From 7bcf2b5875d3d6b052ba94aa1f46a66e9eb33032 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Jul 2019 09:02:40 +0100 Subject: [PATCH 01/78] Introduce version comparing functions This zero-cost abstraction allows to change the internal encoding of TLS/DTLS versions in the future. --- include/mbedtls/platform_util.h | 6 ++ include/mbedtls/ssl_internal.h | 41 ++++++++- library/ssl_cli.c | 31 ++++--- library/ssl_srv.c | 42 ++++++--- library/ssl_tls.c | 125 ++++++++++++++++----------- programs/ssl/ssl_client2.c | 23 +++-- programs/ssl/ssl_server2.c | 23 +++-- tests/suites/test_suite_ssl.function | 2 +- 8 files changed, 207 insertions(+), 86 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 09d096518..98384add7 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -113,6 +113,12 @@ void mbedtls_param_failed( const char *failure_condition, #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(__GNUC__) || defined(__arm__) +#define MBEDTLS_ALWAYS_INLINE __attribute__((always_inline)) +#else +#define MBEDTLS_ALWAYS_INLINE +#endif + /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index df221fe8b..a1acc8462 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1237,6 +1237,44 @@ MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_read_version( #endif /* MBEDTLS_SSL_PROTO_TLS */ } + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_leq( int v0, int v1 ) +{ + return( v0 <= v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_lt( int v0, int v1 ) +{ + return( v0 < v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_geq( int v0, int v1 ) +{ + return( v0 >= v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 ) +{ + return( v0 > v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline size_t mbedtls_ssl_minor_ver_index( + int ver ) +{ + switch( ver ) + { + case MBEDTLS_SSL_MINOR_VERSION_0: + return( 0 ); + case MBEDTLS_SSL_MINOR_VERSION_1: + return( 1 ); + case MBEDTLS_SSL_MINOR_VERSION_2: + return( 2 ); + case MBEDTLS_SSL_MINOR_VERSION_3: + return( 3 ); + } + return( 0 ); +} + #ifdef __cplusplus } #endif @@ -1677,7 +1715,8 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced( #define MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, ver, info ) \ { \ int const *__id_ptr; \ - for( __id_ptr=(ssl)->conf->ciphersuite_list[ (ver) ]; \ + for( __id_ptr=(ssl)->conf->ciphersuite_list[ \ + mbedtls_ssl_minor_ver_index( ver ) ]; \ *__id_ptr != 0; __id_ptr++ ) \ { \ const int __id = *__id_ptr; \ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4e99a801b..ae1c400db 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -772,8 +772,10 @@ static int ssl_validate_ciphersuite( mbedtls_ssl_ciphersuite_handle_t suite_info if( suite_info == MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE ) return( 1 ); - if( mbedtls_ssl_suite_get_min_minor_ver( suite_info ) > max_minor_ver || - mbedtls_ssl_suite_get_max_minor_ver( suite_info ) < min_minor_ver ) + if( mbedtls_ssl_ver_gt( mbedtls_ssl_suite_get_min_minor_ver( suite_info ), + max_minor_ver ) || + mbedtls_ssl_ver_lt( mbedtls_ssl_suite_get_max_minor_ver( suite_info ), + min_minor_ver ) ) { return( 1 ); } @@ -1553,10 +1555,12 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1) * even is lower than our min version. */ - if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || - minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 || - major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) || - minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( major_ver, MBEDTLS_SSL_MAJOR_VERSION_3 ) || + mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_2 ) || + mbedtls_ssl_ver_gt( major_ver, + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) || + mbedtls_ssl_ver_gt( minor_ver, + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) ); @@ -1711,10 +1715,14 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->conf->transport, buf + 0 ); - if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) || - minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) || - major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) || - minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( major_ver, + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ) || + mbedtls_ssl_ver_lt( minor_ver, + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) || + mbedtls_ssl_ver_gt( major_ver, + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) || + mbedtls_ssl_ver_gt( minor_ver, + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - " " min: [%d:%d], server: [%d:%d], max: [%d:%d]", @@ -2926,7 +2934,8 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( mbedtls_ssl_get_minor_ver( ssl ) < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_3 ) ) { pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b058e7c81..11bed2fc2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -869,7 +869,8 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * present them a SHA-higher cert rather than failing if it's the only * one we got that satisfies the other conditions. */ - if( mbedtls_ssl_get_minor_ver( ssl ) < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_3 ) ) { mbedtls_md_type_t sig_md; { @@ -936,10 +937,12 @@ static int ssl_ciphersuite_is_match( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", mbedtls_ssl_suite_get_name( suite_info ) ) ); - if( mbedtls_ssl_suite_get_min_minor_ver( suite_info ) - > mbedtls_ssl_get_minor_ver( ssl ) || - mbedtls_ssl_suite_get_max_minor_ver( suite_info ) - < mbedtls_ssl_get_minor_ver( ssl ) ) + if( mbedtls_ssl_ver_gt( + mbedtls_ssl_suite_get_min_minor_ver( suite_info ), + mbedtls_ssl_get_minor_ver( ssl ) ) || + mbedtls_ssl_ver_lt( + mbedtls_ssl_suite_get_max_minor_ver( suite_info ), + mbedtls_ssl_get_minor_ver( ssl ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) ); return( 0 ); @@ -1111,7 +1114,8 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) ? buf[4] : mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); #endif - if( mbedtls_ssl_get_minor_ver( ssl ) < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ), + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" " [%d:%d] < [%d:%d]", @@ -1237,8 +1241,9 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) ); - if( mbedtls_ssl_get_minor_ver( ssl ) < - mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( + mbedtls_ssl_get_minor_ver( ssl ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); @@ -1652,8 +1657,10 @@ read_record_header: #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ - if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) || - minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( major_ver, + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ) || + mbedtls_ssl_ver_lt( minor_ver, + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" " [%d:%d] < [%d:%d]", @@ -1665,13 +1672,19 @@ read_record_header: return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); } - if( major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_gt( + major_ver, + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) ) { major_ver = mbedtls_ssl_conf_get_max_major_ver( ssl->conf ); minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); } - else if( minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + else if( mbedtls_ssl_ver_gt( + minor_ver, + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) + { minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); + } #if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER) ssl->major_ver = major_ver; @@ -2061,8 +2074,9 @@ read_record_header: { MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) ); - if( mbedtls_ssl_get_minor_ver( ssl ) < - mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( + mbedtls_ssl_get_minor_ver( ssl ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d4d51b5ef..d600668fe 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -861,7 +861,7 @@ MBEDTLS_ALWAYS_INLINE static inline int ssl_prf( int minor_ver, else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_3 ) ) return( tls1_prf( secret, slen, label, random, rlen, dstbuf, dlen ) ); else #endif @@ -1160,7 +1160,7 @@ MBEDTLS_ALWAYS_INLINE static inline int ssl_calc_finished( else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_3 ) ) ssl_calc_finished_tls( ssl, buf, from ); else #endif @@ -1484,7 +1484,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) + if( mbedtls_ssl_ver_geq( minor_ver, MBEDTLS_SSL_MINOR_VERSION_1 ) ) { /* For HMAC-based ciphersuites, initialize the HMAC transforms. For AEAD-based ciphersuites, there is nothing to do here. */ @@ -1759,7 +1759,7 @@ int mbedtls_ssl_calc_verify( int minor_ver, else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_3 ) ) ssl_calc_verify_tls( ssl, dst, hlen ); else #endif @@ -2513,8 +2513,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_transform_get_minor_ver( transform ) >= - MBEDTLS_SSL_MINOR_VERSION_1 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_1 ) ) { unsigned char mac[MBEDTLS_SSL_MAC_ADD]; @@ -2693,8 +2694,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Prepend per-record IV for block cipher in TLS v1.1 and up as per * Method 1 (6.2.3.2. in RFC4346 and RFC5246) */ - if( mbedtls_ssl_transform_get_minor_ver( transform ) >= - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { if( f_rng == NULL ) { @@ -2743,8 +2745,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( mbedtls_ssl_transform_get_minor_ver( transform ) < - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_lt( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { /* * Save IV in SSL3 and TLS1 @@ -3001,8 +3004,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Check immediate ciphertext sanity */ #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_transform_get_minor_ver( transform ) >= - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { /* The ciphertext is prefixed with the CBC IV. */ minlen += transform->ivlen; @@ -3107,8 +3111,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* * Initialize for prepended IV for block cipher in TLS v1.1 and up */ - if( mbedtls_ssl_transform_get_minor_ver( transform ) >= - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */ memcpy( transform->iv_dec, data, transform->ivlen ); @@ -3137,8 +3142,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( mbedtls_ssl_transform_get_minor_ver( transform ) < - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_lt( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { /* * Save IV in SSL3 and TLS1, where CBC decryption of consecutive @@ -3201,8 +3207,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_transform_get_minor_ver( transform ) > - MBEDTLS_SSL_MINOR_VERSION_0 ) + if( mbedtls_ssl_ver_gt( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_0 ) ) { /* The padding check involves a series of up to 256 * consecutive memory reads at the end of the record @@ -3300,8 +3307,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_transform_get_minor_ver( transform ) > - MBEDTLS_SSL_MINOR_VERSION_0 ) + if( mbedtls_ssl_ver_gt( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_0 ) ) { /* * Process MAC and always update for padlen afterwards to make @@ -5320,7 +5328,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - if( minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_gt( minor_ver, + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); @@ -8136,7 +8145,9 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, /* Adjust out_msg to make space for explicit IV, if used. */ if( transform != NULL && - mbedtls_ssl_get_minor_ver( ssl ) >= MBEDTLS_SSL_MINOR_VERSION_2 ) + mbedtls_ssl_ver_geq( + mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { ssl->out_msg = ssl->out_iv + transform->ivlen - transform->fixed_ivlen; } @@ -8625,10 +8636,10 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, const int *ciphersuites ) { - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; + conf->ciphersuite_list[0] = ciphersuites; + conf->ciphersuite_list[1] = ciphersuites; + conf->ciphersuite_list[2] = ciphersuites; + conf->ciphersuite_list[3] = ciphersuites; } void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, @@ -8638,10 +8649,14 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) return; - if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( minor, MBEDTLS_SSL_MINOR_VERSION_0 ) || + mbedtls_ssl_ver_gt( minor, MBEDTLS_SSL_MINOR_VERSION_3 ) ) + { return; + } - conf->ciphersuite_list[minor] = ciphersuites; + conf->ciphersuite_list[mbedtls_ssl_minor_ver_index( minor )] = + ciphersuites; } #endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ @@ -9395,8 +9410,12 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) /* For TLS 1.1 or higher, an explicit IV is added * after the record header. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_get_minor_ver( ssl ) >= MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) + { transform_expansion += block_size; + } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ break; @@ -10602,7 +10621,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_get_minor_ver( ssl ) >= MBEDTLS_SSL_MINOR_VERSION_1 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_1 ) ) { ret = mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_WARNING, @@ -10810,7 +10831,9 @@ static int ssl_write_split( mbedtls_ssl_context *ssl, if( ssl->conf->cbc_record_splitting == MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || len <= 1 || - mbedtls_ssl_get_minor_ver( ssl ) > MBEDTLS_SSL_MINOR_VERSION_1 || + mbedtls_ssl_ver_gt( + mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_1 ) || mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) != MBEDTLS_MODE_CBC ) { @@ -11406,14 +11429,18 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, * least check it matches the requirements for serializing. */ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) || - mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) < - MBEDTLS_SSL_MAJOR_VERSION_3 || - mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) > - MBEDTLS_SSL_MAJOR_VERSION_3 || - mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) < - MBEDTLS_SSL_MINOR_VERSION_3 || - mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) > - MBEDTLS_SSL_MINOR_VERSION_3 || + mbedtls_ssl_ver_lt( + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ), + MBEDTLS_SSL_MAJOR_VERSION_3 ) || + mbedtls_ssl_ver_gt( + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ), + MBEDTLS_SSL_MAJOR_VERSION_3 ) || + mbedtls_ssl_ver_lt( + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ), + MBEDTLS_SSL_MINOR_VERSION_3 ) || + mbedtls_ssl_ver_gt( + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ), + MBEDTLS_SSL_MINOR_VERSION_3 ) || mbedtls_ssl_conf_is_renegotiation_enabled( ssl->conf ) ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -11938,11 +11965,11 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = - ssl_preset_suiteb_ciphersuites; + conf->ciphersuite_list[0] = + conf->ciphersuite_list[1] = + conf->ciphersuite_list[2] = + conf->ciphersuite_list[3] = + ssl_preset_suiteb_ciphersuites; #endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -11990,11 +12017,11 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = - mbedtls_ssl_list_ciphersuites(); + conf->ciphersuite_list[0] = + conf->ciphersuite_list[1] = + conf->ciphersuite_list[2] = + conf->ciphersuite_list[3] = + mbedtls_ssl_list_ciphersuites(); #endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 788793a49..5c13f8a26 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -69,6 +69,8 @@ int main( void ) #include "mbedtls/debug.h" #include "mbedtls/timing.h" +#include "mbedtls/ssl_internal.h" + #include #include #include @@ -1506,14 +1508,18 @@ int main( int argc, char *argv[] ) mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); if( opt.max_version != -1 && - mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) > opt.max_version ) + mbedtls_ssl_ver_gt( + mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ), + opt.max_version ) ) { mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } if( opt.min_version != -1 && - mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) < opt.min_version ) + mbedtls_ssl_ver_lt( + mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ), + opt.min_version ) ) { mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; @@ -1523,17 +1529,24 @@ int main( int argc, char *argv[] ) /* If the server selects a version that's not supported by * this suite, then there will be no common ciphersuite... */ if( opt.max_version == -1 || - opt.max_version > mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) + mbedtls_ssl_ver_gt( + opt.max_version, + mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) ) { opt.max_version = mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ); } - if( opt.min_version < mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) + if( mbedtls_ssl_ver_lt( + opt.min_version, + mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) ) { opt.min_version = mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ); /* DTLS starts with TLS 1.1 */ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 ) + mbedtls_ssl_ver_lt( opt.min_version, + MBEDTLS_SSL_MINOR_VERSION_2 ) ) + { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; + } } /* Enable RC4 if needed and not explicitly disabled */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 890725e75..a7b5b4d85 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -68,6 +68,8 @@ int main( void ) #include "mbedtls/debug.h" #include "mbedtls/timing.h" +#include "mbedtls/ssl_internal.h" + #include #include #include @@ -2232,14 +2234,18 @@ int main( int argc, char *argv[] ) mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); if( opt.max_version != -1 && - mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) > opt.max_version ) + mbedtls_ssl_ver_gt( + mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ), + opt.max_version ) ) { mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } if( opt.min_version != -1 && - mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) < opt.min_version ) + mbedtls_ssl_ver_lt( + mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ), + opt.min_version ) ) { mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; @@ -2249,17 +2255,24 @@ int main( int argc, char *argv[] ) /* If we select a version that's not supported by * this suite, then there will be no common ciphersuite... */ if( opt.max_version == -1 || - opt.max_version > mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) + mbedtls_ssl_ver_gt( + opt.max_version, + mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) ) { opt.max_version = mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ); } - if( opt.min_version < mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) + if( mbedtls_ssl_ver_lt( + opt.min_version, + mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) ) { opt.min_version = mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ); /* DTLS starts with TLS 1.1 */ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 ) + mbedtls_ssl_ver_lt( opt.min_version, + MBEDTLS_SSL_MINOR_VERSION_2 ) ) + { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; + } } /* Enable RC4 if needed and not explicitly disabled */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b177779e7..268d56cea 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -121,7 +121,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 ); CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 ); - if( ver > MBEDTLS_SSL_MINOR_VERSION_0 ) + if( mbedtls_ssl_ver_gt( ver, MBEDTLS_SSL_MINOR_VERSION_0 ) ) { CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc, md0, maclen ) == 0 ); From d5cfe6fbd00c76d3513836aafb62c02543ff9b2e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Jul 2019 11:59:45 +0100 Subject: [PATCH 02/78] Use native DTLS version encoding if only DTLS is enabled This commit changes the internal identifiers MBEDTLS_SSL_MINOR_VERSION_XXX in DTLS-only builds to match the version encoding used by the DTLS standard, encoding DTLS 1.0 as 255 and DTLS 1.2 as DTLS 1.0. Accordingly, the version comparison functions introduced in the previous commit must be re-implemented, as older version have _larger_ identifiers now. Further, since we identify DTLS 1.0 as MBEDTLS_SSL_MINOR_VERSION_2 and DTLS 1.2 as MBEDTLS_SSL_MINOR_VERSION_3, what remains is to define MBEDTLS_SSL_MINOR_VERSION_{0|1}. While these don't have any meaning meaning in DTLS, they still need to be set and obey the ordering in the sense that the version comparison functions '<=' should attest that MBEDTLS_SSL_MINOR_VERSION_i '<=' MBEDTLS_SSL_MINOR_VERSION_j for i <= j. Since '<=' is actually >= and the wire format value for DTLS 1.0 == MBEDTLS_SSL_MINOR_VERSION_2 is the 255, this forces us to use values beyond 255, and hence to extend the storage type for minor versions from uint8_t to uint16_t. --- include/mbedtls/ssl.h | 22 ++++++++++------ include/mbedtls/ssl_internal.h | 46 ++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7efb411f3..e3548422f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -139,11 +139,19 @@ /* * Various constants */ +#if !defined(MBEDTLS_SSL_PROTO_NO_TLS) #define MBEDTLS_SSL_MAJOR_VERSION_3 3 #define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ #define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ #define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ +#else /* MBEDTLS_SSL_PROTO_NO_TLS */ +#define MBEDTLS_SSL_MAJOR_VERSION_3 254 +#define MBEDTLS_SSL_MINOR_VERSION_0 257 /*!< unused */ +#define MBEDTLS_SSL_MINOR_VERSION_1 256 /*!< unused */ +#define MBEDTLS_SSL_MINOR_VERSION_2 255 /*!< DTLS v1.0 */ +#define MBEDTLS_SSL_MINOR_VERSION_3 253 /*!< DTLS v1.2 */ +#endif /* MBEDTLS_SSL_PROTO_NO_TLS */ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ @@ -1151,18 +1159,18 @@ struct mbedtls_ssl_config unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */ #endif -#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) - unsigned char max_major_ver; /*!< max. major version used */ -#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ -#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) - unsigned char max_minor_ver; /*!< max. minor version used */ -#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ #if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) unsigned char min_major_ver; /*!< min. major version used */ #endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) + unsigned char max_major_ver; /*!< max. major version used */ +#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ #if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) - unsigned char min_minor_ver; /*!< min. minor version used */ + uint16_t min_minor_ver; /*!< min. minor version used */ #endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) + uint16_t max_minor_ver; /*!< max. minor version used */ +#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ /* * Flags (bitfields) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index a1acc8462..a16811542 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1176,6 +1176,8 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_PROTO_TLS) + /* * Convert version numbers to/from wire format * and, for DTLS, to/from TLS equivalent. @@ -1258,6 +1260,50 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 ) return( v0 > v1 ); } +#else /* MBEDTLS_SSL_PROTO_TLS */ + +/* If only DTLS is enabled, we can match the internal encoding + * with the standard's encoding of versions. */ +static inline void mbedtls_ssl_write_version( int major, int minor, + int transport, + unsigned char ver[2] ) +{ + ((void) transport); + ver[0] = (unsigned char) major; + ver[1] = (unsigned char) minor; +} + +static inline void mbedtls_ssl_read_version( int *major, int *minor, + int transport, + const unsigned char ver[2] ) +{ + ((void) transport); + *major = ver[0]; + *minor = ver[1]; +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_leq( int v0, int v1 ) +{ + return( v0 >= v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_lt( int v0, int v1 ) +{ + return( v0 > v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_geq( int v0, int v1 ) +{ + return( v0 <= v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 ) +{ + return( v0 < v1 ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS */ + MBEDTLS_ALWAYS_INLINE static inline size_t mbedtls_ssl_minor_ver_index( int ver ) { From 7c5dc6b20a3eb64f4019390be701be714b6805d8 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 26 Aug 2019 13:12:35 +0300 Subject: [PATCH 03/78] Add test suite for tinycrypt Initially add a test for ECDH-part. --- tests/CMakeLists.txt | 1 + tests/suites/test_suite_tinycrypt.data | 2 ++ tests/suites/test_suite_tinycrypt.function | 35 ++++++++++++++++++++++ 3 files changed, 38 insertions(+) create mode 100644 tests/suites/test_suite_tinycrypt.data create mode 100644 tests/suites/test_suite_tinycrypt.function diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 5938a5fc8..2ea77e7e7 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -133,6 +133,7 @@ add_test_suite(poly1305) add_test_suite(shax) add_test_suite(ssl) add_test_suite(timing) +add_test_suite(tinycrypt) add_test_suite(rsa) add_test_suite(version) add_test_suite(xtea) diff --git a/tests/suites/test_suite_tinycrypt.data b/tests/suites/test_suite_tinycrypt.data new file mode 100644 index 000000000..85d599276 --- /dev/null +++ b/tests/suites/test_suite_tinycrypt.data @@ -0,0 +1,2 @@ +Tinycrypt ECDH +test_ecdh: diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function new file mode 100644 index 000000000..eb347ea49 --- /dev/null +++ b/tests/suites/test_suite_tinycrypt.function @@ -0,0 +1,35 @@ +/* BEGIN_HEADER */ + +#include "tinycrypt/ecc.h" +#include "tinycrypt/ecc_dh.h" +#include "tinycrypt/ecc_dsa.h" + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_USE_TINYCRYPT + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */ +void test_ecdh() +{ + uint8_t private1[NUM_ECC_BYTES] = {0}; + uint8_t private2[NUM_ECC_BYTES] = {0}; + uint8_t public1[2*NUM_ECC_BYTES] = {0}; + uint8_t public2[2*NUM_ECC_BYTES] = {0}; + uint8_t secret1[NUM_ECC_BYTES] = {0}; + uint8_t secret2[NUM_ECC_BYTES] = {0}; + + const struct uECC_Curve_t * curve = uECC_secp256r1(); + + TEST_ASSERT( uECC_make_key( public1, private1, curve ) != 0 ); + TEST_ASSERT( uECC_make_key( public2, private2, curve ) != 0 ); + + TEST_ASSERT( uECC_shared_secret( public2, private1, secret1, curve ) != 0 ); + + TEST_ASSERT( uECC_shared_secret( public1, private2, secret2, curve ) != 0 ); + + TEST_ASSERT( memcmp( secret1, secret2, sizeof( secret1 ) ) == 0 ); +} +/* END_CASE */ From 6c2f76e9cdae1b6c361238047ec909b35f3d8b8a Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 26 Aug 2019 13:34:45 +0300 Subject: [PATCH 04/78] Add a unit test for ECDSA Add a basic unit test for the ECDSA part of the tinycrypt. It generates keys, signs and verifies. Modified from tinycrypt tests found in tinycrypt-repository. --- tests/suites/test_suite_tinycrypt.data | 3 +++ tests/suites/test_suite_tinycrypt.function | 24 ++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/tests/suites/test_suite_tinycrypt.data b/tests/suites/test_suite_tinycrypt.data index 85d599276..d76550efe 100644 --- a/tests/suites/test_suite_tinycrypt.data +++ b/tests/suites/test_suite_tinycrypt.data @@ -1,2 +1,5 @@ Tinycrypt ECDH test_ecdh: + +Tinycrypt ECDSA +test_ecdsa: diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function index eb347ea49..698058f01 100644 --- a/tests/suites/test_suite_tinycrypt.function +++ b/tests/suites/test_suite_tinycrypt.function @@ -33,3 +33,27 @@ void test_ecdh() TEST_ASSERT( memcmp( secret1, secret2, sizeof( secret1 ) ) == 0 ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */ +void test_ecdsa() +{ + uint8_t private[NUM_ECC_BYTES] = {0}; + uint8_t public[2*NUM_ECC_BYTES] = {0}; + uint8_t hash[NUM_ECC_BYTES] = {0}; + uint8_t sig[2*NUM_ECC_BYTES] = {0}; + unsigned int hash_words[NUM_ECC_WORDS] = {0}; + + const struct uECC_Curve_t * curve = uECC_secp256r1(); + + uECC_generate_random_int( hash_words, curve->n, + BITS_TO_WORDS( curve->num_n_bits ) ); + + uECC_vli_nativeToBytes( hash, NUM_ECC_BYTES, hash_words ); + + TEST_ASSERT( uECC_make_key( public, private, curve ) != 0 ); + + TEST_ASSERT( uECC_sign( private, hash, sizeof( hash ), sig, curve ) != 0 ); + + TEST_ASSERT( uECC_verify( public, hash, sizeof( hash ), sig, curve ) != 0 ); +} +/* END_CASE */ \ No newline at end of file From 34fcbfe2879c2e1f3beed265f7fb9b6c9639bafd Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 26 Aug 2019 14:37:33 +0300 Subject: [PATCH 05/78] Add rng for the tinycrypt tests Use rnd_std_rand for the rng. --- tests/suites/test_suite_tinycrypt.function | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function index 698058f01..0691d1058 100644 --- a/tests/suites/test_suite_tinycrypt.function +++ b/tests/suites/test_suite_tinycrypt.function @@ -4,6 +4,16 @@ #include "tinycrypt/ecc_dh.h" #include "tinycrypt/ecc_dsa.h" +static int uecc_rng_wrapper( uint8_t *dest, unsigned int size ) +{ + int ret; + ret = rnd_std_rand( NULL, dest, size ); + if( ret == 0 ) + return( (int) size ); + + return( 0 ); +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -23,7 +33,10 @@ void test_ecdh() const struct uECC_Curve_t * curve = uECC_secp256r1(); + uECC_set_rng( &uecc_rng_wrapper ); + TEST_ASSERT( uECC_make_key( public1, private1, curve ) != 0 ); + TEST_ASSERT( uECC_make_key( public2, private2, curve ) != 0 ); TEST_ASSERT( uECC_shared_secret( public2, private1, secret1, curve ) != 0 ); @@ -45,6 +58,8 @@ void test_ecdsa() const struct uECC_Curve_t * curve = uECC_secp256r1(); + uECC_set_rng( &uecc_rng_wrapper ); + uECC_generate_random_int( hash_words, curve->n, BITS_TO_WORDS( curve->num_n_bits ) ); From a7e0f632fcf1f0b4f3e7d5c33411c5f624946910 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 2 Sep 2019 09:47:37 +0300 Subject: [PATCH 06/78] Add unit tests for primitive test vectors Add a unit test for both ECDSA and ECDH, testing reference test vectors for secp256r1. --- tests/suites/test_suite_tinycrypt.data | 6 +++ tests/suites/test_suite_tinycrypt.function | 59 +++++++++++++++++++++- 2 files changed, 64 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_tinycrypt.data b/tests/suites/test_suite_tinycrypt.data index d76550efe..ac2a8e23e 100644 --- a/tests/suites/test_suite_tinycrypt.data +++ b/tests/suites/test_suite_tinycrypt.data @@ -3,3 +3,9 @@ test_ecdh: Tinycrypt ECDSA test_ecdsa: + +ECDH primitive rfc 5903 p256 +ecdh_primitive_testvec:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"DAD0B65394221CF9B051E1FECA5787D098DFE637FC90B9EF945D0C3772581180":"5271A0461CDB8252D61F1C456FA3E59AB1F45B33ACCF5F58389E0577B8990BB3":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D12DFB5289C8D4F81208B70270398C342296970A0BCCB74C736FC7554494BF63":"56FBF3CA366CC23E8157854C13C58D6AAC23F046ADA30F8353E74F33039872AB":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE" + +ECDSA primitive rfc 4754 p256 +ecdsa_primitive_testvec:"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":1 diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function index 0691d1058..36e4c66cd 100644 --- a/tests/suites/test_suite_tinycrypt.function +++ b/tests/suites/test_suite_tinycrypt.function @@ -71,4 +71,61 @@ void test_ecdsa() TEST_ASSERT( uECC_verify( public, hash, sizeof( hash ), sig, curve ) != 0 ); } -/* END_CASE */ \ No newline at end of file +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */ +void ecdh_primitive_testvec( data_t * private1, data_t * xA_str, + data_t * yA_str, data_t * private2, + data_t * xB_str, data_t * yB_str, data_t * z_str ) +{ + const struct uECC_Curve_t * curve = uECC_secp256r1(); + uint8_t public1[2*NUM_ECC_BYTES] = {0}; + uint8_t public2[2*NUM_ECC_BYTES] = {0}; + uint8_t secret1[NUM_ECC_BYTES] = {0}; + uint8_t secret2[NUM_ECC_BYTES] = {0}; + + memcpy( public1, xA_str->x, xA_str->len ); + memcpy( public1 + NUM_ECC_BYTES, yA_str->x, yA_str->len ); + memcpy( public2, xB_str->x, xB_str->len ); + memcpy( public2 + NUM_ECC_BYTES, yB_str->x, yB_str->len ); + + // Compute shared secrets and compare to test vector secret + TEST_ASSERT( uECC_shared_secret( public2, private1->x, secret1, curve ) != 0 ); + + TEST_ASSERT( uECC_shared_secret( public1, private2->x, secret2, curve ) != 0 ); + + TEST_ASSERT( memcmp( secret1, secret2, sizeof( secret1 ) ) == 0 ); + TEST_ASSERT( memcmp( secret1, z_str->x, sizeof( secret1 ) ) == 0 ); + TEST_ASSERT( memcmp( secret2, z_str->x, sizeof( secret2 ) ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */ +void ecdsa_primitive_testvec( data_t * xQ_str, data_t * yQ_str, + data_t * hash, data_t * r_str, data_t * s_str, + int result ) +{ + const struct uECC_Curve_t * curve = uECC_secp256r1(); + uint8_t pub_bytes[2*NUM_ECC_BYTES] = {0}; + uint8_t sig_bytes[2*NUM_ECC_BYTES] = {0}; + + memcpy( pub_bytes, xQ_str->x, xQ_str->len ); + memcpy( pub_bytes + NUM_ECC_BYTES, yQ_str->x, yQ_str->len ); + memcpy( sig_bytes, r_str->x, r_str->len ); + memcpy( sig_bytes + NUM_ECC_BYTES, s_str->x, r_str->len ); + + TEST_ASSERT( uECC_verify( pub_bytes, hash->x, hash->len, + sig_bytes, curve ) == result ); + + // Alter the signature and check the verification fails + for( int i = 0; i < 2*NUM_ECC_BYTES; i++ ) + { + uint8_t temp = sig_bytes[i]; + sig_bytes[i] = ( sig_bytes[i] + 1 ) % 256; + TEST_ASSERT( uECC_verify( pub_bytes, hash->x, hash->len, + sig_bytes, curve ) == 0 ); + sig_bytes[i] = temp; + } + +} +/* END_CASE */ From f35f35bcbef168ae306fd03ace78a8ea32ccfdd9 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 2 Sep 2019 15:36:49 +0300 Subject: [PATCH 07/78] Use rnd_std_rand for generating hash --- tests/suites/test_suite_tinycrypt.function | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function index 36e4c66cd..2cf656616 100644 --- a/tests/suites/test_suite_tinycrypt.function +++ b/tests/suites/test_suite_tinycrypt.function @@ -54,16 +54,12 @@ void test_ecdsa() uint8_t public[2*NUM_ECC_BYTES] = {0}; uint8_t hash[NUM_ECC_BYTES] = {0}; uint8_t sig[2*NUM_ECC_BYTES] = {0}; - unsigned int hash_words[NUM_ECC_WORDS] = {0}; const struct uECC_Curve_t * curve = uECC_secp256r1(); uECC_set_rng( &uecc_rng_wrapper ); - uECC_generate_random_int( hash_words, curve->n, - BITS_TO_WORDS( curve->num_n_bits ) ); - - uECC_vli_nativeToBytes( hash, NUM_ECC_BYTES, hash_words ); + TEST_ASSERT( rnd_std_rand( NULL, hash, NUM_ECC_BYTES ) == 0 ); TEST_ASSERT( uECC_make_key( public, private, curve ) != 0 ); From 28012e2ea2a43dc98850d1fcb821dbbdee0c2599 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Mon, 9 Sep 2019 08:42:11 +0300 Subject: [PATCH 08/78] Remove redundant rng wrapper --- tests/suites/test_suite_tinycrypt.function | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function index 2cf656616..24b331d80 100644 --- a/tests/suites/test_suite_tinycrypt.function +++ b/tests/suites/test_suite_tinycrypt.function @@ -4,16 +4,6 @@ #include "tinycrypt/ecc_dh.h" #include "tinycrypt/ecc_dsa.h" -static int uecc_rng_wrapper( uint8_t *dest, unsigned int size ) -{ - int ret; - ret = rnd_std_rand( NULL, dest, size ); - if( ret == 0 ) - return( (int) size ); - - return( 0 ); -} - /* END_HEADER */ /* BEGIN_DEPENDENCIES From 9b781b28801d3549ca5388355446178694a92d9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Jul 2019 14:32:27 +0200 Subject: [PATCH 09/78] Add MBEDTLS_SHA256_NO_SHA244 option (unimplemented) --- include/mbedtls/config.h | 10 ++++++++++ library/version_features.c | 3 +++ programs/ssl/query_config.c | 8 ++++++++ 3 files changed, 21 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f32498b1b..83405245e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1281,6 +1281,16 @@ */ //#define MBEDTLS_SHA256_SMALLER +/** + * \def MBEDTLS_SHA256_NO_SHA224 + * + * Disable the SHA-224 option of the SHA-256 module. Use this to save some + * code size on devices that don't use SHA-224. + * + * Uncomment to disable SHA-224 + */ +//#define MBEDTLS_SHA256_NO_SHA224 + /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * diff --git a/library/version_features.c b/library/version_features.c index bb655c0c9..961148bbb 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -435,6 +435,9 @@ static const char *features[] = { #if defined(MBEDTLS_SHA256_SMALLER) "MBEDTLS_SHA256_SMALLER", #endif /* MBEDTLS_SHA256_SMALLER */ +#if defined(MBEDTLS_SHA256_NO_SHA224) + "MBEDTLS_SHA256_NO_SHA224", +#endif /* MBEDTLS_SHA256_NO_SHA224 */ #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) "MBEDTLS_SSL_ALL_ALERT_MESSAGES", #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index dd5051466..627934fc3 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1202,6 +1202,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SHA256_SMALLER */ +#if defined(MBEDTLS_SHA256_NO_SHA224) + if( strcmp( "MBEDTLS_SHA256_NO_SHA224", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_NO_SHA224 ); + return( 0 ); + } +#endif /* MBEDTLS_SHA256_NO_SHA224 */ + #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) if( strcmp( "MBEDTLS_SSL_ALL_ALERT_MESSAGES", config ) == 0 ) { From 8463d29156127909f421692248411fd4526953c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Jul 2019 14:39:55 +0200 Subject: [PATCH 10/78] Implement MBEDTLS_SHA256_NO_SHA224 --- include/mbedtls/sha256.h | 2 ++ library/sha256.c | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index d64739820..2b98bee6f 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -60,8 +60,10 @@ typedef struct mbedtls_sha256_context uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[64]; /*!