test() { kill $SRV_PID sleep 0.01 if kill -0 $SRV_PID >/dev/null 2>&1; then - kill -KILL $SRV_PID + kill -3 $SRV_PID wait $SRV_PID fi @@ -457,7 +457,7 @@ run_test() { kill $PXY_PID >/dev/null 2>&1 sleep 0.01 if kill -0 $PXY_PID >/dev/null 2>&1; then - kill -KILL $PXY_PID + kill -3 $PXY_PID wait $PXY_PID fi fi From 8d83218b702e78e1b403a8a3c2bb0abd9bd2a51a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 10:14:19 +0000 Subject: [PATCH 299/504] Increase UDP record packing time in ssl-opt.sh The UDP tests involving the merging of multiple records into single datagrams accumulate records for 10ms, which can be less than the total flight preparation time if e.g. the tests are being run with valgrind. This commit increases the packing time for the relevant tests from 10ms to 50ms. --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8f64e5423..a1155e8d0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2575,7 +2575,7 @@ run_test "Event-driven I/O, DTLS: session-id resume" \ # server MUST NOT idle on the underlying transport after handshake completion, # because the ApplicationData request has already been queued internally. run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ - -p "$P_PXY pack=10" \ + -p "$P_PXY pack=50" \ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ 0 \ @@ -3832,7 +3832,7 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ -c "HTTP/1.0 200 OK" run_test "DTLS proxy: multiple records in same datagram" \ - -p "$P_PXY pack=10" \ + -p "$P_PXY pack=50" \ "$P_SRV dtls=1 debug_level=2" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ @@ -3840,7 +3840,7 @@ run_test "DTLS proxy: multiple records in same datagram" \ -s "next record in same datagram" run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ - -p "$P_PXY pack=10 duplicate=1" \ + -p "$P_PXY pack=50 duplicate=1" \ "$P_SRV dtls=1 debug_level=2" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ From adfa64f0c4d99db9cf08ad927843c564209e8506 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 11:35:07 +0000 Subject: [PATCH 300/504] Abort idle-loop in ssl_server2 if sockets gets invalid Previously, the idling loop in ssl_server2 didn't check whether the underlying call to mbedtls_net_poll signalled that the socket became invalid. This had the consequence that during idling, the server couldn't be terminated through a SIGTERM, as the corresponding handler would only close the sockets and expect the remainder of the program to shutdown gracefully as a consequence of this. This was subsequently attempted to be fixed through a change in ssl-opt.sh by terminating the server through a KILL signal, which however lead to other problems when the latter was run under valgrind. This commit changes the idling loop in ssl_server2 and ssl_client2 to obey the return code of mbedtls_net_poll and gracefully shutdown if an error occurs, e.g. because the socket was closed. As a consequence, the server termination via a KILL signal in ssl-opt.sh is no longer necessary, with the previous `kill; wait` pattern being sufficient. The commit reverts the corresponding change. --- programs/ssl/ssl_client2.c | 22 +++++++++++++++------- programs/ssl/ssl_server2.c | 22 +++++++++++++++------- tests/ssl-opt.sh | 12 ++---------- 3 files changed, 32 insertions(+), 24 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 3d03269e6..023c0c5d1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -444,16 +444,17 @@ static int ssl_sig_hashes_for_test[] = { * (Used in event-driven IO mode). */ #if !defined(MBEDTLS_TIMING_C) -void idle( mbedtls_net_context *fd, +int idle( mbedtls_net_context *fd, int idle_reason ) { #else -void idle( mbedtls_net_context *fd, +int idle( mbedtls_net_context *fd, mbedtls_timing_delay_context *timer, int idle_reason ) { #endif + int ret; int poll_type = 0; if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) @@ -477,12 +478,17 @@ void idle( mbedtls_net_context *fd, #endif /* MBEDTLS_TIMING_C */ /* Check if underlying transport became available */ - if( poll_type != 0 && - mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) + if( poll_type != 0 ) { - break; + ret = mbedtls_net_poll( fd, poll_type, 0 ); + if( ret < 0 ) + return( ret ); + if( ret == poll_type ) + break; } } + + return( 0 ); } int main( int argc, char *argv[] ) @@ -1506,10 +1512,12 @@ int main( int argc, char *argv[] ) if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &server_fd, &timer, ret ); + ret = idle( &server_fd, &timer, ret ); #else - idle( &server_fd, ret ); + ret = idle( &server_fd, ret ); #endif + if( ret != 0 ) + goto exit; } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 74a114271..e29633972 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -846,16 +846,17 @@ static int ssl_sig_hashes_for_test[] = { * (Used in event-driven IO mode). */ #if !defined(MBEDTLS_TIMING_C) -void idle( mbedtls_net_context *fd, +int idle( mbedtls_net_context *fd, int idle_reason ) { #else -void idle( mbedtls_net_context *fd, +int idle( mbedtls_net_context *fd, mbedtls_timing_delay_context *timer, int idle_reason ) { #endif + int ret; int poll_type = 0; if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) @@ -879,12 +880,17 @@ void idle( mbedtls_net_context *fd, #endif /* MBEDTLS_TIMING_C */ /* Check if underlying transport became available */ - if( poll_type != 0 && - mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) + if( poll_type != 0 ) { - break; + ret = mbedtls_net_poll( fd, poll_type, 0 ); + if( ret < 0 ) + return( ret ); + if( ret == poll_type ) + break; } } + + return( 0 ); } int main( int argc, char *argv[] ) @@ -2205,10 +2211,12 @@ handshake: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &client_fd, &timer, ret ); + ret = idle( &client_fd, &timer, ret ); #else - idle( &client_fd, ret ); + ret = idle( &client_fd, ret ); #endif + if( ret != 0 ) + goto reset; } } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a1155e8d0..1682a8476 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -447,19 +447,11 @@ run_test() { # terminate the server (and the proxy) kill $SRV_PID - sleep 0.01 - if kill -0 $SRV_PID >/dev/null 2>&1; then - kill -3 $SRV_PID - wait $SRV_PID - fi + wait $SRV_PID if [ -n "$PXY_CMD" ]; then kill $PXY_PID >/dev/null 2>&1 - sleep 0.01 - if kill -0 $PXY_PID >/dev/null 2>&1; then - kill -3 $PXY_PID - wait $PXY_PID - fi + wait $PXY_PID fi # retry only on timeouts From 9ac640326b5ec7bf1140cc542a91b61d10ba2d51 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 12:19:31 +0000 Subject: [PATCH 301/504] Don't exit mbedtls_net_poll on interruption of select If the select UNIX system call is interrupted by a signal handler, it is not automatically restarted but returns EINTR. This commit modifies the use of select in mbedtls_net_poll from net_sockets.c to retry the select call in this case. --- library/net_sockets.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 2d1c1082a..e63e496b9 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -470,8 +470,11 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) tv.tv_sec = timeout / 1000; tv.tv_usec = ( timeout % 1000 ) * 1000; - ret = select( fd + 1, &read_fds, &write_fds, NULL, - timeout == (uint32_t) -1 ? NULL : &tv ); + do + { + ret = select( fd + 1, &read_fds, &write_fds, NULL, + timeout == (uint32_t) -1 ? NULL : &tv ); + } while( ret == EINTR ); if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); From 9b2b66ebd250e63e51c87d9b75fd67bad4e1e8f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 12:21:15 +0000 Subject: [PATCH 302/504] Minor style corrections Move function block brace outside conditional compilation to not confuse some editors, and correct indentation. --- programs/ssl/ssl_client2.c | 9 ++++----- programs/ssl/ssl_server2.c | 10 ++++------ 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 023c0c5d1..232dc6445 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -445,14 +445,13 @@ static int ssl_sig_hashes_for_test[] = { */ #if !defined(MBEDTLS_TIMING_C) int idle( mbedtls_net_context *fd, - int idle_reason ) -{ + int idle_reason ) #else int idle( mbedtls_net_context *fd, - mbedtls_timing_delay_context *timer, - int idle_reason ) -{ + mbedtls_timing_delay_context *timer, + int idle_reason ) #endif +{ int ret; int poll_type = 0; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e29633972..3a6b9dcf1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -847,15 +847,13 @@ static int ssl_sig_hashes_for_test[] = { */ #if !defined(MBEDTLS_TIMING_C) int idle( mbedtls_net_context *fd, - int idle_reason ) -{ + int idle_reason ) #else int idle( mbedtls_net_context *fd, - mbedtls_timing_delay_context *timer, - int idle_reason ) -{ + mbedtls_timing_delay_context *timer, + int idle_reason ) #endif - +{ int ret; int poll_type = 0; From a6f430f5778c606b15e16dc5843d5519c78a3ae3 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 15 Mar 2018 10:12:06 +0000 Subject: [PATCH 303/504] Fix current directory check --- scripts/abi_check.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index f9fb7f65d..98d8be422 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# This file is part of mbed TLS (https://tls.mbed.org) +# This file is part of Mbed TLS (https://tls.mbed.org) # # Copyright (c) 2018, Arm Limited, All Rights Reserved # @@ -42,7 +42,9 @@ class AbiChecker(object): self.make_command = "make" def check_repo_path(self): - if not __file__ == os.path.join(".", "scripts", "abi_check.py"): + current_dir = os.path.realpath('.') + root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) + if current_dir != root_dir: raise Exception("Must be run from Mbed TLS root") def setup_logger(self): @@ -230,8 +232,8 @@ def run_main(): ) return_code = abi_check.check_for_abi_changes() sys.exit(return_code) - except Exception as error: - traceback.print_exc(error) + except Exception: + traceback.print_exc() sys.exit(2) From 80e06d77d95329c1a43e7d9dba73e289bdeec1ec Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 14:41:55 +0000 Subject: [PATCH 304/504] Use WSAEINTR instead of EINTR on Windows --- library/net_sockets.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index e63e496b9..96cfa35cd 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -474,7 +474,13 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) { ret = select( fd + 1, &read_fds, &write_fds, NULL, timeout == (uint32_t) -1 ? NULL : &tv ); - } while( ret == EINTR ); + } +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + while( ret == WSAEINTR ); +#else + while( ret == EINTR ); +#endif if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); From ef52796537c89bfb06d4eb5daecab7d013a57749 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 15:49:24 +0000 Subject: [PATCH 305/504] Fix missing return statement ssl_server2 idling Also, introduce MBEDTLS_EINTR locally in net_sockets.c for the platform-dependent return code macro used by the `select` call to indicate that the poll was interrupted by a signal handler: On Unix, the corresponding macro is EINTR, while on Windows, it's WSAEINTR. --- library/net_sockets.c | 11 +++++------ programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 96cfa35cd..10b5456be 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -45,6 +45,8 @@ #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) +#define MBEDTLS_EINTR WSAEINTR + #ifdef _WIN32_WINNT #undef _WIN32_WINNT #endif @@ -82,6 +84,8 @@ static int wsa_init_done = 0; #include #include +#define MBEDTLS_EINTR EINTR + #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* Some MS functions want int and MSVC warns if we pass size_t, @@ -475,12 +479,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) ret = select( fd + 1, &read_fds, &write_fds, NULL, timeout == (uint32_t) -1 ? NULL : &tv ); } -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - while( ret == WSAEINTR ); -#else - while( ret == EINTR ); -#endif + while( ret == MBEDTLS_EINTR ); if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 232dc6445..58f12c986 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -462,7 +462,7 @@ int idle( mbedtls_net_context *fd, poll_type = MBEDTLS_NET_POLL_READ; #if !defined(MBEDTLS_TIMING_C) else - return; + return( 0 ); #endif while( 1 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3a6b9dcf1..ed38a321b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -863,7 +863,7 @@ int idle( mbedtls_net_context *fd, poll_type = MBEDTLS_NET_POLL_READ; #if !defined(MBEDTLS_TIMING_C) else - return; + return( 0 ); #endif while( 1 ) From a4cbfa3ea2a0b19b77a0639630fa99fac22b3793 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 16 Mar 2018 15:42:54 +0000 Subject: [PATCH 306/504] Add clarity to use of the rsa_internal.h interface Added additional clarification to the use of the rsa_internal.h interface and as and when it can be used by whom. Policy hasn't changed, but it needed to be clearer who can and can't use it and it's level of support. --- include/mbedtls/rsa_internal.h | 56 +++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index bcb3c9401..2e2efa371 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -2,6 +2,37 @@ * \file rsa_internal.h * * \brief Context-independent RSA helper functions + * + * This module declares some RSA-related helper functions useful when + * implementing the RSA interface. These functions are provided in a separate + * compilation unit in order to make it easy for designers of alternative RSA + * implementations to use them in their own code, as it is conceived that the + * functionality they provide will be necessary for most complete + * implementations. + * + * End-users of Mbed TLS who are not providing their own alternative RSA + * implementations should not use these functions directly, and should instead + * use only the functions declared in rsa.h. + * + * The interface provided by this module will be maintained through LTS (Long + * Term Support) branches of Mbed TLS, but may otherwise be subject to change, + * and must be considered an internal interface of the library. + * + * There are two classes of helper functions: + * + * (1) Parameter-generating helpers. These are: + * - mbedtls_rsa_deduce_primes + * - mbedtls_rsa_deduce_private_exponent + * - mbedtls_rsa_deduce_crt + * Each of these functions takes a set of core RSA parameters and + * generates some other, or CRT related parameters. + * + * (2) Parameter-checking helpers. These are: + * - mbedtls_rsa_validate_params + * - mbedtls_rsa_validate_crt + * They take a set of core or CRT related RSA parameters and check their + * validity. + * */ /* * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved @@ -21,31 +52,6 @@ * * This file is part of mbed TLS (https://tls.mbed.org) * - * - * This file declares some RSA-related helper functions useful when - * implementing the RSA interface. They are public and provided in a - * separate compilation unit in order to make it easy for designers of - * alternative RSA implementations to use them in their code, as it is - * conceived that the functionality they provide will be necessary - * for most complete implementations. - * - * End-users of Mbed TLS not intending to re-implement the RSA functionality - * are not expected to get into the need of making use of these functions directly, - * but instead should be able to use the functions declared in rsa.h. - * - * There are two classes of helper functions: - * (1) Parameter-generating helpers. These are: - * - mbedtls_rsa_deduce_primes - * - mbedtls_rsa_deduce_private_exponent - * - mbedtls_rsa_deduce_crt - * Each of these functions takes a set of core RSA parameters - * and generates some other, or CRT related parameters. - * (2) Parameter-checking helpers. These are: - * - mbedtls_rsa_validate_params - * - mbedtls_rsa_validate_crt - * They take a set of core or CRT related RSA parameters - * and check their validity. - * */ #ifndef MBEDTLS_RSA_INTERNAL_H From 8be0e6db41b4a085e90cb03983f99d3a5158d450 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 16 Mar 2018 16:25:12 +0000 Subject: [PATCH 307/504] Update version to 2.8.0 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 882dbb577..e0b016dfb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.7.x branch released 2018-xx-xx += mbed TLS 2.8.0 branch released 2018-03-16 Default behavior changes * The truncated HMAC extension now conforms to RFC 6066. This means diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 641d5c4fb..7952cbcbd 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.7.0 source code documentation + * @mainpage mbed TLS v2.8.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index cbe0db4f2..3592af2da 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.7.0" +PROJECT_NAME = "mbed TLS v2.8.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 961be59c3..c3ee649f5 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 7 +#define MBEDTLS_VERSION_MINOR 8 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02070000 -#define MBEDTLS_VERSION_STRING "2.7.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0" +#define MBEDTLS_VERSION_NUMBER 0x02080000 +#define MBEDTLS_VERSION_STRING "2.8.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 02ccea8bc..7742c22d2 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -141,15 +141,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.0 SOVERSION 1) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.8.0 SOVERSION 1) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.7.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.8.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.7.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.8.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 1aa4ffa75..79cc751ec 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.7.0" +check_compiletime_version:"2.8.0" Check runtime library version -check_runtime_version:"2.7.0" +check_runtime_version:"2.8.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From c9f4d6d44899a26f001c28b93e86cf7d6452e693 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 19 Mar 2018 09:23:13 +0000 Subject: [PATCH 308/504] Correct error.c --- library/error.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/error.c b/library/error.c index c42642467..63cabb1f9 100644 --- a/library/error.c +++ b/library/error.c @@ -440,7 +440,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) ) mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) ) - mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signalling that further message-processing should be done" ); + mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) From ea7dbbe0de008c1844f8f48fde08542e6a222fcc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Mar 2018 23:25:21 +0100 Subject: [PATCH 309/504] Replace MBEDTLS_EINTR by IS_EINTR check-names.sh reserves the prefix MBEDTLS_ for macros defined in config.h so this name (or check-names.sh) had to change. This is also more flexible because it allows for platforms that don't have an EINTR equivalent or have multiple such values. --- library/net_sockets.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 10b5456be..6ce9eee7b 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -45,7 +45,7 @@ #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) -#define MBEDTLS_EINTR WSAEINTR +#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR ) #ifdef _WIN32_WINNT #undef _WIN32_WINNT @@ -84,7 +84,7 @@ static int wsa_init_done = 0; #include #include -#define MBEDTLS_EINTR EINTR +#define IS_EINTR( ret ) ( ( ret ) == EINTR ) #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ @@ -479,7 +479,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) ret = select( fd + 1, &read_fds, &write_fds, NULL, timeout == (uint32_t) -1 ? NULL : &tv ); } - while( ret == MBEDTLS_EINTR ); + while( IS_EINTR( ret ) ); if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); From bc145f797843a75756bfe0a0328d249e0a769cb5 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 20 Mar 2018 11:19:50 +0100 Subject: [PATCH 310/504] Correct buffer size check Further in the code the next field from the binary buffer is read. The check contained an off by one error. --- library/ssl_cli.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5367fdd0a..c96c812e4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2662,7 +2662,17 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; n = cert_type_len; - if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) + /* + * In the subsequent code there are two paths that make read from buf: + * * the length of the signature algorithms field (if minor version of + * SSL is 3), + * * distinguished name length otherwise. + * Both reach at most the index: + * ...hdr_len + 2 + n, + * therefore the buffer length at this point must be greater than that + * regardless of the actual code path. + */ + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, From bc231cc9b0cecf9723e9e12a6de2cc78f847e1b6 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 20 Mar 2018 14:09:53 +0100 Subject: [PATCH 311/504] Add a missing buffer size check --- library/ssl_cli.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c96c812e4..e4b2c993f 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2687,9 +2687,32 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); #if defined(MBEDTLS_DEBUG_C) - unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; + unsigned char* sig_alg; size_t i; +#endif + /* + * The farthes access in buf is in the loop few lines below: + * sig_alg[i + 1], + * where: + * sig_alg = buf + ...hdr_len + 3 + n, + * max(i) = sig_alg_len - 1. + * Therefore the farthest access is: + * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1], + * which reduces to: + * buf[...hdr_len + 3 + n + sig_alg_len], + * which is one less than we need the buf to be. + */ + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + } + +#if defined(MBEDTLS_DEBUG_C) + sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; for( i = 0; i < sig_alg_len; i += 2 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d" From c0b13f7f0c845b1ef348dd82e0f5790e6c07ebc9 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 20 Mar 2018 14:10:15 +0100 Subject: [PATCH 312/504] Update change log --- ChangeLog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index cfe27f3eb..d2e9842d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,12 @@ Security implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix buffer length assertion in the ssl_parse_certificate_request() + function which leads to an arbitrary overread of the message buffer. The + overreads could occur upon receiving a message malformed at the point + where an optional signature algorithms list is expected in the cases of + the signature algorithms section being too short. In the debug builds + the overread data is printed to the standard output. Features * Extend PKCS#8 interface by introducing support for the entire SHA @@ -47,6 +53,9 @@ Bugfix * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found by Guido Vranken. #639 * Log correct number of ciphersuites used in Client Hello message. #918 + * Fix buffer length assertions in the ssl_parse_certificate_request() + function which leads to a potential one byte overread of the message + buffer. Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 262329603d3527d732dab76a68ed759e9aeeb3a0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 08:35:07 +0100 Subject: [PATCH 313/504] all.sh: with --no-armcc, don't call armcc from output_env.sh When not running armcc, don't try to invoke armcc at all, not even to report its version. --- scripts/output_env.sh | 14 ++++++++------ tests/scripts/all.sh | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 1afaac33e..e9ad8c5d7 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -47,13 +47,15 @@ print_version() print_version "uname" "-a" "" echo -: ${ARMC5_CC:=armcc} -print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2" -echo +if [ "${RUN_ARMCC:-1}" -ne 0 ]; then + : "${ARMC5_CC:=armcc}" + print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2" + echo -: ${ARMC6_CC:=armclang} -print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2" -echo + : "${ARMC6_CC:=armclang}" + print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2" + echo +fi print_version "arm-none-eabi-gcc" "--version" "gcc-arm not found!" "head -n 1" echo diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 67b22cdbd..1f8877609 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,7 +447,7 @@ msg "info: output_env.sh" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ - ARMC6_CC="$ARMC6_CC" scripts/output_env.sh + ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh msg "test: recursion.pl" # < 1s tests/scripts/recursion.pl library/*.c From 8a244c90a8b2fe9f34a53593115765b306f4691e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 08:39:32 +0100 Subject: [PATCH 314/504] all.sh: option parsing: reduce vertical spread Only whitespace changes. --- tests/scripts/all.sh | 87 ++++++++++---------------------------------- 1 file changed, 19 insertions(+), 68 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f8877609..ffef9ed3c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -214,74 +214,25 @@ check_tools() while [ $# -gt 0 ]; do case "$1" in - --armcc) - RUN_ARMCC=1 - ;; - --armc5-bin-dir) - shift - ARMC5_BIN_DIR="$1" - ;; - --armc6-bin-dir) - shift - ARMC6_BIN_DIR="$1" - ;; - --force|-f) - FORCE=1 - ;; - --gnutls-cli) - shift - GNUTLS_CLI="$1" - ;; - --gnutls-legacy-cli) - shift - GNUTLS_LEGACY_CLI="$1" - ;; - --gnutls-legacy-serv) - shift - GNUTLS_LEGACY_SERV="$1" - ;; - --gnutls-serv) - shift - GNUTLS_SERV="$1" - ;; - --help|-h) - usage - exit - ;; - --keep-going|-k) - KEEP_GOING=1 - ;; - --memory|-m) - MEMORY=1 - ;; - --no-armcc) - RUN_ARMCC=0 - ;; - --no-yotta) - YOTTA=0 - ;; - --openssl) - shift - OPENSSL="$1" - ;; - --openssl-legacy) - shift - OPENSSL_LEGACY="$1" - ;; - --out-of-source-dir) - shift - OUT_OF_SOURCE_DIR="$1" - ;; - --release-test|-r) - RELEASE=1 - ;; - --seed|-s) - shift - SEED="$1" - ;; - --yotta) - YOTTA=1 - ;; + --armcc) RUN_ARMCC=1;; + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + --force|-f) FORCE=1;; + --gnutls-cli) shift; GNUTLS_CLI="$1";; + --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; + --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; + --gnutls-serv) shift; GNUTLS_SERV="$1";; + --help|-h) usage; exit;; + --keep-going|-k) KEEP_GOING=1;; + --memory|-m) MEMORY=1;; + --no-armcc) RUN_ARMCC=0;; + --no-yotta) YOTTA=0;; + --openssl) shift; OPENSSL="$1";; + --openssl-legacy) shift; OPENSSL_LEGACY="$1";; + --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --release-test|-r) RELEASE=1;; + --seed|-s) shift; SEED="$1";; + --yotta) YOTTA=1;; *) echo >&2 "Unknown option: $1" echo >&2 "Run $0 --help for usage." From 38d816586523b2258cb4d4c783a29d339efdf437 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 08:40:26 +0100 Subject: [PATCH 315/504] all.sh: add opposites to all boolean options All options can now be overridden by a subsequent option, e.g. "all.sh --foo --no-foo" is equivalent to "all.sh --no-foo". This allows making wrapper scripts with default options and occasionally overriding those options when running the wrapper script. --- tests/scripts/all.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ffef9ed3c..557c7bfcf 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -94,7 +94,6 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 KEEP_GOING=0 -RELEASE=0 RUN_ARMCC=1 YOTTA=1 @@ -126,8 +125,12 @@ General options: -m|--memory Additional optional memory tests. --armcc Run ARM Compiler builds (on by default). --no-armcc Skip ARM Compiler builds. + --no-force Refuse to overwrite modified files (default). + --no-keep-going Stop at the first error (default). + --no-memory No additional memory tests (default). --no-yotta Skip yotta module build. --out-of-source-dir= Directory used for CMake out-of-source build tests. + --random-seed Use a random seed value for randomized tests (default). -r|--release-test Run this script in release mode. This fixes the seed value to 1. -s|--seed Integer seed value to use for this test run. --yotta Build yotta module (on by default). @@ -226,11 +229,15 @@ while [ $# -gt 0 ]; do --keep-going|-k) KEEP_GOING=1;; --memory|-m) MEMORY=1;; --no-armcc) RUN_ARMCC=0;; + --no-force) FORCE=0;; + --no-keep-going) KEEP_GOING=0;; + --no-memory) MEMORY=0;; --no-yotta) YOTTA=0;; --openssl) shift; OPENSSL="$1";; --openssl-legacy) shift; OPENSSL_LEGACY="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; - --release-test|-r) RELEASE=1;; + --random-seed) unset SEED;; + --release-test|-r) SEED=1;; --seed|-s) shift; SEED="$1";; --yotta) YOTTA=1;; *) @@ -337,11 +344,6 @@ if_build_succeeded () { fi } -if [ $RELEASE -eq 1 ]; then - # Fix the seed value to 1 to ensure that the tests are deterministic. - SEED=1 -fi - msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" @@ -367,7 +369,9 @@ export GNUTLS_CLI="$GNUTLS_CLI" export GNUTLS_SERV="$GNUTLS_SERV" # Avoid passing --seed flag in every call to ssl-opt.sh -[ ! -z ${SEED+set} ] && export SEED +if [ -n "${SEED-}" ]; then + export SEED +fi # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ From 5ff2ee51e9d9a2be2294b447021a0d2ef0f0fc1d Mon Sep 17 00:00:00 2001 From: Mitsuhiro Nakamura Date: Tue, 20 Feb 2018 11:58:19 +0900 Subject: [PATCH 316/504] Fix dylib linking --- library/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/Makefile b/library/Makefile index 65a102f3a..39b5267a2 100644 --- a/library/Makefile +++ b/library/Makefile @@ -103,9 +103,9 @@ libmbedtls.so: libmbedtls.$(SOEXT_TLS) echo " LN $@ -> $<" ln -sf $< $@ -libmbedtls.dylib: $(OBJS_TLS) +libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib echo " LD $@" - $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS) + $(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS) libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll echo " LD $@" @@ -126,9 +126,9 @@ libmbedx509.so: libmbedx509.$(SOEXT_X509) echo " LN $@ -> $<" ln -sf $< $@ -libmbedx509.dylib: $(OBJS_X509) +libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib echo " LD $@" - $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) + $(CC) -dynamiclib -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll echo " LD $@" From 8e0e16032d6dc4f0ff8f72a0a3f2eb6e1153710c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 21 Mar 2018 11:15:08 +0000 Subject: [PATCH 317/504] Add ChangeLog entry for dylib builds using Makefile --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db021591..a9e3c3203 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix dynamic library building process with Makefile on Mac OS X. Fixed by + mnacamura. + = mbed TLS 2.7.0 branch released 2018-02-03 Security From 316b162ac34456bb36e7f8cef37bd6a50f191048 Mon Sep 17 00:00:00 2001 From: junyeonLEE Date: Wed, 20 Dec 2017 16:29:30 +0900 Subject: [PATCH 318/504] Separate psk and psk_identity buffers free Sometimes, psk_identity buffer can't released because psk buffer is NULL. So, separate it. --- library/ssl_tls.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 236e52d76..036876cb0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7741,10 +7741,14 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) if( conf->psk != NULL ) { mbedtls_zeroize( conf->psk, conf->psk_len ); - mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); mbedtls_free( conf->psk ); - mbedtls_free( conf->psk_identity ); conf->psk_len = 0; + } + + if( conf->psk_identity != NULL ) + { + mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); + mbedtls_free( conf->psk_identity ); conf->psk_identity_len = 0; } #endif From 27e8a120b2401dbe9d8aec479d7a203cb3143398 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Wed, 21 Mar 2018 14:24:11 +0000 Subject: [PATCH 319/504] Assign NULL after freeing psk and psk_identity --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 036876cb0..3802e230e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7742,6 +7742,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) { mbedtls_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); + conf->psk = NULL; conf->psk_len = 0; } @@ -7749,6 +7750,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) { mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); mbedtls_free( conf->psk_identity ); + conf->psk_identity = NULL; conf->psk_identity_len = 0; } #endif From 1e7059fedd6d397f1ee09f5d0bb53c2148b5d6e0 Mon Sep 17 00:00:00 2001 From: Kevin Luty Date: Wed, 21 Mar 2018 10:01:38 -0500 Subject: [PATCH 320/504] Adding requested changes --- programs/pkey/pk_sign.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 5cc190eee..dc5641805 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -100,7 +100,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { - mbedtls_printf( " failed\n ! Could not open '%s'\n", argv[1] ); + mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] ); goto exit; } @@ -133,6 +133,7 @@ int main( int argc, char *argv[] ) if( ( f = fopen( filename, "wb+" ) ) == NULL ) { + ret = 1; mbedtls_printf( " failed\n ! Could not create %s\n\n", filename ); goto exit; } From 13f7fb372e3a03a13f797489c13a1ec218678ec0 Mon Sep 17 00:00:00 2001 From: Gergely Budai Date: Wed, 23 Aug 2017 14:23:58 +0200 Subject: [PATCH 321/504] Do not define and initialize global mutexes on configurations that do not use them. --- include/mbedtls/threading.h | 4 ++++ library/threading.c | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 58e6db2f3..aeea5d0e1 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -96,8 +96,12 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); /* * Global mutexes */ +#if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/threading.c b/library/threading.c index 07586756f..f1c37245c 100644 --- a/library/threading.c +++ b/library/threading.c @@ -111,8 +111,12 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_lock = mutex_lock; mbedtls_mutex_unlock = mutex_unlock; +#if defined(MBEDTLS_FS_IO) mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); +#endif } /* @@ -120,8 +124,12 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * */ void mbedtls_threading_free_alt( void ) { +#if defined(MBEDTLS_FS_IO) mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); +#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -131,7 +139,11 @@ void mbedtls_threading_free_alt( void ) #ifndef MUTEX_INIT #define MUTEX_INIT #endif +#if defined(MBEDTLS_FS_IO) mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; +#endif #endif /* MBEDTLS_THREADING_C */ From 70ad8397259f96f53104929b0c416f6617280b69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 16:28:41 +0100 Subject: [PATCH 322/504] Clarify the behavior of bignum resize and copy functions --- include/mbedtls/bignum.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3bf02a7ee..31383b1eb 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -204,6 +204,8 @@ void mbedtls_mpi_free( mbedtls_mpi *X ); /** * \brief Enlarge to the specified number of limbs * + * This function does nothing if the MPI is already large enough. + * * \param X MPI to grow * \param nblimbs The target number of limbs * @@ -215,19 +217,23 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); /** * \brief Resize down, keeping at least the specified number of limbs * + * If \c X is smaller than \c nblimbs, it is resized up + * instead. + * * \param X MPI to shrink * \param nblimbs The minimum number of limbs to keep * * \return 0 if successful, * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * (this can only happen when resizing up). */ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); /** * \brief Copy the contents of Y into X * - * \param X Destination MPI - * \param Y Source MPI + * \param X Destination MPI. It is enlarged if necessary. + * \param Y Source MPI. * * \return 0 if successful, * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed From 4e4be7cf623803865d4259f6c3a11414b6565221 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 16:29:03 +0100 Subject: [PATCH 323/504] Optimize unnecessary zeorizing in mbedtls_mpi_copy Based on a contribution by Alexey Skalozub (https://github.com/ARMmbed/mbedtls/pull/405). --- ChangeLog | 6 ++++++ library/bignum.c | 12 +++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8db021591..25f52c804 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Changes + * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution + by Alexey Skalozub. + = mbed TLS 2.7.0 branch released 2018-02-03 Security diff --git a/library/bignum.c b/library/bignum.c index d27c130bc..e57e6af17 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -184,7 +184,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) */ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) { - int ret; + int ret = 0; size_t i; if( X == Y ) @@ -203,9 +203,15 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) X->s = Y->s; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) ); + if( X->n < i ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) ); + } + else + { + memset( X->p + i, 0, ( X->n - i ) * ciL ); + } - memset( X->p, 0, X->n * ciL ); memcpy( X->p, Y->p, i * ciL ); cleanup: From d49ab3ee60290b00f952e9d1aca364385c0d6e78 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 17:03:44 +0100 Subject: [PATCH 324/504] Add ChangeLog entry. Fixes #1353 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 68fb6f5e9..b88048d21 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,8 @@ Bugfix In the context of SSL, this resulted in handshake failure. Reported by daniel in the Mbed TLS forum. #1351 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 + * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. + #1353 Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 768bbaf0c183f26377d7a06086a494d1fe98c408 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 21 Mar 2018 15:05:12 +0000 Subject: [PATCH 325/504] Add ChangeLog entry for redundant mutex initialization optimizations --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index cfe27f3eb..e90ffd816 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Do not define global mutexes around readdir() and gmtime() in + configurations where the feature is disabled. Found and fixed by Gergely + Budai. + = mbed TLS 2.7.x branch released 2018-xx-xx Default behavior changes From b8788059196c901a263d4dc510c737fd009e47a4 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 22 Mar 2018 02:40:43 -0700 Subject: [PATCH 326/504] Verify that f_send and f_recv send and receive the expected length Verify that f_send and f_recv send and receive the expected length --- ChangeLog | 5 +++-- library/ssl_tls.c | 12 +++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index d82600c07..71f69ee20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,8 +23,9 @@ Changes Contributed by Mathieu Briand. * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. * Remove support for the library reference configuration for picocoin. - * Add guard to validate that out_left can not be negative. Raised by - samoconnor in #1245. + * Verify that when (f_send, f_recv and f_recv_timeout) send or receive + more than the required length an error is returned. Raised by + Sam O'Connor in #1245. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0d0660e6f..2bd720410 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2422,11 +2422,11 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - // At this point ret value is positive, verify that adding ret - // value to ssl->in_left doesn't cause a wraparound - if (ssl->in_left + (size_t)ret < ssl->in_left) + if ( (size_t)ret > len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "wraparound happened over in_left value" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "f_recv returned %d bytes but only %zu were requested", + ret, len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2479,7 +2479,9 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned value greater than out left size" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "f_send returned %d bytes but only %zu bytes were sent", + ret, ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } From bc30c5fec289ec3c10508a759e4f6a9cbaaeb05b Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 22 Mar 2018 10:24:06 +0000 Subject: [PATCH 327/504] Add change log entry for mbedtls_ssl_config_free() fix --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index cfe27f3eb..28ae0b370 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Changes + * Fix possible memory leak in mbedtls_ssl_config_free(). + by junyeonLEE + = mbed TLS 2.7.x branch released 2018-xx-xx Default behavior changes From 4d58881f521ed5e4fbcbda1d33aadc59c44432fa Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 22 Mar 2018 12:04:25 +0000 Subject: [PATCH 328/504] Clarify bug scenario in Changlog --- ChangeLog | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 28ae0b370..7a710bdb8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,9 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx -Changes +Bugfix * Fix possible memory leak in mbedtls_ssl_config_free(). - by junyeonLEE + This can occur only if the user doesn't use mbedtls_ssl_conf_psk() and + instead incorrectly manipulates conf->psk and/or conf->psk_identity + directly. Fix submitted by junyeonLEE. = mbed TLS 2.7.x branch released 2018-xx-xx From bdfc14e4a3a4538ccffc8f09313cbbd70ea14669 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 22 Mar 2018 12:17:36 +0000 Subject: [PATCH 329/504] Add reference to original PR in Changelog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7a710bdb8..13dda4db5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,7 @@ Bugfix * Fix possible memory leak in mbedtls_ssl_config_free(). This can occur only if the user doesn't use mbedtls_ssl_conf_psk() and instead incorrectly manipulates conf->psk and/or conf->psk_identity - directly. Fix submitted by junyeonLEE. + directly. Found and fix submitted by junyeonLEE in #1220. = mbed TLS 2.7.x branch released 2018-xx-xx From d9d5c554382306b9b9f856746d253c2e3b742ea2 Mon Sep 17 00:00:00 2001 From: Kevin Luty Date: Thu, 22 Mar 2018 09:56:26 -0500 Subject: [PATCH 330/504] Assign error return value for failed write --- programs/pkey/pk_sign.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index dc5641805..06ad3ee22 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -140,6 +140,7 @@ int main( int argc, char *argv[] ) if( fwrite( buf, 1, olen, f ) != olen ) { + ret = 1; mbedtls_printf( "failed\n ! fwrite failed\n\n" ); fclose( f ); goto exit; From 9b9cc616ca13b23f76e10726e19ffa463ce3cb92 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Mar 2018 17:03:45 +0100 Subject: [PATCH 331/504] Add ChangeLog entry --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b..1deddfe89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Changes + * Support cmake build where Mbed TLS is a subproject. Fix + contributed independently by Matthieu Volat and Arne Schwabe. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From 58afc39dd701280d84643f8699e88d5e8d2be1c9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Mar 2018 21:33:28 +0100 Subject: [PATCH 332/504] Add ChangeLog entry --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 71aa60567..29d81f724 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x branch += mbed TLS 2.x.x branch released xxxx-xx-xx Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three @@ -14,6 +14,7 @@ Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. + * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. = mbed TLS 2.2.1 released 2016-01-05 From 88c6df1ce8cb5b553e1f8f1f24c41b473a73db03 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Mar 2018 21:48:28 +0100 Subject: [PATCH 333/504] Add ChangeLog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index fbc24cf73..fe7a3f374 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,8 @@ Bugfix in RFC 6347 Section 4.3.1. This could cause the execution of the renegotiation routines at unexpected times when the protocol is DTLS. Found by wariua. #687 + * Fix spurious uninitialized variable warning in cmac.c. Fix independently + contributed by Brian J Murray and David Brown. = mbed TLS 2.4.1 branch released 2016-12-13 From d2df936e67e395e5f9ab0bcf059a8c0040f0a6da Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Fri, 16 Feb 2018 13:11:04 -0800 Subject: [PATCH 334/504] Fix parsing of PKCS#8 encoded Elliptic Curve keys. The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER -- implicitCurve NULL -- specifiedCurve SpecifiedECDomain } ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL } Because of the two optional fields, there are 4 possible variants that need to be parsed: no optional fields, only parameters, only public key, and both optional fields. Previously mbedTLS was unable to parse keys with "only parameters". Also, only "only public key" was tested. There was a test for "no optional fields", but it was labelled incorrectly as SEC.1 and not run because of a great renaming mixup. --- ChangeLog | 7 ++ library/pkparse.c | 3 + tests/data_files/Makefile | 79 ++++++++++++++++++ .../{ec_prv.noopt.der => ec_prv.pk8nopub.der} | Bin tests/data_files/ec_prv.pk8nopub.pem | 4 + tests/data_files/ec_prv.pk8nopubparam.der | Bin 0 -> 79 bytes tests/data_files/ec_prv.pk8nopubparam.pem | 4 + tests/data_files/ec_prv.pk8param.der | Bin 0 -> 150 bytes tests/data_files/ec_prv.pk8param.pem | 5 ++ tests/suites/test_suite_pkparse.data | 28 ++++++- 10 files changed, 126 insertions(+), 4 deletions(-) rename tests/data_files/{ec_prv.noopt.der => ec_prv.pk8nopub.der} (100%) create mode 100644 tests/data_files/ec_prv.pk8nopub.pem create mode 100644 tests/data_files/ec_prv.pk8nopubparam.der create mode 100644 tests/data_files/ec_prv.pk8nopubparam.pem create mode 100644 tests/data_files/ec_prv.pk8param.der create mode 100644 tests/data_files/ec_prv.pk8param.pem diff --git a/ChangeLog b/ChangeLog index e0b016dfb..b2bee2bae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxx-xx-xx + +Bugfix + * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was + unable to parse keys with only the optional parameters field of the + ECPrivateKey structure. Found by jethrogb, fixed in #1379. + = mbed TLS 2.8.0 branch released 2018-03-16 Default behavior changes diff --git a/library/pkparse.c b/library/pkparse.c index 9022db2f9..5ad5edf84 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -861,7 +861,10 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, mbedtls_ecp_keypair_free( eck ); return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); } + } + if( p != end ) + { /* * Is 'publickey' present? If not, or if we can't read it (eg because it * is compressed), create it from the private key. diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 59516bab8..f9832a014 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -578,7 +578,86 @@ keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 key ### Generate all RSA keys keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 +################################################################ +#### Generate various EC keys +################################################################ +### +### PKCS8 encoded +### + +ec_prv.pk8.der: + $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER +all_final += ec_prv.pk8.der + +# ### Instructions for creating `ec_prv.pk8nopub.der`, +# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from +# ### `ec_prv.pk8.der`. +# +# These instructions assume you are familiar with ASN.1 DER encoding and can +# use a hex editor to manipulate DER. +# +# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: +# +# PrivateKeyInfo ::= SEQUENCE { +# version Version, +# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, +# privateKey PrivateKey, +# attributes [0] IMPLICIT Attributes OPTIONAL +# } +# +# AlgorithmIdentifier ::= SEQUENCE { +# algorithm OBJECT IDENTIFIER, +# parameters ANY DEFINED BY algorithm OPTIONAL +# } +# +# ECParameters ::= CHOICE { +# namedCurve OBJECT IDENTIFIER +# -- implicitCurve NULL +# -- specifiedCurve SpecifiedECDomain +# } +# +# ECPrivateKey ::= SEQUENCE { +# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), +# privateKey OCTET STRING, +# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, +# publicKey [1] BIT STRING OPTIONAL +# } +# +# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following +# fields: +# +# * privateKeyAlgorithm namedCurve +# * privateKey.parameters NOT PRESENT +# * privateKey.publicKey PRESENT +# * attributes NOT PRESENT +# +# # ec_prv.pk8nopub.der +# +# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. +# +# # ec_prv.pk8nopubparam.der +# +# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as +# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. +# +# # ec_prv.pk8param.der +# +# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as +# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. + +ec_prv.pk8.pem: ec_prv.pk8.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_prv.pk8.pem +ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_prv.pk8nopub.pem +ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_prv.pk8nopubparam.pem +ec_prv.pk8param.pem: ec_prv.pk8param.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_prv.pk8param.pem ################################################################ ### Generate certificates for CRT write check tests diff --git a/tests/data_files/ec_prv.noopt.der b/tests/data_files/ec_prv.pk8nopub.der similarity index 100% rename from tests/data_files/ec_prv.noopt.der rename to tests/data_files/ec_prv.pk8nopub.der diff --git a/tests/data_files/ec_prv.pk8nopub.pem b/tests/data_files/ec_prv.pk8nopub.pem new file mode 100644 index 000000000..0ec527205 --- /dev/null +++ b/tests/data_files/ec_prv.pk8nopub.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDH78XUX+cxmTPQ1hVkYbu3VvBc9c82 +EyGKaGvkAo1Pkw== +-----END PRIVATE KEY----- diff --git a/tests/data_files/ec_prv.pk8nopubparam.der b/tests/data_files/ec_prv.pk8nopubparam.der new file mode 100644 index 0000000000000000000000000000000000000000..70d30fb81a8ccf94a72a1bcb48a35fc455eae481 GIT binary patch literal 79 zcmXr;WnyG75N2c7YV$Z}%f!gW0cJ2Wva=W)7&0+3vM3yXfAmWHbHka&7p{q>B<|iG Z_95o$c{5?fu8iy_Ouhb-7jPjo0RVjE8Gir( literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_prv.pk8nopubparam.pem b/tests/data_files/ec_prv.pk8nopubparam.pem new file mode 100644 index 000000000..5c910c9ad --- /dev/null +++ b/tests/data_files/ec_prv.pk8nopubparam.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDH78XUX+cxmTPQ1hVkYbu3VvBc9c82 +EyGKaGvkAo1Pk6AKBggqhkjOPQMBBw== +-----END PRIVATE KEY----- diff --git a/tests/data_files/ec_prv.pk8param.der b/tests/data_files/ec_prv.pk8param.der new file mode 100644 index 0000000000000000000000000000000000000000..8bbaa3a8b3a0ebf0a0839d4bf9498f7163600c25 GIT binary patch literal 150 zcmXqLoXo_?U?9xKuGQvo&X$RhjRVYJW@KlnG$?0cWMok|{{HBd_~(W*jW1jiO-bCn zJ?ulw*Yjq=id`AmPndfBCokYaXjul;z{G0p=sHBxz%dQ`KI7`k*H u-(Pz+_Jzqdxs#SpO;_sQD|c{WHb0UU?VDO Date: Thu, 22 Mar 2018 22:26:03 +0100 Subject: [PATCH 335/504] all.sh --keep-going: properly handle multiple-builds scripts In keep-going mode, if a multiple-builds script fails, record its status and keep going. --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a309272a0..2dfd39e86 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -492,7 +492,7 @@ msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s -if_build_succeeded tests/scripts/test-ref-configs.pl +record_status tests/scripts/test-ref-configs.pl msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min make @@ -565,19 +565,19 @@ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_ msg "test/build: curves.pl (gcc)" # ~ 4 min cleanup -tests/scripts/curves.pl +record_status tests/scripts/curves.pl msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min cleanup -tests/scripts/depends-hashes.pl +record_status tests/scripts/depends-hashes.pl msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min cleanup -tests/scripts/depends-pkalgs.pl +record_status tests/scripts/depends-pkalgs.pl msg "test/build: key-exchanges (gcc)" # ~ 1 min cleanup -tests/scripts/key-exchanges.pl +record_status tests/scripts/key-exchanges.pl msg "build: Unix make, -Os (gcc)" # ~ 30s cleanup From 1cfa2d0e198e2b45c7b63d774dee119189643076 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Mar 2018 00:55:57 +0100 Subject: [PATCH 336/504] Add missing dependencies in test_suite_x509parse Found by depends-hashes.pl and depends-pkgalgs.pl. --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 9cf80bbf3..8db07bdc3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1299,21 +1299,27 @@ X509 CRL ASN1 (invalid version overflow) x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 X509 CRT parse path #2 (one cert) From 51d9394fdf93c24615cb41f36eeb9bbfe17ed72d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Mar 2018 01:42:44 +0100 Subject: [PATCH 337/504] Add changelog entries for improved testing Fixes #1040 --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0ae1af0f6..0a01c55c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,16 @@ Security trusted CA with a non DER-compliant certificate. Found by luocm on GitHub. Fixes #825. +Bugfix + * Add missing dependencies in test suites that led to build failures + in configurations that omit certain hashes or public-key algorithms. + Fixes #1040. + +Changes + * Improve testing in configurations that omit certain hashes or + public-key algorithms. Includes contributions by Gert van Dijk. + * Improve negative testing of X.509 parsing. + = mbed TLS 2.8.0 branch released 2018-03-16 Default behavior changes From 8d54c069f6688d1ee9891f659857090cefda568d Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Fri, 23 Mar 2018 18:34:35 +0000 Subject: [PATCH 338/504] Use correct version of snprintf on Windows platform.h defines MBEDTLS_PLATFORM_STD_SNPRINTF based on _WIN32. But while defining macro mbedtls_snprintf it sets it to STD C snprintf that is deprecated on Windows. --- include/mbedtls/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index ed1077584..2e21f0338 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -210,7 +210,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, #if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) #define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO #else -#define mbedtls_snprintf snprintf +#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF #endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */ #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ From 5cb1f09ab46ea19e1df78af86fbb19f3de6f8ef4 Mon Sep 17 00:00:00 2001 From: Ivan Krylov Date: Sat, 24 Mar 2018 18:48:04 +0300 Subject: [PATCH 339/504] slight rewording requested by reviewer (#758) --- include/mbedtls/net_sockets.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index f09f8bf3b..38ec91b2e 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -120,7 +120,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char * \param client_ip Will contain the client IP address, can be NULL * \param buf_size Size of the client_ip buffer * \param ip_len Will receive the size of the client IP written, - * can be NULL if client_ip == NULL + * can be NULL if client_ip is null * * \return 0 if successful, or * MBEDTLS_ERR_NET_ACCEPT_FAILED, or From 873f15d70d4bbdefa87c847bfe36b183320a8872 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 25 Mar 2018 23:47:15 +0100 Subject: [PATCH 340/504] Make DLEXT var configurable in library/Makefile --- library/Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/Makefile b/library/Makefile index 65a102f3a..633038efc 100644 --- a/library/Makefile +++ b/library/Makefile @@ -35,9 +35,8 @@ SOEXT_TLS=so.10 SOEXT_X509=so.0 SOEXT_CRYPTO=so.1 -DLEXT=so -# OSX shared library extension: -# DLEXT=dylib +# Set DLEXT=dylib to compile as a shared library for Mac OS X +DLEXT ?= so # Windows shared library extension: ifdef WINDOWS_BUILD From ceed91b72c307d6aa27afb770e38786d27651b96 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 25 Mar 2018 23:48:39 +0100 Subject: [PATCH 341/504] Allow overriding ar param prefix in library/Makefile --- library/Makefile | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/library/Makefile b/library/Makefile index 633038efc..39bc24d78 100644 --- a/library/Makefile +++ b/library/Makefile @@ -38,6 +38,10 @@ SOEXT_CRYPTO=so.1 # Set DLEXT=dylib to compile as a shared library for Mac OS X DLEXT ?= so +# Set AR_DASH= (empty string) to use an ar implentation that does not accept +# the - prefix for command line options (e.g. llvm-ar) +AR_DASH ?= - + # Windows shared library extension: ifdef WINDOWS_BUILD DLEXT=dll @@ -90,9 +94,9 @@ shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT) # tls libmbedtls.a: $(OBJS_TLS) echo " AR $@" - $(AR) -rc $@ $(OBJS_TLS) + $(AR) $(AR_DASH)rc $@ $(OBJS_TLS) echo " RL $@" - $(AR) -s $@ + $(AR) $(AR_DASH)s $@ libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so echo " LD $@" @@ -113,9 +117,9 @@ libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll # x509 libmbedx509.a: $(OBJS_X509) echo " AR $@" - $(AR) -rc $@ $(OBJS_X509) + $(AR) $(AR_DASH)rc $@ $(OBJS_X509) echo " RL $@" - $(AR) -s $@ + $(AR) $(AR_DASH)s $@ libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so echo " LD $@" @@ -136,9 +140,9 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll # crypto libmbedcrypto.a: $(OBJS_CRYPTO) echo " AR $@" - $(AR) -rc $@ $(OBJS_CRYPTO) + $(AR) $(AR_DASH)rc $@ $(OBJS_CRYPTO) echo " RL $@" - $(AR) -s $@ + $(AR) $(AR_DASH)s $@ libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO) echo " LD $@" From ea5a8a418b4fe4b463a5cc0a08e2193a38105950 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 25 Mar 2018 23:57:09 +0100 Subject: [PATCH 342/504] Add ChangeLog entry for library/makefile changes --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index c0759b2b2..4985bcc1a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,10 @@ Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. * Support cmake build where Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and Arne Schwabe. + * Allow configuring the prefix operator for the archiver tool when compiling + the library using the makefile. Found and fixed by Alex Hixon. + * Allow configuring the shared library extension by setting the DLEXT + variable when using the project makefile. = mbed TLS 2.8.0 branch released 2018-03-16 From e4f2736b42656bc62e3e48faf79f91140ab83ce8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 Mar 2018 12:29:30 +0200 Subject: [PATCH 343/504] Add ChangeLog entry --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0a857ba76..634e29cdc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Improve the documentation of mbedtls_net_accept(). Contributed by aitap. + = mbed TLS 2.4.1 branch released 2016-12-13 Changes From 5ad7aea5688081a6217b9f491befb521f37ee71b Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 26 Mar 2018 12:00:09 +0100 Subject: [PATCH 344/504] Update aes.h Minor documentation improvements: Standardized brief file description. Split returns. Minor fixes. --- include/mbedtls/aes.h | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 46016dcb7..c82d39a40 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -1,7 +1,9 @@ /** * \file aes.h * - * \brief The Advanced Encryption Standard (AES) specifies a FIPS-approved + * \brief This file contains AES definitions and functions. + * + * The Advanced Encryption Standard (AES) specifies a FIPS-approved * cryptographic algorithm that can be used to protect electronic * data. * @@ -12,6 +14,7 @@ * techniques -- Encryption algorithms -- Part 2: Asymmetric * ciphers. */ + /* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * @@ -112,8 +115,8 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); *
  • 192 bits
    • *
  • 256 bits
    • * - * \return \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH - * on failure. + * \return \c 0 on success. + * #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -128,7 +131,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, *
  • 192 bits
    • *
  • 256 bits
    • * - * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -192,7 +196,8 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * \param input The buffer holding the input data. * \param output The buffer holding the output data. * - * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH + * \return \c 0 on success. + * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH * on failure. */ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, @@ -313,7 +318,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * \param input The buffer holding the input data. * \param output The buffer holding the output data. * - * \return \c 0 on success. + * \return \c 0 on success. */ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, size_t length, @@ -406,7 +411,8 @@ extern "C" { /** * \brief Checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_aes_self_test( int verbose ); From 4ee9d24c904cab2c3540bf9f240efe768bd11703 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 26 Mar 2018 17:18:44 +0100 Subject: [PATCH 345/504] Update ccm.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. --- include/mbedtls/ccm.h | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 630b7fdf6..93ec157d8 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -1,8 +1,10 @@ /** * \file ccm.h * - * \brief CCM combines Counter mode encryption with CBC-MAC authentication - * for 128-bit block ciphers. + * \brief This file contains CCM definitions and functions. + * + * CCM combines Counter mode encryption with CBC-MAC authentication + * for 128-bit block ciphers. * * Input to CCM includes the following elements: *
    • Payload - data that is both authenticated and encrypted.
      • @@ -75,7 +77,8 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \param key The encryption key. * \param keybits The key size in bits. This must be acceptable by the cipher. * - * \return \c 0 on success, or a cipher-specific error code. + * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, @@ -93,6 +96,13 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); /** * \brief This function encrypts a buffer using CCM. * + * + * \note The tag is written to a separate buffer. To concatenate + * the \p tag with the \p output, as done in RFC-3610: + * Counter with CBC-MAC (CCM), use + * \p tag = \p output + \p length, and make sure that the + * output buffer is at least \p length + \p tag_len wide. + * * \param ctx The CCM context to use for encryption. * \param length The length of the input data in Bytes. * \param iv Initialization vector (nonce). @@ -107,12 +117,6 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \param tag_len The length of the tag to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * - * \note The tag is written to a separate buffer. To concatenate - * the \p tag with the \p output, as done in RFC-3610: - * Counter with CBC-MAC (CCM), use - * \p tag = \p output + \p length, and make sure that the - * output buffer is at least \p length + \p tag_len wide. - * * \return \c 0 on success. */ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, @@ -139,8 +143,8 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param tag_len The length of the tag in Bytes. * 4, 6, 8, 10, 12, 14 or 16. * - * \return 0 if successful and authenticated, or - * #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. + * \return 0 if successful and authenticated. + * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, @@ -164,7 +168,8 @@ extern "C" { /** * \brief The CCM checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_ccm_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ From 02f73a6b555c7784bd90ef25baecb4dbc3528c17 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 26 Mar 2018 18:02:32 +0100 Subject: [PATCH 346/504] Update cipher.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Added missing documentation in lines 99-159 (values in enums) - need to be verified. *lines 79+80 and 97+98 - verify descriptions + what is the difference here between none and null? *lines 177-187 - seems to be an enum without a name? --- include/mbedtls/cipher.h | 297 ++++++++++++++++++++------------------- 1 file changed, 156 insertions(+), 141 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index d1f4efef8..000d18fdc 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -1,7 +1,7 @@ /** * \file cipher.h * - * \brief The generic cipher wrapper. + * \brief Thif file contains the generic cipher wrapper. * * \author Adriaan de Jong */ @@ -69,93 +69,93 @@ extern "C" { #endif /** - * \brief An enumeration of supported ciphers. + * \brief Supported cipher types. * * \warning ARC4 and DES are considered weak ciphers and their use - * constitutes a security risk. We recommend considering stronger - * ciphers instead. + * constitutes a security risk. We recommend you consider using + * stronger ciphers instead. */ typedef enum { - MBEDTLS_CIPHER_ID_NONE = 0, - MBEDTLS_CIPHER_ID_NULL, - MBEDTLS_CIPHER_ID_AES, - MBEDTLS_CIPHER_ID_DES, - MBEDTLS_CIPHER_ID_3DES, - MBEDTLS_CIPHER_ID_CAMELLIA, - MBEDTLS_CIPHER_ID_BLOWFISH, - MBEDTLS_CIPHER_ID_ARC4, + MBEDTLS_CIPHER_ID_NONE = 0, /**< None. */ + MBEDTLS_CIPHER_ID_NULL, /**< NULL.*/ + MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ + MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ + MBEDTLS_CIPHER_ID_3DES, /**< The 3DES cipher. */ + MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ + MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ + MBEDTLS_CIPHER_ID_ARC4, /**< The ARC4 cipher. */ } mbedtls_cipher_id_t; /** - * \brief An enumeration of supported (cipher, mode) pairs. + * \brief Supported {cipher type, cipher mode} pairs. * * \warning ARC4 and DES are considered weak ciphers and their use * constitutes a security risk. We recommend considering stronger * ciphers instead. */ typedef enum { - MBEDTLS_CIPHER_NONE = 0, - MBEDTLS_CIPHER_NULL, - MBEDTLS_CIPHER_AES_128_ECB, - MBEDTLS_CIPHER_AES_192_ECB, - MBEDTLS_CIPHER_AES_256_ECB, - MBEDTLS_CIPHER_AES_128_CBC, - MBEDTLS_CIPHER_AES_192_CBC, - MBEDTLS_CIPHER_AES_256_CBC, - MBEDTLS_CIPHER_AES_128_CFB128, - MBEDTLS_CIPHER_AES_192_CFB128, - MBEDTLS_CIPHER_AES_256_CFB128, - MBEDTLS_CIPHER_AES_128_CTR, - MBEDTLS_CIPHER_AES_192_CTR, - MBEDTLS_CIPHER_AES_256_CTR, - MBEDTLS_CIPHER_AES_128_GCM, - MBEDTLS_CIPHER_AES_192_GCM, - MBEDTLS_CIPHER_AES_256_GCM, - MBEDTLS_CIPHER_CAMELLIA_128_ECB, - MBEDTLS_CIPHER_CAMELLIA_192_ECB, - MBEDTLS_CIPHER_CAMELLIA_256_ECB, - MBEDTLS_CIPHER_CAMELLIA_128_CBC, - MBEDTLS_CIPHER_CAMELLIA_192_CBC, - MBEDTLS_CIPHER_CAMELLIA_256_CBC, - MBEDTLS_CIPHER_CAMELLIA_128_CFB128, - MBEDTLS_CIPHER_CAMELLIA_192_CFB128, - MBEDTLS_CIPHER_CAMELLIA_256_CFB128, - MBEDTLS_CIPHER_CAMELLIA_128_CTR, - MBEDTLS_CIPHER_CAMELLIA_192_CTR, - MBEDTLS_CIPHER_CAMELLIA_256_CTR, - MBEDTLS_CIPHER_CAMELLIA_128_GCM, - MBEDTLS_CIPHER_CAMELLIA_192_GCM, - MBEDTLS_CIPHER_CAMELLIA_256_GCM, - MBEDTLS_CIPHER_DES_ECB, - MBEDTLS_CIPHER_DES_CBC, - MBEDTLS_CIPHER_DES_EDE_ECB, - MBEDTLS_CIPHER_DES_EDE_CBC, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_CIPHER_DES_EDE3_CBC, - MBEDTLS_CIPHER_BLOWFISH_ECB, - MBEDTLS_CIPHER_BLOWFISH_CBC, - MBEDTLS_CIPHER_BLOWFISH_CFB64, - MBEDTLS_CIPHER_BLOWFISH_CTR, - MBEDTLS_CIPHER_ARC4_128, - MBEDTLS_CIPHER_AES_128_CCM, - MBEDTLS_CIPHER_AES_192_CCM, - MBEDTLS_CIPHER_AES_256_CCM, - MBEDTLS_CIPHER_CAMELLIA_128_CCM, - MBEDTLS_CIPHER_CAMELLIA_192_CCM, - MBEDTLS_CIPHER_CAMELLIA_256_CCM, + MBEDTLS_CIPHER_NONE = 0, /**< None. */ + MBEDTLS_CIPHER_NULL, /**< NULL. */ + MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */ + MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */ + MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */ + MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */ + MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */ + MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */ + MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */ + MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */ + MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */ + MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */ + MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */ + MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */ + MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */ + MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */ + MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */ + MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */ + MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */ + MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */ + MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */ + MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */ + MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */ + MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */ + MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */ + MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */ + MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */ + MBEDTLS_CIPHER_ARC4_128, /**< ARC4 cipher with 128-bit mode. */ + MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ + MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ + MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */ } mbedtls_cipher_type_t; /** Supported cipher modes. */ typedef enum { - MBEDTLS_MODE_NONE = 0, - MBEDTLS_MODE_ECB, - MBEDTLS_MODE_CBC, - MBEDTLS_MODE_CFB, - MBEDTLS_MODE_OFB, /* Unused! */ - MBEDTLS_MODE_CTR, - MBEDTLS_MODE_GCM, - MBEDTLS_MODE_STREAM, - MBEDTLS_MODE_CCM, + MBEDTLS_MODE_NONE = 0, /**< None. */ + MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */ + MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */ + MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */ + MBEDTLS_MODE_OFB, /**< Unused. */ + MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */ + MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */ + MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */ + MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */ } mbedtls_cipher_mode_t; /** Supported cipher padding types. */ @@ -163,8 +163,8 @@ typedef enum { MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */ MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */ MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */ - MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible). */ - MBEDTLS_PADDING_NONE, /**< never pad (full blocks only). */ + MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */ + MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */ } mbedtls_cipher_padding_t; /** Type of operation. */ @@ -228,7 +228,8 @@ typedef struct { */ unsigned int iv_size; - /** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */ + /** Flags to set. For example, if the cipher + supports variable IV sizes or variable key sizes. */ int flags; /** The block size, in Bytes. */ @@ -299,7 +300,8 @@ const int *mbedtls_cipher_list( void ); * \param cipher_name Name of the cipher to search for. * * \return The cipher information structure associated with the - * given \p cipher_name, or NULL if not found. + * given \p cipher_name. + * \return NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); @@ -325,7 +327,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC. * * \return The cipher information structure associated with the - * given \p cipher_id, or NULL if not found. + * given \p cipher_id. + * \return NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, int key_bitlen, @@ -352,9 +355,9 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * \param ctx The context to initialize. May not be NULL. * \param cipher_info The cipher to use. * - * \return \c 0 on success, - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure, - * #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure. + * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the * cipher-specific context failed. * * \internal Currently, the function also clears the structure. @@ -368,8 +371,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in * * \param ctx The context of the cipher. Must be initialized. * - * \return The size of the blocks of the cipher, or zero if \p ctx - * has not been initialized. + * \return The size of the blocks of the cipher. + * \return 0 if \p ctx has not been initialized. */ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) { @@ -385,8 +388,8 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c * * \param ctx The context of the cipher. Must be initialized. * - * \return The mode of operation, or #MBEDTLS_MODE_NONE if - * \p ctx has not been initialized. + * \return The mode of operation. + * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized. */ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) { @@ -402,9 +405,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * * \param ctx The context of the cipher. Must be initialized. * - * \return
      • If no IV has been set: the recommended IV size. - * 0 for ciphers not using IV or nonce.
        • - *
      • If IV has already been set: the actual size.
      + * \return The recommended IV size, if no IV has been set. + * 0 for ciphers not using IV or nonce. + * \return The actual size, if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { @@ -422,8 +425,8 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct * * \param ctx The context of the cipher. Must be initialized. * - * \return The type of the cipher, or #MBEDTLS_CIPHER_NONE if - * \p ctx has not been initialized. + * \return The type of the cipher. + * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized. */ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx ) { @@ -439,8 +442,8 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe * * \param ctx The context of the cipher. Must be initialized. * - * \return The name of the cipher, or NULL if \p ctx has not - * been not initialized. + * \return The name of the cipher. + * \return NULL if \p ctx has not been not initialized. */ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) { @@ -455,8 +458,8 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_ * * \param ctx The context of the cipher. Must be initialized. * - * \return The key length of the cipher in bits, or - * #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been + * \return The key length of the cipher in bits. + * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been * initialized. */ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx ) @@ -473,7 +476,8 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t * \param ctx The context of the cipher. Must be initialized. * * \return The type of operation: #MBEDTLS_ENCRYPT or - * #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx + * #MBEDTLS_DECRYPT. + * \return #MBEDTLS_OPERATION_NONE if \p ctx * has not been initialized. */ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) @@ -495,9 +499,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci * \param operation The operation that the key will be used for: * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails, or a cipher-specific - * error code. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * parameter verification fails. + * \return A cipher-specific error code. */ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation ); @@ -512,9 +517,10 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k * \param ctx The generic cipher context. * \param mode The padding mode. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE - * if the selected padding mode is not supported, or - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE + * if the selected padding mode is not supported. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode * does not support padding. */ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ); @@ -524,15 +530,16 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph * \brief This function sets the initialization vector (IV) * or nonce. * + * \note Some ciphers do not use IVs nor nonce. For these + * ciphers, this function has no effect. + * * \param ctx The generic cipher context. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. * - * \returns \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA - * - * \note Some ciphers do not use IVs nor nonce. For these - * ciphers, this function has no effect. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on failure. */ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ); @@ -542,7 +549,8 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, * * \param ctx The generic cipher context. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); @@ -557,7 +565,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); * \param ad The additional data to use. * \param ad_len the Length of \p ad. * - * \return \c 0 on success, or a specific error code on failure. + * \return \c 0 on success. + * \return A specific error code on failure. */ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len ); @@ -573,6 +582,11 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * Exception: For MBEDTLS_MODE_ECB, expects a single block * in size. For example, 16 Bytes for AES. * + * \note If the underlying cipher is GCM, all calls to this + * function, except the last one before + * mbedtls_cipher_finish(). Must have \p ilen as a + * multiple of the block_size. + * * \param ctx The generic cipher context. * \param input The buffer holding the input data. * \param ilen The length of the input data. @@ -582,16 +596,12 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * \param olen The length of the output data, to be updated with the * actual number of Bytes written. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails, - * #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an - * unsupported mode for a cipher, or a cipher-specific - * error code. - * - * \note If the underlying cipher is GCM, all calls to this - * function, except the last one before - * mbedtls_cipher_finish(). Must have \p ilen as a - * multiple of the block_size. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an + * unsupported mode for a cipher. + * \return A cipher-specific error code. */ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ); @@ -606,13 +616,15 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * \param output The buffer to write data to. Needs block_size available. * \param olen The length of the data written to the \p output buffer. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails, - * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption - * expected a full block but was not provided one, - * #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding - * while decrypting, or a cipher-specific error code - * on failure for any other reason. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption + * expected a full block but was not provided one. + * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding + * while decrypting. + * \return A cipher-specific error code on failure for any other + * reason. */ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ); @@ -627,7 +639,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, * \param tag The buffer to write the tag to. * \param tag_len The length of the tag to write. * - * \return \c 0 on success, or a specific error code on failure. + * \return \c 0 on success. + * \return A specific error code on failure. */ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len ); @@ -641,7 +654,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, * \param tag The buffer holding the tag. * \param tag_len The length of the tag to check. * - * \return \c 0 on success, or a specific error code on failure. + * \return \c 0 on success. + * \return A specific error code on failure. */ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len ); @@ -667,13 +681,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * \note Some ciphers do not use IVs nor nonce. For these * ciphers, use \p iv = NULL and \p iv_len = 0. * - * \returns \c 0 on success, or - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption - * expected a full block but was not provided one, or - * #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding - * while decrypting, or a cipher-specific error code on - * failure for any other reason. + * expected a full block but was not provided one. + * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding + * while decrypting. + * \return A cipher-specific error code on failure for any other + * reason. */ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -699,9 +714,9 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * \param tag The buffer for the authentication tag. * \param tag_len The desired length of the authentication tag. * - * \returns \c 0 on success, or - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * a cipher-specific error code. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. + * \return A cipher-specific error code. */ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -713,6 +728,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, /** * \brief The generic autenticated decryption (AEAD) function. * + * \note If the data is not authentic, then the output buffer + * is zeroed out to prevent the unauthentic plaintext being + * used, making this interface safer. + * * \param ctx The generic cipher context. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * \param iv_len The IV length for ciphers with variable-size IV. @@ -728,14 +747,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * \param tag The buffer holding the authentication tag. * \param tag_len The length of the authentication tag. * - * \returns \c 0 on success, or - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic, - * or a cipher-specific error code on failure for any other reason. - * - * \note If the data is not authentic, then the output buffer - * is zeroed out to prevent the unauthentic plaintext being - * used, making this interface safer. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. + * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. + * \return A cipher-specific error code on failure for any other reason. */ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, From f4659efedcb5a0d2e77dc1617f5ba8c26cd5d6e0 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Mon, 26 Mar 2018 22:11:24 +0100 Subject: [PATCH 347/504] Document config restrictions of psk fields --- include/mbedtls/ssl.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5ee9e9d97..d0c367771 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -673,10 +673,18 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) - unsigned char *psk; /*!< pre-shared key */ - size_t psk_len; /*!< length of the pre-shared key */ - unsigned char *psk_identity; /*!< identity for PSK negotiation */ - size_t psk_identity_len;/*!< length of identity */ + unsigned char *psk; /*!< pre-shared key. This field should + only be set via + mbedtls_ssl_conf_psk() */ + size_t psk_len; /*!< length of the pre-shared key. This + field should only be set via + mbedtls_ssl_conf_psk() */ + unsigned char *psk_identity; /*!< identity for PSK negotiation. This + field should only be set via + mbedtls_ssl_conf_psk() */ + size_t psk_identity_len;/*!< length of identity. This field should + only be set via + mbedtls_ssl_conf_psk() */ #endif #if defined(MBEDTLS_SSL_ALPN) From 02facfb4d9a176f68bdaf8251160e52bf85a8258 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 10:26:56 +0100 Subject: [PATCH 348/504] Update cipher.h --- include/mbedtls/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 000d18fdc..216771517 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -1,7 +1,7 @@ /** * \file cipher.h * - * \brief Thif file contains the generic cipher wrapper. + * \brief This file contains the generic cipher wrapper. * * \author Adriaan de Jong */ From 8c154935f6d0a5630b03cce267db298054aa00af Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 10:45:16 +0100 Subject: [PATCH 349/504] Update cmac.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Please verify RFC in file description. --- include/mbedtls/cmac.h | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 628c9daba..b9c6f2210 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -1,8 +1,10 @@ /** * \file cmac.h * - * \brief The Cipher-based Message Authentication Code (CMAC) Mode for - * Authentication. + * \brief This file contains CMAC definitions and functions. + * + * The Cipher-based Message Authentication Code (CMAC) Mode for + * Authentication is defined in RFC-4493: The AES-CMAC Algorithm. */ /* * Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -38,9 +40,9 @@ extern "C" { #define MBEDTLS_DES3_BLOCK_SIZE 8 #if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* The longest block used by CMAC is that of AES. */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */ #else -#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* The longest block used by CMAC is that of 3DES. */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */ #endif #if !defined(MBEDTLS_CMAC_ALT) @@ -67,16 +69,15 @@ struct mbedtls_cmac_context_t * Must be called with an initialized cipher context. * * \param ctx The cipher context used for the CMAC operation, initialized - * as one of the following types:
        - *
      • MBEDTLS_CIPHER_AES_128_ECB
        • - *
      • MBEDTLS_CIPHER_AES_192_ECB
        • - *
      • MBEDTLS_CIPHER_AES_256_ECB
        • - *
      • MBEDTLS_CIPHER_DES_EDE3_ECB
      + * as one of the following types: MBEDTLS_CIPHER_AES_128_ECB, + * MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB, + * or MBEDTLS_CIPHER_DES_EDE3_ECB. * \param key The CMAC key. * \param keybits The length of the CMAC key in bits. * Must be supported by the cipher. * - * \return \c 0 on success, or a cipher-specific error code. + * \returns \c 0 on success. + * \returns A cipher-specific error code on failure. */ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, const unsigned char *key, size_t keybits ); @@ -93,8 +94,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA - * if parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * if parameter verification fails. */ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -110,7 +112,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, * \param ctx The cipher context used for the CMAC operation. * \param output The output buffer for the CMAC checksum result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, @@ -126,7 +129,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, * * \param ctx The cipher context used for the CMAC operation. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); @@ -149,7 +153,8 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); * \param ilen The length of the input data. * \param output The buffer for the generic CMAC result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, @@ -196,7 +201,8 @@ extern "C" { /** * \brief The CMAC checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_cmac_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ From c9474ebdbb4e42d2411220cf3a50306703be5e0d Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 10:58:22 +0100 Subject: [PATCH 350/504] Update ctr_drbg.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Suggest to specify issue for each return code, where multiple failure return codes are listed. --- include/mbedtls/ctr_drbg.h | 53 +++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 121575a51..5f611dd01 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -1,9 +1,11 @@ /** * \file ctr_drbg.h * - * \brief CTR_DRBG is based on AES-256, as defined in NIST SP 800-90A: - * Recommendation for Random Number Generation Using Deterministic - * Random Bit Generators. + * \brief This file contains CTR_DRBG definitions and functions. + * + * CTR_DRBG is based on AES-256, as defined in NIST SP 800-90A: + * Recommendation for Random Number Generation Using Deterministic + * Random Bit Generators. * */ /* @@ -156,8 +158,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ); identifiers. Can be NULL. * \param len The length of the personalization data. * - * \return \c 0 on success, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, int (*f_entropy)(void *, unsigned char *, size_t), @@ -216,22 +218,24 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, * \param additional Additional data to add to the state. Can be NULL. * \param len The length of the additional data. * - * \return \c 0 on success, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len ); /** - * \brief This function updates the state of the CTR_DRBG context. + * \brief This function updates the state of the CTR_DRBG context. * - * \param ctx The CTR_DRBG context. - * \param additional The data to update the state with. - * \param add_len Length of \p additional data. + * \note If \p add_len is greater than + * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first + * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used. + * The remaining Bytes are silently discarded. + * + * \param ctx The CTR_DRBG context. + * \param additional The data to update the state with. + * \param add_len Length of \p additional data. * - * \note If \p add_len is greater than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, - * only the first #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used. - * The remaining Bytes are silently discarded. */ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len ); @@ -249,8 +253,8 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, * \param additional Additional data to update. Can be NULL. * \param add_len The length of the additional data. * - * \return \c 0 on success, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ int mbedtls_ctr_drbg_random_with_add( void *p_rng, @@ -267,8 +271,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, * \param output The buffer to fill. * \param output_len The length of the buffer. * - * \return \c 0 on success, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ int mbedtls_ctr_drbg_random( void *p_rng, @@ -281,8 +285,8 @@ int mbedtls_ctr_drbg_random( void *p_rng, * \param ctx The CTR_DRBG context. * \param path The name of the file. * - * \return \c 0 on success, - * #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on * failure. */ @@ -295,9 +299,9 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char * \param ctx The CTR_DRBG context. * \param path The name of the file. * - * \return \c 0 on success, - * #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure. */ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); @@ -306,7 +310,8 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char /** * \brief The CTR_DRBG checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_ctr_drbg_self_test( int verbose ); From 6899328bf85fa6d89814d8df73b9e20cc96cd0a2 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 11:12:25 +0100 Subject: [PATCH 351/504] Update ecdh.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *p_rng descriptions changed from "parameter" to "context". *Removed bullets from parameter descriptions. --- include/mbedtls/ecdh.h | 119 +++++++++++++++++++++-------------------- 1 file changed, 61 insertions(+), 58 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 99cfde00d..70455e8c7 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -1,10 +1,11 @@ /** * \file ecdh.h * - * \brief The Elliptic Curve Diffie-Hellman (ECDH) protocol APIs. - * - * ECDH is an anonymous key agreement protocol allowing two parties to - * establish a shared secret over an insecure channel. Each party must have an + * \brief This file contains ECDH definitions and functions. + * + * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous + * key agreement protocol allowing two parties to establish a shared + * secret over an insecure channel. Each party must have an * elliptic-curve public–private key pair. * * For more information, see NIST SP 800-56A Rev. 2: Recommendation for @@ -40,14 +41,12 @@ extern "C" { #endif /** - * Defines the source of the imported EC key: - *
      • Our key.
        • - *
      • The key of the peer.
      + * Defines the source of the imported EC key. */ typedef enum { - MBEDTLS_ECDH_OURS, - MBEDTLS_ECDH_THEIRS, + MBEDTLS_ECDH_OURS, /**< Our key. */ + MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */ } mbedtls_ecdh_side; /** @@ -75,16 +74,18 @@ mbedtls_ecdh_context; * implemented during the ECDH key exchange. The second core * computation is performed by mbedtls_ecdh_compute_shared(). * + * \see ecp.h + * * \param grp The ECP group. * \param d The destination MPI (private key). * \param Q The destination point (public key). * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or * \c MBEDTLS_MPI_XXX error code on failure. * - * \see ecp.h */ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), @@ -97,21 +98,22 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * implemented during the ECDH key exchange. The first core * computation is performed by mbedtls_ecdh_gen_public(). * - * \param grp The ECP group. - * \param z The destination MPI (shared secret). - * \param Q The public key from another party. - * \param d Our secret exponent (private key). - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or - * \c MBEDTLS_MPI_XXX error code on failure. - * * \see ecp.h * * \note If \p f_rng is not NULL, it is used to implement * countermeasures against potential elaborate timing * attacks. For more information, see mbedtls_ecp_mul(). + * + * \param grp The ECP group. + * \param z The destination MPI (shared secret). + * \param Q The public key from another party. + * \param d Our secret exponent (private key). + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or + * \c MBEDTLS_MPI_XXX error code on failure. */ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, @@ -139,21 +141,21 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); * This is the first function used by a TLS server for ECDHE * ciphersuites. * + * \note This function assumes that the ECP group (grp) of the + * \p ctx context has already been properly set, + * for example, using mbedtls_ecp_group_load(). + * + * \see ecp.h + * * \param ctx The ECDH context. * \param olen The number of characters written. * \param buf The destination buffer. * \param blen The length of the destination buffer. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \note This function assumes that the ECP group (grp) of the - * \p ctx context has already been properly set, - * for example, using mbedtls_ecp_group_load(). - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -167,14 +169,15 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, * This is the first function used by a TLS client for ECDHE * ciphersuites. * + * \see ecp.h + * * \param ctx The ECDH context. * \param buf The pointer to the start of the input buffer. * \param end The address for one Byte past the end of the buffer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * - * \see ecp.h */ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end ); @@ -186,16 +189,16 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * ServerKeyEchange for static ECDH, and imports ECDH * parameters from the EC key information of a certificate. * + * \see ecp.h + * * \param ctx The ECDH context to set up. * \param key The EC key to use. - * \param side Defines the source of the key: - *
      • 1: Our key.
        • -
      • 0: The key of the peer.
      + * \param side Defines the source of the key: 1: Our key, or + * 0: The key of the peer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * - * \see ecp.h */ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side ); @@ -207,17 +210,17 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai * This is the second function used by a TLS client for ECDH(E) * ciphersuites. * + * \see ecp.h + * * \param ctx The ECDH context. * \param olen The number of Bytes written. * \param buf The destination buffer. * \param blen The size of the destination buffer. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -231,14 +234,14 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, * This is the second function used by a TLS server for ECDH(E) * ciphersuites. * + * \see ecp.h + * * \param ctx The ECDH context. * \param buf The start of the input buffer. * \param blen The length of the input buffer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, const unsigned char *buf, size_t blen ); @@ -249,21 +252,21 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * This is the last function used by both TLS client * and servers. * + * \note If \p f_rng is not NULL, it is used to implement + * countermeasures against potential elaborate timing + * attacks. For more information, see mbedtls_ecp_mul(). + * + * \see ecp.h + * * \param ctx The ECDH context. * \param olen The number of Bytes written. * \param buf The destination buffer. * \param blen The length of the destination buffer. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. - * - * \see ecp.h - * - * \note If \p f_rng is not NULL, it is used to implement - * countermeasures against potential elaborate timing - * attacks. For more information, see mbedtls_ecp_mul(). + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, From 817297fcd73e214cd5079d970725d1d4a9462b58 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 11:30:14 +0100 Subject: [PATCH 352/504] Update ecdsa.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *p_rng descriptions changed from "parameter" to "context". --- include/mbedtls/ecdsa.h | 179 ++++++++++++++++++++-------------------- 1 file changed, 91 insertions(+), 88 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index aa23d67f9..99c6d2e52 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -1,9 +1,10 @@ /** * \file ecdsa.h * - * \brief The Elliptic Curve Digital Signature Algorithm (ECDSA). + * \brief This file contains ECDSA definitions and functions. * - * ECDSA is defined in Standards for Efficient Cryptography Group (SECG): + * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in + * Standards for Efficient Cryptography Group (SECG): * SEC1 Elliptic Curve Cryptography. * The use of ECDSA for TLS is defined in RFC-4492: Elliptic Curve * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). @@ -69,6 +70,14 @@ extern "C" { * * \note The deterministic version is usually preferred. * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated + * as defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.3, step 5. + * + * \see ecp.h + * * \param grp The ECP group. * \param r The first output integer. * \param s The second output integer. @@ -76,18 +85,11 @@ extern "C" { * \param buf The message hash. * \param blen The length of \p buf. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated - * as defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX * or \c MBEDTLS_MPI_XXX error code on failure. - * - * \see ecp.h */ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, @@ -97,10 +99,19 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, /** * \brief This function computes the ECDSA signature of a * previously-hashed message, deterministic version. + * * For more information, see RFC-6979: Deterministic * Usage of the Digital Signature Algorithm (DSA) and Elliptic * Curve Digital Signature Algorithm (ECDSA). * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.3, step 5. + * + * \see ecp.h + * * \param grp The ECP group. * \param r The first output integer. * \param s The second output integer. @@ -109,17 +120,9 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, * \param blen The length of \p buf. * \param md_alg The MD algorithm used to hash the message. * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \return \c 0 on success, - * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * \return \c 0 on success. + * \return or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. - * - * \see ecp.h */ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, @@ -130,6 +133,14 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * \brief This function verifies the ECDSA signature of a * previously-hashed message. * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.4, step 3. + * + * \see ecp.h + * * \param grp The ECP group. * \param buf The message hash. * \param blen The length of \p buf. @@ -137,18 +148,10 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * \param r The first integer of the signature. * \param s The second integer of the signature. * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.4, step 3. - * - * \return \c 0 on success, - * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, - * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure for any other reason. - * - * \see ecp.h */ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, const unsigned char *buf, size_t blen, @@ -169,15 +172,6 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, * of the Digital Signature Algorithm (DSA) and Elliptic * Curve Digital Signature Algorithm (ECDSA). * - * \param ctx The ECDSA context. - * \param md_alg The message digest that was used to hash the message. - * \param hash The message hash. - * \param hlen The length of the hash. - * \param sig The buffer that holds the signature. - * \param slen The length of the signature written. - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. - * * \note The \p sig buffer must be at least twice as large as the * size of the curve used, plus 9. For example, 73 Bytes if * a 256-bit curve is used. A buffer length of @@ -189,11 +183,20 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, * (SECG): SEC1 Elliptic Curve Cryptography      , section * 4.1.3, step 5. * - * \return \c 0 on success, - * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or - * \c MBEDTLS_ERR_ASN1_XXX error code on failure. - * * \see ecp.h + * + * \param ctx The ECDSA context. + * \param md_alg The message digest that was used to hash the message. + * \param hash The message hash. + * \param hlen The length of the hash. + * \param sig The buffer that holds the signature. + * \param slen The length of the signature written. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or + * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, @@ -209,26 +212,17 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t #define MBEDTLS_DEPRECATED #endif /** - * \brief This function computes an ECDSA signature and writes it to a buffer, - * serialized as defined in RFC-4492: Elliptic Curve Cryptography - * (ECC) Cipher Suites for Transport Layer Security (TLS). + * \brief This function computes an ECDSA signature and writes + * it to a buffer, serialized as defined in RFC-4492: + * Elliptic Curve Cryptography (ECC) Cipher Suites for + * Transport Layer Security (TLS). * - * The deterministic version is defined in RFC-6979: - * Deterministic Usage of the Digital Signature Algorithm (DSA) and - * Elliptic Curve Digital Signature Algorithm (ECDSA). + * The deterministic version is defined in RFC-6979: + * Deterministic Usage of the Digital Signature Algorithm (DSA) + * and Elliptic Curve Digital Signature Algorithm (ECDSA). * * \warning It is not thread-safe to use the same context in * multiple threads. - - * - * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 - * - * \param ctx The ECDSA context. - * \param hash The Message hash. - * \param hlen The length of the hash. - * \param sig The buffer that holds the signature. - * \param slen The length of the signature written. - * \param md_alg The MD algorithm used to hash the message. * * \note The \p sig buffer must be at least twice as large as the * size of the curve used, plus 9. For example, 73 Bytes if a @@ -241,11 +235,20 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t * (SECG): SEC1 Elliptic Curve Cryptography, section * 4.1.3, step 5. * - * \return \c 0 on success, - * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or - * \c MBEDTLS_ERR_ASN1_XXX error code on failure. - * * \see ecp.h + * + * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 + * + * \param ctx The ECDSA context. + * \param hash The Message hash. + * \param hlen The length of the hash. + * \param sig The buffer that holds the signature. + * \param slen The length of the signature written. + * \param md_alg The MD algorithm used to hash the message. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or + * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, @@ -258,26 +261,26 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, /** * \brief This function reads and verifies an ECDSA signature. * - * \param ctx The ECDSA context. - * \param hash The message hash. - * \param hlen The size of the hash. - * \param sig The signature to read and verify. - * \param slen The size of \p sig. - * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as * defined in Standards for Efficient Cryptography Group * (SECG): SEC1 Elliptic Curve Cryptography, section * 4.1.4, step 3. * - * \return \c 0 on success, - * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, - * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than \p siglen, - * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX - * error code on failure for any other reason. - * * \see ecp.h + * + * \param ctx The ECDSA context. + * \param hash The message hash. + * \param hlen The size of the hash. + * \param sig The signature to read and verify. + * \param slen The size of \p sig. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. + * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is + * valid but its actual length is less than \p siglen. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX + * error code on failure for any other reason. */ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, @@ -286,16 +289,16 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, /** * \brief This function generates an ECDSA keypair on the given curve. * + * \see ecp.h + * * \param ctx The ECDSA context to store the keypair in. * \param gid The elliptic curve to use. One of the various * \c MBEDTLS_ECP_DP_XXX macros depending on configuration. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on - * failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); @@ -303,13 +306,13 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, /** * \brief This function sets an ECDSA context from an EC key pair. * + * \see ecp.h + * * \param ctx The ECDSA context to set. * \param key The EC key to use. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on - * failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ); From d8c4f61d266a70e07f8fe2a7e51aa967e324aa19 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 11:43:04 +0100 Subject: [PATCH 353/504] Update gcm.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Suggest to specify issue for each return code, where multiple failure return codes are listed. --- include/mbedtls/gcm.h | 61 +++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 1e5a507a2..88408c2cf 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -1,9 +1,11 @@ /** * \file gcm.h * - * \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined - * in D. McGrew, J. Viega, The Galois/Counter Mode of Operation - * (GCM), Natl. Inst. Stand. Technol. + * \brief This file contains GCM definitions and functions. + * + * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined + * in D. McGrew, J. Viega, The Galois/Counter Mode of Operation + * (GCM), Natl. Inst. Stand. Technol. * * For more information on GCM, see NIST SP 800-38D: Recommendation for * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. @@ -91,7 +93,8 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); *
    • 192 bits
      • *
    • 256 bits
    * - * \return \c 0 on success, or a cipher specific error code. + * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, mbedtls_cipher_id_t cipher, @@ -101,15 +104,16 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, /** * \brief This function performs GCM encryption or decryption of a buffer. * - * \note For encryption, the output buffer can be the same as the input buffer. - * For decryption, the output buffer cannot be the same as input buffer. - * If the buffers overlap, the output buffer must trail at least 8 Bytes - * behind the input buffer. + * \note For encryption, the output buffer can be the same as the + * input buffer. For decryption, the output buffer cannot be + * the same as input buffer. If the buffers overlap, the output + * buffer must trail at least 8 Bytes behind the input buffer. * * \param ctx The GCM context to use for encryption or decryption. * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or * #MBEDTLS_GCM_DECRYPT. - * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param length The length of the input data. This must be a multiple of + * 16 except in the last call before mbedtls_gcm_finish(). * \param iv The initialization vector. * \param iv_len The length of the IV. * \param add The buffer holding the additional data. @@ -137,12 +141,13 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * \brief This function performs a GCM authenticated decryption of a * buffer. * - * \note For decryption, the output buffer cannot be the same as input buffer. - * If the buffers overlap, the output buffer must trail at least 8 Bytes - * behind the input buffer. + * \note For decryption, the output buffer cannot be the same as + * input buffer. If the buffers overlap, the output buffer + * must trail at least 8 Bytes behind the input buffer. * * \param ctx The GCM context. - * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param length The length of the input data. This must be a multiple + * of 16 except in the last call before mbedtls_gcm_finish(). * \param iv The initialization vector. * \param iv_len The length of the IV. * \param add The buffer holding the additional data. @@ -152,8 +157,8 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * \param input The buffer holding the input data. * \param output The buffer for holding the output data. * - * \return 0 if successful and authenticated, or - * #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. + * \return 0 if successful and authenticated. + * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. */ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t length, @@ -175,10 +180,12 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, * #MBEDTLS_GCM_DECRYPT. * \param iv The initialization vector. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data, or NULL if \p add_len is 0. - * \param add_len The length of the additional data. If 0, \p add is NULL. + * \param add The buffer holding the additional data, or NULL + * if \p add_len is 0. + * \param add_len The length of the additional data. If 0, + * \p add is NULL. * - * \return \c 0 on success. + * \return \c 0 on success. */ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, int mode, @@ -195,16 +202,18 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, * Bytes. Only the last call before calling * mbedtls_gcm_finish() can be less than 16 Bytes. * - * \note For decryption, the output buffer cannot be the same as input buffer. - * If the buffers overlap, the output buffer must trail at least 8 Bytes - * behind the input buffer. + * \note For decryption, the output buffer cannot be the same as + * input buffer. If the buffers overlap, the output buffer + * must trail at least 8 Bytes behind the input buffer. * * \param ctx The GCM context. - * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param length The length of the input data. This must be a multiple of + * 16 except in the last call before mbedtls_gcm_finish(). * \param input The buffer holding the input data. * \param output The buffer for holding the output data. * - * \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, size_t length, @@ -222,7 +231,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * \param tag The buffer for holding the tag. * \param tag_len The length of the tag to generate. Must be at least four. * - * \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, unsigned char *tag, @@ -251,7 +261,8 @@ extern "C" { /** * \brief The GCM checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_gcm_self_test( int verbose ); From 8c9c794518d27ef538308493666557a4807b7f74 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 11:52:58 +0100 Subject: [PATCH 354/504] Update md.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. --- include/mbedtls/md.h | 99 ++++++++++++++++++++++++-------------------- 1 file changed, 54 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 06538c382..df2ab630b 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -1,7 +1,7 @@ /** * \file md.h * - * \brief The generic message-digest wrapper. + * \brief This file contains the generic message-digest wrapper. * * \author Adriaan de Jong */ @@ -46,7 +46,7 @@ extern "C" { #endif /** - * \brief Enumeration of supported message digests + * \brief Supported message digests. * * \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and * their use constitutes a security risk. We recommend considering @@ -54,16 +54,16 @@ extern "C" { * */ typedef enum { - MBEDTLS_MD_NONE=0, - MBEDTLS_MD_MD2, - MBEDTLS_MD_MD4, - MBEDTLS_MD_MD5, - MBEDTLS_MD_SHA1, - MBEDTLS_MD_SHA224, - MBEDTLS_MD_SHA256, - MBEDTLS_MD_SHA384, - MBEDTLS_MD_SHA512, - MBEDTLS_MD_RIPEMD160, + MBEDTLS_MD_NONE=0, /**< None. */ + MBEDTLS_MD_MD2, /**< The MD2 message digest. */ + MBEDTLS_MD_MD4, /**< The MD4 message digest. */ + MBEDTLS_MD_MD5, /**< The MD5 message digest. */ + MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ + MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ + MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ + MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ + MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ + MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ } mbedtls_md_type_t; #if defined(MBEDTLS_SHA512_C) @@ -119,8 +119,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); * * \param md_type The type of digest to search for. * - * \return The message-digest information associated with \p md_type, - * or NULL if not found. + * \return The message-digest information associated with \p md_type. + * \return NULL if the associated message-digest information is not found. */ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); @@ -168,9 +168,9 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * \param md_info The information structure of the message-digest algorithm * to use. * - * \returns \c 0 on success, - * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, - * #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * \returns #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. */ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED @@ -187,12 +187,12 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ * \param ctx The context to set up. * \param md_info The information structure of the message-digest algorithm * to use. - * \param hmac
    • 0: HMAC is not used. Saves some memory.
      • - *
    • non-zero: HMAC is used with this context.
    + * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory), + * or non-zero: HMAC is used with this context. * - * \returns \c 0 on success, - * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, or - * #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * \returns #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure. */ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); @@ -212,8 +212,8 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf * \param dst The destination context. * \param src The context to be cloned. * - * \return \c 0 on success, - * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. */ int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ); @@ -260,8 +260,9 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); * * \param ctx The generic message-digest context. * - * \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); @@ -277,8 +278,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -296,8 +298,9 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si * \param ctx The generic message-digest context. * \param output The buffer for the generic message-digest checksum result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); @@ -315,8 +318,9 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \param ilen The length of the input data. * \param output The generic message-digest checksum result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output ); @@ -334,9 +338,9 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si * \param path The input file name. * \param output The generic message-digest checksum result. * - * \return \c 0 on success, - * #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, or - * #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. + * \return \c 0 on success. + * \returns #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ); @@ -356,8 +360,9 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, * \param key The HMAC secret key. * \param keylen The length of the HMAC key in Bytes. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ); @@ -377,8 +382,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -397,8 +403,9 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu * context. * \param output The generic HMAC checksum result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); @@ -413,8 +420,9 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); * \param ctx The message digest context containing an embedded HMAC * context. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); @@ -436,8 +444,9 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * \param ilen The length of the input data. * \param output The generic HMAC result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, From e8b5b99159bb6da2ce5bf88769758ea6c155bf42 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 12:19:47 +0100 Subject: [PATCH 355/504] Update rsa.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *p_rng descriptions changed from "parameter" to "context". --- include/mbedtls/rsa.h | 684 +++++++++++++++++++++--------------------- 1 file changed, 343 insertions(+), 341 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 5548f3c12..711329c52 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1,11 +1,12 @@ /** * \file rsa.h * - * \brief The RSA public-key cryptosystem. + * \brief This file contains RSA definitions and functions. * - * For more information, see Public-Key Cryptography Standards (PKCS) - * #1 v1.5: RSA Encryption and Public-Key Cryptography Standards - * (PKCS) #1 v2.1: RSA Cryptography Specifications. + * The RSA public-key cryptosystem is defined in Public-Key + * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption + * and Public-Key Cryptography Standards (PKCS) #1 v2.1: + * RSA Cryptography Specifications. * */ /* @@ -63,8 +64,8 @@ #define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */ #define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */ -#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS-1 v1.5 encoding. */ -#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS-1 v2.1 encoding. */ +#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ +#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ #define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */ #define MBEDTLS_RSA_CRYPT 2 /**< Identifier for RSA encryption and decryption operations. */ @@ -96,24 +97,24 @@ typedef struct int ver; /*!< Always 0.*/ size_t len; /*!< The size of \p N in Bytes. */ - mbedtls_mpi N; /*!< The public modulus. */ - mbedtls_mpi E; /*!< The public exponent. */ + mbedtls_mpi N; /*!< The public modulus. */ + mbedtls_mpi E; /*!< The public exponent. */ - mbedtls_mpi D; /*!< The private exponent. */ - mbedtls_mpi P; /*!< The first prime factor. */ - mbedtls_mpi Q; /*!< The second prime factor. */ + mbedtls_mpi D; /*!< The private exponent. */ + mbedtls_mpi P; /*!< The first prime factor. */ + mbedtls_mpi Q; /*!< The second prime factor. */ - mbedtls_mpi DP; /*!< \p D % (P - 1) */ - mbedtls_mpi DQ; /*!< \p D % (Q - 1) */ - mbedtls_mpi QP; /*!< 1 / (Q % P) */ + mbedtls_mpi DP; /*!< \p D % (P - 1) */ + mbedtls_mpi DQ; /*!< \p D % (Q - 1) */ + mbedtls_mpi QP; /*!< 1 / (Q % P) */ - mbedtls_mpi RN; /*!< cached R^2 mod \p N */ + mbedtls_mpi RN; /*!< cached R^2 mod \p N */ - mbedtls_mpi RP; /*!< cached R^2 mod \p P */ - mbedtls_mpi RQ; /*!< cached R^2 mod \p Q */ + mbedtls_mpi RP; /*!< cached R^2 mod \p P */ + mbedtls_mpi RQ; /*!< cached R^2 mod \p Q */ - mbedtls_mpi Vi; /*!< The cached blinding value. */ - mbedtls_mpi Vf; /*!< The cached un-blinding value. */ + mbedtls_mpi Vi; /*!< The cached blinding value. */ + mbedtls_mpi Vf; /*!< The cached un-blinding value. */ int padding; /*!< Selects padding mode: #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and @@ -134,12 +135,6 @@ mbedtls_rsa_context; * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP * encryption scheme and the RSASSA-PSS signature scheme. * - * \param ctx The RSA context to initialize. - * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or - * #MBEDTLS_RSA_PKCS_V21. - * \param hash_id The hash identifier of #mbedtls_md_type_t type, if - * \p padding is #MBEDTLS_RSA_PKCS_V21. - * * \note The \p hash_id parameter is ignored when using * #MBEDTLS_RSA_PKCS_V15 padding. * @@ -153,6 +148,12 @@ mbedtls_rsa_context; * encryption. For PSS signatures, it is always used for * making signatures, but can be overriden for verifying them. * If set to #MBEDTLS_MD_NONE, it is always overriden. + * + * \param ctx The RSA context to initialize. + * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or + * #MBEDTLS_RSA_PKCS_V21. + * \param hash_id The hash identifier of #mbedtls_md_type_t type, if + * \p padding is #MBEDTLS_RSA_PKCS_V21. */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, @@ -162,13 +163,6 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * \brief This function imports a set of core parameters into an * RSA context. * - * \param ctx The initialized RSA context to store the parameters in. - * \param N The RSA modulus, or NULL. - * \param P The first prime factor of \p N, or NULL. - * \param Q The second prime factor of \p N, or NULL. - * \param D The private exponent, or NULL. - * \param E The public exponent, or NULL. - * * \note This function can be called multiple times for successive * imports, if the parameters are not simultaneously present. * @@ -184,7 +178,15 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * \note The imported parameters are copied and need not be preserved * for the lifetime of the RSA context being set up. * - * \return \c 0 on success, or a non-zero error code on failure. + * \param ctx The initialized RSA context to store the parameters in. + * \param N The RSA modulus, or NULL. + * \param P The first prime factor of \p N, or NULL. + * \param Q The second prime factor of \p N, or NULL. + * \param D The private exponent, or NULL. + * \param E The public exponent, or NULL. + * + * \return \c 0 on success. + * \return A non-zero error code on failure. */ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, @@ -195,6 +197,21 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * \brief This function imports core RSA parameters, in raw big-endian * binary format, into an RSA context. * + * \note This function can be called multiple times for successive + * imports, if the parameters are not simultaneously present. + * + * Any sequence of calls to this function should be followed + * by a call to mbedtls_rsa_complete(), which checks and + * completes the provided information to a ready-for-use + * public or private RSA key. + * + * \note See mbedtls_rsa_complete() for more information on which + * parameters are necessary to set up a private or public + * RSA key. + * + * \note The imported parameters are copied and need not be preserved + * for the lifetime of the RSA context being set up. + * * \param ctx The initialized RSA context to store the parameters in. * \param N The RSA modulus, or NULL. * \param N_len The Byte length of \p N, ignored if \p N == NULL. @@ -207,22 +224,8 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * \param E The public exponent, or NULL. * \param E_len The Byte length of \p E, ignored if \p E == NULL. * - * \note This function can be called multiple times for successive - * imports, if the parameters are not simultaneously present. - * - * Any sequence of calls to this function should be followed - * by a call to mbedtls_rsa_complete(), which checks and - * completes the provided information to a ready-for-use - * public or private RSA key. - * - * \note See mbedtls_rsa_complete() for more information on which - * parameters are necessary to set up a private or public - * RSA key. - * - * \note The imported parameters are copied and need not be preserved - * for the lifetime of the RSA context being set up. - * - * \return \c 0 on success, or a non-zero error code on failure. + * \return \c 0 on success. + * \return A non-zero error code on failure. */ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char const *N, size_t N_len, @@ -250,17 +253,18 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * the RSA context can be used for RSA operations without * the risk of failure or crash. * - * \param ctx The initialized RSA context holding imported parameters. - * - * \return \c 0 on success, or #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the - * attempted derivations failed. - * * \warning This function need not perform consistency checks * for the imported parameters. In particular, parameters that * are not needed by the implementation might be silently * discarded and left unchecked. To check the consistency * of the key material, see mbedtls_rsa_check_privkey(). * + * \param ctx The initialized RSA context holding imported parameters. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations + * failed. + * */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); @@ -292,11 +296,11 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * \param D The MPI to hold the private exponent, or NULL. * \param E The MPI to hold the public exponent, or NULL. * - * \return \c 0 on success, - * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the * requested parameters cannot be done due to missing - * functionality or because of security policies, - * or a non-zero return code on any other failure. + * functionality or because of security policies. + * \return A non-zero return code on any other failure. * */ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, @@ -324,6 +328,9 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * If the function fails due to an unsupported operation, * the RSA context stays intact and remains usable. * + * \note The length fields are ignored if the corresponding + * buffer pointers are NULL. + * * \param ctx The initialized RSA context. * \param N The Byte array to store the RSA modulus, or NULL. * \param N_len The size of the buffer for the modulus. @@ -338,14 +345,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * \param E The Byte array to hold the public exponent, or NULL. * \param E_len The size of the buffer for the public exponent. * - * \note The length fields are ignored if the corresponding - * buffer pointers are NULL. - * - * \return \c 0 on success, - * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the * requested parameters cannot be done due to missing - * functionality or because of security policies, - * or a non-zero return code on any other failure. + * functionality or because of security policies. + * \return A non-zero return code on any other failure. */ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, @@ -357,16 +361,17 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, /** * \brief This function exports CRT parameters of a private RSA key. * + * \note Alternative RSA implementations not using CRT-parameters + * internally can implement this function based on + * mbedtls_rsa_deduce_opt(). + * * \param ctx The initialized RSA context. * \param DP The MPI to hold D modulo P-1, or NULL. * \param DQ The MPI to hold D modulo Q-1, or NULL. * \param QP The MPI to hold modular inverse of Q modulo P, or NULL. * - * \return \c 0 on success, non-zero error code otherwise. - * - * \note Alternative RSA implementations not using CRT-parameters - * internally can implement this function based on - * mbedtls_rsa_deduce_opt(). + * \return \c 0 on success. + * \return A non-zero error code on failure. * */ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, @@ -397,17 +402,17 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); /** * \brief This function generates an RSA keypair. * - * \param ctx The RSA context used to hold the key. - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. - * \param nbits The size of the public key in bits. - * \param exponent The public exponent. For example, 65537. - * * \note mbedtls_rsa_init() must be called before this function, * to set up the RSA context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - on failure. + * \param ctx The RSA context used to hold the key. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * \param nbits The size of the public key in bits. + * \param exponent The public exponent. For example, 65537. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -424,8 +429,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * * \param ctx The RSA context to check. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); @@ -434,11 +439,6 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * \brief This function checks if a context contains an RSA private key * and perform basic consistency checks. * - * \param ctx The RSA context to check. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code on - * failure. - * * \note The consistency checks performed by this function not only * ensure that mbedtls_rsa_private() can be called successfully * on the given context, but that the various parameters are @@ -465,6 +465,11 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * user to ensure the trustworthiness of the source of his RSA * parameters, which goes beyond what is effectively checkable * by the library. + * + * \param ctx The RSA context to check. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); @@ -476,8 +481,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * \param pub The RSA context holding the public key. * \param prv The RSA context holding the private key. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); @@ -485,13 +490,6 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, /** * \brief This function performs an RSA public key operation. * - * \param ctx The RSA context. - * \param input The input buffer. - * \param output The output buffer. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note This function does not handle message padding. * * \note Make sure to set \p input[0] = 0 or ensure that @@ -499,6 +497,13 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, * * \note The input and output buffers must be large * enough. For example, 128 Bytes if RSA-1024 is used. + * + * \param ctx The RSA context. + * \param input The input buffer. + * \param output The output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, const unsigned char *input, @@ -507,15 +512,6 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, /** * \brief This function performs an RSA private key operation. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for blinding. - * \param p_rng The RNG parameter. - * \param input The input buffer. - * \param output The output buffer. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The input and output buffers must be large * enough. For example, 128 Bytes if RSA-1024 is used. * @@ -530,6 +526,15 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * Future versions of the library may enforce the presence * of a PRNG. * + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for blinding. + * \param p_rng The RNG context. + * \param input The input buffer. + * \param output The output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. + * */ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -544,30 +549,29 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 encryption * operation using the \p mode from the context. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 - * encoding, and #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param ilen The length of the plaintext. - * \param input The buffer holding the data to encrypt. - * \param output The buffer used to hold the ciphertext. + * \note The input and output buffers must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 + * encoding, and #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ilen The length of the plaintext. + * \param input The buffer holding the data to encrypt. + * \param output The buffer used to hold the ciphertext. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The input and output buffers must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -580,29 +584,29 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for padding and - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param ilen The length of the plaintext. - * \param input The buffer holding the data to encrypt. - * \param output The buffer used to hold the ciphertext. + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \note The output buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for padding and + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ilen The length of the plaintext. + * \param input The buffer holding the data to encrypt. + * \param output The buffer used to hold the ciphertext. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The output buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -615,10 +619,22 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 OAEP encryption * operation (RSAES-OAEP-ENCRYPT). * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \note The output buffer must be as large as the size + * of ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PUBLIC. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1 * encoding and #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param label The buffer holding the custom label to use. * \param label_len The length of the label. @@ -626,20 +642,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \param input The buffer holding the data to encrypt. * \param output The buffer used to hold the ciphertext. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The output buffer must be as large as the size - * of ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -657,27 +661,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 decryption * operation using the \p mode from the context. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer used to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N (for example, * 128 Bytes if RSA-1024 is used) to be able to hold an @@ -687,6 +670,28 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \note The input buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer used to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. + */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -700,27 +705,10 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 decryption * operation (RSAES-PKCS1-v1_5-DECRYPT). * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N, for example, * 128 Bytes if RSA-1024 is used, to be able to hold an @@ -730,6 +718,24 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \note The input buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. + * */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -740,31 +746,12 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t output_max_len ); /** - * \brief This function performs a PKCS#1 v2.1 OAEP decryption - * operation (RSAES-OAEP-DECRYPT). + * \brief This function performs a PKCS#1 v2.1 OAEP decryption + * operation (RSAES-OAEP-DECRYPT). * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param label The buffer holding the custom label to use. - * \param label_len The length of the label. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N, for @@ -776,6 +763,25 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \note The input buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param label The buffer holding the custom label to use. + * \param label_len The length of the label. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -794,35 +800,35 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 * signature using the \p mode from the context. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer to hold the ciphertext. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 if the signing operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_sign() for details on * \p md_alg and \p hash_id. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer to hold the ciphertext. + * + * \return \c 0 if the signing operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -837,9 +843,21 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 signature * operation (RSASSA-PKCS1-v1_5-SIGN). * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. @@ -847,21 +865,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \param hash The buffer holding the message digest. * \param sig The buffer to hold the ciphertext. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 if the signing operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 if the signing operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -876,30 +881,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 PSS signature * operation (RSASSA-PSS-SIGN). * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer to hold the ciphertext. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 if the signing operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -909,6 +894,25 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography * Specifications it is advised to keep both hashes the * same. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer to hold the ciphertext. + * + * \return \c 0 if the signing operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -926,35 +930,34 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * This is the generic wrapper for performing a PKCS#1 * verification using the mode from the context. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer holding the ciphertext. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 if the verify operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and * \p hash_id. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * set to #MBEDTLS_RSA_PUBLIC. + * + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer holding the ciphertext. + * + * \return \c 0 if the verify operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -969,9 +972,21 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * set to #MBEDTLS_RSA_PUBLIC. + * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. @@ -979,21 +994,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \param hash The buffer holding the message digest. * \param sig The buffer holding the ciphertext. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 if the verify operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 if the verify operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1011,29 +1013,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * The hash function for the MGF mask generating function * is that specified in the RSA context. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer holding the ciphertext. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 if the verify operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -1044,6 +1027,24 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Specifications it is advised to keep both hashes the * same. If \p hash_id in the RSA context is unset, * the \p md_alg from the function call is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PUBLIC. + * + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer holding the ciphertext. + * + * \return \c 0 if the verify operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1061,27 +1062,27 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * The hash function for the MGF mask generating function * is that specified in \p mgf1_hash_id. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param mgf1_hash_id The message digest used for mask generation. - * \param expected_salt_len The length of the salt used in padding. Use - * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. - * \param sig The buffer holding the ciphertext. - * - * \return \c 0 if the verify operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \note The \p hash_id in the RSA context is ignored. + * + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is + * #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param mgf1_hash_id The message digest used for mask generation. + * \param expected_salt_len The length of the salt used in padding. Use + * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. + * \param sig The buffer holding the ciphertext. + * + * \return \c 0 if the verify operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1100,8 +1101,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, * \param dst The destination context. * \param src The source context. * - * \return \c 0 on success, - * #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); @@ -1127,7 +1128,8 @@ extern "C" { /** * \brief The RSA checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_rsa_self_test( int verbose ); From 8274142e45bb14a116a55f11388c099c3981b91f Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 12:49:48 +0100 Subject: [PATCH 356/504] Update sha1.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Applied previous function documentation improvements to depracated functions. --- include/mbedtls/sha1.h | 140 ++++++++++++++++++++++------------------- 1 file changed, 75 insertions(+), 65 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 05540cde1..4a43c0101 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -1,7 +1,10 @@ /** * \file sha1.h * - * \brief The SHA-1 cryptographic hash function. + * \brief This file contains SHA-1 definitions and functions. + * + * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in + * FIPS 180-4: Secure Hash Standard (SHS). * * \warning SHA-1 is considered a weak message digest and its use constitutes * a security risk. We recommend considering stronger message @@ -66,37 +69,37 @@ mbedtls_sha1_context; /** * \brief This function initializes a SHA-1 context. * - * \param ctx The SHA-1 context to initialize. - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context to initialize. + * */ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); /** * \brief This function clears a SHA-1 context. * - * \param ctx The SHA-1 context to clear. - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context to clear. + * */ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); /** * \brief This function clones the state of a SHA-1 context. * - * \param dst The destination context. - * \param src The context to clone. - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param dst The destination context. + * \param src The context to clone. + * */ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, const mbedtls_sha1_context *src ); @@ -104,14 +107,14 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /** * \brief This function starts a SHA-1 checksum calculation. * - * \param ctx The context to initialize. - * - * \return \c 0 if successful - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The context to initialize. + * + * \return \c 0 on success. + * */ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); @@ -119,16 +122,15 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * \brief This function feeds an input buffer into an ongoing SHA-1 * checksum calculation. * - * \param ctx The SHA-1 context. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. - * - * \return \c 0 if successful - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * + * \return \c 0 on success. */ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, @@ -138,31 +140,30 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * \brief This function finishes the SHA-1 operation, and writes * the result to the output buffer. * - * \param ctx The SHA-1 context. - * \param output The SHA-1 checksum result. - * - * \return \c 0 if successful - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context. + * \param output The SHA-1 checksum result. + * + * \return \c 0 on success. */ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ); /** - * \brief SHA-1 process data block (internal use only) - * - * \param ctx SHA-1 context - * \param data The data block being processed. - * - * \return \c 0 if successful + * \brief SHA-1 process data block (internal use only). * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context. + * \param data The data block being processed. + * + * \return \c 0 on success. + * */ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); @@ -174,65 +175,67 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief SHA-1 context setup - * - * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0 - * - * \param ctx The SHA-1 context to be initialized. + * \brief This function starts a SHA-1 checksum calculation. * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0. + * + * \param ctx The context to initialize. + * */ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); /** - * \brief SHA-1 process buffer - * - * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0 - * - * \param ctx The SHA-1 context. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. + * \brief This function feeds an input buffer into an ongoing SHA-1 + * checksum calculation. * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0. + * + * \param ctx The SHA-1 context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * */ MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief SHA-1 final digest - * - * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0 - * - * \param ctx The SHA-1 context. - * \param output The SHA-1 checksum result. + * \brief This function finishes the SHA-1 operation, and writes + * the result to the output buffer. * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0. + * + * \param ctx The SHA-1 context. + * \param output The SHA-1 checksum result. + * */ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ); /** - * \brief SHA-1 process data block (internal use only) - * - * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0 - * - * \param ctx The SHA-1 context. - * \param data The data block being processed. + * \brief SHA-1 process data block (internal use only). * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0. + * + * \param ctx The SHA-1 context. + * \param data The data block being processed. + * */ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); @@ -261,15 +264,15 @@ extern "C" { * The SHA-1 result is calculated as * output = SHA-1(input buffer). * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * * \param input The buffer holding the input data. * \param ilen The length of the input data. * \param output The SHA-1 checksum result. * - * \return \c 0 if successful - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. + * \return \c 0 on success. * */ int mbedtls_sha1_ret( const unsigned char *input, @@ -283,7 +286,17 @@ int mbedtls_sha1_ret( const unsigned char *input, #define MBEDTLS_DEPRECATED #endif /** - * \brief Output = SHA-1( input buffer ) +* \brief This function calculates the SHA-1 checksum of a buffer. + * + * The function allocates the context, performs the + * calculation, and frees the context. + * + * The SHA-1 result is calculated as + * output = SHA-1(input buffer). + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. * * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0 * @@ -291,10 +304,6 @@ int mbedtls_sha1_ret( const unsigned char *input, * \param ilen The length of the input data. * \param output The SHA-1 checksum result. * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * */ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, size_t ilen, @@ -306,12 +315,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, /** * \brief The SHA-1 checkup routine. * - * \return \c 0 on success, or \c 1 on failure. - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \return \c 0 on success. + * \return \c 1 on failure. + * */ int mbedtls_sha1_self_test( int verbose ); From bde68b48d4a4754096bf6ddf873c2a363db182b1 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 12:59:13 +0100 Subject: [PATCH 357/504] Update sha256.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Removed bullets from parameter descriptions. --- include/mbedtls/sha256.h | 47 ++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index ffb16c277..7affb1be8 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -1,7 +1,10 @@ /** * \file sha256.h * - * \brief The SHA-224 and SHA-256 cryptographic hash function. + * \brief This file contains SHA-224 and SHA-256 definitions and functions. + * + * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic + * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS). */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -55,9 +58,8 @@ typedef struct uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[64]; /*!< The data block being processed. */ - int is224; /*!< Determines which function to use. -
    • 0: Use SHA-256.