< The data block being processed. */ +#if !defined(MBEDTLS_SHA256_NO_SHA224) int is224; /*!< Determines which function to use: 0: Use SHA-256, or 1: Use SHA-224. */ +#endif } mbedtls_sha256_context; diff --git a/library/sha256.c b/library/sha256.c index 91d461c95..087302369 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -132,6 +132,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) } else { +#if defined(MBEDTLS_SHA256_NO_SHA224) + return( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ); +#else /* SHA-224 */ ctx->state[0] = 0xC1059ED8; ctx->state[1] = 0x367CD507; @@ -141,9 +144,12 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) ctx->state[5] = 0x68581511; ctx->state[6] = 0x64F98FA7; ctx->state[7] = 0xBEFA4FA4; +#endif } +#if !defined(MBEDTLS_SHA256_NO_SHA224) ctx->is224 = is224; +#endif return( 0 ); } @@ -395,7 +401,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, sha256_put_uint32_be( ctx->state[5], output, 20 ); sha256_put_uint32_be( ctx->state[6], output, 24 ); +#if !defined(MBEDTLS_SHA256_NO_SHA224) if( ctx->is224 == 0 ) +#endif sha256_put_uint32_be( ctx->state[7], output, 28 ); return( 0 ); From abebdd16efefeba317eea8089e2ae337a3dbc47f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Jul 2019 15:37:56 +0200 Subject: [PATCH 11/78] Adapt SHA-256 selftest to NO_SHA224 --- library/sha256.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 087302369..a141511cd 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -477,8 +477,9 @@ static const size_t sha256_test_buflen[3] = 3, 56, 1000 }; -static const unsigned char sha256_test_sum[6][32] = +static const unsigned char sha256_test_sum[][32] = { +#if !defined(MBEDTLS_SHA256_NO_SHA224) /* * SHA-224 test vectors */ @@ -494,6 +495,7 @@ static const unsigned char sha256_test_sum[6][32] = 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B, 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE, 0x4E, 0xE7, 0xAD, 0x67 }, +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ /* * SHA-256 test vectors @@ -512,6 +514,9 @@ static const unsigned char sha256_test_sum[6][32] = 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 } }; +#define SHA256_TEST_SUM_N \ + ( sizeof( sha256_test_sum ) / sizeof( sha256_test_sum[0] ) ) + /* * Checkup routine */ @@ -533,10 +538,14 @@ int mbedtls_sha256_self_test( int verbose ) mbedtls_sha256_init( &ctx ); - for( i = 0; i < 6; i++ ) + for( i = 0; i < (int) SHA256_TEST_SUM_N; i++ ) { j = i % 3; +#if !defined(MBEDTLS_SHA256_NO_SHA224) k = i < 3; +#else + k = 0; +#endif if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); From 5a26ff3cf97921c5164ada94b13a5c12efa025d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Jul 2019 15:38:12 +0200 Subject: [PATCH 12/78] Declare dependencies on !NO_SHA224 in test suites --- tests/suites/test_suite_ecdsa.data | 22 ++-- tests/suites/test_suite_hmac_drbg.misc.data | 8 +- .../test_suite_hmac_drbg.no_reseed.data | 120 +++++++++--------- tests/suites/test_suite_hmac_drbg.nopr.data | 120 +++++++++--------- tests/suites/test_suite_hmac_drbg.pr.data | 120 +++++++++--------- tests/suites/test_suite_md.data | 66 +++++----- tests/suites/test_suite_pkcs5.data | 10 +- tests/suites/test_suite_pkparse.data | 72 +++++------ tests/suites/test_suite_rsa.data | 16 +-- tests/suites/test_suite_shax.data | 14 +- tests/suites/test_suite_x509parse.data | 20 +-- tests/suites/test_suite_x509write.data | 2 +- 12 files changed, 295 insertions(+), 295 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index 59e209b36..d76376f63 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -58,11 +58,11 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"sample":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64" ECDSA deterministic test vector rfc 6979 p192 sha224 -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"sample":"A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5":"E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A" ECDSA deterministic test vector rfc 6979 p192 sha256 -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"sample":"4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55":"CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85" ECDSA deterministic test vector rfc 6979 p192 sha384 @@ -78,7 +78,7 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"test":"0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D":"EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7" ECDSA deterministic test vector rfc 6979 p192 sha224 -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"test":"6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34":"B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293" ECDSA deterministic test vector rfc 6979 p192 sha256 @@ -98,7 +98,7 @@ depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"sample":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69" ECDSA deterministic test vector rfc 6979 p224 sha224 -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"sample":"1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E":"A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC" ECDSA deterministic test vector rfc 6979 p224 sha256 @@ -118,7 +118,7 @@ depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"test":"DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C":"95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2" ECDSA deterministic test vector rfc 6979 p224 sha224 -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"test":"C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019":"902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4" ECDSA deterministic test vector rfc 6979 p224 sha256 @@ -138,7 +138,7 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"sample":"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32":"6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB" ECDSA deterministic test vector rfc 6979 p256 sha224 -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"sample":"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F":"B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C" ECDSA deterministic test vector rfc 6979 p256 sha256 @@ -158,7 +158,7 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"test":"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89":"01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1" ECDSA deterministic test vector rfc 6979 p256 sha224 -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"test":"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692":"C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D" ECDSA deterministic test vector rfc 6979 p256 sha256 @@ -178,7 +178,7 @@ depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"sample":"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2":"A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443" ECDSA deterministic test vector rfc 6979 p384 sha224 -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"sample":"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE060122":"9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D" ECDSA deterministic test vector rfc 6979 p384 sha256 @@ -198,7 +198,7 @@ depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"test":"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7":"D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282" ECDSA deterministic test vector rfc 6979 p384 sha224 -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"test":"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72":"07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66" ECDSA deterministic test vector rfc 6979 p384 sha256 @@ -218,7 +218,7 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"sample":"0343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D":"0E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16" ECDSA deterministic test vector rfc 6979 p521 sha224 -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"sample":"1776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E":"050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F" ECDSA deterministic test vector rfc 6979 p521 sha256 @@ -238,7 +238,7 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"test":"13BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367":"1E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF" ECDSA deterministic test vector rfc 6979 p521 sha224 -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"test":"1C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB":"177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4" ECDSA deterministic test vector rfc 6979 p521 sha256 diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index 64bce03b3..acbf3bae7 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_entropy_usage:MBEDTLS_MD_SHA1 HMAC_DRBG entropy usage SHA-224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA224 HMAC_DRBG entropy usage SHA-256 @@ -27,11 +27,11 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_seed_file:MBEDTLS_MD_SHA1:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA-224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_seed_file:MBEDTLS_MD_SHA224:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA-224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_seed_file:MBEDTLS_MD_SHA224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA-256 @@ -63,7 +63,7 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_buf:MBEDTLS_MD_SHA1 HMAC_DRBG from buffer SHA-224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_buf:MBEDTLS_MD_SHA224 HMAC_DRBG from buffer SHA-256 diff --git a/tests/suites/test_suite_hmac_drbg.no_reseed.data b/tests/suites/test_suite_hmac_drbg.no_reseed.data index d7e62a120..0cc9cc3b4 100644 --- a/tests/suites/test_suite_hmac_drbg.no_reseed.data +++ b/tests/suites/test_suite_hmac_drbg.no_reseed.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_no_reseed:MBEDTLS_MD_SHA1:"3e325daab3301856044f416f250b6161e447e63d85ca084f":"a9d2a53dbd7ef4b9150dd0ed4d002e56":"4de6c923346d7adc16bbe89b9a184a79":"9e9e3412635aec6fcfb9d00da0c49fb3":"48ac8646b334e7434e5f73d60a8f6741e472baabe525257b78151c20872f331c169abe25faf800991f3d0a45c65e71261be0c8e14a1a8a6df9c6a80834a4f2237e23abd750f845ccbb4a46250ab1bb63" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"a76e77a969ab92645181f0157802523746c34bf321867641051ed6ba39368033adc93d4e":"":"":"":"8925987db5566e60520f09bdddab488292bed92cd385e5b6fc223e1919640b4e34e34575033e56c0a8f608be21d3d221c67d39abec98d81312f3a2653d55ffbf44c337c82bed314c211be23ec394399ba351c4687dce649e7c2a1ba7b0b5dab125671b1bcf9008da65cad612d95ddc92" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"65cdaa5ab147d0c79fdd02b24fc94d0e427f59ef9a31f447458c6befe0c2cde5a58c6b7d":"":"":"":"0d164682b5bb552a53a2a942373639d98576450ca632faebc15060691a4219467c5aa106034cd19a214a0a4f31d402e68c4c565f49b33b680d522ef25f541e8202be779730376fdcf5b7b58fd6ac959204a88f91008651d2c02ada82505f914d4d9b9aea7967784e5320e185e1248270" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"650996f1477112af7604386be5ace78232904315d99d87d72a06709d331a6f930b447cf5":"":"":"":"d3341d7767cfd95640a107b3abaed7b4e1855b348e3ae5bcc53a0b0d49d4b4976837ec8f376f38327135578eca7ee583215bd5c79ebf499816f79afcc402ff1e9ffc4ad0f896761c9cff75050bf84baa194c355763b16b5d2648d480a2b48f22662685de39c7cee90aa0b6edf8062e42" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"898640ce467201a53e7731bdfb572977f7eb3e49050bc1e367ca74bf0a27376d339d09f4":"":"":"":"4f5eea927023b4abab5d4d9944e84ca001ee081cbc21d4080e1534ee6d1d8a6f60361029ffa983bcc79b5d65d4aaaaaf98983de13ddde39a739f9d95878fb31f57f96184e5f2f3adf654a468c616237fcbc6b2c194e247178cb90294f631c449a01f1fe09c02587c460305be9fc71b5a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fe405dd73956bf6ec875515eebd8c5ecd60553643da750914c83dfc93611d57390af7324":"":"":"":"d8ae0eb81913a190c439f8ffa56c06155a73f84b20608b2b2e9eab3061202cebad18ab8b3eba81672152c1c02ef573cd6e8623c392facb6a857425c6795cd7999c1e7f56f3fa9accca018076e0bfc106d075df98f5fb66f28933215e9276777dfc479e71a8d506a66197918d9b0f7a8f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"b06892f6f455afddc8eb60aae35b35a64f63b2aa85a2dae4ef489266f7bc354f72d68b71":"":"":"":"fc10c03fc37d3bd5fba6591a97f6354a9ed8ba2b6806744432851f43a3ce6418e39ccb417b8539e349acea588e2abe5da06147c9825c6e50a31f8589a57ca3bfb10f0da9c8e89fe2e372b5af1cf96e0fbeec5d99228770c41a76e587da7d8764d5f235f5d1d6188d84ae61c52c2164fb" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9174e174e9e031f62b2e19ae5c0bef22eed7d5598e6e73504759a2c15b05c2473a721d26":"":"":"":"1962f2d473b31a2576dbd78022f4eeb974641fa2e9cb582f03ab741929f51f0f4663129e68ddc242e1c2ceafacec3dccb97e09527aff46b948f0abcea1451699dc3ae4d3fb5e04c84337e17b504af2fb5f1aa6ec0033ddf138a188ee162c497526563a67da8015275d89f0e1e902b2ef" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"eb1d45ba0d8951b7b1d7ce922b7d1f6e94da8b821940126c9da5b0b4382425930743a051":"":"":"":"306b1f733e6f69b6f26b7baa5441af4967a5cad8faad18029440aa989aef6024dbf3ba02dfc2c694dad6496ff760d72ae6914a4dcd5e3a443f4bcb14bf2b64986f35c32449f15e3084d46fadfa2ae213da6b26f787cef89b6a23084a929608a9f6acd8315808c29f8ae435a40202a012" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"78cdc1567caf2ff529ef8e3475c0fbb09a48b687a544f7399f503948621f29686fb15216":"":"":"":"2367067d8ec189b0819eda34602768a0698b4b545c7d5214fad58c9787b89809b97f3af5f9349907d2954f8c0dccbdbe63cc019bde3a6fae10497ae57f33e91ed55b6fc4a83fe8a2463552796d5120da8066f7285a8388958817b1218e006d7fc617f453ad0f9217966a0731ba99f093" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"25f9ee24ee25ad3d29a974f8f552b178cb292b847a6be80694213a6c0b33e25e29fd3ecc":"":"":"":"32fe251a619d164c217365b12a313a942b6a9c3df007751a5fa9f356412d1142c785c292e3dc9d0b1d77e080892e5d39b91c58fd142458c71182061920a0721db453a32fe7ffc8b2c20bf11894fa37d8f0e9463edd43a97f65362295119be03d5e06f617fdff6accaab8c4da72ac8f81" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"0b644221788c266aae00a3b63a87f32ca96a6c32b116cd37caa4f75ff5d7e56be3b4e20f":"":"":"":"dc9245da77502cadd1a8ac4d1cf6a199c8e529deda10c87ab6c69ceea6fdef36d45f4d036021b93fe5b342c52fe1e71d81e617bebc58804af3109bab93dbb2e5c546e108bd0891710128b5e8e4a4f01df2003d038fec8cef426fad7f72dd5e091b4850e9bf4932d60deacb6e9ea3c5e6" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"a6677badff70966a3cd2febaad7de7aa5849ba763789b20d0a39b6c569261b826cdb15e8":"":"":"":"e04838c970f5d7208a2a7310da893d65391666a5dc62d9ede71fc30816cfc3e8064ac59cc9aaf30283356078c812676ca20beb044a6d78db6c5ef9718a88559607f225002452c01459944433013cfffea84d6fe404fbbbc2d66bb50a2fa01d8a5d6e4ea9b402dc5256752461bf6fcb7f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2301d8c053312db04882f4284cf8b47966c1c9b8c49de847d0c11f14c5f70ce19346562b":"":"":"":"b46246526b28f3ad7f6d8732ca3bfc40f005d97a519640a4ce728486d8bf830d661be5a97b11113e89096d9bf15cbef73ec28ac13e3fbeadc9bca500918bbe92ea23e131cc622dbffe2272db16ec5d4ca30e9bd986d1709ae22d10180514bcd11bd6218ea1fbaba101444945a17a4c4b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"78644ea1b0c4c55c4addeb476fc34471ea2c4393697aa4f170726010c443b8e1c4a6b3ea":"":"":"":"ef1b41bd03ee8460d55759db65a4c97758f48e3a09127be04c7ed08bbee5fa5cf119929df42c187e2a347a8df99c502b693a7ae41946f4918d84686880ae29d6d8fbbc4fccc9e295876a249cfa59effd331994e84717b4c76637df36beb960761880daab3d43376341439af2ce8e33cc" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bcf49cb642b3d915cf03b90e65":"":"":"":"144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c5c89c26ac4ca8b1106ba90a8ef4d6d687dfd88743caa5fbafa4745d9c1f8371120b10c8":"":"d3483ae5f9ed97efd3f852e4a6f20f25c947a03f39a4b75c":"2cd523c5958cdf403caa61abe5c4739cdb9d40152f0e769a":"1fef4e6abc2778d1c3e3ce00fdb5eae1ebebdd5cff0a7087644c8565d1e8b876b2c05264ca81498468851fc7b9e5a2163a06f377d2ed754c095adc59dc015a77edd69e4eecbe48d9dc127eedfff5cc73ae38127ae3a518fe7fa5abd1a9c53eeaf144420873341e2efa3d81493c69b04e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"6860e44bf582db9818ffbe4c699d4218965c29f463d7a02fe1f36c8442b0a5d103def7a2":"":"e9f598357109e2a532dc980388b8a5991256166d67c3bc01":"58ebbf7402be041724701e5c0132abe604c11a62a9de1d2f":"52fad34b27113c146595a6740f505bc2d3edf6618975cb9c4a5155788eaf08b96d232610d9b4ee06264fd92f319df5a52b8f9e31b016a6c21d27d31d9d42bbb7588a7142f26ece3ddf211c8cf4530947adee302aa71c0d7fe9060c1b25f1c1f2e053598a7fb72c4db55fb1b02352d60a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"27b9f78ae07821f2b5625c8fc3a03ceec4fc8062be860c2db20403dd88a8751dcad56158":"":"1b6c848fce706abd73612dd3fd421c1c7ce9f4c2d0ecc670":"14a43645c1b6ae394f795af6ca2e9084e7e707f3f2cedd7a":"33c592017af545b3a9cf3419ce1c604e9c7c687ebf6418fbef47ec96e61f1951068eec9b60005d24574313f04ffc16c30872ec83e41e248e3d5c6951930d6a88b8931d5502d1142ce50676b3adf48453d1a008189658db8511d19a06ac97b4d5cfac19b54e8e6b899d501715f401ef85" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8d7cf5c2e360ef755c1e9f5b7a44a1e29f09cee7ca44e15925ffe9a47b2d55fd7750b356":"":"0e691c9a435939c615f0686eae88e090ba5c4b3f5e6e00c0":"1e3a452295617e5a9e6f78256d2781feeb3812753b4aad9a":"a307569d8adf3f7e6ee4567a5b2bd338badb9234e7b27c92429ffa75e4c56c0529fdc6c15df5d47c46e3d2eeadcf1b9e93a5dd6cde99a82f04b0d97f7a3bfd05c0e1d8370987222310ab18c980ce48b2679361c3d9011dd355a9b06337c054ee37913d5f4dd30d1fc942cd733a0fa5f8" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1a0d2c734918c539c1b306a464eb6b54f92e958e8636032aec23ba8ae817bec48384461f":"":"b8ad9e613a891fd0db89571fddda77827382e406cd3cdf7e":"1e172a708aa4ffa3618ff0d7b1f9ba341f4811507851dfb4":"674df1f3095d6c87bc54dd9b2aaa2c786bd50e4ddc02493745d820dad8552131fb3e389e99b0709478b65d4268f2a3b468a8447dc572a6ee024be6be9be9d428c12cc92894d15dd1c959d6222dc9ec30478c7a0b57f5bd8bd53868b98d7674738b54cf74100ae215693babb6db3b3890" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"95a30a0ca779a4038ea920cccfa4cdd814ca17d560d53a75cf170f4712994f9bcb2efb74":"":"1da6c8726bbfa3c8bee6dcff6f76f2d55d60527c4f0db26b":"595ebd903a596a1f12175080185bd94c2336eb8dd29a387d":"317c19cf4a45b8cf3f645da084ada54d1b1f81379152424fddad22a6dc9bd22841e0c4c5a36bfb7879eafbd1a939121905a938ae034c7fc01afb56607e35f895f46f13e91ce4e8e75b6a87a1e5544e18eb194fd6754b06885ac05e332a05ed436e889965e405e0f2069b04b40ea0f635" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8af8930562510231a592a72587fa6ad7c234e133046965907642fbc785c0b86cba844f0f":"":"9ee7b221064966582dc836437b82386f5204a302a4179079":"473d917f5b66f0f6e3fb4670ba08c2cbd2ea765b46b10838":"5c2fc9cc7148dbe40a692b3636778eb80188949d198bba3e8355386b78b54bfb963f5f2d9202988da20ccbf336a7c737a66c90149b9e8e306477151c4d912f7c61e872de0d0e47701cbe765864de536d599946b8bd65e4d89d4e61deb53de9974fbbe634501800feea100fea573e2e50" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2b9554ecf94c7d647a4e117f43326cab54466eba56a09a52741b2445057c491935c067d2":"":"0144be6978dba85aa645d793c1881dc2deb1bd210811ec9e":"1cd265f3812568274b643954c70923a76dfcc9f123360111":"f7459b0c23966dc1a53e0c6406c9e78ebe728e3484224cd88b6b2ea554522e75eb4a1c8a3fdc66561426464f50b8d0ff95b266677d91776b344a820eb4fd7d554678300558011a7cd85d22e92dc8ec2c2fa15c6330ba157c3e71728304447c1ad4d64f3da4fbf26d92e1e7c58a1b289c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"335ede8603fcde78ea9869da2dbcab4a6e72f1b53439f3085d06b856e627411a9ce1c297":"":"ededc73fe268935c10832c463549f8204a29cf0fe00a4d87":"ef1b8a80dd49d2c263999ddc0d5a1d9205c1b1c66239fd80":"05bfe97c398b1e33ee1c547c0edb5b654b7060b76604195440d06dd2f614a398c6c43f1803893c4c8888bedecdf998367cf992301a25f24c263f5d36bbfc6fe8b839cad293b3617c1d2c60a814bda0359e3f717fa80fc7324af8827d438c88642754b39b10d18cf5bf42f11177a0bc6b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9b0275d861117553ecd3c4d7cfe762f88df22c4c4190dac8e0be5872818e2dd765261d58":"":"cfc0b07082d514425b17ce3cb334ec62bc1b3be0be58ca4b":"d3c70ab5ff7a364a9e6dc75132ac67e0d373fa2df301afb5":"09fb41bcceb016e754795e1cce582f0cae91d7bb50245975eb75274819e1e4dcdfbc5e2f13fd26b9a9f9e945cd807ffec4e275681ea7bd33eae13efd8a01edbe02562e77b44b6312f416c3dd0be64f2bae0ba4b9bb36fc3a44841d21d8b3571c0ef644d88cf3cc3c851b256a15f4d716" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1981c3f9ca58fd10e8377a8d0eb3cf02102aab6f7a033af3135533d9fd850e29ecb8dc9b":"":"f9978ba41df22894ad5f3849c1bdf21f7bbc0128c782e79b":"b4d57de5e18d393273ee9f3ef9736599c6d639f437239219":"fee23db2fcc71624fb39f573e33a1490efc7230c27e9278188251634f9c045bcb26e79ece6a173491475ae44a957c4269570f5469234ca8b6873cc973c8d97178c58cec658a352bad0d4c6001cae5664258db59ad76eb6304d166267eafb46f4dd536a914fa6d1ac58317e7c557d4653" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c10d4e521350f7cd1853576d03c4bece3e58c8c740859e4e16979499ec1365fc073736a3":"":"78b245520153baacc66846e7a83a2a925f892d4c2ee63c0f":"c8ca7a33de5991d44d7ef7da2d3368cc2cdb93895c394d41":"f92c15f5833800b28dba2d134d4dcfc41abf72f5a700469551e8ccb83bdb0772d14d6b26ba6978169e3ddbe5f214d57930dfcad719bf10d306749246d2624bedd4a18d327b8ae6bee67cf0bfb5f649824bbd0440f042146b95a83e5845ced69a55ba055d5dfc7183c3bb28d61312d274" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"7608b5617785995a1f7144ee5229e4f9c138e418bcc3b5e061a422e8cf875f58650e996d":"":"961c2d33039e60a2871e1f5b82097f6b1cb03836dba5f440":"b18cb52d3858ac5bf59f216a28c0ad49f3dc88c67b5870e0":"4b0313ae873ce5ebf08aec160416492e4c4c797a5017061ea42aefa0685ab19b74a7af11f019b9fb63072b797f7ea3354efd32c4abd1e866405a319ed2fa13fc81019d61326e70e503141b9c77b4879a45e9f36f101dbfff4359147282ef814888fee81640def25f551cee41d12609aa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fef7a43fea2ff1a0f624086985e535778d7a73dbc47bc23e9da92edd5d2f273cdbbc0251":"":"836731a57497a69e31f8db4f729774ad65f31d968dbc55a8":"bcca96d808ba98bb50e90afe58fc88e95dc14c3e90c56004":"4f2c64ecd146689064fbf4fcffce2a2ab3910e72ec4faec277f7b9e9ed510381312b01f21650e175ebe9c45c11e977276f13be015243a0cd16a191abbac6462ba96e4e4a1120b28083da933419e8c8f03099906eb1ee012ae291104c6530f51b5e32e6631cab8ef5aad68c0045255ba9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"00197c70b2f0d3e98e4b387ec42a65c4106a1689ab5de61101ee76f4b5e530e7efeaf964":"":"03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1":"5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6":"72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c5c89c26ac4ca8b1106ba90a8ef4d6d687dfd88743caa5fbafa4745d9c1f8371120b10c8":"":"d3483ae5f9ed97efd3f852e4a6f20f25c947a03f39a4b75c":"2cd523c5958cdf403caa61abe5c4739cdb9d40152f0e769a":"1fef4e6abc2778d1c3e3ce00fdb5eae1ebebdd5cff0a7087644c8565d1e8b876b2c05264ca81498468851fc7b9e5a2163a06f377d2ed754c095adc59dc015a77edd69e4eecbe48d9dc127eedfff5cc73ae38127ae3a518fe7fa5abd1a9c53eeaf144420873341e2efa3d81493c69b04e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"6860e44bf582db9818ffbe4c699d4218965c29f463d7a02fe1f36c8442b0a5d103def7a2":"":"e9f598357109e2a532dc980388b8a5991256166d67c3bc01":"58ebbf7402be041724701e5c0132abe604c11a62a9de1d2f":"52fad34b27113c146595a6740f505bc2d3edf6618975cb9c4a5155788eaf08b96d232610d9b4ee06264fd92f319df5a52b8f9e31b016a6c21d27d31d9d42bbb7588a7142f26ece3ddf211c8cf4530947adee302aa71c0d7fe9060c1b25f1c1f2e053598a7fb72c4db55fb1b02352d60a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"27b9f78ae07821f2b5625c8fc3a03ceec4fc8062be860c2db20403dd88a8751dcad56158":"":"1b6c848fce706abd73612dd3fd421c1c7ce9f4c2d0ecc670":"14a43645c1b6ae394f795af6ca2e9084e7e707f3f2cedd7a":"33c592017af545b3a9cf3419ce1c604e9c7c687ebf6418fbef47ec96e61f1951068eec9b60005d24574313f04ffc16c30872ec83e41e248e3d5c6951930d6a88b8931d5502d1142ce50676b3adf48453d1a008189658db8511d19a06ac97b4d5cfac19b54e8e6b899d501715f401ef85" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8d7cf5c2e360ef755c1e9f5b7a44a1e29f09cee7ca44e15925ffe9a47b2d55fd7750b356":"":"0e691c9a435939c615f0686eae88e090ba5c4b3f5e6e00c0":"1e3a452295617e5a9e6f78256d2781feeb3812753b4aad9a":"a307569d8adf3f7e6ee4567a5b2bd338badb9234e7b27c92429ffa75e4c56c0529fdc6c15df5d47c46e3d2eeadcf1b9e93a5dd6cde99a82f04b0d97f7a3bfd05c0e1d8370987222310ab18c980ce48b2679361c3d9011dd355a9b06337c054ee37913d5f4dd30d1fc942cd733a0fa5f8" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1a0d2c734918c539c1b306a464eb6b54f92e958e8636032aec23ba8ae817bec48384461f":"":"b8ad9e613a891fd0db89571fddda77827382e406cd3cdf7e":"1e172a708aa4ffa3618ff0d7b1f9ba341f4811507851dfb4":"674df1f3095d6c87bc54dd9b2aaa2c786bd50e4ddc02493745d820dad8552131fb3e389e99b0709478b65d4268f2a3b468a8447dc572a6ee024be6be9be9d428c12cc92894d15dd1c959d6222dc9ec30478c7a0b57f5bd8bd53868b98d7674738b54cf74100ae215693babb6db3b3890" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"95a30a0ca779a4038ea920cccfa4cdd814ca17d560d53a75cf170f4712994f9bcb2efb74":"":"1da6c8726bbfa3c8bee6dcff6f76f2d55d60527c4f0db26b":"595ebd903a596a1f12175080185bd94c2336eb8dd29a387d":"317c19cf4a45b8cf3f645da084ada54d1b1f81379152424fddad22a6dc9bd22841e0c4c5a36bfb7879eafbd1a939121905a938ae034c7fc01afb56607e35f895f46f13e91ce4e8e75b6a87a1e5544e18eb194fd6754b06885ac05e332a05ed436e889965e405e0f2069b04b40ea0f635" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8af8930562510231a592a72587fa6ad7c234e133046965907642fbc785c0b86cba844f0f":"":"9ee7b221064966582dc836437b82386f5204a302a4179079":"473d917f5b66f0f6e3fb4670ba08c2cbd2ea765b46b10838":"5c2fc9cc7148dbe40a692b3636778eb80188949d198bba3e8355386b78b54bfb963f5f2d9202988da20ccbf336a7c737a66c90149b9e8e306477151c4d912f7c61e872de0d0e47701cbe765864de536d599946b8bd65e4d89d4e61deb53de9974fbbe634501800feea100fea573e2e50" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2b9554ecf94c7d647a4e117f43326cab54466eba56a09a52741b2445057c491935c067d2":"":"0144be6978dba85aa645d793c1881dc2deb1bd210811ec9e":"1cd265f3812568274b643954c70923a76dfcc9f123360111":"f7459b0c23966dc1a53e0c6406c9e78ebe728e3484224cd88b6b2ea554522e75eb4a1c8a3fdc66561426464f50b8d0ff95b266677d91776b344a820eb4fd7d554678300558011a7cd85d22e92dc8ec2c2fa15c6330ba157c3e71728304447c1ad4d64f3da4fbf26d92e1e7c58a1b289c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"335ede8603fcde78ea9869da2dbcab4a6e72f1b53439f3085d06b856e627411a9ce1c297":"":"ededc73fe268935c10832c463549f8204a29cf0fe00a4d87":"ef1b8a80dd49d2c263999ddc0d5a1d9205c1b1c66239fd80":"05bfe97c398b1e33ee1c547c0edb5b654b7060b76604195440d06dd2f614a398c6c43f1803893c4c8888bedecdf998367cf992301a25f24c263f5d36bbfc6fe8b839cad293b3617c1d2c60a814bda0359e3f717fa80fc7324af8827d438c88642754b39b10d18cf5bf42f11177a0bc6b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9b0275d861117553ecd3c4d7cfe762f88df22c4c4190dac8e0be5872818e2dd765261d58":"":"cfc0b07082d514425b17ce3cb334ec62bc1b3be0be58ca4b":"d3c70ab5ff7a364a9e6dc75132ac67e0d373fa2df301afb5":"09fb41bcceb016e754795e1cce582f0cae91d7bb50245975eb75274819e1e4dcdfbc5e2f13fd26b9a9f9e945cd807ffec4e275681ea7bd33eae13efd8a01edbe02562e77b44b6312f416c3dd0be64f2bae0ba4b9bb36fc3a44841d21d8b3571c0ef644d88cf3cc3c851b256a15f4d716" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1981c3f9ca58fd10e8377a8d0eb3cf02102aab6f7a033af3135533d9fd850e29ecb8dc9b":"":"f9978ba41df22894ad5f3849c1bdf21f7bbc0128c782e79b":"b4d57de5e18d393273ee9f3ef9736599c6d639f437239219":"fee23db2fcc71624fb39f573e33a1490efc7230c27e9278188251634f9c045bcb26e79ece6a173491475ae44a957c4269570f5469234ca8b6873cc973c8d97178c58cec658a352bad0d4c6001cae5664258db59ad76eb6304d166267eafb46f4dd536a914fa6d1ac58317e7c557d4653" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c10d4e521350f7cd1853576d03c4bece3e58c8c740859e4e16979499ec1365fc073736a3":"":"78b245520153baacc66846e7a83a2a925f892d4c2ee63c0f":"c8ca7a33de5991d44d7ef7da2d3368cc2cdb93895c394d41":"f92c15f5833800b28dba2d134d4dcfc41abf72f5a700469551e8ccb83bdb0772d14d6b26ba6978169e3ddbe5f214d57930dfcad719bf10d306749246d2624bedd4a18d327b8ae6bee67cf0bfb5f649824bbd0440f042146b95a83e5845ced69a55ba055d5dfc7183c3bb28d61312d274" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"7608b5617785995a1f7144ee5229e4f9c138e418bcc3b5e061a422e8cf875f58650e996d":"":"961c2d33039e60a2871e1f5b82097f6b1cb03836dba5f440":"b18cb52d3858ac5bf59f216a28c0ad49f3dc88c67b5870e0":"4b0313ae873ce5ebf08aec160416492e4c4c797a5017061ea42aefa0685ab19b74a7af11f019b9fb63072b797f7ea3354efd32c4abd1e866405a319ed2fa13fc81019d61326e70e503141b9c77b4879a45e9f36f101dbfff4359147282ef814888fee81640def25f551cee41d12609aa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fef7a43fea2ff1a0f624086985e535778d7a73dbc47bc23e9da92edd5d2f273cdbbc0251":"":"836731a57497a69e31f8db4f729774ad65f31d968dbc55a8":"bcca96d808ba98bb50e90afe58fc88e95dc14c3e90c56004":"4f2c64ecd146689064fbf4fcffce2a2ab3910e72ec4faec277f7b9e9ed510381312b01f21650e175ebe9c45c11e977276f13be015243a0cd16a191abbac6462ba96e4e4a1120b28083da933419e8c8f03099906eb1ee012ae291104c6530f51b5e32e6631cab8ef5aad68c0045255ba9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"00197c70b2f0d3e98e4b387ec42a65c4106a1689ab5de61101ee76f4b5e530e7efeaf964":"":"03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1":"5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6":"72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"e4547261c9dda6bafe9fddf435a80ebc96354c7c2c8847c5d26c6e73a967bfc4ebaf8613":"42849dc8eec611eaa49252067fa60d7d7267d711dc35b576":"815f50fc233f157f96ad0627c355bce407b269dca91af661":"775a1c9da6f58d4eb95b27935ecc01dde31ff17ce2e4e65d":"25adb777523a80a6dbb6ac1fd08e02bfc4b4686cec5efe3ae9aa2d4469eae8c9c3693fdc8e0fc107720b7789ef7331e23fe3799412ec86857ffbba515a5af4d91013b2f17669421c822005b4747942790a11a24c4974f27d54de69727b0ed507b6a48a9d6c53f93e2f3d33df73dd643f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"06d677001d9b3c97fda4d09778aee3de131b4123696b109f81bb6b0d7fbcab3c5842bb83":"f99638d2d4365b662cd83ab4e6a7bbb624e6c72b7b38e81b":"20b7d56f6222bafeeeee59dbca1933d8086218891f3a9bfe":"9de4f2847fe239cb1a3df4b8ff64c25d7b0870f3c9ebe3a3":"e18ff19837ce21e68944659321311b8584dd515ed8a6a1f2b0ac06e69009c3d0cf0489af876201efad962cfd1ba54f540b94131d788d3fea797c4bc079593bc7932baa70abb145a355741a98c584f0fa3298b8310b01e1a6debf5359d7d02b1a6c663100acb56975450bec20e91b736b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"abd38c0465cdfe018f36ffbb7a0ee51d67675ab4f0f1d1e93418bb4cdf6499a371af4d3a":"9a07d5571d841e3c1a9eb3fb48cde3b3e080e1c2e0db6a6d":"a392f79022aebbec0c82b981293627d139dfb5232eb490b4":"f5ce1f6b1e6715c49bea42ff439fdecd9b3b7f2e578133cc":"885c54ad25992fc38260498d6f4d8c73d6159af5f7efef06174da03afcd8384cb28690fd9ded1d26e2dff74aee4dd0c47a0d99c6fc1ec8d8faccbdcf6fdb12a528564ad0d8131bcf5222d7e6c69c52da1acba01b721c98ac5a33725111f12f6d8100009d7cc9efb7ad8d7d95ea4e620d" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"b52620e58e0b52b8eed0d6a6c5f4ff6c1483c61fc41dacf72bf475b37d068d061d1edcea":"ef0d233de00d24622b7d4ff4215aa720787fe80aaeb65d7a":"81b735acd3dcb13e65231c2d980fb40ca850370581f230d2":"b2302d024d92cdaed4b12f79b0aeb20c98b2321710fefab2":"ae94204670196baf740768f97b3a095134b384afea667fd90a77a16c8ae390a732ff49a3073a27db0f7a2c8ad5d7cb527d334a37abf0472f292a20f2a28e667d7c9e9f7b8fbdd177f36bf92d66223aee3f712b6c9b064e07ab96f6a77613ea55008fb4f8fbcb2f1ccbb0da75316c1faa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2592a5ed86ff64b9b4c1fbb81222d1bfbc53f3a639571ecc356084058b8855237da15c50":"a626c51ec99e72431485d2ba027ed9cabcae7b86116abe4f":"c430876552d28776570923c6b74e42c3210f01104006bf11":"fe2ebc239690a4eb18a0b5e75d08831cc2eb07c982c63973":"005045ade7cc15467b5ea784649d9804540a842ffba4db8d44df4f44c69480bd4fe965b645aed09d62190daeb2693a2192aec3d71453a8218e4700201ab922ac35d241d95150b47cc7a051897be4d958f2da5c2ebbfceb1c550cb67b32ff83ce4fd845fd826a0d2469b506f5158765fa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"376785f5ff8a82ceb0aaeb010533cc1089059ec583c302b14bc47e2cb8c2711839ce7f68":"6d345e248339e893f75696c039ac47e5678696fd489a393c":"b0f3fa1131c3fdd5c7fd2de93931e45a66fa030422ac65db":"c66341e3f9fb82e3ba85f229fcb7d34457e4a6ba8396b548":"b92d17e1be94b0385a8cc3e16189811fef7b284a1b0b6b2520fde79af7826c745e746486a70cd8dd9930b163da75f7eea7c216e758d9ed6c745dcd7bde19bb9382c1f7c37cd15b703b884d7d452c255b25048a836844c5ff28aaacf733a52c28904b36e1b51729d7aed81d601c0872dd" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2cc2557582c5a90cd2ad0c4a5578eb0bbc9bde41b126e46d8e9c3563341ba238414eb628":"9d2fbb9153e3ffefae0770c79de10db069a5ff9f50e31787":"2e54e32539e27ef76ac1eeae2e30c2385647652e20903b39":"1f4e01255908c3c8049521f8972c01ede7dc76c425c59640":"7d6ccdfab33f322898c470be02d8257e0e952dd10f407b3a8eaeeba47c541d968d79eca29e15541c1505fe4f19a41797c9ca2280c06261fe9d0c58bab65d16f5794b57566b8795c38c7b43d4761c8fd107beb95147a0fe61ae8dc31e25eb2957e44c0463ca7c1b589ea587f0cae1428c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"e670f896326b76034e43cd85f6f6f11fe6582d3471a8eb88d37a2302de010aac0e556860":"5e218091abee1960ef81f4d5a80415e388bd0cc79bed70cf":"7cf84b9ff30dbd0f608fb21646d7c5b542fba50adb38d5df":"c1c4aabe7616a4c97a4dbdadb08a9b63c6e10cef8d463fd8":"d8fbd557fccf31829b5ee11b05d0353e725bff15fdaac94d21ce95d40eff55edd852b264b515ec6384e2d28d014e47a2df0d4f56a4ec79309b06affc62915e231d62d02bfc60220c72b7ca7ba5671f882839b791ef534e707a04e5274c1011f7941fe1075a5d06a47af9fb2f65c1f211" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"0576bb2d4c663b781193509251e2f76b0a8bb792e79449600c2c154feb70cf33ca942508":"ad15e4fce9f4dea43c12ff9f9d50c963b335a01332541154":"3c8a4d6ab96cebf9d02b5663dcb0e0db23699623455cd4b5":"43d2d3a8d023fa1785ce4781a15eb20ad787685a47da08f0":"a68e648cb07da2eb795a8c898c8631e565f33c2fe9c35e686d6f85fef145446cb79bb6d17bdc8224bfe437468a9630ed03c517caf1226c278ae510c869d67d50b6bf1cb378a34035041f290d8dbc123650ab4fbe5cf6074ed0ba90e45d9a8ae08566ea3d3a00ee3741c8ec8f56dcc78c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"f597ce05b9a5b1cf3847bbd4171e5085384cc256f77ac61573b435726cbd538b93de9f55":"573cf859f8fea05f16c6d03cb4e524b91e917f39eeeb1d68":"2a842454870c3f7936f8036b453d219557ca341f261d2519":"7afd8cc269899acd88f5c55af29fb0c4ce678a0d8ebf924f":"8162c16c1ce3d5c6b7c96f0281f4220569a882277935752b86e7d3f54646b276cb77ed96da73799911fca3d19d34c1f0b21068a472afcb77410412eff2abd03c753a009ce02b0e995477546366020294eff0ef0da66f31a413313e2774ca04f09a4d5076e0e85ca97d5bb6faac4c0c27" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"d5b5374fe143035c4fea41667bc8bc7d46000998cc82ab32a0040c705e01f9b354e8f16e":"ed8bb219e67515874c5b9e3f6ae6e4dfa9c42d1e69204e8b":"70f03fe6e78cc34ec1678b2708fcd8ae3300183ea15ccfc7":"9c641d7e73d1a2b819e113747d74a979b74c444ed36b7391":"d50df8e3e17c0f5e19673ba2097d1d0c4cf7a9def7465a5b91ac8d49ae1b6a821fe9efde841ec9064555c0e2d6cdfa41f1089f22a5c27090c5a136660d1af586a1e131a853f19bc3c8f4c79aa09e39c2f22b4456c667ec907e2a4124218665e7cce50399ae1e19ba9c2399f470444839" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"74d7c8c9b170e59e4f128c8df1955838df5c8071a5e85439d71e785c68b37e10efb39c9a":"be3d54203a1078d051519137774d5d851e81be026155eb78":"23f7b6758d79de580ed3eb995fc173da74939837aa8d9eb4":"6f0d5a333ddea0d38362df0dc3ebaa2be2fe5825ddb0ce84":"4462fc32110b25b3797c5cafaad830e8a4346d9270fed98b30f1345a7a8dde19bf5365d6f3788e7f715feb2762af263839c8c8188908c61120743d977d71c51f6324d887bbda380fc07eff09a31c2332e7b1aa1692c59c3379db95fc21cf711c004c4d385fe14f48f2f2a31bcce6aaec" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"eaf27c3f69279fd523c0c3a1da5fc4f01ed64c27ffcfe3c1c596482f5baae1434e8c687c":"b038829fc95dcba8645ce40a306491c893f48139ae30a071":"fbbf7abb8cc2612eeea6d9463efd55c47245e01713332bd6":"ccd7e81f529de1ff4e65fc63d34c262ffde7ee49e6707197":"96dfb7445057633b2f0deb69135d10d0a2dc53faa9cded55ddfb8edc63f5424f8fec7627597a30328177dde7963f76f9e5412b5b440256c6a3f0c7c7fa02ca49e19ea176abac013696e9d529f65e51d4a7348e42dd254bbf19d9632d6c875b8ecd7a4139f1bf020a159d2a30af8d645f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"319cbf2b11b37c831c654b6cec2570dc6d7abeeab185272a518eaef30faa5acf5c8b254d":"9effa141f7466b659eaa50c32c8e683c2640f54027ab6aa5":"63b3acc237588cdf41c0d4bef16c4890cf3d458fcf1de8ea":"573d6a7960aeccc3280a8aee4d72e587e9d196b7b270e329":"8a568086fdd9f01206a5aaee34d253bbc9339112d3170699b9a1392e97062d5d0f16240114dc1789269217c5b4b2974895b20903890f7dacfef46fa4a4d02891c70425ab3b42f53d72f852faf3713ac7b8207dc453279f4df345091b8bfeb54983095c2d190358293ba507bdfdc39b24" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"56f3f5b08da10ead0c986dd2ae5553e4b2eeeb47ad5d22197b12b89b4a871c51c0d85554":"96c8630a1f4187fb0794601cf51e7e333e71756a0421ff43":"875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe":"4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595":"90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-256,256+128,0,0) #0 diff --git a/tests/suites/test_suite_hmac_drbg.nopr.data b/tests/suites/test_suite_hmac_drbg.nopr.data index 782e584e2..ac3d3e5be 100644 --- a/tests/suites/test_suite_hmac_drbg.nopr.data +++ b/tests/suites/test_suite_hmac_drbg.nopr.