      • -
    • 1: Use SHA-224.
    */ + int is224; /*!< Determines which function to use: + 0: Use SHA-256, or 1: Use SHA-224. */ } mbedtls_sha256_context; @@ -89,9 +91,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * calculation. * * \param ctx The context to initialize. - * \param is224 Determines which function to use. - *
    • 0: Use SHA-256.
      • - *
    • 1: Use SHA-224.
    + * \param is224 Determines which function to use: + * 0: Use SHA-256, or 1: Use SHA-224. * * \return \c 0 on success. */ @@ -101,9 +102,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \brief This function feeds an input buffer into an ongoing * SHA-256 checksum calculation. * - * \param ctx SHA-256 context - * \param input buffer holding the data - * \param ilen length of the input data + * \param ctx The SHA-256 context to initialize. + * \param input The buffer holding the data. + * \param ilen The length of the input data. * * \return \c 0 on success. */ @@ -143,14 +144,15 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief This function starts a SHA-256 checksum calculation. + * \brief This function starts a SHA-224 or SHA-256 checksum + * calculation. + * * * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0. * - * \param ctx The SHA-256 context to initialize. - * \param is224 Determines which function to use. - *
    • 0: Use SHA-256.
      • - *
    • 1: Use SHA-224.
    + * \param ctx The context to initialize. + * \param is224 Determines which function to use: + * 0: Use SHA-256, or 1: Use SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); @@ -176,7 +178,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * * \param ctx The SHA-256 context. - * \param output The SHA-224or SHA-256 checksum result. + * \param output The SHA-224 or SHA-256 checksum result. */ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); @@ -221,9 +223,8 @@ extern "C" { * \param input The buffer holding the input data. * \param ilen The length of the input data. * \param output The SHA-224 or SHA-256 checksum result. - * \param is224 Determines which function to use. - *
    • 0: Use SHA-256.
      • - *
    • 1: Use SHA-224.
    + * \param is224 Determines which function to use: + * 0: Use SHA-256, or 1: Use SHA-224. */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, @@ -252,9 +253,8 @@ int mbedtls_sha256_ret( const unsigned char *input, * \param input The buffer holding the data. * \param ilen The length of the input data. * \param output The SHA-224 or SHA-256 checksum result. - * \param is224 Determines which function to use. - *
    • 0: Use SHA-256.
      • - *
    • 1: Use SHA-224.
    + * \param is224 Determines which function to use: + * 0: Use SHA-256, or 1: Use SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, size_t ilen, @@ -267,7 +267,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, /** * \brief The SHA-224 and SHA-256 checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_sha256_self_test( int verbose ); From 1a6275ad6269c4c511a31c62da2fe5f9b217ec2e Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 13:03:42 +0100 Subject: [PATCH 358/504] Update sha512.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Removed bullets from parameter descriptions. --- include/mbedtls/sha512.h | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 8404a2d59..ee88fcf31 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -1,7 +1,9 @@ /** * \file sha512.h + * \brief This file contains SHA-384 and SHA-512 definitions and functions. * - * \brief The SHA-384 and SHA-512 cryptographic hash function. + * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic + * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS). */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -55,9 +57,8 @@ typedef struct uint64_t total[2]; /*!< The number of Bytes processed. */ uint64_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[128]; /*!< The data block being processed. */ - int is384; /*!< Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    */ + int is384; /*!< Determines which function to use: + 0: Use SHA-512, or 1: Use SHA-384. */ } mbedtls_sha512_context; @@ -89,9 +90,8 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * calculation. * * \param ctx The SHA-512 context to initialize. - * \param is384 Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    + * \param is384 Determines which function to use: + * 0: Use SHA-512, or 1: Use SHA-384. * * \return \c 0 on success. */ @@ -148,9 +148,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0 * * \param ctx The SHA-512 context to initialize. - * \param is384 Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    + * \param is384 Determines which function to use: + * 0: Use SHA-512, or 1: Use SHA-384. */ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); @@ -159,7 +158,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, * \brief This function feeds an input buffer into an ongoing * SHA-512 checksum calculation. * - * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0 + * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0. * * \param ctx The SHA-512 context. * \param input The buffer holding the data. @@ -173,7 +172,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, * \brief This function finishes the SHA-512 operation, and writes * the result to the output buffer. * - * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0 + * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0. * * \param ctx The SHA-512 context. * \param output The SHA-384 or SHA-512 checksum result. @@ -186,7 +185,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, * the ongoing SHA-512 computation. This function is for * internal use only. * - * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0 + * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0. * * \param ctx The SHA-512 context. * \param data The buffer holding one block of data. @@ -223,9 +222,8 @@ extern "C" { * \param input The buffer holding the input data. * \param ilen The length of the input data. * \param output The SHA-384 or SHA-512 checksum result. - * \param is384 Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    + * \param is384 Determines which function to use: + * 0: Use SHA-512, or 1: Use SHA-384. * * \return \c 0 on success. */ @@ -255,9 +253,8 @@ int mbedtls_sha512_ret( const unsigned char *input, * \param input The buffer holding the data. * \param ilen The length of the input data. * \param output The SHA-384 or SHA-512 checksum result. - * \param is384 Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    + * \param is384 Determines which function to use: + * 0: Use SHA-512, or 1: Use SHA-384. */ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, size_t ilen, @@ -269,7 +266,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, /** * \brief The SHA-384 or SHA-512 checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_sha512_self_test( int verbose ); From 4bca2b0ccd33a8c31b691d7514ee18e6e9d4acca Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 13:12:52 +0100 Subject: [PATCH 359/504] Update platform.h Minor documentation improvements: *Standardized file brief description. *Reordered tags within documentation blocks so that params and returns are last in block. *Some minor rephrasing. --- include/mbedtls/platform.h | 55 ++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index ed1077584..65ae85c19 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -1,7 +1,8 @@ /** * \file platform.h * - * \brief The Mbed TLS platform abstraction layer. + * \brief This file contains the definitions and functions of the + * Mbed TLS platform abstraction layer. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -102,7 +103,7 @@ extern "C" { /* \} name SECTION: Module settings */ /* - * The function pointers for calloc and free + * The function pointers for calloc and free. */ #if defined(MBEDTLS_PLATFORM_MEMORY) #if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \ @@ -116,7 +117,8 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size ); extern void (*mbedtls_free)( void *ptr ); /** - * \brief This function allows configuring custom memory-management functions. + * \brief This function allows configuring custom + * memory-management functions. * * \param calloc_func The \c calloc function implementation. * \param free_func The \c free function implementation. @@ -140,7 +142,8 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); /** - * \brief This function allows configuring a custom \p fprintf function pointer. + * \brief This function allows configuring a custom + * \p fprintf function pointer. * * \param fprintf_func The \c fprintf function implementation. * @@ -163,8 +166,8 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char extern int (*mbedtls_printf)( const char *format, ... ); /** - * \brief This function allows configuring a custom \c printf function - * pointer. + * \brief This function allows configuring a custom \c printf + * function pointer. * * \param printf_func The \c printf function implementation. * @@ -197,12 +200,12 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ); extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); /** - * \brief This function allows configuring a custom \c snprintf function - * pointer. + * \brief This function allows configuring a custom + * \c snprintf function pointer. * * \param snprintf_func The \c snprintf function implementation. * - * \return \c 0 on success. + * \return \c 0 on success. */ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, const char * format, ... ) ); @@ -221,12 +224,12 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, extern void (*mbedtls_exit)( int status ); /** - * \brief This function allows configuring a custom \c exit function - * pointer. + * \brief This function allows configuring a custom + * \c exit function pointer. * * \param exit_func The \c exit function implementation. * - * \return \c 0 on success. + * \return \c 0 on success. */ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #else @@ -302,7 +305,7 @@ int mbedtls_platform_set_nv_seed( * setup or teardown operations. */ typedef struct { - char dummy; /**< Placeholder member, as empty structs are not portable. */ + char dummy; /**< A placeholder member, as empty structs are not portable. */ } mbedtls_platform_context; @@ -311,33 +314,33 @@ mbedtls_platform_context; #endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** - * \brief This function performs any platform initialization operations. + * \brief This function performs any platform-specific initialization operations. + * + * \note This function should be called before any other library functions. + * + * Its implementation is platform-specific, and unless + * platform-specific code is provided, it does nothing. + * + * \note The usage and necessity of this function is dependent on the platform. * * \param ctx The Mbed TLS context. * * \return \c 0 on success. - * - * \note This function is intended to allow platform-specific initialization, - * and should be called before any other library functions. Its - * implementation is platform-specific, and unless - * platform-specific code is provided, it does nothing. - * - * Its use and whether it is necessary to call it is dependent on the - * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** * \brief This function performs any platform teardown operations. * - * \param ctx The Mbed TLS context. - * * \note This function should be called after every other Mbed TLS module * has been correctly freed using the appropriate free function. + * * Its implementation is platform-specific, and unless * platform-specific code is provided, it does nothing. * - * Its use and whether it is necessary to call it is dependent on the - * platform. + * \note The usage and necessity of this function is dependent on the platform. + * + * \param ctx The Mbed TLS context. + * */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From de420a47b63d838403f029b80b9490e574300fad Mon Sep 17 00:00:00 2001 From: Deomid Ryabkov Date: Sun, 27 Nov 2016 14:50:06 +0000 Subject: [PATCH 360/504] Fix some test deps * Cert revocation tests require `MBEDTLS_HAVE_TIME_DATE`. * Verison features tests require... well, `MBEDTLS_VERSION_FEATURES`, actually. Fixes https://github.com/ARMmbed/mbedtls/issues/1475 --- tests/suites/test_suite_version.function | 2 +- tests/suites/test_suite_x509parse.data | 58 ++++++++++++------------ 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function index 37144ca40..a4847f92c 100644 --- a/tests/suites/test_suite_version.function +++ b/tests/suites/test_suite_version.function @@ -64,7 +64,7 @@ void check_runtime_version( char *version_str ) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_VERSION_FEATURES */ void check_feature( char *feature, int result ) { int check = mbedtls_version_check_feature( feature ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 8db07bdc3..406cf5931 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -364,47 +364,47 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED: mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1 X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #2 (Revoked Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #2a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #4 (Valid Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #4a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #5 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #6 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #7 (Revoked Cert, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #8 (Valid Cert) @@ -412,19 +412,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #8a (Expired Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #8b (Future Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #8c (Expired Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #8d (Future Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #9 (Not trusted Cert) @@ -540,7 +540,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #35 (Revoked, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest) @@ -652,7 +652,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C: x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) @@ -712,19 +712,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED: x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #77 (multiple CRLs, revoked) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #78 (multiple CRLs, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #79 (multiple CRLs, revoked by future) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #80 (multiple CRLs, first future, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #81 (multiple CRLs, none relevant) @@ -748,11 +748,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED: x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #86 (Not yet valid CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #87 (Expired CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #88 (Spurious cert in the chain) @@ -808,7 +808,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n" X509 Certificate verification callback: trusted EE cert, expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: simple @@ -816,11 +816,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: simple, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: simple, root expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two trusted roots @@ -848,15 +848,15 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: intermediate ca, int expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, root expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates From 783cb06e051b2d3f992147b1fbc8d103cbb80286 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Mar 2018 16:49:04 +0100 Subject: [PATCH 361/504] Remove duplicate test in all.sh --- tests/scripts/all.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 49b1653bd..d0dc8d67c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -462,12 +462,6 @@ cleanup make SHARED=1 all check fi -if uname -a | grep -F Linux >/dev/null; then -msg "build/test: make shared" # ~ 40s -cleanup -make SHARED=1 all check -fi - if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup From 4c1dc3c2a4144696752091116c86279e24f148dd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Mar 2018 16:52:03 +0100 Subject: [PATCH 362/504] Improve documentation of MBEDTLS_AES_ROM_TABLES --- include/mbedtls/config.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 94e3efbc0..65d6ba8a2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -386,9 +386,10 @@ * Uncomment this macro to use precomputed AES tables stored in ROM. * Comment this macro to generate AES tables in RAM at runtime. * - * Tradeoff: Using precomputed ROM tables reduces the time to setup - * an AES context but comes at the cost of additional ~8kb ROM use - * (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used). + * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb + * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the + * the time to setup an AES context. It comes at the cost of additional + * ~8kb ROM use (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used). * * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * From 98a678674bb8e922de057c3652f2173ca0372605 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Mar 2018 17:10:09 +0100 Subject: [PATCH 363/504] Adapt changes to all.sh to work with --keep-going mode --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d0dc8d67c..3441ae048 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -432,7 +432,7 @@ msg "build: default config with AES_FEWER_TABLES enabled" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES -CC=gcc CFLAGS='-Werror -Wall -Wextra' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES" make test @@ -441,7 +441,7 @@ msg "build: default config with AES_ROM_TABLES enabled" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_ROM_TABLES -CC=gcc CFLAGS='-Werror -Wall -Wextra' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra' msg "test: AES_ROM_TABLES" make test @@ -451,7 +451,7 @@ cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES scripts/config.pl set MBEDTLS_AES_ROM_TABLES -CC=gcc CFLAGS='-Werror -Wall -Wextra' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" make test From 79e7789d4468ab12ee3ff4acdc3a9e7fe4238db0 Mon Sep 17 00:00:00 2001 From: Andy Leiserson Date: Fri, 28 Apr 2017 20:01:49 -0700 Subject: [PATCH 364/504] return plaintext data faster on unpadded decryption --- library/cipher.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index ff0327380..7369f4823 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -325,8 +325,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * If there is not enough data for a full block, cache it. */ - if( ( ctx->operation == MBEDTLS_DECRYPT && + if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && ilen <= block_size - ctx->unprocessed_len ) || + ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && + ilen < block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && ilen < block_size - ctx->unprocessed_len ) ) { @@ -372,9 +374,17 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; } + /* Encryption: only cache partial blocks + * Decryption w/ padding: always keep at least one whole block + * Decryption w/o padding: only cache partial blocks + */ copy_len = ilen % block_size; - if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) + if( copy_len == 0 && + ctx->operation == MBEDTLS_DECRYPT && + NULL != ctx->add_padding) + { copy_len = block_size; + } memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len ); From d1b1788b40ef8dd5e3393a32eea439a68f9fc6a1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 19:14:24 +0100 Subject: [PATCH 365/504] Improve ChangeLog for DLEXT and AR_DASH changes --- ChangeLog | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4985bcc1a..cd6ca5557 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,10 +10,11 @@ Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. * Support cmake build where Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and Arne Schwabe. - * Allow configuring the prefix operator for the archiver tool when compiling - the library using the makefile. Found and fixed by Alex Hixon. + * Add an option in the makefile to support ar utilities where the operation + letter must not be prefixed by '-', such as LLVM. Found and fixed by + Alex Hixon. * Allow configuring the shared library extension by setting the DLEXT - variable when using the project makefile. + environment variable when using the project makefiles. = mbed TLS 2.8.0 branch released 2018-03-16 From 420f0ccdfd97fdba2047c3f219a3dfbdc5c2f6a0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 19:17:21 +0100 Subject: [PATCH 366/504] Make DLEXT var configurable in programs and tests makefiles --- programs/Makefile | 2 +- tests/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 443689b1b..25f184f8c 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -35,7 +35,7 @@ ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif else -DLEXT=so +DLEXT ?= so EXEXT= SHARED_SUFFIX= endif diff --git a/tests/Makefile b/tests/Makefile index 4787f2508..d85617fdc 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -35,7 +35,7 @@ ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif else -DLEXT=so +DLEXT ?= so EXEXT= SHARED_SUFFIX= endif From 79db933fb605e5d3594a42c162b7a6eb9f3de3a7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 19:57:58 +0100 Subject: [PATCH 367/504] Fix shared library lookup on Mac OS X when running tests --- tests/scripts/run-test-suites.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 1f73a545e..7e2974bbc 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -41,6 +41,7 @@ die "$0: no test suite found\n" unless @suites; # in case test suites are linked dynamically $ENV{'LD_LIBRARY_PATH'} = '../library'; +$ENV{'DYLD_LIBRARY_PATH'} = '../library'; my $prefix = $^O eq "MSWin32" ? '' : './'; From 8a0dfacb58d7a3600f66b319bdc0661fb19ad5a9 Mon Sep 17 00:00:00 2001 From: Marcos Del Sol Vives Date: Sun, 6 Nov 2016 12:22:25 +0100 Subject: [PATCH 368/504] Compile PBES2 in PKCS5 only if ASN1 is enabled --- library/pkcs5.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/library/pkcs5.c b/library/pkcs5.c index 95f44fa98..6a5128a84 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -38,11 +38,13 @@ #if defined(MBEDTLS_PKCS5_C) #include "mbedtls/pkcs5.h" +#include + +#if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" #include "mbedtls/oid.h" - -#include +#endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -51,6 +53,22 @@ #define mbedtls_printf printf #endif +#if !defined(MBEDTLS_ASN1_PARSE_C) +int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output ) +{ + ((void) pbe_params); + ((void) mode); + ((void) pwd); + ((void) pwdlen); + ((void) data); + ((void) datalen); + ((void) output); + return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); +} +#else static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, int *keylen, mbedtls_md_type_t *md_type ) @@ -211,6 +229,7 @@ exit: return( ret ); } +#endif /* MBEDTLS_ASN1_PARSE_C */ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, From af9a486b0138709bea86b53c116faa457d96754f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 20:53:07 +0100 Subject: [PATCH 369/504] Fix coding style in pkcs5.c preprocessor directives --- library/pkcs5.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/pkcs5.c b/library/pkcs5.c index 6a5128a84..440a174b5 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -38,13 +38,14 @@ #if defined(MBEDTLS_PKCS5_C) #include "mbedtls/pkcs5.h" -#include #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" #include "mbedtls/oid.h" -#endif +#endif /* MBEDTLS_ASN1_PARSE_C */ + +#include #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" From 576d47470468759739fd086a026208eb294892cb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 20:53:56 +0100 Subject: [PATCH 370/504] Fix test dependencies of pkcs5 pbs2 on asn1 parse --- tests/suites/test_suite_pkcs5.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 3ad64805f..98546cb73 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -46,7 +46,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ void mbedtls_pkcs5_pbes2( int params_tag, char *params_hex, char *pw_hex, char *data_hex, int ref_ret, char *ref_out_hex ) { From cb47a79e0422c3cda9c3915076dc4a11fa756acf Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 21:19:50 +0100 Subject: [PATCH 371/504] Add ChangeLog entry for PBES2 when ASN1 disabled --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index c0759b2b2..77f3f8507 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. * Support cmake build where Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and Arne Schwabe. + * Provide an empty implementation of mbedtls_pkcs5_pbes2() when + MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 + without PBES2. Fixed by Marcos Del Sol Vives. = mbed TLS 2.8.0 branch released 2018-03-16 From f69ad5a898fae494992d974f4f3a245ea3e30afd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Mar 2018 23:08:53 +0200 Subject: [PATCH 372/504] Add ChangeLog entry Fixes #1299. Fixes #1475. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 453364454..b6e892978 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ Bugfix * Add missing dependencies in test suites that led to build failures in configurations that omit certain hashes or public-key algorithms. Fixes #1040. + * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and + MBEDTLS_VERSION_FEATURES in test suites. Contributed by Deomid Ryabkov. + Fixes #1299, #1475. Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. From 6c563fa7cd97a2d4af5424bc562c591ec55758a5 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 27 Mar 2018 19:16:17 -0700 Subject: [PATCH 373/504] Add tests for "return plaintext data faster on unpadded decryption" --- ChangeLog | 2 + tests/suites/test_suite_cipher.aes.data | 514 ++++++++++--------- tests/suites/test_suite_cipher.arc4.data | 22 +- tests/suites/test_suite_cipher.blowfish.data | 66 +-- tests/suites/test_suite_cipher.camellia.data | 110 ++-- tests/suites/test_suite_cipher.des.data | 66 +-- tests/suites/test_suite_cipher.function | 25 +- tests/suites/test_suite_cipher.gcm.data | 96 ++-- tests/suites/test_suite_cipher.null.data | 20 +- 9 files changed, 483 insertions(+), 438 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5f5fdd27c..49eaef744 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,8 @@ Changes * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. + * Return plaintext data sooner on unpadded decryption. Contributed by Andy + Leiserson. #1180 = mbed TLS 2.8.0 branch released 2018-03-16 diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 4a878ecc8..e8e9a155c 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -2,765 +2,789 @@ Decrypt empty buffer depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 dec_empty_buf: -AES Encrypt and decrypt 0 bytes +AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:-1 -AES Encrypt and decrypt 1 byte +AES-128 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:-1 -AES Encrypt and decrypt 2 bytes +AES-128 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:-1 -AES Encrypt and decrypt 7 bytes +AES-128 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:-1 -AES Encrypt and decrypt 8 bytes +AES-128 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:-1 -AES Encrypt and decrypt 9 bytes +AES-128 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:-1 -AES Encrypt and decrypt 15 bytes +AES-128 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:-1 -AES Encrypt and decrypt 16 bytes +AES-128 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:-1 -AES Encrypt and decrypt 17 bytes +AES-128 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:-1 -AES Encrypt and decrypt 31 bytes +AES-128 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:-1 -AES Encrypt and decrypt 33 bytes +AES-128 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:-1 -AES Encrypt and decrypt 47 bytes +AES-128 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:-1 -AES Encrypt and decrypt 48 bytes +AES-128 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:-1 -AES Encrypt and decrypt 49 bytes +AES-128 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:-1 -AES Encrypt and decrypt 0 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 0 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 1 byte with one and zeros padding +AES-128 CBC - Encrypt and decrypt 1 byte with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 2 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 2 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 7 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 7 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 8 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 8 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 9 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 9 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 15 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 15 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 16 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 16 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 17 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 17 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 31 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 31 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 32 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 32 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 33 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 33 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 47 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 47 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 48 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 48 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 49 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 49 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 0 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 0 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 1 byte with zeros and len padding +AES-128 CBC - Encrypt and decrypt 1 byte with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 2 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 2 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 7 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 7 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 8 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 8 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 9 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 9 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 15 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 15 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 16 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 16 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 17 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 17 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 31 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 31 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 32 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 32 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 33 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 33 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 47 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 47 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 48 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 48 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 49 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 49 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 0 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 0 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 1 byte with zeros padding +AES-128 CBC - Encrypt and decrypt 1 byte with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 2 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 2 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 7 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 7 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 8 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 8 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 9 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 9 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 15 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 15 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 16 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 16 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 17 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 17 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 31 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 31 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 32 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 32 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 33 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 33 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 47 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 47 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 48 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 48 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 49 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 49 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 0 bytes with no padding +AES-128 CBC - Encrypt and decrypt 0 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_NONE -AES Encrypt and decrypt 16 bytes with no padding +AES-128 CBC - Encrypt and decrypt 16 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_NONE -AES Encrypt and decrypt 32 bytes with no padding +AES-128 CBC - Encrypt and decrypt 32 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_NONE -AES Encrypt and decrypt 48 bytes with no padding +AES-128 CBC - Encrypt and decrypt 48 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_NONE -AES Try encrypting 1 bytes with no padding +AES-128 CBC - Try encrypting 1 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 2 bytes with no padding +AES-128 CBC - Try encrypting 2 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 7 bytes with no padding +AES-128 CBC - Try encrypting 7 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 8 bytes with no padding +AES-128 CBC - Try encrypting 8 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:8:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 9 bytes with no padding +AES-128 CBC - Try encrypting 9 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 15 bytes with no padding +AES-128 CBC - Try encrypting 15 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 17 bytes with no padding +AES-128 CBC - Try encrypting 17 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 31 bytes with no padding +AES-128 CBC - Try encrypting 31 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 33 bytes with no padding +AES-128 CBC - Try encrypting 33 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 47 bytes with no padding +AES-128 CBC - Try encrypting 47 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 49 bytes with no padding +AES-128 CBC - Try encrypting 49 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Encrypt and decrypt 0 bytes in multiple parts +AES-128 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-128 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32 -AES Encrypt and decrypt 0 bytes +AES-128 CBC - Encrypt and decrypt 0 bytes in multiple parts with no padding +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0:MBEDTLS_PADDING_NONE:0:0:0:0 + +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0:MBEDTLS_PADDING_NONE:16:0:16:0 + +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16:MBEDTLS_PADDING_NONE:0:16:0:16 + +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15:MBEDTLS_PADDING_NONE:0:16:0:16 + +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1:MBEDTLS_PADDING_NONE:0:16:0:16 + +AES-128 CBC - Encrypt and decrypt 32 bytes in multiple parts with no padding 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16:MBEDTLS_PADDING_NONE:16:16:16:16 + +AES-128 CFB - Encrypt and decrypt 0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:0:-1 -AES Encrypt and decrypt 1 byte +AES-128 CFB - Encrypt and decrypt 1 byte depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:1:-1 -AES Encrypt and decrypt 2 bytes +AES-128 CFB - Encrypt and decrypt 2 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:2:-1 -AES Encrypt and decrypt 7 bytes +AES-128 CFB - Encrypt and decrypt 7 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:7:-1 -AES Encrypt and decrypt 8 bytes +AES-128 CFB - Encrypt and decrypt 8 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:8:-1 -AES Encrypt and decrypt 9 bytes +AES-128 CFB - Encrypt and decrypt 9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:9:-1 -AES Encrypt and decrypt 15 bytes +AES-128 CFB - Encrypt and decrypt 15 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:15:-1 -AES Encrypt and decrypt 16 bytes +AES-128 CFB - Encrypt and decrypt 16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:16:-1 -AES Encrypt and decrypt 17 bytes +AES-128 CFB - Encrypt and decrypt 17 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:17:-1 -AES Encrypt and decrypt 31 bytes +AES-128 CFB - Encrypt and decrypt 31 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:31:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CFB - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:32:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CFB - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:33:-1 -AES Encrypt and decrypt 47 bytes +AES-128 CFB - Encrypt and decrypt 47 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:47:-1 -AES Encrypt and decrypt 48 bytes +AES-128 CFB - Encrypt and decrypt 48 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:48:-1 -AES Encrypt and decrypt 49 bytes +AES-128 CFB - Encrypt and decrypt 49 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:49:-1 -AES Encrypt and decrypt 0 bytes in multiple parts +AES-128 CFB - Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:0:-1:1:0:1:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-128 CFB - Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:1:-1:0:1:0:1 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:0:-1:16:0:16:0 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:16:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:15:-1:1:15:1:15 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:1:-1:15:1:15:1 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:7:-1:15:7:15:7 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:6:-1:16:6:16:6 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 23 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:17:6:-1:17:6:17:6 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:16:-1:16:16:16:16 -AES Encrypt and decrypt 0 bytes +AES-128 CTR - Encrypt and decrypt 0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:0:-1 -AES Encrypt and decrypt 1 byte +AES-128 CTR - Encrypt and decrypt 1 byte depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:1:-1 -AES Encrypt and decrypt 2 bytes +AES-128 CTR - Encrypt and decrypt 2 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:2:-1 -AES Encrypt and decrypt 7 bytes +AES-128 CTR - Encrypt and decrypt 7 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:7:-1 -AES Encrypt and decrypt 8 bytes +AES-128 CTR - Encrypt and decrypt 8 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:8:-1 -AES Encrypt and decrypt 9 bytes +AES-128 CTR - Encrypt and decrypt 9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:9:-1 -AES Encrypt and decrypt 15 bytes +AES-128 CTR - Encrypt and decrypt 15 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:15:-1 -AES Encrypt and decrypt 16 bytes +AES-128 CTR - Encrypt and decrypt 16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:16:-1 -AES Encrypt and decrypt 17 bytes +AES-128 CTR - Encrypt and decrypt 17 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:17:-1 -AES Encrypt and decrypt 31 bytes +AES-128 CTR - Encrypt and decrypt 31 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:31:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CTR - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:32:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CTR - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:33:-1 -AES Encrypt and decrypt 47 bytes +AES-128 CTR - Encrypt and decrypt 47 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:47:-1 -AES Encrypt and decrypt 48 bytes +AES-128 CTR - Encrypt and decrypt 48 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:48:-1 -AES Encrypt and decrypt 49 bytes +AES-128 CTR - Encrypt and decrypt 49 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:49:-1 -AES Encrypt and decrypt 0 bytes in multiple parts +AES-128 CTR - Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:0:-1:1:0:1:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-128 CTR - Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:1:-1:0:1:0:1 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:0:-1:16:0:16:0 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:16:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:15:-1:1:15:1:15 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:1:-1:15:1:15:1 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:7:-1:15:7:15:7 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:6:-1:16:6:16:6 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 23 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:17:6:-1:17:6:17:6 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:16:-1:16:16:16:16 -AES Encrypt and decrypt 0 bytes +AES-192 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:0:-1 -AES Encrypt and decrypt 1 byte +AES-192 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:1:-1 -AES Encrypt and decrypt 2 bytes +AES-192 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:2:-1 -AES Encrypt and decrypt 7 bytes +AES-192 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:7:-1 -AES Encrypt and decrypt 8 bytes +AES-192 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:8:-1 -AES Encrypt and decrypt 9 bytes +AES-192 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:9:-1 -AES Encrypt and decrypt 15 bytes +AES-192 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:15:-1 -AES Encrypt and decrypt 16 bytes +AES-192 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:16:-1 -AES Encrypt and decrypt 17 bytes +AES-192 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:17:-1 -AES Encrypt and decrypt 31 bytes +AES-192 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:31:-1 -AES Encrypt and decrypt 32 bytes +AES-192 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:32:-1 -AES Encrypt and decrypt 33 bytes +AES-192 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:33:-1 -AES Encrypt and decrypt 47 bytes +AES-192 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:47:-1 -AES Encrypt and decrypt 48 bytes +AES-192 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:48:-1 -AES Encrypt and decrypt 49 bytes +AES-192 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:49:-1 -AES Encrypt and decrypt 0 bytes in multiple parts +AES-192 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1:-1:0:0:0:0 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0:-1:16:0:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1:-1:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7:-1:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6:-1:16:0:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6:-1:16:0:16:0 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:-1:16:16:0:32 -AES Encrypt and decrypt 0 bytes +AES-256 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:-1 -AES Encrypt and decrypt 1 byte +AES-256 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:1:-1 -AES Encrypt and decrypt 2 bytes +AES-256 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:2:-1 -AES Encrypt and decrypt 7 bytes +AES-256 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:7:-1 -AES Encrypt and decrypt 8 bytes +AES-256 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:8:-1 -AES Encrypt and decrypt 9 bytes +AES-256 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:9:-1 -AES Encrypt and decrypt 15 bytes +AES-256 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:15:-1 -AES Encrypt and decrypt 16 bytes +AES-256 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:16:-1 -AES Encrypt and decrypt 17 bytes +AES-256 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:17:-1 -AES Encrypt and decrypt 31 bytes +AES-256 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:31:-1 -AES Encrypt and decrypt 32 bytes +AES-256 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:32:-1 -AES Encrypt and decrypt 33 bytes +AES-256 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:33:-1 -AES Encrypt and decrypt 47 bytes +AES-256 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:47:-1 -AES Encrypt and decrypt 48 bytes +AES-256 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:48:-1 -AES Encrypt and decrypt 49 bytes +AES-256 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:49:-1 -AES Encrypt and decrypt 0 bytes in multiple parts +AES-256 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1:-1:0:0:0:0 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0:-1:16:0:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1:-1:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7:-1:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6:-1:16:0:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6:-1:16:0:16:0 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16:-1:16:16:0:32 AES Decrypt test vector #0 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data index 1dd23110d..6e69b811f 100644 --- a/tests/suites/test_suite_cipher.arc4.data +++ b/tests/suites/test_suite_cipher.arc4.data @@ -60,44 +60,44 @@ enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:49:-1 ARC4 Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:0:-1:0:0:0:0 ARC4 Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:0:-1:1:0:1:0 ARC4 Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:1:-1:0:1:0:1 ARC4 Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:0:-1:16:0:16:0 ARC4 Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:16:-1:0:16:0:16 ARC4 Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:15:-1:1:15:1:15 ARC4 Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:1:-1:15:1:15:1 ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:7:-1:15:7:15:7 ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:6:-1:16:6:16:6 ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:17:6:-1:17:6:17:6 ARC4 Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:16:-1:16:16:16:16 diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data index 9be846dad..b94bc4704 100644 --- a/tests/suites/test_suite_cipher.blowfish.data +++ b/tests/suites/test_suite_cipher.blowfish.data @@ -300,47 +300,47 @@ enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIP BLOWFISH Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:1:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0:-1:16:0:8:8 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1:-1:8:8:8:8 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:7:-1:8:8:8:8 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:6:-1:16:0:8:8 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:17:6:-1:16:0:16:0 BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:16:-1:16:16:8:24 BLOWFISH Encrypt and decrypt 0 bytes depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB @@ -404,47 +404,47 @@ enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:49:-1 BLOWFISH Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:0:-1:1:0:1:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:1:-1:0:1:0:1 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:0:-1:16:0:16:0 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:16:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:15:-1:1:15:1:15 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:1:-1:15:1:15:1 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:7:-1:15:7:15:7 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:6:-1:16:6:16:6 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:17:6:-1:17:6:17:6 BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:16:-1:16:16:16:16 BLOWFISH Encrypt and decrypt 0 bytes depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR @@ -508,47 +508,47 @@ enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:49:-1 BLOWFISH Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:0:-1:1:0:1:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:1:-1:0:1:0:1 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:0:-1:16:0:16:0 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:16:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:15:-1:1:15:1:15 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:1:-1:15:1:15:1 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:7:-1:15:7:15:7 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:6:-1:16:6:16:6 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:17:6:-1:17:6:17:6 BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:16:-1:16:16:16:16 BLOWFISH CBC Encrypt and decrypt 7 bytes, 192-bits key depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data index b89b70def..e6342da2b 100644 --- a/tests/suites/test_suite_cipher.camellia.data +++ b/tests/suites/test_suite_cipher.camellia.data @@ -300,47 +300,47 @@ enc_fail:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16:-1:16:16:0:32 CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB @@ -404,47 +404,47 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:"CAMELLIA-128-CFB128":128:49:-1 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:0:-1:1:0:1:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:1:-1:0:1:0:1 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:0:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:15:-1:1:15:1:15 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:1:-1:15:1:15:1 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:7:-1:15:7:15:7 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:6:-1:16:6:16:6 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:17:6:-1:17:6:17:6 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:16:-1:16:16:16:16 CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR @@ -508,47 +508,47 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CTR:"CAMELLIA-128-CTR":128:49:-1 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:0:-1:1:0:1:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:1:-1:0:1:0:1 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:0:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:15:-1:1:15:1:15 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:1:-1:15:1:15:1 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:7:-1:15:7:15:7 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:6:-1:16:6:16:6 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:17:6:-1:17:6:17:6 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:16:-1:16:16:16:16 CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -612,47 +612,47 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:49:-1 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16:-1:16:16:0:32 CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -716,44 +716,44 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:49:-1 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:-1:16:16:0:32 diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index 3aac934b0..ba9020eab 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -300,47 +300,47 @@ enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:49:MBEDTLS_ERR_CIPHER_FU DES Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0:-1:0:0:0:0 DES Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0:-1:0:0:0:0 DES Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1:-1:0:0:0:0 DES Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0:-1:16:0:8:8 DES Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16:-1:0:16:0:16 DES Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15:-1:0:16:0:16 DES Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1:-1:8:8:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7:-1:8:8:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6:-1:16:0:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6:-1:16:0:16:0 DES Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16:-1:16:16:8:24 DES Encrypt and decrypt 0 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -404,47 +404,47 @@ enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:49:-1 DES3 Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0:-1:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0:-1:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1:-1:0:0:0:0 DES3 Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0:-1:16:0:8:8 DES3 Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16:-1:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15:-1:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1:-1:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7:-1:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6:-1:16:0:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6:-1:16:0:16:0 DES3 Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16:-1:16:16:8:24 DES3 Encrypt and decrypt 0 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -508,47 +508,47 @@ enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:49:-1 DES3 Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0:-1:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0:-1:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1:-1:0:0:0:0 DES3 Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0:-1:16:0:8:8 DES3 Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16:-1:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15:-1:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1:-1:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7:-1:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6:-1:16:0:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6:-1:16:0:16:0 DES3 Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16:-1:16:16:8:24 DES ECB Encrypt test vector (OpenSSL) #1 depends_on:MBEDTLS_DES_C diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 107352438..8f1109ee8 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -358,7 +358,9 @@ exit: /* BEGIN_CASE */ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, - int second_length_val ) + int second_length_val, int pad_mode, + int first_encrypt_output_len, int second_encrypt_output_len, + int first_decrypt_output_len, int second_decrypt_output_len ) { size_t first_length = first_length_val; size_t second_length = second_length_val; @@ -398,6 +400,16 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) ); TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) ); +#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) + if( -1 != pad_mode ) + { + TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) ); + TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) ); + } +#else + (void) pad_mode; +#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) ); @@ -414,8 +426,10 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, /* encode length number of bytes from inbuf */ TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) ); + TEST_ASSERT( (size_t)first_encrypt_output_len == outlen ); totaloutlen = outlen; TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) ); + TEST_ASSERT( (size_t)second_encrypt_output_len == outlen ); totaloutlen += outlen; TEST_ASSERT( totaloutlen == length || ( totaloutlen % block_size == 0 && @@ -430,15 +444,20 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, totaloutlen <= length + block_size ) ); /* decode the previously encoded string */ - TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, totaloutlen, decbuf, &outlen ) ); + second_length = totaloutlen - first_length; + TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) ); + TEST_ASSERT( (size_t)first_decrypt_output_len == outlen ); totaloutlen = outlen; + TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) ); + TEST_ASSERT( (size_t)second_decrypt_output_len == outlen ); + totaloutlen += outlen; TEST_ASSERT( totaloutlen == length || ( totaloutlen % block_size == 0 && totaloutlen < length && totaloutlen + block_size >= length ) ); - TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) ); + TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) ); totaloutlen += outlen; TEST_ASSERT( totaloutlen == length ); diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data index b0ccbe871..0efed5848 100644 --- a/tests/suites/test_suite_cipher.gcm.data +++ b/tests/suites/test_suite_cipher.gcm.data @@ -60,35 +60,35 @@ enc_dec_buf:MBEDTLS_CIPHER_AES_128_GCM:"AES-128-GCM":128:49:-1 AES 128 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:0:-1:0:0:0:0 AES 128 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:1:0:-1:1:0:1:0 AES 128 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:1:-1:0:1:0:1 AES 128 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:0:-1:16:0:16:0 AES 128 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:16:-1:0:16:0:16 AES 128 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:6:-1:16:6:16:6 AES 128 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:22:-1:0:22:0:22 AES 128 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:16:-1:16:16:16:16 AES 128 GCM Decrypt test vector #1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C @@ -188,35 +188,35 @@ enc_dec_buf:MBEDTLS_CIPHER_AES_192_GCM:"AES-192-GCM":192:49:-1 AES 192 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:0:-1:0:0:0:0 AES 192 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:1:0:-1:1:0:1:0 AES 192 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:1:-1:0:1:0:1 AES 192 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:0:-1:16:0:16:0 AES 192 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:16:-1:0:16:0:16 AES 192 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:6:-1:16:6:16:6 AES 192 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:22:-1:0:22:0:22 AES 192 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:16:-1:16:16:16:16 AES 192 GCM Decrypt test vector #1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C @@ -304,35 +304,35 @@ enc_dec_buf:MBEDTLS_CIPHER_AES_256_GCM:"AES-256-GCM":256:49:-1 AES 256 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:0:-1:0:0:0:0 AES 256 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:1:0:-1:1:0:1:0 AES 256 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:1:-1:0:1:0:1 AES 256 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:0:-1:16:0:16:0 AES 256 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:16:-1:0:16:0:16 AES 256 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:6:-1:16:6:16:6 AES 256 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:22:-1:0:22:0:22 AES 256 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:16:-1:16:16:16:16 AES 128 GCM Decrypt test vector #0 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C @@ -428,35 +428,35 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:"CAMELLIA-128-GCM":128:49:-1 CAMELLIA 128 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:0:-1:0:0:0:0 CAMELLIA 128 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:1:0:-1:1:0:1:0 CAMELLIA 128 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:1:-1:0:1:0:1 CAMELLIA 128 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:0:-1:16:0:16:0 CAMELLIA 128 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:16:-1:0:16:0:16 CAMELLIA 128 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:6:-1:16:6:16:6 CAMELLIA 128 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:22:-1:0:22:0:22 CAMELLIA 128 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:16:-1:16:16:16:16 CAMELLIA 128 GCM Decrypt test vector #1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C @@ -540,35 +540,35 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_GCM:"CAMELLIA-192-GCM":192:49:-1 CAMELLIA 192 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:0:-1:0:0:0:0 CAMELLIA 192 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:1:0:-1:1:0:1:0 CAMELLIA 192 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:1:-1:0:1:0:1 CAMELLIA 192 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:0:-1:16:0:16:0 CAMELLIA 192 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:16:-1:0:16:0:16 CAMELLIA 192 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:6:-1:16:6:16:6 CAMELLIA 192 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:22:-1:0:22:0:22 CAMELLIA 192 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:16:-1:16:16:16:16 CAMELLIA 192 GCM Decrypt test vector #1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C @@ -652,35 +652,35 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_GCM:"CAMELLIA-256-GCM":256:49:-1 CAMELLIA 256 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:0:-1:0:0:0:0 CAMELLIA 256 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:1:0:-1:1:0:1:0 CAMELLIA 256 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:1:-1:0:1:0:1 CAMELLIA 256 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:0:-1:16:0:16:0 CAMELLIA 256 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:16:-1:0:16:0:16 CAMELLIA 256 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:6:-1:16:6:16:6 CAMELLIA 256 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:22:-1:0:22:0:22 CAMELLIA 256 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:16:-1:16:16:16:16 CAMELLIA 256 GCM Decrypt test vector #1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C diff --git a/tests/suites/test_suite_cipher.null.data b/tests/suites/test_suite_cipher.null.data index c65e970a7..371b30677 100644 --- a/tests/suites/test_suite_cipher.null.data +++ b/tests/suites/test_suite_cipher.null.data @@ -56,40 +56,40 @@ enc_dec_buf:MBEDTLS_CIPHER_NULL:"NULL":0:49:-1 NULL Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:0:-1:1:0:1:0 NULL Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:1:-1:0:1:0:1 NULL Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:0:-1:16:0:16:0 NULL Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:16:-1:0:16:0:16 NULL Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:15:-1:1:15:1:15 NULL Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:1:-1:15:1:15:1 NULL Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:7:-1:15:7:15:7 NULL Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:6:-1:16:6:16:6 NULL Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:17:6:-1:17:6:17:6 NULL Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:16:-1:16:16:16:16 From 71830318d3e9000395d6178fbb0c6d0088b2f73e Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Wed, 28 Mar 2018 09:48:29 +0100 Subject: [PATCH 374/504] Rephrase Changelog entry Bugfix->Changes --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 13dda4db5..024854d60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,9 +2,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx -Bugfix - * Fix possible memory leak in mbedtls_ssl_config_free(). - This can occur only if the user doesn't use mbedtls_ssl_conf_psk() and +Changes + * Harden mbedtls_ssl_config_free() against misuse, so that it doesn't + leak memory in case the user doesn't use mbedtls_ssl_conf_psk() and instead incorrectly manipulates conf->psk and/or conf->psk_identity directly. Found and fix submitted by junyeonLEE in #1220. From 54fc34ea683167260ec5df3dc94a7c544b08325c Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Mon, 16 May 2016 15:15:45 +0100 Subject: [PATCH 375/504] Include order of Curve25519 base point in curve data --- include/mbedtls/ecp.h | 2 +- library/ecp_curves.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b00ba4da8..d8c68233d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -144,7 +144,7 @@ typedef struct mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */ mbedtls_ecp_point G; /*!< generator of the (sub)group used */ - mbedtls_mpi N; /*!< 1. the order of G, or 2. unused */ + mbedtls_mpi N; /*!< the order of G */ size_t pbits; /*!< number of bits in P */ size_t nbits; /*!< number of bits in 1. P, or 2. private keys */ unsigned int h; /*!< internal: 1 if the constants are static */ diff --git a/library/ecp_curves.c b/library/ecp_curves.c index df5ac3eea..5b38a8772 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -670,6 +670,11 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) ); grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + /* N = 2^252 + 27742317777372353535851937790883648493 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16, + "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); + /* Y intentionaly not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); From fff308e2faa9d3ae489bd8c285162267bb05d570 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Mar 2018 11:13:05 +0200 Subject: [PATCH 376/504] Add a ChangeLog entry for Curve22519 N --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 453364454..6f56fae51 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,9 @@ Changes * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. + * Add the order of the base point as N in the mbedtls_ecp_group structure + for Curve25519 (other curves had it already). Contributed by Nicholas + Wilson #481 = mbed TLS 2.8.0 branch released 2018-03-16 From 18b78435dc3883ad0aae000662a28f74ccfd7375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Mar 2018 11:14:06 +0200 Subject: [PATCH 377/504] Fix a typo in a comment --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 5b38a8772..f7860fdbc 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -675,7 +675,7 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); - /* Y intentionaly not set, since we use x/z coordinates. + /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); From 6a92ce6fd96a97f53483d48a7a475952d203a1f1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 28 Mar 2018 11:42:05 +0100 Subject: [PATCH 378/504] Improve documentation of MBEDTLS_AES_FEWER_TABLES in config.h --- include/mbedtls/config.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 65d6ba8a2..d453f25e6 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -388,8 +388,10 @@ * * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the - * the time to setup an AES context. It comes at the cost of additional - * ~8kb ROM use (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used). + * initialization time before the first AES operation can be performed. + * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c + * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded + * performance if ROM access is slower than RAM access. * * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * From 065ecf587f3bf1fc59df46e4e1c1adb01074c1b8 Mon Sep 17 00:00:00 2001 From: Ivan Krylov Date: Wed, 28 Mar 2018 16:19:18 +0300 Subject: [PATCH 379/504] Changelog: use my real name (#758) --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 634e29cdc..70094e06b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,7 +3,7 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Changes - * Improve the documentation of mbedtls_net_accept(). Contributed by aitap. + * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. = mbed TLS 2.4.1 branch released 2016-12-13 From 52aecb9a7f57b63e56a8adde7baf75c9b60f5050 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 28 Mar 2018 23:41:40 -0700 Subject: [PATCH 380/504] Check whether INT_MAX larger than SIZE_MAX scenario Check whether INT_MAX larger than SIZE_MAX scenario --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2bd720410..a3515e1dc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2422,7 +2422,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - if ( (size_t)ret > len ) + if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_recv returned %d bytes but only %zu were requested", @@ -2477,7 +2477,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); - if( (size_t)ret > ssl->out_left ) + if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned %d bytes but only %zu bytes were sent", From 19d1373bb9d4cf581b65b4b82306bcd73e4a3242 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 29 Mar 2018 11:04:20 +0100 Subject: [PATCH 381/504] Enable SSL test scripts to dump logs on stdout --- tests/compat.sh | 2 +- tests/ssl-opt.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 672bdab78..34e38f10f 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -1087,7 +1087,7 @@ run_client() { cp $CLI_OUT c-cli-${TESTS}.log echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" - if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then + if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then echo " ! server output:" cat c-srv-${TESTS}.log echo " ! ===================================================" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2d6b71af0..9fde54a6b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -231,7 +231,7 @@ fail() { fi echo " ! outputs saved to o-XXX-${TESTS}.log" - if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then + if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then echo " ! server output:" cat o-srv-${TESTS}.log echo " ! ========================================================" From a357f1a6caa11703bc63459af17bdac05277572d Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 29 Mar 2018 08:17:15 -0400 Subject: [PATCH 382/504] Move changelog entry to bugfix from changes --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 49eaef744..1b0053755 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,8 @@ Bugfix Fixes #1040. * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. #1353 + * Return plaintext data sooner on unpadded decryption, as stated in + mbedtls_cipher_update documentation. Contributed by Andy Leiserson. #1180 Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. @@ -26,8 +28,6 @@ Changes * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. - * Return plaintext data sooner on unpadded decryption. Contributed by Andy - Leiserson. #1180 = mbed TLS 2.8.0 branch released 2018-03-16 From 08f3ef1861478587211971494541a6b0e97cfdc7 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Tue, 10 Nov 2015 13:10:01 +0000 Subject: [PATCH 383/504] Basic support for Curve448, similar to the current level of support for Curve25519 --- include/mbedtls/config.h | 1 + include/mbedtls/ecp.h | 3 +- library/ecp.c | 24 ++++-- library/ecp_curves.c | 128 ++++++++++++++++++++++++++++++- library/version_features.c | 3 + programs/test/benchmark.c | 91 +++++++++++++--------- tests/suites/test_suite_ecp.data | 4 + 7 files changed, 209 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 48c32d4aa..9585e6922 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -609,6 +609,7 @@ #define MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_ECP_DP_CURVE448_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b00ba4da8..710fc3a6b 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -72,7 +72,8 @@ typedef enum MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */ MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */ MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */ - MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */ + MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */ + MBEDTLS_ECP_DP_CURVE448, /*!< Curve448 */ MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */ MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */ MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */ diff --git a/library/ecp.c b/library/ecp.c index b41baef27..92a188b66 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -26,6 +26,7 @@ * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf * RFC 4492 for the related TLS structures and constants + * RFC 7748 for the Curve448 and Curve25519 curve definitions * * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf * @@ -99,7 +100,8 @@ static unsigned long add_count, dbl_count, mul_count; #define ECP_SHORTWEIERSTRASS #endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ + defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define ECP_MONTGOMERY #endif @@ -1852,6 +1854,8 @@ cleanup: static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) { /* [Curve25519 p. 5] Just check X is the correct number of bytes */ + /* Allow any public value, if it's too big then we'll just reduce it mod p + * (RFC 7748 sec. 5 para. 3). */ if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) return( MBEDTLS_ERR_ECP_INVALID_KEY ); @@ -1887,14 +1891,18 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi * #if defined(ECP_MONTGOMERY) if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) { - /* see [Curve25519] page 5 */ + /* see RFC 7748 sec. 5 para. 5 */ if( mbedtls_mpi_get_bit( d, 0 ) != 0 || mbedtls_mpi_get_bit( d, 1 ) != 0 || - mbedtls_mpi_get_bit( d, 2 ) != 0 || mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ return( MBEDTLS_ERR_ECP_INVALID_KEY ); else - return( 0 ); + + /* see [Curve25519] page 5 */ + if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 ) + return( MBEDTLS_ERR_ECP_INVALID_KEY ); + + return( 0 ); } #endif /* ECP_MONTGOMERY */ #if defined(ECP_SHORTWEIERSTRASS) @@ -1941,10 +1949,14 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, else MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) ); - /* Make sure the last three bits are unset */ + /* Make sure the last two bits are unset for Curve448, three bits for + Curve25519 */ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); + if( grp->nbits == 254 ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); + } } else #endif /* ECP_MONTGOMERY */ diff --git a/library/ecp_curves.c b/library/ecp_curves.c index df5ac3eea..58630e3d0 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -627,6 +627,9 @@ static int ecp_mod_p521( mbedtls_mpi * ); #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) static int ecp_mod_p255( mbedtls_mpi * ); #endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +static int ecp_mod_p448( mbedtls_mpi * ); +#endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static int ecp_mod_p192k1( mbedtls_mpi * ); #endif @@ -687,6 +690,52 @@ cleanup: } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +/* + * Specialized function for creating the Curve448 group + */ +static int ecp_use_curve448( mbedtls_ecp_group *grp ) +{ + mbedtls_mpi Ns; + int ret; + + mbedtls_mpi_init( &Ns ); + + /* Actually ( A + 2 ) / 4 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) ); + + /* P = 2^448 - 2^224 - 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); + grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + + /* Y intentionally not set, since we use x/z coordinates. + * This is used as a marker to identify Montgomery curves! */ + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); + mbedtls_mpi_free( &grp->G.Y ); + + /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16, + "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) ); + + /* Actually, the required msb for private keys */ + grp->nbits = 447; + +cleanup: + mbedtls_mpi_free( &Ns ); + if( ret != 0 ) + mbedtls_ecp_group_free( grp ); + + return( ret ); +} +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + /* * Set a group using well-known domain parameters */ @@ -767,6 +816,12 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) return( ecp_use_curve25519( grp ) ); #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + case MBEDTLS_ECP_DP_CURVE448: + grp->modp = ecp_mod_p448; + return( ecp_use_curve448( grp ) ); +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + default: mbedtls_ecp_group_free( grp ); return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); @@ -1176,7 +1231,7 @@ static int ecp_mod_p255( mbedtls_mpi *N ) M.s = 1; M.n = N->n - ( P255_WIDTH - 1 ); if( M.n > P255_WIDTH + 1 ) - M.n = P255_WIDTH + 1; + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); M.p = Mp; memset( Mp, 0, sizeof Mp ); memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); @@ -1197,6 +1252,77 @@ cleanup: } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + +/* Size of p448 in terms of mbedtls_mpi_uint */ +#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) ) + +/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */ +#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) ) +#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) ) +#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) ) +#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 ) + +/* + * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 + * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return + * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference + * implementation of Curve448, which uses its own special 56-bit limbs rather + * than a generic bignum library. We could squeeze some extra speed out on + * 32-bit machines by splitting N up into 32-bit limbs and doing the + * arithmetic using the limbs directly as we do for the NIST primes above, + * but for 64-bit targets it should use half the number of operations if we do + * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. + */ +static int ecp_mod_p448( mbedtls_mpi *N ) +{ + int ret; + size_t i; + mbedtls_mpi M, Q; + mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; + + if( N->n <= P448_WIDTH ) + return( 0 ); + + /* M = A1 */ + M.s = 1; + M.n = N->n - ( P448_WIDTH ); + if( M.n > P448_WIDTH ) + /* Shouldn't be called with N larger than 2^896! */ + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + M.p = Mp; + memset( Mp, 0, sizeof( Mp ) ); + memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) ); + + /* N = A0 */ + for( i = P448_WIDTH; i < N->n; i++ ) + N->p[i] = 0; + + /* N += A1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); + + /* Q = B1, N += B1 */ + Q = M; + Q.p = Qp; + memcpy( Qp, Mp, sizeof( Qp ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) ); + + /* M = (B0 + B1) * 2^224, N += M */ + if( sizeof( mbedtls_mpi_uint ) > 4 ) + Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS ); + for( i = P224_WIDTH_MAX; i < M.n; ++i ) + Mp[i] = 0; + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) ); + M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); + +cleanup: + return( ret ); +} +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) diff --git a/library/version_features.c b/library/version_features.c index 1b06ff322..a452caf5e 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -309,6 +309,9 @@ static const char *features[] = { #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) "MBEDTLS_ECP_DP_CURVE25519_ENABLED", #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + "MBEDTLS_ECP_DP_CURVE448_ENABLED", +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ #if defined(MBEDTLS_ECP_NIST_OPTIM) "MBEDTLS_ECP_NIST_OPTIM", #endif /* MBEDTLS_ECP_NIST_OPTIM */ diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 1945b30d9..cecf3e363 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -766,9 +766,16 @@ int main( int argc, char *argv[] ) if( todo.ecdh ) { mbedtls_ecdh_context ecdh; -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) mbedtls_mpi z; + const mbedtls_ecp_curve_info montgomery_curve_list[] = { +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + { MBEDTLS_ECP_DP_CURVE25519, 0, 0, "Curve25519" }, #endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + { MBEDTLS_ECP_DP_CURVE448, 0, 0, "Curve448" }, +#endif + { MBEDTLS_ECP_DP_NONE, 0, 0, 0 } + }; const mbedtls_ecp_curve_info *curve_info; size_t olen; @@ -797,27 +804,32 @@ int main( int argc, char *argv[] ) mbedtls_ecdh_free( &ecdh ); } - /* Curve25519 needs to be handled separately */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - mbedtls_ecdh_init( &ecdh ); - mbedtls_mpi_init( &z ); - - if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 ) + /* Montgomery curves need to be handled separately */ + for ( curve_info = montgomery_curve_list; + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++ ) { - mbedtls_exit( 1 ); + mbedtls_ecdh_init( &ecdh ); + mbedtls_mpi_init( &z ); + + if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || + mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 ) + { + mbedtls_exit( 1 ); + } + + mbedtls_snprintf( title, sizeof(title), "ECDHE-%s", + curve_info->name ); + TIME_PUBLIC( title, "handshake", + ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, + myrand, NULL ); + ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, + myrand, NULL ) ); + + mbedtls_ecdh_free( &ecdh ); + mbedtls_mpi_free( &z ); } - TIME_PUBLIC( "ECDHE-Curve25519", "handshake", - ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, - myrand, NULL ); - ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, - myrand, NULL ) ); - - mbedtls_ecdh_free( &ecdh ); - mbedtls_mpi_free( &z ); -#endif - for( curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) @@ -843,26 +855,31 @@ int main( int argc, char *argv[] ) mbedtls_ecdh_free( &ecdh ); } - /* Curve25519 needs to be handled separately */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - mbedtls_ecdh_init( &ecdh ); - mbedtls_mpi_init( &z ); - - if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, - myrand, NULL ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 ) + /* Montgomery curves need to be handled separately */ + for ( curve_info = montgomery_curve_list; + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++) { - mbedtls_exit( 1 ); + mbedtls_ecdh_init( &ecdh ); + mbedtls_mpi_init( &z ); + + if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || + mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, + myrand, NULL ) != 0 || + mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 ) + { + mbedtls_exit( 1 ); + } + + mbedtls_snprintf( title, sizeof(title), "ECDH-%s", + curve_info->name ); + TIME_PUBLIC( title, "handshake", + ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, + myrand, NULL ) ); + + mbedtls_ecdh_free( &ecdh ); + mbedtls_mpi_free( &z ); } - - TIME_PUBLIC( "ECDH-Curve25519", "handshake", - ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, - myrand, NULL ) ); - - mbedtls_ecdh_free( &ecdh ); - mbedtls_mpi_free( &z ); -#endif } #endif diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index a43e7d75d..8e9d9fa49 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -330,6 +330,10 @@ ECP test vectors Curve25519 depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"057E23EA9F1CBE8A27168F6E696A791DE61DD3AF7ACD4EEACC6E7BA514FDA863":"47DC3D214174820E1154B49BC6CDB2ABD45EE95817055D255AA35831B70D3260":"6EB89DA91989AE37C7EAC7618D9E5C4951DBA1D73C285AE1CD26A855020EEF04":"61450CD98E36016B58776A897A9F0AEF738B99F09468B8D6B8511184D53494AB" +ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE448:"eb7298a5c0d8c29a1dab27f1a6826300917389449741a974f5bac9d98dc298d46555bce8bae89eeed400584bb046cf75579f51d125498f98":"a01fc432e5807f17530d1288da125b0cd453d941726436c8bbd9c5222c3da7fa639ce03db8d23b274a0721a1aed5227de6e3b731ccf7089b":"ad997351b6106f36b0d1091b929c4c37213e0d2b97e85ebb20c127691d0dad8f1d8175b0723745e639a3cb7044290b99e0e2a0c27a6a301c":"0936f37bc6c1bd07ae3dec7ab5dc06a73ca13242fb343efc72b9d82730b445f3d4b0bd077162a46dcfec6f9b590bfcbcf520cdb029a8b73e":"9d874a5137509a449ad5853040241c5236395435c36424fd560b0cb62b281d285275a740ce32a22dd1740f4aa9161cec95ccc61a18f4ff07" + ECP test vectors secp192k1 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD" From eea1c4ee5a054c77c901d5dafc560483101c4fe8 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 29 Mar 2018 16:05:44 +0100 Subject: [PATCH 384/504] Improve documentation of mbedtls_ssl_write() --- ChangeLog | 2 ++ include/mbedtls/ssl.h | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index aaf34fcef..c3db58771 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,8 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. + * Improve the documentation of mbedtls_ssl_write(). Suggested by + Paul Sokolovsky in #1356. = mbed TLS 2.8.0 branch released 2018-03-16 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f7a1a013d..e1d64b9ce 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2537,7 +2537,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, * it must be called later with the *same* arguments, - * until it returns a positive value. + * until it returns a positive value. When the function returns + * MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial + * data in the output buffer, however this is not yet sent. * * \note If the requested length is greater than the maximum * fragment length (either the built-in limit or the one set From 5114d3e4e1cb6e5a71ceafa56dd7da5f9182f9d9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 30 Mar 2018 07:12:15 +0200 Subject: [PATCH 385/504] Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that this indicates that a valid signature is present, unlike other error codes. See https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705 --- include/mbedtls/ecdsa.h | 4 ++-- include/mbedtls/ecp.h | 2 +- include/mbedtls/pk.h | 12 ++++++------ library/ecdsa.c | 3 +++ library/pk_wrap.c | 5 +++++ 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index aa23d67f9..ff6efbc3f 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -272,8 +272,8 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, * * \return \c 0 on success, * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, - * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than \p siglen, + * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. * diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b00ba4da8..7b8ffff44 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -36,7 +36,7 @@ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ -#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ +#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */ #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ #if !defined(MBEDTLS_ECP_ALT) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 1059bdaa5..ee06b2fd2 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -63,7 +63,7 @@ #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */ #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ -#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */ +#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */ #define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */ #ifdef __cplusplus @@ -269,8 +269,8 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); * \param sig_len Signature length * * \return 0 on success (signature is valid), - * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than sig_len, + * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or a specific error code. * * \note For RSA keys, the default padding type is PKCS#1 v1.5. @@ -300,10 +300,10 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \param sig_len Signature length * * \return 0 on success (signature is valid), - * MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be + * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be * used for this type of signatures, - * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than sig_len, + * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or a specific error code. * * \note If hash_len is 0, then the length associated with md_alg diff --git a/library/ecdsa.c b/library/ecdsa.c index 826fefe5c..17a88bdd2 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -400,6 +400,9 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, &ctx->Q, &r, &s ) ) != 0 ) goto cleanup; + /* At this point we know that the buffer starts with a valid signature. + * Return 0 if the buffer just contains the signature, and a specific + * error code if the valid signature is followed by more data. */ if( p != end ) ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH; diff --git a/library/pk_wrap.c b/library/pk_wrap.c index a4bb35fc8..5446e2350 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -93,6 +93,11 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); + /* The buffer contains a valid signature followed by extra data. + * We have a special error code for that so that so that callers can + * use mbedtls_pk_verify() to check "Does the buffer start with a + * valid signature?" and not just "Does the buffer contain a valid + * signature?". */ if( sig_len > rsa_len ) return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); From cc78ac46e79d5c5ea6850c9f56483ea94a2a646b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 30 Mar 2018 18:52:10 +0200 Subject: [PATCH 386/504] Update error.c --- library/error.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/error.c b/library/error.c index 0292480ae..b173c7e8e 100644 --- a/library/error.c +++ b/library/error.c @@ -266,7 +266,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) ) mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); + mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" ); if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" ); #endif /* MBEDTLS_ECP_C */ @@ -333,7 +333,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" ); + mbedtls_snprintf( buf, buflen, "PK - The buffer contains a valid signature followed by more data" ); if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" ); #endif /* MBEDTLS_PK_C */ From 039fd128349e3f19d80aa60ea228a2498a8fbc44 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 19 Mar 2018 19:06:08 +0100 Subject: [PATCH 387/504] Robustness fix in mbedtls_ssl_derive_keys In mbedtls_ssl_derive_keys, don't call mbedtls_md_hmac_starts in ciphersuites that don't use HMAC. This doesn't change the behavior of the code, but avoids relying on an uncaught error when attempting to start an HMAC operation that hadn't been initialized. --- library/ssl_tls.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3802e230e..a5b9d63f5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -855,8 +855,13 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) { - mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); - mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); + /* For HMAC-based ciphersuites, initialize the HMAC transforms. + For AEAD-based ciphersuites, there is nothing to do here. */ + if( mac_key_len != 0 ) + { + mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); + mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); + } } else #endif From c96ccf4b3f2fc0c1336390cae25e4852d4d3411a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 31 Mar 2018 22:57:03 +0200 Subject: [PATCH 388/504] Add ChangeLog entry to credit independent contribution Also: fixes #1437 --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index aaf34fcef..0293e49dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,9 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. + * Improve robustness of mbedtls_ssl_derive_keys against the use of + HMAC functions with non-HMAC ciphersuites. Independently contributed + by Jiayuan Chen in #1377. Fixes #1437. = mbed TLS 2.8.0 branch released 2018-03-16 From 4045c7442189b42157f1a8e885a33db87d33ad89 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Apr 2018 12:25:48 +0200 Subject: [PATCH 389/504] Minor changelog improvement --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1b0053755..a87d4cdba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,8 +18,8 @@ Bugfix Fixes #1040. * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. #1353 - * Return plaintext data sooner on unpadded decryption, as stated in - mbedtls_cipher_update documentation. Contributed by Andy Leiserson. #1180 + * Return plaintext data sooner on unpadded CBC decryption, as stated in + the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. From 092bf3dd3898e67b9dff2bb5d4f2aa289a827135 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Apr 2018 12:43:48 +0200 Subject: [PATCH 390/504] Add original PR reference --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 25f52c804..8a3f0af04 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Changes * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution - by Alexey Skalozub. + by Alexey Skalozub in #405. = mbed TLS 2.7.0 branch released 2018-02-03 From b2aacec417d74f68d1eb01581e353b6623df706e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 18 May 2017 16:53:08 +0300 Subject: [PATCH 391/504] Take Cryptographic API outside the XXX_ALT check The cryptographic API should not be related to whether or not there is alternative implementation. The API should be same for regular implementation, and for alternative implementation, so it is defined outside of the XXX_ALT precompilation check in the cryptographic API header --- ChangeLog | 3 +++ include/mbedtls/aes.h | 24 ++++++++---------------- include/mbedtls/arc4.h | 24 ++++++++---------------- include/mbedtls/blowfish.h | 16 ++++++++-------- include/mbedtls/camellia.h | 24 ++++++++---------------- include/mbedtls/des.h | 23 ++++++++--------------- include/mbedtls/md2.h | 24 ++++++++---------------- include/mbedtls/md4.h | 24 ++++++++---------------- include/mbedtls/md5.h | 24 ++++++++---------------- include/mbedtls/ripemd160.h | 24 ++++++++---------------- include/mbedtls/sha1.h | 24 ++++++++---------------- include/mbedtls/sha256.h | 23 ++++++++--------------- include/mbedtls/sha512.h | 24 ++++++++---------------- include/mbedtls/xtea.h | 24 ++++++++---------------- 14 files changed, 107 insertions(+), 198 deletions(-) diff --git a/ChangeLog b/ChangeLog index aaf34fcef..4249de766 100644 --- a/ChangeLog +++ b/ChangeLog @@ -135,6 +135,9 @@ Changes * Clarify the documentation of mbedtls_ssl_setup. * Use (void) when defining functions with no parameters. Contributed by Joris Aerts. #678 + * Put the Cryptographic API outside of the XXX_ALT macro check, so + alternative header file will not need to redefined the same API, + and to force alternative implementer to use the same API. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 46016dcb7..9043ddac4 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -59,14 +59,14 @@ #define inline __inline #endif -#if !defined(MBEDTLS_AES_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_AES_ALT) +// Regular implementation +// + /** * \brief The AES context-type definition. */ @@ -85,6 +85,10 @@ typedef struct } mbedtls_aes_context; +#else /* MBEDTLS_AES_ALT */ +#include "aes_alt.h" +#endif /* MBEDTLS_AES_ALT */ + /** * \brief This function initializes the specified AES context. * @@ -391,18 +395,6 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_AES_ALT */ -#include "aes_alt.h" -#endif /* MBEDTLS_AES_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine. * diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index f9d93f822..f11fc5be0 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -38,14 +38,14 @@ #define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */ -#if !defined(MBEDTLS_ARC4_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_ARC4_ALT) +// Regular implementation +// + /** * \brief ARC4 context structure * @@ -61,6 +61,10 @@ typedef struct } mbedtls_arc4_context; +#else /* MBEDTLS_ARC4_ALT */ +#include "arc4_alt.h" +#endif /* MBEDTLS_ARC4_ALT */ + /** * \brief Initialize ARC4 context * @@ -118,18 +122,6 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, unsigned char *output ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_ARC4_ALT */ -#include "arc4_alt.h" -#endif /* MBEDTLS_ARC4_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index c0ef5a04c..22479be5a 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -44,14 +44,14 @@ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ -#if !defined(MBEDTLS_BLOWFISH_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_BLOWFISH_ALT) +// Regular implementation +// + /** * \brief Blowfish context structure */ @@ -62,6 +62,10 @@ typedef struct } mbedtls_blowfish_context; +#else /* MBEDTLS_BLOWFISH_ALT */ +#include "blowfish_alt.h" +#endif /* MBEDTLS_BLOWFISH_ALT */ + /** * \brief Initialize Blowfish context * @@ -198,8 +202,4 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, } #endif -#else /* MBEDTLS_BLOWFISH_ALT */ -#include "blowfish_alt.h" -#endif /* MBEDTLS_BLOWFISH_ALT */ - #endif /* blowfish.h */ diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index cf07629d9..f0466bfd7 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -40,14 +40,14 @@ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ -#if !defined(MBEDTLS_CAMELLIA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_CAMELLIA_ALT) +// Regular implementation +// + /** * \brief CAMELLIA context structure */ @@ -58,6 +58,10 @@ typedef struct } mbedtls_camellia_context; +#else /* MBEDTLS_CAMELLIA_ALT */ +#include "camellia_alt.h" +#endif /* MBEDTLS_CAMELLIA_ALT */ + /** * \brief Initialize CAMELLIA context * @@ -211,18 +215,6 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_CAMELLIA_ALT */ -#include "camellia_alt.h" -#endif /* MBEDTLS_CAMELLIA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 5a1a63652..b0a82df9b 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -46,14 +46,14 @@ #define MBEDTLS_DES_KEY_SIZE 8 -#if !defined(MBEDTLS_DES_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_DES_ALT) +// Regular implementation +// + /** * \brief DES context structure * @@ -67,6 +67,10 @@ typedef struct } mbedtls_des_context; +#else /* MBEDTLS_DES_ALT */ +#include "des_alt.h" +#endif /* MBEDTLS_DES_ALT */ + /** * \brief Triple-DES context structure */ @@ -331,17 +335,6 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, */ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_DES_ALT */ -#include "des_alt.h" -#endif /* MBEDTLS_DES_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif /** * \brief Checkup routine diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 0fd8b5afc..08e75b247 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ -#if !defined(MBEDTLS_MD2_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD2_ALT) +// Regular implementation +// + /** * \brief MD2 context structure * @@ -64,6 +64,10 @@ typedef struct } mbedtls_md2_context; +#else /* MBEDTLS_MD2_ALT */ +#include "md2_alt.h" +#endif /* MBEDTLS_MD2_ALT */ + /** * \brief Initialize MD2 context * @@ -235,18 +239,6 @@ MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD2_ALT */ -#include "md2_alt.h" -#endif /* MBEDTLS_MD2_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD2( input buffer ) * diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 23fa95e46..8ee4e5cab 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -40,14 +40,14 @@ #define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ -#if !defined(MBEDTLS_MD4_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD4_ALT) +// Regular implementation +// + /** * \brief MD4 context structure * @@ -64,6 +64,10 @@ typedef struct } mbedtls_md4_context; +#else /* MBEDTLS_MD4_ALT */ +#include "md4_alt.h" +#endif /* MBEDTLS_MD4_ALT */ + /** * \brief Initialize MD4 context * @@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD4_ALT */ -#include "md4_alt.h" -#endif /* MBEDTLS_MD4_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD4( input buffer ) * diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 06ea4c5d4..43ead4b74 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */ -#if !defined(MBEDTLS_MD5_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD5_ALT) +// Regular implementation +// + /** * \brief MD5 context structure * @@ -63,6 +63,10 @@ typedef struct } mbedtls_md5_context; +#else /* MBEDTLS_MD5_ALT */ +#include "md5_alt.h" +#endif /* MBEDTLS_MD5_ALT */ + /** * \brief Initialize MD5 context * @@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD5_ALT */ -#include "md5_alt.h" -#endif /* MBEDTLS_MD5_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD5( input buffer ) * diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 3a8b50a62..a0dac0c36 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ -#if !defined(MBEDTLS_RIPEMD160_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_RIPEMD160_ALT) +// Regular implementation +// + /** * \brief RIPEMD-160 context structure */ @@ -54,6 +54,10 @@ typedef struct } mbedtls_ripemd160_context; +#else /* MBEDTLS_RIPEMD160_ALT */ +#include "ripemd160.h" +#endif /* MBEDTLS_RIPEMD160_ALT */ + /** * \brief Initialize RIPEMD-160 context * @@ -178,18 +182,6 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_RIPEMD160_ALT */ -#include "ripemd160_alt.h" -#endif /* MBEDTLS_RIPEMD160_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = RIPEMD-160( input buffer ) * diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 05540cde1..5fd02d3c0 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA1_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA1_ALT) +// Regular implementation +// + /** * \brief The SHA-1 context structure. * @@ -63,6 +63,10 @@ typedef struct } mbedtls_sha1_context; +#else /* MBEDTLS_SHA1_ALT */ +#include "sha1_alt.h" +#endif /* MBEDTLS_SHA1_ALT */ + /** * \brief This function initializes a SHA-1 context. * @@ -240,18 +244,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA1_ALT */ -#include "sha1_alt.h" -#endif /* MBEDTLS_SHA1_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief This function calculates the SHA-1 checksum of a buffer. * diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index ffb16c277..8d7a1f733 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA256_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA256_ALT) +// Regular implementation +// + /** * \brief The SHA-256 context structure. * @@ -61,6 +61,10 @@ typedef struct } mbedtls_sha256_context; +#else /* MBEDTLS_SHA256_ALT */ +#include "sha256_alt.h" +#endif /* MBEDTLS_SHA256_ALT */ + /** * \brief This function initializes a SHA-256 context. * @@ -196,17 +200,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA256_ALT */ -#include "sha256_alt.h" -#endif /* MBEDTLS_SHA256_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif /** * \brief This function calculates the SHA-224 or SHA-256 diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 8404a2d59..c4eb5a93c 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA512_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA512_ALT) +// Regular implementation +// + /** * \brief The SHA-512 context structure. * @@ -61,6 +61,10 @@ typedef struct } mbedtls_sha512_context; +#else /* MBEDTLS_SHA512_ALT */ +#include "sha512_alt.h" +#endif /* MBEDTLS_SHA512_ALT */ + /** * \brief This function initializes a SHA-512 context. * @@ -198,18 +202,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process( #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA512_ALT */ -#include "sha512_alt.h" -#endif /* MBEDTLS_SHA512_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief This function calculates the SHA-512 or SHA-384 * checksum of a buffer. diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index 34ccee3c2..8df708a3a 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ #define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */ -#if !defined(MBEDTLS_XTEA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_XTEA_ALT) +// Regular implementation +// + /** * \brief XTEA context structure */ @@ -56,6 +56,10 @@ typedef struct } mbedtls_xtea_context; +#else /* MBEDTLS_XTEA_ALT */ +#include "xtea_alt.h" +#endif /* MBEDTLS_XTEA_ALT */ + /** * \brief Initialize XTEA context * @@ -115,18 +119,6 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_XTEA_ALT */ -#include "xtea_alt.h" -#endif /* MBEDTLS_XTEA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * From 4e6d55d14d1156c20f184640d9b259402da579f5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 7 Feb 2018 16:36:15 +0200 Subject: [PATCH 392/504] Add new modules to the refactoring Add new alternative supported modules to the new arcitecture design --- include/mbedtls/ccm.h | 22 ++++++++-------------- include/mbedtls/cmac.h | 16 ++++------------ include/mbedtls/dhm.h | 19 ++++++------------- include/mbedtls/ecjpake.h | 20 +++++++------------- include/mbedtls/gcm.h | 20 ++++++-------------- include/mbedtls/rsa.h | 24 ++++++++---------------- 6 files changed, 39 insertions(+), 82 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 630b7fdf6..48f73edda 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -40,14 +40,15 @@ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ -#if !defined(MBEDTLS_CCM_ALT) -// Regular implementation -// #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_CCM_ALT) +// Regular implementation +// + /** * \brief The CCM context-type definition. The CCM context is passed * to the APIs called. @@ -57,6 +58,10 @@ typedef struct { } mbedtls_ccm_context; +#else /* MBEDTLS_CCM_ALT */ +#include "ccm_alt.h" +#endif /* MBEDTLS_CCM_ALT */ + /** * \brief This function initializes the specified CCM context, * to make references valid, and prepare the context @@ -148,17 +153,6 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_CCM_ALT */ -#include "ccm_alt.h" -#endif /* MBEDTLS_CCM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /** diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 628c9daba..bb203cf68 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -61,6 +61,10 @@ struct mbedtls_cmac_context_t size_t unprocessed_len; }; +#else /* !MBEDTLS_CMAC_ALT */ +#include "cmac_alt.h" +#endif /* !MBEDTLS_CMAC_ALT */ + /** * \brief This function sets the CMAC key, and prepares to authenticate * the input data. @@ -180,18 +184,6 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, unsigned char output[16] ); #endif /* MBEDTLS_AES_C */ -#ifdef __cplusplus -} -#endif - -#else /* !MBEDTLS_CMAC_ALT */ -#include "cmac_alt.h" -#endif /* !MBEDTLS_CMAC_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) /** * \brief The CMAC checkup routine. diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 00fafd8d1..1bf572abe 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -65,7 +65,6 @@ #include MBEDTLS_CONFIG_FILE #endif #include "bignum.h" -#if !defined(MBEDTLS_DHM_ALT) /* * DHM Error codes @@ -86,6 +85,8 @@ extern "C" { #endif +#if !defined(MBEDTLS_DHM_ALT) + /** * \brief The DHM context structure. */ @@ -105,6 +106,10 @@ typedef struct } mbedtls_dhm_context; +#else /* MBEDTLS_DHM_ALT */ +#include "dhm_alt.h" +#endif /* MBEDTLS_DHM_ALT */ + /** * \brief This function initializes the DHM context. * @@ -282,18 +287,6 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_DHM_ALT */ -#include "dhm_alt.h" -#endif /* MBEDTLS_DHM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The DMH checkup routine. * diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index d86e8207f..cc2b316f5 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -44,8 +44,6 @@ #include "ecp.h" #include "md.h" -#if !defined(MBEDTLS_ECJPAKE_ALT) - #ifdef __cplusplus extern "C" { #endif @@ -58,6 +56,7 @@ typedef enum { MBEDTLS_ECJPAKE_SERVER, /**< Server */ } mbedtls_ecjpake_role; +#if !defined(MBEDTLS_ECJPAKE_ALT) /** * EC J-PAKE context structure. * @@ -88,6 +87,10 @@ typedef struct mbedtls_mpi s; /**< Pre-shared secret (passphrase) */ } mbedtls_ecjpake_context; +#else /* MBEDTLS_ECJPAKE_ALT */ +#include "ecjpake_alt.h" +#endif /* MBEDTLS_ECJPAKE_ALT */ + /** * \brief Initialize a context * (just makes it ready for setup() or free()). @@ -225,20 +228,10 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, */ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); -#ifdef __cplusplus -} -#endif -#else /* MBEDTLS_ECJPAKE_ALT */ -#include "ecjpake_alt.h" -#endif /* MBEDTLS_ECJPAKE_ALT */ #if defined(MBEDTLS_SELF_TEST) -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * @@ -246,10 +239,11 @@ extern "C" { */ int mbedtls_ecjpake_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif -#endif /* MBEDTLS_SELF_TEST */ #endif /* ecjpake.h */ diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 1e5a507a2..c2965e977 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -42,12 +42,12 @@ #define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ -#if !defined(MBEDTLS_GCM_ALT) - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_GCM_ALT) + /** * \brief The GCM context structure. */ @@ -66,6 +66,10 @@ typedef struct { } mbedtls_gcm_context; +#else /* !MBEDTLS_GCM_ALT */ +#include "gcm_alt.h" +#endif /* !MBEDTLS_GCM_ALT */ + /** * \brief This function initializes the specified GCM context, * to make references valid, and prepares the context @@ -236,18 +240,6 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); -#ifdef __cplusplus -} -#endif - -#else /* !MBEDTLS_GCM_ALT */ -#include "gcm_alt.h" -#endif /* !MBEDTLS_GCM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The GCM checkup routine. * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 5548f3c12..6ede7cb1c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -76,14 +76,14 @@ * eg for alternative (PKCS#11) RSA implemenations in the PK layers. */ -#if !defined(MBEDTLS_RSA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_RSA_ALT) +// Regular implementation +// + /** * \brief The RSA context structure. * @@ -128,6 +128,10 @@ typedef struct } mbedtls_rsa_context; +#else /* MBEDTLS_RSA_ALT */ +#include "rsa_alt.h" +#endif /* MBEDTLS_RSA_ALT */ + /** * \brief This function initializes an RSA context. * @@ -1112,18 +1116,6 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_RSA_ALT */ -#include "rsa_alt.h" -#endif /* MBEDTLS_RSA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The RSA checkup routine. * From 1c9f9be9a29b7b4d02b17877702369132515c9ed Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 7 Feb 2018 16:40:17 +0200 Subject: [PATCH 393/504] update ChangeLog Update ChangeLog with suggested rephrasing --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4249de766..a00ad1beb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -138,7 +138,7 @@ Changes * Put the Cryptographic API outside of the XXX_ALT macro check, so alternative header file will not need to redefined the same API, and to force alternative implementer to use the same API. - + = mbed TLS 2.7.0 branch released 2018-02-03 Security From 810e650c707f9bce7d5eb679f2f5ecc85b32abc3 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 1 Apr 2018 15:59:58 +0300 Subject: [PATCH 394/504] Adjust more modules to new design Add `ecp.h` anf `timing.h` to new XXX_alt design --- ChangeLog | 2 +- include/mbedtls/ecp.h | 16 ++++++++-------- include/mbedtls/timing.h | 24 ++++++++---------------- 3 files changed, 17 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index a00ad1beb..4249de766 100644 --- a/ChangeLog +++ b/ChangeLog @@ -138,7 +138,7 @@ Changes * Put the Cryptographic API outside of the XXX_ALT macro check, so alternative header file will not need to redefined the same API, and to force alternative implementer to use the same API. - + = mbed TLS 2.7.0 branch released 2018-02-03 Security diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index d8c68233d..fe346141a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -39,6 +39,10 @@ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ +#ifdef __cplusplus +extern "C" { +#endif + #if !defined(MBEDTLS_ECP_ALT) /* * default mbed TLS elliptic curve arithmetic implementation @@ -48,10 +52,6 @@ * one.) */ -#ifdef __cplusplus -extern "C" { -#endif - /** * Domain parameters (curve, subgroup and generator) identifiers. * @@ -237,6 +237,10 @@ mbedtls_ecp_keypair; #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ +#else /* MBEDTLS_ECP_ALT */ +#include "ecp_alt.h" +#endif /* MBEDTLS_ECP_ALT */ + /* * Some other constants from RFC 4492 */ @@ -679,8 +683,4 @@ int mbedtls_ecp_self_test( int verbose ); } #endif -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - #endif /* ecp.h */ diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 2c497bf4e..bbcb90688 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -30,16 +30,16 @@ #include MBEDTLS_CONFIG_FILE #endif -#if !defined(MBEDTLS_TIMING_ALT) -// Regular implementation -// - #include #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_TIMING_ALT) +// Regular implementation +// + /** * \brief timer structure */ @@ -58,6 +58,10 @@ typedef struct uint32_t fin_ms; } mbedtls_timing_delay_context; +#else /* MBEDTLS_TIMING_ALT */ +#include "timing_alt.h" +#endif /* MBEDTLS_TIMING_ALT */ + extern volatile int mbedtls_timing_alarmed; /** @@ -133,18 +137,6 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); */ int mbedtls_timing_get_delay( void *data ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_TIMING_ALT */ -#include "timing_alt.h" -#endif /* MBEDTLS_TIMING_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - #if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine From 19d392b2581d1bded5ba61051b8b6343c0511b78 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 2 Apr 2018 07:25:26 -0700 Subject: [PATCH 395/504] Fix compatibility problem in the printed message Replace %zu with %lu and add cast for the printed value. --- library/ssl_tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a3515e1dc..36899f3b8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2425,8 +2425,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %zu were requested", - ret, len ) ); + ( "f_recv returned %d bytes but only %lu were requested", + ret, (unsigned long)len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2480,8 +2480,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %zu bytes were sent", - ret, ssl->out_left ) ); + ( "f_send returned %d bytes but only %lu bytes were sent", + ret, (unsigned long)ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } From 0cbe816bfc8ba361d25920d09114eb8bc3ffb99a Mon Sep 17 00:00:00 2001 From: Kevin Luty Date: Mon, 2 Apr 2018 10:01:16 -0500 Subject: [PATCH 396/504] ChangeLog updated and returning proper value --- ChangeLog | 2 ++ programs/pkey/pk_sign.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e7abd5ce6..8d9ffd6ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,8 @@ Bugfix * Fix leap year calculation in x509_date_is_valid() to ensure that invalid dates on leap years with 100 and 400 intervals are handled correctly. Found by Nicholas Wilson. #694 + * Fix overriding and ignoring return values when parsing and writing to + a file in pk_sign program. Found by kevlut in #1142. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 06ad3ee22..1d97be757 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -168,7 +168,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + return( ret ? EXIT_FAILURE : EXIT_SUCCESS ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && From b364053a8718bb76e364dfe3df01e0f4d3eab97a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 3 Apr 2018 06:16:04 -0400 Subject: [PATCH 397/504] pk_sign: add stdlib include --- programs/pkey/pk_sign.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 1d97be757..55df95e49 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_snprintf snprintf #define mbedtls_printf printf #endif From f4e5b7e87de2484f0e3dbb9d11e87dd275874cd0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Apr 2018 16:28:09 +0100 Subject: [PATCH 398/504] Additionally initialize fd_set's via memset in mbedtls_net_poll The initialization via FD_SET is not seen by memory sanitizers if FD_SET is implemented through assembly. Additionally zeroizing the respective fd_set's before calling FD_SET contents the sanitizers and comes at a negligible computational overhead. --- library/net_sockets.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index cdc237642..f99d339ff 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -275,7 +275,7 @@ static int net_would_block( const mbedtls_net_context *ctx ) static int net_would_block( const mbedtls_net_context *ctx ) { int err = errno; - + /* * Never return 'WOULD BLOCK' on a non-blocking socket */ @@ -459,6 +459,12 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) if( fd < 0 ) return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + /* Ensure that memory sanitizers consider + * read_fds and write_fds as initialized even + * if FD_ZERO is implemented in assembly. */ + memset( &read_fds, 0, sizeof( read_fds ) ); + memset( &write_fds, 0, sizeof( write_fds ) ); + FD_ZERO( &read_fds ); if( rw & MBEDTLS_NET_POLL_READ ) { From d6953b58d74fb721edf71c825355d76d93b64129 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Apr 2018 09:09:29 +0200 Subject: [PATCH 399/504] Improve changelog entry --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 71f69ee20..72f00e9fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,8 +23,8 @@ Changes Contributed by Mathieu Briand. * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. * Remove support for the library reference configuration for picocoin. - * Verify that when (f_send, f_recv and f_recv_timeout) send or receive - more than the required length an error is returned. Raised by + * In the SSL module, when f_send, f_recv or f_recv_timeout report + transmitting more than the required length, return an error. Raised by Sam O'Connor in #1245. = mbed TLS 2.7.0 branch released 2018-02-03 From 557e77d9a31c5bad6930dde800ba46939151a834 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Apr 2018 09:18:11 +0200 Subject: [PATCH 400/504] Add ChangeLog entry --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3572b8d30..79529430b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ Features * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables during runtime, thereby reducing the RAM/ROM footprint by ~6kb. Suggested and contributed by jkivilin in #394. + * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and + ECDH primitive functions (mbedtls_ecdh_gen_public(), + mbedtls_ecdh_compute_shared()) are supported for now. Contributed by + Nicholas Wilson (#348). Bugfix * Fix spurious uninitialized variable warning in cmac.c. Fix independently From e4d3b7f86074e32d907867d72ee52507b47b3457 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Apr 2018 09:28:48 +0200 Subject: [PATCH 401/504] Fix merge glitch in ChangeLog --- ChangeLog | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 70e9bb679..b772c3fd2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -326,7 +326,6 @@ Changes implementation. * Add explicit warnings for the use of MD2, MD4, MD5, SHA-1, DES and ARC4 throughout the library. ->>>>>>> development = mbed TLS 2.6.0 branch released 2017-08-10 From 73b183c3bb6e729bcd3b47804de52fdc9194940c Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Thu, 5 Apr 2018 10:20:09 +0200 Subject: [PATCH 402/504] Add buffer size check before cert_type_len read --- library/ssl_cli.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e4b2c993f..84f2f3d00 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2659,6 +2659,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) buf = ssl->in_msg; /* certificate_types */ + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + } cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; n = cert_type_len; From cd09fc812dcbfbee63e69f243381d7d0343fc54c Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Thu, 5 Apr 2018 14:48:18 +0200 Subject: [PATCH 403/504] Remove a redundant test --- library/ssl_cli.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 84f2f3d00..e74f5dd69 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2728,14 +2728,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif n += 2 + sig_alg_len; - - if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); - } } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From 94d49978eb8ac94f97c8c5f15aad9d45fe30efc1 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Thu, 5 Apr 2018 14:48:55 +0200 Subject: [PATCH 404/504] Improve comments style --- library/ssl_cli.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e74f5dd69..65b2c7656 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2670,7 +2670,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) n = cert_type_len; /* - * In the subsequent code there are two paths that make read from buf: + * In the subsequent code there are two paths that read from buf: * * the length of the signature algorithms field (if minor version of * SSL is 3), * * distinguished name length otherwise. @@ -2699,12 +2699,12 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif /* - * The farthes access in buf is in the loop few lines below: + * The furthest access in buf is in the loop few lines below: * sig_alg[i + 1], * where: * sig_alg = buf + ...hdr_len + 3 + n, * max(i) = sig_alg_len - 1. - * Therefore the farthest access is: + * Therefore the furthest access is: * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1], * which reduces to: * buf[...hdr_len + 3 + n + sig_alg_len], From ec4733b645f8a3402c4e4adf454dab5ae565126a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 5 Apr 2018 14:55:47 +0200 Subject: [PATCH 405/504] Make the memset call prior to FD_ZERO conditional to needing it Zeroing out an fd_set before calling FD_ZERO on it is in principle useless, but without it some memory sanitizers think the fd_set is still uninitialized after FD_ZERO (e.g. clang-msan/Glibc/x86_64 where FD_ZERO is implemented in assembly). Make the zeroing conditional on using a memory sanitizer. --- library/net_sockets.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index f99d339ff..7b4a423cc 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -459,11 +459,15 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) if( fd < 0 ) return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); - /* Ensure that memory sanitizers consider - * read_fds and write_fds as initialized even - * if FD_ZERO is implemented in assembly. */ +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) + /* Ensure that memory sanitizers consider read_fds and write_fds as + * initialized even on platforms such as Glibc/x86_64 where FD_ZERO + * is implemented in assembly. */ memset( &read_fds, 0, sizeof( read_fds ) ); memset( &write_fds, 0, sizeof( write_fds ) ); +#endif +#endif FD_ZERO( &read_fds ); if( rw & MBEDTLS_NET_POLL_READ ) From 5053efde33ef1777b8791e4b34338fb13a66c663 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 5 Apr 2018 15:25:50 +0200 Subject: [PATCH 406/504] Warn if using a memory sanitizer on AESNI Clang-Msan is known to report spurious errors when MBEDTLS_AESNI_C is enabled, due to the use of assembly code. The error reports don't mention AES, so they can be difficult to trace back to the use of AES-NI. Warn about this potential problem at compile time. --- library/aesni.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/aesni.c b/library/aesni.c index 1ca3c3ef5..062708b04 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -32,6 +32,12 @@ #if defined(MBEDTLS_AESNI_C) +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) +#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code." +#endif +#endif + #include "mbedtls/aesni.h" #include From 7869680e41e09e2aa1d24529099b86e08acfe1e3 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 6 Apr 2018 11:23:22 +0100 Subject: [PATCH 407/504] Updated abi_check.py docstrings --- scripts/abi_check.py | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 98d8be422..14250d2b9 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,18 +1,19 @@ #!/usr/bin/env python3 -# -# This file is part of Mbed TLS (https://tls.mbed.org) -# -# Copyright (c) 2018, Arm Limited, All Rights Reserved -# -# Purpose -# -# This script is a small wrapper around the abi-compliance-checker and -# abi-dumper tools, applying them to compare the ABI and API of the library -# files from two different Git revisions within an Mbed TLS repository. -# The results of the comparison are formatted as HTML and stored at -# a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, -# and 2 if there is an error while running the script. -# Note: must be run from Mbed TLS root. +""" +This file is part of Mbed TLS (https://tls.mbed.org) + +Copyright (c) 2018, Arm Limited, All Rights Reserved + +Purpose + +This script is a small wrapper around the abi-compliance-checker and +abi-dumper tools, applying them to compare the ABI and API of the library +files from two different Git revisions within an Mbed TLS repository. +The results of the comparison are formatted as HTML and stored at +a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, +and 2 if there is an error while running the script. +Note: requires Python 3, must be run from Mbed TLS root. +""" import os import sys @@ -205,8 +206,8 @@ def run_main(): " The results of the comparison are formatted as HTML and" " stored at a configurable location. Returns 0 on success, " "1 on ABI/API non-compliance, and 2 if there is an error " - "while running the script. # Note: must be run from " - "Mbed TLS root." + "while running the script. Note: requires Python 3, " + "must be run from Mbed TLS root." ) ) parser.add_argument( From bf027e736a64af33307f15a5d1bd5c491c9b822e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Apr 2018 15:51:19 +0300 Subject: [PATCH 408/504] Minor modifications after PR review 1. Move ChangLog entry to correct location 2. Move point formats outside the ECP_ALT check, as it's part of the RFC --- ChangeLog | 6 +++--- include/mbedtls/ecp.h | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4249de766..a005eb258 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,9 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. + * Put the Cryptographic API outside of the XXX_ALT macro check, so + alternative header file will not need to redefined the same API, + and to force alternative implementer to use the same API. = mbed TLS 2.8.0 branch released 2018-03-16 @@ -135,9 +138,6 @@ Changes * Clarify the documentation of mbedtls_ssl_setup. * Use (void) when defining functions with no parameters. Contributed by Joris Aerts. #678 - * Put the Cryptographic API outside of the XXX_ALT macro check, so - alternative header file will not need to redefined the same API, - and to force alternative implementer to use the same API. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index fe346141a..1bc5ac9e6 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -231,16 +231,16 @@ mbedtls_ecp_keypair; /* \} name SECTION: Module settings */ +#else /* MBEDTLS_ECP_ALT */ +#include "ecp_alt.h" +#endif /* MBEDTLS_ECP_ALT */ + /* * Point formats, from RFC 4492's enum ECPointFormat */ #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - /* * Some other constants from RFC 4492 */ From 97f95c9ef3668b762e499907da872e942a8d3b7f Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 13 Feb 2018 15:50:36 -0800 Subject: [PATCH 409/504] Avoid small private exponents during RSA key generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Attacks against RSA exist for small D. [Wiener] established this for D < N^0.25. [Boneh] suggests the bound should be N^0.5. Multiple possible values of D might exist for the same set of E, P, Q. The attack works when there exists any possible D that is small. To make sure that the generated key is not susceptible to attack, we need to make sure we have found the smallest possible D, and then check that D is big enough. The Carmichael function λ of p*q is lcm(p-1, q-1), so we can apply Carmichael's theorem to show that D = d mod λ(n) is the smallest. [Wiener] Michael J. Wiener, "Cryptanalysis of Short RSA Secret Exponents" [Boneh] Dan Boneh and Glenn Durfee, "Cryptanalysis of RSA with Private Key d Less than N^0.292" --- library/rsa.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 218504086..2f72d4064 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -502,7 +502,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, unsigned int nbits, int exponent ) { int ret; - mbedtls_mpi H, G; + mbedtls_mpi H, G, L; if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -512,10 +512,12 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &L ); /* * find primes P and Q with Q < P so that: - * GCD( E, (P-1)*(Q-1) ) == 1 + * 1. GCD( E, (P-1)*(Q-1) ) == 1 + * 2. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) ); @@ -541,9 +543,23 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); + + /* check GCD( E, (P-1)*(Q-1) ) == 1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); + if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) + continue; + + /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) ); + + if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a)) + continue; + + break; } - while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ); + while( 1 ); /* Restore P,Q */ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); @@ -551,16 +567,12 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, ctx->len = mbedtls_mpi_size( &ctx->N ); +#if !defined(MBEDTLS_RSA_NO_CRT) /* - * D = E^-1 mod ((P-1)*(Q-1)) * DP = D mod (P - 1) * DQ = D mod (Q - 1) * QP = Q^-1 mod P */ - - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &H ) ); - -#if !defined(MBEDTLS_RSA_NO_CRT) MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, &ctx->DP, &ctx->DQ, &ctx->QP ) ); #endif /* MBEDTLS_RSA_NO_CRT */ @@ -572,6 +584,7 @@ cleanup: mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &L ); if( ret != 0 ) { From 666892792d98d68f45aac0e3ff3cfda2baa89a57 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 14 Feb 2018 19:24:10 -0800 Subject: [PATCH 410/504] Generate primes according to FIPS 186-4 The specification requires that numbers are the raw entropy (except for odd/ even) and at least 2^(nbits-0.5). If not, new random bits need to be used for the next number. Similarly, if the number is not prime new random bits need to be used. --- library/bignum.c | 116 +++++++++++++++++-------------- tests/suites/test_suite_mpi.data | 12 ++++ 2 files changed, 74 insertions(+), 54 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 47bf1ef97..f58af788f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2194,12 +2194,23 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, /* * Prime number generation + * + * If dh_flag is 0 and nbits is at least 1024, then the procedure + * follows the RSA probably-prime generation method of FIPS 186-4. + * NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536. */ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; +#ifdef MBEDTLS_HAVE_INT64 +// ceil(2^63.5) +#define CEIL_MAXUINT_DIV_SQRT2 0xb504f333f9de6485ULL +#else +// ceil(2^31.5) +#define CEIL_MAXUINT_DIV_SQRT2 0xb504f334U +#endif + int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; size_t k, n; mbedtls_mpi_uint r; mbedtls_mpi Y; @@ -2211,69 +2222,66 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, n = BITS_TO_LIMBS( nbits ); - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); - - k = mbedtls_mpi_bitlen( X ); - if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) ); - - mbedtls_mpi_set_bit( X, nbits-1, 1 ); - - X->p[0] |= 1; - - if( dh_flag == 0 ) + while( 1 ) { - while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); + /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */ + if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue; + + k = n * biL; + if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) ); + X->p[0] |= 1; + + if( dh_flag == 0 ) { + ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ); + if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; - - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) ); } - } - else - { - /* - * An necessary condition for Y and X = 2Y + 1 to be prime - * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). - * Make sure it is satisfied, while keeping X = 3 mod 4 - */ - - X->p[0] |= 2; - - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) ); - if( r == 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) ); - else if( r == 1 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) ); - - /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) ); - - while( 1 ) + else { /* - * First, check small factors for X and Y - * before doing Miller-Rabin on any of them + * An necessary condition for Y and X = 2Y + 1 to be prime + * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). + * Make sure it is satisfied, while keeping X = 3 mod 4 */ - if( ( ret = mpi_check_small_factors( X ) ) == 0 && - ( ret = mpi_check_small_factors( &Y ) ) == 0 && - ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && - ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) + + X->p[0] |= 2; + + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) ); + if( r == 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) ); + else if( r == 1 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) ); + + /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) ); + + while( 1 ) { - break; + /* + * First, check small factors for X and Y + * before doing Miller-Rabin on any of them + */ + if( ( ret = mpi_check_small_factors( X ) ) == 0 && + ( ret = mpi_check_small_factors( &Y ) ) == 0 && + ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && + ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) + goto cleanup; + + if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + goto cleanup; + + /* + * Next candidates. We want to preserve Y = (X-1) / 2 and + * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) + * so up Y by 6 and X by 12. + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) ); } - - if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) - goto cleanup; - - /* - * Next candidates. We want to preserve Y = (X-1) / 2 and - * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) - * so up Y by 6 and X by 12. - */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) ); } } diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 17cf350e4..2a2cfce45 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -688,6 +688,18 @@ Test mbedtls_mpi_gen_prime (OK, minimum size) depends_on:MBEDTLS_GENPRIME mbedtls_mpi_gen_prime:3:0:0 +Test mbedtls_mpi_gen_prime (corner case limb size -1 bits) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:63:0:0 + +Test mbedtls_mpi_gen_prime (corner case limb size) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:64:0:0 + +Test mbedtls_mpi_gen_prime (corner case limb size +1 bits) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:65:0:0 + Test mbedtls_mpi_gen_prime (Larger) depends_on:MBEDTLS_GENPRIME mbedtls_mpi_gen_prime:128:0:0 From c645bfe176aa4ab8c7a6a28ad44565c039392cce Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 14 Feb 2018 19:27:13 -0800 Subject: [PATCH 411/504] Generate RSA keys according to FIPS 186-4 The specification requires that P and Q are not too close. The specification also requires that you generate a P and stick with it, generating new Qs until you have found a pair that works. In practice, it turns out that sometimes a particular P results in it being very unlikely a Q can be found matching all the constraints. So we keep the original behavior where a new P and Q are generated every round. --- library/rsa.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 2f72d4064..729e1f735 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -495,6 +495,9 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) /* * Generate an RSA keypair + * + * This generation method follows the RSA key pair generation procedure of + * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072. */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -516,8 +519,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, /* * find primes P and Q with Q < P so that: - * 1. GCD( E, (P-1)*(Q-1) ) == 1 - * 2. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) + * 1. |P-Q| > 2^( nbits / 2 - 100 ) + * 2. GCD( E, (P-1)*(Q-1) ) == 1 + * 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) ); @@ -529,14 +533,13 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) + /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) ); + if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) ) continue; - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); - if( mbedtls_mpi_bitlen( &ctx->N ) != nbits ) - continue; - - if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) + /* not required by any standards, but some users rely on the fact that P > Q */ + if( H.s < 0 ) mbedtls_mpi_swap( &ctx->P, &ctx->Q ); /* Temporarily replace P,Q by P-1, Q-1 */ @@ -544,12 +547,12 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); - /* check GCD( E, (P-1)*(Q-1) ) == 1 */ + /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) continue; - /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) */ + /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) ); @@ -565,6 +568,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); + ctx->len = mbedtls_mpi_size( &ctx->N ); #if !defined(MBEDTLS_RSA_NO_CRT) From cb122373f0f22ae520e6f28cb0fddc023b6f293e Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 11 Apr 2018 08:40:38 -0700 Subject: [PATCH 412/504] Update ChangeLog for #1380 --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9ee82c685..ae8d86f20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,7 +42,7 @@ Bugfix mnacamura. * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was unable to parse keys with only the optional parameters field of the - ECPrivateKey structure. Found by jethrogb, fixed in #1379. + ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379. * Return plaintext data sooner on unpadded CBC decryption, as stated in the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. * Fix overriding and ignoring return values when parsing and writing to @@ -93,6 +93,8 @@ Changes * Improve robustness of mbedtls_ssl_derive_keys against the use of HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan Chen in #1377. Fixes #1437. + * Improve security of RSA key generation by including criteria from FIPS + 186-4. Contributed by Jethro Beekman. #1380 = mbed TLS 2.8.0 branch released 2018-03-16 From 1152fa83f99489cd22149594e6e2f5a4e9be0234 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 13 Apr 2018 05:15:17 -0400 Subject: [PATCH 413/504] Add platform setup and teardown calls to test suites Add a global platform context variable available for tests --- tests/suites/helpers.function | 1 + tests/suites/main_test.function | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index eef41c79a..9295bfaa5 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -109,6 +109,7 @@ static struct } test_info; +mbedtls_platform_context platform_ctx; /*----------------------------------------------------------------------------*/ /* Helper flags for complex dependencies */ diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 042085f0b..9dd792d36 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -281,6 +281,14 @@ int main(int argc, const char *argv[]) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; +#endif + if( mbedtls_platform_setup( &platform_ctx ) ) + { + mbedtls_fprintf( stderr, "FATAL: Failed to initialize platform" ); + return -1; + } +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ + !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); #endif @@ -293,6 +301,7 @@ int main(int argc, const char *argv[]) if( pointer != NULL ) { mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" ); + mbedtls_platform_teardown( &platform_ctx ); return( 1 ); } @@ -302,6 +311,7 @@ int main(int argc, const char *argv[]) if( run_test_snprintf() != 0 ) { mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" ); + mbedtls_platform_teardown( &platform_ctx ); return( 0 ); } @@ -318,6 +328,7 @@ int main(int argc, const char *argv[]) strcmp(next_arg, "-h" ) == 0 ) { mbedtls_fprintf( stdout, USAGE ); + mbedtls_platform_teardown( &platform_ctx ); mbedtls_exit( EXIT_SUCCESS ); } else @@ -357,6 +368,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "Failed to open test file: %s\n", test_filename ); + mbedtls_platform_teardown( &platform_ctx ); return( 1 ); } @@ -366,6 +378,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "FATAL: Dep count larger than zero at start of loop\n" ); + mbedtls_platform_teardown( &platform_ctx ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; @@ -402,6 +415,7 @@ int main(int argc, const char *argv[]) if( unmet_dependencies[ unmet_dep_count ] == NULL ) { mbedtls_fprintf( stderr, "FATAL: Out of memory\n" ); + mbedtls_platform_teardown( &platform_ctx ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; @@ -428,6 +442,7 @@ int main(int argc, const char *argv[]) if( stdout_fd == -1 ) { /* Redirection has failed with no stdout so exit */ + mbedtls_platform_teardown( &platform_ctx ); exit( 1 ); } } @@ -439,6 +454,7 @@ int main(int argc, const char *argv[]) if( !option_verbose && restore_output( &stdout, stdout_fd ) ) { /* Redirection has failed with no stdout so exit */ + mbedtls_platform_teardown( &platform_ctx ); exit( 1 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ @@ -490,6 +506,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); fclose( file ); + mbedtls_platform_teardown( &platform_ctx ); mbedtls_exit( 2 ); } else @@ -501,6 +518,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "Should be empty %d\n", (int) strlen( buf ) ); + mbedtls_platform_teardown( &platform_ctx ); return( 1 ); } } @@ -533,5 +551,6 @@ int main(int argc, const char *argv[]) close_output( stdout ); #endif /* __unix__ || __APPLE__ __MACH__ */ + mbedtls_platform_teardown( &platform_ctx ); return( total_errors != 0 ); } From aca09c70263c0abe3bc99d6d2f73e4fe7c4e0729 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 13 Apr 2018 05:18:08 -0400 Subject: [PATCH 414/504] Changelog entry Describing platform teardown and setup calls in test suites --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 9ee82c685..d8f742527 100644 --- a/ChangeLog +++ b/ChangeLog @@ -93,6 +93,7 @@ Changes * Improve robustness of mbedtls_ssl_derive_keys against the use of HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan Chen in #1377. Fixes #1437. + * Add platform setup and teardown calls in test suites. = mbed TLS 2.8.0 branch released 2018-03-16 From 32a675f032fdc9ef14cb8c171fb187d42b51c998 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 13 Apr 2018 06:16:04 -0400 Subject: [PATCH 415/504] Add conditional platform context creation & usage Add another layer of abstraction before calling platform setup and teardown. --- tests/suites/helpers.function | 19 +++++++++++++++++++ tests/suites/main_test.function | 24 ++++++++++++------------ 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 9295bfaa5..e716318b1 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -109,7 +109,9 @@ static struct } test_info; +#if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_context platform_ctx; +#endif /*----------------------------------------------------------------------------*/ /* Helper flags for complex dependencies */ @@ -128,6 +130,23 @@ mbedtls_platform_context platform_ctx; /*----------------------------------------------------------------------------*/ /* Helper Functions */ +static int platform_setup() +{ +#if defined(MBEDTLS_PLATFORM_C) + if( mbedtls_platform_setup( &platform_ctx ) ) + { + return -1; + } +#endif /* MBEDTLS_PLATFORM_C */ + return 0; +} + +static void platform_teardown() +{ +#if defined(MBEDTLS_PLATFORM_C) + mbedtls_platform_teardown( &platform_ctx ); +#endif /* MBEDTLS_PLATFORM_C */ +} #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) static int redirect_output( FILE** out_stream, const char* path ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 9dd792d36..e5b404358 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -282,7 +282,7 @@ int main(int argc, const char *argv[]) !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; #endif - if( mbedtls_platform_setup( &platform_ctx ) ) + if( platform_setup() ) { mbedtls_fprintf( stderr, "FATAL: Failed to initialize platform" ); return -1; @@ -301,7 +301,7 @@ int main(int argc, const char *argv[]) if( pointer != NULL ) { mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( 1 ); } @@ -311,7 +311,7 @@ int main(int argc, const char *argv[]) if( run_test_snprintf() != 0 ) { mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( 0 ); } @@ -328,7 +328,7 @@ int main(int argc, const char *argv[]) strcmp(next_arg, "-h" ) == 0 ) { mbedtls_fprintf( stdout, USAGE ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); mbedtls_exit( EXIT_SUCCESS ); } else @@ -368,7 +368,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "Failed to open test file: %s\n", test_filename ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( 1 ); } @@ -378,7 +378,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "FATAL: Dep count larger than zero at start of loop\n" ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; @@ -415,7 +415,7 @@ int main(int argc, const char *argv[]) if( unmet_dependencies[ unmet_dep_count ] == NULL ) { mbedtls_fprintf( stderr, "FATAL: Out of memory\n" ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; @@ -441,8 +441,8 @@ int main(int argc, const char *argv[]) stdout_fd = redirect_output( &stdout, "/dev/null" ); if( stdout_fd == -1 ) { + platform_teardown(); /* Redirection has failed with no stdout so exit */ - mbedtls_platform_teardown( &platform_ctx ); exit( 1 ); } } @@ -454,7 +454,7 @@ int main(int argc, const char *argv[]) if( !option_verbose && restore_output( &stdout, stdout_fd ) ) { /* Redirection has failed with no stdout so exit */ - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); exit( 1 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ @@ -506,7 +506,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); fclose( file ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); mbedtls_exit( 2 ); } else @@ -518,7 +518,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "Should be empty %d\n", (int) strlen( buf ) ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( 1 ); } } @@ -551,6 +551,6 @@ int main(int argc, const char *argv[]) close_output( stdout ); #endif /* __unix__ || __APPLE__ __MACH__ */ - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( total_errors != 0 ); } From 819d13dfff96df5aa82f38b8e436ae43c26227a0 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 09:35:15 +0100 Subject: [PATCH 416/504] Update aes.h fixed missing multiple returns on mbedtls_aes_setkey_enc --- include/mbedtls/aes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index c82d39a40..3c5b1336b 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -116,7 +116,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); *