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_nopr:MBEDTLS_MD_SHA1:"4e8227e8422d674cdb79e52cc30b7b84f81cc05b03339704dba3e731fc81949e679a4257c5fd68a7":"2d6e4af02acaf230bf746157ec624ba7":"deebb368a79c1788528b589056b1194b":"1dbbc7a131e98344fd748edc6fec11a0":"0266e8a066dcabaf6991c7a91e1c6e56":"e51fc833a60b099e56996a66820368f5332822c8f9dffe8459c80d2512d451e1669ecf6e562a1c295fa6981fa651fdd3d8d936c18f88d5844393a2a371aaac8f485cfe92926f1a54980500edc43a0a6c" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"09effa3906a5e93d05530edc71e62b39c5e4da020537176c23823da52dbdbae8307656cdaf8f861471dba14533c880505874098917e338f20ef8d8a1":"":"":"":"":"d5de8a3388b11e45085f6d9a009462947631c4e74523080ccd03a0196aa56b63a93a2939f490e9456e9fce3e9000e58190991b9aed6d145ac18f65cf2b1c17eb021acc5256eb6a7e9023f62aed87d15ea4e4b328f265cc34adbc062d54524365cc9c5073a8371f35dc2f459e1d027515" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"29a7071e686936e60c392061f71b68500dd6f11c563732fca9dec3b2f859e06a857fd94e3ca1817872d94c2b7c2f283a0d2d12a6443e95f7e700a910":"":"":"":"":"72c0f3cb7792bfebbc1ee6f65d40d118a6a1c4e04e589c8f70273b4c7b718c9df383658572b894838a311fc0aa2aa6258758b33783e192b0c3c1d322809375dc925a05605fed8c7e8fb878fb63c84ce639fd277d9955f91602a9f4777b7c3b15404c4e761ec8d466674e32136c7b8bdb" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"abd3dafc85b23025792bcdaf9f410829d3201c1e8ca450e217e13ec2e3b744e8c54107174a6e69ad05f643ee5cec49cd47ea88c80b96a0944154b458":"":"":"":"":"152333e16b04283dfb8c43dbb3be43b5db2ec49a399facb65cebdf7ca3ed267792ba308cdb0649b0c19cb1126b144d5766b5afeca98036a1f85cd2cfe3b8071011b69b2aec382f8562d9dd4331a554f3a3ee632cff308488b30a7416be8bbdee7e250cd12f371d069a097e9eac43031a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"caa286c160d22af10922ee6088c269d0c963034e5fd2a85d2fc171d0c4ba0833b630a64ab09965f132a744656631bf2dd27430c7c2d1e59cdcf43a97":"":"":"":"":"4d6132b9ce70470dd36f551584ada639e74b85fb9bd3c3e350011d99f2dc0371f874e6b9d92eba3fceafe34e574c1441d0d476c475b704755a28733e31637962cae67e849bed18d77501383cdbc27ab6f60d5d8d26634ef39e2c60fcbb04a9bdda8bcfb9b2d3aeec12a21279ed553343" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f79156a2321ba930e15109501ead80a3b26c1747b7a9aeb922d1a9d474df64a1fc3483f10e88a7fcdde91dc06940c58bf4d747b5a9cd8cad2c2e9870":"":"":"":"":"1b3aeaff973b2e20cee947ff283277991842a22f45cce9d22c1705daa51a56ab43aaae1b51bad7a7363edc7b548a0cec6b376b925a6e35bc7dc3b4a33a7f3b57d66b1b35256908bd2d8f0495caf2539ba4475d766c21c2c2e4acff87fefb07c662eb344d9c99ed407165f8a09a22816a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2dfeb70fc433426e23378d048b836f899cbff52d4a92c6d7d218e3aa54c06793339a752f86f03b7fcf89bef725339f16ab1cd28ec85c20594bbdf3be":"":"":"":"":"d403dd8a6f3a914933253db9cd043421e54243a34043f5ee11a3b6a627e25d944434eac22a00172caa607ebf7de55b4c4305c2b93428d5fb4cf0a649451ec7fc5da65c4894cf4d2f3d52e90993544237e5c58745441c9cb2e047513ff81d9cf980d8b12769c21cc8c06f6d583b8be3dd" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2c6ba987bb61c4131138bb8acd877763c2c7e1f86289a81b6b54d1d8b399b5a5ac7171c0c9c0b5943bd7f54bf72b20307834e971bb637b351a756823":"":"":"":"":"7ff01def84626825fc22a62cfe28f5f95403bb2618eff22529b6531aaf1032100944d5f9703496d165c5756c0aac55b1812a72940aa5317fb6a2944d124e7f65766f231b6bda06100c5ad0d1b37c488e0e9f11a6d8f7e4cf7337e04d094ea9de2db1bbecf40e0cc8d1fc1cf5a01cd081" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ba08acc3a00b9b40d2bad8cca4909d3bbec5471f78d0bf89a805d839b8b29fb753c9e5d3674365a7055a187a238ea1cd04f482d24d856b67eb54d71a":"":"":"":"":"9ec6ad840270051313c5825295a6f7527a8b1b9b3e7c867e5642a984b11911be60614e5737d3a0d109eea4223f0d2ee63cb19be702291a771b2e2c277f2d4559176fc5adccea52492e3d3ba7d17bad5b5f487d783639467997d7668ce2173ef777f9e31dbecb6ee716b5cedc8bc5098a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"95413345228eadb85b67674b9981af34bd6a4ae04866229921be928c06e6a6a6fde8d31a6a88f24d6a1114ccbe08ded9d7c50c3360bcb8908a615381":"":"":"":"":"d4dc08e36f94e88f8bfb1919c13186139591edc681affb61c421d32dfda69e507d59495bcadd39b73c4036ef440dc598e339473caba60e0770ac4729264b1dbfdaf32ca6d136ef6810a6660fa5cbac91940a28053c0fa405c7b6ca5e3f147b5e0096f36b67da9fce64247cfdaad70fc0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"9b6bb9589f41e8ed6969dbf1a3b3d242dd5e133711f72549334c74190e4efb1d0452016ed4fffca9561aaf219e6793bfb6fd3dd9500bd61e6a62db66":"":"":"":"":"cee02e4fe0980afe6ccbb1b0d80041ba9841461397494f0fae5188228fbe9822e3ffc5397b7caa29950d95536e7000e1249e5bb93a593e659a49689add16d2f5e02ff251c76716dc426010c2961a176bd63c29397f6e36cd4de2f2b11e1260b9f9a00bd49b4b6617fb056b82c92c471d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f276ba0da08274a082f3b8ad989a713908873b742f96bbbf8c81b4e1a7e4857bc99aeceabe534c45105306b14860883cd56f2438a7812b43f0d911f7":"":"":"":"":"24dd3eea9a8e1f9929ebbbc2a68379caec77fb42531a97f7f3a75d16ad053799ffc25cace4f4553c271ae360eca1f5131ef87bf0390b26785880db0d92bb351e6e22409d600f6dab5cbb2278b8784e67a40be4d8ea6d994115c67b7224d721d1b3c7fc5b24e15f97eb3bbe33798d1bb8" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"fa5ed9189f21d7e94764bddeff23050112868cfe35220b863e8112f691c57e6d6c4a91c752c5f0b37b97d5f3e383480054877f319a568b064e6562a4":"":"":"":"":"55eb5ef1248b5a34c741f2076ea5d568da630ce4720b7e2c86a9dd535b48faece2229866a36024fd4114249be4730e554b772d557ce3f8b9d4d86d91202582213a676a076b87f941351c7606a452816db5d0f8194825d402d2fe7ebb2815532091b3830a9616918bb0e3298faf037bf6" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"d0c5003a6168163f707b25191b51211dc1ae361df1e069d0f284f66967aca4199809dc89368164213ae17285674e5574851582372fcae8cd2733bf4a":"":"":"":"":"24910e1a9304471d053af458bc3fdef527e8796e33133f5af005106b203e8fdefb274f1c0e8ff44e92c63bef3082c6e5607a7981a6076f1a1d15368f4330c7012509d5f61b4349224a87960bce9873725145f187aa931394c449f502d12b60655a0ab2a221134a51786c3683f9ffa2b2" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"bf5b5d1c891f7a6f2dd3f4d486d693fbf67f49584b7f053aa96ddacd9fc0cdea0fab8209d8f4335820ce68bfa04899b63cda15242e9cd3f7acb1f103":"":"":"":"":"710c8b33ab034b50a29de657b93f3c71df4727a5219a474350c88b4e3974ffd0d3452e8c4d26f579e348f39cfe0d20045a70a866c5e16a0c22aa0d69b739f74cbe8b046bc14cf82b86498460bfb26af0771371c2750f7c59320c6f6fe1d04cfb40c048686b6c1b69dc641b8957c2c341" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"525615164dce0dac5397b357546aad049dbe5982da2c215a233557553460f8505a3e7c8224af561190099ee21a06d62f9f00e282b32b486e8d0e338f":"":"":"":"":"3fe96c9b10c4c8e43cf3cd76ced4ad85ae576f32ea6671ef284f7c97491b72152a18a1060145e4f5e7c0c373c396cb4c8c0b6d625c1f0d2ae95b0691cb1c80a3dd5eaa21632a82aaa28e09a2bbdeff7fd8812fae46deae14bbb16da24d06878fc417b3554fb47b0ef9fe18d1b9d4f4ca" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ca81953d50430bfb09537a318a1a7b90a9200077abb721e55d9ac28946fbf75d9cebc81f11cf6d4db712a3b91d479e00ba30d736a763cbfe40b91448":"":"e50aa8bec96339cf2608bb82cf038d5fd6bf93e65271cb72":"5c5eed0d98c7fc7eb30acddfee002d5b99c965949d4e2095":"a1a7cbc79bfaf4571cd8020da094118d241b3f018ec823ba":"c8b7d9c15624ae018a8612edf6444354c45c6a788272281c16526c689a3dac36679e44d89c4acd7eb58ff40a577c3d1a9f4d0175feef9ac5674c115d5e4cd17f2369e0135e33b018bdc99e4099713ace986a145ef55e868f74846feb3592d44ca3ebba6044a928e9284b5ea75063ae81" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b96ca1202fa959ef55a683a9021068e14c75376e15d1f0394b1c091a8b6dd6b98b6f63747dae58c29186179b4155b868f5a81ca206a5086a5759b025":"":"a35096086c1fdeb1fb60dd84fa730eccedd53e5b127eecf9":"a3269fa749e55850d4aa9e466bced0beab2edf86b926c2ae":"29f6799f7c78fdfa2d0dbdde8381aec5af249556903f6313":"c63ea73e1ddc9d55bd64a63cf73f730136ab4f6d688a9cd56b945f9875ef4ff48cdbdd8b78b898486a685d8af8cccbc2a834a9804e566ee7138c7dbf488d263fbd387041f835ea46ad27cbd66721428ed5795f6ed044cdb17c8e7e3ecbf61dd68239e8fd644ae85776050afbaa06caf7" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"59af1213cfcaeea29e31400ab6b30f108d4a9a77d3b370972d29032cdc612b7c360c41f16b0c9d794219300fe0551e0e66d634a4eec396c50ec9604c":"":"66ed9352bed73224d35508754aab68fcea10aac06d60e888":"198a3526a67a0ce31ad0348bbdfecede4f82d4203d1d5ca1":"03faa2f4c34577cd8b2ed53e10c68c83c1ebc8d877379178":"5e24f1a9083f13274ed1020ab6935222cca644d0920839c2b142e2780983204453d2e6c58518cb351188bc3e5e3b64015882130d745511f004cfb6b64831139e01ae5bba64b74f1a1ede7e220a6d29b1067d7c68ba3543f4dda2fc97a3dd23590c2c18b85662618462ba2c05231534b6" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e6cc94c72f37999f28b5fe350bff622b433ae19111786c747d954adaecba47abacfea8cdf5eab05e2f750c0a679cfb9c2c2c071461178a054af40967":"":"3032528703dd66e42c7b6b5881483eca41e9eea503852eda":"ce8c03b0a05982ceadb516b1fe513da2403a9e6dcd7a39f0":"3f7ccb55376f23dfac1dc13be617894931f9c13d15fd3dcb":"558656cad7da2ad87a7a29ec5e612addcca96d72ac7b224cde80ce386c6efda12113fe9aa8e511714a42edab53ea0289c75d34b42f2313ac366f51f5dd3f6968bbd4c09ebf840dfd03852dedc1e3b6209d932889cb04062c644482106cf8b7a237d2937840f0c4d752d52725b5590d15" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"cd4dcc8fb50672611f19e0cc8adcf9285f9d76e7e28bcac34e931163f8057b9f86424e5d514a13c0a25bbb49ee485501ec5e21061e006ad1569d2610":"":"24480094a44067b86ef47db38ec3e62914351196358bd9d7":"c6ac3b879adb6c150a8ee44428c333574ed9b0d6806848d8":"92bdc1514d87daaa321655d56c6302878c2bde37700163e8":"21c51a1568aafb56af1fd424f6fa146113d14d6d63e1a24e3168130ebc10dd84925bc4077c41897aa8b3c73aeb5bcf392d496dedcb6487379bfb3e12bc07fcf5c196d59fcc1fa730e55c00edaa2bca7b1e32a40ba06500ed3dd7fcab361995319979a0fa9cdc406a4d20650814e8bfac" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"fdca0039e8485a06e6a9afbde5b07a1bbe49e13659a2164034289639d23dcf3f9874b8fb1a1af8495b6b2129b88475cc529c96271bc1bbb5c7c2ea03":"":"841f765ed5f00be838a270730ce5926659cd7cd9d5b93ca5":"825fa13ed554973768aab55917cc880183c3ebb33a532305":"736e9de931198dd1c5f18a7da3887f685fbfa22b1d6ab638":"dd8596a62847a77da81818dbbeaf0393bd5e135069ba169f8987f01dc756689342cba61d87a79d4bce2311790069d10709c3a53df974c7d6793ae1298253f13ecdbb5680928579b73d73afdcd24a703dc9b391f303d8835ba1129c3d46237ede5e44732a74f8f23b60a3a45ce42f042a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e246e3f95d89c166768aac69fc95fb49eec49aa633adb938ce1705b68987aeb0fae7f57b7e99e4f3e3e1b1db2d1fedf443bd2618e95193cefd905e1d":"":"130701f88cc1e7545980e6c6f6cc76b0336f089bb66cc347":"95533f4cc247c887d6a7cc0ca753009bf034ba95b7b1d3b2":"464fd16f011eb2986d9982879d79349a3ce4f5905bbfe832":"0d4e6b03af7a648337abec2efa585908af40e88d1f104b3e8c352aa29ac79fe8e448f36b0dfd701a1fc0f1d86dcab7e8a8ecada6ba218d9aaea1c40aa442ca51f3116ced3c9b8ba7546688ed4f3a1378f76b8a29ec763784fc82906dc0f688c5e60d59e6d5284fcd96f361bc5b285465" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"cb0405e58270cecb34a9951adeb694c5513c499cf310f6a99985d4fb3973463e907705740e01aed4ca221d4b03ef30e69fd8dbfb4ea919a913800a1a":"":"0b57e688472e9a05baa3920417a2e8f9a9c12555fd0abc00":"cac05f79d9837c97bb39f751792624983c397fd288dd1d95":"344d2aa2b3bad1485429b66606bf215acb0a65bf2a318f6d":"b2a13d75ad389514149763199d711092a9b0e4f1e50809355cfefc1884a94f4d4a50ac5c5da0b4e9bd7537e413bb451fdd2fa77f1f894444cb5c81e4c43978ebfd96900a2c8986c885d0faf89a2ad5c6ef922dfba1b5219b0f3c4ac2095340c3b8bf0db037171b6545741c76217b2aa5" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e38ea7584fea31e48ab085c44f46b4cf68ff24b4a6b0b25867463e4a46ddc9a4de23f7272af1e9c4e0391aa9491ce7cdb5f96292e0d65cb9a9a4a3cc":"":"afe267e1491de3934054b8419b88b16731217eb4ee74c854":"bd0f3c43229a0ffc9e143e16738111e16d6a06ebf3eaa5b0":"23bd14ef8cf797cff7ff787df8ed8b87684fe7a9a33bf695":"c27a6ee5bab8f8e93783840e72894f3b024c7d3206a4a1869ce6fa8b5674bcbd24d4aab30f9866d797d850423c57684b7697913b9ef7bc0be933d0e21535bd50fea0feeb293985261fb9d4eb1ef97ab5ec6b691a08db4c8171e63745d14fb4c3a03c41f906daaa2877b7622b254f0449" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"71dc625242dcb94e6ba2bd013beb2112cfca576774e102830503b7aeda24c2c9d862f5212975ccc019ad2ea0442595f74d1d37dbcba0719d8ea32ba1":"":"0fef9f0934bb4485bfab2431f8811d963ec7fa7953ffc213":"a6a7501c4a5a93c396ef8cc969ebd93cac1c30b4783a0617":"c58ea233f35a22fd9b01592c6026aa17922070b3604c7118":"a1452d85799b54370cff65fd6dd74b575199606cc8fa64880b26972c913c372010b4c3f4ce9b7b565a8f5305072404c7b9d70f7aef6e2709c1694eefae66ffa80f16eb4b91f8041f4487427e69daa437e183e83d3b9718ba6a23fb90365884899e0d2f0bef56b27249f65e1c00c5411a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"36c1e048d16f9d6035c6b62515afb929633f356fed6a654282663e2284fd4132116d21eef66d29629bc712965d960f18cf3f7dcbf8a3ccd61b5b5fb5":"":"93bb372b7ae1035de6f13b2a36c3ae5682b9a3ea8f444383":"9715b72e4755993762e11a93857f1d50a051e70d094339a5":"2f1e73945863b237f49d6d20d0999a0203f295b9a046dca2":"ca135891b47f27c26ac891df49c80d085f90c13d236a60f1372eefd81eafc5819f4ae5aee5b32d46681be01629b078ae965f67b81a5268ef0b303d09e048f4449f5aaa11af51f80151b4697b13700930167cdcb3b6e8260eeb8bec7f6a67a2050a6ea569c825d61d4858a1cd15f70fb3" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"582425e13356e7a840cae9fa435b220af6a96fb53ac91e7ee22023cf6a0eef3923907883ae540be816e0631c894520b86e8c6adb8152e55cb6aed5ad":"":"227762e137f9eec6d2b3c63476b404dc5b0c68613a93034a":"fba72c01a9e51c93ac00c1232c717d32fd4d4c791556e716":"f5258bf318457769a93ef5b3ba95fa2753ad1c5c1b81a785":"c753a84ba7f41af2ab757ac1e4c9c450d2112767ff55a9af8f58edc05c2adcaef7b5bf696e5c64f71d5685593f254a87625065ee0df51ab4f7bba38faf5799c567d783fa047957f3f965571a7b4cb477566d1c434d6b2e22ae16fdf473a6c03057d934a7e25f0ea3537be97238d74bc4" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"836f5d7521f26d884dc34af2ca56ab4a752ea18b909085a87cb6d07dba32b654390a25b68ea7ba8fb790271c712f387145052ca46cb40534355c1666":"":"99d9aec334666d7c399e453455ef6ae884c2173e12e31cf2":"d74d20dc22c55c35f0b66a464dfbe8f349616916fc726298":"407b0951404079fb3b54559c0286143d9cb18957bed7fb1d":"809f372d1af60ff972049193fe9f173684a2fc9828b60b32164c1b6738e1ba6aa12cf739287a74c6ad528a3ec00095b590b44705b4975236a0b7ea02c1213f0e830f275f53bb79efd98679c4766cad27738e6fb777e98cdd606b971fa60745289d5ef72a99e1919686a53a241fe36cf0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e555ed6c7ab344fea68d73c6432e4e6da2e67d8b33ab79e5719a2def258a852d17d93212840583fe23900949c301a29fc92095f4716018144e64583b":"":"5262cccd138256fa8424801435d118f39b9aa1db4d11ca9f":"9b55d76b743bd7fc5700fde8ffca956c0ed6091df1a22aed":"f8c99af8029110c41a6a01fd2d3d12b7103aa39cbeea90c8":"d1ec06e38af7c6e0a70b73ac62bc3556183f99a47bfea0f0c4a59e7ba4b0718df5438e369ba14be84db40d5ffe8a1a5952edfb83f61ee4d984e3d2fa67f557aacc58291cc688fa29be530e66c228e68607e25c013473b4ffbcfeda721ee35f5dfc8809528eaddad8969ce719a411216f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"12f2cabd3b6f640daaf27ed6cf6bd7d06e2ac372733c6971739e36afe2ba1ebf4e7e5e9f5591480e3fae752fa59bb99a1949bdeccf0c100f6afe886d":"":"7766c36e6583cc8e3c26a8058fa0923bfeb3ee22033f46c0":"63e60d1bba9aa29adc3f3b8a5db53f3b703c7ae69bcbc2f7":"f416f36717ba5f0a78125ca52ccd004b2f4f2dcdd401f595":"6196b2b4adff14a26d64f440b6c160210266d7f5b77d5e292e94b8c67bd9cc774274741e7c0c9a7ab21c31f1194ef4218ddcbbe94059042d22ef44ecfecef214a73db64505d46d5493d7475d0684fc0e431c5265c12b35310d4404b3c4db6029facbaec88b0c0ae9799e5af0aa49e842" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2c50da90a1f7987d5216950ea22689584b237647d96c1239f9251942f4d13d16f418b0cf7265b91c4ad97a7acbbda065a48bc1bc5c7a9ee1523c50e3":"a74c108fe870b91a2defa971fa1efcb7a209f293d29bb5ea":"":"":"":"8853eb47c4ada94a3d58a1b517784bccc8f831d02dd5239c740fd7caa3869c5ff7bbf522a78be2d510c49c496a6657a09f0ede00daee9fd77061b0f04e7342518dc6ec1f4a7ff99dd7c783882b58f5e8bc467516c6b85985fab65c6761d4fe756ffc27fd62cfb92778391a258d3b0b0e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4606e3e19a8a53e8aba05d9d1fda1ddf15e7709aa2bae8b54efc4a14e734b45a5cbbad00a749d2bde540258de74ff8fe886d05570300af2086d0b9a2":"23ef5fbde4b270c084a745e0e299a5eba228a37074fd4f07":"":"":"":"8caf86df25de5cbc3749fee4b64fe041cf4ef2859e20704bb01abe126a90ead8cffc427c2f98aac400aab97184846125a2a66888dea9c8aa108e96e03b05bbd30e566fb90c661dc1990ebfe75f73f5b0de7be419c225bfcba3713805455dffbe5d6fcc98141743b59c2cbd70e78f5977" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"08e2e2175fb34e4111179fc2580c05afa16d224440cc7eff24082beb16133a992fc4f4e2762634fbf68177dc3f11c4d057b71661ade56e7768ab9e6b":"0a4af33e2501ba409b132459ba97603888e727aca0a0cee0":"":"":"":"39c60b6d9f85cb69b2128bde86aca2b055e21ffd7716d789f834ecacc69a043893b09459991793571d3d8070f03382a11bd1c1bf38e86fae13a932c6dc82c540fab8c8eff478e598d3295663ab75ee8a56376c0d607fe43b74ac39479b8f694a3a13826b1b96344ec67b9eb0a5858eec" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b436ebeda1119de3fb2b2e532f7ebf59fac632a4d784d904f844bb73f2cade5a88d4790c8c1d5973fc73f6b7f929303b62d30b6818a25ddf705bdb9e":"07de5589726c49dc5a764de9b41bce74675e4ca3c71769a6":"":"":"":"2099fc754ecd19a19de8afd21d2ae2ce456c32d6ce7772a98e37ed47f54001f44fad8e9b591a70d3bb28f19bca22940321ba17c33193613b7b5be1ec54efa470b70cbd6be2931193c35cc73d80c139bb4e670e1a2cb74d3bedd3610e9d0f9d154372a70b608fef824c346fb16241b301" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4d3e993c296c66983b9c751d2c0aa2d519f801a764ac9f1fd8d86b57eb226bdd9f69efd9ad29bf16af483e7dc170f8af65c16426c2ab7c0fa9df0175":"52ae4cfe985348408d3678d60259a78369aac02953911e74":"":"":"":"bead2cfc29315133e6f5ba2e85bd7778dcf9908081032ee634f90b0124ed9371c9009419b9e2a409fe4abd6295cad57cddcb6042986cc98f2fafdff99f7cc1185f3ba0d5f1e5f5452ee5f9df03c0e8a4f8426ca246afafe81079c2f0d165b87056e7c8528e8cccac5f49d0bb5ccfbefc" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"c7c4e18c56e9191ba43c967cebe48e55bf9aff4d6449c3e6a1f9846bfd7f92d535bb7386c0155cdc5aa2beec888de0d432f695ec79b1c78841ad941e":"c36a381b1b36e6ab00ea80557b5e7451ec9771101dc22580":"":"":"":"da74b23d309fc7cf7670d7feb6cb6ff4da1b763ae2e8616edeec12c71511f5a24b9c466532283f4151a902ffa5ae211d7c1efa84477b93fc393ac95522f3673f97aa9e379e48d198d5929684875150633fcf8a0918d2050551d8daa91887f3d2685737b6456d0c61c0a117413f193346" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"78426f865483ffbcc6330db2ccd65bf8f247706cedf68d4cbcc289bacb1ef32e5caf05f28a21146a9b18e77b3a7ed0d24a0803c9af7264fe4e23d692":"e5026090f9806ff6f158c4a834588f6a39e9b4a44ef2dfa6":"":"":"":"111cd64a9950cc6f20a1b38811fce4a08929ca2654bed66c0cdebab0b81552826c06ef12ce463fc9c91c81a35d2ca0553905922b9a4975fa8fee2c7f9ffa9f2ed8cb2609f4b7d32a44927c7b5baa8f43dda137aba9b49a2b0394f7f67d37b7f71a5e4f4c151db6b96e8e4dd9cd0bd84d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"43ca11d53ad0198e4db5e136de8136bc461851a30ce59521f931ad0596d13365bd8297a68dd42b7dab7f40808b3ce6c12f14d4de741ce451b6637a10":"532b05891fe406ce72421013aceb434581be8a3a13549dfa":"":"":"":"4c42f791dc8322d779f9a1ed9a28b0cf352601a4ef6d74e4e822ee5d9eef06e700314acb7a47dcbb62805babdcfdd236e3022374defd44bbf747764f72fbfccae10893b54b29966aba448435987c22ace4c931d01dc945091860cae7744365bd9b619059b8b646b229878966049cf83f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ddcb3024b681e30e16e05026d8e23977497fd0b2c0ac24017de2744edcb097d3a104d4e3c6b8adcb554746f9a43671f0692c01a8f89fa98ec3a54ac7":"bd9e41974f6627ac5bbb21ec690eece459e1dcedefb327f9":"":"":"":"741b2a8e82aa3ca9f3a609d05a6e2d570be463ef957f235344cdf9e0f89b3610951aa1ef0b9406785b75e59c2de8349d435e4db82fc2a4a8b94e366f4eb13c432fcf8fac08f0c7fdbe67a44e81706b53b460f78befb8cb6dd2a0ffd13c87df84f8a5197ed47158cee171e5323593df4e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f81c4ba8605dc14072e2bda2d2ef64e71ad856061056b8d8374fff5a6fd9a54a814fd725bda8944037197492c52c62b97ea02df33325b35b91726839":"217137084f4519d046ec896144cf2c301baf911e1440852e":"":"":"":"14efd71fa13dfbd498bbe13ffa24e646d04ee0ef32c99c11004c3e9d8f748ac2f956f9899a72c8d97ae988d06275855f77a92bc30f1b957dbcfc93fffec3852715c239c5313e765affbed257d302b6d1b74977b8012522b69902adb86efc1ad768d99d657a5375dff720b4cad886877a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"8181fd2cc5f7ae2d4ed2c96b9511aeeef33e50ecf164afc4eddebaf76a96d97bfb40377959e1edc44d24df041749ec6239ff226e40d5a5feccdbeda6":"7d6ca5ab652a37cd79367d84299f1ff2c5a3c2331c77b98e":"":"":"":"5a2cac8110a24e1d8c5f8bff3e82857ec8cfcd469c316fa18b0f65a0d30866e49fed2a228121f50901dbbba561732c4fe82a98f341bbc0a397fd257a5f8a4a9122c991648b1a6507c82f866d26f9b22e0ee7c9a51c4d8e5104f0b4570043c9257bb9dd6f3730f1daf94f80baf8907acb" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"a0ad012a978bed2268d05086b823f5d0dc9bb98ee03980d755bce968f9ac81db886a2a05b59df40d8346334a0276b73f528db03a118545acb7f2d70e":"1a8aca3c118f2bc0c2196df81ef22c267d20ed7c607cdae0":"":"":"":"b9dc0eb1e4aeb482dea1b4a5e6f6ef9636366face696811db2d912e9430b303f23ac95d65682694ef9513ac5b3e56a053b2e1a2ffbcb901c375cd122cab47d31fca5a0606daf8cc2e5e6e99b90fc8ab4fa67794caad91985cc92b2187dd2965be0980240d9be2fb1c4bf06e60f58f547" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f28b143468ab87794230cef4361d047236444180d0cfda58cbb9494cd1ad21be96297ff799011042013789a928f18831ffb0169126dd046c774a4fce":"ea7fc50e1eea3d84bffcbf83b240e921348b532e7b33f094":"":"":"":"5c22e92f25acaf98f55ff06e1bd80d382da754d1d33cffb6fca933583ba758200357551640c439770f77f843e9ce1e9a054f69588d76acb9cb92b7a2fa2903bc51391bd7001ccc1da67a4cce9e5dd08c2d489295c36de2c148ce27311d0789310de1cab2641e92f859b036383a8058a4" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b628cb448e477cb439a2de687861a992e738db6b2b25cc6c27aadfc3a0a640b3411de49c920407303e80abd7a1d4f45c4749980fe1550bff69518210":"d5f4f8266da9b7f17ac97734201544104a5c0acb53c6bf22":"":"":"":"34a834dbb7da0b6a2e2353bd9795bef369cdde4d172b3feae7b1d9fdfb0446454cfb1adeff423d0a143c33c0e0d8e7905bd1720889e8b1121f1ef82cf15443c2f9c8999c5573e7df60b52ef395ca1d1b60e7eb721c012c344d06b336d519fa2b7b6dfbed8383456504bd0b4893bf2ba2" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"5c7c9690a1926a4580c691c2e5327e736d5c3aec0ce8f5d32d4946bc4b607f712a8759428b010ba1b268b0de64fc5eb32d3f7fa9b8d4f20fab45c72d":"0310b2d8b5655cbb0fc2041ad15a248a7b1f2ac78845e29b":"":"":"":"6f8b6df55d9d8acf87dc2af20b7f4512f9425987495f512975de8059135e7ebb8698cb0301a8816e7299e76053cb66051c8b35bd2b00b4695cff4847f168d2d60697495cd9007ab7dd74ee7f61ee90b7827543f624b7c1412bba3d6df1242e6ffd90534ed393341429fc00bd97d9bcb7" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"96ae702af50c50c7c38818a5133938bd7ce51197fc78e21815b6c5a7ff9c0395d764159f707d5813e5bf47c1b8232b44a007bf7decfef499d758ed53":"e96554644097e9932585b7f4bb14d101f24c8b0376f38c05":"3f698a5f6f4fe67ef2ddf23bd5a67c1a2df4f3b19425fb85":"fe1f6a90fc0ed396bca21c0d40a1bb583eb63df78c98adac":"5942b56148f27dd5388f00caa47ffd4925e854237fe14454":"150b9260ce9aa419fe1860332ae7c9f42d9ada1649679b53f46bc9d20de3431186a54afb5df7b6269cdc05540a93fdd50a2cd3a862372d862841768df02846b057993dd6aa32f874b7220a5a1fd9cb573d720a54af5715cedfc16f0d9a467735e253b2b1a6e97421fcee1f2d670dec1a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4834717f669d9b599f0ee526129057b5a7c5680724ae0459ceb0e0d4eda21e5fe92e63fd23f08f8a0b094a85f3f377fdf1018ada0c461b5a05c334e8":"870b7857dae97cd361a005c3005013e4dd55ca76e46b62bd":"522534ba1a09cf9abf29bde66ce1dacd0e273e8954eccafb":"45f54169665f59d92211f266892009958ee515f14d09581a":"4633819c2ae83c71059ec8ae41ed2c68cadf9b2085a5b8bb":"7afd6cfafd9a7bad155b59a8bb2094f76b915b93764e92858821d5c32ff4a29493788d3dc1627ffe7980950394349eba88b9c2f6869ac5086296366b6f4ee37e8529d291c9d962e30662423faf375b7820e0b650db03e3c99791d8042da790cce1a1997ea21441dba4b936bd8b393300" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f5d1d27eb344b63e907d82a2e57494b25dabcae440ac88738512d9602ac8bca243018f2495599e618dde0261e43ea38d45e7c09ccdc4bf3dd8e5c100":"12ff844e5c5bb3fd871feb37ab796002846ffaca5a741c54":"f642c19602754584afa3083f567d80fdcd1e5c29202ac3ad":"cb6dbad8ce1a5677b4825cca934336b936ccf841ff98d894":"c11fcc157c643a943e54274f1d942d998fd1ea0333e21588":"6f25ae8bf8c26d5f0b9d2a81acaf221790a09241b6e83c9e527c7784881d1f7398c2d7771174f92aab45134b4633ad96430df30b130ae34af52de90b425405959ba24a41685a04d2411e2f0e8564bf5bf3280cb6d75d0b910d06c73a625cd56646eebff14fcff81411c055921cdfb4c0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"49a10569d87a790d34bcc3c8fd77d075a1cef9eff337e8929b51bdb8d6c5df3ad31045684fd1dabb1fe6f052fc9886384fe43c0a7abc7adca043d35e":"34d6ad434a436a690e7644f0dc2207131148192ceb2e91b6":"8707328fc5a1721e4d72b23c2b8ca3c30ddd95664ac478aa":"82c8d83a9f5d5639a6a1ce26d244bd30dceb1cc978627e19":"2a53b0b80b29c7d071983b65ba835e4eda66bcfe7b3d90b5":"08e24ccaae3b44b7248b2d735af985dcadb84f74d202bca726de1cd663bb5ea1bb67c669126ac97218a9ca45491df90beb387615474249bba1afd4534be7a74c61fef308f13661ddfcce40f24b410cffb1cc3cbba2c6d20a5e4c4814d44bef07bb697cfcf1e9932e43349376dc04865d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"9a4232a59cc579867f8330c288a9218251030c00ebe50c9cd97d6cff6e49ad079df509644ec2ebe3ad4e515654af383da265d7b348dd4b89ddd49cbd":"b4498a32f664d4b489c2b47e67845d2d2bed5096e88f86de":"b8471ee87531817d81ee32578d27fa3a190df33561da7a2d":"2e74194aa62ef911599b37a51fa742817e3a4e6c254ec179":"afc7f13ae55e738cceb976ebdd01698de4d103db797f799b":"340c28cb7cf4c3e143dac3e133de864b1f458c76e3d47f3cbb6845f940be174b8819fc539f42005f4485fddc657f064c34873094e25a9bf7ec341a98cb97014a1d694b1694170ca5a8976e86f6e4e41232f526ec8536facd02394f492fbcc7c298ef0eddb3c5a148399ded7677366cf3" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b89744009793d2c118365b1d2f343d6b6c59374b41dbd805e793f27882467c5342015cf968b080a88a15fd6a7be3757b05313528525ab1e2cbd08ffd":"f3c02be0a880e194013c21b09b6703a61a7ccf7a73e8a541":"bca27f10060bb8d16d499b3f6ca05ed8462b51b0b43a1fd7":"eb6fcf75884be9112219d359013f45fcb1959ea971bd0bc8":"50a03bc3652f50cb9ed1167ea70ec1e74f896f81a8090216":"d2a529722365e7ff3e660964eeb27040a0e92a4d19bbe94592cfebad71047414676ca6ca72234f5127f313cb7f5be613b44d989fe141c9a0ec1f0b4d83c36e744cfb1c72c32a02b68c21d28832da008c57664046255ef18488ed750ec5e73b18eead939f932d2809f12939670c3c1033" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"6d2918c15be7871cad99dc9e06f73253ef905d9705c4e4ec38664043b04f9a150fe5953bfa7aebd926be162b7edd72fdc14ff97e67dae6257ad654f4":"489243eaac215f76a573b92f0709d116bd3c817eb95c2c39":"0a84cad7a1cd21a5afe6557d7d2875d9c62183cbbf49a123":"0c14578ac9504902cb9aa654086246d113039f926a87b325":"1aaab1e3a29e144cec825d29c3f42dc945cf2772ed30cb5b":"33438ba4edd0c38db99f2b6a50b35dd89aecb3491990ec4e60460bb32eb0186ff9fdc973b1b0df23ae65da31b8af5a37a69f81ab3e577a4c2c31e51cfcc4e844b044fb597e937524f59a0019ad5120c460329c982fc93e8e7a4b4e1de5619103b23a7a579633fc925d147d8fb856a277" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"1330c4aef54ff84387e0372f7c8d273cecf0af2ceb32ef6edb6a4f1ace802f3b95fa69cf578e2cda1d6060ec2554eb3152507387f325d8e26009bd80":"89d7bf8f5754cedc2e1a249f693e29276170f62c29c5edae":"a6b58f33d57570f4df05bbfb792a00087d331e17417e09ef":"f57fc701e4f8f5cc2181b5357824f932f6e07679ec0d3cc7":"586c4e8c5769156cbb54c025fb01aad0b61aa6238c231656":"0bcb6ad4f2acefb549c46271d5a4ed41d7decc095137e2044b60273388c6c6d79cb89016abcad1d6a138621720b71fc11ef82fae04026e08926e94042694a0c008f99281e03da580fbb6543aca2b4596d39699b97f1fe65ec60a70b88770eb825b716a10ce41383f31db596079a9d54e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"3f0564b9ceee32c8944c8f2bc4b4d2179b38acc880bdb91eed466b881e2cc21df77bc3901ab5ce5ecf029a066784503f80d1857979b09c4563944433":"5d54fc715556c20f5b2d01d6b0992f1c596e5ad77f81da75":"35cb6d07862fbab4f50038097cb463aadf14e519c8834651":"abb21e501e85ad1edc66108e3b88380fddf810b10b883317":"3c690cdd997dfa9c5677bee976fa93cac21f5bbf382f7f53":"bae872c9d221b1531f85c15f466b7a3af3fa9c9c6b72bb8f5dad77f3d12df52d10347ba5d6504cd0a285c3be578bb67f0a9f0137463dc01cdcb847e7853c5db4cbb6a115ebff7b80db0406baccb0e3e68a4a4a95364c2da29466e160fece7b8ddb65dfab000c66cc8109380a601d5ed9" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"115c973d6df41ead464e22572dbe0761dcdb9aad930b2e55a5558075fb7c51c94efc5f8fe5dfe24d30175a89f1bbcf146037a07b324f572d0d4c27e4":"d3079ee3a3c9b2d69ee0fd316a6448bc7d8e3b730948c46d":"2348ee87bd5a3bb45d51a7b6a109043a9b6ee3db011dda28":"937fe1a7a790754bff99ad51782e8ef5b4928d0057b0c380":"3e89899f4aad241a9189ffa127c87c15b5e3bcfd80bc316d":"0ffc883aa19b3cbdeb39039fd3760160a93cd663b8b358e9fbb6300df164689303ee5f2489ab4ab2d522f6a33c93350eab553a2499b15f8ca198303ff45e946a06d8a40959f33a759c5381b3a59da22e68032abf3da3da6aadb410cb41f54b3146ce57f9bb5d28bc823e3e03c0294794" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"c28541425a7cf33e29adaa91f326f216de89976031977f104f44fcbcdcf4579337434613801fe4661642392db29f15f0924566e72b596b23ff7b18d5":"44650a29972aa8521d6fb9dffeb15c00903a283f20ea9914":"43cf4de0276483be1382f3cecc6a803551a40602584cd84b":"03eaa10612895db8f66d50a2210d73d1f563c3ca929d9f54":"8d2b20abc4e8890c772bcaa05cb7b3eb5025ac4cacb5f7ce":"aed27ff8eb54a7d2787e73ed2a51877c1250c0d4eaf10aaddb30409624289a9b7742cdebba54218c7c448b57f209182e214014cd180916a8c125ad438af2e5f5ca5b00f9cf063f0c307560ed4378382b4572b97088f8d24e0bdf0fc3489f64074f1155fbb1163b54c93098b841257c30" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"dfa52082afb4dd137cb5209f6771f04eda25794280983ba1d8cd2f3d7f9dee556ac26d8a5a368d29096ed643089b65e9ab17b5f58ec816570499fbff":"16ccfd20408082829aaf8a818885164581c9a1bd09e9fc12":"abe13d12a9f0133bdebe14785dfef5f08a133a6cb5c26a92":"485dad7804de594356cf3c571d5f22263c0b7cbd4dca1f1b":"5961f8177b6015ae0119d22e0a45a4aa1bcdc580f7e7f975":"ee48e57f1b5bd72c99c911d3353952c2c143689c3cd9b474a46e4ada83811efc67f2557d323723526809825aa338a80e833c95297d6b16490db633ac1f1648071c3ad4cdcea056c41b4eb157ffc83c3454b0cf001f1e01c31e48a61587381e293e6cff97270c1f157b069df3e591c2f9" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"95f3a1aeacd07218a2ccee44c807f790e568e0032a42fdc7c8dc9a71f76bd725aa909ddbdf5457f1dc4e69746426a9c56fbec603867633ee36a7fe62":"658b7326cf6adbf7208d37cd69547805bc3f58fdd874e143":"d44350c7a668e64873ff97c31d79cb23b0f1620aed7c9d23":"dfefff80f10c3143b82de3392c395ab94ac8a2f4c0a30048":"a6d21a762aaaddcdbae9b9ecefbcb3149d514c94fe83eb21":"4f5e544491b72b84a0d0532d7f9ce01ec2de6a05ab5056fc75d8f73bbcac5ffc38e20745d0e8aa1eacdefea6dcbb92475b5cf9ce0a617e5603b7b9fe34f4f4cb04ade2db35cce1fd315140e3e4ab8472216c7cfdaf004181351f210b397c3147dcd279f6fc2ebd96050e996f77ad6ba1" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"29a1897d6ea5de66e551f8c106f601e421ddd940812530df00f634682f249aebdaf86938c895c11f9fcb0bd1fcdb183b4f8cf86b3429a5372caafe1d":"d655a179edaf4b8381a9f6a332ed5b754dbf34f650d19867":"31c87be686b6f90f3d1b0ea90c541e16f3430292a5c4755f":"ed49403700cebec30d1057503be7baacbeb45bcdfd9a43a2":"952763380af3243c6c327f23cb74f8368919e0b6b9c25934":"fb29067bdb23c0f0153932523edf32d0e3c18e46616e07f39a4b78091eca90349f636ffcf26b68a4cd0902431f2ada91bcc86dc223db4aa7a42e7cb57a852095704a27f9f07962880a50d2ce16c125be1e8d4f54a0cc5eaf63150c32408db6f39b22fc93b853caaba9e49581f13a8815" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"387e31bcfffa51323a92d90713b438a1f4ded69707be3aa517e1e72d448abbdf0a17989b3de7c43c621e904f52db52ad823daabff9c10b3fca93acfa":"e08fff320a493d70ea4cc85a4cc604664a0deec8f6c7666d":"969cafc33e99964833c4d0f88f906f5429b5daa552f53bf0":"8d6e6f05301ef5cefba752f3d0ef58a25775d6b69f6c15a4":"72292aaa69fbef6f010fa4d5bb63d6d7a595395d79a8c110":"77ead908484044482da529f9a6f4ca6e6d8d49954d2e2d5c7dc455e03bebf484021673727bbc40adc8812600201b8c2de8e658191422b80d23502329c84c0ca061b212952fdb2ecf3106dd20e6455f1f231e1dad1cfbf2fa019dfe9c162a670ae20b252ae2e5a4ca0eaae1c679a7fd3b" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-256, 0, 0) #0 diff --git a/tests/suites/test_suite_hmac_drbg.pr.data b/tests/suites/test_suite_hmac_drbg.pr.data index b625ba7fc..934a6e3d3 100644 --- a/tests/suites/test_suite_hmac_drbg.pr.data +++ b/tests/suites/test_suite_hmac_drbg.pr.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_pr:MBEDTLS_MD_SHA1:"567d3f4c0de396ed67569c070d87f2b535ec874e881418983ec42ceb295b7d312e715e46b96f9da5998f9cde45b1dc22db6d2d7bfd4f3930":"43c16ab49ca5174f907d7899ebd242e9":"6c0b479d9e847dfbeae230bd4601d0db":"0d5a2183c9f9ca6941f6a617892f5e47":"934fe82b0951b97dafc5ba16e87b0459691156b42ff2dbbbd8f6ed9b04be952af267c6a17fbfc86de91f9f07eed482a5362b176216a8963af485503ba93b2e82c03a3ee6225077d90cd961e24f6026f6" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"f3a709bb47a36838cb998fb6986ff074c57932a669670570ff6cd1b202ee1da014a011f43fc02c51ffcb4048cc060763f2c58de2edd494275da14118c9cb7fd50475c66cc7e792406213a7d00cf7623d931a5947":"":"":"":"bbe3daefa61fe302bdaa6d4d379680acfd0d456b5d35f137c145b72626f2fcf39fdf7f3708d9e88c1710408a3d7ece3b0261ff538846fd5452149960215c0c22beafe6cd24a7c392d5845774b87528912c322119a2adf4d35a0ba61dd36ffc8a7e7475afec58ad4a8cf343afb677f087" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"0f508c6330b9673e94861ae2057e200ae8f2b330b74634d79fe8a4c698211080db07e58b762a2387379f0c0e2d01b2ca40ef82fec35eb81a5493ccef709dbaa0b0e4494e460530062c8db7446bc6af2d852fd875":"":"":"":"583367bde003eb2061cdb6f51db9c6827cbcefbff0497ba823e112edbf7f2066fcffa3e92d1e8c531007783554e6aa8a633bc925690ca6d579fbedbf9cc4d6cb08133d0cf8d4c25fcd3b6fed95f00b1bb17477cf67b97a557e7da933bdc121481755f628fdf0f0b1189a097c7147169e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9082871e73b098bbc58f324f12f6a83c321360c9f5b400d00a9bb865ef5265083d9309657c40ac94b579995902df0e2084eb4a6410cac605e482ea4abe5c8eb73bc63f68baaeaa56d47f7d74974d940555fd3861":"":"":"":"67c2fd4397af79297782af9baad2a26b993efa48c689a74531417ae102d4ea1d6a82cb0321aee3dc2572ad27299e81a7a77f1cf837119e746988f2ec60bb01eb2ac3d110a948c1c33e86833757e2670cc3947658f3b2d32ac59242f152e889d03d03056f0a265ee759d3a4488b55c63a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"4701f34326930cf93deaeb3a9c196e307a890c8ccf44a55f84593b3388a196238fdd97d201998ec734821998e7d6bef7b31fa2a81343918056c01d65f519c8576e4120a3d6b9ce28ccf57eeabd012d2c14e47045":"":"":"":"b499b86b0a25a0fc84a9a1b902972e2bb5aaf9b84f13804d6180491285b9316218cde0e73eacf722b5c664f4e618625ed35c5facbfca153cc184309754ecaad9c3678ce51ade96dfe3290e125d661e2afbdadfa73240c24939bc31d171712c7c987bfb434f1db6ed44b321bcd237f149" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a912b6755cd2d677d63268a5203739b0785d7d956738a596e269128a583921aacbba1adb7c6d1714c164143c8f44e76711965514651680235068476ab137d5962e5e5872f3b899d0e9ca5ae8fe71bdcfaef1d241":"":"":"":"0f410304b6d88e52c8d6039ca674a06c49a5fa1094cf341c4034e39990236d9e5bb8ebb6e59849e7df82e2d02981d8df21e4ba3381e606b99c16de62860a470109c0123c69ebaf970603f451f9e6acf83e1c5951c3cb87170ef319d9a791110aea0c0dae5623c287d4c454ec93227654" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"54fb376707de02a1c385a3da78523485111a0a099066206f210ad848f29d3c270d2fd2f668cdd3a57cabed71f9d784c209259d1e4a3eee2046846a55a46965e495eb29725a86bd630dc43cd60ddb4fc93c59980d":"":"":"":"a2e3ab5390b5b79786ec7b434de48e45f590b85513106008479d8a3b7b236c884b0f871d8dee539c712509bd70de351f3881cd87c9cf77c1a9d8879986ff0f6678549c5c6acd15aeb6bbe653a9bc76829df2f194c5f6e8c7dd3058971ce15273a2d559c1ac60a0014e5e32352d6be2a1" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"3a0c24b5a6106d28c02957538e76e96b3ececfa80ba4c7d01fe642a88fc822884cc36ac2703e8952ee635948715f78c542e6e3270f2757f1652474df4706490b18e649ffd95dc518a8b4259da193600af5d5bde1":"":"":"":"55dc24206aa59d34ea990ac6b31250f15ac056c8ecd52e159f3464c38e1f28840eec4c6423b0fd9971d11c5ab99225eda5d173c08f9439bb56eb1cc487fdaea934fa816f9c9e0d628f111cbe60a647e03892084f80775248d41cb587617671d99b508644476b66c1c96979e5061e025a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"ae7ff70bb69c964f05c99c0e7868210d567bcb5eb02db7708de162e6bbfd91fa17f30656420dad1ca69d356cbab80456cef922a9206f07d32c3f198c1a68e673c5583674bb1df1f2a69c554fdd3411c81a90c83f":"":"":"":"f1f3f79b1d7f988d4caf7308416f3d02371cc029a28eb4f0247c8625c4680a2dcbe9f3d56d92de6ee4d4031a254bda8a657bc147fb90c2f7783a8e3749b60633e5a921d015b846b3cb38830bc7554308af08ee8219e5acd1b699f1ac538930d257da4ef567ca570a7951bfb236d4d36b" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"86704ad0286f88dbc60baebc2ed0571de7b5ab64bc8554ba8645557fa10159ec03cc9f6f299c1c3011c73b2563e571fc24f5b5b50b4bee514d7c808873ca804b147201ba7ed43430d89b066c04b00b0a17694523":"":"":"":"6b1a26d7d21308d217bc8988067ef3e21f5bc10d34e89937f2a89f8da256acef50b6ea7d9ea877bc1d15002b1766e9bc7fea3d681b147e42359ce29d6d4f8c73e7c29b9ec14277fce2f6a0c518d24aeada44990f7f92b0d1184ff96b20c76d506f6f9d963391abec5bc247a2ac6b24c7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"d0b30341b4fd48281f76a83d7de5769d05d5cb9e565b213c8e2bc8d4adcbae90107fc12fc1ed2a19f20beb563de8f05bc5c437637148154a12b1606bff071dbb366458b74a07a1c14114fab487772d436d4ce159":"":"":"":"fe2a7ced1965f013d475724eaa7d31b62740be411d899afa79f9fa6e73f18ebe0907f2f21388b6498cd365798f27f882a2c5c2744a9b25e8d351e77b9fa4471ceb1dd6c72fdef75977e4e4a246e24f56a615189e1b2a8d6782e8c5062b744a65ebe1f7c5fbcab333fdc155bfee300503" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"4a1a697e41537f28b381e05f11ebc905bd66c2c1d905d8c0b78c10c26cdf547a1b6f85ff58f48298a11bba41e3ec015d41a24d9e335e6e13b06b84b9f56b3e803bac569dae2d74c444bb58b3a6344bfbb9eee765":"":"":"":"15060b2bc827dbeefa2170ade633b0f0075a4b9b03fc24f73522174be4e4b08b93b421fa98c7c5a445c3aafed47a2eeeed63f19ef4f67e7726d8ff84bd94daa3338e397d52abea4c7d1191e30f3e8a11864f10ff56b2dbefd860655d34cf63ea22bbb54dfd0c5f64284c303a2ba2f49e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"e80b8c8896557d596e192c3226347c336dae455b50bf32a78c61b9a98c949096be51538e293d338a464eae0eb18f1ab21f9903d07a8b98ea2ad7f41fe7ffdc4b4bd0fd06138a84dc5217cc8fe39b92f9558aa619":"":"":"":"55574491d07db3aff94dcb71f519cffe2f96ef57219262860c3c03f9a5b8a1eb88869e69587f8bc0693c9919bb277dc84fa55187c0dbb20101f0c4e301dcd2fe21664e5a2f0dda3eb4f11df3878c5becddbfc3ca032a17f740d424b99be0a9bedfd99907229ecccbf459f5495533560e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5c25f02bef1f1319cb6868d836c9cbc182fd8d86ecd87bc5cba41c163710074e80d1a30ddfd0f5d88c6682292cd50c68966d15e6ff95e117d342d974ff074ee872719d15745da624f8503a6141b0ac4b887ead5f":"":"":"":"9c5204d5471c25203f1d9786d38f71081a872f1c56604dc7570caa5439f17cddb7feff01cadaac8e0f35e7a5433cbbcd2dd4f11cc7dd14f6af629fd72a3145db6924d2bdefc262662367b7258cff36172263460f4dd52dd08faed3460bbffe18eb10ff5b3c6a97faddf65b3e21ecc98c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"68b4e1ddfd16a1c1ecb0f4221306e77ad02b07993457eace086f66566afc5f12489633c605d11d53916eee96ed778d6d6518c5681f0fa9b0160da1c71740a94ab33310bc20a18710015af25d3d667c40dc619f34":"":"":"":"5c4c9b3276d546d3b6277a3a2089d4969146d833e0ace3e1ddbd9f79fa2158531f8bb26a28b08dc64bb1e610f13eb14c9fb23559dc2f38326e145ab509b9f69259a0d1a32f471d5abf154a2585288063845f99306f9bb875ccb0d32e9d49b42900257ebaa532e8ec223aea60abc9714d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"d5ee5e2e629ea17487e593914012575daa8baf2d0e9671e1b8aad16524dbdf7d04c11130cdc10e50c630ccb235579a72b6eb4502fe146aabdab62a085c820ea46bb9091054d75a892a83c3850da0a31c15e0d021":"":"":"":"e32c0798b2040620fbc5d2a44ec7fa8038444c1910fd4a24312c8c8eadb57a78606449cf05ac51a3bc4d58ce78742c1be3a0fab6e3f5ebc92b82b5d5d64ce29e8c2787ace0f4e718a7f6cb669a0a43ba1aee0d9aef55cb7c6f5dff57c8acfe883ffd8a496d44afe06803e4c9ff62df04" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"6e531842b9b7fe2c0ee66899a1255135f784a2d5259c93ab3d63a5cb708e2e6cba955897d9b66c7fab274aa388a5db69713c86faa4a19709e9aab04638c670ffaa83806abf79a43e613e62cccafc637e1a1c0c14":"":"e628db057250fbc6fc5aba01b6c8b47062ec5632a8566730":"bd12e61e3d5218efb0c103dc49402800cfb863ec8925e76a":"037650ddf66ed42ea38cf44aaa94884effc5f831c593fb35886b5d601a58f74f868d89f2dba450b9c160e28f69fd24e30fb7a44189810e29afd0d11762d3ef07b4527f4134d6c53bdc9b024cebb6b40fbacd68b6acd4bb4d011d6705ce22f90d910ac4017d2426db7a48db3242161aa8" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"3fadabd2d8879bd2298f53c54b573db2584655e08a83289cb58a4ff5170fdc30d71bb24efbb5a50def315dc69146111462e204289a64ce72767499f299c74c934f0007ddb34bf5183bc1e5afd8c15eebdebba882":"":"742f7022892c2123e62379e9367787302fd18dc3835de0bd":"b60325136fde7c858054983a977262b6390a48419725febe":"3bfa419f9bad259b871703681284c5396fa94a323d646ddbf5339398c4d8314a999c230894ac60bf231762acada672f58154a86f80a8c4e3bbc67132e22ef50c0377193cb0d13c7e2c97cb24ce5bb69c73be2e5cd3a07ca2b000b2d7eea940053156bf55d846181e3748a91c342e191f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"0784a499424dd1c2c13f765e9ed88d752fefa83cec61154f82b3fd645f642ff103db9c8d1c10b5979c56a22d58324669d4ace3994927222fa87fd049558a48adcbd6ad5a2380d2d927be57fffaae037bf8a34384":"":"9f853db57c3da0421914d2f71f9317817580c1de4ca43d50":"27071ad475b8541c1a80234bb2d110637fcf4b4e20e06a7a":"2c879a03bd719595211b526101fe85702161711c67a81184cc42c1f9da5761e853ff4b8d19deb95a2f3323d1cd58a2e066c66e7a30059732eba43a4bf3b22fffa5bea5161fd775160dc53d7cbb4c892bc122e4e0139f8f550219cf6fbccf55d16d8a4d8d7776aa143c00d9e7bd1c847a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"addb36bc9ad134c7b8fa54881db1b18e040de4f253be28efbd36b12bfcf4721b08c5833eb0a97c668c7adbc7f04a9e0299549126172e25b9e624282c8e63eccf358c0ef1a71f8fd0a8fc49451db7757eae344e48":"":"e32540418ef68c3dcca1e7a0546e5dc7d4c5e92019b8cb0f":"327e31a0619305c93e9b5eef87102d447d21e21e2d8c1cc2":"178bee4059af0282854c833e11e7bba923a1e2f1126fe8cd7e1694602c180802d67b845a88ff786147f22a74e6ffb0f8b86d352cec2714ff8f308b1f9705603faf5b04bea3c75c87c91d5e6cf7583b5c45eb5f5a74d2bac490c8415d2fe07726bc334c88e3fb7284058b006f82e89ae7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"412431badcf06f87551ec63c3860baf4b59667cb4753363d0f82fe7c968ea6f8bc5d015418adeae206005725dd9693af6f7060a2d5ba53f66dd49dc148de581737b67acd4bb70ff2f4cf20abc001ae1eb50cb75f":"":"d67f94a953e7e4e4bc0cbd517f963e599d68851cc333644a":"385281961ecf2d8175c0a718347d2132f059964c55f39f57":"357876e78a69cd4bc4e06b2c52ad28434520d54a4a310ee0eb026b87993514ba1442e25eb1ae22a3ce98529625d8db9b0e5b680d7e027523b0ba0184d3f2e4b9cdee027960ac1612295bcdbf570912ed05108541b97e3bb30ae0a122d74cb536e5db34b7d5ee5a042897d5d29fa3c126" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"ae914c3d74acb6e2d9b8487927db7992b838ede73dc918b60bcc94f0f456f454a6d100c90e119342154bc3ddb059f48db3a8d7b7288eb42d0ceb07532a2a357d20506ead28d9bd4a127d437a657a61f5d30b04cf":"":"2afb537c13fee9c4103cc6abb11225046d94df2e9838f73f":"6a9f670cb49cd9ad98a17cc19d00d4766344108f0c86804b":"2ed0c4140420c6e3798a13f917cd998b2ce6f98bac27f0fdb09e2538f573caff16904edb371f98f50964b7de552e997007fcd267b36abed12cd95d9a08852a4ca862872edd32c707e7a60e11fe0a7db4c0d34f4c70ff16e5c75e6f5d7ffaec3be383b8790ef0ff3a0d9f79850c9749c0" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"38a93c3ede148c91eb7f0cd327cbe8b27ff0e569bc5262aaf30b86d31be35f83b4ff50b84b5dfd649908d0c55cd5be7ad36d4f5f7f22cce066d3b589adef804bfaf52253a0e4c6bb03e000d649541e523ae52f1d":"":"e12c05f2bf463d24da9abe89301d2acefb7957dc1bab9ef8":"d70065fa713e2d691bf554a00d063222755e7204a3e53968":"3e5ad7e96c8cee899889640d8268cbea296aee96fca7bb60308bcdc08eed36bdc8a5b3126ed8be900577e60ec0f8b3d3014deec41ac650480e08dd3a425843b37fa5d1d621b5053ba4b2fc1804d407849a84e9eb5bfcf94f27c2a535e2756b8202ede1f18e81f65e3f7f51a064b401a4" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"384d6f43e7d77a381bc6bfbfbfe1a17aa35525bef01be8aaf6c488c46517d9b94380c73d3fb45a4f1b4d70375021c7df78eadb61df5d9efc6e08fe2d81ffa65df33667c23e3cc5c89893988f04be1d3634ced443":"":"a0271fd2552e037568cc857a60a550db050680fc03904fce":"ec095cc9e3bc301071a901d0289b54aefc796bffad6fda8e":"aca2571a9cf6bcd10429e146e6e94d1ae43a00db28bee2b60eb6a1bc1cde3d452dd6e04617aae7a3f813feaddc0f8fd25890004607f45ec995df970e1a3abb17b416bdbf62b6ba5625a80cb100e2b87260a73ffe15d9e6f24abfe9e6f9ba66bdfbfe71380d832418e2a4b460dd7415f4" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"98c8df867d234553e504fcdf807fb8bba51d23ac65dd8b160943bd45181764cf6df0049cad23e6aca490db57d12dc6c631604c943f153927d6d04af042e1da1b225eb8bdf4ee99dd405e3586acf8e44bb0184d68":"":"3338baea79c06f0d48ec2d47004e61c1c1e5056bf8bbecd3":"79007bfce109a682b746df074e87c845eebd665532867fa2":"ba7040193e38c4495971827fb1ddb747ea80cd0bb1fd6aaabf85ec1959c29eba8f818ef55aadadc8c34b6a7c00f210a899092b9704f2e03abf3e5e8fe6d127cac0436441d0a6f1b02a00e5fe948539c66a8c78e70f35cfeb600e1cc68c06553f47ca053b64a0534a028a73d0890034fe" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"6150b7280b3105b86b66c2a39a1f0461cfbce17e746791afb241b298741454e174650ab1e7f08500bd7eb096e40d8114e5a60668636b6ff66d2622154b7d239eaefc9ab2aa3351eda2af4fe51de36e22e70235fb":"":"6ece8aa447d2cf51d8497e303c1a202e39e06bd723c847b7":"21d890666d2c8ce4440bb453f4284c3928650f8cf38576d7":"7554b8cc8e79330ae55575f9157cd10d8eeb58af30eeebe9daa021f4b55ce365fbdf3629be7547a89c78bb9df79d35179e5d2924aa032e60d5a00281f19ee2255c17a69345ed86bf36ecfd694be0405c8b6c077b43a8c8bbea603ddc632a1aea6771a6bc117dbdc365e2714bdaa8b377" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"cb25eef7230ac2da249fe30ea94d3a3332147022bb2207aab4a50822b1564c24a047ebb46d57f45f6680f909629b43129876c75381e3b7c6d06887f68083fc423f06ecba159a90edd394cc0ca9473e9cd0f23c89":"":"2f30b005ea5d5965439bf15220b1c010e6c79306e700e6fe":"9937bf3edb3603cbbe190f3616b021fad652011854e6f6d0":"040a30b82981f71e4607c20c1f2d6e6854824c90b127517f65b6c7da99fd33dee32dc52bd0dbe902509c50492a88e5963b2b6e27d046334b356e5909f85763af2de70e93a89d6a00e2ef81ddd74f4a33d3f8406d05b383fda569a5a574fb5e3c0c86a5096e94174b79b2a4eadebccc2c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1d7dbe4e83913bad3fa918262ab0f45cdb9e4e61667694f361ddecace06bf352b18dfab4c32bff9a013d3b92a2da8ed698168155ddc492f8ad5d65cda8eed212793cd9aec8acde7e00f952bb5d00c53c5c181e89":"":"f9c51ff8f264cae722734502f6799e4fc5bee773d31e3e31":"6a171a0a8801017a1d924f80fc5d9d6592b8b28a342f30de":"425024bd1d1a66d4527a3e8a8307b3206923bc1d693f5b7f9017f0d5527cd6591016758794ac89e2f682cb2d66f8d28f9a2f5ae2974a75f4d0de17dcd02e93bf29c69175fceba262378bafbe3eb7e3dabe974889306d0a2ebd0ad9d934c37b1ad89ac1fc28493e6b1f6f24620e40eaf7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a6887fe41ed5a615eb030b31b86315d32d13dd5ad506566ea23ea3b162b8dd621129736c8dde31708a7fa4a4c606dc212b3440617111e94a5c6722c3a729d84d2e5858c23ba8bb249456a11d63dba9d4260a7213":"":"a52036daa8172111e89c8991ca818bdd711095a1602f2f15":"cba427a2b7bb64002e1da3159d643e002516bed279e0d442":"cf0f5881032606c21a8ea20adba6a72e176e968f10b08ab6d08f997b24fc2a24f2c5d44d1b99deb7db4f388dc8ac268f966a34c857cc5f43efc601674bc548ffeaee1c13415df6d0240835832cb75840b60711cb636f509dd9b87b698615959688e9afeffa50671ada05faa564c87ad5" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a563459889ca29b711086adfbf18f284fdd18601ff69916af1ce47510d33f205d4dcd0080f9dfedb2bc1e2e60fa0b9cae094102bc7a705cc223279e0fc3b0020b4facafc2b31b9bca92382f3810d5a4e3ef626a9":"":"5fc83f1f6dc0ad454bbacf2df366c803cc1d2fd46bf78d32":"1a9654667cfd6ad0aad9383be04ec1480a494262b3fee823":"cb45ce96a973728bdade51f91004ac09e155173769063b3fb4712493d8877f088127a3492588e99fef648a101cf1c238fdefd798dd4928b5bb3a851eed693f37d67360a28a2b27c4406e9ddefdffba662529b91a980bbe4eb381cf9734b336e2b64e7482e0328c2e2bf81e39edc30d97" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"886d098731abf3140d512e0d348a384d25372667fe7e4f0ce713b1d2eca7b2ad939b25af03f78edad75bf0ab95b4110710d0e12e714e03f7df35db59fc4ef2906cf36c6c8897b802200a83e60d16f7fb064abd2a":"":"a4f42d83a492db3fc053d1275c6f264706fa932955c3da62":"4505c0664e59bb4388020470838bb098c4ae1338c268adf2":"4f9c3c60ee32042735cc539b9a23d04c2bc6bcd68db04a58240305f165bccebbb98e0f4796b283a0d78bdaccfcc8daf19f21a72945be07996bbb0b606643c7753f76ee6371292d3e681468b714e16bc32db14ad6d777677137ebd3731186ea72b840b8c4ae79ecb2c61352ea056d2d6a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a26af93571ba84b58e14e921a6bada73083ec17f21580a152703e1741392fc9ce6046f77d6eda5000f3225ef28425e30cec138a16b0ebd885fef074c6da2a7b126fcd1f056e3a5fd5627368c63681cc10fbf750b":"0627d10b1e5b4f0fff96d0c7e684deb9fb6a4e48959dbc29":"":"":"98d6bc7ec7cd72da4c750d9173518a9a17120fe9af10cd1a7d872fac505d9276c551b821a868cb8b4d8b10eb3b05845827717d2975814b5080a2f4aa50c5b112bd01b8652f2d1b56a88c6c891db5f3f40d1d1f0648d84e6ce2138c2c879884eb4847856198579eac759a065a5d384c46" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5fd08930ba404d13a7275227660869e7eff10e103548e6ea15f0816ea93b649f6aba408ac710c49eaddea0b4d1e219577e6f6ba4f193386228f6fdf9cdcc50d5bdcf6d1f249e9cae0a097bb341e2ba3581a3f2ca":"7a463958302109d5fb9fef1a232b5aea13ba58a60b70911c":"":"":"a1a5c9d90f9340c807efa2068c6a0b872a4ad51a7cf90e14b4797dd894361712fc9507bd61d8ba984ecf1345fa3cbcf3031e2bc4302354cdf3f615c3a1bf43f60a464698e250726c37a7a9a23e1ff7e8d96df03957e3a0b5e6c4c4fdbdcff487e467b12dbc21e07eb8a7c4cd7f779912" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"625d6a509ec43c55bbec45b4244fa0bce24c74cc270851f2d32e4bb4f1961476af40088b5ea81f7a86efba78abdfb50be09e1a68851899e0e9acd95f77f16e8b0aea5a9bf29bc1a18d32158cf69c794f3f47fe61":"bcfa259c919f6e56c77914a272959cda6d2cafeaff87d91b":"":"":"b5bc1f03099547ce1a359bede1f9f3b76b38e8b9cc781fb3909899144f4d0a4ba93272552bfb0ddcda51165d0ca3eae47d10961a62692bd9edf2a9339c8ad14469f1834eee3c3fc1074cb1493054f84273e4adc73e5eec6cba284c5b7fd8005f10cb67b0fe16ae0b4ff30d50ca245c5d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"bc0c83de31217ff6b22c719de8c6653fcbd8aff7925f04624c76f586ed3bab324b64fa8a1ec14efa8d8d0b41eb6735d517f6c647ef8bedf3036a6ca90fa1d2c528722de33f76f7375711b6b4127b86fe096e72cd":"d7ef6b5dd09c08437313871078ac730c2f85a5abae6d6e24":"":"":"6d415afc0151c3cb426eb3b90c209feb726c01e28785678bb0b8d9143d4b7f31ae07e384816072e2df31350b133a8f4e3ee18f04b154d194513d9b072a695e52bf03eeb4c9a1df85dd6ef98d2453dc39390bc3a17f3ce499d9b182c89d0591dc3dbdb7aecb626b07f0ad2737bf8200b2" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"caca2b8631502fbd8bec33e89066e77b97a57b09d21a92dcc7b65897e50d7a312f287932c529f6a6fd8be6fad5c467f6c15f9bc0f39653a6e4963c0d4c4baa9d6ad39f4ad2a1d6587377ec3898e63e02cc0c454f":"33691da7461d3355659c4ca927b4d3e3bbfd8e775b535538":"":"":"89abe8e656667299705c4c8b208f0fc400897397d15aa3574cf86c0a6415dd30ac5d7d8bc629d8ba52e6e5af63818475874266e98a43ab5d3085d2856950e8d487ea22e01f9ab7fe1862be1fdb9a97cc24eb9ad05beebb202716607e8b164cf63cacb92504e80e68e641af71ad6ee47d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5d97de97d6f81a858ad6ae0262e58169b27c25adfc2bff506854e6bfd37f3a4d8c4b46cd78d0a76b0dc67e0d3f90fb04c2131bc31239defc8eabe9be0fc589a554a4b77fa79c64c03bbf87a32031530d99bbe397":"a0d8be30a0972002f21ce2d7cf3c8e84907c638e0093354d":"":"":"67536d7352a49a1a49110a1dc1b77dd1924be34123e027aea0ba6064ae0aa051d4470ccbf923e0c96c86f2d440f17f45b67c4c7785a6f5006bf0cadc13269540b2c59bb75f642e9668feb601fc60c18b94d65ebea0dfe5fb284e003a58837f9e9e120481ec2ba972c755c6a9134af683" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9ca7149b0c5ccb7a0f7ec5399c644dba98c418373460c59978d91db57ff714897ee71caf459c1dc164655140810992fa6cbbb708ba2e61053d5866ba6a1bbdbc639fd21be4383beb4a4d370e86d0e9739ef849ae":"2ade2ffc19de7fc94767193223aa1fb3461cb29d970c8f05":"":"":"b39d6db529fbb3c6a90d6b7057759c26a9fa26024d2b65e3bf459881ff0f88a5b93b87e0779635022cea81db313329b61613742cc82b52fff1a2e6e24ae0eebc0917d5e4573466e4aee3f0ee0053445566eaa080c3e701bc35d40ce5105b4b6572baa7b4c84a16e4aab501e6ef670164" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"cc751171d828dba023f430b3f5a7134f733f4cc1ec76495e98a6dc2a627d97924716d7e6b043cf15c62ce8da1dda2a930c88d6d4d12ca992a501f773dff5d38e42f150f1c55ee358aba1e73cbebf465baf9fd0a6":"4ba50a75424970526022c7351831c58ee75f1e3aa0c47749":"":"":"8b387e55b9c10d0cc336f5445755c0b6dbe971bf69a04682b21c9303a66e093b7dccf33fc685765c6d2bcfa3020892ed09ce6ea3e3355b3bc16741f34d40b5c96bb085c1574801d14b4f71c97cf64e75dcc330fafa1d1e626822609a9af62c894dbdd56307ccf1ebbb7ec09d500096aa" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1f2ccd29bc38e8364a4beb0e89984b88d61dcd31d48e310ae691c0e146f495b9d8cf443ed12f3ad2da7c59c2a2f6b8df4e0202414791e106c1f879879b7a46ac207f45b5fed69c38309adf15dfd0dd75742c0df0":"e0c49aee71c4c060aac1bab1f438f9e2b0c96d710ebfef77":"":"":"593677f65ca4339c0dd8b1ae9278cc49adaef1cf889760b4631a379d82bc25123dfd2e1436d0b6b890d4155e3236fc1e2cef67d8bc0454099051e220d6925b37c47408fdacdfd54cab7be70f8b3b3dfc5a86f181dd559ff7182f225f7de87dd8bd69143be270ce76d2562c6e01ba4c4e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"f1bee9caecfd0397a6cd76f356ecacf1053981c64d315db4a51a244fe3b22ef997392f65dc13cf30f5b8f5edb7f8f55863a30156722536d02440e5f06e503795d2401775a560685f2ad3c98aaaa22726cd6ec45a":"9d42670ea4113ae02302cdcc660b497f3ffb19b9aca8babf":"":"":"78f31a24cda43acfbc4db7f17c57805a4b53353d668596247358b47e8f8deeaca312a7f9ce78832bc1da2d6b3727fcb847ca4feb1695a2edfd2ab24c486da125be1c1af4f78b749afdb57f97b4a8b892fd87228f116ba10fa739059581256de4fb865d1115c58284cb9850a24e5b7615" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"17b3146ea3ac1afdca446275f3b7539a517766b90e2da2c4c85db4802943efcd8009a9ffdd054440da16edb641a050fce3f3cab3d5f03d550111daeaa8841a9c814def76eec9c4e910788c710562428a39cd0987":"f3831c1bc859fad452a76ce513575a23e8b790c90de4575c":"":"":"c6c85936cd52b5271a6e70410e0b9d960d76f3236b548cfd4fea26504ca8a78e58ee914c6cf248f30d7ee3547eedd3a4d9869b15e326c911aaecb7f0c221f8eb9208a9b355e4b1cc7926380d25bb776f3e89904943b3fdf306012fc95d06b3b7c44ef55c9eee675150b332e2181f2a32" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"fabe526177dcd476be9950233ec56f9122a9b083e589c9264add302d4768c06020cf53e7708bc728582360cbf06a18de38e3da2642dd6751aa686dbf11734bd75a422571c9f2420915d7d79d9efea870e72d262d":"ba5858340e6a82b2ecfe1190215bd8da995ee8ef572eed8b":"":"":"10260dfc2f2322f530192e96a2396694dead62f9b206137108666cd199939184503da75598f54a89dff885a9856140b56687347c2c066a1593bfe02b8bd2cd93e939c424b33683a13678ba5f34df3f2f5f50b2a708d1d5a04683db00a607e2f80e5feb20086e3d64294e9732b0776c51" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b7c9a1d221fe10552bb0b799e18d12cffd1f76d6a1e6dc79a36584ac7e13c355b9323d0ef2f97fc2d8a26e6c37209a485963788aeab084e923a3794c63713c2ee288ba3a99f2d407adfc1b87ba64fcc5a7f98e4e":"e563f8c8318862c7117af8946823e8570ebc64b3de1b293e":"":"":"100c460c12e5ab12a72bd4351f7b608f5578060b262f21d735fe79d13c942035a76f001adfd39fe93caa22b6274bec282e640469d3f454d108991a1b73d8acb3d392732fc24cafb15fbe248441462bb2c1278883610ba28486ef82ec2ff3d20eb9601866c7dc4eaf44cdd73e5b5ac14f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"78e5d4818964d748282fa8dd386ea9c920c4fc5ddb9d2204a3f6285082b8065dd3944ce193722e973f8300783e37991e6c4a6286a1a0fe3703dd78ae951c88a0ce47b1a23d91e0926358221713670a78732d5470":"fa058586d35f0d74d2c473e005e7f8ddc33a1f6d5bc79d75":"":"":"6b603b098ca74b7fcf3c8f9b42dde5b3b51e84cab4f67f4d87bc6575ad4fa3f1e0ee27085f88e2a5ecf4f57f9ba92638e52941535806d2cd1b5aeb5b7c81b3d44d41cf5b8073b646a9cc1b0a9f7e183b082e9f2270acd928623e8a46b46257e1b827e8b88b55c88a3a3a067cfcb9b2b0" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"50241739e3f08c910baea7f9ba481511b6ee5d69bb1a2dd34f3987a231cc25f39a1a966390e391a33dc21281372589e2a667cdbbe4267710d5244fd342c959b7272b39e5cdf67701d47665b61782541e94aa224f":"6a7d2f2dcfcae8a284802c97d77917e87c6cf8417c2b16bd":"":"":"4402afee12048c1c6a44624d2df026798930ec732884899ffd20d17f1c8d7c221cf5edac8679a21ee11b177ecfd61927d4ccbb175ee6b49cc6f371450904c2666aaf2e6cb36cd55cae3af772beb80955cf67b4e8be1fce11250a39693ecb7f8ac05aa23b949ac74bc9a67060cd60cc77" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"c3005cdc5c5b7b25ed78c9684f3faf6278f9a9c5a9fb202014a29882e50b21e56ec8b7947fe871daec2626f32372123f44a8721ff4339e0a20f978ea27609eb495c2342e9ba719bbd2b44ff503db2322ada1c982":"c4506109937e0f9352fc881b0396b0a103626a15addfe525":"6ee49c76d138eaa3fc10cf411e0b8ad5488d77f74faacf13":"8825122b506dd6f3a58811fe6c9a7e9271a6e68dcdd590e2":"e818887ca1c84717e277baf00913d65ed58a8f90b8728080a03043bb2ab53f55fa605ba0cfab29b4cb694f6aae6594dedcbe6f74e1f7573c2944f3703b89a52789b0170077ea8e66d8299ba5cc139943ab96254065a27abca2098a85162fb01d294d8671b00206b7f784319384e01b3d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9bf2ab19aa7e9ffc3461522f3cf85b3292b54bd3e1099a42dd6f5349d169d59a152b2dce675874b665fcff802260ea84b358f6fcf8011b511834e8447a73c1f675b7598d836dc9fbf40f1dd0f481f47f95f3ef4d":"38d7a2109c6fad9205abc22b9ff705b7f671c4bde5b662d4":"b46e928cb59eac0cbed65645767e96fd824fa95cb96a1cd7":"532c8d3748205cfaa826fba7f240e9926cd3811da8fd1a5a":"bc367839d1510316ac3ba17fb7bf633a6eb4b61dc0b03cf1cca564db8248ced0b47ccb36e730c0237b0812af30361b5dce662636b23f87d6ace82cd3e34d45a1133b35ff9b8bde8fb29fe82298820c0c87f0e30887ddb15c9644bfb12578f0878a710771ad22fe16935c66681378f5f8" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a3bfbed559c396b807ffa80409fc4e2c23ba952f64a41c07d3af5e5b78d8ef88171bd5022d3e02efefa644f4fddbe207e59397605a0408b0201f6a882def64d973c0714555d2c7e0a6fddf49558fd1328074ca79":"4c63bef79f71fa82168928619cd09b003aeb2ba2b04150d2":"c85bb368a82d57c70cd5ad6327187c8550f7c10380b2f030":"5d467e9c06ee058ca066dadd6f6ec6b0da59ecbaa4ddd12e":"1ce311c919c67e151b51ce3060384ca95c071a295f01e54349abaa2da8ef497ea1364454133d20f57da28985bfc6d1d2f58f84d144c85dbe3c9fd5e8958ce06f2f5ad5af7e16bf90ddb4a1e2947f78008467fcc38b5a082eb1612d68e36e3c0abfbfb3a321eef3754ac16c41f96bd635" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1b2c2419e85386716135b3c142d749f1f5bc23edbf8c0a1c53b72f474484c545761b21aeff05cdd35621d104ee393e791737c48c5a6e6b25b58c5c5be28ecf17c410c9c9c3c3aa2b6385f66759f31b61f9fe0286":"b69011f446e50880a15bb0dd00229f765bf77b2a40040109":"67eb63a168aad8712a0e7e0f162af7ac7893e902f1aa72cd":"23bb752e6232144630e3d3a6daaa1e58a5ca315f21fe1d8b":"cd8e6c6b8a1f7f98f5d796023fdd4f1da2d72eedb96a8e85cac661da24dd0a7810fa04be0491c69db7617712582b43ec4bf112d9e2932288f25b64fb7a2a09ac8747b8f71ce75e3c80b854336a0457b8013ec6dc1268b4c7e8f7d3422a4a5d432f8d9705d6a273a09b9f9273f4928c4f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"62d059e3ecb695167e93b3cfd77f96e681985ab5d68f15473a89f9cbc4012e1c090a5a9e65f738be938f44fd6cb157fd9b737d9389e4e56b6903d4d015f9d80d96336730fdf57787296d447ea91de7e686c7a81e":"d8f121b2bbdb8530c6315c63e0a52e383c163c033d3b0854":"830e2cab11331b761aed55db61681fffad3a61a1a06adfec":"c7783d7357ff30e88cfdbc90569daf03d3fec8caf89619ff":"e44c9b35d3b847a928748094ba6754d1c5de3cbe3d90d4e2bd0c0f19dc5aed7228c541044b2b14d7e67dcc148ab04abff7c22a8f1fdbec4d68ad24a7c4b0f0e507bd7f2b4845593363da484b481906fb7207844597238b9d40c14237004e275572aac6a6d84d151fa58abc0987e54e18" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"fcf3887b4505f7a1273ad5b32e064ff51682bca23ed974ca981871a5b7f63e5ceee58131f9a01fa7c37ab14150c9323a03f694e463496c4159eb8e5d3ebc62f41264beb93098a42a3dd406b983e1fb040d108f93":"9b3e97eed077155cf181829233868d27eb773c398575dfb2":"75a75a15c622e69eba698a064b0b41c8bc80ef803df0f29e":"7b6a20a222a81dfa6fd164def816c2b6708bd4c761b2bb8f":"0b3d501f728d2f1d8b0d7dffda0160157b30d0d97932315f77022d1a6fb30d9a0ee4383f2f63377ac6e57b16b0c7480a6f5dd12ed3ec0bc6f104a26c86592daa3f68a499570703306e2c2448e784b67cd6efdb4ae64a2e8ffa5929e74c95b663c9b7fe891633f07d7b50f5f16e9fe567" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"7a6a0774f2cb5ddce6b5242782fd3d7b5c7c7e31cb5fe95367c06f29a5488fa37feb34d689c646cdb162e258ad636a030ff74f6a7ff876417fb08f5c5decdcc98692538bebf9958c627ad8287633f98c587cdaec":"fb16aea72967c43b8803bcdd3e794911f6d53f2cb7946cee":"67d89947396322ca243e2c591a3adc8fd9f1ef448414fca8":"a0d568f4fce862e5e1b22acca29e60d7bc6cdcf6cc277794":"758b4685b0db1093eebde07ba11085a9dcab64c8d5adacda070fd2b292bec49240f25e158fc96cb1d0ecc9ebcccc360b981d140e3cdba54fc697313014450a9af29d9d55dcbc5bb9a38e4f10c6a3e41874d5c6688f22d0c5714301083cbbd0014880af0f7d088dabeb4e84a64f26d2b9" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"19bbbbfcb755cd9dc000abfc03343ef64193141c3d3f43120f55674616e3d96b6086adf47c906981923c98ef7dd0fbb2f7af0ecbbd2de848f2b25cba8651b7e3aeaa0c59b605e6d4710a01406565ea30d0c4f68d":"e77cce9d26d283bb5d6e8300ad0f69df723324d23928c6f7":"0586c76051462d0483071213804385d01a07bcb27db05e06":"1c9363d0b3e9f42b6c722b8d62f9c633066587577fe766e3":"6d458079264d5f3940d098aae092690b7d04cd46d6d5dde753063b7194118ab67d3848459156b8f0216d85b5c583a1bfc000e68111be459743175fd114253cc24db72ecc978ff8620301ecbf18f42fc4697d91150649a8254a9850d5c28f9c4e187e409e496e2a659b2e79c06074c5c9" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"c2b577bfd802b8f599ca14bdd5fe5003ee28ae69ca5c246df4f62d9e21a7793281c48f73ffea15f3c3d444ba48367fde04cdf6d62498b8afb24966a8662461015135cb55034a63571a032d3cd2c1e6cf4a6855ef":"f0de29d4530b4af75b8defe9b3b24dcb7ce0add4aed6f72d":"90ac05703a8e0c6057dd2d8b1a6f16f0059e7c70679919df":"16935f700de9fe529a2bbe811dccad430e27dbc60549c3e5":"56988f9328a91314e4b3ae027bc6f43a01fe471615f3a319afd9bb63f55b13e681ac0ae830d4d3057882fe247ca4decbb26af811282f59ee89ea38642e4ffad9bdfae44bcdbc3a289bf431e0bfc68148c12ced1853e698e74f74e24aa434937390fd41cb4e78f823a262900f2f44c1fa" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b5c4acc63ae5c68ca404bded2d36a391e8b2e9ef3b32eb598aa94fd6b5ede6c3d9c33ec77a195abb6f8cbcafb6c492a1d78f04439bdc442168d1eccc783d53a92e16b90ccbdb0284b383cb96af04e81728d1cda0":"b3e6df5e9ae10c63da4269de170550b92dde7c6e33af228e":"c9787b641b5c881dae53a69e2b3514ce2ea81e5879765bd1":"e4abedcfc4cc69da45467bf2bfb03d823abc19a746e3c582":"e14f46dcab0ba39965f170f01a07308090b051127685ada6601112aa236093f7a760530f856617d9e027c8279ef33d9fbc4b624ae26a277b9e6077ac71e2d2f101b84ebed007ddeddb4286aa4729cb3b28798387b757d8e99a7b6d2631601fe7ab4caad7983dede59b94f4c920ef1b29" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"7302ea40e214308136b8427e601ad61132d195f870f2a861c7b8ce1f686bf325a155d0aae1211401bb844893dba2909060c76cf9cda757d9e2cb24f5602fedf6a7412f49497c82866a8c9b56e2bbaf912f760255":"58efaa77c9bf446ce8d3f3ce73b7d1f014bdeffea2a2fdde":"68f9eab1893186d7e5cf3a8c37bf1c229344abdceecd9de5":"a0d3bf1de632fb19ca5326d936f79aafe59a0e809b13f10c":"f2c6a717ab10a9cc89f6d3a07bf6077fa33c2e5d67475ebcdd1b895fd0067941ed3fd8f251352403c2680df2319a882f39a91f8ccb7df2c06a13037f057962e23b8ea0654ef9bfc19b6ec982e539ea6afcd1145cee582d27b708691354b4c397a51d004c61687c1c9c948576009002ee" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"48ce334fcdeae603c54fc228461e7173681a8e8387e0c048c2acfdd6a78c955deb7dc25bea4e9924c4a2ae22d9fb6b227452addd0b6eda7769f9ceaaf2ca34568b3c198ebdcf5f6ed11f863097bd56f42d648862":"6bf4c173d264dce03e475fb3bde9fca2474877627bfb0c5d":"2a728f461ce1067dd38896002724b4967c1a9cfececd3437":"2b862cd7a94c1776b26022c27c0e4f2d199ccb782caae6dd":"07f80326ea781bd95efe729867d6c39465213bb698b5e486e6c5f27d3fac4fda3cfb7c831fe6291062d4db2aff59781efb4f4cf428236aad6a55111b969885a6b851d5462278d0863909a07796e5e0e8448fc0d674a4408cd9e91e98e3adcec2064ad37dcc566faa80149519f5ea261c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b23c748a9c9d206ed4ce6b8bacb6f7e17cacf5649ea8d1e1144a96e977a4cb22c0f37139c3eedbcc8b9024c6f21412f1600fcde1488f95744446df7b6e21a858224b9294a75829a014697cc4b363c3ad0e152ca6":"325bdbd8c14b766d4a7ff0e14128585b21af76de7ca30ff1":"2e002a406bb8090eae6c950944a4d6768c89d43cc0d8bd17":"4828622ff56d0867bbad03bac51b8c939a5dfa33a362b129":"58cebdf4676a21ded5eba4dd19452f5dec909c589751879ea4249a4c9fef834d85dcfc95ada82f7fba1476451774036246d7a496d4d427f37647ebc10fc2e1125b0b71da1fa5f1479c5681e9d7acc9b88b527390734d943bff6a76c4b22bb4f6ac331f7710b95f6806fa35a29a2fa35f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"606f388e8ae35faf979434656144370991e89b7457ca5b55d5bf2b48fe8cb64f549f48a812edbbb4cff895efb21c90eb26c1db239ed72da43504a1e09c56fe144f2d09242f2670dbe2561456d938352125b19131":"5e039f38d6f9a9c4ecc67158f40d3c8de61808fd7476fbf7":"21c7d976da71bcde51a3b4bc1b9a79cc6c4ca51ec992e479":"bac1c5904816c3040eb532622f127ac3e28cd78ba68404a9":"5f951dd774bc1a0818b249ffc51348bf1f36aa4b9d6a3348d36df84b5d3e824adcdf8b87ffecfec13fe36ca354625ae8db8a69722254c3f6e7027b866c529f9bed25360e0cee7ce41f996d50d224a08e965e0e5dd67a77142e2a3de0d559b9dae8919ad0387ba5fdef699e42016d7291" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"be16ca52551a6a0656c40539e3155eebbc416cbfe212101f8edc2f7118472907ae9b2b9574abe81257533115472610ab401d1ce1f8998884af43fa5776a59ae38c88631a066fa85d24dfc9b2547caae598cd0fa7":"ed000ad2e479513861014e8ff45a481a494af312d2dd5563":"feb295c74975f1e1c738988fc70b9d2603c7da93832154a1":"764705681b7781573af811fa7751dbc27d667af7a1e59dce":"ba4a0583d8d6c5b4216a0875cfad594485858dc7f9ef265d4ed0c0f0fbfcaaf5ae318df2d7fc530301813d9f49826030625f7ea02d0630b3573c486b1fa0ef4269cbfb6fb86675c11fb7c0570cf7ff4fc7affdb00625ac453c23c229a4ea5f540c66f031ab3462f7d12659eec990501f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-256, 0, 0) #0 diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index abd8e55d9..0febabb91 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -26,7 +26,7 @@ depends_on:MBEDTLS_SHA1_C md_info:MBEDTLS_MD_SHA1:"SHA1":20 Information on SHA224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_info:MBEDTLS_MD_SHA224:"SHA224":28 Information on SHA256 @@ -582,31 +582,31 @@ depends_on:MBEDTLS_SHA1_C mbedtls_md_hmac:"SHA1":10:"1287e1565a57b547":"390ffdccc6171c11568d85b8f913e019bf4cd982ca9cd21ea730d41bdf3fcc0bc88ff48ba13a8f23deb2d96ec1033e7b2a58ca72b0c1e17bf03330db25d1e360fa6918009c4294bd1215b5ccd159a8f58bc3dc3d490eb7c3b9f887e8c98dbbb274a75373dcb695a59abd0219529d88518a96f92abc0bbcbda985c388f1fbbcc9":"d78ddf08077c7d9e2ba6" generic HMAC-SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"e055eb756697ee573fd3214811a9f7fa":"3875847012ee42fe54a0027bdf38cca7021b83a2ed0503af69ef6c37c637bc1114fba40096c5947d736e19b7af3c68d95a4e3b8b073adbbb80f47e9db8f2d4f0018ddd847fabfdf9dd9b52c93e40458977725f6b7ba15f0816bb895cdf50401268f5d702b7e6a5f9faef57b8768c8a3fc14f9a4b3182b41d940e337d219b29ff":"40a453133361cc48da11baf616ee" generic HMAC-SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"88e5258b55b1623385eb9632fa7c57d6":"ada76bb604be14326551701cf30e48a65eee80b44f0b9d4a07b1844543b7844a621097fdc99de57387458ae9354899b620d0617eabcaefa9eef3d413a33628054335ce656c26fa2986e0f111a6351096b283101ec7868871d770b370973c7405983f9756b3005a3eab492cfd0e7eb42e5c2e15fa6be8718c0a50acc4e5717230":"81c783af538015cef3c60095df53" generic HMAC-SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"85d402d822114d31abf75526e2538705":"8020d8d98cc2e2298b32879c51c751e1dd5558fe2eabb8f158604297d6d072ce2261a1d6830b7cfe2617b57c7126f99c9476211d6161acd75d266da217ec8174b80484c9dc6f0448a0a036a3fc82e8bf54bdb71549368258d5d41f57978a4c266b92e8783ef66350215573d99be4089144b383ad8f3222bae8f3bf80ffb1bb2b":"2aa0340ac9deafe3be38129daca0" generic HMAC-SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"545c6eecc5ee46fa17c59f91a94f81ae":"8fb7f3565593170152ddb2021874784e951977cfdd22f8b72a72a61320a8f2a35697b5e913f717805559b1af1861ee3ed42fb788481e4fd276b17bdbefcae7b4501dc5d20de5b7626dd5efdcd65294db4bdf682c33d9a9255c6435383fa5f1c886326a3acbc6bd50a33ab5b2dbb034ce0112d4e226bbcd57e3731a519aa1d784":"3eb566eac54c4a3a9ef092469f24" generic HMAC-SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"4466ab4dc438841a9750c7f173dff02e":"2534c11c78c99cffaec8f722f04adc7045c7324d58ce98e37cfa94b6ed21ed7f58ce55379ef24b72d6d640ee9154f96c614734be9c408e225d7ba4cecc1179cc9f6e1808e1067aa8f244a99bd0c3267594c1887a40d167f8b7cf78db0d19f97b01fc50b8c86def490dfa7a5135002c33e71d77a8cce8ea0f93e0580439a33733":"59f44a9bbed4875b892d22d6b5ab" generic HMAC-SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":28:"0e3dd9bb5e4cf0f09a4c11600af56d8d":"f4589fa76c328ea25cf8bae582026ba40a59d45a546ff31cf80eb826088f69bb954c452c74586836416dee90a5255bc5d56d3b405b3705a5197045688b32fa984c3a3dfbdc9c2460a0b5e6312a624048bb6f170306535e9b371a3ab134a2642a230ad03d2c688cca80baeaee9a20e1d4c548b1cede29c6a45bf4df2c8c476f1a":"12175b93e3da4c58217145e4dc0a1cf142fab9319bb501e037b350ba" generic HMAC-SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":28:"cda5187b0c5dcb0f8e5a8beed2306584":"9011ae29b44c49b347487ce972965f16ade3c15be0856ce9c853a9739dba07e4f20d594ddc1dfe21560a65a4e458cfa17745575b915a30c7a9412ff8d1d689db9680dd2428c27588bb0dc92d2cd9445fe8f44b840a197c52c3c4333fff45533945134398df6436513cfab06c924046b8c795a5bd92e8d5f2de85bf306f2eed67":"4aaba92b40e2a600feab176eb9b292d814864195c03342aad6f67f08" generic HMAC-SHA-256 Test Vector NIST CAVS #1 @@ -726,31 +726,31 @@ depends_on:MBEDTLS_SHA1_C md_hmac_multi:"SHA1":10:"1287e1565a57b547":"390ffdccc6171c11568d85b8f913e019bf4cd982ca9cd21ea730d41bdf3fcc0bc88ff48ba13a8f23deb2d96ec1033e7b2a58ca72b0c1e17bf03330db25d1e360fa6918009c4294bd1215b5ccd159a8f58bc3dc3d490eb7c3b9f887e8c98dbbb274a75373dcb695a59abd0219529d88518a96f92abc0bbcbda985c388f1fbbcc9":"d78ddf08077c7d9e2ba6" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"e055eb756697ee573fd3214811a9f7fa":"3875847012ee42fe54a0027bdf38cca7021b83a2ed0503af69ef6c37c637bc1114fba40096c5947d736e19b7af3c68d95a4e3b8b073adbbb80f47e9db8f2d4f0018ddd847fabfdf9dd9b52c93e40458977725f6b7ba15f0816bb895cdf50401268f5d702b7e6a5f9faef57b8768c8a3fc14f9a4b3182b41d940e337d219b29ff":"40a453133361cc48da11baf616ee" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"88e5258b55b1623385eb9632fa7c57d6":"ada76bb604be14326551701cf30e48a65eee80b44f0b9d4a07b1844543b7844a621097fdc99de57387458ae9354899b620d0617eabcaefa9eef3d413a33628054335ce656c26fa2986e0f111a6351096b283101ec7868871d770b370973c7405983f9756b3005a3eab492cfd0e7eb42e5c2e15fa6be8718c0a50acc4e5717230":"81c783af538015cef3c60095df53" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"85d402d822114d31abf75526e2538705":"8020d8d98cc2e2298b32879c51c751e1dd5558fe2eabb8f158604297d6d072ce2261a1d6830b7cfe2617b57c7126f99c9476211d6161acd75d266da217ec8174b80484c9dc6f0448a0a036a3fc82e8bf54bdb71549368258d5d41f57978a4c266b92e8783ef66350215573d99be4089144b383ad8f3222bae8f3bf80ffb1bb2b":"2aa0340ac9deafe3be38129daca0" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"545c6eecc5ee46fa17c59f91a94f81ae":"8fb7f3565593170152ddb2021874784e951977cfdd22f8b72a72a61320a8f2a35697b5e913f717805559b1af1861ee3ed42fb788481e4fd276b17bdbefcae7b4501dc5d20de5b7626dd5efdcd65294db4bdf682c33d9a9255c6435383fa5f1c886326a3acbc6bd50a33ab5b2dbb034ce0112d4e226bbcd57e3731a519aa1d784":"3eb566eac54c4a3a9ef092469f24" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"4466ab4dc438841a9750c7f173dff02e":"2534c11c78c99cffaec8f722f04adc7045c7324d58ce98e37cfa94b6ed21ed7f58ce55379ef24b72d6d640ee9154f96c614734be9c408e225d7ba4cecc1179cc9f6e1808e1067aa8f244a99bd0c3267594c1887a40d167f8b7cf78db0d19f97b01fc50b8c86def490dfa7a5135002c33e71d77a8cce8ea0f93e0580439a33733":"59f44a9bbed4875b892d22d6b5ab" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":28:"0e3dd9bb5e4cf0f09a4c11600af56d8d":"f4589fa76c328ea25cf8bae582026ba40a59d45a546ff31cf80eb826088f69bb954c452c74586836416dee90a5255bc5d56d3b405b3705a5197045688b32fa984c3a3dfbdc9c2460a0b5e6312a624048bb6f170306535e9b371a3ab134a2642a230ad03d2c688cca80baeaee9a20e1d4c548b1cede29c6a45bf4df2c8c476f1a":"12175b93e3da4c58217145e4dc0a1cf142fab9319bb501e037b350ba" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":28:"cda5187b0c5dcb0f8e5a8beed2306584":"9011ae29b44c49b347487ce972965f16ade3c15be0856ce9c853a9739dba07e4f20d594ddc1dfe21560a65a4e458cfa17745575b915a30c7a9412ff8d1d689db9680dd2428c27588bb0dc92d2cd9445fe8f44b840a197c52c3c4333fff45533945134398df6436513cfab06c924046b8c795a5bd92e8d5f2de85bf306f2eed67":"4aaba92b40e2a600feab176eb9b292d814864195c03342aad6f67f08" generic multi step HMAC-SHA-256 Test Vector NIST CAVS #1 @@ -866,31 +866,31 @@ depends_on:MBEDTLS_SHA1_C md_hex:"SHA1":"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" generic SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5" generic SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e" generic SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede" generic SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d" generic SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713" generic SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe" generic SHA-256 Test Vector NIST CAVS #1 @@ -1026,31 +1026,31 @@ depends_on:MBEDTLS_SHA1_C md_hex_multi:"SHA1":"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" generic multi step SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic multi step SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5" generic multi step SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e" generic multi step SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede" generic multi step SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d" generic multi step SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713" generic multi step SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe" generic multi step SHA-256 Test Vector NIST CAVS #1 @@ -1162,19 +1162,19 @@ depends_on:MBEDTLS_SHA1_C mbedtls_md_file:"SHA1":"data_files/hash_file_4":"da39a3ee5e6b4b0d3255bfef95601890afd80709" generic SHA-224 Hash file #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_file:"SHA224":"data_files/hash_file_1":"8606da018870f0c16834a21bc3385704cb1683b9dbab04c5ddb90a48" generic SHA-224 Hash file #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_file:"SHA224":"data_files/hash_file_2":"733b2ab97b6f63f2e29b9a2089756d81e14c93fe4cc9615c0d5e8a03" generic SHA-224 Hash file #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_file:"SHA224":"data_files/hash_file_3":"e1df95867580e2cc2100e9565bf9c2e42c24fe5250c19efe33d1c4fe" generic SHA-224 Hash file #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_file:"SHA224":"data_files/hash_file_4":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic SHA-256 Hash file #1 diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index