  • 256 bits
    • * * \return \c 0 on success. - * #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. + * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); From bd9571a01eb29d2be7dab23925de213021f21d0a Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 09:45:12 +0100 Subject: [PATCH 417/504] Update ccm.h minor changes based on comments --- include/mbedtls/ccm.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 93ec157d8..f354ef9fb 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -118,6 +118,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * 4, 6, 8, 10, 12, 14 or 16. * * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, @@ -143,8 +144,8 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param tag_len The length of the tag in Bytes. * 4, 6, 8, 10, 12, 14 or 16. * - * \return 0 if successful and authenticated. - * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. + * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, From b5607bf61d80d08520dd557e2041599940d2f077 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 10:34:51 +0100 Subject: [PATCH 418/504] Update cipher.h minor changes based on comments --- include/mbedtls/cipher.h | 59 ++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 216771517..3ecae9b06 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -72,8 +72,8 @@ extern "C" { * \brief Supported cipher types. * * \warning ARC4 and DES are considered weak ciphers and their use - * constitutes a security risk. We recommend you consider using - * stronger ciphers instead. + * constitutes a security risk. Arm recommends considering stronger + * ciphers instead. */ typedef enum { MBEDTLS_CIPHER_ID_NONE = 0, /**< None. */ @@ -90,7 +90,7 @@ typedef enum { * \brief Supported {cipher type, cipher mode} pairs. * * \warning ARC4 and DES are considered weak ciphers and their use - * constitutes a security risk. We recommend considering stronger + * constitutes a security risk. Arm recommends considering stronger * ciphers instead. */ typedef enum { @@ -228,8 +228,10 @@ typedef struct { */ unsigned int iv_size; - /** Flags to set. For example, if the cipher - supports variable IV sizes or variable key sizes. */ + /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and + * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the + * cipher supports variable IV or variable key sizes, respectively. + */ int flags; /** The block size, in Bytes. */ @@ -312,7 +314,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher * \param cipher_type Type of the cipher to search for. * * \return The cipher information structure associated with the - * given \p cipher_type, or NULL if not found. + * given \p cipher_type. + * \return NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); @@ -405,9 +408,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * * \param ctx The context of the cipher. Must be initialized. * - * \return The recommended IV size, if no IV has been set. - * 0 for ciphers not using IV or nonce. - * \return The actual size, if an IV has been set. + * \return The recommended IV size if no IV has been set. + * \return 0 for ciphers not using IV or nonce. + * \return The actual size if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { @@ -475,10 +478,8 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t * * \param ctx The context of the cipher. Must be initialized. * - * \return The type of operation: #MBEDTLS_ENCRYPT or - * #MBEDTLS_DECRYPT. - * \return #MBEDTLS_OPERATION_NONE if \p ctx - * has not been initialized. + * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. + * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized. */ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) { @@ -499,10 +500,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci * \param operation The operation that the key will be used for: * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * parameter verification fails. - * \return A cipher-specific error code. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation ); @@ -517,7 +518,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k * \param ctx The generic cipher context. * \param mode The padding mode. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE * if the selected padding mode is not supported. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode @@ -538,7 +539,7 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on failure. */ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, @@ -549,7 +550,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, * * \param ctx The generic cipher context. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA * if parameter verification fails. */ @@ -596,12 +597,12 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * \param olen The length of the output data, to be updated with the * actual number of Bytes written. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * parameter verification fails. * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an * unsupported mode for a cipher. - * \return A cipher-specific error code. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ); @@ -616,15 +617,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * \param output The buffer to write data to. Needs block_size available. * \param olen The length of the data written to the \p output buffer. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * parameter verification fails. * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption * expected a full block but was not provided one. * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * while decrypting. - * \return A cipher-specific error code on failure for any other - * reason. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ); @@ -681,14 +681,13 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * \note Some ciphers do not use IVs nor nonce. For these * ciphers, use \p iv = NULL and \p iv_len = 0. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption * expected a full block but was not provided one. * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * while decrypting. - * \return A cipher-specific error code on failure for any other - * reason. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -714,9 +713,9 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * \param tag The buffer for the authentication tag. * \param tag_len The desired length of the authentication tag. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. - * \return A cipher-specific error code. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -747,10 +746,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * \param tag The buffer holding the authentication tag. * \param tag_len The length of the authentication tag. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. - * \return A cipher-specific error code on failure for any other reason. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, From c138bb7b052251401e568df4daef69404a727a4c Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 11:11:25 +0100 Subject: [PATCH 419/504] Update cmac.h minor changes based on comments --- include/mbedtls/cmac.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index b9c6f2210..0ada7421b 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -76,8 +76,8 @@ struct mbedtls_cmac_context_t * \param keybits The length of the CMAC key in bits. * Must be supported by the cipher. * - * \returns \c 0 on success. - * \returns A cipher-specific error code on failure. + * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, const unsigned char *key, size_t keybits ); @@ -94,8 +94,8 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, @@ -112,8 +112,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, * \param ctx The cipher context used for the CMAC operation. * \param output The output buffer for the CMAC checksum result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, @@ -129,8 +129,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, * * \param ctx The cipher context used for the CMAC operation. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); @@ -153,8 +153,8 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); * \param ilen The length of the input data. * \param output The buffer for the generic CMAC result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, From a282270a10b42fb0d4d109c3e96ccc745f2095cf Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 16 Apr 2018 06:33:28 -0400 Subject: [PATCH 420/504] Add explicit checks for non-zero result of platform setup in test suites --- tests/suites/helpers.function | 2 +- tests/suites/main_test.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index e716318b1..c436fbb87 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -133,7 +133,7 @@ mbedtls_platform_context platform_ctx; static int platform_setup() { #if defined(MBEDTLS_PLATFORM_C) - if( mbedtls_platform_setup( &platform_ctx ) ) + if( mbedtls_platform_setup( &platform_ctx ) != 0 ) { return -1; } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index e5b404358..8d7e47769 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -282,7 +282,7 @@ int main(int argc, const char *argv[]) !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; #endif - if( platform_setup() ) + if( platform_setup() != 0 ) { mbedtls_fprintf( stderr, "FATAL: Failed to initialize platform" ); return -1; From 418527b041e2c147ed604221d7b58d1143e953ff Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 16 Apr 2018 12:02:29 +0100 Subject: [PATCH 421/504] Fix minor issues with command line options --- scripts/abi_check.py | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 14250d2b9..8f9cd0f43 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -12,7 +12,7 @@ files from two different Git revisions within an Mbed TLS repository. The results of the comparison are formatted as HTML and stored at a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error while running the script. -Note: requires Python 3, must be run from Mbed TLS root. +Note: must be run from Mbed TLS root. """ import os @@ -199,31 +199,30 @@ def run_main(): try: parser = argparse.ArgumentParser( description=( - "This script is a small wrapper around the " - "abi-compliance-checker and abi-dumper tools, applying them " - "to compare the ABI and API of the library files from two " - "different Git revisions within an Mbed TLS repository." - " The results of the comparison are formatted as HTML and" - " stored at a configurable location. Returns 0 on success, " - "1 on ABI/API non-compliance, and 2 if there is an error " - "while running the script. Note: requires Python 3, " - "must be run from Mbed TLS root." + """This script is a small wrapper around the + abi-compliance-checker and abi-dumper tools, applying them + to compare the ABI and API of the library files from two + different Git revisions within an Mbed TLS repository. + The results of the comparison are formatted as HTML and stored + at a configurable location. Returns 0 on success, 1 on ABI/API + non-compliance, and 2 if there is an error while running the + script. Note: must be run from Mbed TLS root.""" ) ) parser.add_argument( - "-r", "--report_dir", type=str, default="reports", + "-r", "--report-dir", type=str, default="reports", help="directory where reports are stored, default is reports", ) parser.add_argument( - "-k", "--keep_all_reports", action="store_true", + "-k", "--keep-all-reports", action="store_true", help="keep all reports, even if there are no compatibility issues", ) parser.add_argument( - "-o", "--old_rev", type=str, help="revision for old version", + "-o", "--old-rev", type=str, help="revision for old version", required=True ) parser.add_argument( - "-n", "--new_rev", type=str, help="revision for new version", + "-n", "--new-rev", type=str, help="revision for new version", required=True ) abi_args = parser.parse_args() From f25eb6eef6b53db98b6afa5f4b8463f27c200a48 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 14:51:52 +0100 Subject: [PATCH 422/504] Update ctr_drbg.h minor changes based on comments --- include/mbedtls/ctr_drbg.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 5f611dd01..dcbc04792 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -3,10 +3,13 @@ * * \brief This file contains CTR_DRBG definitions and functions. * - * CTR_DRBG is based on AES-256, as defined in NIST SP 800-90A: - * Recommendation for Random Number Generation Using Deterministic - * Random Bit Generators. + * CTR_DRBG is a standardized way of building a PRNG from a block-cipher + * in counter mode operation, as defined in NIST SP 800-90A: + * Recommendation for Random Number Generation Using Deterministic Random + * Bit Generators. * + * The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying + * block cipher. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -286,8 +289,8 @@ int mbedtls_ctr_drbg_random( void *p_rng, * \param path The name of the file. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on + * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on * failure. */ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); From 9464d7b6e367407c96bbf1000ecc71d854d14ce1 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 15:28:35 +0100 Subject: [PATCH 423/504] Update platform.h Implemented changes based on review comments --- include/mbedtls/platform.h | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 65ae85c19..d50b266b7 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -3,6 +3,14 @@ * * \brief This file contains the definitions and functions of the * Mbed TLS platform abstraction layer. + * + * The platform abstraction layer removes the need for the library + * to directly link to standard C library functions or operating + * system services, making the library easier to port and embed. + * Application developers and users of the library can provide their own + * implementations of these functions, or implementations specific to + * their platform, which can be statically linked to the library or + * dynamically configured at runtime. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -117,8 +125,8 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size ); extern void (*mbedtls_free)( void *ptr ); /** - * \brief This function allows configuring custom - * memory-management functions. + * \brief This function dynamically sets the memory-management + * functions used by the library, during runtime. * * \param calloc_func The \c calloc function implementation. * \param free_func The \c free function implementation. @@ -142,8 +150,9 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); /** - * \brief This function allows configuring a custom - * \p fprintf function pointer. + * \brief This function dynamically configures the fprintf + * function that is called when the + * mbedtls_fprintf() function is invoked by the library. * * \param fprintf_func The \c fprintf function implementation. * @@ -166,8 +175,9 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char extern int (*mbedtls_printf)( const char *format, ... ); /** - * \brief This function allows configuring a custom \c printf - * function pointer. + * \brief This function dynamically configures the snprintf + * function that is called when the mbedtls_snprintf() + * function is invoked by the library. * * \param printf_func The \c printf function implementation. * @@ -224,8 +234,9 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, extern void (*mbedtls_exit)( int status ); /** - * \brief This function allows configuring a custom - * \c exit function pointer. + * \brief This function dynamically configures the exit + * function that is called when the mbedtls_exit() + * function is invoked by the library. * * \param exit_func The \c exit function implementation. * @@ -314,7 +325,8 @@ mbedtls_platform_context; #endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** - * \brief This function performs any platform-specific initialization operations. + * \brief This function performs any platform-specific initialization + * operations. * * \note This function should be called before any other library functions. * @@ -323,7 +335,7 @@ mbedtls_platform_context; * * \note The usage and necessity of this function is dependent on the platform. * - * \param ctx The Mbed TLS context. + * \param ctx The platform context. * * \return \c 0 on success. */ @@ -339,7 +351,7 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \note The usage and necessity of this function is dependent on the platform. * - * \param ctx The Mbed TLS context. + * \param ctx The platform context. * */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From 05d0e51bb1cdace99da6571967af1c9adc3b74f8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 16 Apr 2018 17:40:04 +0300 Subject: [PATCH 424/504] Minor modifications for alt support in des and ecp 1. Add 3des context to be allowed for alternative defintion 2. Move some ecp structs, to disallow alternative definition of them, as other modules rely on them --- include/mbedtls/des.h | 8 ++++---- include/mbedtls/ecp.h | 48 +++++++++++++++++++++---------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index b0a82df9b..6eb7d03ba 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -67,10 +67,6 @@ typedef struct } mbedtls_des_context; -#else /* MBEDTLS_DES_ALT */ -#include "des_alt.h" -#endif /* MBEDTLS_DES_ALT */ - /** * \brief Triple-DES context structure */ @@ -80,6 +76,10 @@ typedef struct } mbedtls_des3_context; +#else /* MBEDTLS_DES_ALT */ +#include "des_alt.h" +#endif /* MBEDTLS_DES_ALT */ + /** * \brief Initialize DES context * diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1bc5ac9e6..45a2452a1 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -43,15 +43,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_ECP_ALT) -/* - * default mbed TLS elliptic curve arithmetic implementation - * - * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an - * alternative implementation for the whole module and it will replace this - * one.) - */ - /** * Domain parameters (curve, subgroup and generator) identifiers. * @@ -113,6 +104,15 @@ typedef struct } mbedtls_ecp_point; +#if !defined(MBEDTLS_ECP_ALT) +/* + * default mbed TLS elliptic curve arithmetic implementation + * + * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an + * alternative implementation for the whole module and it will replace this + * one.) + */ + /** * \brief ECP group structure * @@ -157,21 +157,6 @@ typedef struct } mbedtls_ecp_group; -/** - * \brief ECP key pair structure - * - * A generic key pair that could be used for ECDSA, fixed ECDH, etc. - * - * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. - */ -typedef struct -{ - mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ - mbedtls_mpi d; /*!< our secret value */ - mbedtls_ecp_point Q; /*!< our public value */ -} -mbedtls_ecp_keypair; - /** * \name SECTION: Module settings * @@ -235,6 +220,21 @@ mbedtls_ecp_keypair; #include "ecp_alt.h" #endif /* MBEDTLS_ECP_ALT */ +/** + * \brief ECP key pair structure + * + * A generic key pair that could be used for ECDSA, fixed ECDH, etc. + * + * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. + */ +typedef struct +{ + mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ + mbedtls_mpi d; /*!< our secret value */ + mbedtls_ecp_point Q; /*!< our public value */ +} +mbedtls_ecp_keypair; + /* * Point formats, from RFC 4492's enum ECPointFormat */ From 7375b0f6c179db8247fe4510cc8c680f4bccf456 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 16:04:57 +0100 Subject: [PATCH 425/504] Update ecdh.h Changs based on review comments --- include/mbedtls/ecdh.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 70455e8c7..922f029d7 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -45,7 +45,7 @@ extern "C" { */ typedef enum { - MBEDTLS_ECDH_OURS, /**< Our key. */ + MBEDTLS_ECDH_OURS, /**< Our key. */ MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */ } mbedtls_ecdh_side; @@ -101,8 +101,8 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * \see ecp.h * * \note If \p f_rng is not NULL, it is used to implement - * countermeasures against potential elaborate timing - * attacks. For more information, see mbedtls_ecp_mul(). + * countermeasures against side-channel attacks. + * For more information, see mbedtls_ecp_mul(). * * \param grp The ECP group. * \param z The destination MPI (shared secret). @@ -253,8 +253,8 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * and servers. * * \note If \p f_rng is not NULL, it is used to implement - * countermeasures against potential elaborate timing - * attacks. For more information, see mbedtls_ecp_mul(). + * countermeasures against side-channel attacks. + * For more information, see mbedtls_ecp_mul(). * * \see ecp.h * From 14d0d57c512c6286336c40aad2a15d4b32a7a736 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 16:09:30 +0100 Subject: [PATCH 426/504] Update ecdsa.h Minor changes based on review comments --- include/mbedtls/ecdsa.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 99c6d2e52..806c417ef 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -121,7 +121,7 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, * \param md_alg The MD algorithm used to hash the message. * * \return \c 0 on success. - * \return or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, @@ -149,7 +149,8 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * \param s The second integer of the signature. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature + * is invalid. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure for any other reason. */ @@ -240,7 +241,7 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 * * \param ctx The ECDSA context. - * \param hash The Message hash. + * \param hash The message hash. * \param hlen The length of the hash. * \param sig The buffer that holds the signature. * \param slen The length of the signature written. From 6a7ebc4c8663c19890f3d57ddaae68ac9c9872aa Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 16:11:49 +0100 Subject: [PATCH 427/504] Update gcm.h minor fix based on review comments --- include/mbedtls/gcm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 88408c2cf..119e2752e 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -158,7 +158,7 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * \param output The buffer for holding the output data. * * \return 0 if successful and authenticated. - * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. + * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match. */ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t length, From f3e4736131f1ee9c4e37d9924c1690dd7d0eb222 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 16:31:16 +0100 Subject: [PATCH 428/504] Update md.h Changes based on review comments --- include/mbedtls/md.h | 97 +++++++++++++++++++++++--------------------- 1 file changed, 50 insertions(+), 47 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index df2ab630b..6b6f5c53d 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -54,15 +54,15 @@ extern "C" { * */ typedef enum { - MBEDTLS_MD_NONE=0, /**< None. */ - MBEDTLS_MD_MD2, /**< The MD2 message digest. */ - MBEDTLS_MD_MD4, /**< The MD4 message digest. */ - MBEDTLS_MD_MD5, /**< The MD5 message digest. */ - MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ - MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ - MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ - MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ - MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ + MBEDTLS_MD_NONE=0, /**< None. */ + MBEDTLS_MD_MD2, /**< The MD2 message digest. */ + MBEDTLS_MD_MD4, /**< The MD4 message digest. */ + MBEDTLS_MD_MD5, /**< The MD5 message digest. */ + MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ + MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ + MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ + MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ + MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ } mbedtls_md_type_t; @@ -108,8 +108,8 @@ const int *mbedtls_md_list( void ); * * \param md_name The name of the digest to search for. * - * \return The message-digest information associated with \p md_name, - * or NULL if not found. + * \return The message-digest information associated with \p md_name. + * \return NULL if the associated message-digest information is not found. */ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); @@ -168,9 +168,10 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * \param md_info The information structure of the message-digest algorithm * to use. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. - * \returns #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. + * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED @@ -190,9 +191,10 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory), * or non-zero: HMAC is used with this context. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. - * \returns #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. + * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); @@ -213,7 +215,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf * \param src The context to be cloned. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure. */ int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ); @@ -260,9 +262,9 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); * * \param ctx The generic message-digest context. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); @@ -278,9 +280,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -298,9 +300,9 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si * \param ctx The generic message-digest context. * \param output The buffer for the generic message-digest checksum result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); @@ -318,9 +320,9 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \param ilen The length of the input data. * \param output The generic message-digest checksum result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output ); @@ -339,8 +341,9 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si * \param output The generic message-digest checksum result. * * \return \c 0 on success. - * \returns #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. + * \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing + * the file pointed by \p path. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ); @@ -360,9 +363,9 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, * \param key The HMAC secret key. * \param keylen The length of the HMAC key in Bytes. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ); @@ -382,9 +385,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -403,9 +406,9 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu * context. * \param output The generic HMAC checksum result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); @@ -420,9 +423,9 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); * \param ctx The message digest context containing an embedded HMAC * context. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); @@ -444,9 +447,9 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * \param ilen The length of the input data. * \param output The generic HMAC result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, From f2ec288bf891cbfea5deb9996ed54f97d46b50a7 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:27:25 +0100 Subject: [PATCH 429/504] Update rsa.h Changes based on review comments. --- include/mbedtls/rsa.h | 133 +++++++++++++++++++++--------------------- 1 file changed, 66 insertions(+), 67 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 711329c52..033e58027 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1,7 +1,7 @@ /** * \file rsa.h * - * \brief This file contains RSA definitions and functions. + * \brief This file defines the RSA public-key cryptosystem. * * The RSA public-key cryptosystem is defined in Public-Key * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption @@ -104,14 +104,14 @@ typedef struct mbedtls_mpi P; /*!< The first prime factor. */ mbedtls_mpi Q; /*!< The second prime factor. */ - mbedtls_mpi DP; /*!< \p D % (P - 1) */ - mbedtls_mpi DQ; /*!< \p D % (Q - 1) */ - mbedtls_mpi QP; /*!< 1 / (Q % P) */ + mbedtls_mpi DP; /*!< D % (P - 1). */ + mbedtls_mpi DQ; /*!< D % (Q - 1). */ + mbedtls_mpi QP; /*!< 1 / (Q % P). */ - mbedtls_mpi RN; /*!< cached R^2 mod \p N */ + mbedtls_mpi RN; /*!< cached R^2 mod N. */ - mbedtls_mpi RP; /*!< cached R^2 mod \p P */ - mbedtls_mpi RQ; /*!< cached R^2 mod \p Q */ + mbedtls_mpi RP; /*!< cached R^2 mod P. */ + mbedtls_mpi RQ; /*!< cached R^2 mod Q. */ mbedtls_mpi Vi; /*!< The cached blinding value. */ mbedtls_mpi Vf; /*!< The cached un-blinding value. */ @@ -328,7 +328,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * If the function fails due to an unsupported operation, * the RSA context stays intact and remains usable. * - * \note The length fields are ignored if the corresponding + * \note The length parameters are ignored if the corresponding * buffer pointers are NULL. * * \param ctx The initialized RSA context. @@ -338,7 +338,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * NULL. * \param P_len The size of the buffer for the first prime factor. * \param Q The Byte array to hold the second prime factor of \p N, or - NULL. + * NULL. * \param Q_len The size of the buffer for the second prime factor. * \param D The Byte array to hold the private exponent, or NULL. * \param D_len The size of the buffer for the private exponent. @@ -549,10 +549,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 encryption * operation using the \p mode from the context. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The input and output buffers must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -561,6 +557,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 * encoding, and #MBEDTLS_RSA_PRIVATE. @@ -584,10 +584,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The output buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -596,6 +592,10 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding and * #MBEDTLS_RSA_PRIVATE. @@ -619,10 +619,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 OAEP encryption * operation (RSAES-OAEP-ENCRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The output buffer must be as large as the size * of ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -631,6 +627,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1 * encoding and #MBEDTLS_RSA_PRIVATE. @@ -671,15 +671,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \note The input buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -691,7 +691,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -705,10 +704,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 decryption * operation (RSAES-PKCS1-v1_5-DECRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N, for example, * 128 Bytes if RSA-1024 is used, to be able to hold an @@ -724,6 +719,10 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -749,26 +748,26 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 OAEP decryption * operation (RSAES-OAEP-DECRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * \note The output buffer length \c output_max_len should be + * as large as the size \p ctx->len of \p ctx->N, for + * example, 128 Bytes if RSA-1024 is used, to be able to + * hold an arbitrary decrypted message. If it is not + * large enough to hold the decryption of the particular + * ciphertext provided, the function returns + * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The output buffer length \c output_max_len should be - * as large as the size \p ctx->len of \p ctx->N, for - * example, 128 Bytes if RSA-1024 is used, to be able to - * hold an arbitrary decrypted message. If it is not - * large enough to hold the decryption of the particular - * ciphertext provided, the function returns - * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. - * - * \note The input buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \note The input buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -800,10 +799,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 * signature using the \p mode from the context. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -816,6 +811,10 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for * #MBEDTLS_RSA_PRIVATE. @@ -843,10 +842,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 signature * operation (RSASSA-PKCS1-v1_5-SIGN). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -855,6 +850,10 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -881,10 +880,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 PSS signature * operation (RSASSA-PSS-SIGN). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -900,6 +895,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for * #MBEDTLS_RSA_PRIVATE. @@ -930,10 +929,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * This is the generic wrapper for performing a PKCS#1 * verification using the mode from the context. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -946,6 +941,10 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -972,10 +971,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -984,6 +979,10 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -1013,10 +1012,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * The hash function for the MGF mask generating function * is that specified in the RSA context. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -1033,6 +1028,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. From 92d66b88aeab09f0828e0d98ede669956c857ad0 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:36:56 +0100 Subject: [PATCH 430/504] Update sha1.h Changes based on review comments --- include/mbedtls/sha1.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 4a43c0101..d8ce3c63b 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -97,8 +97,8 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param dst The destination context. - * \param src The context to clone. + * \param dst The SHA-1 context to clone to. + * \param src The SHA-1 context to clone from. * */ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, @@ -111,7 +111,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The context to initialize. + * \param ctx The SHA-1 context to initialize. * * \return \c 0 on success. * @@ -183,7 +183,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0. * - * \param ctx The context to initialize. + * \param ctx The SHA-1 context to initialize. * */ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); From 6ee22a7d524917bd9da1a0abfcf08899b07eec77 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:38:39 +0100 Subject: [PATCH 431/504] Update sha256.h Minor fix based on review comments --- include/mbedtls/sha256.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 7affb1be8..c4465e586 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -102,7 +102,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \brief This function feeds an input buffer into an ongoing * SHA-256 checksum calculation. * - * \param ctx The SHA-256 context to initialize. + * \param ctx The SHA-256 context. * \param input The buffer holding the data. * \param ilen The length of the input data. * From ef8717984218f9a7d62f121ebb69b6c0219585b7 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:41:48 +0100 Subject: [PATCH 432/504] Update ccm.h updated failure returns to "A CCM or cipher-specific error code on failure." --- include/mbedtls/ccm.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index f354ef9fb..8f252c4bd 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -78,7 +78,7 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \param keybits The key size in bits. This must be acceptable by the cipher. * * \return \c 0 on success. - * \return A cipher-specific error code on failure. + * \return A CCM or cipher-specific error code on failure. */ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, @@ -118,7 +118,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * 4, 6, 8, 10, 12, 14 or 16. * * \return \c 0 on success. - * \return A cipher-specific error code on failure. + * \return A CCM or cipher-specific error code on failure. */ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, @@ -145,7 +145,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * 4, 6, 8, 10, 12, 14 or 16. * * \return \c 0 on success. - * \return A cipher-specific error code on failure. + * \return A CCM or cipher-specific error code on failure. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, From d3c9bfcbeb02fdb89097d33326a6d1efd52c6a73 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:56:55 +0100 Subject: [PATCH 433/504] Update ecp.h Reviewed and standardized --- include/mbedtls/ecp.h | 645 +++++++++++++++++++++++------------------- 1 file changed, 351 insertions(+), 294 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index e024da864..89c756b37 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1,10 +1,20 @@ /** * \file ecp.h * - * \brief Elliptic curves over GF(p) + * \brief This file contains ECP definitions and functions. + * + * The Elliptic Curve over P (ECP) is defined in Standards for Efficient + * Cryptography Group (SECG): SEC1 Elliptic Curve Cryptography and + * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites + * for Transport Layer Security (TLS). + * + * RFC-2409: The Internet Key Exchange (IKE) defines ECP + * group types. + * */ -/* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +29,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_ECP_H #define MBEDTLS_ECP_H @@ -31,13 +42,13 @@ */ #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */ +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested curve not available. */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ -#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ +#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */ -#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ +#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< The ECP hardware accelerator failed. */ #if !defined(MBEDTLS_ECP_ALT) /* @@ -53,9 +64,9 @@ extern "C" { #endif /** - * Domain parameters (curve, subgroup and generator) identifiers. + * Definition of domain parameter identifiers: curve, subgroup and generator. * - * Only curves over prime fields are supported. + * \note Only curves over prime fields are supported. * * \warning This library does not support validation of arbitrary domain * parameters. Therefore, only well-known domain parameters from trusted @@ -63,113 +74,119 @@ extern "C" { */ typedef enum { - MBEDTLS_ECP_DP_NONE = 0, - MBEDTLS_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */ - MBEDTLS_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */ - MBEDTLS_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */ - MBEDTLS_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */ - MBEDTLS_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */ - MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */ - MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */ - MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */ - MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */ - MBEDTLS_ECP_DP_CURVE448, /*!< Curve448 */ - MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */ - MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */ - MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */ + MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */ + MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for 192-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for 224-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for 256-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for 384-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for 521-bit NIST curve. */ + MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */ + MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ + MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ + MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for a Curve25519 curve. */ + MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for a Curve448 curve. */ + MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ + MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ + MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ } mbedtls_ecp_group_id; /** - * Number of supported curves (plus one for NONE). + * The number of supported curves, plus one for none. * - * (Montgomery curves excluded for now.) + * \note Montgomery curves are currently excluded. */ #define MBEDTLS_ECP_DP_MAX 12 /** - * Curve information for use by other modules + * Curve information, for use by other modules. */ typedef struct { - mbedtls_ecp_group_id grp_id; /*!< Internal identifier */ - uint16_t tls_id; /*!< TLS NamedCurve identifier */ - uint16_t bit_size; /*!< Curve size in bits */ - const char *name; /*!< Human-friendly name */ + mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ + uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ + uint16_t bit_size; /*!< The size of the curve in bits. */ + const char *name; /*!< A human-friendly name. */ } mbedtls_ecp_curve_info; /** - * \brief ECP point structure (jacobian coordinates) + * \brief The ECP point structure, in jacobian coordinates. * * \note All functions expect and return points satisfying - * the following condition: Z == 0 or Z == 1. (Other - * values of Z are used by internal functions only.) + * the following condition: \p Z == 0 or \p Z == 1. Other + * values of \p Z are used only by internal functions. * The point is zero, or "at infinity", if Z == 0. * Otherwise, X and Y are its standard (affine) coordinates. */ typedef struct { - mbedtls_mpi X; /*!< the point's X coordinate */ - mbedtls_mpi Y; /*!< the point's Y coordinate */ - mbedtls_mpi Z; /*!< the point's Z coordinate */ + mbedtls_mpi X; /*!< The X coordinate of the ECP point. */ + mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */ + mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */ } mbedtls_ecp_point; /** - * \brief ECP group structure + * \brief The ECP group structure. * - * We consider two types of curves equations: - * 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492) - * 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft) - * In both cases, a generator G for a prime-order subgroup is fixed. In the - * short weierstrass, this subgroup is actually the whole curve, and its - * cardinal is denoted by N. + * We consider two types of curve equations: + *
    • Short Weierstrass: y^2 = x^3 + \p A x + \p B mod P + * (SEC1 + RFC-4492)
      • + *
    • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
    + * In both cases, the generator (G) for a prime-order subgroup is fixed. * - * In the case of Short Weierstrass curves, our code requires that N is an odd - * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.) + * For Short Weierstrass, this subgroup is the whole curve, and its + * cardinal is denoted by \p N. Our code requires that \p N is an odd prime. * - * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is - * the quantity actually used in the formulas. Also, nbits is not the size of N - * but the required size for private keys. + * \note For blinding, use odd in mbedtls_ecp_mul() and prime in + * mbedtls_ecdsa_sign(). * - * If modp is NULL, reduction modulo P is done using a generic algorithm. - * Otherwise, it must point to a function that takes an mbedtls_mpi in the range - * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more - * than pbits, so that the integer may be efficiently brought in the 0..P-1 - * range by a few additions or substractions. It must return 0 on success and - * non-zero on failure. + * For Montgomery curves, we do not store \p A, but (A + 2) / 4, which is + * the quantity used in the formulas. Additionally, \p nbits is not the + * size of \p N but the required size for private keys. + * + * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. + * Otherwise, it must point to a function that takes an \p mbedtls_mpi in the + * range of 0..2^(2*pbits)-1, and transforms it in-place in an integer of + * little more than \p pbits, so that the integer may be efficiently brought + * in the 0..P-1 range by a few additions or substractions. + * + * \return \c 0 on success + * \return Non-zero on failure. */ typedef struct { - mbedtls_ecp_group_id id; /*!< internal group identifier */ - mbedtls_mpi P; /*!< prime modulus of the base field */ - mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ - mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */ - mbedtls_ecp_point G; /*!< generator of the (sub)group used */ - mbedtls_mpi N; /*!< the order of G */ - size_t pbits; /*!< number of bits in P */ - size_t nbits; /*!< number of bits in 1. P, or 2. private keys */ - unsigned int h; /*!< internal: 1 if the constants are static */ - int (*modp)(mbedtls_mpi *); /*!< function for fast reduction mod P */ - int (*t_pre)(mbedtls_ecp_point *, void *); /*!< unused */ - int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused */ - void *t_data; /*!< unused */ - mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */ - size_t T_size; /*!< number for pre-computed points */ + mbedtls_ecp_group_id id; /*!< An internal group identifier. */ + mbedtls_mpi P; /*!< A prime modulus of the base field. */ + mbedtls_mpi A; /*!< \p A in the equation or (A + 2) / 4. */ + mbedtls_mpi B; /*!< \p B in the equation or unused. */ + mbedtls_ecp_point G; /*!< The generator of the (sub)group used. */ + mbedtls_mpi N; /*!< The order of \p G. */ + size_t pbits; /*!< The number of bits in \p P.*/ + size_t nbits; /*!< The number of bits in \p P, or the private + keys. */ + unsigned int h; /*!< \internal 1 if the constants are static. */ + int (*modp)(mbedtls_mpi *); /*!< The function for fast reduction mod P.*/ + int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ + int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ + void *t_data; /*!< Unused. */ + mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ + size_t T_size; /*!< The number for pre-computed points. */ } mbedtls_ecp_group; /** - * \brief ECP key pair structure + * \brief The ECP key-pair structure. * - * A generic key pair that could be used for ECDSA, fixed ECDH, etc. + * A generic key-pair that may be used for ECDSA and fixed ECDH, for example. * - * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. + * \note Members are deliberately in the same order as in the + * #mbedtls_ecdsa_context structure. */ typedef struct { - mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ - mbedtls_mpi d; /*!< our secret value */ - mbedtls_ecp_point Q; /*!< our public value */ + mbedtls_ecp_group grp; /*!< The elliptic curve and base point. */ + mbedtls_mpi d; /*!< Our secret value. */ + mbedtls_ecp_point Q; /*!< Our public value. */ } mbedtls_ecp_keypair; @@ -177,15 +194,15 @@ mbedtls_ecp_keypair; * \name SECTION: Module settings * * The configuration options you can set for this module are in this section. - * Either change them in config.h or define them on the compiler command line. + * Either change them in config.h, or define them using the compiler command line. * \{ */ #if !defined(MBEDTLS_ECP_MAX_BITS) /** - * Maximum size of the groups (that is, of N and P) + * The maximum size of the groups, that is, of N and P. */ -#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ +#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ #endif #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) @@ -212,7 +229,7 @@ mbedtls_ecp_keypair; * 224 475 475 453 398 342 * 192 640 640 633 587 476 */ -#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ +#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ #endif /* MBEDTLS_ECP_WINDOW_SIZE */ #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) @@ -227,7 +244,7 @@ mbedtls_ecp_keypair; * * Change this value to 0 to reduce peak memory usage. */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ /* \} name SECTION: Module settings */ @@ -235,25 +252,26 @@ mbedtls_ecp_keypair; /* * Point formats, from RFC 4492's enum ECPointFormat */ -#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ -#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ +#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */ +#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */ /* * Some other constants from RFC 4492 */ -#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ +#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */ /** - * \brief Get the list of supported curves in order of preferrence - * (full information) + * \brief This function retrieves the information defined in + * mbedtls_ecp_curve_info()for all supported curves in order + * of preference. * - * \return A statically allocated array, the last entry is 0. + * \return A statically allocated array. The last entry is 0. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); /** - * \brief Get the list of supported curves in order of preferrence - * (grp_id only) + * \brief This function retrieves the grp_id of all supported curves + * in order of preference. * * \return A statically allocated array, * terminated with MBEDTLS_ECP_DP_NONE. @@ -261,358 +279,390 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); /** - * \brief Get curve information from an internal group identifier + * \brief This function retrieves curve information from an internal + * group identifier. * - * \param grp_id A MBEDTLS_ECP_DP_XXX value + * \param grp_id An \c MBEDTLS_ECP_DP_XXX value. * - * \return The associated curve information or NULL + * \return The associated curve information, or NULL. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); /** - * \brief Get curve information from a TLS NamedCurve value + * \brief This function retrieves curve information from a TLS + * NamedCurve value. * - * \param tls_id A MBEDTLS_ECP_DP_XXX value + * \param tls_id An \c MBEDTLS_ECP_DP_XXX value. * - * \return The associated curve information or NULL + * \return The associated curve information, or NULL. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); /** - * \brief Get curve information from a human-readable name + * \brief This function retrieves curve information from a + * human-readable name. * - * \param name The name + * \param name The human-readable name. * - * \return The associated curve information or NULL + * \return The associated curve information, or NULL. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); /** - * \brief Initialize a point (as zero) + * \brief This function initializes a point as zero. + * + * \param pt The point to initialize. */ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); /** - * \brief Initialize a group (to something meaningless) + * \brief This function initializes a group to something meaningless. */ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); /** - * \brief Initialize a key pair (as an invalid one) + * \brief This function initializes a key pair as an invalid one. + * + * \param key The key pair to initialize. */ void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ); /** - * \brief Free the components of a point + * \brief This function frees the components of a point. + * + * \param pt The point to free. */ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); /** - * \brief Free the components of an ECP group + * \brief This function frees the components of an ECP group. + * \param grp The group to free. */ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); /** - * \brief Free the components of a key pair + * \brief This function frees the components of a key pair. + * \param key The key pair to free. */ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); /** - * \brief Copy the contents of point Q into P + * \brief This function copies the contents of point \p Q into + * point \p P. * - * \param P Destination point - * \param Q Source point + * \param P The destination point. + * \param Q The source point. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. */ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); /** - * \brief Copy the contents of a group object + * \brief This function copies the contents of group \p src into + * group \p dst. * - * \param dst Destination group - * \param src Source group + * \param dst The destination group. + * \param src The source group. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. */ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ); /** - * \brief Set a point to zero + * \brief This function sets a point to zero. * - * \param pt Destination point + * \param pt The point to set. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. */ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); /** - * \brief Tell if a point is zero + * \brief This function checks if a point is zero. * - * \param pt Point to test + * \param pt The point to test. * - * \return 1 if point is zero, 0 otherwise + * \return \c 1 if point is zero. + * \return \c 0 if point is non-zero. */ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); /** - * \brief Compare two points + * \brief This function compares two points. * - * \note This assumes the points are normalized. Otherwise, + * \note This assumes that the points are normalized. Otherwise, * they may compare as "not equal" even if they are. * - * \param P First point to compare - * \param Q Second point to compare + * \param P The first point to compare. + * \param Q The second point to compare. * - * \return 0 if the points are equal, - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise + * \return \c 0 if the points are equal. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal. */ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); /** - * \brief Import a non-zero point from two ASCII strings + * \brief This function imports a non-zero point from two ASCII + * strings. * - * \param P Destination point - * \param radix Input numeric base - * \param x First affine coordinate as a null-terminated string - * \param y Second affine coordinate as a null-terminated string + * \param P The destination point. + * \param radix The numeric base of the input. + * \param x The first affine coordinate, as a null-terminated string. + * \param y The second affine coordinate, as a null-terminated string. * - * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure. */ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, const char *x, const char *y ); /** - * \brief Export a point into unsigned binary data + * \brief This function exports a point into unsigned binary data. * - * \param grp Group to which the point should belong - * \param P Point to export - * \param format Point format, should be a MBEDTLS_ECP_PF_XXX macro - * \param olen Length of the actual output - * \param buf Output buffer - * \param buflen Length of the output buffer + * \param grp The group to which the point should belong. + * \param P The point to export. + * \param format The point format. Should be an \c MBEDTLS_ECP_PF_XXX macro. + * \param olen The length of the output. + * \param buf The output buffer. + * \param buflen The length of the output buffer. * - * \return 0 if successful, - * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA - * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA + * or #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. */ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen ); /** - * \brief Import a point from unsigned binary data + * \brief This function imports a point from unsigned binary data. * - * \param grp Group to which the point should belong - * \param P Point to import - * \param buf Input buffer - * \param ilen Actual length of input + * \note This function does not check that the point actually + * belongs to the given group, see mbedtls_ecp_check_pubkey() + * for that. * - * \return 0 if successful, - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format + * \param grp The group to which the point should belong. + * \param P The point to import. + * \param buf The input buffer. + * \param ilen The length of the input. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format * is not implemented. * - * \note This function does NOT check that the point actually - * belongs to the given group, see mbedtls_ecp_check_pubkey() for - * that. */ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen ); /** - * \brief Import a point from a TLS ECPoint record + * \brief This function imports a point from a TLS ECPoint record. * - * \param grp ECP group used - * \param pt Destination point - * \param buf $(Start of input buffer) - * \param len Buffer length + * \note On function return, \p buf is updated to point to immediately + * after the ECPoint. * - * \note buf is updated to point right after the ECPoint on exit + * \param grp The ECP group used. + * \param pt The destination point. + * \param buf The address of the pointer to the start of input buffer. + * \param len The length of the buffer. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_XXX if initialization failed - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization failed. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len ); /** - * \brief Export a point as a TLS ECPoint record + * \brief This function exports a point as a TLS ECPoint record. * - * \param grp ECP group used - * \param pt Point to export - * \param format Export format - * \param olen length of data written - * \param buf Buffer to write to - * \param blen Buffer length + * \param grp The ECP group used. + * \param pt The point to export. + * \param format The export format. + * \param olen The length of data written. + * \param buf The Buffer to write to. + * \param blen The length of the Buffer. * - * \return 0 if successful, - * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA - * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or + * #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. */ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen ); /** - * \brief Set a group using well-known domain parameters + * \brief This function sets a group using well-known domain parameters. * - * \param grp Destination group - * \param id Index in the list of well-known domain parameters + * \note The index should be a value of the NamedCurve enum, + * as defined in RFC-4492: Elliptic Curve Cryptography + * (ECC) Cipher Suites for Transport Layer Security (TLS), + * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_XXX if initialization failed - * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups + * \param grp The destination group. + * \param id The index in the list of well-known domain parameters. * - * \note Index should be a value of RFC 4492's enum NamedCurve, - * usually in the form of a MBEDTLS_ECP_DP_XXX macro. + * \return \c 0 on success, + * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization fails. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups. + */ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** - * \brief Set a group from a TLS ECParameters record + * \brief This function sets a group from a TLS ECParameters record. * - * \param grp Destination group - * \param buf &(Start of input buffer) - * \param len Buffer length + * \note \p buf is updated to point right after ECParameters on exit. * - * \note buf is updated to point right after ECParameters on exit + * \param grp The destination group. + * \param buf The address of the pointer to the start of input buffer. + * \param len The length of the buffer. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_XXX if initialization failed - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization fails. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); /** - * \brief Write the TLS ECParameters record for a group + * \brief This function writes the TLS ECParameters record for a group. * - * \param grp ECP group used - * \param olen Number of bytes actually written - * \param buf Buffer to write to - * \param blen Buffer length + * \param grp The ECP group used. + * \param olen The number of Bytes written. + * \param buf The buffer to write to. + * \param blen The length of the buffer. * - * \return 0 if successful, - * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. */ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen ); /** - * \brief Multiplication by an integer: R = m * P - * (Not thread-safe to use same group in multiple threads) + * \brief This function performs multiplication of a point by + * an integer: \p R = \p m * \p P. * - * \note In order to prevent timing attacks, this function - * executes the exact same sequence of (base field) - * operations for any valid m. It avoids any if-branch or - * array index depending on the value of m. + * It is not thread-safe to use same group in multiple threads. * - * \note If f_rng is not NULL, it is used to randomize intermediate - * results in order to prevent potential timing attacks - * targeting these results. It is recommended to always - * provide a non-NULL f_rng (the overhead is negligible). + * \note To prevent timing attacks, this function + * executes the exact same sequence of base-field + * operations for any valid \p m. It avoids any if-branch or + * array index depending on the value of \p m. * - * \param grp ECP group - * \param R Destination point - * \param m Integer by which to multiply - * \param P Point to multiply - * \param f_rng RNG function (see notes) - * \param p_rng RNG parameter + * \note If \p f_rng is not NULL, it is used to randomize + * intermediate results to prevent potential timing attacks + * targeting these results. We recommend always providing + * a non-NULL \p f_rng. The overhead is negligible. * - * \return 0 if successful, - * MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey - * or P is not a valid pubkey, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \param grp The ECP group. + * \param R The destination point. + * \param m The integer by which to multiply. + * \param P The point to multiply. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid privkey, + * or \p P is not a valid pubkey. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Multiplication and addition of two points by integers: - * R = m * P + n * Q - * (Not thread-safe to use same group in multiple threads) + * \brief This function performs multiplication and addition of two + * points by integers: \p R = \p m * \p P + \p n * \p Q + + * It is not thread-safe to use same group in multiple threads. * - * \note In contrast to mbedtls_ecp_mul(), this function does not guarantee - * a constant execution flow and timing. + * \note In contrast to mbedtls_ecp_mul(), this function does not + * guarantee a constant execution flow and timing. * - * \param grp ECP group - * \param R Destination point - * \param m Integer by which to multiply P - * \param P Point to multiply by m - * \param n Integer by which to multiply Q - * \param Q Point to be multiplied by n + * \param grp The ECP group. + * \param R The destination point. + * \param m The integer by which to multiply \p P. + * \param P The point to multiply by \p m. + * \param n The integer by which to multiply \p Q. + * \param Q The point to be multiplied by \p n. * - * \return 0 if successful, - * MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey - * or P or Q is not a valid pubkey, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not + * valid private keys, or \p P or \p Q are not valid public + * keys. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); /** - * \brief Check that a point is a valid public key on this curve + * \brief This function checks that a point is a valid public key + * on this curve. * - * \param grp Curve/group the point should belong to - * \param pt Point to check + * It only checks that the point is non-zero, has + * valid coordinates and lies on the curve. It does not verify + * that it is indeed a multiple of \p G. This additional + * check is computationally more expensive, is not required + * by standards, and should not be necessary if the group + * used has a small cofactor. In particular, it is useless for + * the NIST groups which all have a cofactor of 1. * - * \return 0 if point is a valid public key, - * MBEDTLS_ERR_ECP_INVALID_KEY otherwise. + * \note This function uses bare components rather than an + * mbedtls_ecp_keypair() structure, to ease use with other + * structures. For example, mbedtls_ecdh_context() or + * mbedtls_ecdsa_context(). * - * \note This function only checks the point is non-zero, has valid - * coordinates and lies on the curve, but not that it is - * indeed a multiple of G. This is additional check is more - * expensive, isn't required by standards, and shouldn't be - * necessary if the group used has a small cofactor. In - * particular, it is useless for the NIST groups which all - * have a cofactor of 1. + * \param grp The curve or group the point should belong to. + * \param pt The point to check. * - * \note Uses bare components rather than an mbedtls_ecp_keypair structure - * in order to ease use with other structures such as - * mbedtls_ecdh_context of mbedtls_ecdsa_context. + * \return \c 0 if the point is a valid public key. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY otherwise. */ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); /** - * \brief Check that an mbedtls_mpi is a valid private key for this curve + * \brief This function checks that an \p mbedtls_mpi is a valid private + * key for this curve. * - * \param grp Group used - * \param d Integer to check + * \note This function uses bare components rather than an + * mbedtls_ecp_keypair() structure to ease use with other + * structures such as mbedtls_ecdh_context() or + * mbedtls_ecdsa_context(). * - * \return 0 if point is a valid private key, - * MBEDTLS_ERR_ECP_INVALID_KEY otherwise. + * \param grp The group used. + * \param d The integer to check. * - * \note Uses bare components rather than an mbedtls_ecp_keypair structure - * in order to ease use with other structures such as - * mbedtls_ecdh_context of mbedtls_ecdsa_context. + * \return \c 0 if the point is a valid private key. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY otherwise. */ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); /** - * \brief Generate a keypair with configurable base point + * \brief This function generates a keypair with a configurable base + * point. * - * \param grp ECP group - * \param G Chosen base point - * \param d Destination MPI (secret part) - * \param Q Destination point (public part) - * \param f_rng RNG function - * \param p_rng RNG parameter + * \note This function uses bare components rather than an + * mbedtls_ecp_keypair() structure to ease use with other + * structures such as mbedtls_ecdh_context() or + * mbedtls_ecdsa_context(). +* + * \param grp The ECP group. + * \param G The chosen base point. + * \param d The destination MPI (secret part). + * \param Q The destination point (public part). + * \param f_rng The RNG function. + * \param p_rng The RNG context. * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code - * - * \note Uses bare components rather than an mbedtls_ecp_keypair structure - * in order to ease use with other structures such as - * mbedtls_ecdh_context of mbedtls_ecdsa_context. - */ + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code + * on failure. + */ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, @@ -620,57 +670,64 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, void *p_rng ); /** - * \brief Generate a keypair + * \brief This function generates a keypair. * - * \param grp ECP group - * \param d Destination MPI (secret part) - * \param Q Destination point (public part) - * \param f_rng RNG function - * \param p_rng RNG parameter + * \note This function uses bare components rather than an + * mbedtls_ecp_keypair() structure to ease use with other + * structures such as mbedtls_ecdh_context() or + * mbedtls_ecdsa_context(). * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \param grp The ECP group. + * \param d The destination MPI (secret part). + * \param Q The destination point (public part). + * \param f_rng The RNG function. + * \param p_rng The RNG context. * - * \note Uses bare components rather than an mbedtls_ecp_keypair structure - * in order to ease use with other structures such as - * mbedtls_ecdh_context of mbedtls_ecdsa_context. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code + * on failure. */ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Generate a keypair + * \brief This function generates a key. * - * \param grp_id ECP group identifier - * \param key Destination keypair - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param grp_id The ECP group identifier. + * \param key The destination key. + * \param f_rng The RNG function. + * \param p_rng The RNG context. * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code + * on failure. */ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Check a public-private key pair + * \brief This function checks a public-private key pair. * - * \param pub Keypair structure holding a public key - * \param prv Keypair structure holding a private (plus public) key + * \param pub The keypair structure holding the public key. + * \param prv The keypair structure holding the private key. * - * \return 0 if successful (keys are valid and match), or - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or - * a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code. + * \note The both are keypairs, and may optionally hold the corresponding other key, but the public key passed in thee pub is checked against the private key passed in prv. + * + * \return \c 0 on success - the keys are valid and match. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or an \c + * MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * error code on failure. */ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); #if defined(MBEDTLS_SELF_TEST) /** - * \brief Checkup routine + * \brief The ECP checkup routine. * - * \return 0 if successful, or 1 if a test failed + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_ecp_self_test( int verbose ); From f763f2bbc1c92416d12874fd5f14969279036cb0 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 11:00:40 +0100 Subject: [PATCH 434/504] Update dhm.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *p_rng descriptions changed from "parameter" to "context". *Suggest to specify issue for each return code, where multiple failure return codes are listed, or generalize. *Minor improvements to parameter documentation proposed by eng. --- include/mbedtls/dhm.h | 108 ++++++++++++++++++++++-------------------- 1 file changed, 57 insertions(+), 51 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 00fafd8d1..2829ffc07 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -1,7 +1,12 @@ /** * \file dhm.h * - * \brief Diffie-Hellman-Merkle key exchange. + * \brief This file contains DHM definitions and functions. + * + * Diffie-Hellman-Merkle (DHM) key exchange is defined in + * RFC-2631: Diffie-Hellman Key Agreement Method and + * Public-Key Cryptography Standards (PKCS) #3: Diffie + * Hellman Key Agreement Standard. * * RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for * Internet Key Exchange (IKE) defines a number of standardized @@ -125,8 +130,8 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); * failures. * \param end The end of the input buffer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, unsigned char **p, @@ -136,13 +141,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * \brief This function sets up and writes the ServerKeyExchange * parameters. * - * \param ctx The DHM context. - * \param x_size The private value size in Bytes. - * \param olen The number of characters written. - * \param output The destination buffer. - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. - * * \note The destination buffer must be large enough to hold * the reduced binary presentation of the modulus, the generator * and the public key, each wrapped with a 2-byte length field. @@ -155,8 +153,15 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * mbedtls_dhm_set_group() below in conjunction with * mbedtls_mpi_read_binary() and mbedtls_mpi_read_string(). * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \param ctx The DHM context. + * \param x_size The private key size in Bytes. + * \param olen The number of characters written. + * \param output The destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t *olen, @@ -164,54 +169,54 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, void *p_rng ); /** - * \brief Set prime modulus and generator + * \brief This function sets the prime modulus and generator. + * + * \note This function can be used to set \p P, \p G + * in preparation for mbedtls_dhm_make_params(). * * \param ctx The DHM context. - * \param P The MPI holding DHM prime modulus. - * \param G The MPI holding DHM generator. + * \param P The MPI holding the DHM prime modulus. + * \param G The MPI holding the DHM generator. * - * \note This function can be used to set P, G - * in preparation for \c mbedtls_dhm_make_params. - * - * \return \c 0 if successful, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \return \c 0 if successful. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *P, const mbedtls_mpi *G ); /** - * \brief This function imports the public value G^Y of the peer. + * \brief This function imports the G^Y public value of the peer. * * \param ctx The DHM context. - * \param input The input buffer. + * \param input The input buffer containing the G^Y value of the peer. * \param ilen The size of the input buffer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief This function creates its own private value \c X and + * \brief This function creates its own \c X private key and * exports \c G^X. * + * \note The destination buffer is always fully written + * so as to contain a big-endian representation of G^X mod P. + * If it is larger than ctx->len, it is padded accordingly + * with zero-bytes at the beginning. + * * \param ctx The DHM context. - * \param x_size The private value size in Bytes. + * \param x_size The private key size in Bytes. * \param output The destination buffer. * \param olen The length of the destination buffer. Must be at least - equal to ctx->len (the size of \c P). + * equal to ctx->len (the size of \c P). * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \note The destination buffer will always be fully written - * so as to contain a big-endian presentation of G^X mod P. - * If it is larger than ctx->len, it will accordingly be - * padded with zero-bytes in the beginning. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t olen, @@ -222,22 +227,22 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, * \brief This function derives and exports the shared secret * \c (G^Y)^X mod \c P. * + * \note If \p f_rng is not NULL, it is used to blind the input as + * a countermeasure against timing attacks. Blinding is used + * only if our private key \c X is re-used, and not used + * otherwise. We recommend always passing a non-NULL + * \p f_rng argument. + * * \param ctx The DHM context. * \param output The destination buffer. * \param output_size The size of the destination buffer. Must be at least - * the size of ctx->len. + * the size of ctx->len (the size of \c P). * \param olen On exit, holds the actual number of Bytes written. * \param f_rng The RNG function, for blinding purposes. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. - * - * \note If non-NULL, \p f_rng is used to blind the input as - * a countermeasure against timing attacks. Blinding is used - * only if our secret value \p X is re-used and omitted - * otherwise. Therefore, we recommend always passing a - * non-NULL \p f_rng argument. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, @@ -245,7 +250,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, void *p_rng ); /** - * \brief This function frees and clears the components of a DHM key. + * \brief This function frees and clears the components of a DHM context. * * \param ctx The DHM context to free and clear. */ @@ -261,8 +266,8 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); * \param dhminlen The size of the buffer, including the terminating null * Byte for PEM data. * - * \return \c 0 on success, or a specific DHM or PEM error code - * on failure. + * \return \c 0 on success. + * \return A specific DHM or PEM error code on failure. */ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen ); @@ -275,8 +280,8 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \param dhm The DHM context to load the parameters to. * \param path The filename to read the DHM parameters from. * - * \return \c 0 on success, or a specific DHM or PEM error code - * on failure. + * \return \c 0 on success. + * \return A specific DHM or PEM error code on failure. */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ @@ -297,7 +302,8 @@ extern "C" { /** * \brief The DMH checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_dhm_self_test( int verbose ); From 21e2926736dbb834e0822c9a8a0ce3b7c6f353cf Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 14:08:56 +0100 Subject: [PATCH 435/504] Update rsa.h minor change to the file's brief desc. --- include/mbedtls/rsa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 033e58027..f8b896592 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1,7 +1,7 @@ /** * \file rsa.h * - * \brief This file defines the RSA public-key cryptosystem. + * \brief This file provides an API for the RSA public-key cryptosystem. * * The RSA public-key cryptosystem is defined in Public-Key * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption From 614d9c06677dfac460e60208c8e7fefcbacd9505 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 21:27:43 +0100 Subject: [PATCH 436/504] Add a utils.h file that contains common functions The new header contains common information across various mbed TLS modules and avoids code duplication. To start, utils.h currently only contains the mbedtls_zeroize() function. --- include/mbedtls/utils.h | 39 +++++++++++++++++++++++++++++++++++++++ library/CMakeLists.txt | 1 + library/Makefile | 3 ++- library/utils.c | 33 +++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 include/mbedtls/utils.h create mode 100644 library/utils.c diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h new file mode 100644 index 000000000..61b1b76c0 --- /dev/null +++ b/include/mbedtls/utils.h @@ -0,0 +1,39 @@ +/** + * \file utils.h + * + * \brief mbed TLS utility functions + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_UTILS_H +#define MBEDTLS_UTILS_H + +#include + +/** + * \brief Securely zeroize a buffer + * + * \param buf Buffer to be zeroized + * \param len Length of the buffer in bytes + * + * \note This implementation should never be optimized out by the + * compiler + */ +void mbedtls_zeroize( void *buf, size_t len ); + +#endif /* MBEDTLS_UTILS_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7742c22d2..24a2484a3 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -57,6 +57,7 @@ set(src_crypto version.c version_features.c xtea.c + utils.c ) set(src_x509 diff --git a/library/Makefile b/library/Makefile index 0333815f0..46dce4e6f 100644 --- a/library/Makefile +++ b/library/Makefile @@ -65,7 +65,8 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ ripemd160.o rsa_internal.o rsa.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ - version_features.o xtea.o + version_features.o xtea.o \ + utils.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ diff --git a/library/utils.c b/library/utils.c new file mode 100644 index 000000000..f943cb1c6 --- /dev/null +++ b/library/utils.c @@ -0,0 +1,33 @@ +/* + * mbedtls utility functions + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include "mbedtls/utils.h" + +#include + +/* This implementation should never be optimized out by the compiler */ +void mbedtls_zeroize( void *buf, size_t len ) +{ + volatile unsigned char *p = (unsigned char *)buf; + + while( len-- ) + *p++ = 0; +} From 5ab74a1401f2b2ceb6b59276681359ecc6d4d7da Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 21:10:45 +0100 Subject: [PATCH 437/504] Add programs/test/zeroize.c to test mbedtls_zeroize The idea is to use the simple program that is expected to be modified rarely to set a breakpoint in a specific line and check that the function mbedtls_zeroize() does actually set the buffer to 0 and is not optimised out by the compiler. --- programs/.gitignore | 1 + programs/Makefile | 5 ++ programs/test/CMakeLists.txt | 5 +- programs/test/zeroize.c | 91 ++++++++++++++++++++++++++++++++++++ 4 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 programs/test/zeroize.c diff --git a/programs/.gitignore b/programs/.gitignore index 27055b829..ddfa1a426 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -47,6 +47,7 @@ test/ecp-bench test/selftest test/ssl_cert_test test/udp_proxy +test/zeroize util/pem2der util/strerror x509/cert_app diff --git a/programs/Makefile b/programs/Makefile index 25f184f8c..4e659d485 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -67,6 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ random/gen_random_ctr_drbg$(EXEXT) \ test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ + test/zeroize$(EXEXT) \ util/pem2der$(EXEXT) util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \ @@ -249,6 +250,10 @@ test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) echo " CC test/udp_proxy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/zeroize$(EXEXT): test/zeroize.c $(DEP) + echo " CC test/zeroize.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + util/pem2der$(EXEXT): util/pem2der.c $(DEP) echo " CC util/pem2der.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 0ed714546..1e87fca31 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -22,6 +22,9 @@ target_link_libraries(ssl_cert_test ${libs}) add_executable(udp_proxy udp_proxy.c) target_link_libraries(udp_proxy ${libs}) -install(TARGETS selftest benchmark ssl_cert_test udp_proxy +add_executable(zeroize zeroize.c) +target_link_libraries(zeroize ${libs}) + +install(TARGETS selftest benchmark ssl_cert_test udp_proxy zeroize DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c new file mode 100644 index 000000000..7f3e8b401 --- /dev/null +++ b/programs/test/zeroize.c @@ -0,0 +1,91 @@ +/* + * Zeroize demonstration program + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_printf printf +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#include "mbedtls/utils.h" + +#define BUFFER_LEN 1024 + +void usage( void ) +{ + mbedtls_printf( "Zeroize is a simple program to assist with testing\n" ); + mbedtls_printf( "the mbedtls_zeroize() function by using the\n" ); + mbedtls_printf( "debugger. This program takes a file as input and\n" ); + mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN ); + mbedtls_printf( " zeroize \n" ); +} + +int main( int argc, char** argv ) +{ + int exit_code = MBEDTLS_EXIT_FAILURE; + FILE * fp; + char buf[BUFFER_LEN]; + char *p = buf; + char *end = p + BUFFER_LEN; + char c; + + if( argc != 2 ) + { + mbedtls_printf( "This program takes exactly 1 agument\n" ); + usage(); + return( exit_code ); + } + + fp = fopen( argv[1], "r" ); + if( fp == NULL ) + { + mbedtls_printf( "Could not open file '%s'\n", argv[1] ); + return( exit_code ); + } + + while( ( c = fgetc( fp ) ) != EOF && p < end - 1 ) + *p++ = c; + *p = '\0'; + + if( p - buf != 0 ) + { + mbedtls_printf( "%s\n", buf ); + mbedtls_zeroize( buf, sizeof( buf ) ); + exit_code = MBEDTLS_EXIT_SUCCESS; + } + else + mbedtls_printf( "The file is empty!\n" ); + + fclose( fp ); + + return( exit_code ); +} From ddebc49f286e3fa789fefd178604a7c213e8a159 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:16:34 +0100 Subject: [PATCH 438/504] Add gdb script to test mbedtls_zeroize() The gdb script loads the programs/test/zeroize program and feeds it as imput its own source code. Then sets a breakpoint just before the last program's return code and checks that every element in memory was zeroized. Otherwise it signals a failure and terminates. The test was added to all.sh. --- tests/scripts/all.sh | 2 +- tests/scripts/test_zeroize.gdb | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 tests/scripts/test_zeroize.gdb diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 497a261c4..81ab2ca90 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -421,7 +421,7 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" + "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" if [ $RUN_ARMCC -ne 0 ]; then check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" fi diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb new file mode 100644 index 000000000..52b7cda7f --- /dev/null +++ b/tests/scripts/test_zeroize.gdb @@ -0,0 +1,25 @@ +set confirm off +file ./programs/test/zeroize +break zeroize.c:90 + +set args ./programs/test/zeroize.c +run + +set $i = 0 +set $len = sizeof(buf) +set $buf = buf + +if exit_code != 0 + echo The program did not terminate correctly\n + quit 1 +end + +while $i < $len + if $buf[$i++] != 0 + echo The buffer at was not zeroized\n + quit 1 + end +end + +echo The buffer was correctly zeroized\n +quit 0 From 9a65b1de2a7b986ea91bdba07f4d437c9539b1a1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:30:29 +0100 Subject: [PATCH 439/504] Add utils.h ChangeLog entry --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9ee82c685..7e915e710 100644 --- a/ChangeLog +++ b/ChangeLog @@ -286,6 +286,11 @@ New deprecations from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() accepting DHM parameters in binary form, matching the new constants. +API Changes + * Create a new header utils.h that contains functionality shared by multiple + mbed TLS modules. At this stage utils.h (and its associated utils.c) only + contain mbedtls_zeroize(). + Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. From c6b0abd5a6e3cac8c6b16154dadebd505727a17b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:35:13 +0100 Subject: [PATCH 440/504] Fix alignment of Makefiles --- programs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/Makefile b/programs/Makefile index 4e659d485..080e82d88 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -67,7 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ random/gen_random_ctr_drbg$(EXEXT) \ test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ - test/zeroize$(EXEXT) \ + test/zeroize$(EXEXT) \ util/pem2der$(EXEXT) util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \ From f2d17929c032109f86933e6d677732084893f9bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:47:14 +0100 Subject: [PATCH 441/504] Document test_zeroize.gdb script --- tests/scripts/test_zeroize.gdb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 52b7cda7f..15b8b09b3 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,3 +1,20 @@ +# test_zeroize.gdb +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# +# Run a test using the debugger to check that the mbedtls_zeroize() function in +# utils.h is not being optimized out by the compiler. To do so, the script +# loads the test program at programs/test/zeroize.c and sets a breakpoint at +# the last return statement in the main(). When the breakpoint is hit, the +# debugger manually checks the contents to be zeroized and checks that it is +# actually cleared. +# +# Note: This test requires that the test program is compiled with -g3. + set confirm off file ./programs/test/zeroize break zeroize.c:90 From d0d7bf614eb82db6cdbc7551dd05cb3cd9cfbb54 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:01:31 +0100 Subject: [PATCH 442/504] Add gdb zeroize test when compiling with clang --- tests/scripts/all.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 81ab2ca90..f45062818 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -907,6 +907,16 @@ make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" +msg "test: gcc, mbedtls_zeroize()" +cleanup +CC=gcc DEBUG=1 make programs +gdb -x tests/scripts/test_zeroize.gdb + +msg "test: clang, mbedtls_zeroize()" +cleanup +CC=clang DEBUG=1 make programs +gdb -x tests/scripts/test_zeroize.gdb + ################################################################ From e32df087fb3193dbb2689354492a11464db3adb0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:37:04 +0100 Subject: [PATCH 443/504] Remove individual copies of mbedtls_zeroize() This commit removes all the static occurrencies of the function mbedtls_zeroize() in each of the individual .c modules. Instead the function has been moved to utils.h that is included in each of the modules. --- library/aes.c | 6 +----- library/arc4.c | 6 +----- library/asn1parse.c | 6 +----- library/blowfish.c | 6 +----- library/camellia.c | 6 +----- library/ccm.c | 6 +----- library/cipher.c | 6 +----- library/cmac.c | 6 +----- library/ctr_drbg.c | 6 +----- library/des.c | 6 +----- library/dhm.c | 5 +---- library/ecp.c | 6 +----- library/entropy.c | 6 +----- library/gcm.c | 6 +----- library/havege.c | 6 +----- library/hmac_drbg.c | 6 +----- library/md.c | 6 +----- library/md2.c | 6 +----- library/md4.c | 6 +----- library/md5.c | 6 +----- library/memory_buffer_alloc.c | 6 +----- library/pem.c | 6 +----- library/pk.c | 7 ++----- library/pk_wrap.c | 11 ++++------- library/pkcs12.c | 6 +----- library/pkparse.c | 9 +-------- library/ripemd160.c | 6 +----- library/rsa.c | 6 +----- library/sha1.c | 6 +----- library/sha256.c | 6 +----- library/sha512.c | 6 +----- library/ssl_cli.c | 5 +---- library/ssl_cookie.c | 6 +----- library/ssl_srv.c | 5 +---- library/ssl_ticket.c | 6 +----- library/ssl_tls.c | 6 +----- library/x509_crl.c | 6 +----- library/x509_crt.c | 6 +----- library/x509_csr.c | 6 +----- library/x509write_crt.c | 6 +----- library/x509write_csr.c | 6 +----- library/xtea.c | 6 +----- 42 files changed, 46 insertions(+), 212 deletions(-) diff --git a/library/aes.c b/library/aes.c index da94b1943..797e00fa3 100644 --- a/library/aes.c +++ b/library/aes.c @@ -36,6 +36,7 @@ #include #include "mbedtls/aes.h" +#include "mbedtls/utils.h" #if defined(MBEDTLS_PADLOCK_C) #include "mbedtls/padlock.h" #endif @@ -54,11 +55,6 @@ #if !defined(MBEDTLS_AES_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/arc4.c b/library/arc4.c index 05b33d3fd..a6d2d4ef3 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_ARC4_C) #include "mbedtls/arc4.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_ARC4_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_arc4_context ) ); diff --git a/library/asn1parse.c b/library/asn1parse.c index 4dd65c03c..10ec3d8cb 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" +#include "mbedtls/utils.h" #include @@ -43,11 +44,6 @@ #define mbedtls_free free #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * ASN.1 DER decoding routines */ diff --git a/library/blowfish.c b/library/blowfish.c index 9003f0dfe..59c579888 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -34,16 +34,12 @@ #if defined(MBEDTLS_BLOWFISH_C) #include "mbedtls/blowfish.h" +#include "mbedtls/utils.h" #include #if !defined(MBEDTLS_BLOWFISH_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/camellia.c b/library/camellia.c index ac6f96a83..b2115c4a6 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_CAMELLIA_C) #include "mbedtls/camellia.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_CAMELLIA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/ccm.c b/library/ccm.c index 9101e5f7c..a7a2cc446 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -37,6 +37,7 @@ #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" +#include "mbedtls/utils.h" #include @@ -51,11 +52,6 @@ #if !defined(MBEDTLS_CCM_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - #define CCM_ENCRYPT 0 #define CCM_DECRYPT 1 diff --git a/library/cipher.c b/library/cipher.c index 7369f4823..1b2e569cb 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -33,6 +33,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/cipher_internal.h" +#include "mbedtls/utils.h" #include #include @@ -60,11 +61,6 @@ #define MBEDTLS_CIPHER_MODE_STREAM #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - static int supported_init = 0; const int *mbedtls_cipher_list( void ) diff --git a/library/cmac.c b/library/cmac.c index a4a2106f2..54ad84340 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -49,6 +49,7 @@ #if defined(MBEDTLS_CMAC_C) #include "mbedtls/cmac.h" +#include "mbedtls/utils.h" #include @@ -67,11 +68,6 @@ #if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * Multiplication by u in the Galois field of GF(2^n) * diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index ff532a013..ae6d62f34 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" +#include "mbedtls/utils.h" #include @@ -49,11 +50,6 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * CTR_DRBG context initialization */ diff --git a/library/des.c b/library/des.c index 09f95cfc3..863a80c48 100644 --- a/library/des.c +++ b/library/des.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_DES_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/dhm.c b/library/dhm.c index 28ac31003..5e510de2d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -36,6 +36,7 @@ #if defined(MBEDTLS_DHM_C) #include "mbedtls/dhm.h" +#include "mbedtls/utils.h" #include @@ -58,10 +59,6 @@ #endif #if !defined(MBEDTLS_DHM_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} /* * helper to validate the mbedtls_mpi size and import it diff --git a/library/ecp.c b/library/ecp.c index 92a188b66..a2a122518 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -51,6 +51,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/threading.h" +#include "mbedtls/utils.h" #include @@ -73,11 +74,6 @@ #define inline __inline #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #if defined(MBEDTLS_SELF_TEST) /* * Counts of point addition and doubling, and field multiplications. diff --git a/library/entropy.c b/library/entropy.c index e17512e77..37fdf3a9a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -35,6 +35,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" +#include "mbedtls/utils.h" #include @@ -59,11 +60,6 @@ #include "mbedtls/havege.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) diff --git a/library/gcm.c b/library/gcm.c index 294a86d3d..39e8dd3f2 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -38,6 +38,7 @@ #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" +#include "mbedtls/utils.h" #include @@ -80,11 +81,6 @@ } #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialize a context */ diff --git a/library/havege.c b/library/havege.c index 2b75ef7bd..c9bb64dc1 100644 --- a/library/havege.c +++ b/library/havege.c @@ -36,14 +36,10 @@ #include "mbedtls/havege.h" #include "mbedtls/timing.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* ------------------------------------------------------------------------ * On average, one iteration accesses two 8-word blocks in the havege WALK * table, and generates 16 words in the RES array. diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 24c609e9c..1ef819d86 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_HMAC_DRBG_C) #include "mbedtls/hmac_drbg.h" +#include "mbedtls/utils.h" #include @@ -50,11 +51,6 @@ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * HMAC_DRBG context initialization */ diff --git a/library/md.c b/library/md.c index 00249af78..c54ae85a9 100644 --- a/library/md.c +++ b/library/md.c @@ -33,6 +33,7 @@ #include "mbedtls/md.h" #include "mbedtls/md_internal.h" +#include "mbedtls/utils.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -48,11 +49,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ diff --git a/library/md2.c b/library/md2.c index b88aa406a..37e35dc58 100644 --- a/library/md2.c +++ b/library/md2.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_MD2_C) #include "mbedtls/md2.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_MD2_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - static const unsigned char PI_SUBST[256] = { 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, diff --git a/library/md4.c b/library/md4.c index ba704f58e..a98d0a853 100644 --- a/library/md4.c +++ b/library/md4.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_MD4_C) #include "mbedtls/md4.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_MD4_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/md5.c b/library/md5.c index 8440ebffc..f439a73ba 100644 --- a/library/md5.c +++ b/library/md5.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_MD5_C) #include "mbedtls/md5.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_MD5_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 821ae2c70..68f094b3d 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -31,6 +31,7 @@ /* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C is dependent upon MBEDTLS_PLATFORM_C */ #include "mbedtls/platform.h" +#include "mbedtls/utils.h" #include @@ -42,11 +43,6 @@ #include "mbedtls/threading.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define MAGIC1 0xFF00AA55 #define MAGIC2 0xEE119966 #define MAX_BT 20 diff --git a/library/pem.c b/library/pem.c index 13f920869..527c5f44b 100644 --- a/library/pem.c +++ b/library/pem.c @@ -33,6 +33,7 @@ #include "mbedtls/aes.h" #include "mbedtls/md5.h" #include "mbedtls/cipher.h" +#include "mbedtls/utils.h" #include @@ -45,11 +46,6 @@ #endif #if defined(MBEDTLS_PEM_PARSE_C) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_pem_init( mbedtls_pem_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_pem_context ) ); diff --git a/library/pk.c b/library/pk.c index b52c73fbc..bd3e4275d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,6 +29,8 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" +#include "mbedtls/utils.h" + #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif @@ -42,11 +44,6 @@ #include #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialise a mbedtls_pk_context */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 5446e2350..2e0971110 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -41,6 +41,10 @@ #include "mbedtls/ecdsa.h" #endif +#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) +#include "mbedtls/utils.h" +#endif + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -52,13 +56,6 @@ #include #include -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} -#endif - #if defined(MBEDTLS_RSA_C) static int rsa_can_do( mbedtls_pk_type_t type ) { diff --git a/library/pkcs12.c b/library/pkcs12.c index c603a1357..98b8324a9 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -36,6 +36,7 @@ #include "mbedtls/pkcs12.h" #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #include "mbedtls/des.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations ) { diff --git a/library/pkparse.c b/library/pkparse.c index 5ad5edf84..093ef5817 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -30,6 +30,7 @@ #include "mbedtls/pk.h" #include "mbedtls/asn1.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -60,14 +61,6 @@ #define mbedtls_free free #endif -#if defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} -#endif - #if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. diff --git a/library/ripemd160.c b/library/ripemd160.c index 2ba48b7fd..6cf027f8d 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_RIPEMD160_C) #include "mbedtls/ripemd160.h" +#include "mbedtls/utils.h" #include @@ -71,11 +72,6 @@ } #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) ); diff --git a/library/rsa.c b/library/rsa.c index 218504086..9e4a0f08f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -48,6 +48,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -70,11 +71,6 @@ #if !defined(MBEDTLS_RSA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - #if defined(MBEDTLS_PKCS1_V15) /* constant-time buffer comparison */ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) diff --git a/library/sha1.c b/library/sha1.c index 1f29a0fbf..a7577b4ef 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA1_C) #include "mbedtls/sha1.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_SHA1_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/sha256.c b/library/sha256.c index f39bcbab6..c92f2804c 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA256_C) #include "mbedtls/sha256.h" +#include "mbedtls/utils.h" #include @@ -50,11 +51,6 @@ #if !defined(MBEDTLS_SHA256_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/sha512.c b/library/sha512.c index 97cee07c5..e8d1b69c6 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA512_C) #include "mbedtls/sha512.h" +#include "mbedtls/utils.h" #if defined(_MSC_VER) || defined(__WATCOMC__) #define UL64(x) x##ui64 @@ -56,11 +57,6 @@ #if !defined(MBEDTLS_SHA512_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 64-bit integer manipulation macros (big endian) */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 738014e9e..8ab9886a5 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -48,10 +48,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +#include "mbedtls/utils.h" #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index caf119990..ec0814a2e 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -40,14 +40,10 @@ #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is * available. Try SHA-256 first, 512 wastes resources since we need to stay diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2c180f13f..b4934a3a6 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -50,10 +50,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +#include "mbedtls/utils.h" #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 4d9116d21..9e2276d2e 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,14 +36,10 @@ #endif #include "mbedtls/ssl_ticket.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialze context */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8063d2c1..84f9c77ac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -46,6 +46,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/utils.h" #include @@ -53,11 +54,6 @@ #include "mbedtls/oid.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* Length of the "epoch" field in the record header */ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) { diff --git a/library/x509_crl.c b/library/x509_crl.c index b0f39d428..09c7ac318 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -39,6 +39,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -66,11 +67,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Version ::= INTEGER { v1(0), v2(1) } */ diff --git a/library/x509_crt.c b/library/x509_crt.c index afff4e18b..c9969a80d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -41,6 +41,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include #include @@ -90,11 +91,6 @@ typedef struct { */ #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Default profile */ diff --git a/library/x509_csr.c b/library/x509_csr.c index 26a06db4f..8a74db85f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -39,6 +39,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -60,11 +61,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Version ::= INTEGER { v1(0) } */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 41dfe87b7..dee77b841 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -37,6 +37,7 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" #include "mbedtls/sha1.h" +#include "mbedtls/utils.h" #include @@ -44,11 +45,6 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e80053828..482e65eb7 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -35,6 +35,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" +#include "mbedtls/utils.h" #include #include @@ -43,11 +44,6 @@ #include "mbedtls/pem.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); diff --git a/library/xtea.c b/library/xtea.c index fe0a3509f..65b416545 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_XTEA_C) #include "mbedtls/xtea.h" +#include "mbedtls/utils.h" #include @@ -42,11 +43,6 @@ #if !defined(MBEDTLS_XTEA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ From b1262a3bdb5ae7e478a04ec44143fbb4d9e9d16c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:51:14 +0100 Subject: [PATCH 444/504] Allow compile-time alternate to mbedtls_zeroize() Add a new macro MBEDTLS_UTILS_ZEROIZE that allows users to configure mbedtls_zeroize() to an alternative definition when defined. If the macro is not defined, then mbed TLS will use the default definition of the function. --- include/mbedtls/config.h | 8 ++++++++ library/utils.c | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9585e6922..8c35b86cd 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2852,6 +2852,14 @@ */ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE +/** + * \def MBEDTLS_UTILS_ZEROIZE_ALT + * + * Uncomment the macro to let mbed TLS use your alternate implementation of + * mbedtls_zeroize(). + */ +//#define MBEDTLS_UTILS_ZEROIZE_ALT + /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations */ diff --git a/library/utils.c b/library/utils.c index f943cb1c6..3819558f4 100644 --- a/library/utils.c +++ b/library/utils.c @@ -19,10 +19,17 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "mbedtls/utils.h" #include +#if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) /* This implementation should never be optimized out by the compiler */ void mbedtls_zeroize( void *buf, size_t len ) { @@ -31,3 +38,4 @@ void mbedtls_zeroize( void *buf, size_t len ) while( len-- ) *p++ = 0; } +#endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ From 24768bfa370ad72ccd4fda6c74bccc5dc158546f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 10:33:25 +0100 Subject: [PATCH 445/504] Improve test_zeroize.gdb breakpoint Improve the position of the breakpoint to be set at a line of code that is less likely to be optimised out by the compiler. Setting the breakpoint at a place that can be easily optimised out by the compiler will cause the gdb script to fail as it cannot match the source code line to the compiled code. For this reason the breakpoint is now set at the fclose() call which is very unlikely to be optimised out or there might be a resource leak. --- tests/scripts/test_zeroize.gdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 15b8b09b3..e0b1ac5b5 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -17,7 +17,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:90 +break zeroize.c:88 set args ./programs/test/zeroize.c run From 2967381ccdadfc2f84e2da8b3072bc993e4e2e7e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 10:35:51 +0100 Subject: [PATCH 446/504] Extend zeroize tests to multiple optimizations Extend the all.sh test to cover multiple compiler optimization levels. At the momment, the test is run using gcc and clang. --- tests/scripts/all.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f45062818..53f2a93de 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -907,15 +907,14 @@ make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" -msg "test: gcc, mbedtls_zeroize()" -cleanup -CC=gcc DEBUG=1 make programs -gdb -x tests/scripts/test_zeroize.gdb - -msg "test: clang, mbedtls_zeroize()" -cleanup -CC=clang DEBUG=1 make programs -gdb -x tests/scripts/test_zeroize.gdb +for optimization_flag in -O2 -O3 -Ofast -Os; do + for compiler in clang gcc; do + msg "test: $compiler $optimization_flag, mbedtls_zeroize()" + cleanup + CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs + gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx + done +done From ecd1891c5128b5293138c3f350b6e68bce5ca579 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 26 Oct 2017 22:43:41 +0100 Subject: [PATCH 447/504] Change mbedtls_zeroize() to prevent optimizations Change mbedtls_zeroize() implementation to use memset() instead of a custom implementation for performance reasons. Furthermore, we would also like to prevent as much as we can compiler optimisations that remove zeroization code. The implementation of mbedtls_zeroize() now uses a volatile function pointer to memset() as suggested by Colin Percival at: http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html --- library/utils.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/library/utils.c b/library/utils.c index 3819558f4..1adf8adf4 100644 --- a/library/utils.c +++ b/library/utils.c @@ -28,14 +28,33 @@ #include "mbedtls/utils.h" #include +#include #if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) -/* This implementation should never be optimized out by the compiler */ +/* + * This implementation should never be optimized out by the compiler + * + * This implementation for mbedtls_zeroize() uses a volatile function pointer. + * We always know that it points to memset(), but because it is volatile the + * compiler expects it to change at any time and will not optimize out the + * call that could potentially perform other operations on the input buffer + * instead of just setting it to 0. Nevertheless, optimizations of the + * following form are still possible: + * + * if( memset_func != memset ) + * memset_func( buf, 0, len ); + * + * Note that it is extremely difficult to guarantee that mbedtls_zeroize() + * will not be optimized out by aggressive compilers in a portable way. For + * this reason, mbed TLS also provides the configuration option + * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure + * mbedtls_zeroize() to use a suitable implementation for their platform and + * needs. + */ +static void * (* const volatile memset_func)( void *, int, size_t ) = memset; + void mbedtls_zeroize( void *buf, size_t len ) { - volatile unsigned char *p = (unsigned char *)buf; - - while( len-- ) - *p++ = 0; + memset_func( buf, 0, len ); } #endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ From 0bd4237c2a02c8ef4d3858ebb6ad2bf5f8723094 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 26 Oct 2017 23:19:01 +0100 Subject: [PATCH 448/504] Fix formatting in utils.c file comment --- library/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/utils.c b/library/utils.c index 1adf8adf4..62b3244ed 100644 --- a/library/utils.c +++ b/library/utils.c @@ -1,5 +1,5 @@ /* - * mbedtls utility functions + * mbed TLS utility functions * * Copyright (C) 2017, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 From 88f8f41e5af4dfe7ef5a0b21657bb1065bd76ba5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 31 Oct 2017 21:27:59 +0000 Subject: [PATCH 449/504] Move zeroize func call to end of program in zeroize.c --- programs/test/zeroize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 7f3e8b401..efd598001 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -79,13 +79,13 @@ int main( int argc, char** argv ) if( p - buf != 0 ) { mbedtls_printf( "%s\n", buf ); - mbedtls_zeroize( buf, sizeof( buf ) ); exit_code = MBEDTLS_EXIT_SUCCESS; } else mbedtls_printf( "The file is empty!\n" ); fclose( fp ); + mbedtls_zeroize( buf, sizeof( buf ) ); return( exit_code ); } From 7111a0d13ba0b49ab2711265817ec1911e554beb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 31 Oct 2017 21:28:31 +0000 Subject: [PATCH 450/504] Change test_zeroize.gdb script breakpoint due to zeroize.c change --- tests/scripts/test_zeroize.gdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index e0b1ac5b5..15b8b09b3 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -17,7 +17,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:88 +break zeroize.c:90 set args ./programs/test/zeroize.c run From 6e34e63eb30814957b18971719791363f501b11f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 1 Nov 2017 10:03:09 +0000 Subject: [PATCH 451/504] Fix style in programs/test/zeroize.c --- programs/test/zeroize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index efd598001..14292b108 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -52,7 +52,7 @@ void usage( void ) int main( int argc, char** argv ) { int exit_code = MBEDTLS_EXIT_FAILURE; - FILE * fp; + FILE *fp; char buf[BUFFER_LEN]; char *p = buf; char *end = p + BUFFER_LEN; From 806f403a02f0501c15618a399209a7208f041d0f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 1 Nov 2017 10:03:36 +0000 Subject: [PATCH 452/504] Improve detection of program exit code in gdb script --- tests/scripts/test_zeroize.gdb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 15b8b09b3..df15c8ab4 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -26,11 +26,6 @@ set $i = 0 set $len = sizeof(buf) set $buf = buf -if exit_code != 0 - echo The program did not terminate correctly\n - quit 1 -end - while $i < $len if $buf[$i++] != 0 echo The buffer at was not zeroized\n @@ -39,4 +34,12 @@ while $i < $len end echo The buffer was correctly zeroized\n + +continue + +if $_exitcode != 0 + echo The program did not terminate correctly\n + quit 1 +end + quit 0 From 1962405be15395797f4d47f537dc1c8c24311770 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:06:03 +0000 Subject: [PATCH 453/504] Justify moving zeroize() to utils in ChangeLog --- ChangeLog | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7e915e710..fe588a4b8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,15 @@ API Changes if more data is pending to be processed in the internal message buffers. This function is necessary to determine when it is safe to idle on the underlying transport in case event-driven IO is used. + * Extend the platform module with a util component that contains + functionality shared by multiple Mbed TLS modules. At this stage + platform_util.h (and its associated platform_util.c) only contain + mbedtls_platform_zeroize(), which is a critical function from a security + point of view. mbedtls_platform_zeroize() needs to be regularly tested + against compilers to ensure that calls to it are not removed from the + output binary as part of redundant code elimination optimizations. + Therefore, mbedtls_platform_zeroize() is moved to the platform module to + facilitate testing and maintenance. Bugfix * Fix spurious uninitialized variable warning in cmac.c. Fix independently @@ -286,11 +295,6 @@ New deprecations from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() accepting DHM parameters in binary form, matching the new constants. -API Changes - * Create a new header utils.h that contains functionality shared by multiple - mbed TLS modules. At this stage utils.h (and its associated utils.c) only - contain mbedtls_zeroize(). - Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. From 6606d5c4141d970dab05e8667bff4fa965c6d79f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:25:29 +0000 Subject: [PATCH 454/504] Add config.h docs for MBEDTLS_UTILS_ZEROIZE_ALT --- include/mbedtls/config.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8c35b86cd..7f0941fcf 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2856,7 +2856,20 @@ * \def MBEDTLS_UTILS_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). + * mbedtls_zeroize(). This replaced the default implementation in utils.c. + * + * mbedtls_zeroize() is a widely used function across the library to zero a + * block of memory. The implementation is expected to be secure in the sense + * that it has been written to prevent the compiler from removing calls to + * mbedtls_zeroize() as part of redundant code elimination optimizations. + * However, it is difficult to guarantee that calls to mbedtls_zeroize() will + * not be optimized by the compiler as older versions of the C language + * standards do not provide a secure implementation of memset(). Therefore, + * MBEDTLS_UTILS_ZEROIZE_ALT enables users to configure their own + * implementation of mbedtls_zeroize(), for example by using directives + * specific to their compiler, features from the C standard (e.g using + * memset_s() in C11) or calling a secure memset() from their system (e.g + * explicit_bzero() in BSD). */ //#define MBEDTLS_UTILS_ZEROIZE_ALT From 1e8ea5fa68223351553192a608ac06a6ac8dfbc3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:46:39 +0000 Subject: [PATCH 455/504] Improve docs for mbedtls_zeroize() and add refs --- include/mbedtls/utils.h | 7 +++++++ library/utils.c | 20 +++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h index 61b1b76c0..cb03fb0e4 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/utils.h @@ -33,6 +33,13 @@ * * \note This implementation should never be optimized out by the * compiler + * + * \note It is extremely difficult to guarantee that calls to + * mbedtls_zeroize() are not removed by aggressive compiler + * optimizations in a portable way. For this reason, Mbed TLS + * provides the configuration option MBEDTLS_UTILS_ZEROIZE_ALT, + * which allows users to configure mbedtls_zeroize() to use a + * suitable implementation for their platform and needs */ void mbedtls_zeroize( void *buf, size_t len ); diff --git a/library/utils.c b/library/utils.c index 62b3244ed..e7fef6da1 100644 --- a/library/utils.c +++ b/library/utils.c @@ -34,19 +34,25 @@ /* * This implementation should never be optimized out by the compiler * - * This implementation for mbedtls_zeroize() uses a volatile function pointer. - * We always know that it points to memset(), but because it is volatile the - * compiler expects it to change at any time and will not optimize out the - * call that could potentially perform other operations on the input buffer - * instead of just setting it to 0. Nevertheless, optimizations of the - * following form are still possible: + * This implementation for mbedtls_zeroize() was inspired from Colin Percival's + * blog article at: + * + * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html + * + * It uses a volatile function pointer to the standard memset(). Because the + * pointer is volatile the compiler expects it to change at + * any time and will not optimize out the call that could potentially perform + * other operations on the input buffer instead of just setting it to 0. + * Nevertheless, as pointed out by davidtgoldblatt on Hacker News + * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for + * details), optimizations of the following form are still possible: * * if( memset_func != memset ) * memset_func( buf, 0, len ); * * Note that it is extremely difficult to guarantee that mbedtls_zeroize() * will not be optimized out by aggressive compilers in a portable way. For - * this reason, mbed TLS also provides the configuration option + * this reason, Mbed TLS also provides the configuration option * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure * mbedtls_zeroize() to use a suitable implementation for their platform and * needs. From 42defd10a6ff408a7c4502e3cf53df6c35a4dd94 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 21:21:40 +0000 Subject: [PATCH 456/504] Improve docs for zeroize.c and test_zeroize.gdb --- programs/test/zeroize.c | 11 ++++++++++- tests/scripts/test_zeroize.gdb | 27 ++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 14292b108..d7f2337d3 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -1,5 +1,14 @@ /* - * Zeroize demonstration program + * Zeroize application for debugger-driven testing + * + * This is a simple test application used for debbuger-driven testing to check + * whether calls to mbedtls_zeroize() are being eliminated by compiler + * optimizations. This application is used by the GDB script at + * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not + * change often (as opposed to the library code) because the script sets a + * breakpoint at the last return statement in the main() function of this + * program. The debugger facilities are then used to manually inspect the + * memory and verify that the call to mbedtls_zeroize() was not eliminated. * * Copyright (C) 2017, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index df15c8ab4..c6184ee60 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -13,11 +13,36 @@ # debugger manually checks the contents to be zeroized and checks that it is # actually cleared. # +# The mbedtls_zeroize() test is debugger driven because there does not seem to +# be a mechanism to reliably check whether the zeroize calls are being +# eliminated by compiler optimizations from within the compiled program. The +# problem is that a compiler would typically remove what it considers to be +# "unecessary" assignments as part of redundant code elimination. To identify +# such code, the compilar will create some form dependency graph between +# reads and writes to variables (among other situations). It will then use this +# data structure to remove redundant code that does not have an impact on the +# program's observable behavior. In the case of mbedtls_zeroize(), an +# intelligent compiler could determine that this function clears a block of +# memory that is not accessed later in the program, so removing the call to +# mbedtls_zeroize() does not have an observable behavior. However, inserting a +# test after a call to mbedtls_zeroize() to check whether the block of +# memory was correctly zeroed would force the compiler to not eliminate the +# mbedtls_zeroize() call. If this does not occur, then the compiler potentially +# has a bug. +# # Note: This test requires that the test program is compiled with -g3. +# +# WARNING: There does not seem to be a mechanism in GDB scripts to set a +# breakpoint at the end of a function (probably because there are a lot of +# complications as function can have multiple exit points, etc). Therefore, it +# was necessary to hard-code the line number of the breakpoint in the zeroize.c +# test app. The assumption is that zeroize.c is a simple test app that does not +# change often (as opposed to the actual library code), so the breakpoint line +# number does not need to be updated often. set confirm off file ./programs/test/zeroize -break zeroize.c:90 +break zeroize.c:99 set args ./programs/test/zeroize.c run From 757cd72edf710e44ca864df7f1daccb6a7660973 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 21:25:25 +0000 Subject: [PATCH 457/504] Update license headers year and branding --- include/mbedtls/utils.h | 6 +++--- library/utils.c | 6 +++--- programs/test/zeroize.c | 2 +- tests/scripts/test_zeroize.gdb | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h index cb03fb0e4..7eb2b68bf 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/utils.h @@ -1,9 +1,9 @@ /** * \file utils.h * - * \brief mbed TLS utility functions + * \brief Mbed TLS utility functions * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -18,7 +18,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_UTILS_H #define MBEDTLS_UTILS_H diff --git a/library/utils.c b/library/utils.c index e7fef6da1..34629eb97 100644 --- a/library/utils.c +++ b/library/utils.c @@ -1,7 +1,7 @@ /* - * mbed TLS utility functions + * Mbed TLS utility functions * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -16,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index d7f2337d3..a7b94e205 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -10,7 +10,7 @@ * program. The debugger facilities are then used to manually inspect the * memory and verify that the call to mbedtls_zeroize() was not eliminated. * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index c6184ee60..574379b04 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,8 +1,8 @@ # test_zeroize.gdb # -# This file is part of mbed TLS (https://tls.mbed.org) +# This file is part of Mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2017, ARM Limited, All Rights Reserved +# Copyright (c) 2018, Arm Limited, All Rights Reserved # # Purpose # From ae8e30697345cf022dc27cfa1aa5b37fc74eefc7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 13 Mar 2018 19:19:16 +0000 Subject: [PATCH 458/504] Fix docs typos for zeroize related features/test --- include/mbedtls/config.h | 2 +- programs/test/zeroize.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 7f0941fcf..69754cf67 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2856,7 +2856,7 @@ * \def MBEDTLS_UTILS_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). This replaced the default implementation in utils.c. + * mbedtls_zeroize(). This replaces the default implementation in utils.c. * * mbedtls_zeroize() is a widely used function across the library to zero a * block of memory. The implementation is expected to be secure in the sense diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index a7b94e205..9f7742554 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -1,7 +1,7 @@ /* * Zeroize application for debugger-driven testing * - * This is a simple test application used for debbuger-driven testing to check + * This is a simple test application used for debugger-driven testing to check * whether calls to mbedtls_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not From ec5d416cb2f09642a867d330e7c6b2934c30616e Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 15:55:28 +0100 Subject: [PATCH 459/504] Update ecdsa.h minor fix based on review comments --- include/mbedtls/ecdsa.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 806c417ef..11df7e215 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -238,7 +238,8 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t * * \see ecp.h * - * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 + * \deprecated Superseded by mbedtls_ecdsa_write_signature() in + * Mbed TLS version 2.0 and later. * * \param ctx The ECDSA context. * \param hash The message hash. From 904e1efb8c69fc8395a5575a2a48d13ac3bfab22 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 09:16:30 -0500 Subject: [PATCH 460/504] Make utils module part of the platform --- include/mbedtls/{utils.h => platform_util.h} | 35 +++++++++++++------- library/CMakeLists.txt | 2 +- library/Makefile | 2 +- library/{utils.c => platform_util.c} | 25 +++++++------- 4 files changed, 38 insertions(+), 26 deletions(-) rename include/mbedtls/{utils.h => platform_util.h} (58%) rename library/{utils.c => platform_util.c} (70%) diff --git a/include/mbedtls/utils.h b/include/mbedtls/platform_util.h similarity index 58% rename from include/mbedtls/utils.h rename to include/mbedtls/platform_util.h index 7eb2b68bf..bda97102c 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/platform_util.h @@ -1,8 +1,10 @@ /** - * \file utils.h - * - * \brief Mbed TLS utility functions + * \file platform_util.h * + * \brief Common and shared functions used by multiple modules in the Mbed TLS + * library. + */ +/* * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * @@ -20,11 +22,15 @@ * * This file is part of Mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_UTILS_H -#define MBEDTLS_UTILS_H +#ifndef MBEDTLS_PLATFORM_UTIL_H +#define MBEDTLS_PLATFORM_UTIL_H #include +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Securely zeroize a buffer * @@ -35,12 +41,17 @@ * compiler * * \note It is extremely difficult to guarantee that calls to - * mbedtls_zeroize() are not removed by aggressive compiler - * optimizations in a portable way. For this reason, Mbed TLS - * provides the configuration option MBEDTLS_UTILS_ZEROIZE_ALT, - * which allows users to configure mbedtls_zeroize() to use a - * suitable implementation for their platform and needs + * mbedtls_platform_zeroize() are not removed by aggressive + * compiler optimizations in a portable way. For this reason, Mbed + * TLS provides the configuration option + * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure + * mbedtls_platform_zeroize() to use a suitable implementation for + * their platform and needs */ -void mbedtls_zeroize( void *buf, size_t len ); +void mbedtls_platform_zeroize( void *buf, size_t len ); -#endif /* MBEDTLS_UTILS_H */ +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_PLATFORM_UTIL_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 24a2484a3..648b151a0 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -57,7 +57,7 @@ set(src_crypto version.c version_features.c xtea.c - utils.c + platform_util.c ) set(src_x509 diff --git a/library/Makefile b/library/Makefile index 46dce4e6f..fd4544aa4 100644 --- a/library/Makefile +++ b/library/Makefile @@ -66,7 +66,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ version_features.o xtea.o \ - utils.o + platform_util.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ diff --git a/library/utils.c b/library/platform_util.c similarity index 70% rename from library/utils.c rename to library/platform_util.c index 34629eb97..498e214ff 100644 --- a/library/utils.c +++ b/library/platform_util.c @@ -1,5 +1,6 @@ /* - * Mbed TLS utility functions + * Common and shared functions used by multiple modules in the Mbed TLS + * library. * * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -30,12 +31,12 @@ #include #include -#if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) +#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) /* * This implementation should never be optimized out by the compiler * - * This implementation for mbedtls_zeroize() was inspired from Colin Percival's - * blog article at: + * This implementation for mbedtls_platform_zeroize() was inspired from Colin + * Percival's blog article at: * * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html * @@ -50,17 +51,17 @@ * if( memset_func != memset ) * memset_func( buf, 0, len ); * - * Note that it is extremely difficult to guarantee that mbedtls_zeroize() - * will not be optimized out by aggressive compilers in a portable way. For - * this reason, Mbed TLS also provides the configuration option - * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure - * mbedtls_zeroize() to use a suitable implementation for their platform and - * needs. + * Note that it is extremely difficult to guarantee that + * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers + * in a portable way. For this reason, Mbed TLS also provides the configuration + * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure + * mbedtls_platform_zeroize() to use a suitable implementation for their + * platform and needs. */ static void * (* const volatile memset_func)( void *, int, size_t ) = memset; -void mbedtls_zeroize( void *buf, size_t len ) +void mbedtls_platform_zeroize( void *buf, size_t len ) { memset_func( buf, 0, len ); } -#endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ +#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ From 1f6301b3c889efb8e353aa8179f691123549d6c7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 09:51:09 -0500 Subject: [PATCH 461/504] Rename mbedtls_zeroize to mbedtls_platform_zeroize --- library/aes.c | 4 +-- library/arc4.c | 4 +-- library/asn1parse.c | 6 ++-- library/bignum.c | 18 ++++------ library/blowfish.c | 4 +-- library/camellia.c | 4 +-- library/ccm.c | 6 ++-- library/cipher.c | 7 ++-- library/cmac.c | 32 ++++++++--------- library/ctr_drbg.c | 18 +++++----- library/des.c | 14 ++++---- library/dhm.c | 8 ++--- library/ecp.c | 4 +-- library/entropy.c | 14 ++++---- library/gcm.c | 6 ++-- library/havege.c | 4 +-- library/hmac_drbg.c | 8 ++--- library/md.c | 11 +++--- library/md2.c | 4 +-- library/md4.c | 4 +-- library/md5.c | 4 +-- library/memory_buffer_alloc.c | 4 +-- library/pem.c | 22 ++++++------ library/pk.c | 4 +-- library/pk_wrap.c | 4 +-- library/pkcs12.c | 16 ++++----- library/pkparse.c | 10 +++--- library/platform.c | 11 ++---- library/platform_util.c | 2 +- library/ripemd160.c | 4 +-- library/rsa.c | 18 +++++----- library/sha1.c | 4 +-- library/sha256.c | 4 +-- library/sha512.c | 4 +-- library/ssl_cli.c | 6 ++-- library/ssl_cookie.c | 6 ++-- library/ssl_srv.c | 4 +-- library/ssl_ticket.c | 6 ++-- library/ssl_tls.c | 68 ++++++++++++++++++----------------- library/x509_crl.c | 13 +++---- library/x509_crt.c | 18 +++++----- library/x509_csr.c | 10 +++--- library/x509write_crt.c | 4 +-- library/x509write_csr.c | 4 +-- library/xtea.c | 4 +-- 45 files changed, 216 insertions(+), 218 deletions(-) diff --git a/library/aes.c b/library/aes.c index 797e00fa3..b0aea0091 100644 --- a/library/aes.c +++ b/library/aes.c @@ -36,7 +36,7 @@ #include #include "mbedtls/aes.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PADLOCK_C) #include "mbedtls/padlock.h" #endif @@ -518,7 +518,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); } /* diff --git a/library/arc4.c b/library/arc4.c index a6d2d4ef3..b8998ac6c 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_ARC4_C) #include "mbedtls/arc4.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -58,7 +58,7 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); } /* diff --git a/library/asn1parse.c b/library/asn1parse.c index 10ec3d8cb..171c340b8 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -28,7 +28,7 @@ #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -309,7 +309,7 @@ int mbedtls_asn1_get_alg( unsigned char **p, if( *p == end ) { - mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) ); + mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) ); return( 0 ); } @@ -354,7 +354,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur ) mbedtls_free( cur->oid.p ); mbedtls_free( cur->val.p ); - mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); + mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); } void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ) diff --git a/library/bignum.c b/library/bignum.c index 47bf1ef97..fb748d8a1 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -45,6 +45,7 @@ #include "mbedtls/bignum.h" #include "mbedtls/bn_mul.h" +#include "mbedtls/platform_util.h" #include @@ -58,16 +59,6 @@ #define mbedtls_free free #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { - volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; -} - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -81,6 +72,11 @@ static void mbedtls_zeroize( void *v, size_t n ) { #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { + mbedtls_platform_zeroize( v, ciL * n ); +} + /* * Initialize one MPI */ @@ -1897,7 +1893,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) ); cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } diff --git a/library/blowfish.c b/library/blowfish.c index 59c579888..5b6bb9885 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_BLOWFISH_C) #include "mbedtls/blowfish.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -161,7 +161,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); } /* diff --git a/library/camellia.c b/library/camellia.c index b2115c4a6..41b7da0fa 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_CAMELLIA_C) #include "mbedtls/camellia.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -329,7 +329,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); } /* diff --git a/library/ccm.c b/library/ccm.c index a7a2cc446..cf6520935 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -37,7 +37,7 @@ #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -98,7 +98,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) { mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); } /* @@ -339,7 +339,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, if( diff != 0 ) { - mbedtls_zeroize( output, length ); + mbedtls_platform_zeroize( output, length ); return( MBEDTLS_ERR_CCM_AUTH_FAILED ); } diff --git a/library/cipher.c b/library/cipher.c index 1b2e569cb..a5cd61cdf 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -33,7 +33,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/cipher_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -137,7 +137,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) #if defined(MBEDTLS_CMAC_C) if( ctx->cmac_ctx ) { - mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) ); + mbedtls_platform_zeroize( ctx->cmac_ctx, + sizeof( mbedtls_cmac_context_t ) ); mbedtls_free( ctx->cmac_ctx ); } #endif @@ -145,7 +146,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) if( ctx->cipher_ctx ) ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); + mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); } int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ) diff --git a/library/cmac.c b/library/cmac.c index 54ad84340..4d7a1f169 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -49,7 +49,7 @@ #if defined(MBEDTLS_CMAC_C) #include "mbedtls/cmac.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -140,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; size_t olen, block_size; - mbedtls_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize( L, sizeof( L ) ); block_size = ctx->cipher_info->block_size; @@ -158,7 +158,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, goto exit; exit: - mbedtls_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize( L, sizeof( L ) ); return( ret ); } @@ -234,7 +234,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, ctx->cmac_ctx = cmac_ctx; - mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); return 0; } @@ -326,8 +326,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, block_size = ctx->cipher_info->block_size; state = cmac_ctx->state; - mbedtls_zeroize( K1, sizeof( K1 ) ); - mbedtls_zeroize( K2, sizeof( K2 ) ); + mbedtls_platform_zeroize( K1, sizeof( K1 ) ); + mbedtls_platform_zeroize( K2, sizeof( K2 ) ); cmac_generate_subkeys( ctx, K1, K2 ); last_block = cmac_ctx->unprocessed_block; @@ -357,14 +357,14 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, exit: /* Wipe the generated keys on the stack, and any other transients to avoid * side channel leakage */ - mbedtls_zeroize( K1, sizeof( K1 ) ); - mbedtls_zeroize( K2, sizeof( K2 ) ); + mbedtls_platform_zeroize( K1, sizeof( K1 ) ); + mbedtls_platform_zeroize( K2, sizeof( K2 ) ); cmac_ctx->unprocessed_len = 0; - mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); + mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); + mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); return( ret ); } @@ -379,10 +379,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; - mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_zeroize( cmac_ctx->state, - sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_block ) ); + mbedtls_platform_zeroize( cmac_ctx->state, + sizeof( cmac_ctx->state ) ); return( 0 ); } @@ -462,7 +462,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, output ); exit: - mbedtls_zeroize( int_key, sizeof( int_key ) ); + mbedtls_platform_zeroize( int_key, sizeof( int_key ) ); return( ret ); } diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index ae6d62f34..d0e5ba862 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -121,7 +121,7 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_aes_free( &ctx->aes_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); } void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance ) @@ -241,16 +241,16 @@ exit: /* * tidy up the stack */ - mbedtls_zeroize( buf, sizeof( buf ) ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( key, sizeof( key ) ); - mbedtls_zeroize( chain, sizeof( chain ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( chain, sizeof( chain ) ); if( 0 != ret ) { /* * wipe partial seed from memory */ - mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); + mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); } return( ret ); @@ -489,7 +489,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); return( ret ); @@ -522,7 +522,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/des.c b/library/des.c index 863a80c48..ca9e071f3 100644 --- a/library/des.c +++ b/library/des.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -312,7 +312,7 @@ void mbedtls_des_free( mbedtls_des_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) ); } void mbedtls_des3_init( mbedtls_des3_context *ctx ) @@ -325,7 +325,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) ); } static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, @@ -549,7 +549,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set2key( ctx->sk, sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -563,7 +563,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set2key( sk, ctx->sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -600,7 +600,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set3key( ctx->sk, sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -614,7 +614,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set3key( sk, ctx->sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } diff --git a/library/dhm.c b/library/dhm.c index 5e510de2d..82cbb0ce8 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -36,7 +36,7 @@ #if defined(MBEDTLS_DHM_C) #include "mbedtls/dhm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -434,7 +434,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P ); - mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); } #if defined(MBEDTLS_ASN1_PARSE_C) @@ -572,7 +572,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) { fclose( f ); - mbedtls_zeroize( *buf, *n + 1 ); + mbedtls_platform_zeroize( *buf, *n + 1 ); mbedtls_free( *buf ); return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); @@ -602,7 +602,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) ret = mbedtls_dhm_parse_dhm( dhm, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); diff --git a/library/ecp.c b/library/ecp.c index a2a122518..41db3fbe5 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -51,7 +51,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/threading.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -344,7 +344,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) mbedtls_free( grp->T ); } - mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); + mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) ); } /* diff --git a/library/entropy.c b/library/entropy.c index 37fdf3a9a..f8db1a550 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -35,7 +35,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -136,7 +136,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) ctx->initial_entropy_run = 0; #endif ctx->source_count = 0; - mbedtls_zeroize( ctx->source, sizeof( ctx->source ) ); + mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) ); ctx->accumulator_started = 0; } @@ -228,7 +228,7 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id #endif cleanup: - mbedtls_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); return( ret ); } @@ -296,7 +296,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -429,7 +429,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); #if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) @@ -482,7 +482,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); return( ret ); @@ -512,7 +512,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/gcm.c b/library/gcm.c index 39e8dd3f2..57b027933 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -38,7 +38,7 @@ #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -494,7 +494,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, if( diff != 0 ) { - mbedtls_zeroize( output, length ); + mbedtls_platform_zeroize( output, length ); return( MBEDTLS_ERR_GCM_AUTH_FAILED ); } @@ -504,7 +504,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) { mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); } #endif /* !MBEDTLS_GCM_ALT */ diff --git a/library/havege.c b/library/havege.c index c9bb64dc1..4dcac0287 100644 --- a/library/havege.c +++ b/library/havege.c @@ -36,7 +36,7 @@ #include "mbedtls/havege.h" #include "mbedtls/timing.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -204,7 +204,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs ) if( hs == NULL ) return; - mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) ); + mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) ); } /* diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 1ef819d86..dad55ff86 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_HMAC_DRBG_C) #include "mbedtls/hmac_drbg.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -334,7 +334,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_md_free( &ctx->md_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); } #if defined(MBEDTLS_FS_IO) @@ -360,7 +360,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha exit: fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -392,7 +392,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/md.c b/library/md.c index c54ae85a9..303cdcbee 100644 --- a/library/md.c +++ b/library/md.c @@ -33,7 +33,7 @@ #include "mbedtls/md.h" #include "mbedtls/md_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -189,11 +189,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) if( ctx->hmac_ctx != NULL ) { - mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size ); + mbedtls_platform_zeroize( ctx->hmac_ctx, + 2 * ctx->md_info->block_size ); mbedtls_free( ctx->hmac_ctx ); } - mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); } int mbedtls_md_clone( mbedtls_md_context_t *dst, @@ -307,7 +308,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne ret = md_info->finish_func( ctx.md_ctx, output ); cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); mbedtls_md_free( &ctx ); @@ -357,7 +358,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, goto cleanup; cleanup: - mbedtls_zeroize( sum, sizeof( sum ) ); + mbedtls_platform_zeroize( sum, sizeof( sum ) ); return( ret ); } diff --git a/library/md2.c b/library/md2.c index 37e35dc58..1c0b3df52 100644 --- a/library/md2.c +++ b/library/md2.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_MD2_C) #include "mbedtls/md2.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -89,7 +89,7 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) ); } void mbedtls_md2_clone( mbedtls_md2_context *dst, diff --git a/library/md4.c b/library/md4.c index a98d0a853..3f8ddff31 100644 --- a/library/md4.c +++ b/library/md4.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_MD4_C) #include "mbedtls/md4.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -82,7 +82,7 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) ); } void mbedtls_md4_clone( mbedtls_md4_context *dst, diff --git a/library/md5.c b/library/md5.c index f439a73ba..8238c2b81 100644 --- a/library/md5.c +++ b/library/md5.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_MD5_C) #include "mbedtls/md5.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -81,7 +81,7 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); } void mbedtls_md5_clone( mbedtls_md5_context *dst, diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 68f094b3d..ceaeda1e7 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -31,7 +31,7 @@ /* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C is dependent upon MBEDTLS_PLATFORM_C */ #include "mbedtls/platform.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -608,7 +608,7 @@ void mbedtls_memory_buffer_alloc_free( void ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &heap.mutex ); #endif - mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) ); + mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/pem.c b/library/pem.c index 527c5f44b..6069a23de 100644 --- a/library/pem.c +++ b/library/pem.c @@ -33,7 +33,7 @@ #include "mbedtls/aes.h" #include "mbedtls/md5.h" #include "mbedtls/cipher.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -131,7 +131,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, exit: mbedtls_md5_free( &md5_ctx ); - mbedtls_zeroize( md5sum, 16 ); + mbedtls_platform_zeroize( md5sum, 16 ); return( ret ); } @@ -160,7 +160,7 @@ static int pem_des_decrypt( unsigned char des_iv[8], exit: mbedtls_des_free( &des_ctx ); - mbedtls_zeroize( des_key, 8 ); + mbedtls_platform_zeroize( des_key, 8 ); return( ret ); } @@ -188,7 +188,7 @@ static int pem_des3_decrypt( unsigned char des3_iv[8], exit: mbedtls_des3_free( &des3_ctx ); - mbedtls_zeroize( des3_key, 24 ); + mbedtls_platform_zeroize( des3_key, 24 ); return( ret ); } @@ -218,7 +218,7 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, exit: mbedtls_aes_free( &aes_ctx ); - mbedtls_zeroize( aes_key, keylen ); + mbedtls_platform_zeroize( aes_key, keylen ); return( ret ); } @@ -355,7 +355,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); } @@ -366,7 +366,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) if( pwd == NULL ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } @@ -403,12 +403,12 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); } #else - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && @@ -424,11 +424,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free( mbedtls_pem_context *ctx ) { if( ctx->buf != NULL ) - mbedtls_zeroize( ctx->buf, ctx->buflen ); + mbedtls_platform_zeroize( ctx->buf, ctx->buflen ); mbedtls_free( ctx->buf ); mbedtls_free( ctx->info ); - mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) ); } #endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/library/pk.c b/library/pk.c index bd3e4275d..f05b139e3 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,7 +29,7 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" @@ -66,7 +66,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) ctx->pk_info->ctx_free_func( ctx->pk_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); } /* diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2e0971110..2c7d2d79b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -42,7 +42,7 @@ #endif #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_PLATFORM_C) @@ -495,7 +495,7 @@ static void *rsa_alt_alloc_wrap( void ) static void rsa_alt_free_wrap( void *ctx ) { - mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); mbedtls_free( ctx ); } diff --git a/library/pkcs12.c b/library/pkcs12.c index 98b8324a9..16a15cb63 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -36,7 +36,7 @@ #include "mbedtls/pkcs12.h" #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -162,7 +162,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, goto exit; exit: - mbedtls_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); mbedtls_arc4_free( &ctx ); return( ret ); @@ -219,8 +219,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH; exit: - mbedtls_zeroize( key, sizeof( key ) ); - mbedtls_zeroize( iv, sizeof( iv ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( iv, sizeof( iv ) ); mbedtls_cipher_free( &cipher_ctx ); return( ret ); @@ -348,10 +348,10 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, ret = 0; exit: - mbedtls_zeroize( salt_block, sizeof( salt_block ) ); - mbedtls_zeroize( pwd_block, sizeof( pwd_block ) ); - mbedtls_zeroize( hash_block, sizeof( hash_block ) ); - mbedtls_zeroize( hash_output, sizeof( hash_output ) ); + mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) ); + mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) ); + mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) ); + mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) ); mbedtls_md_free( &md_ctx ); diff --git a/library/pkparse.c b/library/pkparse.c index 093ef5817..ccb7f5409 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -30,7 +30,7 @@ #include "mbedtls/pk.h" #include "mbedtls/asn1.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -98,7 +98,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) { fclose( f ); - mbedtls_zeroize( *buf, *n ); + mbedtls_platform_zeroize( *buf, *n ); mbedtls_free( *buf ); return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); @@ -133,7 +133,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, ret = mbedtls_pk_parse_key( ctx, buf, n, (const unsigned char *) pwd, strlen( pwd ) ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -153,7 +153,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) ret = mbedtls_pk_parse_public_key( ctx, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -1288,7 +1288,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, pwd, pwdlen ); - mbedtls_zeroize( key_copy, keylen ); + mbedtls_platform_zeroize( key_copy, keylen ); mbedtls_free( key_copy ); } diff --git a/library/platform.c b/library/platform.c index a295f9b9a..9e992875d 100644 --- a/library/platform.c +++ b/library/platform.c @@ -28,14 +28,7 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" - -#if defined(MBEDTLS_ENTROPY_NV_SEED) && \ - !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} -#endif +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PLATFORM_MEMORY) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) @@ -241,7 +234,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) { fclose( file ); - mbedtls_zeroize( buf, buf_len ); + mbedtls_platform_zeroize( buf, buf_len ); return( -1 ); } diff --git a/library/platform_util.c b/library/platform_util.c index 498e214ff..1a57de939 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -26,7 +26,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include diff --git a/library/ripemd160.c b/library/ripemd160.c index 6cf027f8d..bd25ada62 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_RIPEMD160_C) #include "mbedtls/ripemd160.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -82,7 +82,7 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); } void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, diff --git a/library/rsa.c b/library/rsa.c index 9e4a0f08f..0055223c8 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -48,7 +48,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -1038,7 +1038,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, } exit: - mbedtls_zeroize( mask, sizeof( mask ) ); + mbedtls_platform_zeroize( mask, sizeof( mask ) ); return( ret ); } @@ -1352,8 +1352,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, ret = 0; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); - mbedtls_zeroize( lhash, sizeof( lhash ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( lhash, sizeof( lhash ) ); return( ret ); } @@ -1450,7 +1450,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, ret = 0; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -1581,7 +1581,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, p += hlen; *p++ = 0xBC; - mbedtls_zeroize( salt, sizeof( salt ) ); + mbedtls_platform_zeroize( salt, sizeof( salt ) ); exit: mbedtls_md_free( &md_ctx ); @@ -1723,7 +1723,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * after the initial bounds check. */ if( p != dst + dst_len ) { - mbedtls_zeroize( dst, dst_len ); + mbedtls_platform_zeroize( dst, dst_len ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -2060,13 +2060,13 @@ cleanup: if( encoded != NULL ) { - mbedtls_zeroize( encoded, sig_len ); + mbedtls_platform_zeroize( encoded, sig_len ); mbedtls_free( encoded ); } if( encoded_expected != NULL ) { - mbedtls_zeroize( encoded_expected, sig_len ); + mbedtls_platform_zeroize( encoded_expected, sig_len ); mbedtls_free( encoded_expected ); } diff --git a/library/sha1.c b/library/sha1.c index a7577b4ef..1587de480 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA1_C) #include "mbedtls/sha1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -81,7 +81,7 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); } void mbedtls_sha1_clone( mbedtls_sha1_context *dst, diff --git a/library/sha256.c b/library/sha256.c index c92f2804c..695485d84 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA256_C) #include "mbedtls/sha256.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -84,7 +84,7 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); } void mbedtls_sha256_clone( mbedtls_sha256_context *dst, diff --git a/library/sha512.c b/library/sha512.c index e8d1b69c6..6de94e99b 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA512_C) #include "mbedtls/sha512.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(_MSC_VER) || defined(__WATCOMC__) #define UL64(x) x##ui64 @@ -98,7 +98,7 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); } void mbedtls_sha512_clone( mbedtls_sha512_context *dst, diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8ab9886a5..f5fecb723 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -48,7 +48,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -3286,8 +3286,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) if( ticket_len == 0 ) return( 0 ); - mbedtls_zeroize( ssl->session_negotiate->ticket, - ssl->session_negotiate->ticket_len ); + mbedtls_platform_zeroize( ssl->session_negotiate->ticket, + ssl->session_negotiate->ticket_len ); mbedtls_free( ssl->session_negotiate->ticket ); ssl->session_negotiate->ticket = NULL; ssl->session_negotiate->ticket_len = 0; diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ec0814a2e..56e9bdd2b 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -40,7 +40,7 @@ #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -97,7 +97,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif - mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); } int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, @@ -118,7 +118,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, if( ret != 0 ) return( ret ); - mbedtls_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); return( 0 ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b4934a3a6..313938ee8 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -50,7 +50,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) @@ -550,7 +550,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) ); /* Zeroize instead of free as we copied the content */ - mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) ); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 9e2276d2e..a2b304869 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,7 +36,7 @@ #endif #include "mbedtls/ssl_ticket.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -79,7 +79,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, mbedtls_cipher_get_key_bitlen( &key->ctx ), MBEDTLS_ENCRYPT ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -479,7 +479,7 @@ void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif - mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); } #endif /* MBEDTLS_SSL_TICKET_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 84f9c77ac..f24980049 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -46,7 +46,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -265,8 +265,8 @@ exit: mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padding, sizeof( padding ) ); - mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize( padding, sizeof( padding ) ); + mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); return( ret ); } @@ -363,8 +363,8 @@ static int tls1_prf( const unsigned char *secret, size_t slen, mbedtls_md_free( &md_ctx ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); return( 0 ); } @@ -428,8 +428,8 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, mbedtls_md_free( &md_ctx ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); return( 0 ); } @@ -638,7 +638,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( ret ); } - mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) ); + mbedtls_platform_zeroize( handshake->premaster, + sizeof(handshake->premaster) ); } else MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); @@ -649,7 +650,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) memcpy( tmp, handshake->randbytes, 64 ); memcpy( handshake->randbytes, tmp + 32, 32 ); memcpy( handshake->randbytes + 32, tmp, 32 ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); /* * SSLv3: @@ -677,7 +678,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); - mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) ); + mbedtls_platform_zeroize( handshake->randbytes, + sizeof( handshake->randbytes ) ); /* * Determine the appropriate key, IV and MAC length. @@ -944,7 +946,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - mbedtls_zeroize( keyblk, sizeof( keyblk ) ); + mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); #if defined(MBEDTLS_ZLIB_SUPPORT) // Initialize compression @@ -5023,9 +5025,9 @@ static void ssl_calc_finished_ssl( mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); - mbedtls_zeroize( md5sum, sizeof( md5sum ) ); - mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) ); + mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5084,7 +5086,7 @@ static void ssl_calc_finished_tls( mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5134,7 +5136,7 @@ static void ssl_calc_finished_tls_sha256( mbedtls_sha256_free( &sha256 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5183,7 +5185,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_sha512_free( &sha512 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -6102,7 +6104,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, if( conf->psk != NULL ) { - mbedtls_zeroize( conf->psk, conf->psk_len ); + mbedtls_platform_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); conf->psk = NULL; @@ -6145,7 +6147,8 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, if( ssl->handshake->psk != NULL ) { - mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len ); + mbedtls_platform_zeroize( ssl->handshake->psk, + ssl->handshake->psk_len ); mbedtls_free( ssl->handshake->psk ); ssl->handshake->psk_len = 0; } @@ -6275,7 +6278,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) if( ssl->hostname != NULL ) { - mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_free( ssl->hostname ); } @@ -7388,7 +7391,7 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_dec ); - mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); + mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); } #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -7448,7 +7451,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( handshake->psk != NULL ) { - mbedtls_zeroize( handshake->psk, handshake->psk_len ); + mbedtls_platform_zeroize( handshake->psk, handshake->psk_len ); mbedtls_free( handshake->psk ); } #endif @@ -7478,7 +7481,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) ssl_flight_free( handshake->flight ); #endif - mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); + mbedtls_platform_zeroize( handshake, + sizeof( mbedtls_ssl_handshake_params ) ); } void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) @@ -7498,7 +7502,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) mbedtls_free( session->ticket ); #endif - mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) ); } /* @@ -7513,20 +7517,20 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) if( ssl->out_buf != NULL ) { - mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->out_buf ); } if( ssl->in_buf != NULL ) { - mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->in_buf ); } #if defined(MBEDTLS_ZLIB_SUPPORT) if( ssl->compress_buf != NULL ) { - mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->compress_buf ); } #endif @@ -7557,7 +7561,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ssl->hostname != NULL ) { - mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_free( ssl->hostname ); } #endif @@ -7577,7 +7581,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); /* Actually clear after last debug message */ - mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); + mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); } /* @@ -7804,7 +7808,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( conf->psk != NULL ) { - mbedtls_zeroize( conf->psk, conf->psk_len ); + mbedtls_platform_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); conf->psk = NULL; conf->psk_len = 0; @@ -7812,7 +7816,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) if( conf->psk_identity != NULL ) { - mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); + mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len ); mbedtls_free( conf->psk_identity ); conf->psk_identity = NULL; conf->psk_identity_len = 0; @@ -7823,7 +7827,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) ssl_key_cert_free( conf->key_cert ); #endif - mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) ); + mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); } #if defined(MBEDTLS_PK_C) && \ diff --git a/library/x509_crl.c b/library/x509_crl.c index 09c7ac318..8450f87e0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -39,7 +39,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -612,7 +612,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) ret = mbedtls_x509_crl_parse( chain, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -733,7 +733,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -742,13 +742,14 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) { entry_prv = entry_cur; entry_cur = entry_cur->next; - mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) ); + mbedtls_platform_zeroize( entry_prv, + sizeof( mbedtls_x509_crl_entry ) ); mbedtls_free( entry_prv ); } if( crl_cur->raw.p != NULL ) { - mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len ); + mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len ); mbedtls_free( crl_cur->raw.p ); } @@ -762,7 +763,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) crl_prv = crl_cur; crl_cur = crl_cur->next; - mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); + mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); if( crl_prv != crl ) mbedtls_free( crl_prv ); } diff --git a/library/x509_crt.c b/library/x509_crt.c index c9969a80d..462cbcf12 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -41,7 +41,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -1111,7 +1111,7 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) ret = mbedtls_x509_crt_parse( chain, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -2422,7 +2422,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -2431,7 +2431,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -2440,7 +2440,8 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); + mbedtls_platform_zeroize( seq_prv, + sizeof( mbedtls_x509_sequence ) ); mbedtls_free( seq_prv ); } @@ -2449,13 +2450,14 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); + mbedtls_platform_zeroize( seq_prv, + sizeof( mbedtls_x509_sequence ) ); mbedtls_free( seq_prv ); } if( cert_cur->raw.p != NULL ) { - mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len ); + mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); mbedtls_free( cert_cur->raw.p ); } @@ -2469,7 +2471,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) cert_prv = cert_cur; cert_cur = cert_cur->next; - mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); + mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); if( cert_prv != crt ) mbedtls_free( cert_prv ); } diff --git a/library/x509_csr.c b/library/x509_csr.c index 8a74db85f..3e8e8fbc6 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -39,7 +39,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -321,7 +321,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) ret = mbedtls_x509_csr_parse( csr, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -403,17 +403,17 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } if( csr->raw.p != NULL ) { - mbedtls_zeroize( csr->raw.p, csr->raw.len ); + mbedtls_platform_zeroize( csr->raw.p, csr->raw.len ); mbedtls_free( csr->raw.p ); } - mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) ); + mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) ); } #endif /* MBEDTLS_X509_CSR_PARSE_C */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index dee77b841..b1ef216c9 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -37,7 +37,7 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" #include "mbedtls/sha1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -61,7 +61,7 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) mbedtls_asn1_free_named_data_list( &ctx->issuer ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); } void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 482e65eb7..66cee5601 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -35,7 +35,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -54,7 +54,7 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) mbedtls_asn1_free_named_data_list( &ctx->subject ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); } void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) diff --git a/library/xtea.c b/library/xtea.c index 65b416545..a33707bc1 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -28,7 +28,7 @@ #if defined(MBEDTLS_XTEA_C) #include "mbedtls/xtea.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -76,7 +76,7 @@ void mbedtls_xtea_free( mbedtls_xtea_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); } /* From 82934be1443d5fafff1bd9f8aa9c938dad8e825c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:02:17 -0500 Subject: [PATCH 462/504] Do not install zeroize program in CMakeLists --- programs/test/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 1e87fca31..0c5ce27f7 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -25,6 +25,6 @@ target_link_libraries(udp_proxy ${libs}) add_executable(zeroize zeroize.c) target_link_libraries(zeroize ${libs}) -install(TARGETS selftest benchmark ssl_cert_test udp_proxy zeroize +install(TARGETS selftest benchmark ssl_cert_test udp_proxy DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 9644983ae4d6080a604ceb25ec794dba6d850668 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:03:44 -0500 Subject: [PATCH 463/504] Add platform_utils and zeroize to visualc files --- visualc/VS2010/mbedTLS.sln | 13 +++ visualc/VS2010/mbedTLS.vcxproj | 2 + visualc/VS2010/zeroize.vcxproj | 174 +++++++++++++++++++++++++++++++++ 3 files changed, 189 insertions(+) create mode 100644 visualc/VS2010/zeroize.vcxproj diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln index 686091c7f..66b96c3a3 100644 --- a/visualc/VS2010/mbedTLS.sln +++ b/visualc/VS2010/mbedTLS.sln @@ -203,6 +203,11 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "udp_proxy", "udp_proxy.vcxp {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zeroize", "zeroize.vcxproj", "{10C01E94-4926-063E-9F56-C84ED190D349}" + ProjectSection(ProjectDependencies) = postProject + {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} + EndProjectSection +EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} @@ -574,6 +579,14 @@ Global {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|Win32.Build.0 = Release|Win32 {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.ActiveCfg = Release|x64 {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.Build.0 = Release|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.ActiveCfg = Debug|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.Build.0 = Debug|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.ActiveCfg = Debug|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.Build.0 = Debug|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.ActiveCfg = Release|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64 diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index f13f83cc1..802cce719 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -197,6 +197,7 @@ + @@ -266,6 +267,7 @@ + diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj new file mode 100644 index 000000000..9d311c721 --- /dev/null +++ b/visualc/VS2010/zeroize.vcxproj @@ -0,0 +1,174 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + + + + + {46cf2d25-6a36-4189-b59c-e4815388e554} + true + + + + {10C01E94-4926-063E-9F56-C84ED190D349} + Win32Proj + zeroize + + + + Application + true + Unicode + + + Application + true + Unicode + + + Application + false + true + Unicode + + + Application + false + true + Unicode + Windows7.1SDK + + + + + + + + + + + + + + + + + + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + Debug + + + false + + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + Debug + + + false + + + + + Level3 + + + MaxSpeed + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + true + true + Release + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + + + + + Level3 + + + MaxSpeed + true + true + WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + true + true + Release + %(AdditionalDependencies); + + + + + + From eecea0e281b2300a1e6f84241bddae4408ecd02d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:14:53 -0500 Subject: [PATCH 464/504] Update zeroize test to use mbedtls_platform_zeroize() --- programs/test/zeroize.c | 13 +++++++------ tests/scripts/test_zeroize.gdb | 30 +++++++++++++++--------------- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 9f7742554..252438bcf 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -2,13 +2,14 @@ * Zeroize application for debugger-driven testing * * This is a simple test application used for debugger-driven testing to check - * whether calls to mbedtls_zeroize() are being eliminated by compiler + * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not + * tests/scripts/test_zeroize.gdb under the assumption that the code does not * change often (as opposed to the library code) because the script sets a * breakpoint at the last return statement in the main() function of this * program. The debugger facilities are then used to manually inspect the - * memory and verify that the call to mbedtls_zeroize() was not eliminated. + * memory and verify that the call to mbedtls_platform_zeroize() was not + * eliminated. * * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -45,14 +46,14 @@ #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #define BUFFER_LEN 1024 void usage( void ) { mbedtls_printf( "Zeroize is a simple program to assist with testing\n" ); - mbedtls_printf( "the mbedtls_zeroize() function by using the\n" ); + mbedtls_printf( "the mbedtls_platform_zeroize() function by using the\n" ); mbedtls_printf( "debugger. This program takes a file as input and\n" ); mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN ); mbedtls_printf( " zeroize \n" ); @@ -94,7 +95,7 @@ int main( int argc, char** argv ) mbedtls_printf( "The file is empty!\n" ); fclose( fp ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( exit_code ); } diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 574379b04..11ea37f97 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -6,29 +6,29 @@ # # Purpose # -# Run a test using the debugger to check that the mbedtls_zeroize() function in -# utils.h is not being optimized out by the compiler. To do so, the script -# loads the test program at programs/test/zeroize.c and sets a breakpoint at -# the last return statement in the main(). When the breakpoint is hit, the -# debugger manually checks the contents to be zeroized and checks that it is -# actually cleared. +# Run a test using the debugger to check that the mbedtls_platform_zeroize() +# function in platform_util.h is not being optimized out by the compiler. To do +# so, the script loads the test program at programs/test/zeroize.c and sets a +# breakpoint at the last return statement in main(). When the breakpoint is +# hit, the debugger manually checks the contents to be zeroized and checks that +# it is actually cleared. # -# The mbedtls_zeroize() test is debugger driven because there does not seem to -# be a mechanism to reliably check whether the zeroize calls are being +# The mbedtls_platform_zeroize() test is debugger driven because there does not +# seem to be a mechanism to reliably check whether the zeroize calls are being # eliminated by compiler optimizations from within the compiled program. The # problem is that a compiler would typically remove what it considers to be # "unecessary" assignments as part of redundant code elimination. To identify # such code, the compilar will create some form dependency graph between # reads and writes to variables (among other situations). It will then use this # data structure to remove redundant code that does not have an impact on the -# program's observable behavior. In the case of mbedtls_zeroize(), an +# program's observable behavior. In the case of mbedtls_platform_zeroize(), an # intelligent compiler could determine that this function clears a block of # memory that is not accessed later in the program, so removing the call to -# mbedtls_zeroize() does not have an observable behavior. However, inserting a -# test after a call to mbedtls_zeroize() to check whether the block of -# memory was correctly zeroed would force the compiler to not eliminate the -# mbedtls_zeroize() call. If this does not occur, then the compiler potentially -# has a bug. +# mbedtls_platform_zeroize() does not have an observable behavior. However, +# inserting a test after a call to mbedtls_zeroize() to check whether the block +# of memory was correctly zeroed would force the compiler to not eliminate the +# mbedtls_platform_zeroize() call. If this does not occur, then the compiler +# potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. # @@ -42,7 +42,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:99 +break zeroize.c:100 set args ./programs/test/zeroize.c run From 3ea559ea6c93c232598e94424d2bf1913582ae1d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:17:22 -0500 Subject: [PATCH 465/504] Fix alignment in makefile --- library/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index fd4544aa4..0ce2a224e 100644 --- a/library/Makefile +++ b/library/Makefile @@ -65,7 +65,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ ripemd160.o rsa_internal.o rsa.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ - version_features.o xtea.o \ + version_features.o xtea.o \ platform_util.o OBJS_X509= certs.o pkcs11.o x509.o \ From c58787f5074d38dde47834e2e29249c4e7923a69 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:21:45 -0500 Subject: [PATCH 466/504] Update docs for MBEDTLS_PLATFORM_ZEROIZE_ALT in config.h --- include/mbedtls/config.h | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 69754cf67..85d3f8ef1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2853,25 +2853,26 @@ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE /** - * \def MBEDTLS_UTILS_ZEROIZE_ALT + * \def MBEDTLS_PLATFORM_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). This replaces the default implementation in utils.c. + * mbedtls_platform_zeroize(). This replaces the default implementation in + * platform_util.c. * - * mbedtls_zeroize() is a widely used function across the library to zero a - * block of memory. The implementation is expected to be secure in the sense - * that it has been written to prevent the compiler from removing calls to - * mbedtls_zeroize() as part of redundant code elimination optimizations. - * However, it is difficult to guarantee that calls to mbedtls_zeroize() will - * not be optimized by the compiler as older versions of the C language - * standards do not provide a secure implementation of memset(). Therefore, - * MBEDTLS_UTILS_ZEROIZE_ALT enables users to configure their own - * implementation of mbedtls_zeroize(), for example by using directives - * specific to their compiler, features from the C standard (e.g using - * memset_s() in C11) or calling a secure memset() from their system (e.g - * explicit_bzero() in BSD). + * mbedtls_platform_zeroize() is a widely used function across the library to + * zero a block of memory. The implementation is expected to be secure in the + * sense that it has been written to prevent the compiler from removing calls + * to mbedtls_platform_zeroize() as part of redundant code elimination + * optimizations. However, it is difficult to guarantee that calls to + * mbedtls_platform_zeroize() will not be optimized by the compiler as older + * versions of the C language standards do not provide a secure implementation + * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to + * configure their own implementation of mbedtls_platform_zeroize(), for + * example by using directives specific to their compiler, features from the C + * standard (e.g using memset_s() in C11) or calling a secure memset() from + * their system (e.g explicit_bzero() in BSD). */ -//#define MBEDTLS_UTILS_ZEROIZE_ALT +//#define MBEDTLS_PLATFORM_ZEROIZE_ALT /* \} name SECTION: Customisation configuration options */ From 477dce15bca9e4a20f9e06d4ad71a9a45fa6974f Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 16:31:22 +0100 Subject: [PATCH 467/504] Update ccm.h updated brief desc. --- include/mbedtls/ccm.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 8f252c4bd..40ee1b3c8 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -1,7 +1,8 @@ /** * \file ccm.h * - * \brief This file contains CCM definitions and functions. + * \brief This file provides an API for the CCM authenticated encryption + * mode for block ciphers. * * CCM combines Counter mode encryption with CBC-MAC authentication * for 128-bit block ciphers. From 379b95ca9b5ca518dcff2b9f0a69702a49c01269 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 16:43:00 +0100 Subject: [PATCH 468/504] Update ccm.h Updated return values for mbedtls_ccm_auth_decrypt(). --- include/mbedtls/ccm.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 40ee1b3c8..5a34f3a0a 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -145,8 +145,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param tag_len The length of the tag in Bytes. * 4, 6, 8, 10, 12, 14 or 16. * - * \return \c 0 on success. - * \return A CCM or cipher-specific error code on failure. + * \return \c 0 on success. This indicates that the message is authentic. + * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. + * \return A cipher-specific error code on calculation failure. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, From 14a8b59d7b9dea1d91c88ee27b8ddde7a8f29de9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 16:56:12 +0100 Subject: [PATCH 469/504] Fix doxygen error for MBEDTLS_PLATFORM_ZEROIZE_ALT --- include/mbedtls/config.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 85d3f8ef1..67ad4b268 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2853,8 +2853,6 @@ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE /** - * \def MBEDTLS_PLATFORM_ZEROIZE_ALT - * * Uncomment the macro to let mbed TLS use your alternate implementation of * mbedtls_platform_zeroize(). This replaces the default implementation in * platform_util.c. From f13ca9536c80c145e4b96721bb73a21ca8e9f41a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 18 Apr 2018 04:14:31 -0400 Subject: [PATCH 470/504] Test suites: print error on failed platform_setup Return encountered errors instead of covering them Fix return value on the broken snprintf implementation --- tests/suites/helpers.function | 8 +++----- tests/suites/main_test.function | 12 ++++++++---- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index c436fbb87..f82694ada 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -132,13 +132,11 @@ mbedtls_platform_context platform_ctx; /* Helper Functions */ static int platform_setup() { + int ret = 0; #if defined(MBEDTLS_PLATFORM_C) - if( mbedtls_platform_setup( &platform_ctx ) != 0 ) - { - return -1; - } + ret = mbedtls_platform_setup( &platform_ctx ); #endif /* MBEDTLS_PLATFORM_C */ - return 0; + return( ret ); } static void platform_teardown() diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 8d7e47769..1390f9fbb 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -282,10 +282,14 @@ int main(int argc, const char *argv[]) !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; #endif - if( platform_setup() != 0 ) + /* Platform setup should be called in the beginning */ + ret = platform_setup(); + if( ret != 0 ) { - mbedtls_fprintf( stderr, "FATAL: Failed to initialize platform" ); - return -1; + mbedtls_fprintf( stderr, + "FATAL: Failed to initialize platform - error %d\n", + ret ); + return( -1 ); } #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -312,7 +316,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" ); platform_teardown(); - return( 0 ); + return( 1 ); } while( arg_index < argc) From ee96359d8916617c9f2766f2e7c8e6c7bf473274 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Wed, 18 Apr 2018 09:46:12 +0100 Subject: [PATCH 471/504] Update dhm.h Changes based on review comments --- include/mbedtls/dhm.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 2829ffc07..348d8cfec 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -1,7 +1,8 @@ /** * \file dhm.h * - * \brief This file contains DHM definitions and functions. + * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange + * definitions and functions. * * Diffie-Hellman-Merkle (DHM) key exchange is defined in * RFC-2631: Diffie-Hellman Key Agreement Method and @@ -186,7 +187,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *G ); /** - * \brief This function imports the G^Y public value of the peer. + * \brief This function imports the public value of the peer, G^Y. * * \param ctx The DHM context. * \param input The input buffer containing the G^Y value of the peer. @@ -199,7 +200,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief This function creates its own \c X private key and + * \brief This function creates its own private key, \c X, and * exports \c G^X. * * \note The destination buffer is always fully written @@ -267,7 +268,8 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); * Byte for PEM data. * * \return \c 0 on success. - * \return A specific DHM or PEM error code on failure. + * \return An \c MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code + * error code on failure. */ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen ); @@ -281,7 +283,8 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \param path The filename to read the DHM parameters from. * * \return \c 0 on success. - * \return A specific DHM or PEM error code on failure. + * \return An \c MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code + * error code on failure. */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ From fa1fe36e08a45902f40d53c81e9d9532a777e2d9 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Wed, 18 Apr 2018 10:09:31 +0100 Subject: [PATCH 472/504] Update dhm.h Minor fix based on review comments --- include/mbedtls/dhm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 348d8cfec..b3b376172 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -268,7 +268,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); * Byte for PEM data. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code + * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code * error code on failure. */ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, @@ -283,7 +283,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \param path The filename to read the DHM parameters from. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code + * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code * error code on failure. */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); From 2e1934ac0c0a5b3a48739faea03b361aad26934b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 18 Apr 2018 16:05:29 +0200 Subject: [PATCH 473/504] Fix comment formatting to pacify check-names.sh --- include/mbedtls/sha1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index d8ce3c63b..eec3f95bc 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -286,7 +286,7 @@ int mbedtls_sha1_ret( const unsigned char *input, #define MBEDTLS_DEPRECATED #endif /** -* \brief This function calculates the SHA-1 checksum of a buffer. + * \brief This function calculates the SHA-1 checksum of a buffer. * * The function allocates the context, performs the * calculation, and frees the context. From f56cb34d609b9c697238c3a8f2c2096ec0b42be6 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 12:49:10 +0100 Subject: [PATCH 474/504] Update ecp.h Updated based on review comment. One comment remains open (waiting for input) --- include/mbedtls/ecp.h | 151 +++++++++++++++++++++++------------------- 1 file changed, 84 insertions(+), 67 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 89c756b37..c58a4b6ab 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -3,8 +3,9 @@ * * \brief This file contains ECP definitions and functions. * - * The Elliptic Curve over P (ECP) is defined in Standards for Efficient - * Cryptography Group (SECG): SEC1 Elliptic Curve Cryptography and + * The use of Elliptic Curves over GF(P) (ECP) in cryptography and + * TLS is defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography and * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites * for Transport Layer Security (TLS). * @@ -69,7 +70,7 @@ extern "C" { * \note Only curves over prime fields are supported. * * \warning This library does not support validation of arbitrary domain - * parameters. Therefore, only well-known domain parameters from trusted + * parameters. Therefore, only standardized domain parameters from trusted * sources should be used. See mbedtls_ecp_group_load(). */ typedef enum @@ -84,14 +85,14 @@ typedef enum MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for a Curve25519 curve. */ - MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for a Curve448 curve. */ + MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for a Curve448 curve. */ MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ } mbedtls_ecp_group_id; /** - * The number of supported curves, plus one for none. + * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE. * * \note Montgomery curves are currently excluded. */ @@ -109,13 +110,15 @@ typedef struct } mbedtls_ecp_curve_info; /** - * \brief The ECP point structure, in jacobian coordinates. + * \brief The ECP point structure, in Jacobian coordinates. * * \note All functions expect and return points satisfying - * the following condition: \p Z == 0 or \p Z == 1. Other - * values of \p Z are used only by internal functions. - * The point is zero, or "at infinity", if Z == 0. - * Otherwise, X and Y are its standard (affine) coordinates. + * the following condition: Z == 0 or + * Z == 1. Other values of \p Z are + * used only by internal functions. + * The point is zero, or "at infinity", if Z == 0. + * Otherwise, \p X and \p Y are its standard (affine) + * coordinates. */ typedef struct { @@ -129,43 +132,46 @@ mbedtls_ecp_point; * \brief The ECP group structure. * * We consider two types of curve equations: - *
    • Short Weierstrass: y^2 = x^3 + \p A x + \p B mod P + *
      1. Short Weierstrass: y^2 = x^3 + A x + B mod P * (SEC1 + RFC-4492)
        2. - *
      2. Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
    - * In both cases, the generator (G) for a prime-order subgroup is fixed. + *
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, + * Curve448)
    • + * In both cases, the generator (\p G) for a prime-order subgroup is fixed. * * For Short Weierstrass, this subgroup is the whole curve, and its - * cardinal is denoted by \p N. Our code requires that \p N is an odd prime. + * cardinality is denoted by \p N. Our code requires that \p N is an + * odd prime. * - * \note For blinding, use odd in mbedtls_ecp_mul() and prime in - * mbedtls_ecdsa_sign(). - * - * For Montgomery curves, we do not store \p A, but (A + 2) / 4, which is - * the quantity used in the formulas. Additionally, \p nbits is not the - * size of \p N but the required size for private keys. + * For Montgomery curves, we do not store \p A, but (A + 2) / 4, + * which is the quantity used in the formulas. Additionally, \p nbits is + * not the size of \p N but the required size for private keys. * * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. - * Otherwise, it must point to a function that takes an \p mbedtls_mpi in the - * range of 0..2^(2*pbits)-1, and transforms it in-place in an integer of - * little more than \p pbits, so that the integer may be efficiently brought - * in the 0..P-1 range by a few additions or substractions. + * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the + * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer which is + * congruent mod \p P to the given MPI, and is close enough to \p pbits in size, + * so that it may be efficiently brought in the 0..P-1 range by a few additions + * or subtractions. Therefore, it is only an approximative modular reduction. * * \return \c 0 on success - * \return Non-zero on failure. + * \return Non-zero error code on failure. */ typedef struct { mbedtls_ecp_group_id id; /*!< An internal group identifier. */ - mbedtls_mpi P; /*!< A prime modulus of the base field. */ - mbedtls_mpi A; /*!< \p A in the equation or (A + 2) / 4. */ - mbedtls_mpi B; /*!< \p B in the equation or unused. */ - mbedtls_ecp_point G; /*!< The generator of the (sub)group used. */ + mbedtls_mpi P; /*!< The prime modulus of the base field. */ + mbedtls_mpi A; /*!< For (1) \p A in the equation or for + (2) (A + 2) / 4. */ + mbedtls_mpi B; /*!< For (1) \p B in the equation or + for (2) Unused. */ + mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ mbedtls_mpi N; /*!< The order of \p G. */ size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< The number of bits in \p P, or the private - keys. */ + size_t nbits; /*!< For (1) The number of bits in \p P, or + for (2) the private keys. */ unsigned int h; /*!< \internal 1 if the constants are static. */ - int (*modp)(mbedtls_mpi *); /*!< The function for fast reduction mod P.*/ + int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction + mod \p P (see above).*/ int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ void *t_data; /*!< Unused. */ @@ -200,7 +206,7 @@ mbedtls_ecp_keypair; #if !defined(MBEDTLS_ECP_MAX_BITS) /** - * The maximum size of the groups, that is, of N and P. + * The maximum size of the groups, that is, of \c N and \c P. */ #define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ #endif @@ -262,7 +268,7 @@ mbedtls_ecp_keypair; /** * \brief This function retrieves the information defined in - * mbedtls_ecp_curve_info()for all supported curves in order + * mbedtls_ecp_curve_info() for all supported curves in order * of preference. * * \return A statically allocated array. The last entry is 0. @@ -270,8 +276,9 @@ mbedtls_ecp_keypair; const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); /** - * \brief This function retrieves the grp_id of all supported curves - * in order of preference. + * \brief This function retrieves the list of internal group + * identifiers of all supported curves in the order of + * preference. * * \return A statically allocated array, * terminated with MBEDTLS_ECP_DP_NONE. @@ -284,7 +291,8 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); * * \param grp_id An \c MBEDTLS_ECP_DP_XXX value. * - * \return The associated curve information, or NULL. + * \return The associated curve information on success. + * \return NULL on failure. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); @@ -294,7 +302,8 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr * * \param tls_id An \c MBEDTLS_ECP_DP_XXX value. * - * \return The associated curve information, or NULL. + * \return The associated curve information on success. + * \return NULL on failure. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); @@ -304,7 +313,8 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_i * * \param name The human-readable name. * - * \return The associated curve information, or NULL. + * \return The associated curve information on success. + * \return NULL on failure. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); @@ -316,7 +326,13 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); /** - * \brief This function initializes a group to something meaningless. + * \brief This function initializes an ECP group context + * without loading any domain parameters. + * + * \note After this function is called, domain parameters + * for various ECP groups can be loaded through the + * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group() + * functions. */ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); @@ -354,7 +370,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); * \param Q The source point. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); @@ -366,7 +382,7 @@ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); * \param src The source group. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ); @@ -376,7 +392,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src * \param pt The point to set. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); @@ -385,8 +401,8 @@ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); * * \param pt The point to test. * - * \return \c 1 if point is zero. - * \return \c 0 if point is non-zero. + * \return \c 1 if the point is zero. + * \return \c 0 if the point is non-zero. */ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); @@ -452,7 +468,7 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format * is not implemented. * @@ -464,15 +480,15 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_poi * \brief This function imports a point from a TLS ECPoint record. * * \note On function return, \p buf is updated to point to immediately - * after the ECPoint. + * after the ECPoint record. * * \param grp The ECP group used. * \param pt The destination point. - * \param buf The address of the pointer to the start of input buffer. + * \param buf The address of the pointer to the start of the input buffer. * \param len The length of the buffer. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization failed. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, @@ -484,9 +500,9 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point * \param grp The ECP group used. * \param pt The point to export. * \param format The export format. - * \param olen The length of data written. - * \param buf The Buffer to write to. - * \param blen The length of the Buffer. + * \param olen The length of the data written. + * \param buf The buffer to write to. + * \param blen The length of the buffer. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or @@ -497,7 +513,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp unsigned char *buf, size_t blen ); /** - * \brief This function sets a group using well-known domain parameters. + * \brief This function sets a group using standardized domain parameters. * * \note The index should be a value of the NamedCurve enum, * as defined in RFC-4492: Elliptic Curve Cryptography @@ -505,10 +521,10 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro. * * \param grp The destination group. - * \param id The index in the list of well-known domain parameters. + * \param id The identifier of the domain parameter set to load. * * \return \c 0 on success, - * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization fails. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups. */ @@ -517,14 +533,15 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** * \brief This function sets a group from a TLS ECParameters record. * - * \note \p buf is updated to point right after ECParameters on exit. + * \note \p buf is updated to point right after the ECParameters record + * on exit. * * \param grp The destination group. - * \param buf The address of the pointer to the start of input buffer. + * \param buf The address of the pointer to the start of the input buffer. * \param len The length of the buffer. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization fails. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); @@ -567,9 +584,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, * \param p_rng The RNG context. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid privkey, - * or \p P is not a valid pubkey. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private + * key, or \p P is not a valid public key. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, @@ -595,7 +612,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not * valid private keys, or \p P or \p Q are not valid public * keys. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, @@ -618,11 +635,11 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * structures. For example, mbedtls_ecdh_context() or * mbedtls_ecdsa_context(). * - * \param grp The curve or group the point should belong to. + * \param grp The curve the point should lie on. * \param pt The point to check. * * \return \c 0 if the point is a valid public key. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY otherwise. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure. */ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); @@ -639,7 +656,7 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po * \param d The integer to check. * * \return \c 0 if the point is a valid private key. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY otherwise. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure. */ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); @@ -670,7 +687,7 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, void *p_rng ); /** - * \brief This function generates a keypair. + * \brief This function generates an ECP keypair. * * \note This function uses bare components rather than an * mbedtls_ecp_keypair() structure to ease use with other @@ -692,7 +709,7 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp void *p_rng ); /** - * \brief This function generates a key. + * \brief This function generates an ECP key. * * \param grp_id The ECP group identifier. * \param key The destination key. From 826f26492008095bfe919784d4c6ae867240f3c8 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 14:01:29 +0100 Subject: [PATCH 475/504] Update cipher.h Additional changes based on review comments --- include/mbedtls/cipher.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 3ecae9b06..416942846 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -1,7 +1,9 @@ /** * \file cipher.h * - * \brief This file contains the generic cipher wrapper. + * \brief This file contains an abstraction interface for use with the cipher + * primitives provided by the library. It provides a common interface to all of + * the available cipher operations. * * \author Adriaan de Jong */ @@ -71,7 +73,7 @@ extern "C" { /** * \brief Supported cipher types. * - * \warning ARC4 and DES are considered weak ciphers and their use + * \warning RC4 and DES are considered weak ciphers and their use * constitutes a security risk. Arm recommends considering stronger * ciphers instead. */ @@ -80,16 +82,16 @@ typedef enum { MBEDTLS_CIPHER_ID_NULL, /**< NULL.*/ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ - MBEDTLS_CIPHER_ID_3DES, /**< The 3DES cipher. */ + MBEDTLS_CIPHER_ID_3DES, /**< The Trile DES cipher. */ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ - MBEDTLS_CIPHER_ID_ARC4, /**< The ARC4 cipher. */ + MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */ } mbedtls_cipher_id_t; /** * \brief Supported {cipher type, cipher mode} pairs. * - * \warning ARC4 and DES are considered weak ciphers and their use + * \warning RC4 and DES are considered weak ciphers and their use * constitutes a security risk. Arm recommends considering stronger * ciphers instead. */ @@ -136,7 +138,7 @@ typedef enum { MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */ MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */ MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */ - MBEDTLS_CIPHER_ARC4_128, /**< ARC4 cipher with 128-bit mode. */ + MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */ MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ @@ -151,7 +153,7 @@ typedef enum { MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */ MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */ MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */ - MBEDTLS_MODE_OFB, /**< Unused. */ + MBEDTLS_MODE_OFB, /**< The OFB cipher mode - unsupported. */ MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */ MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */ MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */ @@ -409,7 +411,7 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * \param ctx The context of the cipher. Must be initialized. * * \return The recommended IV size if no IV has been set. - * \return 0 for ciphers not using IV or nonce. + * \return \c 0 for ciphers not using IV or nonce. * \return The actual size if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) From 4c368e82cc5456303d4f0d0b7e5fd25c6a240b1a Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 14:24:11 +0100 Subject: [PATCH 476/504] Update cipher.h Additional changes based on review comments --- include/mbedtls/cipher.h | 59 ++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 416942846..473181762 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -78,8 +78,8 @@ extern "C" { * ciphers instead. */ typedef enum { - MBEDTLS_CIPHER_ID_NONE = 0, /**< None. */ - MBEDTLS_CIPHER_ID_NULL, /**< NULL.*/ + MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */ + MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ MBEDTLS_CIPHER_ID_3DES, /**< The Trile DES cipher. */ @@ -96,8 +96,8 @@ typedef enum { * ciphers instead. */ typedef enum { - MBEDTLS_CIPHER_NONE = 0, /**< None. */ - MBEDTLS_CIPHER_NULL, /**< NULL. */ + MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */ + MBEDTLS_CIPHER_NULL, /**< The cipher-pair, treated as a stream cipher. */ MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */ MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */ MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */ @@ -361,9 +361,10 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * \param cipher_info The cipher to use. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the - * cipher-specific context failed. + * cipher-specific context fails. * * \internal Currently, the function also clears the structure. * In future versions, the caller will be required to call @@ -411,7 +412,7 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * \param ctx The context of the cipher. Must be initialized. * * \return The recommended IV size if no IV has been set. - * \return \c 0 for ciphers not using IV or nonce. + * \return \c 0 for ciphers not using an IV or a nonce. * \return The actual size if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) @@ -503,8 +504,8 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return A cipher-specific error code on failure. */ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, @@ -542,7 +543,8 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph * This parameter is discarded by ciphers with fixed-size IV. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on failure. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. */ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ); @@ -553,8 +555,8 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, * \param ctx The generic cipher context. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA - * if parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. */ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); @@ -585,10 +587,10 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * Exception: For MBEDTLS_MODE_ECB, expects a single block * in size. For example, 16 Bytes for AES. * - * \note If the underlying cipher is GCM, all calls to this - * function, except the last one before - * mbedtls_cipher_finish(). Must have \p ilen as a - * multiple of the block_size. + * \note If the underlying cipher is used in GCM mode, all calls + * to this function, except for the last one before + * mbedtls_cipher_finish(), must have \p ilen as a + * multiple of the block size of the cipher. * * \param ctx The generic cipher context. * \param input The buffer holding the input data. @@ -600,8 +602,8 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * actual number of Bytes written. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an * unsupported mode for a cipher. * \return A cipher-specific error code on failure. @@ -620,10 +622,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * \param olen The length of the data written to the \p output buffer. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails. - * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption - * expected a full block but was not provided one. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. + * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption + * expecting a full block but not receiving one. * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * while decrypting. * \return A cipher-specific error code on failure. @@ -684,9 +686,10 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * ciphers, use \p iv = NULL and \p iv_len = 0. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption - * expected a full block but was not provided one. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. + * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption + * expecting a full block but not receiving one. * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * while decrypting. * \return A cipher-specific error code on failure. @@ -716,7 +719,8 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * \param tag_len The desired length of the authentication tag. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return A cipher-specific error code on failure. */ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, @@ -749,7 +753,8 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * \param tag_len The length of the authentication tag. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. * \return A cipher-specific error code on failure. */ From c441f7490005800065b206dbfaabbabfe54b9fe7 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 14:38:20 +0100 Subject: [PATCH 477/504] Update cipher.h minor fix --- include/mbedtls/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 473181762..a13145208 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -97,7 +97,7 @@ typedef enum { */ typedef enum { MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */ - MBEDTLS_CIPHER_NULL, /**< The cipher-pair, treated as a stream cipher. */ + MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */ MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */ MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */ MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */ From 93f9919c26d8a42bc3ead452964b8e5b189b0522 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 14:41:33 +0100 Subject: [PATCH 478/504] Update cipher.h Fixed typo. --- include/mbedtls/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index a13145208..3ee2ab7db 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -82,7 +82,7 @@ typedef enum { MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ - MBEDTLS_CIPHER_ID_3DES, /**< The Trile DES cipher. */ + MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */ From 81021ca2da964aa34e30fba8ee672ddfbb504722 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Apr 2018 20:59:06 +0200 Subject: [PATCH 479/504] Improve ChangeLog entry --- ChangeLog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a005eb258..f0ccec9bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,9 +54,11 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. - * Put the Cryptographic API outside of the XXX_ALT macro check, so - alternative header file will not need to redefined the same API, - and to force alternative implementer to use the same API. + * Declare functions in header files even when an alternative implementation + of the corresponding module is activated by defining the corresponding + MBEDTLS_XXX_ALT macro. This means that alternative implementations do + not need to copy the declarations, and ensures that they will have the + same API. = mbed TLS 2.8.0 branch released 2018-03-16 From b2e111a288811b7edd4616dda55afd680c6d4195 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 20 Apr 2018 10:13:48 +0100 Subject: [PATCH 480/504] Update ecp.h Changes based on review comments. 2 comments still open pending decisions --- include/mbedtls/ecp.h | 95 ++++++++++++++++++++++--------------------- 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index c58a4b6ab..050283c4a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1,11 +1,11 @@ /** * \file ecp.h * - * \brief This file contains ECP definitions and functions. + * \brief This file provides an API for Elliptic Curves over GF(P) (ECP). * - * The use of Elliptic Curves over GF(P) (ECP) in cryptography and - * TLS is defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography and + * The use of ECP in cryptography and TLS is defined in + * Standards for Efficient Cryptography Group (SECG): SEC1 + * Elliptic Curve Cryptography and * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites * for Transport Layer Security (TLS). * @@ -43,7 +43,7 @@ */ #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested curve not available. */ +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested curve is not available. */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ @@ -65,7 +65,7 @@ extern "C" { #endif /** - * Definition of domain parameter identifiers: curve, subgroup and generator. + * Domain parameters: curve, subgroup, and generator. * * \note Only curves over prime fields are supported. * @@ -76,16 +76,16 @@ extern "C" { typedef enum { MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */ - MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for 192-bit NIST curve. */ - MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for 224-bit NIST curve. */ - MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for 256-bit NIST curve. */ - MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for 384-bit NIST curve. */ - MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for 521-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */ + MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */ + MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */ + MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */ + MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */ MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */ MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ - MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for a Curve25519 curve. */ - MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for a Curve448 curve. */ + MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */ + MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */ MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ @@ -105,7 +105,7 @@ typedef struct { mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ - uint16_t bit_size; /*!< The size of the curve in bits. */ + uint16_t bit_size; /*!< The curve size in bits. */ const char *name; /*!< A human-friendly name. */ } mbedtls_ecp_curve_info; @@ -132,15 +132,16 @@ mbedtls_ecp_point; * \brief The ECP group structure. * * We consider two types of curve equations: - *
    1. Short Weierstrass: y^2 = x^3 + A x + B mod P + *
      • Short Weierstrass: y^2 = x^3 + A x + B mod P * (SEC1 + RFC-4492)
        • *
      • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, - * Curve448)
    + * Curve448) * In both cases, the generator (\p G) for a prime-order subgroup is fixed. * * For Short Weierstrass, this subgroup is the whole curve, and its * cardinality is denoted by \p N. Our code requires that \p N is an - * odd prime. + * odd prime as mbedtls_ecp_mul() requires an odd number, and + * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. * * For Montgomery curves, we do not store \p A, but (A + 2) / 4, * which is the quantity used in the formulas. Additionally, \p nbits is @@ -160,15 +161,15 @@ typedef struct { mbedtls_ecp_group_id id; /*!< An internal group identifier. */ mbedtls_mpi P; /*!< The prime modulus of the base field. */ - mbedtls_mpi A; /*!< For (1) \p A in the equation or for - (2) (A + 2) / 4. */ - mbedtls_mpi B; /*!< For (1) \p B in the equation or - for (2) Unused. */ + mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For + Montgomery curves: (A + 2) / 4. */ + mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. + For Montgomery curves: unused. */ mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ mbedtls_mpi N; /*!< The order of \p G. */ size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< For (1) The number of bits in \p P, or - for (2) the private keys. */ + size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. + For Montgomery curves: the private keys. */ unsigned int h; /*!< \internal 1 if the constants are static. */ int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ @@ -176,7 +177,7 @@ typedef struct int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ void *t_data; /*!< Unused. */ mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ - size_t T_size; /*!< The number for pre-computed points. */ + size_t T_size; /*!< The number of pre-computed points. */ } mbedtls_ecp_group; @@ -498,7 +499,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point * \brief This function exports a point as a TLS ECPoint record. * * \param grp The ECP group used. - * \param pt The point to export. + * \param pt he point format to export to an \c MBEDTLS_ECP_PF_XXX constant. * \param format The export format. * \param olen The length of the data written. * \param buf The buffer to write to. @@ -631,9 +632,9 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * the NIST groups which all have a cofactor of 1. * * \note This function uses bare components rather than an - * mbedtls_ecp_keypair() structure, to ease use with other - * structures. For example, mbedtls_ecdh_context() or - * mbedtls_ecdsa_context(). + * ::mbedtls_ecp_keypair structure, to ease use with other + * structures, such as ::mbedtls_ecdh_context or + * ::mbedtls_ecdsa_context. * * \param grp The curve the point should lie on. * \param pt The point to check. @@ -648,9 +649,9 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po * key for this curve. * * \note This function uses bare components rather than an - * mbedtls_ecp_keypair() structure to ease use with other - * structures such as mbedtls_ecdh_context() or - * mbedtls_ecdsa_context(). + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context() or + * ::mbedtls_ecdsa_context. * * \param grp The group used. * \param d The integer to check. @@ -665,10 +666,10 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi * * point. * * \note This function uses bare components rather than an - * mbedtls_ecp_keypair() structure to ease use with other - * structures such as mbedtls_ecdh_context() or - * mbedtls_ecdsa_context(). -* + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or + * ::mbedtls_ecdsa_context. + * * \param grp The ECP group. * \param G The chosen base point. * \param d The destination MPI (secret part). @@ -690,9 +691,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, * \brief This function generates an ECP keypair. * * \note This function uses bare components rather than an - * mbedtls_ecp_keypair() structure to ease use with other - * structures such as mbedtls_ecdh_context() or - * mbedtls_ecdsa_context(). + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or + * ::mbedtls_ecdsa_context. * * \param grp The ECP group. * \param d The destination MPI (secret part). @@ -724,17 +725,19 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief This function checks a public-private key pair. + * \brief This function checks that the keypair objects + * \p pub and \p prv have the same group and the + * same public point, and that the private key in + * \p prv is consistent with the public key. * * \param pub The keypair structure holding the public key. - * \param prv The keypair structure holding the private key. + * If it contains a private key, that part is ignored. + * \param prv The keypair structure holding the full keypair. * - * \note The both are keypairs, and may optionally hold the corresponding other key, but the public key passed in thee pub is checked against the private key passed in prv. - * - * \return \c 0 on success - the keys are valid and match. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or an \c - * MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX - * error code on failure. + * \return \c 0 on success, meaning that the keys are valid and match. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match. + * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * error code on calculation failure. */ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); From f089fa334181d89bdd37a50b933c9568d1426e4d Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 20 Apr 2018 10:41:16 +0100 Subject: [PATCH 481/504] Update ecp.h minor spacing/comment format fixes --- include/mbedtls/ecp.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 050283c4a..1a5d7d798 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -232,7 +232,6 @@ mbedtls_ecp_keypair; * 521 145 141 135 120 97 * 384 214 209 198 177 146 * 256 320 320 303 262 226 - * 224 475 475 453 398 342 * 192 640 640 633 587 476 */ @@ -596,7 +595,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /** * \brief This function performs multiplication and addition of two * points by integers: \p R = \p m * \p P + \p n * \p Q - + * * It is not thread-safe to use same group in multiple threads. * * \note In contrast to mbedtls_ecp_mul(), this function does not @@ -680,7 +679,7 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. - */ + */ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, From 5462e028743938c120e35c0a410955bb055f1a4f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 20 Apr 2018 07:58:53 -0400 Subject: [PATCH 482/504] ssl_tls: Fix invalid buffer sizes during compression / decompression Adjust information passed to zlib to include already written data. --- ChangeLog | 2 ++ library/ssl_tls.c | 13 ++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae8d86f20..e15a53b6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,8 @@ Bugfix in the internal buffers; these cases lead to deadlocks in case event-driven I/O was used. Found and reported by Hubert Mis in #772. + * Fix invalid buffer sizes passed to zlib during record compression and + decompression. Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8063d2c1..9374961bd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2108,6 +2108,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) { int ret; unsigned char *msg_post = ssl->out_msg; + ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf; size_t len_pre = ssl->out_msglen; unsigned char *msg_pre = ssl->compress_buf; @@ -2127,7 +2128,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) ssl->transform_out->ctx_deflate.next_in = msg_pre; ssl->transform_out->ctx_deflate.avail_in = len_pre; ssl->transform_out->ctx_deflate.next_out = msg_post; - ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN; + ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - bytes_written; ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); if( ret != Z_OK ) @@ -2137,7 +2138,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) } ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN - - ssl->transform_out->ctx_deflate.avail_out; + ssl->transform_out->ctx_deflate.avail_out - bytes_written; MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", ssl->out_msglen ) ); @@ -2154,6 +2155,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) { int ret; unsigned char *msg_post = ssl->in_msg; + ptrdiff_t bytes_written = ssl->in_msg - ssl->in_buf; size_t len_pre = ssl->in_msglen; unsigned char *msg_pre = ssl->compress_buf; @@ -2173,7 +2175,8 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) ssl->transform_in->ctx_inflate.next_in = msg_pre; ssl->transform_in->ctx_inflate.avail_in = len_pre; ssl->transform_in->ctx_inflate.next_out = msg_post; - ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN; + ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - + bytes_written; ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); if( ret != Z_OK ) @@ -2182,8 +2185,8 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); } - ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN - - ssl->transform_in->ctx_inflate.avail_out; + ssl->in_msglen = MBEDTLS_SSL_BUFFER_LEN - + ssl->transform_in->ctx_inflate.avail_out - bytes_written; MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", ssl->in_msglen ) ); From 1d3b508b825f0f4fc2e27694fde6aa1c56184f34 Mon Sep 17 00:00:00 2001 From: Mohammad Azim Khan Date: Wed, 18 Apr 2018 19:35:00 +0100 Subject: [PATCH 483/504] Same ciphersuite validation in server and client hello --- ChangeLog | 2 ++ library/ssl_cli.c | 92 +++++++++++++++++++++++++++-------------------- 2 files changed, 55 insertions(+), 39 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3e5dd6808..100551972 100644 --- a/ChangeLog +++ b/ChangeLog @@ -64,6 +64,8 @@ Bugfix * Fix buffer length assertions in the ssl_parse_certificate_request() function which leads to a potential one byte overread of the message buffer. + * Fix cipher suite validation in ssl_parse_server_hello() by performing same + checks as performed in ssl_write_client_hello(). Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7cde5b113..efcf48bc0 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -717,6 +717,45 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) return( 0 ); } +/** + * \brief Validate cipher suite against config in SSL context. + * + * \param suite_info cipher suite to validate + * \param ssl SSL context + * + * \return 0 if valid, else 1 + */ +static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info, + const mbedtls_ssl_context * ssl ) +{ + if( suite_info == NULL ) + return( 1 ); + + if( suite_info->min_minor_ver > ssl->conf->max_minor_ver || + suite_info->max_minor_ver < ssl->conf->min_minor_ver ) + return( 1 ); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) + return( 1 ); +#endif + +#if defined(MBEDTLS_ARC4_C) + if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && + suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) + return( 1 ); +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) + return( 1 ); +#endif + + return( 0 ); +} + static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { int ret; @@ -869,31 +908,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); - if( ciphersuite_info == NULL ) + if( ssl_validate_ciphersuite( ciphersuite_info, ssl ) != 0 ) continue; - if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver || - ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver ) - continue; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) - continue; -#endif - -#if defined(MBEDTLS_ARC4_C) - if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && - ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) - continue; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - continue; -#endif - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", ciphersuites[i] ) ); @@ -1690,22 +1707,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); - suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); - if( suite_info == NULL -#if defined(MBEDTLS_ARC4_C) - || ( ssl->conf->arc4_disabled && - suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) -#endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); - } - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); - + /* Perform cipher suite validation in same way as in ssl_write_client_hello. + */ i = 0; while( 1 ) { @@ -1724,6 +1727,17 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } } + suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); + if( ssl_validate_ciphersuite( suite_info, ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); + if( comp != MBEDTLS_SSL_COMPRESS_NULL #if defined(MBEDTLS_ZLIB_SUPPORT) && comp != MBEDTLS_SSL_COMPRESS_DEFLATE From abc9ec73b04c9e7f0e3fb3123471c33a973eed36 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 23 Apr 2018 06:16:40 +0100 Subject: [PATCH 484/504] Update ecdsa.h Merged change to MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH from other commit for merging, as requested (lines 282+283). --- include/mbedtls/ecdsa.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 11df7e215..ce1a03d79 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -279,8 +279,8 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. - * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than \p siglen. + * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid + * signature in \p sig, but its length is less than \p siglen. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. */ From d76ac587d3b4eb37548b032d6fd6765575ee9959 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 23 Apr 2018 06:29:34 +0100 Subject: [PATCH 485/504] Update ecp.h Changes based on review comments. Waiting for responses on 2 remaining comments --- include/mbedtls/ecp.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1a5d7d798..f7f57c073 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -43,7 +43,7 @@ */ #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested curve is not available. */ +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, . */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ @@ -65,7 +65,7 @@ extern "C" { #endif /** - * Domain parameters: curve, subgroup, and generator. + * Domain-parameter identifiers: curve, subgroup, and generator. * * \note Only curves over prime fields are supported. * @@ -169,7 +169,8 @@ typedef struct mbedtls_mpi N; /*!< The order of \p G. */ size_t pbits; /*!< The number of bits in \p P.*/ size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. - For Montgomery curves: the private keys. */ + For Montgomery curves: the number of bits in the + private keys. */ unsigned int h; /*!< \internal 1 if the constants are static. */ int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ @@ -187,7 +188,7 @@ mbedtls_ecp_group; * A generic key-pair that may be used for ECDSA and fixed ECDH, for example. * * \note Members are deliberately in the same order as in the - * #mbedtls_ecdsa_context structure. + * ::mbedtls_ecdsa_context structure. */ typedef struct { @@ -498,7 +499,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point * \brief This function exports a point as a TLS ECPoint record. * * \param grp The ECP group used. - * \param pt he point format to export to an \c MBEDTLS_ECP_PF_XXX constant. + * \param pt The point format to export to an \c MBEDTLS_ECP_PF_XXX constant. * \param format The export format. * \param olen The length of the data written. * \param buf The buffer to write to. @@ -649,7 +650,7 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po * * \note This function uses bare components rather than an * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context() or + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The group used. From c32efb3f641313279a5d75ff7e102ed84e32c899 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 23 Apr 2018 09:38:29 +0100 Subject: [PATCH 486/504] Update ecp.h Resolved last review comment --- include/mbedtls/ecp.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index f7f57c073..e11cdf2d8 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -499,7 +499,8 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point * \brief This function exports a point as a TLS ECPoint record. * * \param grp The ECP group used. - * \param pt The point format to export to an \c MBEDTLS_ECP_PF_XXX constant. + * \param pt The point format to export to. The point format is an + * \c MBEDTLS_ECP_PF_XXX constant. * \param format The export format. * \param olen The length of the data written. * \param buf The buffer to write to. From d35340550dea413e5a7ce872561eb84c96179be3 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 23 Apr 2018 16:12:42 +0100 Subject: [PATCH 487/504] Update ecp.h fixed omittion --- include/mbedtls/ecp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index e11cdf2d8..6924d4036 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -43,7 +43,7 @@ */ #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, . */ +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, the requested curve is not supported. */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ From a9ceef8e032e488e9b3821bfdac4b4dfba2f3a20 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 24 Apr 2018 06:32:44 -0400 Subject: [PATCH 488/504] Change variable bytes_written to header_bytes in record decompression The name is changed to better reflect the input, decompression case --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9374961bd..8a903c563 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2155,7 +2155,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) { int ret; unsigned char *msg_post = ssl->in_msg; - ptrdiff_t bytes_written = ssl->in_msg - ssl->in_buf; + ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf; size_t len_pre = ssl->in_msglen; unsigned char *msg_pre = ssl->compress_buf; @@ -2176,7 +2176,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) ssl->transform_in->ctx_inflate.avail_in = len_pre; ssl->transform_in->ctx_inflate.next_out = msg_post; ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - - bytes_written; + header_bytes; ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); if( ret != Z_OK ) @@ -2186,7 +2186,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) } ssl->in_msglen = MBEDTLS_SSL_BUFFER_LEN - - ssl->transform_in->ctx_inflate.avail_out - bytes_written; + ssl->transform_in->ctx_inflate.avail_out - header_bytes; MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", ssl->in_msglen ) ); From a7a6155272baaae2a99a0021ac0694842eeac392 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 24 Apr 2018 13:14:01 +0100 Subject: [PATCH 489/504] Update ecp.h One fix. Removed trailing whitespaces --- include/mbedtls/ecp.h | 107 +++++++++++++++++++++--------------------- 1 file changed, 53 insertions(+), 54 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 6924d4036..9fc650ee3 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -8,13 +8,13 @@ * Elliptic Curve Cryptography     and * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites * for Transport Layer Security (TLS). - * + * * RFC-2409: The Internet Key Exchange (IKE) defines ECP * group types. - * + * */ -/* +/* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * @@ -32,7 +32,7 @@ * * This file is part of Mbed TLS (https://tls.mbed.org) */ - + #ifndef MBEDTLS_ECP_H #define MBEDTLS_ECP_H @@ -114,10 +114,10 @@ typedef struct * * \note All functions expect and return points satisfying * the following condition: Z == 0 or - * Z == 1. Other values of \p Z are + * Z == 1. Other values of \p Z are * used only by internal functions. * The point is zero, or "at infinity", if Z == 0. - * Otherwise, \p X and \p Y are its standard (affine) + * Otherwise, \p X and \p Y are its standard (affine) * coordinates. */ typedef struct @@ -144,18 +144,17 @@ mbedtls_ecp_point; * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. * * For Montgomery curves, we do not store \p A, but (A + 2) / 4, - * which is the quantity used in the formulas. Additionally, \p nbits is + * which is the quantity used in the formulas. Additionally, \p nbits is * not the size of \p N but the required size for private keys. * - * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. - * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the - * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer which is - * congruent mod \p P to the given MPI, and is close enough to \p pbits in size, - * so that it may be efficiently brought in the 0..P-1 range by a few additions - * or subtractions. Therefore, it is only an approximative modular reduction. + * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. + * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the + * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer + * which is congruent mod \p P to the given MPI, and is close enough to \p pbits + * in size, so that it may be efficiently brought in the 0..P-1 range by a few + * additions or subtractions. Therefore, it is only an approximative modular + * reduction. It must return 0 on success and non-zero on failure. * - * \return \c 0 on success - * \return Non-zero error code on failure. */ typedef struct { @@ -169,10 +168,10 @@ typedef struct mbedtls_mpi N; /*!< The order of \p G. */ size_t pbits; /*!< The number of bits in \p P.*/ size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. - For Montgomery curves: the number of bits in the + For Montgomery curves: the number of bits in the private keys. */ unsigned int h; /*!< \internal 1 if the constants are static. */ - int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction + int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ @@ -187,7 +186,7 @@ mbedtls_ecp_group; * * A generic key-pair that may be used for ECDSA and fixed ECDH, for example. * - * \note Members are deliberately in the same order as in the + * \note Members are deliberately in the same order as in the * ::mbedtls_ecdsa_context structure. */ typedef struct @@ -298,7 +297,7 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); /** - * \brief This function retrieves curve information from a TLS + * \brief This function retrieves curve information from a TLS * NamedCurve value. * * \param tls_id An \c MBEDTLS_ECP_DP_XXX value. @@ -309,7 +308,7 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); /** - * \brief This function retrieves curve information from a + * \brief This function retrieves curve information from a * human-readable name. * * \param name The human-readable name. @@ -328,7 +327,7 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); /** * \brief This function initializes an ECP group context - * without loading any domain parameters. + * without loading any domain parameters. * * \note After this function is called, domain parameters * for various ECP groups can be loaded through the @@ -364,7 +363,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); /** - * \brief This function copies the contents of point \p Q into + * \brief This function copies the contents of point \p Q into * point \p P. * * \param P The destination point. @@ -376,7 +375,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); /** - * \brief This function copies the contents of group \p src into + * \brief This function copies the contents of group \p src into * group \p dst. * * \param dst The destination group. @@ -423,7 +422,7 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); /** - * \brief This function imports a non-zero point from two ASCII + * \brief This function imports a non-zero point from two ASCII * strings. * * \param P The destination point. @@ -459,7 +458,7 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ * \brief This function imports a point from unsigned binary data. * * \note This function does not check that the point actually - * belongs to the given group, see mbedtls_ecp_check_pubkey() + * belongs to the given group, see mbedtls_ecp_check_pubkey() * for that. * * \param grp The group to which the point should belong. @@ -518,7 +517,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \brief This function sets a group using standardized domain parameters. * * \note The index should be a value of the NamedCurve enum, - * as defined in RFC-4492: Elliptic Curve Cryptography + * as defined in RFC-4492: Elliptic Curve Cryptography * (ECC) Cipher Suites for Transport Layer Security (TLS), * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro. * @@ -528,7 +527,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \return \c 0 on success, * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups. - + */ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); @@ -563,7 +562,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen ); /** - * \brief This function performs multiplication of a point by + * \brief This function performs multiplication of a point by * an integer: \p R = \p m * \p P. * * It is not thread-safe to use same group in multiple threads. @@ -595,12 +594,12 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief This function performs multiplication and addition of two + * \brief This function performs multiplication and addition of two * points by integers: \p R = \p m * \p P + \p n * \p Q * * It is not thread-safe to use same group in multiple threads. * - * \note In contrast to mbedtls_ecp_mul(), this function does not + * \note In contrast to mbedtls_ecp_mul(), this function does not * guarantee a constant execution flow and timing. * * \param grp The ECP group. @@ -611,8 +610,8 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \param Q The point to be multiplied by \p n. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not - * valid private keys, or \p P or \p Q are not valid public + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not + * valid private keys, or \p P or \p Q are not valid public * keys. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ @@ -621,20 +620,20 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); /** - * \brief This function checks that a point is a valid public key + * \brief This function checks that a point is a valid public key * on this curve. * - * It only checks that the point is non-zero, has - * valid coordinates and lies on the curve. It does not verify - * that it is indeed a multiple of \p G. This additional + * It only checks that the point is non-zero, has + * valid coordinates and lies on the curve. It does not verify + * that it is indeed a multiple of \p G. This additional * check is computationally more expensive, is not required * by standards, and should not be necessary if the group - * used has a small cofactor. In particular, it is useless for + * used has a small cofactor. In particular, it is useless for * the NIST groups which all have a cofactor of 1. * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure, to ease use with other - * structures, such as ::mbedtls_ecdh_context or + * \note This function uses bare components rather than an + * ::mbedtls_ecp_keypair structure, to ease use with other + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The curve the point should lie on. @@ -646,12 +645,12 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); /** - * \brief This function checks that an \p mbedtls_mpi is a valid private + * \brief This function checks that an \p mbedtls_mpi is a valid private * key for this curve. * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or + * \note This function uses bare components rather than an + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The group used. @@ -663,12 +662,12 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); /** - * \brief This function generates a keypair with a configurable base + * \brief This function generates a keypair with a configurable base * point. * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or + * \note This function uses bare components rather than an + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The ECP group. @@ -691,9 +690,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, /** * \brief This function generates an ECP keypair. * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or + * \note This function uses bare components rather than an + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The ECP group. @@ -726,7 +725,7 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief This function checks that the keypair objects + * \brief This function checks that the keypair objects * \p pub and \p prv have the same group and the * same public point, and that the private key in * \p prv is consistent with the public key. @@ -735,9 +734,9 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * If it contains a private key, that part is ignored. * \param prv The keypair structure holding the full keypair. * - * \return \c 0 on success, meaning that the keys are valid and match. + * \return \c 0 on success, meaning that the keys are valid and match. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match. - * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX * error code on calculation failure. */ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); From 3dd8abd037f9b5a0a7b543fc38e18d0f349b0a42 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 24 Apr 2018 10:56:55 +0100 Subject: [PATCH 490/504] Regenerate errors after ecp.h updates The error descriptions were updated in ecp.h (PR #1578), so also update the strings in error.c. --- library/error.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/error.c b/library/error.c index 96ab20376..222d85b62 100644 --- a/library/error.c +++ b/library/error.c @@ -256,19 +256,19 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) ) mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" ); if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "ECP - Requested curve not available" ); + mbedtls_snprintf( buf, buflen, "ECP - The requested feature is not available, for example, the requested curve is not supported" ); if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) ) mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" ); if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) ) mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" ); if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) ) - mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" ); + mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as ephemeral key, failed" ); if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) ) mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" ); if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" ); + mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" ); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) From 21b376b56c64c7aadc13a4fc851cb3a298113246 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:28:26 -0500 Subject: [PATCH 491/504] Organize output objs in alfabetical order in Makefile --- library/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/Makefile b/library/Makefile index 0ce2a224e..c6ec15351 100644 --- a/library/Makefile +++ b/library/Makefile @@ -62,11 +62,11 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ padlock.o pem.o pk.o \ pk_wrap.o pkcs12.o pkcs5.o \ pkparse.o pkwrite.o platform.o \ - ripemd160.o rsa_internal.o rsa.o \ - sha1.o sha256.o sha512.o \ - threading.o timing.o version.o \ - version_features.o xtea.o \ - platform_util.o + platform_util.o ripemd160.o rsa_internal.o \ + rsa.o sha1.o sha256.o \ + sha512.o threading.o timing.o \ + version.o version_features.o \ + xtea.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ From bc7bdbf5c89768812fe4e5f0f62979488741bd04 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:29:20 -0500 Subject: [PATCH 492/504] Organize CMakeLists targets in alphabetical order --- library/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 648b151a0..e52573117 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -46,6 +46,7 @@ set(src_crypto pkparse.c pkwrite.c platform.c + platform_util.c ripemd160.c rsa.c rsa_internal.c @@ -57,7 +58,6 @@ set(src_crypto version.c version_features.c xtea.c - platform_util.c ) set(src_x509 From d0ef468d390f7847cb22dbc0297051dfb948eb97 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:31:34 -0500 Subject: [PATCH 493/504] Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 67ad4b268..7c9acb230 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2866,8 +2866,8 @@ * versions of the C language standards do not provide a secure implementation * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from the C - * standard (e.g using memset_s() in C11) or calling a secure memset() from + * example by using directives specific to their compiler, features from newer + * C standards (e.g using memset_s() in C11) or calling a secure memset() from * their system (e.g explicit_bzero() in BSD). */ //#define MBEDTLS_PLATFORM_ZEROIZE_ALT From 708c5cb6ab2602767e40e6f7f7164c42b401f04b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:33:31 -0500 Subject: [PATCH 494/504] mbedtls_zeroize -> mbedtls_platform_zeroize in docs --- tests/scripts/all.sh | 2 +- tests/scripts/test_zeroize.gdb | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 53f2a93de..de0bbcc42 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -909,7 +909,7 @@ rm -rf "$OUT_OF_SOURCE_DIR" for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_zeroize()" + msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" cleanup CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 11ea37f97..617ab5544 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -25,10 +25,10 @@ # intelligent compiler could determine that this function clears a block of # memory that is not accessed later in the program, so removing the call to # mbedtls_platform_zeroize() does not have an observable behavior. However, -# inserting a test after a call to mbedtls_zeroize() to check whether the block -# of memory was correctly zeroed would force the compiler to not eliminate the -# mbedtls_platform_zeroize() call. If this does not occur, then the compiler -# potentially has a bug. +# inserting a test after a call to mbedtls_platform_zeroize() to check whether +# the block of memory was correctly zeroed would force the compiler to not +# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then +# the compiler potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. # From 56e06db1023255d19578cc4108ecf3b78053ccd7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:37:52 -0500 Subject: [PATCH 495/504] Improve mbedtls_platform_zeroize() docs --- include/mbedtls/platform_util.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index bda97102c..84f0732ee 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -34,19 +34,24 @@ extern "C" { /** * \brief Securely zeroize a buffer * - * \param buf Buffer to be zeroized - * \param len Length of the buffer in bytes + * The function is meant to wipe the data contained in a buffer so + * that it can no longer be recovered even if the program memory + * is later compromised. Call this function on sensitive data + * stored on the stack before returning from a function, and on + * sensitive data stored on the heap before freeing the heap + * object. * - * \note This implementation should never be optimized out by the - * compiler - * - * \note It is extremely difficult to guarantee that calls to + * It is extremely difficult to guarantee that calls to * mbedtls_platform_zeroize() are not removed by aggressive * compiler optimizations in a portable way. For this reason, Mbed * TLS provides the configuration option * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure * mbedtls_platform_zeroize() to use a suitable implementation for * their platform and needs + * + * \param buf Buffer to be zeroized + * \param len Length of the buffer in bytes + * */ void mbedtls_platform_zeroize( void *buf, size_t len ); From 6698d2fc5ca1feb5e6fceae4e9995de0843d3cb4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:39:07 -0500 Subject: [PATCH 496/504] Fix style for mbedtls_mpi_zeroize() --- library/bignum.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index fb748d8a1..02d93edcf 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -73,7 +73,8 @@ #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { +static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) +{ mbedtls_platform_zeroize( v, ciL * n ); } From 8491406803465667c4ee5d29b0ebd58bcd91cc87 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:40:46 -0500 Subject: [PATCH 497/504] Remove preprocessor directives around platform_util.h include --- library/ssl_srv.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 313938ee8..09b7a3fed 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -38,6 +38,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/platform_util.h" #include @@ -49,10 +50,6 @@ #include "mbedtls/platform_time.h" #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/platform_util.h" -#endif - #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, const unsigned char *info, From 03bac448db441d66612e2a2ed2c5e2f1ec2b04b8 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 25 Apr 2018 05:06:07 -0400 Subject: [PATCH 498/504] Change accepted ciphersuite versions when parsing server hello Accept only ciphersuites for version chosen by the server --- library/ssl_cli.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index efcf48bc0..f4dc02aba 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -722,17 +722,21 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * * \param suite_info cipher suite to validate * \param ssl SSL context + * \param min_minor_ver Minimal minor version to accept a cipher suite + * \param max_minor_ver Maximal minor version to accept a cipher suite * * \return 0 if valid, else 1 */ static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info, - const mbedtls_ssl_context * ssl ) + const mbedtls_ssl_context * ssl, + int min_minor_ver, int max_minor_ver ) { + (void) ssl; if( suite_info == NULL ) return( 1 ); - if( suite_info->min_minor_ver > ssl->conf->max_minor_ver || - suite_info->max_minor_ver < ssl->conf->min_minor_ver ) + if( suite_info->min_minor_ver > max_minor_ver || + suite_info->max_minor_ver < min_minor_ver ) return( 1 ); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -908,7 +912,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); - if( ssl_validate_ciphersuite( ciphersuite_info, ssl ) != 0 ) + if( ssl_validate_ciphersuite( ciphersuite_info, ssl, + ssl->conf->min_minor_ver, + ssl->conf->max_minor_ver ) != 0 ) continue; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", @@ -1707,7 +1713,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); - /* Perform cipher suite validation in same way as in ssl_write_client_hello. + /* + * Perform cipher suite validation in same way as in ssl_write_client_hello. */ i = 0; while( 1 ) @@ -1728,7 +1735,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); - if( ssl_validate_ciphersuite( suite_info, ssl ) != 0 ) + if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, From b7a18c049863bcddcc74321a0d32467216f844cd Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 25 Apr 2018 05:25:30 -0400 Subject: [PATCH 499/504] Changelog entry --- ChangeLog | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 100551972..a0810d1a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,11 @@ Security where an optional signature algorithms list is expected in the cases of the signature algorithms section being too short. In the debug builds the overread data is printed to the standard output. + * Fix a client-side bug in the validation of the server's ciphersuite choice + potentially leading to the client accepting a ciphersuite it didn't offer + or one that cannot be used with the (D)TLS version chosen by the server. + This may lead to corruption of internal data structures for some + configurations. Features * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables @@ -64,8 +69,6 @@ Bugfix * Fix buffer length assertions in the ssl_parse_certificate_request() function which leads to a potential one byte overread of the message buffer. - * Fix cipher suite validation in ssl_parse_server_hello() by performing same - checks as performed in ssl_write_client_hello(). Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. From fe0669f52ac62abf3a25c58e737eb467d013aa31 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 27 Apr 2018 17:43:32 +0100 Subject: [PATCH 500/504] ecp: Fix binary compatibility with group ID We naturally added the new Curve448 ECP group ID in alphabetical order in the mbedtls_ecp_group_id enum. However, this causes binary incompatibility issues as previous binaries will use values for groups that now have a different meaning. For example, MBEDTLS_ECP_DP_SECP192K1, old value 10, would mean Curve448 (MBEDTLS_ECP_DP_CURVE448) and the wrong group ID used. Fix the binary compatibility issue by adding new enum entries to the end of the enum, even though this isn't so great for readbility as the list is no longer in alphabetical order. However, the list wasn't perfectly in alphabetical order before anyway. --- include/mbedtls/ecp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 3ad74e602..3a407986d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -76,10 +76,10 @@ typedef enum MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */ - MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */ MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ + MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */ } mbedtls_ecp_group_id; /** From 7d7bad6b1ff3a8ac425c5725e29c4711ca22ec32 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 27 Apr 2018 13:07:13 +0100 Subject: [PATCH 501/504] Update version to 2.9.0 Bump SOVERSION for parity with 2.7.2 and 2.7.3. --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- library/Makefile | 2 +- tests/suites/test_suite_version.data | 4 ++-- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7a1ec76d1..f5b1001cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.9.0 branch released 2018-04-30 Security * Fix a bug in the X.509 module potentially leading to a buffer overread diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 7952cbcbd..e27c221bb 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.8.0 source code documentation + * @mainpage mbed TLS v2.9.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index ec7a46a53..510fa85b0 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.8.0" +PROJECT_NAME = "mbed TLS v2.9.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index c3ee649f5..aa52ce21e 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 8 +#define MBEDTLS_VERSION_MINOR 9 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02080000 -#define MBEDTLS_VERSION_STRING "2.8.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0" +#define MBEDTLS_VERSION_NUMBER 0x02090000 +#define MBEDTLS_VERSION_STRING "2.9.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.9.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7742c22d2..fc3febdbc 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -141,15 +141,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.8.0 SOVERSION 1) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.9.0 SOVERSION 2) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.8.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.9.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.8.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.9.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/library/Makefile b/library/Makefile index 0333815f0..97f796fcf 100644 --- a/library/Makefile +++ b/library/Makefile @@ -33,7 +33,7 @@ endif SOEXT_TLS=so.10 SOEXT_X509=so.0 -SOEXT_CRYPTO=so.1 +SOEXT_CRYPTO=so.2 # Set DLEXT=dylib to compile as a shared library for Mac OS X DLEXT ?= so diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 79cc751ec..0aca47023 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.8.0" +check_compiletime_version:"2.9.0" Check runtime library version -check_runtime_version:"2.8.0" +check_runtime_version:"2.9.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From b03120ad415e634433f98a82edf4762a9b59fb28 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 30 Apr 2018 16:40:25 +0100 Subject: [PATCH 502/504] Fix the ChangeLog for clarity, english and credit --- ChangeLog | 94 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7a1ec76d1..7af453fda 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,43 +3,46 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix a bug in the X.509 module potentially leading to a buffer overread - during CRT verification or to invalid or omitted checks for certificate - validity. The former can be triggered remotely, while the latter requires - a non DER-compliant certificate correctly signed by a trusted CA, or a - trusted CA with a non DER-compliant certificate. Found by luocm on GitHub. - Fixes #825. - * Fix buffer length assertion in the ssl_parse_certificate_request() - function which leads to an arbitrary overread of the message buffer. The - overreads could occur upon receiving a message malformed at the point - where an optional signature algorithms list is expected in the cases of - the signature algorithms section being too short. In the debug builds - the overread data is printed to the standard output. + * Fix an issue in the X.509 module which could lead to a buffer overread + during certificate validation. Additionally, the issue could also lead to + unnecessary callback checks being made or to some validation checks to be + omitted. The overread could be triggered remotely, while the other issues + would require a non DER-compliant certificate to be correctly signed by a + trusted CA, or a trusted CA with a non DER-compliant certificate. Found by + luocm. Fixes #825. + * Fix the buffer length assertion in the ssl_parse_certificate_request() + function which led to an arbitrary overread of the message buffer. The + overreads could be caused by receiving a malformed message at the point + where an optional signature algorithms list is expected when the signature + algorithms section is too short. In builds with debug output, the overread + data is output with the debug data. * Fix a client-side bug in the validation of the server's ciphersuite choice - potentially leading to the client accepting a ciphersuite it didn't offer - or one that cannot be used with the (D)TLS version chosen by the server. - This may lead to corruption of internal data structures for some - configurations. + which could potentially lead to the client accepting a ciphersuite it didn't + offer or a ciphersuite that cannot be used with the TLS or DTLS version + chosen by the server. This could lead to corruption of internal data + structures for some configurations. Features - * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables - during runtime, thereby reducing the RAM/ROM footprint by ~6kb. Suggested - and contributed by jkivilin in #394. + * Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES + tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB. + Suggested and contributed by jkivilin in pull request #394. * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and ECDH primitive functions (mbedtls_ecdh_gen_public(), mbedtls_ecdh_compute_shared()) are supported for now. Contributed by Nicholas Wilson (#348). API Changes - * Add function mbedtls_net_poll to public API allowing to wait for a - network context to become ready for reading or writing. - * Add function mbedtls_ssl_check_pending to public API allowing to check - if more data is pending to be processed in the internal message buffers. + * Extend the public API with the function of mbedtls_net_poll() to allow user + applications to wait for a network context to become ready before reading + or writing. + * Add function mbedtls_ssl_check_pending() to the public API to allow + a check for whether more more data is pending to be processed in the + internal message buffers. This function is necessary to determine when it is safe to idle on the underlying transport in case event-driven IO is used. Bugfix - * Fix spurious uninitialized variable warning in cmac.c. Fix independently + * Fix a spurious uninitialized variable warning in cmac.c. Fix independently contributed by Brian J Murray and David Brown. * Add missing dependencies in test suites that led to build failures in configurations that omit certain hashes or public-key algorithms. @@ -47,15 +50,16 @@ Bugfix * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. #1353 * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and - MBEDTLS_VERSION_FEATURES in test suites. Contributed by Deomid Ryabkov. - Fixes #1299, #1475. - * Fix dynamic library building process with Makefile on Mac OS X. Fixed by - mnacamura. + MBEDTLS_VERSION_FEATURES in some test suites. Contributed by + Deomid Ryabkov. Fixes #1299, #1475. + * Fix the Makefile build process for building shared libraries on Mac OS X. + Fixed by mnacamura. * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was - unable to parse keys with only the optional parameters field of the + unable to parse keys which had only the optional parameters field of the ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379. - * Return plaintext data sooner on unpadded CBC decryption, as stated in - the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. + * Return the plaintext data more quickly on unpadded CBC decryption, as + stated in the mbedtls_cipher_update() documentation. Contributed by + Andy Leiserson. * Fix overriding and ignoring return values when parsing and writing to a file in pk_sign program. Found by kevlut in #1142. * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations @@ -63,9 +67,8 @@ Bugfix to make progress. Previously, this error code was also occasionally returned when unexpected messages were being discarded, ignoring that further messages could potentially already be pending to be processed - in the internal buffers; these cases lead to deadlocks in case - event-driven I/O was used. - Found and reported by Hubert Mis in #772. + in the internal buffers; these cases led to deadlocks when event-driven + I/O was used. Found and reported by Hubert Mis in #772. * Fix buffer length assertions in the ssl_parse_certificate_request() function which leads to a potential one byte overread of the message buffer. @@ -74,18 +77,18 @@ Bugfix Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. - * Support cmake build where Mbed TLS is a subproject. Fix - contributed independently by Matthieu Volat and Arne Schwabe. + * Support cmake builds where Mbed TLS is a subproject. Fix contributed + independently by Matthieu Volat and Arne Schwabe. * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. * Do not define global mutexes around readdir() and gmtime() in configurations where the feature is disabled. Found and fixed by Gergely Budai. - * Harden mbedtls_ssl_config_free() against misuse, so that it doesn't - leak memory in case the user doesn't use mbedtls_ssl_conf_psk() and - instead incorrectly manipulates conf->psk and/or conf->psk_identity - directly. Found and fix submitted by junyeonLEE in #1220. + * Harden the function mbedtls_ssl_config_free() against misuse, so that it + doesn't leak memory if the user doesn't use mbedtls_ssl_conf_psk() and + instead incorrectly manipulates the configuration structure directly. + Found and fix submitted by junyeonLEE in #1220. * Provide an empty implementation of mbedtls_pkcs5_pbes2() when MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 without PBES2. Fixed by Marcos Del Sol Vives. @@ -96,7 +99,7 @@ Changes Krylov. * Improve the documentation of mbedtls_ssl_write(). Suggested by Paul Sokolovsky in #1356. - * Add an option in the makefile to support ar utilities where the operation + * Add an option in the Makefile to support ar utilities where the operation letter must not be prefixed by '-', such as LLVM. Found and fixed by Alex Hixon. * Allow configuring the shared library extension by setting the DLEXT @@ -109,8 +112,8 @@ Changes * Improve robustness of mbedtls_ssl_derive_keys against the use of HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan Chen in #1377. Fixes #1437. - * Improve security of RSA key generation by including criteria from FIPS - 186-4. Contributed by Jethro Beekman. #1380 + * Improve security of RSA key generation by including criteria from + FIPS 186-4. Contributed by Jethro Beekman. #1380 * Declare functions in header files even when an alternative implementation of the corresponding module is activated by defining the corresponding MBEDTLS_XXX_ALT macro. This means that alternative implementations do @@ -314,7 +317,7 @@ Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. - Found by projectgus and jethrogb, #836. + Found by projectgus and Jethro Beekman, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 @@ -508,8 +511,7 @@ Bugfix Previous behaviour was to keep processing data even after the alert has been sent. * Accept empty trusted CA chain in authentication mode - MBEDTLS_SSL_VERIFY_OPTIONAL. - Found by jethrogb. #864 + MBEDTLS_SSL_VERIFY_OPTIONAL. Found by Jethro Beekman. #864 * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to reflect bad EC curves within verification result. From e6a2a1aa97585fc5638953633ae6968d910a0b58 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 May 2018 13:57:53 +0100 Subject: [PATCH 503/504] Add the uodate to the soversion to the ChangeLog --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 3cfb4ced6..d1a69b7c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,7 +29,7 @@ Features * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and ECDH primitive functions (mbedtls_ecdh_gen_public(), mbedtls_ecdh_compute_shared()) are supported for now. Contributed by - Nicholas Wilson (#348). + Nicholas Wilson in pull request #348. API Changes * Extend the public API with the function of mbedtls_net_poll() to allow user @@ -74,6 +74,10 @@ Bugfix buffer. * Fix invalid buffer sizes passed to zlib during record compression and decompression. + * Fix the soversion of libmbedcrypto to match the soversion of the + maintained 2.7 branch. The soversion was increased in Mbed TLS + version 2.7.1 to reflect breaking changes in that release, but the + increment was missed in 2.8.0 and later releases outside of the 2.7 branch. Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. From 11999bb72ec165f4762f23a894f91d91c1adfa7a Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 13 Mar 2018 15:22:58 +0000 Subject: [PATCH 504/504] Fix minor code style issues --- ChangeLog | 20 +++++++------- Makefile | 6 ++-- include/mbedtls/dhm.h | 6 ++-- include/mbedtls/ecdh.h | 4 +-- include/mbedtls/ecp_internal.h | 2 +- include/mbedtls/entropy.h | 2 +- include/mbedtls/gcm.h | 2 +- include/mbedtls/platform.h | 4 +-- include/mbedtls/rsa.h | 4 +-- include/mbedtls/sha1.h | 2 +- include/mbedtls/ssl.h | 12 ++++---- include/mbedtls/ssl_ciphersuites.h | 2 +- library/asn1write.c | 4 --- library/ecjpake.c | 2 +- library/ssl_cli.c | 4 +-- library/ssl_tls.c | 32 +++------------------- library/x509_crt.c | 2 +- programs/ssl/ssl_client1.c | 2 +- programs/ssl/ssl_mail_client.c | 2 +- programs/ssl/ssl_server.c | 2 +- tests/compat.sh | 2 +- tests/scripts/gen_ctr_drbg.pl | 2 +- tests/scripts/gen_pkcs1_v21_sign_verify.pl | 6 ++-- tests/suites/main_test.function | 2 +- tests/suites/test_suite_gcm.function | 2 +- tests/suites/test_suite_mpi.data | 4 +-- tests/suites/test_suite_pkcs1_v15.data | 6 ++-- tests/suites/test_suite_ssl.function | 2 +- yotta/data/example-authcrypt/README.md | 8 +++--- yotta/data/example-benchmark/README.md | 8 +++--- yotta/data/example-hashing/README.md | 8 +++--- yotta/data/example-selftest/README.md | 8 +++--- 32 files changed, 73 insertions(+), 101 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7b50534ca..348864c0e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1730,7 +1730,7 @@ Features issuer_key_identifier, etc) * Optional blinding for RSA, DHM and EC * Support for multiple active certificate / key pairs in SSL servers for - the same host (Not to be confused with SNI!) + the same host (Not to be confused with SNI!) Changes * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 @@ -1961,7 +1961,7 @@ Changes PKCS#8 private key formats * Added mechanism to provide alternative implementations for all symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in - config.h) + config.h) * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated old PBKDF2 module @@ -1973,7 +1973,7 @@ Bugfix * x509parse_crt() now better handles PEM error situations * ssl_parse_certificate() now calls x509parse_crt_der() directly instead of the x509parse_crt() wrapper that can also parse PEM - certificates + certificates * x509parse_crtpath() is now reentrant and uses more portable stat() * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler * Fixed values for 2-key Triple DES in cipher layer @@ -2131,7 +2131,7 @@ Bugfix * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52) * Handle encryption with private key and decryption with public key as per - RFC 2313 + RFC 2313 * Handle empty certificate subject names * Prevent reading over buffer boundaries on X509 certificate parsing * mpi_add_abs() now correctly handles adding short numbers to long numbers @@ -2162,7 +2162,7 @@ Bugfix * x509parse_crt() now better handles PEM error situations * ssl_parse_certificate() now calls x509parse_crt_der() directly instead of the x509parse_crt() wrapper that can also parse PEM - certificates + certificates * Fixed values for 2-key Triple DES in cipher layer * ssl_write_certificate_request() can handle empty ca_chain @@ -2243,16 +2243,16 @@ Bugfix Features * Added ssl_session_reset() to allow better multi-connection pools of SSL contexts without needing to set all non-connection-specific - data and pointers again. Adapted ssl_server to use this functionality. + data and pointers again. Adapted ssl_server to use this functionality. * Added ssl_set_max_version() to allow clients to offer a lower maximum supported version to a server to help buggy server implementations. - (Closes ticket #36) + (Closes ticket #36) * Added cipher_get_cipher_mode() and cipher_get_cipher_operation() introspection functions (Closes ticket #40) * Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator * Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent - entropy sources + entropy sources Changes * Documentation for AES and Camellia in modes CTR and CFB128 clarified. @@ -2385,7 +2385,7 @@ Bugfixes * Corrected parsing of UTCTime dates before 1990 and after 1950 * Support more exotic OID's when parsing certificates - (found by Mads Kiilerich) + (found by Mads Kiilerich) * Support more exotic name representations when parsing certificates (found by Mads Kiilerich) * Replaced the expired test certificates @@ -2415,7 +2415,7 @@ Note: Most of these features have been donated by Fox-IT status, objects and configuration + Added verification callback on certificate chain verification to allow external blacklisting - + Additional example programs to show usage + + Additional example programs to show usage * Added support for PKCS#11 through the use of the libpkcs11-helper library diff --git a/Makefile b/Makefile index c18b99b2f..a0fcb2bc5 100644 --- a/Makefile +++ b/Makefile @@ -24,12 +24,12 @@ ifndef WINDOWS install: no_test mkdir -p $(DESTDIR)/include/mbedtls cp -r include/mbedtls $(DESTDIR)/include - + mkdir -p $(DESTDIR)/lib cp -RP library/libmbedtls.* $(DESTDIR)/lib cp -RP library/libmbedx509.* $(DESTDIR)/lib cp -RP library/libmbedcrypto.* $(DESTDIR)/lib - + mkdir -p $(DESTDIR)/bin for p in programs/*/* ; do \ if [ -x $$p ] && [ ! -d $$p ] ; \ @@ -44,7 +44,7 @@ uninstall: rm -f $(DESTDIR)/lib/libmbedtls.* rm -f $(DESTDIR)/lib/libmbedx509.* rm -f $(DESTDIR)/lib/libmbedcrypto.* - + for p in programs/*/* ; do \ if [ -x $$p ] && [ ! -d $$p ] ; \ then \ diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index f848e221d..75317a8e6 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -1,12 +1,12 @@ /** * \file dhm.h * - * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange + * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange * definitions and functions. * * Diffie-Hellman-Merkle (DHM) key exchange is defined in - * RFC-2631: Diffie-Hellman Key Agreement Method and - * Public-Key Cryptography Standards (PKCS) #3: Diffie + * RFC-2631: Diffie-Hellman Key Agreement Method and + * Public-Key Cryptography Standards (PKCS) #3: Diffie * Hellman Key Agreement Standard. * * RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 922f029d7..5fdf55a88 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -2,8 +2,8 @@ * \file ecdh.h * * \brief This file contains ECDH definitions and functions. - * - * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous + * + * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous * key agreement protocol allowing two parties to establish a shared * secret over an insecure channel. Each party must have an * elliptic-curve public–private key pair. diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h index 8a6d517ed..18040697a 100644 --- a/include/mbedtls/ecp_internal.h +++ b/include/mbedtls/ecp_internal.h @@ -48,7 +48,7 @@ * [6] Digital Signature Standard (DSS), FIPS 186-4. * * - * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer + * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer * Security (TLS), RFC 4492. * * diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index fcb4d0255..a5cb05a58 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -166,7 +166,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ); * \param threshold Minimum required from source before entropy is released * ( with mbedtls_entropy_func() ) (in bytes) * \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or - * MBEDTSL_ENTROPY_SOURCE_WEAK. + * MBEDTLS_ENTROPY_SOURCE_WEAK. * At least one strong source needs to be added. * Weaker sources (such as the cycle counter) can be used as * a complement. diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 3c220331e..bec557714 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -116,7 +116,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * \param ctx The GCM context to use for encryption or decryption. * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or * #MBEDTLS_GCM_DECRYPT. - * \param length The length of the input data. This must be a multiple of + * \param length The length of the input data. This must be a multiple of * 16 except in the last call before mbedtls_gcm_finish(). * \param iv The initialization vector. * \param iv_len The length of the IV. diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a53229b38..bba770911 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -9,7 +9,7 @@ * system services, making the library easier to port and embed. * Application developers and users of the library can provide their own * implementations of these functions, or implementations specific to - * their platform, which can be statically linked to the library or + * their platform, which can be statically linked to the library or * dynamically configured at runtime. */ /* @@ -331,7 +331,7 @@ mbedtls_platform_context; * \note This function should be called before any other library functions. * * Its implementation is platform-specific, and unless - * platform-specific code is provided, it does nothing. + * platform-specific code is provided, it does nothing. * * \note The usage and necessity of this function is dependent on the platform. * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df6e3e557..19eb2ee74 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -5,7 +5,7 @@ * * The RSA public-key cryptosystem is defined in Public-Key * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption - * and Public-Key Cryptography Standards (PKCS) #1 v2.1: + * and Public-Key Cryptography Standards (PKCS) #1 v2.1: * RSA Cryptography Specifications. * */ @@ -781,7 +781,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \param olen The length of the plaintext. * \param input The buffer holding the encrypted data. * \param output The buffer to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. + * \param output_max_len The maximum length of the output buffer. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 8f805fb42..65a124c94 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -3,7 +3,7 @@ * * \brief This file contains SHA-1 definitions and functions. * - * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in + * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in * FIPS 180-4: Secure Hash Standard (SHS). * * \warning SHA-1 is considered a weak message digest and its use constitutes diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index bb9c02dbf..f91066d57 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1854,21 +1854,21 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** - * \brief Set or reset the hostname to check against the received - * server certificate. It sets the ServerName TLS extension, + * \brief Set or reset the hostname to check against the received + * server certificate. It sets the ServerName TLS extension, * too, if that extension is enabled. (client-side only) * * \param ssl SSL context * \param hostname the server hostname, may be NULL to clear hostname - + * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * - * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on + * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * * Hostname set to the one provided on success (cleared - * when NULL). On allocation failure hostname is cleared. + * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 545468a51..1d2aabc37 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -267,7 +267,7 @@ typedef enum { defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED #endif diff --git a/library/asn1write.c b/library/asn1write.c index 69b61b205..c01c83655 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -232,10 +232,6 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) int ret; size_t len = 0; - // TODO negative values and values larger than 128 - // DER format assumes 2s complement for numbers, so the leftmost bit - // should be 0 for positive numbers and 1 for negative numbers. - // if( *p - start < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); diff --git a/library/ecjpake.c b/library/ecjpake.c index e8f40862b..ec5a4007d 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -301,7 +301,7 @@ cleanup: */ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, const mbedtls_ecp_group *grp, - const int pf, + const int pf, const mbedtls_ecp_point *G, const mbedtls_mpi *x, const mbedtls_ecp_point *X, diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b3dc4db7c..7455e99d2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -352,7 +352,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *olen = 6; } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1281,7 +1281,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cf1b69492..bc9dc77e1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2445,8 +2445,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %lu were requested", + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "f_recv returned %d bytes but only %lu were requested", ret, (unsigned long)len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2500,8 +2500,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %lu bytes were sent", + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "f_send returned %d bytes but only %lu bytes were sent", ret, (unsigned long)ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -6950,30 +6950,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } } - /* - * The logic could be streamlined here. Instead of - * - Manually checking whether ssl->in_offt is NULL - * - Fetching a new record if yes - * - Setting ssl->in_offt if one finds an application record - * - Resetting keep_current_message after handling the application data - * one should - * - Adapt read_record to set ssl->in_offt automatically - * when a new application data record is processed. - * - Always call mbedtls_ssl_read_record here. - * This way, the logic of ssl_read would be much clearer: - * (1) Always call record layer and see what kind of record is on - * and have it ready for consumption (in particular, in_offt - * properly set for application data records). - * (2) If it's application data (either freshly fetched - * or something already being partially processed), - * serve the read request from it. - * (3) If it's something different from application data, - * handle it accordingly, e.g. potentially start a - * renegotiation. - * This will also remove the need to manually reset - * ssl->keep_current_message = 0 below. - */ - /* Loop as long as no application data record is available */ while( ssl->in_offt == NULL ) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 462cbcf12..290c1eb3d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -729,7 +729,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * memcpy( p, buf, crt->raw.len ); - // Direct pointers to the new buffer + // Direct pointers to the new buffer p += crt->raw.len - len; end = crt_end = p + len; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index fa7043173..01cee1354 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -30,7 +30,7 @@ #else #include #include -#define mbedtls_time time +#define mbedtls_time time #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index b49ffb478..04b847a69 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -31,7 +31,7 @@ #include #include #define mbedtls_time time -#define mbedtls_time_t time_t +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #endif diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index fd54f1726..dcdafbb86 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -31,7 +31,7 @@ #include #include #define mbedtls_time time -#define mbedtls_time_t time_t +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #endif diff --git a/tests/compat.sh b/tests/compat.sh index 34e38f10f..a2b2d5ba1 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -998,7 +998,7 @@ run_client() { if [ $EXIT -eq 0 ]; then RESULT=0 else - # If the cipher isn't supported... + # If the cipher isn't supported... if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then RESULT=1 else diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 66d9b3ab0..ee130247c 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -64,7 +64,7 @@ while (my $line = ) my $AdditionalInput2 = get_val("AdditionalInput"); my $EntropyInputPR2 = get_val("EntropyInputPR") if ($PredictionResistance == 1); my $ReturnedBits = get_val("ReturnedBits"); - + if ($PredictionResistance == 1) { print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n"); diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index 0d7fc7d1e..678e2f908 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -18,10 +18,10 @@ sub get_val($$) next if($line !~ /^# $str/); last; } - + while(my $line = ) { - last if($line eq "\r\n"); + last if($line eq "\r\n"); $val .= $line; } @@ -66,7 +66,7 @@ while (my $line = ) print(":\"$val_salt\""); print(":\"$val_sig\":0"); print("\n\n"); - } + } $cnt++; } close(TEST_DATA); diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 1390f9fbb..bf65bdad0 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -281,7 +281,7 @@ int main(int argc, const char *argv[]) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; -#endif +#endif /* Platform setup should be called in the beginning */ ret = platform_setup(); if( ret != 0 ) diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 308e14bb4..3d0830e98 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -35,7 +35,7 @@ void gcm_bad_parameters( int cipher_id, int direction, memset( tag_str, 0x00, sizeof( tag_str ) ); memset( output, 0x00, sizeof( output ) ); memset( tag_output, 0x00, sizeof( tag_output ) ); - + key_len = unhexify( key_str, hex_key_string ); pt_len = unhexify( src_str, hex_src_string ); iv_len = unhexify( iv_str, hex_iv_string ); diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 2a2cfce45..c45008823 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -301,10 +301,10 @@ mbedtls_mpi_add_mpi:10:"64380800680355443923012985496149269915138610753401343291 Base test mbedtls_mpi_add_mpi inplace #1 mbedtls_mpi_add_mpi_inplace:10:"12345678":10:"24691356" -Test mbedtls_mpi_add_mpi inplace #2 +Test mbedtls_mpi_add_mpi inplace #2 mbedtls_mpi_add_mpi_inplace:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"1287616013607108878460259709922985398302772215068026865836146879048276529684741260122739430789478268181845874665180769440794266671939098512645241958073373266427807905932350214193538360035292323703146295192780306" -Test mbedtls_mpi_add_mpi inplace #3 +Test mbedtls_mpi_add_mpi inplace #3 mbedtls_mpi_add_mpi_inplace:16:"ffffffffffffffffffffffffffffffff":16:"01fffffffffffffffffffffffffffffffe" Test mbedtls_mpi_add_int #1 diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data index db7a4cd4b..030940007 100644 --- a/tests/suites/test_suite_pkcs1_v15.data +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -13,19 +13,19 @@ pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda RSAES-V15 Encryption Test Vector Data too long 1 pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSAES-V15 Decryption Test Vector Padding too short 7 +RSAES-V15 Decryption Test Vector Padding too short 7 pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 Encryption Test Vector Data too long 3 pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSAES-V15 Decryption Test Vector Padding too short 5 +RSAES-V15 Decryption Test Vector Padding too short 5 pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 Encryption Test Vector Data too long 8 pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSAES-V15 Decryption Test Vector Padding too short 0 +RSAES-V15 Decryption Test Vector Padding too short 0 pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING RSASSA-V15 Signing Test Vector Int diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 60683afee..5cc32ab91 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -52,4 +52,4 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) mbedtls_ssl_free( &ssl ); } -/* END_CASE */ \ No newline at end of file +/* END_CASE */ diff --git a/yotta/data/example-authcrypt/README.md b/yotta/data/example-authcrypt/README.md index ae4b1efa9..4498b9dd4 100644 --- a/yotta/data/example-authcrypt/README.md +++ b/yotta/data/example-authcrypt/README.md @@ -38,11 +38,11 @@ To build and run this example you must have: 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - Use the following settings: + Use the following settings: - * 115200 baud (not 9600). - * 8N1. - * No flow control. + * 115200 baud (not 9600). + * 8N1. + * No flow control. 7. Press the Reset button on the board. diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 3b66916e5..715abee27 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -38,11 +38,11 @@ To build and run this example you must have: 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - Use the following settings: + Use the following settings: - * 115200 baud (not 9600). - * 8N1. - * No flow control. + * 115200 baud (not 9600). + * 8N1. + * No flow control. 7. Press the Reset button on the board. diff --git a/yotta/data/example-hashing/README.md b/yotta/data/example-hashing/README.md index 553c3a618..6f0f969d0 100644 --- a/yotta/data/example-hashing/README.md +++ b/yotta/data/example-hashing/README.md @@ -38,11 +38,11 @@ To build and run this example you must have: 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - Use the following settings: + Use the following settings: - * 115200 baud (not 9600). - * 8N1. - * No flow control. + * 115200 baud (not 9600). + * 8N1. + * No flow control. 7. Press the Reset button on the board. diff --git a/yotta/data/example-selftest/README.md b/yotta/data/example-selftest/README.md index 5bc22a685..b8e9cd49e 100644 --- a/yotta/data/example-selftest/README.md +++ b/yotta/data/example-selftest/README.md @@ -38,11 +38,11 @@ To build and run this example you must have: 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - Use the following settings: + Use the following settings: - * 115200 baud (not 9600). - * 8N1. - * No flow control. + * 115200 baud (not 9600). + * 8N1. + * No flow control. 7. Press the Reset button on the board.