f3c421d0f..e87b4ae71 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -19,23 +19,23 @@ depends_on:MBEDTLS_SHA1_C pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3" PBKDF2 Python hashlib Test Vector #1 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":1:20:"3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e" PBKDF2 Python hashlib Test Vector #2 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":2:20:"93200ffa96c5776d38fa10abdf8f5bfc0054b971" PBKDF2 Python hashlib Test Vector #3 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":4096:20:"218c453bf90635bd0a21a75d172703ff6108ef60" PBKDF2 Python hashlib Test Vector #5 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"056c4ba438ded91fc14e0594e6f52b87e1f3690c0dc0fbc057" PBKDF2 Python hashlib Test Vector #6 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"7061737300776f7264":"7361006c74":4096:16:"9b4011b641f40a2a500a31d4a392d15c" PBKDF2 RFC 7914 Sec 11 Test Vector #1 (SHA256) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index bb26e4e9c..d29a35c0b 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -363,147 +363,147 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 953b1ff92..3b3b04f46 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -15,7 +15,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 RSA PKCS1 Verify v1.5 CAVS #4 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"867ac26e11a13b7ac34a42a1e177648692861226effb55bb597fbde10f299bf7fffd6fc8ddb2a46a73b97b67387a461b23e1d65dc119366286979add615b926b9272832fc0c058b946fc752dcffceca12233f4c63f7897cbaa08aa7e07cf02b5e7e3e5ece252bf2fe61d163bce84c0e0368454a98e9fdebf6edbd70b290d549b":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"3bb7b1c5f3391de4549e2e96fd33afa4d647dd90e321d9d576f3808e32213e948b697ef4fd2dd12923de6ec3ffd625078a57f86af38dc07052bb50547c616ed51fa1352b3ab66788408168d21263ef2d3388d567d2ce8cf674f45491ab2b0319d47be1266bda39e343b2a38ea2d6aaaee6c4465aee1d7bb33e93a1c40a8e3ae4":0 RSA PKCS1 Verify v1.5 CAVS #5 @@ -44,7 +44,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"55013a489e09b6553262aab59fb041b49437b86d52876f8e5d5e405b77ca0ff6ce8ea2dd75c7b3b411cf4445d56233c5b0ff0e58c49128d81b4fedd295e172d225c451e13defb34b87b7aea6d6f0d20f5c55feb71d2a789fa31f3d9ff47896adc16bec5ce0c9dda3fde190e08ca2451c01ff3091449887695f96dac97ad6a30e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"10001":"dd82b7be791c454fbbf6f1de47cbe585a687e4e8bbae0b6e2a77f8ca4efd06d71498f9a74b931bd59c377e71daf708a624c51303f377006c676487bad57f7067b09b7bb94a6189119ab8cf7321c321b2dc7df565bfbec833a28b86625fb5fd6a035d4ed79ff0f9aee9fa78935eec65069439ee449d7f5249cdae6fdd6d8c2a63":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #11 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"f4a990b8d434a5914340c0ca3ca4e4a70856c55e13e938c1f854e91cdef54c6107d6d682a62e6c1ff12b1c6178ee0b26b5d8ae5ee4043db4151465727f313e9e174d7c6961abe9cb86a21367a89e41b47267ac5ef3a6eceaaca5b19ae756b3904b97ec35aeb404dc2a2d0da373ba709a678d2728e7d72daae68d335cbf6c957d":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"10001":"d8ef7bdc0f111b1249d5ad6515b6fe37f2ff327f493832f1385c10e975c07b0266497716fcb84f5039cd60f5a050614fde27f354a6c45e8a7d74f9821e2f301500ac1953feafeb9d98cf88d2c928413f337813135c66abfc3dc7a4d80655d925bf96f21872ca2b3a2684b976ca768fe37feae20a69eeec3cc8f1de0db34b3462":0 RSA PKCS1 Verify v1.5 CAVS #12 @@ -64,7 +64,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"224ecd3b630581da948216366c741015a9723c5ea43de67e28454d0a846f54a6df167a25cc500cf21f729aaefed6a71a3bdba438e12e20ad0c48396afe38568b70a3187f26098d6ac649a7c7ea68ed52748e7125225102216236a28f67753b077cfd8d9198b86b0b331027cb59b24b85fd92896e8f2ff5a1d11872c2e6af6ae2":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"3":"1f7938b20a9cd8bb8ca26bad9e79ea92373174203f3ab212a06de34a9a3e14e102d19a8878c28a2fc8083a97c06b19c1ae62678289d5d071a904aed1d364655d9e2d16480a6fd18f4c8edf204844a34d573b1b988b82d495caefd9298c1635083e196a11f4a7df6a7e3cc4db7b9642e7682d22ec7038c3bad791e1365fe8836976092460e6df749dc032baf1e026684f55936beb9369845c53c3d217941c1f8d8f54a32333a4c049c3f2d527125778032f5d390040d1d4cce83dc353ce250152":0 RSA PKCS1 Verify v1.5 CAVS #16 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"6ecc722d233dad1aca45e6bc3e1a0b99fb1f89c0ec63bc657e6aaacbf931f267106cff42b712819f341b1ede798964a0b1a5032c198b391111e88d0d7303c02e23fa0137e74e604579a285b2dbc0a23aebdda65c371eb403125bd366e822e72dceffe0d55dfa3155c16283020dc9abb0d150da1aef251484aa49e49e00974dac":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"3":"339dce3a1937669d9fb14c4f652378861fd5adc4da88eaf833b16020b55a24ddc83b7ae3395a9a49b426bb9a4170cb765b02652faa9594b457aeefdae4f802e93d8e65c687ddc723701465a5ef19249ed5d2617b5121c58557b34eb99a663bbcf4453a6e1db5d88723de449fcf58ca8ef514daf08cfdc71be155bb3d0724df0c0a6fd5aa7737433cc376640b9b8b4c7ddd09776bae0245729cddb56e36f28edad6aecaed0821ec8d843a96348e722bf0a84cf060a793a2179f054138f907d0c3":0 RSA PKCS1 Verify v1.5 CAVS #17 @@ -88,11 +88,11 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"ac58fd024208d7f045d81a56cd55aad40ab86b0d216ab55136c7027aca23ea13480a52c0dacce0d98139b25965aa4ff76a41dd92037195d24bc0750d52cb3467b48b7b3e71d852c5f82bd9ee85a8388ead5cd8bc38c3d4792e8daa9734a137d31963e245ad3217fad235f7dfd5584de0fe91c4526568588e08b60bdf1badd99f":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"a142b0d9456f8f4772675265a08613a66c416bd1ae712975c69d9ca5fb8c1be9c24359a04fd15460bf6136a8a11f13e3ce2de2171524f10cb715f0d71e3db15281ab99eadbe86cf8c5c518162c638ef27a4f7bfb4a1a3873f3c384a5b1c3b4966c837b9d8d192ac34e03943b7ae191355aa1ff3b9cd041bb2668f1f81cf0d015b3d3608cd9ac79398212c0f132f1bd45d47768b999fcf3c05fe2069593ceecedc851a7fc465abcfef0fabba9b9460153f6ba8723a5c6e766c83a446aef3ee327":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #22 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"027f767928a5821e2723d6f36c43e6b498b6f0b381852571794a096bd49f1c36a4d7bacec7ec402c24b970163169173bb930ec7fdc39bc9457dfc4ca051f5f28a64de1bbe007c22e8368ff9b117dbda17efd2fb73434bbbf5a4158df56813b8c904bb2e779de504dcd974a291568210d6f85810291606a1c0cd88d51ceadf98a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"0676e64daaa18f4af46e9dfbe234db389b8a527b0fe1db97eb7f404e3155226cba70d318800f83160fa1aa19916e5c09f079331079f18cb8ab1a4b884cb28501824974f683ed2b9babae9f8c15bea30802805c6b2152119764811bbf5f3994d2e97fa2fe8c5ab15a23c14d7ae56be00eaa8bc26678481ff5ba59b0acfb0e43341bff9fc638e5625480a73dbc5d8d13bd2b9e64037c6b79df0c60869980c6a22ec46f80fb859cb4ee5d2032ac1fe538cfd85c70a7f33b4af50a93395917c2cfb6":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #23 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"06dcd9d4c056b6a45b9ed2ae5f6c1cfa43aae06fe01ee098264aa7a80e901abbcf9a505e55f9a352ef0c078d48249b8298e57ea21bf0e423c3bf69002acfa541ca05007c704bc79cee7a80e1107c7b28d2b2aa6dd093b28efe9642519952a4a95ee49235f9924a0ac0aee5b2a1bce47459d70cd6e75074614199dca44561407c":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"5e08f399258e6de075b67a0a6a822ceb21b1eb7a0342eca6a4295739f644547dee3456243cf32bd6ea6f357c88632508457130f3dae04f7806efaed43d1d501e16c961dfbd6c71a42b480e95c7027f8275063d05a9aac3eef0520867b9896ebe8ec358f7d121beb4e61ddfdc3dcd835dfe265f2ba68d300ef566ed1284f9f3d7b1af363ed47bfa2e5f0492925444df7e5fcb1e79e690c746117650b543a5e82c39553552f0f44e617b5cf773c533050f4129e893ac22af69b1eb9afb4b5ba5f5":0 RSA PKCS1 Verify v1.5 CAVS #24 @@ -112,7 +112,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"4871adc05f6b3ecf296680b0dd8d86715b0d5264c064008037dc410512520b5f193c8f4d21eb6c42e10d220c0275c9b3751f03a4096e2f0e3db9df8d52068c06a51589d23ca1361e9fe27691e95663301ec1407fbf73aee99cc92362eaf6994b95038396d815052a0aef6489bbb7bcb0fffdf13f0af9e7d9fd14f6ce00ab98f7":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"11":"180caf03781b391aacebe5b3f5e1d3b01c68a00df4ecfb6c4bf14217aed7cfca0adac099ec1d6e1f0b43b09b86788533fee6691d773807af0df6cc3bbdde3cf34bf5b848fa59c8bc10227cc3eba3452a85e0520fccdb2d8d32dd99672d302756a2d7f7f2693db3a48be17bd34d9d891f4ba44449c5bad1de91b788f524500a7703cccbaa77b9fe8791f5c8aa7b8f055336f28fcfc01733712e33cfb3d33fe71ddb9ced2a31931ec38007f5ad4a0d19acc428124b0e5ee6e0746fb33c1a4d90c8":0 RSA PKCS1 Verify v1.5 CAVS #28 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"3bba64de38438a71b95ab9c94539d5870c1fb08d7a9937600c00e9d063438edc97e625d0cd4b1eb00c31c9d94c7a0fe6d03160d1b6cbec5acdad16ada6ef253fee603df9faca8f98a477cc5456f3dfbf6414dbf19f3832e227ce291780188881e82e96a2e84744f12a34a9808a2daedc6fd00b345c6772bec26a095719451e6a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"11":"8c846e75e32ce5f9964bdd8f6dcf1d2996a646b233bcf1bd6394e13e856691b89bedd18290a0f9f7c90dca307271b3108e795340490513b25e6789e93722c65ec064b4c43457295a31d1f07dd605e133fd6eaafc58cda132df2939f5f693e0205af34550afaa137f3e482885e50dfb48333a15c0821e7a19642acdddc6fea3c7487c691246a2b083dac439889d5ae741b7e08c47937530b4b069f1a260cd07fe4a0ddd530ab11534fb805e9b562118ee0e97932966008aadfc83f3b8a10de8ee":0 RSA PKCS1 Verify v1.5 CAVS #29 @@ -199,11 +199,11 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"5aee2b9dbc02a6a2d87ff64a64165dc0b9ce70c79bab2d287939e2601c3223e0493988d5468731ae4edc7d5f5d449335c204fdb0e192c1915c9d694d3a61c3be14df79c4b34d6ac73707829024d263c94f9107fa93f3783de3965522336e18d1e01a142b5103451bb97839eaf2f44703a63050a36b78aef4072ea1a8daaaf1a2918fc03ee957a9c09efdc6287bcb4d6aec4723290294b249b3e3dc63157b560ad9c867323a73ebeb360cc9e482111643b0d86c4e33dcf170155590f0eba7d170789e84de336b7fe2f6cf485ddca94607a4ff379fc49d375c730249dd1a210e7dccd763d1c23c7532e769c6aa88e38e8654ff90f7b34df4c07ba90e89099ec1ed":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Sign #3 (SHA224, 2048 bits RSA) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0 RSA PKCS1 Sign #3 Verify -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0 RSA PKCS1 Sign #4 (SHA384, 2048 bits RSA) diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index 2f65c230e..b88fda040 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -52,31 +52,31 @@ SHA-256 Invalid parameters sha256_invalid_param: SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5" SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e" SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede" SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d" SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713" SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe" SHA-256 Test Vector NIST CAVS #1 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 375feb9a3..47a23dce8 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -39,7 +39,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA256 Digest @@ -59,7 +59,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA256 Digest @@ -79,7 +79,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED: x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA256 Digest @@ -167,7 +167,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_SHA256_NO_SHA224 mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest @@ -187,7 +187,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:!M mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_SHA256_NO_SHA224 mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest @@ -207,7 +207,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMO mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_SHA256_NO_SHA224 mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest @@ -544,7 +544,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDT x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" X509 CRT verification #15 (Valid Cert SHA224 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #16 (Valid Cert SHA256 Digest) @@ -668,7 +668,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #37 (Valid, EC CA, SHA224 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SHA256_NO_SHA224:!MBEDTLS_USE_TINYCRYPT x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) @@ -768,7 +768,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MB x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_SHA256_NO_SHA224 x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256) @@ -936,7 +936,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_SHA256_NO_SHA224 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index c5f7462dd..468b806a1 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0 Certificate Request check Server1 SHA224 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0 Certificate Request check Server1 SHA256 From 394c5fb24b675b0021266c7d028503bca8249f0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Jul 2019 15:57:36 +0200 Subject: [PATCH 13/78] Implement NO_SHA224 in MD layer as well --- include/mbedtls/md_internal.h | 2 ++ library/md.c | 10 ++++++++-- library/md_wrap.c | 6 ++++++ tests/suites/test_suite_x509parse.data | 2 +- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 04de48291..698477b35 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -100,7 +100,9 @@ extern const mbedtls_md_info_t mbedtls_ripemd160_info; extern const mbedtls_md_info_t mbedtls_sha1_info; #endif #if defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_SHA256_NO_SHA224) extern const mbedtls_md_info_t mbedtls_sha224_info; +#endif extern const mbedtls_md_info_t mbedtls_sha256_info; #endif #if defined(MBEDTLS_SHA512_C) diff --git a/library/md.c b/library/md.c index 303cdcbee..b3525be3f 100644 --- a/library/md.c +++ b/library/md.c @@ -61,8 +61,10 @@ static const int supported_digests[] = { #if defined(MBEDTLS_SHA256_C) MBEDTLS_MD_SHA256, +#if !defined(MBEDTLS_SHA256_NO_SHA224) MBEDTLS_MD_SHA224, #endif +#endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA1_C) MBEDTLS_MD_SHA1, @@ -119,11 +121,13 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); #endif #if defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_SHA256_NO_SHA224) if( !strcmp( "SHA224", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 ); +#endif if( !strcmp( "SHA256", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ); -#endif +#endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) if( !strcmp( "SHA384", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 ); @@ -158,11 +162,13 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) return( &mbedtls_sha1_info ); #endif #if defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_SHA256_NO_SHA224) case MBEDTLS_MD_SHA224: return( &mbedtls_sha224_info ); +#endif case MBEDTLS_MD_SHA256: return( &mbedtls_sha256_info ); -#endif +#endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA384: return( &mbedtls_sha384_info ); diff --git a/library/md_wrap.c b/library/md_wrap.c index 32f087197..0f8132fbf 100644 --- a/library/md_wrap.c +++ b/library/md_wrap.c @@ -391,10 +391,12 @@ const mbedtls_md_info_t mbedtls_sha1_info = { */ #if defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_SHA256_NO_SHA224) static int sha224_starts_wrap( void *ctx ) { return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); } +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ static int sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) @@ -409,11 +411,13 @@ static int sha224_finish_wrap( void *ctx, unsigned char *output ) output ) ); } +#if !defined(MBEDTLS_SHA256_NO_SHA224) static int sha224_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); } +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ static void *sha224_ctx_alloc( void ) { @@ -443,6 +447,7 @@ static int sha224_process_wrap( void *ctx, const unsigned char *data ) data ) ); } +#if !defined(MBEDTLS_SHA256_NO_SHA224) const mbedtls_md_info_t mbedtls_sha224_info = { MBEDTLS_MD_SHA224, "SHA224", @@ -457,6 +462,7 @@ const mbedtls_md_info_t mbedtls_sha224_info = { sha224_clone_wrap, sha224_process_wrap, }; +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ static int sha256_starts_wrap( void *ctx ) { diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 47a23dce8..454244089 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -291,7 +291,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:!M mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_SHA256_NO_SHA224 mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA256 From e06cc3109cd6ca48a0071c23e4da0da7381f0a6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 16 Jul 2019 16:15:28 +0200 Subject: [PATCH 14/78] Add MBEDTLS_SHA256_NO_SHA224 to baremetal.h --- configs/baremetal.h | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/baremetal.h b/configs/baremetal.h index 1b522551a..8bed9a8ae 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -61,6 +61,7 @@ #define MBEDTLS_MD_C #define MBEDTLS_SHA256_C #define MBEDTLS_SHA256_SMALLER +#define MBEDTLS_SHA256_NO_SHA224 /* TLS options */ #define MBEDTLS_SSL_CLI_C From 0956e3ebed0b030feff8c9afb84e8871ccaa2489 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 17 Jul 2019 16:58:56 +0200 Subject: [PATCH 15/78] Exclude NO_SHA224 option from scripts/config.pl As a negative option that removes a feature it should be excluded. --- scripts/config.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/config.pl b/scripts/config.pl index 751ea1db1..e18df926e 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -30,6 +30,7 @@ # MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_REMOVE_ARC4_CIPHERSUITES # MBEDTLS_REMOVE_3DES_CIPHERSUITES +# MBEDTLS_SHA256_NO_SHA224 # MBEDTLS_SSL_HW_RECORD_ACCEL # MBEDTLS_SSL_PROTO_NO_DTLS # MBEDTLS_SSL_NO_SESSION_CACHE @@ -99,6 +100,7 @@ MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_RSA_NO_CRT MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_3DES_CIPHERSUITES +MBEDTLS_SHA256_NO_SHA224 MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_PROTO_NO_TLS MBEDTLS_SSL_NO_SESSION_CACHE From efd344894d65a760480c88347289205a10f6756d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 2 Sep 2019 14:41:19 +0200 Subject: [PATCH 16/78] Completely ignore is224 if SHA-224 is disabled --- include/mbedtls/sha256.h | 4 ++++ library/sha256.c | 43 ++++++++++++++++++++-------------------- 2 files changed, 26 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 2b98bee6f..6ef2245cf 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -103,6 +103,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * \param ctx The context to use. This must be initialized. * \param is224 This determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. + * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0. * * \return \c 0 on success. * \return A negative error code on failure. @@ -171,6 +172,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param ctx The context to use. This must be initialized. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. + * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0. */ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); @@ -239,6 +241,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * be a writable buffer of length \c 32 Bytes. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. + * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0. */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, @@ -271,6 +274,7 @@ int mbedtls_sha256_ret( const unsigned char *input, * a writable buffer of length \c 32 Bytes. * \param is224 Determines which function to use. This must be either * \c 0 for SHA-256, or \c 1 for SHA-224. + * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0. */ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, size_t ilen, diff --git a/library/sha256.c b/library/sha256.c index a141511cd..c576a0346 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -113,12 +113,33 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { SHA256_VALIDATE_RET( ctx != NULL ); +#if defined(MBEDTLS_SHA256_NO_SHA224) + SHA256_VALIDATE_RET( is224 == 0 ); + (void) is224; +#else SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); +#endif ctx->total[0] = 0; ctx->total[1] = 0; - if( is224 == 0 ) +#if !defined(MBEDTLS_SHA256_NO_SHA224) + ctx->is224 = is224; + + if( is224 == 1 ) + { + /* SHA-224 */ + ctx->state[0] = 0xC1059ED8; + ctx->state[1] = 0x367CD507; + ctx->state[2] = 0x3070DD17; + ctx->state[3] = 0xF70E5939; + ctx->state[4] = 0xFFC00B31; + ctx->state[5] = 0x68581511; + ctx->state[6] = 0x64F98FA7; + ctx->state[7] = 0xBEFA4FA4; + } + else +#endif { /* SHA-256 */ ctx->state[0] = 0x6A09E667; @@ -130,26 +151,6 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) ctx->state[6] = 0x1F83D9AB; ctx->state[7] = 0x5BE0CD19; } - else - { -#if defined(MBEDTLS_SHA256_NO_SHA224) - return( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ); -#else - /* SHA-224 */ - ctx->state[0] = 0xC1059ED8; - ctx->state[1] = 0x367CD507; - ctx->state[2] = 0x3070DD17; - ctx->state[3] = 0xF70E5939; - ctx->state[4] = 0xFFC00B31; - ctx->state[5] = 0x68581511; - ctx->state[6] = 0x64F98FA7; - ctx->state[7] = 0xBEFA4FA4; -#endif - } - -#if !defined(MBEDTLS_SHA256_NO_SHA224) - ctx->is224 = is224; -#endif return( 0 ); } From 81ed9fb27744ceb91388555652391a9bbfaa9fe7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 2 Sep 2019 14:57:08 +0200 Subject: [PATCH 17/78] Exclude SHA-224 from some reduced config examples Besides the value as an example, this is usefull for testing the option, via test-ref-configs.pl (which is included in all.sh). --- configs/config-ccm-psk-tls1_2.h | 3 +++ configs/config-suite-b.h | 3 +++ configs/config-thread.h | 3 +++ 3 files changed, 9 insertions(+) diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index c9b58dd53..e0f50ea6f 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -55,6 +55,9 @@ #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C +/* Save ROM by excluded SHA-2 variant that we don't need */ +#define MBEDTLS_SHA256_NO_SHA224 + /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 18e2c4036..d6891fae1 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -78,6 +78,9 @@ #define MBEDTLS_CERTS_C #define MBEDTLS_PEM_PARSE_C +/* Save ROM by excluded SHA-2 variant that we don't need */ +#define MBEDTLS_SHA256_NO_SHA224 + /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES diff --git a/configs/config-thread.h b/configs/config-thread.h index 4fa0b8d19..da8ac7aaa 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -88,6 +88,9 @@ #define MBEDTLS_ECP_MAX_BITS 256 #define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes +/* Save ROM by excluded SHA-2 variant that we don't need */ +#define MBEDTLS_SHA256_NO_SHA224 + /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 From 7f2c3e40349efdd825681af1597a21ed092c9ebc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 2 Sep 2019 15:07:20 +0200 Subject: [PATCH 18/78] Remove dependency of ssl_cookie on SHA-224 Cookies are fully opaque so we can change the hash used at any time, it's not part of the API. The cookie module handles truncation, so it's simpler to always use SHA-256 rather than check if SHA-224 is available. --- library/ssl_cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 56e9bdd2b..6f0be8a26 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -50,7 +50,7 @@ * with max 32 bytes of cookie for DTLS 1.0 */ #if defined(MBEDTLS_SHA256_C) -#define COOKIE_MD MBEDTLS_MD_SHA224 +#define COOKIE_MD MBEDTLS_MD_SHA256 #define COOKIE_MD_OUTLEN 32 #define COOKIE_HMAC_LEN 28 #elif defined(MBEDTLS_SHA512_C) From d6ac3308cdd80ed3fdbef6b2590bf5cd5c248807 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 2 Sep 2019 15:28:01 +0200 Subject: [PATCH 19/78] Adjust depends-hashes.pl to test NO_SHA224 as well --- tests/scripts/depends-hashes.pl | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index f57e7ed88..9bfff7947 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -40,8 +40,18 @@ my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` ); # for md we want to catch MD5_C but not MD_C, hence the extra dot my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p'; my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p'; -my @hashes = split( /\s+/, +my @hash_modules = split( /\s+/, `sed -n -e '$mdx_sed_cmd' -e '$sha_sed_cmd' $config_h` ); + +# there are also negative options for truncated variants, disabled by default +my $sha_trunc_sed_cmd = 's/^\/\/#define \(MBEDTLS_SHA..._NO_.*\)/\1/p'; +my @hash_negatives = split( /\s+/, + `sed -n -e '$sha_trunc_sed_cmd' $config_h` ); + +# list hash options with corresponding actions +my @hashes = ((map { "unset $_" } @hash_modules), + (map { "set $_" } @hash_negatives)); + system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; @@ -55,11 +65,11 @@ for my $hash (@hashes) { system( "make clean" ) and die; print "\n******************************************\n"; - print "* Testing without hash: $hash\n"; + print "* Testing hash option: $hash\n"; print "******************************************\n"; - system( "scripts/config.pl unset $hash" ) - and abort "Failed to disable $hash\n"; + system( "scripts/config.pl $hash" ) + and abort "Failed to $hash\n"; for my $opt (@ssl) { system( "scripts/config.pl unset $opt" ) From 505be8be4d3b18e7acd723b90c36fdb9957a1909 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 5 Sep 2019 11:12:08 +0200 Subject: [PATCH 20/78] Remove unnecessary depends in a test case --- tests/suites/test_suite_ecdsa.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index d76376f63..b6ffb4f15 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -62,7 +62,7 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_ ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"sample":"A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5":"E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A" ECDSA deterministic test vector rfc 6979 p192 sha256 -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"sample":"4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55":"CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85" ECDSA deterministic test vector rfc 6979 p192 sha384 From a5cedbcd3fc3b5953416bdad1c20ec6901ec5f7d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Jul 2019 11:21:02 +0100 Subject: [PATCH 21/78] Introduce MD handle type As has been previously done for ciphersuites, this commit introduces a zero-cost abstraction layer around the type mbedtls_md_info const * whose valid values represent implementations of message digest algorithms. Access to a particular digest implementation can be requested by name or digest ID through the API mbedtls_md_info_from_xxx(), which either returns a valid implementation or NULL, representing failure. This commit replaces such uses of `mbedtls_md_info const *` by an abstract type `mbedtls_md_handle_t` whose valid values represent digest implementations, and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE. The purpose of this abstraction layer is to pave the way for builds which support precisely one digest algorithm. In this case, mbedtls_md_handle_t can be implemented as a two-valued type, with one value representing the invalid handle, and the unique valid value representing the unique enabled digest. --- include/mbedtls/ecjpake.h | 2 +- include/mbedtls/hkdf.h | 6 +- include/mbedtls/hmac_drbg.h | 4 +- include/mbedtls/md.h | 26 ++++---- library/ecdsa.c | 7 +- library/ecjpake.c | 25 ++++---- library/hkdf.c | 6 +- library/hmac_drbg.c | 6 +- library/md.c | 75 ++++++++++++++-------- library/pk.c | 7 +- library/pkcs11.c | 4 +- library/pkcs12.c | 4 +- library/pkcs5.c | 8 +-- library/rsa.c | 24 +++---- library/ssl_tls.c | 39 +++++++---- library/x509.c | 2 +- library/x509_crt.c | 4 +- programs/aes/crypt_and_hash.c | 4 +- programs/hash/generic_sum.c | 10 +-- programs/test/benchmark.c | 12 +++- tests/suites/test_suite_ecdsa.function | 8 +-- tests/suites/test_suite_hkdf.function | 12 ++-- tests/suites/test_suite_hmac_drbg.function | 24 +++---- tests/suites/test_suite_md.function | 66 ++++++++++--------- tests/suites/test_suite_pk.function | 6 +- tests/suites/test_suite_pkcs1_v15.function | 9 ++- tests/suites/test_suite_pkcs1_v21.function | 8 ++- tests/suites/test_suite_pkcs5.function | 4 +- tests/suites/test_suite_rsa.function | 8 ++- tests/suites/test_suite_ssl.function | 4 +- 30 files changed, 247 insertions(+), 177 deletions(-) diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 3d8d02ae6..00e752b23 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -75,7 +75,7 @@ typedef enum { */ typedef struct mbedtls_ecjpake_context { - const mbedtls_md_info_t *md_info; /**< Hash to use */ + mbedtls_md_handle_t md_info; /**< Hash to use */ mbedtls_ecp_group grp; /**< Elliptic curve */ mbedtls_ecjpake_role role; /**< Are we client or server? */ int point_format; /**< Format for point export */ diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h index 40ee64eb0..ebf5e12ea 100644 --- a/include/mbedtls/hkdf.h +++ b/include/mbedtls/hkdf.h @@ -70,7 +70,7 @@ extern "C" { * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, +int mbedtls_hkdf( mbedtls_md_handle_t md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ); @@ -99,7 +99,7 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, +int mbedtls_hkdf_extract( mbedtls_md_handle_t md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk ); @@ -130,7 +130,7 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, +int mbedtls_hkdf_expand( mbedtls_md_handle_t md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ); diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index f1289cb30..ed0385455 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -138,7 +138,7 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ); * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED. */ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, + mbedtls_md_handle_t md_info, int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, @@ -158,7 +158,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, * MBEDTLS_ERR_MD_ALLOC_FAILED. */ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, + mbedtls_md_handle_t md_info, const unsigned char *data, size_t data_len ); /** diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 69ab21f40..40624e44a 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -85,13 +85,17 @@ typedef enum { */ typedef struct mbedtls_md_info_t mbedtls_md_info_t; + +typedef struct mbedtls_md_info_t const * mbedtls_md_handle_t; +#define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) NULL ) + /** * The generic message-digest context. */ typedef struct mbedtls_md_context_t { /** Information about the associated message digest. */ - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; /** The digest-specific context. */ void *md_ctx; @@ -120,7 +124,7 @@ const int *mbedtls_md_list( void ); * \return The message-digest information associated with \p md_name. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); +mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name ); /** * \brief This function returns the message-digest information @@ -131,7 +135,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); * \return The message-digest information associated with \p md_type. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); +mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); /** * \brief This function initializes a message-digest context without @@ -182,7 +186,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; +int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info ) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -205,7 +209,7 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); +int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ); /** * \brief This function clones the state of an message-digest @@ -238,7 +242,7 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, * * \return The size of the message-digest output in Bytes. */ -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); +unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info ); /** * \brief This function extracts the message-digest type from the @@ -249,7 +253,7 @@ unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); * * \return The type of the message digest. */ -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); +mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info ); /** * \brief This function extracts the message-digest name from the @@ -260,7 +264,7 @@ mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); * * \return The name of the message digest. */ -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); +const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info ); /** * \brief This function starts a message-digest computation. @@ -333,7 +337,7 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, +int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen, unsigned char *output ); #if defined(MBEDTLS_FS_IO) @@ -354,7 +358,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si * the file pointed by \p path. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, +int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned char *output ); #endif /* MBEDTLS_FS_IO */ @@ -460,7 +464,7 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, +int mbedtls_md_hmac( mbedtls_md_handle_t md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output ); diff --git a/library/ecdsa.c b/library/ecdsa.c index 58e1a5fce..94bb7f0f4 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -412,11 +412,14 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, mbedtls_hmac_drbg_context *p_rng = &rng_ctx; unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; size_t grp_len = ( grp->nbits + 7 ) / 8; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_mpi h; - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } mbedtls_mpi_init( &h ); mbedtls_hmac_drbg_init( &rng_ctx ); diff --git a/library/ecjpake.c b/library/ecjpake.c index b276514e8..ea28e6d42 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -63,7 +63,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ) { ECJPAKE_VALIDATE( ctx != NULL ); - ctx->md_info = NULL; + ctx->md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_ecp_group_init( &ctx->grp ); ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; @@ -86,7 +86,7 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ) if( ctx == NULL ) return; - ctx->md_info = NULL; + ctx->md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_ecp_group_free( &ctx->grp ); mbedtls_ecp_point_free( &ctx->Xm1 ); @@ -119,8 +119,11 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, ctx->role = role; - if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL ) + if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + } MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) ); @@ -140,7 +143,7 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ) { ECJPAKE_VALIDATE_RET( ctx != NULL ); - if( ctx->md_info == NULL || + if( ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || ctx->grp.id == MBEDTLS_ECP_DP_NONE || ctx->s.p == NULL ) { @@ -190,7 +193,7 @@ static int ecjpake_write_len_point( unsigned char **p, /* * Compute hash for ZKP (7.4.2.2.2.1) */ -static int ecjpake_hash( const mbedtls_md_info_t *md_info, +static int ecjpake_hash( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -240,7 +243,7 @@ cleanup: /* * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3) */ -static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, +static int ecjpake_zkp_read( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -312,7 +315,7 @@ cleanup: /* * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2) */ -static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, +static int ecjpake_zkp_write( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -373,7 +376,7 @@ cleanup: * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof * Output: verified public key X */ -static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info, +static int ecjpake_kkp_read( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -410,7 +413,7 @@ cleanup: * Generate an ECJPAKEKeyKP * Output: the serialized structure, plus private/public key pair */ -static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info, +static int ecjpake_kkp_write( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -447,7 +450,7 @@ cleanup: * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs * Ouputs: verified peer public keys Xa, Xb */ -static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, +static int ecjpake_kkpp_read( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -480,7 +483,7 @@ cleanup: * Generate a ECJPAKEKeyKPPairList * Outputs: the serialized structure, plus two private/public key pairs */ -static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info, +static int ecjpake_kkpp_write( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, diff --git a/library/hkdf.c b/library/hkdf.c index 82d8a429f..d64dc4da1 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -30,7 +30,7 @@ #include "mbedtls/hkdf.h" #include "mbedtls/platform_util.h" -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, +int mbedtls_hkdf( mbedtls_md_handle_t md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ) @@ -51,7 +51,7 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, return( ret ); } -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, +int mbedtls_hkdf_extract( mbedtls_md_handle_t md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk ) @@ -81,7 +81,7 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) ); } -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, +int mbedtls_hkdf_expand( mbedtls_md_handle_t md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ) { diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 34f18155e..c9c541d83 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -124,7 +124,7 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA) */ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, + mbedtls_md_handle_t md_info, const unsigned char *data, size_t data_len ) { int ret; @@ -246,7 +246,7 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, * from the entropy source as suggested in 8.6.7. */ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, + mbedtls_md_handle_t md_info, int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, @@ -564,7 +564,7 @@ int mbedtls_hmac_drbg_self_test( int verbose ) { mbedtls_hmac_drbg_context ctx; unsigned char buf[OUTPUT_LEN]; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); mbedtls_hmac_drbg_init( &ctx ); diff --git a/library/md.c b/library/md.c index b3525be3f..d634606a2 100644 --- a/library/md.c +++ b/library/md.c @@ -94,7 +94,7 @@ const int *mbedtls_md_list( void ) return( supported_digests ); } -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) +mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name ) { if( NULL == md_name ) return( NULL ); @@ -137,7 +137,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) return( NULL ); } -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) +mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) { switch( md_type ) { @@ -187,7 +187,7 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx ) void mbedtls_md_free( mbedtls_md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == NULL ) + if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) return; if( ctx->md_ctx != NULL ) @@ -206,8 +206,8 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ) { - if( dst == NULL || dst->md_info == NULL || - src == NULL || src->md_info == NULL || + if( dst == NULL || dst->md_info == MBEDTLS_MD_INVALID_HANDLE || + src == NULL || src->md_info == MBEDTLS_MD_INVALID_HANDLE || dst->md_info != src->md_info ) { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -219,15 +219,15 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, } #if ! defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) +int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info ) { return mbedtls_md_setup( ctx, md_info, 1 ); } #endif -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ) +int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ) { - if( md_info == NULL || ctx == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL ) @@ -250,7 +250,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == NULL ) + if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); return( ctx->md_info->starts_func( ctx->md_ctx ) ); @@ -258,7 +258,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) { - if( ctx == NULL || ctx->md_info == NULL ) + if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); @@ -266,23 +266,23 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { - if( ctx == NULL || ctx->md_info == NULL ) + if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); } -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, +int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen, unsigned char *output ) { - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); return( md_info->digest_func( input, ilen, output ) ); } #if defined(MBEDTLS_FS_IO) -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ) +int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned char *output ) { int ret; FILE *f; @@ -290,7 +290,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne mbedtls_md_context_t ctx; unsigned char buf[1024]; - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); if( ( f = fopen( path, "rb" ) ) == NULL ) @@ -329,8 +329,12 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, unsigned char *ipad, *opad; size_t i; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL || + ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || + ctx->hmac_ctx == NULL ) + { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + } if( keylen > (size_t) ctx->md_info->block_size ) { @@ -371,8 +375,12 @@ cleanup: int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) { - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL || + ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || + ctx->hmac_ctx == NULL ) + { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + } return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); } @@ -383,8 +391,12 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL || + ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || + ctx->hmac_ctx == NULL ) + { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + } opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; @@ -406,8 +418,12 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) int ret; unsigned char *ipad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL || + ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || + ctx->hmac_ctx == NULL ) + { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + } ipad = (unsigned char *) ctx->hmac_ctx; @@ -417,7 +433,7 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) ctx->md_info->block_size ) ); } -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, +int mbedtls_md_hmac( mbedtls_md_handle_t md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output ) @@ -425,7 +441,7 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, mbedtls_md_context_t ctx; int ret; - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); mbedtls_md_init( &ctx ); @@ -448,31 +464,34 @@ cleanup: int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) { - if( ctx == NULL || ctx->md_info == NULL ) + if( ctx == NULL || + ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + } return( ctx->md_info->process_func( ctx->md_ctx, data ) ); } -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) +unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info ) { - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( 0 ); return md_info->size; } -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ) +mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info ) { - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_MD_NONE ); return md_info->type; } -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ) +const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info ) { - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( NULL ); return md_info->name; diff --git a/library/pk.c b/library/pk.c index 161a135f1..93c57642d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -205,13 +205,16 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) */ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) { - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; if( *hash_len != 0 ) return( 0 ); - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( -1 ); + } *hash_len = mbedtls_md_get_size( md_info ); return( 0 ); diff --git a/library/pkcs11.c b/library/pkcs11.c index 0ea64252e..9ef53533f 100644 --- a/library/pkcs11.c +++ b/library/pkcs11.c @@ -183,8 +183,8 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, if( md_alg != MBEDTLS_MD_NONE ) { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) diff --git a/library/pkcs12.c b/library/pkcs12.c index 7edf064c1..e16d0a934 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -261,7 +261,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, size_t hlen, use_len, v, i; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; // This version only allows max of 64 bytes of password or salt @@ -269,7 +269,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); md_info = mbedtls_md_info_from_type( md_type ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); mbedtls_md_init( &md_ctx ); diff --git a/library/pkcs5.c b/library/pkcs5.c index 50133435c..2717aaa56 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -122,7 +122,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1; unsigned char key[32], iv[32]; size_t olen = 0; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; const mbedtls_cipher_info_t *cipher_info; mbedtls_md_context_t md_ctx; mbedtls_cipher_type_t cipher_alg; @@ -157,7 +157,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, } md_info = mbedtls_md_info_from_type( md_type ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid, @@ -356,14 +356,14 @@ static const unsigned char result_key[MAX_TESTS][32] = int mbedtls_pkcs5_self_test( int verbose ) { mbedtls_md_context_t sha1_ctx; - const mbedtls_md_info_t *info_sha1; + mbedtls_md_handle_t info_sha1; int ret, i; unsigned char key[64]; mbedtls_md_init( &sha1_ctx ); info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); - if( info_sha1 == NULL ) + if( info_sha1 == MBEDTLS_MD_INVALID_HANDLE ) { ret = 1; goto exit; diff --git a/library/rsa.c b/library/rsa.c index af1a87859..2674c1094 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1128,7 +1128,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int ret; unsigned char *p = output; unsigned int hlen; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); @@ -1145,7 +1145,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; @@ -1326,7 +1326,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char lhash[MBEDTLS_MD_MAX_SIZE]; unsigned int hlen; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); @@ -1349,7 +1349,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); @@ -1767,7 +1767,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, size_t slen, min_slen, hlen, offset = 0; int ret; size_t msb; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || @@ -1789,14 +1789,14 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, { /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hashlen = mbedtls_md_get_size( md_info ); } md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); @@ -1910,8 +1910,8 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, /* Are we signing hashed or raw data? */ if( md_alg != MBEDTLS_MD_NONE ) { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) @@ -2150,7 +2150,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, unsigned char zeros[8]; unsigned int hlen; size_t observed_salt_len, msb; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; @@ -2186,14 +2186,14 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, { /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hashlen = mbedtls_md_get_size( md_info ); } md_info = mbedtls_md_info_from_type( mgf1_hash_id ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e47c45657..b17e33d61 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -660,7 +660,7 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen, const unsigned char *S1, *S2; unsigned char tmp[128]; unsigned char h_i[20]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; int ret; @@ -681,8 +681,11 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen, /* * First compute P_md5(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) return( ret ); @@ -712,8 +715,11 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen, /* * XOR out with P_sha1(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) return( ret ); @@ -763,14 +769,17 @@ int tls_prf_generic( mbedtls_md_type_t md_type, size_t i, j, k, md_len; unsigned char tmp[128]; unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; int ret; mbedtls_md_init( &md_ctx ); - if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } md_len = mbedtls_md_get_size( md_info ); @@ -1244,7 +1253,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, unsigned keylen; mbedtls_ssl_ciphersuite_handle_t ciphersuite_info; const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; #if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \ !defined(MBEDTLS_SSL_EXPORT_KEYS) && \ @@ -1293,7 +1302,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, md_info = mbedtls_md_info_from_type( mbedtls_ssl_suite_get_mac( ciphersuite_info ) ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", mbedtls_ssl_suite_get_mac( ciphersuite_info ) ) ); @@ -3368,7 +3377,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, memset( tmp, 0, sizeof( tmp ) ); - switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) ) + switch( mbedtls_md_get_type( + mbedtls_md_get_handle( &transform->md_ctx_dec ) ) ) { #if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \ defined(MBEDTLS_SHA256_C) @@ -6890,13 +6900,16 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, ssl->session->peer_cert_digest; mbedtls_md_type_t const peer_cert_digest_type = ssl->session->peer_cert_digest_type; - mbedtls_md_info_t const * const digest_info = + mbedtls_md_handle_t digest_info = mbedtls_md_info_from_type( peer_cert_digest_type ); unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; size_t digest_len; - if( peer_cert_digest == NULL || digest_info == NULL ) + if( peer_cert_digest == NULL || + digest_info == MBEDTLS_MD_INVALID_HANDLE ) + { return( -1 ); + } digest_len = mbedtls_md_get_size( digest_info ); if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN ) @@ -10110,9 +10123,9 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( session->peer_cert_digest_len != 0 ) { - const mbedtls_md_info_t *md_info = + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( session->peer_cert_digest_type ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -12484,7 +12497,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, { int ret = 0; mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg ); *hashlen = mbedtls_md_get_size( md_info ); mbedtls_md_init( &ctx ); diff --git a/library/x509.c b/library/x509.c index 19cc64b79..ec83017f8 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1065,7 +1065,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, mbedtls_pk_type_t pk_alg, if( pk_alg == MBEDTLS_PK_RSASSA_PSS ) { const mbedtls_pk_rsassa_pss_options *pss_opts; - const mbedtls_md_info_t *md_info, *mgf_md_info; + mbedtls_md_handle_t md_info, mgf_md_info; pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts; diff --git a/library/x509_crt.c b/library/x509_crt.c index 0089ef2a3..2960638fb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2088,7 +2088,7 @@ static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info ) static int x509_crt_get_sig_info( mbedtls_x509_crt_frame const *frame, mbedtls_x509_crt_sig_info *info ) { - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; md_info = mbedtls_md_info_from_type( frame->sig_md ); if( mbedtls_md( md_info, frame->tbs.p, frame->tbs.len, @@ -2705,7 +2705,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial, int ret; int flags = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_x509_buf_raw ca_subject; mbedtls_pk_context *pk; int can_sign; diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a5acf5b8b..8d671abf2 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -100,7 +100,7 @@ int main( int argc, char *argv[] ) unsigned char diff; const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_cipher_context_t cipher_ctx; mbedtls_md_context_t md_ctx; #if defined(_WIN32_WCE) @@ -192,7 +192,7 @@ int main( int argc, char *argv[] ) } md_info = mbedtls_md_info_from_string( argv[5] ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) { mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] ); goto exit; diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 709a149e0..ed5357f08 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -53,7 +53,7 @@ int main( void ) #else -static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum ) +static int generic_wrapper( mbedtls_md_handle_t md_info, char *filename, unsigned char *sum ) { int ret = mbedtls_md_file( md_info, filename, sum ); @@ -66,7 +66,7 @@ static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, un return( ret ); } -static int generic_print( const mbedtls_md_info_t *md_info, char *filename ) +static int generic_print( mbedtls_md_handle_t md_info, char *filename ) { int i; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; @@ -81,7 +81,7 @@ static int generic_print( const mbedtls_md_info_t *md_info, char *filename ) return( 0 ); } -static int generic_check( const mbedtls_md_info_t *md_info, char *filename ) +static int generic_check( mbedtls_md_handle_t md_info, char *filename ) { int i; size_t n; @@ -177,7 +177,7 @@ int main( int argc, char *argv[] ) { int ret = 1, i; int exit_code = MBEDTLS_EXIT_FAILURE; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; mbedtls_md_init( &md_ctx ); @@ -210,7 +210,7 @@ int main( int argc, char *argv[] ) * Read the MD from the command line */ md_info = mbedtls_md_info_from_string( argv[1] ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) { mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] ); return( exit_code ); diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 2b8656692..88e3290d0 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -693,13 +693,16 @@ int main( int argc, char *argv[] ) if( todo.hmac_drbg ) { mbedtls_hmac_drbg_context hmac_drbg; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_init( &hmac_drbg ); #if defined(MBEDTLS_SHA1_C) - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { mbedtls_exit(1); + } if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); @@ -715,8 +718,11 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SHA256_C) - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { mbedtls_exit(1); + } if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 22d92b6df..fa77dfad3 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -307,7 +307,7 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, mbedtls_mpi d, r, s, r_check, s_check; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t hlen; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_ecp_group_init( &grp ); mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); @@ -320,7 +320,7 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); hlen = mbedtls_md_get_size( md_info ); TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ) == 0 ); @@ -476,7 +476,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; size_t hlen, slen, slen_check; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_ecdsa_restart_init( &rs_ctx ); mbedtls_ecdsa_init( &ctx ); @@ -489,7 +489,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, slen_check = unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); hlen = mbedtls_md_get_size( md_info ); mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 3e8720734..7e83b57e6 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -25,8 +25,8 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, */ unsigned char okm_hex[257] = { '\0' }; - const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md != NULL ); + mbedtls_md_handle_t md = mbedtls_md_info_from_type( md_alg ); + TEST_ASSERT( md != MBEDTLS_MD_INVALID_HANDLE ); ikm_len = unhexify( ikm, hex_ikm_string ); salt_len = unhexify( salt, hex_salt_string ); @@ -54,8 +54,8 @@ void test_hkdf_extract( int md_alg, char *hex_ikm_string, unsigned char *output_prk = NULL; size_t ikm_len, salt_len, prk_len, output_prk_len; - const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md != NULL ); + mbedtls_md_handle_t md = mbedtls_md_info_from_type( md_alg ); + TEST_ASSERT( md != MBEDTLS_MD_INVALID_HANDLE ); output_prk_len = mbedtls_md_get_size( md ); output_prk = mbedtls_calloc( 1, output_prk_len ); @@ -90,8 +90,8 @@ void test_hkdf_expand( int md_alg, char *hex_info_string, unsigned char *output_okm = NULL; size_t info_len, prk_len, okm_len; - const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md != NULL ); + mbedtls_md_handle_t md = mbedtls_md_info_from_type( md_alg ); + TEST_ASSERT( md != MBEDTLS_MD_INVALID_HANDLE ); output_okm = mbedtls_calloc( OKM_LEN, 1 ); diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index 13bc40062..da280dbd9 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -34,7 +34,7 @@ void hmac_drbg_entropy_usage( int md_alg ) { unsigned char out[16]; unsigned char buf[1024]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; entropy_ctx entropy; size_t last_len, i, reps = 10; @@ -47,7 +47,7 @@ void hmac_drbg_entropy_usage( int md_alg ) entropy.p = buf; md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); /* Init must use entropy */ last_len = entropy.len; @@ -112,13 +112,13 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ void hmac_drbg_seed_file( int md_alg, char * path, int ret ) { - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_init( &ctx ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, rnd_std_rand, NULL, NULL, 0 ) == 0 ); @@ -136,7 +136,7 @@ void hmac_drbg_buf( int md_alg ) { unsigned char out[16]; unsigned char buf[100]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; size_t i; @@ -145,7 +145,7 @@ void hmac_drbg_buf( int md_alg ) memset( out, 0, sizeof( out ) ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info, buf, sizeof( buf ) ) == 0 ); /* Make sure it never tries to reseed (would segfault otherwise) */ @@ -168,7 +168,7 @@ void hmac_drbg_no_reseed( int md_alg, data_t * entropy, unsigned char data[1024]; unsigned char my_output[512]; entropy_ctx p_entropy; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_init( &ctx ); @@ -177,7 +177,7 @@ void hmac_drbg_no_reseed( int md_alg, data_t * entropy, p_entropy.len = entropy->len; md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); /* Test the simplified buffer-based variant */ memcpy( data, entropy->x, p_entropy.len ); @@ -215,7 +215,7 @@ void hmac_drbg_nopr( int md_alg, data_t * entropy, data_t * custom, { unsigned char my_output[512]; entropy_ctx p_entropy; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_init( &ctx ); @@ -224,7 +224,7 @@ void hmac_drbg_nopr( int md_alg, data_t * entropy, data_t * custom, p_entropy.len = entropy->len; md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy, custom->x, custom->len ) == 0 ); @@ -247,7 +247,7 @@ void hmac_drbg_pr( int md_alg, data_t * entropy, data_t * custom, { unsigned char my_output[512]; entropy_ctx p_entropy; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_init( &ctx ); @@ -256,7 +256,7 @@ void hmac_drbg_pr( int md_alg, data_t * entropy, data_t * custom, p_entropy.len = entropy->len; md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy, custom->x, custom->len ) == 0 ); diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 11cf88ae7..515a28cfc 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -11,7 +11,7 @@ void mbedtls_md_process( ) { const int *md_type_ptr; - const mbedtls_md_info_t *info; + mbedtls_md_handle_t info; mbedtls_md_context_t ctx; unsigned char buf[150]; @@ -28,7 +28,7 @@ void mbedtls_md_process( ) for( md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++ ) { info = mbedtls_md_info_from_type( *md_type_ptr ); - TEST_ASSERT( info != NULL ); + TEST_ASSERT( info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_md_setup( &ctx, info, 0 ) == 0 ); TEST_ASSERT( mbedtls_md_process( &ctx, buf ) == 0 ); mbedtls_md_free( &ctx ); @@ -43,18 +43,22 @@ exit: void md_null_args( ) { mbedtls_md_context_t ctx; - const mbedtls_md_info_t *info = mbedtls_md_info_from_type( *( mbedtls_md_list() ) ); + mbedtls_md_handle_t info = mbedtls_md_info_from_type( *( mbedtls_md_list() ) ); unsigned char buf[1] = { 0 }; mbedtls_md_init( &ctx ); - TEST_ASSERT( mbedtls_md_get_size( NULL ) == 0 ); - TEST_ASSERT( mbedtls_md_get_type( NULL ) == MBEDTLS_MD_NONE ); - TEST_ASSERT( mbedtls_md_get_name( NULL ) == NULL ); + TEST_ASSERT( mbedtls_md_get_size( MBEDTLS_MD_INVALID_HANDLE ) + == 0 ); + TEST_ASSERT( mbedtls_md_get_type( MBEDTLS_MD_INVALID_HANDLE ) + == MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_md_get_name( MBEDTLS_MD_INVALID_HANDLE ) + == NULL ); - TEST_ASSERT( mbedtls_md_info_from_string( NULL ) == NULL ); + TEST_ASSERT( mbedtls_md_info_from_string( NULL ) == MBEDTLS_MD_INVALID_HANDLE ); - TEST_ASSERT( mbedtls_md_setup( &ctx, NULL, 0 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_md_setup( &ctx, MBEDTLS_MD_INVALID_HANDLE, 0 ) + == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_setup( NULL, info, 0 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_starts( NULL ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -66,10 +70,12 @@ void md_null_args( ) TEST_ASSERT( mbedtls_md_finish( NULL, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_finish( &ctx, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_md( NULL, buf, 1, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_md( MBEDTLS_MD_INVALID_HANDLE, + buf, 1, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); #if defined(MBEDTLS_FS_IO) - TEST_ASSERT( mbedtls_md_file( NULL, "", buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_md_file( MBEDTLS_MD_INVALID_HANDLE, + "", buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); #endif TEST_ASSERT( mbedtls_md_hmac_starts( NULL, buf, 1 ) @@ -90,27 +96,29 @@ void md_null_args( ) TEST_ASSERT( mbedtls_md_hmac_reset( NULL ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_hmac_reset( &ctx ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_md_hmac( NULL, buf, 1, buf, 1, buf ) + TEST_ASSERT( mbedtls_md_hmac( MBEDTLS_MD_INVALID_HANDLE, buf, 1, buf, 1, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_process( NULL, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_process( &ctx, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); /* Ok, this is not NULL arg but NULL return... */ - TEST_ASSERT( mbedtls_md_info_from_type( MBEDTLS_MD_NONE ) == NULL ); - TEST_ASSERT( mbedtls_md_info_from_string( "no such md" ) == NULL ); + TEST_ASSERT( mbedtls_md_info_from_type( MBEDTLS_MD_NONE ) == + MBEDTLS_MD_INVALID_HANDLE ); + TEST_ASSERT( mbedtls_md_info_from_string( "no such md" ) == + MBEDTLS_MD_INVALID_HANDLE ); } /* END_CASE */ /* BEGIN_CASE */ void md_info( int md_type, char * md_name, int md_size ) { - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; const int *md_type_ptr; int found; md_info = mbedtls_md_info_from_type( md_type ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( md_info == mbedtls_md_info_from_string( md_name ) ); TEST_ASSERT( mbedtls_md_get_type( md_info ) == (mbedtls_md_type_t) md_type ); @@ -132,7 +140,7 @@ void md_text( char * text_md_name, char * text_src_string, char md_name[100]; unsigned char src_str[1000]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; memset( md_name, 0x00, 100 ); memset( src_str, 0x00, 1000 ); @@ -141,7 +149,7 @@ void md_text( char * text_md_name, char * text_src_string, strncpy( (char *) src_str, text_src_string, sizeof( src_str ) - 1 ); strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string(md_name); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); @@ -155,14 +163,14 @@ void md_hex( char * text_md_name, data_t * src_str, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; memset( md_name, 0x00, 100 ); memset( output, 0x00, 100 ); strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) ); @@ -181,7 +189,7 @@ void md_text_multi( char * text_md_name, char * text_src_string, unsigned char output[100]; int halfway, len; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_md_context_t ctx, ctx_copy; mbedtls_md_init( &ctx ); @@ -197,7 +205,7 @@ void md_text_multi( char * text_md_name, char * text_src_string, halfway = len / 2; md_info = mbedtls_md_info_from_string(md_name); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) ); @@ -230,7 +238,7 @@ void md_hex_multi( char * text_md_name, data_t * src_str, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_md_context_t ctx, ctx_copy; int halfway; @@ -242,7 +250,7 @@ void md_hex_multi( char * text_md_name, data_t * src_str, strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string(md_name); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) ); @@ -277,14 +285,14 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; memset( md_name, 0x00, 100 ); memset( output, 0x00, 100 ); strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 ); @@ -299,7 +307,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_md_context_t ctx; int halfway; @@ -310,7 +318,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) ); halfway = src_str->len / 2; @@ -344,14 +352,14 @@ void mbedtls_md_file( char * text_md_name, char * filename, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; memset( md_name, 0x00, 100 ); memset( output, 0x00, 100 ); strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 8b95baba9..fc917d003 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -593,7 +593,7 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0, @@ -709,7 +709,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; size_t hlen, slen, slen_check; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_pk_restart_init( &rs_ctx ); mbedtls_pk_init( &prv ); @@ -729,7 +729,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, slen_check = unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); hlen = mbedtls_md_get_size( md_info ); mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 0723623a5..58c25bf67 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -275,8 +275,10 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); if( result == 0 ) @@ -313,9 +315,10 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 99be08ac0..a9635e17d 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -128,8 +128,10 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); @@ -169,8 +171,10 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 26f1d3331..a8f052384 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -12,14 +12,14 @@ void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str, int it_cnt, int key_len, data_t * result_key_string ) { mbedtls_md_context_t ctx; - const mbedtls_md_info_t *info; + mbedtls_md_handle_t info; unsigned char key[100]; mbedtls_md_init( &ctx ); info = mbedtls_md_info_from_type( hash ); - TEST_ASSERT( info != NULL ); + TEST_ASSERT( info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_md_setup( &ctx, info, 1 ) == 0 ); TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len, it_cnt, key_len, key ) == 0 ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f2a9b9878..4d22c9b35 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -497,8 +497,10 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, @@ -538,8 +540,10 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b177779e7..80f5f16ca 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -102,12 +102,12 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if( cipher_info->mode == MBEDTLS_MODE_CBC || cipher_info->mode == MBEDTLS_MODE_STREAM ) { - mbedtls_md_info_t const *md_info; + mbedtls_md_handle_t md_info; unsigned char *md0, *md1; /* Pick hash */ md_info = mbedtls_md_info_from_type( hash_id ); - CHK( md_info != NULL ); + CHK( md_info != MBEDTLS_MD_INVALID_HANDLE ); /* Pick hash keys */ maclen = mbedtls_md_get_size( md_info ); From 530387eaa3f488ef6edd00a2df1f940c8fa15fec Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Jul 2019 14:10:26 +0100 Subject: [PATCH 22/78] Introduce getter functions for MD info fields This commit continues the introduction of the MD digest implementation abstraction layer given by `mbedtls_md_handle_t` by adding getter functions returning the various properties of an implementation (e.g. name, digest type, digest size). For the existing implementation, these are just structure field accesses; however, in configurations hardcoding the choice of a fixed digest algorithm, we'll be able to implement them as inline functions returning compile-time constants. --- include/mbedtls/md_internal.h | 108 ++++++++++++++++++++-- library/md.c | 127 +++++++++++++++++--------- tests/suites/test_suite_hkdf.function | 4 +- 3 files changed, 185 insertions(+), 54 deletions(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 698477b35..72a8e4645 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -44,6 +44,21 @@ extern "C" { * Message digest information. * Allows message digest functions to be called in a generic way. */ + +typedef int mbedtls_md_starts_func_t( void *ctx ); +typedef int mbedtls_md_update_func_t( void *ctx, + const unsigned char *input, + size_t ilen ); +typedef int mbedtls_md_finish_func_t( void *ctx, unsigned char *output ); +typedef int mbedtls_md_digest_func_t( const unsigned char *input, + size_t ilen, + unsigned char *output ); +typedef void* mbedtls_md_ctx_alloc_func_t( void ); +typedef void mbedtls_md_ctx_free_func_t( void *ctx ); +typedef void mbedtls_md_clone_func_t( void *st, const void *src ); +typedef int mbedtls_md_process_func_t( void *ctx, + const unsigned char *input ); + struct mbedtls_md_info_t { /** Digest identifier */ @@ -59,31 +74,106 @@ struct mbedtls_md_info_t int block_size; /** Digest initialisation function */ - int (*starts_func)( void *ctx ); + mbedtls_md_starts_func_t *starts_func; /** Digest update function */ - int (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); + mbedtls_md_update_func_t *update_func; /** Digest finalisation function */ - int (*finish_func)( void *ctx, unsigned char *output ); + mbedtls_md_finish_func_t *finish_func; /** Generic digest function */ - int (*digest_func)( const unsigned char *input, size_t ilen, - unsigned char *output ); + mbedtls_md_digest_func_t *digest_func; /** Allocate a new context */ - void * (*ctx_alloc_func)( void ); + mbedtls_md_ctx_alloc_func_t *ctx_alloc_func; /** Free the given context */ - void (*ctx_free_func)( void *ctx ); + mbedtls_md_ctx_free_func_t *ctx_free_func; /** Clone state from a context */ - void (*clone_func)( void *dst, const void *src ); + mbedtls_md_clone_func_t *clone_func; /** Internal use only */ - int (*process_func)( void *ctx, const unsigned char *input ); + mbedtls_md_process_func_t *process_func; }; +/* + * Getter functions for MD info structure. + */ + +static inline mbedtls_md_type_t mbedtls_md_info_type( + mbedtls_md_handle_t info ) +{ + return( info->type ); +} + +static inline const char * mbedtls_md_info_name( + mbedtls_md_handle_t info ) +{ + return( info->name ); +} + +static inline int mbedtls_md_info_size( + mbedtls_md_handle_t info ) +{ + return( info->size ); +} + +static inline int mbedtls_md_info_block_size( + mbedtls_md_handle_t info ) +{ + return( info->block_size ); +} + +static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( + mbedtls_md_handle_t info ) +{ + return( info->starts_func ); +} + +static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( + mbedtls_md_handle_t info ) +{ + return( info->update_func ); +} + +static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( + mbedtls_md_handle_t info ) +{ + return( info->finish_func ); +} + +static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( + mbedtls_md_handle_t info ) +{ + return( info->digest_func ); +} + +static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( + mbedtls_md_handle_t info ) +{ + return( info->ctx_alloc_func ); +} + +static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( + mbedtls_md_handle_t info ) +{ + return( info->ctx_free_func ); +} + +static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( + mbedtls_md_handle_t info ) +{ + return( info->clone_func ); +} + +static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( + mbedtls_md_handle_t info ) +{ + return( info->process_func ); +} + #if defined(MBEDTLS_MD2_C) extern const mbedtls_md_info_t mbedtls_md2_info; #endif diff --git a/library/md.c b/library/md.c index d634606a2..3bb4bafa7 100644 --- a/library/md.c +++ b/library/md.c @@ -191,12 +191,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) return; if( ctx->md_ctx != NULL ) - ctx->md_info->ctx_free_func( ctx->md_ctx ); + mbedtls_md_info_ctx_free_func( ctx->md_info )( ctx->md_ctx ); if( ctx->hmac_ctx != NULL ) { mbedtls_platform_zeroize( ctx->hmac_ctx, - 2 * ctx->md_info->block_size ); + 2 * mbedtls_md_info_block_size( ctx->md_info ) ); mbedtls_free( ctx->hmac_ctx ); } @@ -213,8 +213,7 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - dst->md_info->clone_func( dst->md_ctx, src->md_ctx ); - + mbedtls_md_info_clone_func( dst->md_info )( dst->md_ctx, src->md_ctx ); return( 0 ); } @@ -230,15 +229,16 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL ) + ctx->md_ctx = mbedtls_md_info_ctx_alloc_func( md_info )(); + if( ctx->md_ctx == NULL ) return( MBEDTLS_ERR_MD_ALLOC_FAILED ); if( hmac != 0 ) { - ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size ); + ctx->hmac_ctx = mbedtls_calloc( 2, mbedtls_md_info_block_size( md_info ) ); if( ctx->hmac_ctx == NULL ) { - md_info->ctx_free_func( ctx->md_ctx ); + mbedtls_md_info_ctx_free_func( md_info )( ctx->md_ctx ); return( MBEDTLS_ERR_MD_ALLOC_FAILED ); } } @@ -253,7 +253,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( ctx->md_info->starts_func( ctx->md_ctx ) ); + return( mbedtls_md_info_starts_func( ctx->md_info )( ctx->md_ctx ) ); } int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) @@ -261,7 +261,8 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); + return( mbedtls_md_info_update_func( ctx->md_info )( ctx->md_ctx, + input, ilen ) ); } int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) @@ -269,7 +270,8 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); + return( mbedtls_md_info_finish_func( ctx->md_info )( ctx->md_ctx, + output ) ); } int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen, @@ -278,7 +280,8 @@ int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( md_info->digest_func( input, ilen, output ) ); + return( mbedtls_md_info_digest_func( md_info )( + input, ilen, output) ); } #if defined(MBEDTLS_FS_IO) @@ -301,17 +304,27 @@ int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned cha if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) goto cleanup; - if( ( ret = md_info->starts_func( ctx.md_ctx ) ) != 0 ) + ret = mbedtls_md_info_starts_func( md_info )( ctx.md_ctx ); + if( ret != 0 ) goto cleanup; while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - if( ( ret = md_info->update_func( ctx.md_ctx, buf, n ) ) != 0 ) + { + ret = mbedtls_md_info_update_func( md_info )( ctx.md_ctx, + buf, n ); + if( ret != 0 ) goto cleanup; + } if( ferror( f ) != 0 ) + { ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; + } else - ret = md_info->finish_func( ctx.md_ctx, output ); + { + ret = mbedtls_md_info_finish_func( md_info )( ctx.md_ctx, + output ); + } cleanup: mbedtls_platform_zeroize( buf, sizeof( buf ) ); @@ -329,6 +342,10 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, unsigned char *ipad, *opad; size_t i; + mbedtls_md_starts_func_t *starts; + mbedtls_md_update_func_t *update; + mbedtls_md_finish_func_t *finish; + if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || ctx->hmac_ctx == NULL ) @@ -336,24 +353,30 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - if( keylen > (size_t) ctx->md_info->block_size ) + starts = mbedtls_md_info_starts_func( ctx->md_info ); + update = mbedtls_md_info_update_func( ctx->md_info ); + finish = mbedtls_md_info_finish_func( ctx->md_info ); + + if( keylen > (size_t) mbedtls_md_info_block_size( ctx->md_info ) ) { - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) - goto cleanup; - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, key, keylen ) ) != 0 ) - goto cleanup; - if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, sum ) ) != 0 ) + if( ( ret = starts( ctx->md_ctx ) ) != 0 ) goto cleanup; - keylen = ctx->md_info->size; + if( ( ret = update( ctx->md_ctx, key, keylen ) ) ) + goto cleanup; + + if( ( ret = finish( ctx->md_ctx, sum ) ) != 0 ) + goto cleanup; + + keylen = mbedtls_md_info_size( ctx->md_info ); key = sum; } ipad = (unsigned char *) ctx->hmac_ctx; - opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; + opad = (unsigned char *) ctx->hmac_ctx + mbedtls_md_info_block_size( ctx->md_info ); - memset( ipad, 0x36, ctx->md_info->block_size ); - memset( opad, 0x5C, ctx->md_info->block_size ); + memset( ipad, 0x36, mbedtls_md_info_block_size( ctx->md_info ) ); + memset( opad, 0x5C, mbedtls_md_info_block_size( ctx->md_info ) ); for( i = 0; i < keylen; i++ ) { @@ -361,10 +384,10 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, opad[i] = (unsigned char)( opad[i] ^ key[i] ); } - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + if( ( ret = starts( ctx->md_ctx ) ) != 0 ) goto cleanup; - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, ipad, - ctx->md_info->block_size ) ) != 0 ) + + if( ( ret = update( ctx->md_ctx, ipad, mbedtls_md_info_block_size( ctx->md_info ) ) ) != 0 ) goto cleanup; cleanup: @@ -382,7 +405,8 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); + return( mbedtls_md_info_update_func( ctx->md_info )( + ctx->md_ctx, input, ilen ) ); } int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) @@ -391,6 +415,10 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; + mbedtls_md_starts_func_t *starts; + mbedtls_md_update_func_t *update; + mbedtls_md_finish_func_t *finish; + if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || ctx->hmac_ctx == NULL ) @@ -398,19 +426,28 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; + starts = mbedtls_md_info_starts_func( ctx->md_info ); + update = mbedtls_md_info_update_func( ctx->md_info ); + finish = mbedtls_md_info_finish_func( ctx->md_info ); - if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, tmp ) ) != 0 ) + opad = (unsigned char *) ctx->hmac_ctx + mbedtls_md_info_block_size( ctx->md_info ); + + if( ( ret = finish( ctx->md_ctx, tmp ) ) != 0 ) return( ret ); - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + + if( ( ret = starts( ctx->md_ctx ) ) != 0 ) return( ret ); - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, opad, - ctx->md_info->block_size ) ) != 0 ) + + if( ( ret = update( ctx->md_ctx, opad, mbedtls_md_info_block_size( ctx->md_info ) ) ) != 0 ) return( ret ); - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, tmp, - ctx->md_info->size ) ) != 0 ) + + if( ( ret = update( ctx->md_ctx, tmp, mbedtls_md_info_size( ctx->md_info ) ) ) != 0 ) return( ret ); - return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); + + if( ( ret = finish( ctx->md_ctx, output ) ) != 0 ) + return( ret ); + + return( 0 ); } int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) @@ -427,10 +464,13 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) ipad = (unsigned char *) ctx->hmac_ctx; - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + ret = mbedtls_md_info_starts_func( ctx->md_info )( ctx->md_ctx ); + if( ret != 0 ) return( ret ); - return( ctx->md_info->update_func( ctx->md_ctx, ipad, - ctx->md_info->block_size ) ); + + ret = mbedtls_md_info_update_func( ctx->md_info )( + ctx->md_ctx, ipad, mbedtls_md_info_block_size( ctx->md_info ) ); + return( ret ); } int mbedtls_md_hmac( mbedtls_md_handle_t md_info, @@ -470,7 +510,8 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - return( ctx->md_info->process_func( ctx->md_ctx, data ) ); + return( mbedtls_md_info_process_func( ctx->md_info )( + ctx->md_ctx, data ) ); } unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info ) @@ -478,7 +519,7 @@ unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info ) if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( 0 ); - return md_info->size; + return mbedtls_md_info_size( md_info ); } mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info ) @@ -486,7 +527,7 @@ mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info ) if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_MD_NONE ); - return md_info->type; + return mbedtls_md_info_type( md_info ); } const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info ) @@ -494,7 +535,7 @@ const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info ) if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( NULL ); - return md_info->name; + return mbedtls_md_info_name( md_info ); } #endif /* MBEDTLS_MD_C */ diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 7e83b57e6..e9673639f 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -114,7 +114,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_MD_SINGLE_HASH */ void test_hkdf_extract_ret( int hash_len, int ret ) { int output_ret; @@ -141,7 +141,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_MD_SINGLE_HASH */ void test_hkdf_expand_ret( int hash_len, int prk_len, int okm_len, int ret ) { int output_ret; From 0e7fc3166de7d678f4c849263a4e708ffc676622 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Jul 2019 11:23:12 +0100 Subject: [PATCH 23/78] Inline md_wrap.c in md.c md_wrap.c doesn't expose any public functionality and doesn't need to be present as a separate compilation unit. --- library/CMakeLists.txt | 1 - library/Makefile | 2 +- library/md.c | 2 ++ 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 461843b05..bb975cd35 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -38,7 +38,6 @@ set(src_crypto md2.c md4.c md5.c - md_wrap.c memory_buffer_alloc.c nist_kw.c oid.c diff --git a/library/Makefile b/library/Makefile index 50faed9ca..062846b7b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -77,7 +77,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ error.o gcm.o havege.o \ hkdf.o \ hmac_drbg.o md.o md2.o \ - md4.o md5.o md_wrap.o \ + md4.o md5.o \ memory_buffer_alloc.o nist_kw.o \ oid.o padlock.o pem.o \ pk.o pk_wrap.o pkcs12.o \ diff --git a/library/md.c b/library/md.c index 3bb4bafa7..e1d7e9d01 100644 --- a/library/md.c +++ b/library/md.c @@ -49,6 +49,8 @@ #include #endif +#include "md_wrap.c" + /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ From 62a44d43b013a780f964ffc1593464038b3383e5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Jul 2019 14:14:01 +0100 Subject: [PATCH 24/78] Allow defining MD information structs through macros In builds enabling only a single MD digest, we want to be able to implement the MD info getter functions by returning compile-time constants matching the fields of the MD info structures used so far. To avoid information duplication hardening maintainability, this commit introduces the possibility of providing the various aspects of a particular digest implementation by defining macros MBEDTLS_MD_INFO_DIGEST_FIELD (e.g. MBEDTLS_MD_INFO_SHA256_SIZE) and to generate the corresponding mbedtls_md_info instance from this set of macros, via the new macro MBEDTLS_MD_INFO(). This way, we'll be able to switch between MD info based builds and single-digest builds without information duplication. --- include/mbedtls/md_internal.h | 71 +++++++++++++++++++++++++++++++++++ library/md_wrap.c | 16 +------- 2 files changed, 73 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 72a8e4645..43ee48fb4 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -40,6 +40,59 @@ extern "C" { #endif +/* + * Message-digest information macro definition + */ + +/* SHA-256 */ +#define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 +#define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" +#define MBEDTLS_MD_INFO_SHA256_SIZE 32 +#define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 +#define MBEDTLS_MD_INFO_SHA256_STARTS_FUNC sha256_starts_wrap +#define MBEDTLS_MD_INFO_SHA256_UPDATE_FUNC sha224_update_wrap +#define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC sha224_finish_wrap +#define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC sha256_wrap +#define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC sha224_ctx_alloc +#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC sha224_ctx_free +#define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC sha224_clone_wrap +#define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC sha224_process_wrap + +/* + * Helper macros to extract fields from ciphersuites. + */ + +#define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE +#define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME +#define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE +#define MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) MD ## _BLOCKSIZE +#define MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) MD ## _STARTS_FUNC +#define MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) MD ## _UPDATE_FUNC +#define MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) MD ## _FINISH_FUNC +#define MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) MD ## _DIGEST_FUNC +#define MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) MD ## _ALLOC_FUNC +#define MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) MD ## _FREE_FUNC +#define MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) MD ## _CLONE_FUNC +#define MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) MD ## _PROCESS_FUNC + +/* Wrapper around MBEDTLS_MD_INFO_XXX_T() which makes sure that + * the argument is macro-expanded before concatenated with the + * field name. This allows to call these macros as + * MBEDTLS_MD_INFO_XXX( MBEDTLS_SSL_CONF_SINGLE_HASH ). + * where MBEDTLS_SSL_CONF_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ +#define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) +#define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) +#define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) +#define MBEDTLS_MD_INFO_BLOCKSIZE( MD ) MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) +#define MBEDTLS_MD_INFO_STARTS_FUNC( MD ) MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_UPDATE_FUNC( MD ) MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_FINISH_FUNC( MD ) MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_DIGEST_FUNC( MD ) MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_ALLOC_FUNC( MD ) MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_FREE_FUNC( MD ) MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_CLONE_FUNC( MD ) MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) + /** * Message digest information. * Allows message digest functions to be called in a generic way. @@ -98,6 +151,24 @@ struct mbedtls_md_info_t mbedtls_md_process_func_t *process_func; }; +/** + * \brief This macro builds an instance of ::mbedtls_md_info_t + * from an \c MBEDTLS_MD_INFO_XXX identifier. + */ +#define MBEDTLS_MD_INFO( MD ) \ + { MBEDTLS_MD_INFO_TYPE( MD ), \ + MBEDTLS_MD_INFO_NAME( MD ), \ + MBEDTLS_MD_INFO_SIZE( MD ), \ + MBEDTLS_MD_INFO_BLOCKSIZE( MD ), \ + MBEDTLS_MD_INFO_STARTS_FUNC( MD ), \ + MBEDTLS_MD_INFO_UPDATE_FUNC( MD ), \ + MBEDTLS_MD_INFO_FINISH_FUNC( MD ), \ + MBEDTLS_MD_INFO_DIGEST_FUNC( MD ), \ + MBEDTLS_MD_INFO_ALLOC_FUNC( MD ), \ + MBEDTLS_MD_INFO_FREE_FUNC( MD ), \ + MBEDTLS_MD_INFO_CLONE_FUNC( MD ), \ + MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) } + /* * Getter functions for MD info structure. */ diff --git a/library/md_wrap.c b/library/md_wrap.c index 0f8132fbf..f974ba0c6 100644 --- a/library/md_wrap.c +++ b/library/md_wrap.c @@ -475,20 +475,8 @@ static int sha256_wrap( const unsigned char *input, size_t ilen, return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); } -const mbedtls_md_info_t mbedtls_sha256_info = { - MBEDTLS_MD_SHA256, - "SHA256", - 32, - 64, - sha256_starts_wrap, - sha224_update_wrap, - sha224_finish_wrap, - sha256_wrap, - sha224_ctx_alloc, - sha224_ctx_free, - sha224_clone_wrap, - sha224_process_wrap, -}; +const mbedtls_md_info_t mbedtls_sha256_info = + MBEDTLS_MD_INFO( MBEDTLS_MD_INFO_SHA256 ); #endif /* MBEDTLS_SHA256_C */ From d3827c74d54f2fa0523fab16c6edf6f3f8c203dc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Sep 2019 12:56:37 +0100 Subject: [PATCH 25/78] Introduce getter for MD handle from MD context --- include/mbedtls/md.h | 6 ++ library/hmac_drbg.c | 6 +- library/md.c | 167 +++++++++++++++++++++++++++---------------- library/pkcs5.c | 2 +- library/rsa.c | 2 +- 5 files changed, 117 insertions(+), 66 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 40624e44a..111427f39 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -104,6 +104,12 @@ typedef struct mbedtls_md_context_t void *hmac_ctx; } mbedtls_md_context_t; +static inline mbedtls_md_handle_t mbedtls_md_get_handle( + struct mbedtls_md_context_t const *ctx ) +{ + return( ctx->md_info ); +} + /** * \brief This function returns the list of digests supported by the * generic digest module. diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index c9c541d83..b51e9b18d 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -70,7 +70,8 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len ) { - size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); + size_t md_len = mbedtls_md_get_size( + mbedtls_md_get_handle( &ctx->md_ctx ) ); unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1; unsigned char sep[1]; unsigned char K[MBEDTLS_MD_MAX_SIZE]; @@ -329,7 +330,8 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, { int ret; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; - size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); + size_t md_len = mbedtls_md_get_size( + mbedtls_md_get_handle( &ctx->md_ctx ) ); size_t left = out_len; unsigned char *out = output; diff --git a/library/md.c b/library/md.c index e1d7e9d01..81e30235c 100644 --- a/library/md.c +++ b/library/md.c @@ -189,16 +189,19 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx ) void mbedtls_md_free( mbedtls_md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) + if( ctx == NULL || mbedtls_md_get_handle( ctx ) == MBEDTLS_MD_INVALID_HANDLE ) return; if( ctx->md_ctx != NULL ) - mbedtls_md_info_ctx_free_func( ctx->md_info )( ctx->md_ctx ); + { + mbedtls_md_info_ctx_free_func( + mbedtls_md_get_handle( ctx ) )( ctx->md_ctx ); + } if( ctx->hmac_ctx != NULL ) { mbedtls_platform_zeroize( ctx->hmac_ctx, - 2 * mbedtls_md_info_block_size( ctx->md_info ) ); + 2 * mbedtls_md_info_block_size( mbedtls_md_get_handle( ctx ) ) ); mbedtls_free( ctx->hmac_ctx ); } @@ -208,14 +211,15 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ) { - if( dst == NULL || dst->md_info == MBEDTLS_MD_INVALID_HANDLE || - src == NULL || src->md_info == MBEDTLS_MD_INVALID_HANDLE || - dst->md_info != src->md_info ) + if( dst == NULL || mbedtls_md_get_handle( dst ) == MBEDTLS_MD_INVALID_HANDLE || + src == NULL || mbedtls_md_get_handle( src ) == MBEDTLS_MD_INVALID_HANDLE || + mbedtls_md_get_handle( dst ) != mbedtls_md_get_handle( src ) ) { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - mbedtls_md_info_clone_func( dst->md_info )( dst->md_ctx, src->md_ctx ); + mbedtls_md_info_clone_func( mbedtls_md_get_handle( dst ) ) + ( dst->md_ctx, src->md_ctx ); return( 0 ); } @@ -237,7 +241,8 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in if( hmac != 0 ) { - ctx->hmac_ctx = mbedtls_calloc( 2, mbedtls_md_info_block_size( md_info ) ); + ctx->hmac_ctx = mbedtls_calloc( 2, + mbedtls_md_info_block_size( md_info ) ); if( ctx->hmac_ctx == NULL ) { mbedtls_md_info_ctx_free_func( md_info )( ctx->md_ctx ); @@ -252,28 +257,43 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) + mbedtls_md_handle_t md_info; + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_starts_func( ctx->md_info )( ctx->md_ctx ) ); + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_starts_func( md_info )( ctx->md_ctx ) ); } int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) { - if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) + mbedtls_md_handle_t md_info; + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_update_func( ctx->md_info )( ctx->md_ctx, - input, ilen ) ); + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_update_func( md_info )( ctx->md_ctx, + input, ilen ) ); } int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { - if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) + mbedtls_md_handle_t md_info; + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_finish_func( ctx->md_info )( ctx->md_ctx, - output ) ); + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_finish_func( md_info )( ctx->md_ctx, + output ) ); } int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen, @@ -348,18 +368,20 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, mbedtls_md_update_func_t *update; mbedtls_md_finish_func_t *finish; - if( ctx == NULL || - ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || - ctx->hmac_ctx == NULL ) - { + mbedtls_md_handle_t md_info; + + if( ctx == NULL || ctx->hmac_ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } - starts = mbedtls_md_info_starts_func( ctx->md_info ); - update = mbedtls_md_info_update_func( ctx->md_info ); - finish = mbedtls_md_info_finish_func( ctx->md_info ); + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - if( keylen > (size_t) mbedtls_md_info_block_size( ctx->md_info ) ) + starts = mbedtls_md_info_starts_func( md_info ); + update = mbedtls_md_info_update_func( md_info ); + finish = mbedtls_md_info_finish_func( md_info ); + + if( keylen > (size_t) mbedtls_md_info_block_size( md_info ) ) { if( ( ret = starts( ctx->md_ctx ) ) != 0 ) goto cleanup; @@ -370,15 +392,16 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, if( ( ret = finish( ctx->md_ctx, sum ) ) != 0 ) goto cleanup; - keylen = mbedtls_md_info_size( ctx->md_info ); + keylen = mbedtls_md_info_size( md_info ); key = sum; } ipad = (unsigned char *) ctx->hmac_ctx; - opad = (unsigned char *) ctx->hmac_ctx + mbedtls_md_info_block_size( ctx->md_info ); + opad = (unsigned char *) ctx->hmac_ctx + + mbedtls_md_info_block_size( md_info ); - memset( ipad, 0x36, mbedtls_md_info_block_size( ctx->md_info ) ); - memset( opad, 0x5C, mbedtls_md_info_block_size( ctx->md_info ) ); + memset( ipad, 0x36, mbedtls_md_info_block_size( md_info ) ); + memset( opad, 0x5C, mbedtls_md_info_block_size( md_info ) ); for( i = 0; i < keylen; i++ ) { @@ -389,8 +412,11 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, if( ( ret = starts( ctx->md_ctx ) ) != 0 ) goto cleanup; - if( ( ret = update( ctx->md_ctx, ipad, mbedtls_md_info_block_size( ctx->md_info ) ) ) != 0 ) + if( ( ret = update( ctx->md_ctx, ipad, + mbedtls_md_info_block_size( md_info ) ) ) != 0 ) + { goto cleanup; + } cleanup: mbedtls_platform_zeroize( sum, sizeof( sum ) ); @@ -398,16 +424,19 @@ cleanup: return( ret ); } -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, + const unsigned char *input, size_t ilen ) { - if( ctx == NULL || - ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || - ctx->hmac_ctx == NULL ) - { - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } + mbedtls_md_handle_t md_info; - return( mbedtls_md_info_update_func( ctx->md_info )( + if( ctx == NULL || ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_update_func( md_info )( ctx->md_ctx, input, ilen ) ); } @@ -421,18 +450,21 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) mbedtls_md_update_func_t *update; mbedtls_md_finish_func_t *finish; - if( ctx == NULL || - ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || - ctx->hmac_ctx == NULL ) - { + mbedtls_md_handle_t md_info; + + if( ctx == NULL || ctx->hmac_ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } - starts = mbedtls_md_info_starts_func( ctx->md_info ); - update = mbedtls_md_info_update_func( ctx->md_info ); - finish = mbedtls_md_info_finish_func( ctx->md_info ); + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - opad = (unsigned char *) ctx->hmac_ctx + mbedtls_md_info_block_size( ctx->md_info ); + starts = mbedtls_md_info_starts_func( md_info ); + update = mbedtls_md_info_update_func( md_info ); + finish = mbedtls_md_info_finish_func( md_info ); + + opad = (unsigned char *) ctx->hmac_ctx + + mbedtls_md_info_block_size( md_info ); if( ( ret = finish( ctx->md_ctx, tmp ) ) != 0 ) return( ret ); @@ -440,11 +472,17 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) if( ( ret = starts( ctx->md_ctx ) ) != 0 ) return( ret ); - if( ( ret = update( ctx->md_ctx, opad, mbedtls_md_info_block_size( ctx->md_info ) ) ) != 0 ) + if( ( ret = update( ctx->md_ctx, opad, + mbedtls_md_info_block_size( md_info ) ) ) != 0 ) + { return( ret ); + } - if( ( ret = update( ctx->md_ctx, tmp, mbedtls_md_info_size( ctx->md_info ) ) ) != 0 ) + if( ( ret = update( ctx->md_ctx, tmp, + mbedtls_md_info_size( md_info ) ) ) != 0 ) + { return( ret ); + } if( ( ret = finish( ctx->md_ctx, output ) ) != 0 ) return( ret ); @@ -457,21 +495,24 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) int ret; unsigned char *ipad; - if( ctx == NULL || - ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || - ctx->hmac_ctx == NULL ) - { + mbedtls_md_handle_t md_info; + + if( ctx == NULL || ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } ipad = (unsigned char *) ctx->hmac_ctx; - ret = mbedtls_md_info_starts_func( ctx->md_info )( ctx->md_ctx ); + ret = mbedtls_md_info_starts_func( md_info )( ctx->md_ctx ); if( ret != 0 ) return( ret ); - ret = mbedtls_md_info_update_func( ctx->md_info )( - ctx->md_ctx, ipad, mbedtls_md_info_block_size( ctx->md_info ) ); + ret = mbedtls_md_info_update_func( md_info )( + ctx->md_ctx, ipad, + mbedtls_md_info_block_size( md_info ) ); return( ret ); } @@ -506,13 +547,15 @@ cleanup: int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) { - if( ctx == NULL || - ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ) - { + mbedtls_md_handle_t md_info; + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } - return( mbedtls_md_info_process_func( ctx->md_info )( + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_process_func( md_info )( ctx->md_ctx, data ) ); } diff --git a/library/pkcs5.c b/library/pkcs5.c index 2717aaa56..a517778a4 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -226,7 +226,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p unsigned int i; unsigned char md1[MBEDTLS_MD_MAX_SIZE]; unsigned char work[MBEDTLS_MD_MAX_SIZE]; - unsigned char md_size = mbedtls_md_get_size( ctx->md_info ); + unsigned char md_size = mbedtls_md_get_size( mbedtls_md_get_handle( ctx ) ); size_t use_len; unsigned char *out_p = output; unsigned char counter[4]; diff --git a/library/rsa.c b/library/rsa.c index 2674c1094..3bfc73ec5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1076,7 +1076,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); memset( counter, 0, 4 ); - hlen = mbedtls_md_get_size( md_ctx->md_info ); + hlen = mbedtls_md_get_size( mbedtls_md_get_handle( md_ctx ) ); /* Generate and apply dbMask */ p = dst; From d03949e2a48ca7b9b6a1e5995daaf923b3bb2048 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Jul 2019 14:38:44 +0100 Subject: [PATCH 26/78] Remove md_wrap.c and md_internal.h --- include/mbedtls/md.h | 2 +- include/mbedtls/md_internal.h | 278 --------- library/md.c | 773 +++++++++++++++++++++++++- library/md_wrap.c | 580 ------------------- programs/test/cpp_dummy_build.cpp | 1 - tests/suites/test_suite_hkdf.function | 1 - visualc/VS2010/mbedTLS.vcxproj | 1 - 7 files changed, 772 insertions(+), 864 deletions(-) delete mode 100644 include/mbedtls/md_internal.h delete mode 100644 library/md_wrap.c diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 111427f39..c28ee1fd0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -81,7 +81,7 @@ typedef enum { #endif /** - * Opaque struct defined in md_internal.h. + * Opaque struct defined in md.c. */ typedef struct mbedtls_md_info_t mbedtls_md_info_t; diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h deleted file mode 100644 index 43ee48fb4..000000000 --- a/include/mbedtls/md_internal.h +++ /dev/null @@ -1,278 +0,0 @@ -/** - * \file md_internal.h - * - * \brief Message digest wrappers. - * - * \warning This in an internal header. Do not include directly. - * - * \author Adriaan de Jong - */ -/* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_MD_WRAP_H -#define MBEDTLS_MD_WRAP_H - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include "md.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Message-digest information macro definition - */ - -/* SHA-256 */ -#define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 -#define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" -#define MBEDTLS_MD_INFO_SHA256_SIZE 32 -#define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 -#define MBEDTLS_MD_INFO_SHA256_STARTS_FUNC sha256_starts_wrap -#define MBEDTLS_MD_INFO_SHA256_UPDATE_FUNC sha224_update_wrap -#define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC sha224_finish_wrap -#define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC sha256_wrap -#define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC sha224_ctx_alloc -#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC sha224_ctx_free -#define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC sha224_clone_wrap -#define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC sha224_process_wrap - -/* - * Helper macros to extract fields from ciphersuites. - */ - -#define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE -#define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME -#define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE -#define MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) MD ## _BLOCKSIZE -#define MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) MD ## _STARTS_FUNC -#define MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) MD ## _UPDATE_FUNC -#define MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) MD ## _FINISH_FUNC -#define MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) MD ## _DIGEST_FUNC -#define MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) MD ## _ALLOC_FUNC -#define MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) MD ## _FREE_FUNC -#define MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) MD ## _CLONE_FUNC -#define MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) MD ## _PROCESS_FUNC - -/* Wrapper around MBEDTLS_MD_INFO_XXX_T() which makes sure that - * the argument is macro-expanded before concatenated with the - * field name. This allows to call these macros as - * MBEDTLS_MD_INFO_XXX( MBEDTLS_SSL_CONF_SINGLE_HASH ). - * where MBEDTLS_SSL_CONF_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ -#define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) -#define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) -#define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) -#define MBEDTLS_MD_INFO_BLOCKSIZE( MD ) MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) -#define MBEDTLS_MD_INFO_STARTS_FUNC( MD ) MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_UPDATE_FUNC( MD ) MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_FINISH_FUNC( MD ) MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_DIGEST_FUNC( MD ) MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_ALLOC_FUNC( MD ) MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_FREE_FUNC( MD ) MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_CLONE_FUNC( MD ) MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) - -/** - * Message digest information. - * Allows message digest functions to be called in a generic way. - */ - -typedef int mbedtls_md_starts_func_t( void *ctx ); -typedef int mbedtls_md_update_func_t( void *ctx, - const unsigned char *input, - size_t ilen ); -typedef int mbedtls_md_finish_func_t( void *ctx, unsigned char *output ); -typedef int mbedtls_md_digest_func_t( const unsigned char *input, - size_t ilen, - unsigned char *output ); -typedef void* mbedtls_md_ctx_alloc_func_t( void ); -typedef void mbedtls_md_ctx_free_func_t( void *ctx ); -typedef void mbedtls_md_clone_func_t( void *st, const void *src ); -typedef int mbedtls_md_process_func_t( void *ctx, - const unsigned char *input ); - -struct mbedtls_md_info_t -{ - /** Digest identifier */ - mbedtls_md_type_t type; - - /** Name of the message digest */ - const char * name; - - /** Output length of the digest function in bytes */ - int size; - - /** Block length of the digest function in bytes */ - int block_size; - - /** Digest initialisation function */ - mbedtls_md_starts_func_t *starts_func; - - /** Digest update function */ - mbedtls_md_update_func_t *update_func; - - /** Digest finalisation function */ - mbedtls_md_finish_func_t *finish_func; - - /** Generic digest function */ - mbedtls_md_digest_func_t *digest_func; - - /** Allocate a new context */ - mbedtls_md_ctx_alloc_func_t *ctx_alloc_func; - - /** Free the given context */ - mbedtls_md_ctx_free_func_t *ctx_free_func; - - /** Clone state from a context */ - mbedtls_md_clone_func_t *clone_func; - - /** Internal use only */ - mbedtls_md_process_func_t *process_func; -}; - -/** - * \brief This macro builds an instance of ::mbedtls_md_info_t - * from an \c MBEDTLS_MD_INFO_XXX identifier. - */ -#define MBEDTLS_MD_INFO( MD ) \ - { MBEDTLS_MD_INFO_TYPE( MD ), \ - MBEDTLS_MD_INFO_NAME( MD ), \ - MBEDTLS_MD_INFO_SIZE( MD ), \ - MBEDTLS_MD_INFO_BLOCKSIZE( MD ), \ - MBEDTLS_MD_INFO_STARTS_FUNC( MD ), \ - MBEDTLS_MD_INFO_UPDATE_FUNC( MD ), \ - MBEDTLS_MD_INFO_FINISH_FUNC( MD ), \ - MBEDTLS_MD_INFO_DIGEST_FUNC( MD ), \ - MBEDTLS_MD_INFO_ALLOC_FUNC( MD ), \ - MBEDTLS_MD_INFO_FREE_FUNC( MD ), \ - MBEDTLS_MD_INFO_CLONE_FUNC( MD ), \ - MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) } - -/* - * Getter functions for MD info structure. - */ - -static inline mbedtls_md_type_t mbedtls_md_info_type( - mbedtls_md_handle_t info ) -{ - return( info->type ); -} - -static inline const char * mbedtls_md_info_name( - mbedtls_md_handle_t info ) -{ - return( info->name ); -} - -static inline int mbedtls_md_info_size( - mbedtls_md_handle_t info ) -{ - return( info->size ); -} - -static inline int mbedtls_md_info_block_size( - mbedtls_md_handle_t info ) -{ - return( info->block_size ); -} - -static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( - mbedtls_md_handle_t info ) -{ - return( info->starts_func ); -} - -static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( - mbedtls_md_handle_t info ) -{ - return( info->update_func ); -} - -static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( - mbedtls_md_handle_t info ) -{ - return( info->finish_func ); -} - -static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( - mbedtls_md_handle_t info ) -{ - return( info->digest_func ); -} - -static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( - mbedtls_md_handle_t info ) -{ - return( info->ctx_alloc_func ); -} - -static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( - mbedtls_md_handle_t info ) -{ - return( info->ctx_free_func ); -} - -static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( - mbedtls_md_handle_t info ) -{ - return( info->clone_func ); -} - -static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( - mbedtls_md_handle_t info ) -{ - return( info->process_func ); -} - -#if defined(MBEDTLS_MD2_C) -extern const mbedtls_md_info_t mbedtls_md2_info; -#endif -#if defined(MBEDTLS_MD4_C) -extern const mbedtls_md_info_t mbedtls_md4_info; -#endif -#if defined(MBEDTLS_MD5_C) -extern const mbedtls_md_info_t mbedtls_md5_info; -#endif -#if defined(MBEDTLS_RIPEMD160_C) -extern const mbedtls_md_info_t mbedtls_ripemd160_info; -#endif -#if defined(MBEDTLS_SHA1_C) -extern const mbedtls_md_info_t mbedtls_sha1_info; -#endif -#if defined(MBEDTLS_SHA256_C) -#if !defined(MBEDTLS_SHA256_NO_SHA224) -extern const mbedtls_md_info_t mbedtls_sha224_info; -#endif -extern const mbedtls_md_info_t mbedtls_sha256_info; -#endif -#if defined(MBEDTLS_SHA512_C) -extern const mbedtls_md_info_t mbedtls_sha384_info; -extern const mbedtls_md_info_t mbedtls_sha512_info; -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_MD_WRAP_H */ diff --git a/library/md.c b/library/md.c index 81e30235c..2271a766e 100644 --- a/library/md.c +++ b/library/md.c @@ -32,7 +32,6 @@ #if defined(MBEDTLS_MD_C) #include "mbedtls/md.h" -#include "mbedtls/md_internal.h" #include "mbedtls/platform_util.h" #if defined(MBEDTLS_PLATFORM_C) @@ -49,7 +48,777 @@ #include #endif -#include "md_wrap.c" +#if defined(MBEDTLS_MD2_C) +#include "mbedtls/md2.h" +#endif + +#if defined(MBEDTLS_MD4_C) +#include "mbedtls/md4.h" +#endif + +#if defined(MBEDTLS_MD5_C) +#include "mbedtls/md5.h" +#endif + +#if defined(MBEDTLS_RIPEMD160_C) +#include "mbedtls/ripemd160.h" +#endif + +#if defined(MBEDTLS_SHA1_C) +#include "mbedtls/sha1.h" +#endif + +#if defined(MBEDTLS_SHA256_C) +#include "mbedtls/sha256.h" +#endif + +#if defined(MBEDTLS_SHA512_C) +#include "mbedtls/sha512.h" +#endif + +/* + * Message-digest information macro definition + */ + +/* SHA-256 */ +#define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 +#define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" +#define MBEDTLS_MD_INFO_SHA256_SIZE 32 +#define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 +#define MBEDTLS_MD_INFO_SHA256_STARTS_FUNC sha256_starts_wrap +#define MBEDTLS_MD_INFO_SHA256_UPDATE_FUNC sha224_update_wrap +#define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC sha224_finish_wrap +#define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC sha256_wrap +#define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC sha224_ctx_alloc +#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC sha224_ctx_free +#define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC sha224_clone_wrap +#define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC sha224_process_wrap + +/* + * Helper macros to extract fields from ciphersuites. + */ + +#define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE +#define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME +#define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE +#define MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) MD ## _BLOCKSIZE +#define MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) MD ## _STARTS_FUNC +#define MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) MD ## _UPDATE_FUNC +#define MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) MD ## _FINISH_FUNC +#define MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) MD ## _DIGEST_FUNC +#define MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) MD ## _ALLOC_FUNC +#define MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) MD ## _FREE_FUNC +#define MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) MD ## _CLONE_FUNC +#define MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) MD ## _PROCESS_FUNC + +/* Wrapper around MBEDTLS_MD_INFO_XXX_T() which makes sure that + * the argument is macro-expanded before concatenated with the + * field name. This allows to call these macros as + * MBEDTLS_MD_INFO_XXX( MBEDTLS_SSL_CONF_SINGLE_HASH ). + * where MBEDTLS_SSL_CONF_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ +#define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) +#define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) +#define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) +#define MBEDTLS_MD_INFO_BLOCKSIZE( MD ) MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) +#define MBEDTLS_MD_INFO_STARTS_FUNC( MD ) MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_UPDATE_FUNC( MD ) MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_FINISH_FUNC( MD ) MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_DIGEST_FUNC( MD ) MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_ALLOC_FUNC( MD ) MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_FREE_FUNC( MD ) MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_CLONE_FUNC( MD ) MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) + +/** + * Message digest information. + * Allows message digest functions to be called in a generic way. + */ + +typedef int mbedtls_md_starts_func_t( void *ctx ); +typedef int mbedtls_md_update_func_t( void *ctx, + const unsigned char *input, + size_t ilen ); +typedef int mbedtls_md_finish_func_t( void *ctx, unsigned char *output ); +typedef int mbedtls_md_digest_func_t( const unsigned char *input, + size_t ilen, + unsigned char *output ); +typedef void* mbedtls_md_ctx_alloc_func_t( void ); +typedef void mbedtls_md_ctx_free_func_t( void *ctx ); +typedef void mbedtls_md_clone_func_t( void *st, const void *src ); +typedef int mbedtls_md_process_func_t( void *ctx, + const unsigned char *input ); + +struct mbedtls_md_info_t +{ + /** Digest identifier */ + mbedtls_md_type_t type; + + /** Name of the message digest */ + const char * name; + + /** Output length of the digest function in bytes */ + int size; + + /** Block length of the digest function in bytes */ + int block_size; + + /** Digest initialisation function */ + mbedtls_md_starts_func_t *starts_func; + + /** Digest update function */ + mbedtls_md_update_func_t *update_func; + + /** Digest finalisation function */ + mbedtls_md_finish_func_t *finish_func; + + /** Generic digest function */ + mbedtls_md_digest_func_t *digest_func; + + /** Allocate a new context */ + mbedtls_md_ctx_alloc_func_t *ctx_alloc_func; + + /** Free the given context */ + mbedtls_md_ctx_free_func_t *ctx_free_func; + + /** Clone state from a context */ + mbedtls_md_clone_func_t *clone_func; + + /** Internal use only */ + mbedtls_md_process_func_t *process_func; +}; + +/** + * \brief This macro builds an instance of ::mbedtls_md_info_t + * from an \c MBEDTLS_MD_INFO_XXX identifier. + */ +#define MBEDTLS_MD_INFO( MD ) \ + { MBEDTLS_MD_INFO_TYPE( MD ), \ + MBEDTLS_MD_INFO_NAME( MD ), \ + MBEDTLS_MD_INFO_SIZE( MD ), \ + MBEDTLS_MD_INFO_BLOCKSIZE( MD ), \ + MBEDTLS_MD_INFO_STARTS_FUNC( MD ), \ + MBEDTLS_MD_INFO_UPDATE_FUNC( MD ), \ + MBEDTLS_MD_INFO_FINISH_FUNC( MD ), \ + MBEDTLS_MD_INFO_DIGEST_FUNC( MD ), \ + MBEDTLS_MD_INFO_ALLOC_FUNC( MD ), \ + MBEDTLS_MD_INFO_FREE_FUNC( MD ), \ + MBEDTLS_MD_INFO_CLONE_FUNC( MD ), \ + MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) } + +/* + * + * Definitions of MD information structures for various digests. + * + */ + +/* + * MD-2 + */ + +#if defined(MBEDTLS_MD2_C) + +static int md2_starts_wrap( void *ctx ) +{ + return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); +} + +static int md2_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); +} + +static int md2_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); +} + +static void *md2_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) ); + + if( ctx != NULL ) + mbedtls_md2_init( (mbedtls_md2_context *) ctx ); + + return( ctx ); +} + +static void md2_ctx_free( void *ctx ) +{ + mbedtls_md2_free( (mbedtls_md2_context *) ctx ); + mbedtls_free( ctx ); +} + +static void md2_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md2_clone( (mbedtls_md2_context *) dst, + (const mbedtls_md2_context *) src ); +} + +static int md2_process_wrap( void *ctx, const unsigned char *data ) +{ + ((void) data); + + return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); +} + +const mbedtls_md_info_t mbedtls_md2_info = { + MBEDTLS_MD_MD2, + "MD2", + 16, + 16, + md2_starts_wrap, + md2_update_wrap, + md2_finish_wrap, + mbedtls_md2_ret, + md2_ctx_alloc, + md2_ctx_free, + md2_clone_wrap, + md2_process_wrap, +}; + +#endif /* MBEDTLS_MD2_C */ + +/* + * MD-4 + */ + +#if defined(MBEDTLS_MD4_C) + +static int md4_starts_wrap( void *ctx ) +{ + return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); +} + +static int md4_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); +} + +static int md4_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); +} + +static void *md4_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) ); + + if( ctx != NULL ) + mbedtls_md4_init( (mbedtls_md4_context *) ctx ); + + return( ctx ); +} + +static void md4_ctx_free( void *ctx ) +{ + mbedtls_md4_free( (mbedtls_md4_context *) ctx ); + mbedtls_free( ctx ); +} + +static void md4_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md4_clone( (mbedtls_md4_context *) dst, + (const mbedtls_md4_context *) src ); +} + +static int md4_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); +} + +const mbedtls_md_info_t mbedtls_md4_info = { + MBEDTLS_MD_MD4, + "MD4", + 16, + 64, + md4_starts_wrap, + md4_update_wrap, + md4_finish_wrap, + mbedtls_md4_ret, + md4_ctx_alloc, + md4_ctx_free, + md4_clone_wrap, + md4_process_wrap, +}; + +#endif /* MBEDTLS_MD4_C */ + +/* + * MD-5 + */ + +#if defined(MBEDTLS_MD5_C) + +static int md5_starts_wrap( void *ctx ) +{ + return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); +} + +static int md5_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); +} + +static int md5_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); +} + +static void *md5_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) ); + + if( ctx != NULL ) + mbedtls_md5_init( (mbedtls_md5_context *) ctx ); + + return( ctx ); +} + +static void md5_ctx_free( void *ctx ) +{ + mbedtls_md5_free( (mbedtls_md5_context *) ctx ); + mbedtls_free( ctx ); +} + +static void md5_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md5_clone( (mbedtls_md5_context *) dst, + (const mbedtls_md5_context *) src ); +} + +static int md5_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); +} + +const mbedtls_md_info_t mbedtls_md5_info = { + MBEDTLS_MD_MD5, + "MD5", + 16, + 64, + md5_starts_wrap, + md5_update_wrap, + md5_finish_wrap, + mbedtls_md5_ret, + md5_ctx_alloc, + md5_ctx_free, + md5_clone_wrap, + md5_process_wrap, +}; + +#endif /* MBEDTLS_MD5_C */ + +/* + * RIPEMD-160 + */ + +#if defined(MBEDTLS_RIPEMD160_C) + +static int ripemd160_starts_wrap( void *ctx ) +{ + return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); +} + +static int ripemd160_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, + input, ilen ) ); +} + +static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, + output ) ); +} + +static void *ripemd160_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) ); + + if( ctx != NULL ) + mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx ); + + return( ctx ); +} + +static void ripemd160_ctx_free( void *ctx ) +{ + mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx ); + mbedtls_free( ctx ); +} + +static void ripemd160_clone_wrap( void *dst, const void *src ) +{ + mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst, + (const mbedtls_ripemd160_context *) src ); +} + +static int ripemd160_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_ripemd160_process( + (mbedtls_ripemd160_context *) ctx, data ) ); +} + +const mbedtls_md_info_t mbedtls_ripemd160_info = { + MBEDTLS_MD_RIPEMD160, + "RIPEMD160", + 20, + 64, + ripemd160_starts_wrap, + ripemd160_update_wrap, + ripemd160_finish_wrap, + mbedtls_ripemd160_ret, + ripemd160_ctx_alloc, + ripemd160_ctx_free, + ripemd160_clone_wrap, + ripemd160_process_wrap, +}; + +#endif /* MBEDTLS_RIPEMD160_C */ + +/* + * SHA-1 + */ + +#if defined(MBEDTLS_SHA1_C) + +static int sha1_starts_wrap( void *ctx ) +{ + return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); +} + +static int sha1_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, + input, ilen ) ); +} + +static int sha1_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); +} + +static void *sha1_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) ); + + if( ctx != NULL ) + mbedtls_sha1_init( (mbedtls_sha1_context *) ctx ); + + return( ctx ); +} + +static void sha1_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha1_clone( (mbedtls_sha1_context *) dst, + (const mbedtls_sha1_context *) src ); +} + +static void sha1_ctx_free( void *ctx ) +{ + mbedtls_sha1_free( (mbedtls_sha1_context *) ctx ); + mbedtls_free( ctx ); +} + +static int sha1_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, + data ) ); +} + +const mbedtls_md_info_t mbedtls_sha1_info = { + MBEDTLS_MD_SHA1, + "SHA1", + 20, + 64, + sha1_starts_wrap, + sha1_update_wrap, + sha1_finish_wrap, + mbedtls_sha1_ret, + sha1_ctx_alloc, + sha1_ctx_free, + sha1_clone_wrap, + sha1_process_wrap, +}; + +#endif /* MBEDTLS_SHA1_C */ + +/* + * SHA-224 and SHA-256 + */ + +#if defined(MBEDTLS_SHA256_C) + +#if !defined(MBEDTLS_SHA256_NO_SHA224) +static int sha224_starts_wrap( void *ctx ) +{ + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); +} +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ + +static int sha224_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, + input, ilen ) ); +} + +static int sha224_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, + output ) ); +} + +#if !defined(MBEDTLS_SHA256_NO_SHA224) +static int sha224_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); +} +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ + +static void *sha224_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) ); + + if( ctx != NULL ) + mbedtls_sha256_init( (mbedtls_sha256_context *) ctx ); + + return( ctx ); +} + +static void sha224_ctx_free( void *ctx ) +{ + mbedtls_sha256_free( (mbedtls_sha256_context *) ctx ); + mbedtls_free( ctx ); +} + +static void sha224_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha256_clone( (mbedtls_sha256_context *) dst, + (const mbedtls_sha256_context *) src ); +} + +static int sha224_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, + data ) ); +} + +#if !defined(MBEDTLS_SHA256_NO_SHA224) +const mbedtls_md_info_t mbedtls_sha224_info = { + MBEDTLS_MD_SHA224, + "SHA224", + 28, + 64, + sha224_starts_wrap, + sha224_update_wrap, + sha224_finish_wrap, + sha224_wrap, + sha224_ctx_alloc, + sha224_ctx_free, + sha224_clone_wrap, + sha224_process_wrap, +}; +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ + +static int sha256_starts_wrap( void *ctx ) +{ + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); +} + +static int sha256_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); +} + +const mbedtls_md_info_t mbedtls_sha256_info = + MBEDTLS_MD_INFO( MBEDTLS_MD_INFO_SHA256 ); + +#endif /* MBEDTLS_SHA256_C */ + +/* + * SHA-384 and SHA-512 + */ + +#if defined(MBEDTLS_SHA512_C) + +static int sha384_starts_wrap( void *ctx ) +{ + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); +} + +static int sha384_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, + input, ilen ) ); +} + +static int sha384_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, + output ) ); +} + +static int sha384_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); +} + +static void *sha384_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) ); + + if( ctx != NULL ) + mbedtls_sha512_init( (mbedtls_sha512_context *) ctx ); + + return( ctx ); +} + +static void sha384_ctx_free( void *ctx ) +{ + mbedtls_sha512_free( (mbedtls_sha512_context *) ctx ); + mbedtls_free( ctx ); +} + +static void sha384_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha512_clone( (mbedtls_sha512_context *) dst, + (const mbedtls_sha512_context *) src ); +} + +static int sha384_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, + data ) ); +} + +const mbedtls_md_info_t mbedtls_sha384_info = { + MBEDTLS_MD_SHA384, + "SHA384", + 48, + 128, + sha384_starts_wrap, + sha384_update_wrap, + sha384_finish_wrap, + sha384_wrap, + sha384_ctx_alloc, + sha384_ctx_free, + sha384_clone_wrap, + sha384_process_wrap, +}; + +static int sha512_starts_wrap( void *ctx ) +{ + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); +} + +static int sha512_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); +} + +const mbedtls_md_info_t mbedtls_sha512_info = { + MBEDTLS_MD_SHA512, + "SHA512", + 64, + 128, + sha512_starts_wrap, + sha384_update_wrap, + sha384_finish_wrap, + sha512_wrap, + sha384_ctx_alloc, + sha384_ctx_free, + sha384_clone_wrap, + sha384_process_wrap, +}; + +#endif /* MBEDTLS_SHA512_C */ + +/* + * Getter functions for MD info structure. + */ + +static inline mbedtls_md_type_t mbedtls_md_info_type( + mbedtls_md_handle_t info ) +{ + return( info->type ); +} + +static inline const char * mbedtls_md_info_name( + mbedtls_md_handle_t info ) +{ + return( info->name ); +} + +static inline int mbedtls_md_info_size( + mbedtls_md_handle_t info ) +{ + return( info->size ); +} + +static inline int mbedtls_md_info_block_size( + mbedtls_md_handle_t info ) +{ + return( info->block_size ); +} + +static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( + mbedtls_md_handle_t info ) +{ + return( info->starts_func ); +} + +static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( + mbedtls_md_handle_t info ) +{ + return( info->update_func ); +} + +static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( + mbedtls_md_handle_t info ) +{ + return( info->finish_func ); +} + +static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( + mbedtls_md_handle_t info ) +{ + return( info->digest_func ); +} + +static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( + mbedtls_md_handle_t info ) +{ + return( info->ctx_alloc_func ); +} + +static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( + mbedtls_md_handle_t info ) +{ + return( info->ctx_free_func ); +} + +static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( + mbedtls_md_handle_t info ) +{ + return( info->clone_func ); +} + +static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( + mbedtls_md_handle_t info ) +{ + return( info->process_func ); +} /* * Reminder: update profiles in x509_crt.c when adding a new hash! diff --git a/library/md_wrap.c b/library/md_wrap.c deleted file mode 100644 index f974ba0c6..000000000 --- a/library/md_wrap.c +++ /dev/null @@ -1,580 +0,0 @@ -/** - * \file md_wrap.c - * - * \brief Generic message digest wrapper for mbed TLS - * - * \author Adriaan de Jong - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_MD_C) - -#include "mbedtls/md_internal.h" - -#if defined(MBEDTLS_MD2_C) -#include "mbedtls/md2.h" -#endif - -#if defined(MBEDTLS_MD4_C) -#include "mbedtls/md4.h" -#endif - -#if defined(MBEDTLS_MD5_C) -#include "mbedtls/md5.h" -#endif - -#if defined(MBEDTLS_RIPEMD160_C) -#include "mbedtls/ripemd160.h" -#endif - -#if defined(MBEDTLS_SHA1_C) -#include "mbedtls/sha1.h" -#endif - -#if defined(MBEDTLS_SHA256_C) -#include "mbedtls/sha256.h" -#endif - -#if defined(MBEDTLS_SHA512_C) -#include "mbedtls/sha512.h" -#endif - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif - -#if defined(MBEDTLS_MD2_C) - -static int md2_starts_wrap( void *ctx ) -{ - return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); -} - -static int md2_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); -} - -static int md2_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); -} - -static void *md2_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) ); - - if( ctx != NULL ) - mbedtls_md2_init( (mbedtls_md2_context *) ctx ); - - return( ctx ); -} - -static void md2_ctx_free( void *ctx ) -{ - mbedtls_md2_free( (mbedtls_md2_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md2_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md2_clone( (mbedtls_md2_context *) dst, - (const mbedtls_md2_context *) src ); -} - -static int md2_process_wrap( void *ctx, const unsigned char *data ) -{ - ((void) data); - - return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); -} - -const mbedtls_md_info_t mbedtls_md2_info = { - MBEDTLS_MD_MD2, - "MD2", - 16, - 16, - md2_starts_wrap, - md2_update_wrap, - md2_finish_wrap, - mbedtls_md2_ret, - md2_ctx_alloc, - md2_ctx_free, - md2_clone_wrap, - md2_process_wrap, -}; - -#endif /* MBEDTLS_MD2_C */ - -#if defined(MBEDTLS_MD4_C) - -static int md4_starts_wrap( void *ctx ) -{ - return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); -} - -static int md4_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); -} - -static int md4_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); -} - -static void *md4_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) ); - - if( ctx != NULL ) - mbedtls_md4_init( (mbedtls_md4_context *) ctx ); - - return( ctx ); -} - -static void md4_ctx_free( void *ctx ) -{ - mbedtls_md4_free( (mbedtls_md4_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md4_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md4_clone( (mbedtls_md4_context *) dst, - (const mbedtls_md4_context *) src ); -} - -static int md4_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); -} - -const mbedtls_md_info_t mbedtls_md4_info = { - MBEDTLS_MD_MD4, - "MD4", - 16, - 64, - md4_starts_wrap, - md4_update_wrap, - md4_finish_wrap, - mbedtls_md4_ret, - md4_ctx_alloc, - md4_ctx_free, - md4_clone_wrap, - md4_process_wrap, -}; - -#endif /* MBEDTLS_MD4_C */ - -#if defined(MBEDTLS_MD5_C) - -static int md5_starts_wrap( void *ctx ) -{ - return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); -} - -static int md5_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); -} - -static int md5_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); -} - -static void *md5_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) ); - - if( ctx != NULL ) - mbedtls_md5_init( (mbedtls_md5_context *) ctx ); - - return( ctx ); -} - -static void md5_ctx_free( void *ctx ) -{ - mbedtls_md5_free( (mbedtls_md5_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md5_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md5_clone( (mbedtls_md5_context *) dst, - (const mbedtls_md5_context *) src ); -} - -static int md5_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); -} - -const mbedtls_md_info_t mbedtls_md5_info = { - MBEDTLS_MD_MD5, - "MD5", - 16, - 64, - md5_starts_wrap, - md5_update_wrap, - md5_finish_wrap, - mbedtls_md5_ret, - md5_ctx_alloc, - md5_ctx_free, - md5_clone_wrap, - md5_process_wrap, -}; - -#endif /* MBEDTLS_MD5_C */ - -#if defined(MBEDTLS_RIPEMD160_C) - -static int ripemd160_starts_wrap( void *ctx ) -{ - return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); -} - -static int ripemd160_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, - input, ilen ) ); -} - -static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, - output ) ); -} - -static void *ripemd160_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) ); - - if( ctx != NULL ) - mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx ); - - return( ctx ); -} - -static void ripemd160_ctx_free( void *ctx ) -{ - mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx ); - mbedtls_free( ctx ); -} - -static void ripemd160_clone_wrap( void *dst, const void *src ) -{ - mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst, - (const mbedtls_ripemd160_context *) src ); -} - -static int ripemd160_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_ripemd160_process( - (mbedtls_ripemd160_context *) ctx, data ) ); -} - -const mbedtls_md_info_t mbedtls_ripemd160_info = { - MBEDTLS_MD_RIPEMD160, - "RIPEMD160", - 20, - 64, - ripemd160_starts_wrap, - ripemd160_update_wrap, - ripemd160_finish_wrap, - mbedtls_ripemd160_ret, - ripemd160_ctx_alloc, - ripemd160_ctx_free, - ripemd160_clone_wrap, - ripemd160_process_wrap, -}; - -#endif /* MBEDTLS_RIPEMD160_C */ - -#if defined(MBEDTLS_SHA1_C) - -static int sha1_starts_wrap( void *ctx ) -{ - return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); -} - -static int sha1_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, - input, ilen ) ); -} - -static int sha1_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); -} - -static void *sha1_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) ); - - if( ctx != NULL ) - mbedtls_sha1_init( (mbedtls_sha1_context *) ctx ); - - return( ctx ); -} - -static void sha1_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha1_clone( (mbedtls_sha1_context *) dst, - (const mbedtls_sha1_context *) src ); -} - -static void sha1_ctx_free( void *ctx ) -{ - mbedtls_sha1_free( (mbedtls_sha1_context *) ctx ); - mbedtls_free( ctx ); -} - -static int sha1_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, - data ) ); -} - -const mbedtls_md_info_t mbedtls_sha1_info = { - MBEDTLS_MD_SHA1, - "SHA1", - 20, - 64, - sha1_starts_wrap, - sha1_update_wrap, - sha1_finish_wrap, - mbedtls_sha1_ret, - sha1_ctx_alloc, - sha1_ctx_free, - sha1_clone_wrap, - sha1_process_wrap, -}; - -#endif /* MBEDTLS_SHA1_C */ - -/* - * Wrappers for generic message digests - */ -#if defined(MBEDTLS_SHA256_C) - -#if !defined(MBEDTLS_SHA256_NO_SHA224) -static int sha224_starts_wrap( void *ctx ) -{ - return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); -} -#endif /* !MBEDTLS_SHA256_NO_SHA224 */ - -static int sha224_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, - input, ilen ) ); -} - -static int sha224_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, - output ) ); -} - -#if !defined(MBEDTLS_SHA256_NO_SHA224) -static int sha224_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); -} -#endif /* !MBEDTLS_SHA256_NO_SHA224 */ - -static void *sha224_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) ); - - if( ctx != NULL ) - mbedtls_sha256_init( (mbedtls_sha256_context *) ctx ); - - return( ctx ); -} - -static void sha224_ctx_free( void *ctx ) -{ - mbedtls_sha256_free( (mbedtls_sha256_context *) ctx ); - mbedtls_free( ctx ); -} - -static void sha224_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha256_clone( (mbedtls_sha256_context *) dst, - (const mbedtls_sha256_context *) src ); -} - -static int sha224_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, - data ) ); -} - -#if !defined(MBEDTLS_SHA256_NO_SHA224) -const mbedtls_md_info_t mbedtls_sha224_info = { - MBEDTLS_MD_SHA224, - "SHA224", - 28, - 64, - sha224_starts_wrap, - sha224_update_wrap, - sha224_finish_wrap, - sha224_wrap, - sha224_ctx_alloc, - sha224_ctx_free, - sha224_clone_wrap, - sha224_process_wrap, -}; -#endif /* !MBEDTLS_SHA256_NO_SHA224 */ - -static int sha256_starts_wrap( void *ctx ) -{ - return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); -} - -static int sha256_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); -} - -const mbedtls_md_info_t mbedtls_sha256_info = - MBEDTLS_MD_INFO( MBEDTLS_MD_INFO_SHA256 ); - -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA512_C) - -static int sha384_starts_wrap( void *ctx ) -{ - return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); -} - -static int sha384_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, - input, ilen ) ); -} - -static int sha384_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, - output ) ); -} - -static int sha384_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); -} - -static void *sha384_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) ); - - if( ctx != NULL ) - mbedtls_sha512_init( (mbedtls_sha512_context *) ctx ); - - return( ctx ); -} - -static void sha384_ctx_free( void *ctx ) -{ - mbedtls_sha512_free( (mbedtls_sha512_context *) ctx ); - mbedtls_free( ctx ); -} - -static void sha384_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha512_clone( (mbedtls_sha512_context *) dst, - (const mbedtls_sha512_context *) src ); -} - -static int sha384_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, - data ) ); -} - -const mbedtls_md_info_t mbedtls_sha384_info = { - MBEDTLS_MD_SHA384, - "SHA384", - 48, - 128, - sha384_starts_wrap, - sha384_update_wrap, - sha384_finish_wrap, - sha384_wrap, - sha384_ctx_alloc, - sha384_ctx_free, - sha384_clone_wrap, - sha384_process_wrap, -}; - -static int sha512_starts_wrap( void *ctx ) -{ - return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); -} - -static int sha512_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); -} - -const mbedtls_md_info_t mbedtls_sha512_info = { - MBEDTLS_MD_SHA512, - "SHA512", - 64, - 128, - sha512_starts_wrap, - sha384_update_wrap, - sha384_finish_wrap, - sha512_wrap, - sha384_ctx_alloc, - sha384_ctx_free, - sha384_clone_wrap, - sha384_process_wrap, -}; - -#endif /* MBEDTLS_SHA512_C */ - -#endif /* MBEDTLS_MD_C */ diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index 3c9c2786f..dcbd5ff4a 100644 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -66,7 +66,6 @@ #include "mbedtls/md2.h" #include "mbedtls/md4.h" #include "mbedtls/md5.h" -#include "mbedtls/md_internal.h" #include "mbedtls/net.h" #include "mbedtls/net_sockets.h" #include "mbedtls/nist_kw.h" diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index e9673639f..77f0d5d54 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -1,6 +1,5 @@ /* BEGIN_HEADER */ #include "mbedtls/hkdf.h" -#include "mbedtls/md_internal.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 2ec9178af..e6f9ec815 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -264,7 +264,6 @@ - From 1292c35c0305c10f47a14d05bffe8425978ab3fa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Aug 2019 15:43:26 +0100 Subject: [PATCH 27/78] Add config.h option to hardcode choice of single MD algorithm This commit introduces the configuration option MBEDTLS_MD_SINGLE_HASH which can be used to hardcode support for a single digest algorithm at compile-time, at the benefit of reduced code-size. To use, it needs to be defined to evaluate to a macro of the form MBEDTLS_MD_INFO_{DIGEST}, and macros MBEDTLS_MD_INFO_{DIGEST}_FIELD must be defined, giving rise to the various aspects (name, type, size, ...) of the chosen digest algorithm. MBEDTLS_MD_INFO_SHA256 provides an example, but other algorithms can be added if needed. At the moment, the effect of using MBEDTLS_MD_SINGLE_HASH is that the implementation of the MD API (e.g. mbedtls_md_update()) need no longer to through the abstraction of the mbedtls_md_info structures by calling their corresponding function pointers fields (akin to virtual functions in C++), but the directly call the corresponding core digest function (such as mbedtls_sha256_update()). Therefore, MBEDTLS_MD_SINGLE_HASH so far removes the second layer of indirection in the chain User calls MD API -> MD API calls underlying digest impl'n -> Core digest impl'n does the actual work, but the first indirection remains, as the MD API remains untouched and cannot yet be inlined. Studying to what extend inlining the shortened MD API implementations would lead to further code-savings is left for a later commit. --- include/mbedtls/config.h | 14 ++++ include/mbedtls/md.h | 10 +++ library/md.c | 148 ++++++++++++++++++++++++++++++++++++ programs/ssl/query_config.c | 8 ++ 4 files changed, 180 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 83405245e..c820e2ab2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3815,6 +3815,20 @@ //#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID //#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID +/* Set this to MBEDTLS_MD_INFO_{DIGEST} support of a single message + * digest at compile-time, at the benefit of code-size. + * + * On highly constrained systems with large control over the configuration of + * the connection endpoints, this option can be used to hardcode support for + * a single hash algorithm. + * + * You need to make sure that the corresponding digest algorithm attributes + * are defined through macros in md.c. See the definitions + * MBEDTLS_MD_INFO_SHA256_XXX for example. + * + */ +//#define MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256 + /* \} SECTION: Compile-time SSL configuration */ /* Target and application specific configurations diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index c28ee1fd0..97d3b0696 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -80,6 +80,8 @@ typedef enum { #define MBEDTLS_MD_MAX_BLOCK_SIZE 64 #endif +#if !defined(MBEDTLS_MD_SINGLE_HASH) + /** * Opaque struct defined in md.c. */ @@ -89,6 +91,14 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t; typedef struct mbedtls_md_info_t const * mbedtls_md_handle_t; #define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) NULL ) +#else /* !MBEDTLS_MD_SINGLE_HASH */ + +typedef int mbedtls_md_handle_t; +#define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) 0 ) +#define MBEDTLS_MD_UNIQUE_VALID_HANDLE ( (mbedtls_md_handle_t) 1 ) + +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + /** * The generic message-digest context. */ diff --git a/library/md.c b/library/md.c index 2271a766e..abc2ad3f5 100644 --- a/library/md.c +++ b/library/md.c @@ -148,6 +148,7 @@ typedef void mbedtls_md_clone_func_t( void *st, const void *src ); typedef int mbedtls_md_process_func_t( void *ctx, const unsigned char *input ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) struct mbedtls_md_info_t { /** Digest identifier */ @@ -205,6 +206,8 @@ struct mbedtls_md_info_t MBEDTLS_MD_INFO_CLONE_FUNC( MD ), \ MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) } +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + /* * * Definitions of MD information structures for various digests. @@ -262,6 +265,7 @@ static int md2_process_wrap( void *ctx, const unsigned char *data ) return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_md2_info = { MBEDTLS_MD_MD2, "MD2", @@ -276,6 +280,7 @@ const mbedtls_md_info_t mbedtls_md2_info = { md2_clone_wrap, md2_process_wrap, }; +#endif /* !MBEDTLS_MD_SINGLE_HASH */ #endif /* MBEDTLS_MD2_C */ @@ -328,6 +333,7 @@ static int md4_process_wrap( void *ctx, const unsigned char *data ) return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_md4_info = { MBEDTLS_MD_MD4, "MD4", @@ -342,6 +348,7 @@ const mbedtls_md_info_t mbedtls_md4_info = { md4_clone_wrap, md4_process_wrap, }; +#endif /* MBEDTLS_MD_SINGLE_HASH */ #endif /* MBEDTLS_MD4_C */ @@ -394,6 +401,7 @@ static int md5_process_wrap( void *ctx, const unsigned char *data ) return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_md5_info = { MBEDTLS_MD_MD5, "MD5", @@ -408,6 +416,7 @@ const mbedtls_md_info_t mbedtls_md5_info = { md5_clone_wrap, md5_process_wrap, }; +#endif /* MBEDTLS_MD_SINGLE_HASH */ #endif /* MBEDTLS_MD5_C */ @@ -463,6 +472,7 @@ static int ripemd160_process_wrap( void *ctx, const unsigned char *data ) (mbedtls_ripemd160_context *) ctx, data ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_ripemd160_info = { MBEDTLS_MD_RIPEMD160, "RIPEMD160", @@ -477,6 +487,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { ripemd160_clone_wrap, ripemd160_process_wrap, }; +#endif /* !MBEDTLS_MD_SINGLE_HASH */ #endif /* MBEDTLS_RIPEMD160_C */ @@ -531,6 +542,7 @@ static int sha1_process_wrap( void *ctx, const unsigned char *data ) data ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_sha1_info = { MBEDTLS_MD_SHA1, "SHA1", @@ -545,6 +557,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = { sha1_clone_wrap, sha1_process_wrap, }; +#endif /* !MBEDTLS_MD_SINGLE_HASH */ #endif /* MBEDTLS_SHA1_C */ @@ -610,6 +623,7 @@ static int sha224_process_wrap( void *ctx, const unsigned char *data ) data ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) #if !defined(MBEDTLS_SHA256_NO_SHA224) const mbedtls_md_info_t mbedtls_sha224_info = { MBEDTLS_MD_SHA224, @@ -626,6 +640,7 @@ const mbedtls_md_info_t mbedtls_sha224_info = { sha224_process_wrap, }; #endif /* !MBEDTLS_SHA256_NO_SHA224 */ +#endif /* !MBEDTLS_MD_SINGLE_HASH */ static int sha256_starts_wrap( void *ctx ) { @@ -638,8 +653,10 @@ static int sha256_wrap( const unsigned char *input, size_t ilen, return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_sha256_info = MBEDTLS_MD_INFO( MBEDTLS_MD_INFO_SHA256 ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ #endif /* MBEDTLS_SHA256_C */ @@ -701,6 +718,7 @@ static int sha384_process_wrap( void *ctx, const unsigned char *data ) data ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_sha384_info = { MBEDTLS_MD_SHA384, "SHA384", @@ -715,6 +733,7 @@ const mbedtls_md_info_t mbedtls_sha384_info = { sha384_clone_wrap, sha384_process_wrap, }; +#endif /* MBEDTLS_MD_SINGLE_HASH */ static int sha512_starts_wrap( void *ctx ) { @@ -727,6 +746,7 @@ static int sha512_wrap( const unsigned char *input, size_t ilen, return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_sha512_info = { MBEDTLS_MD_SHA512, "SHA512", @@ -741,6 +761,7 @@ const mbedtls_md_info_t mbedtls_sha512_info = { sha384_clone_wrap, sha384_process_wrap, }; +#endif /* MBEDTLS_MD_SINGLE_HASH */ #endif /* MBEDTLS_SHA512_C */ @@ -748,6 +769,8 @@ const mbedtls_md_info_t mbedtls_sha512_info = { * Getter functions for MD info structure. */ +#if !defined(MBEDTLS_MD_SINGLE_HASH) + static inline mbedtls_md_type_t mbedtls_md_info_type( mbedtls_md_handle_t info ) { @@ -820,6 +843,96 @@ static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( return( info->process_func ); } +#else /* !MBEDTLS_MD_SINGLE_HASH */ + +static inline mbedtls_md_type_t mbedtls_md_info_type( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline const char * mbedtls_md_info_name( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_NAME( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline int mbedtls_md_info_size( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_SIZE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline int mbedtls_md_info_block_size( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_BLOCKSIZE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); +} + +static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_PROCESS_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); +} + +#endif /* MBEDTLS_MD_SINGLE_HASH */ + +#if !defined(MBEDTLS_MD_SINGLE_HASH) + /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ @@ -951,6 +1064,41 @@ mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) } } +#else /* MBEDTLS_MD_SINGLE_HASH */ + +const int *mbedtls_md_list( void ) +{ + static int single_hash[2] = + { MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ), + MBEDTLS_MD_INVALID_HANDLE }; + + return( single_hash ); +} + +mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name ) +{ + static const char * const hash_name = + MBEDTLS_MD_INFO_NAME( MBEDTLS_MD_SINGLE_HASH ); + + if( md_name != NULL && strcmp( hash_name, md_name ) == 0 ) + return( MBEDTLS_MD_UNIQUE_VALID_HANDLE ); + + return( MBEDTLS_MD_INVALID_HANDLE ); +} + +mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) +{ + static const mbedtls_md_type_t hash_type = + MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ); + + if( hash_type == md_type ) + return( MBEDTLS_MD_UNIQUE_VALID_HANDLE ); + + return( MBEDTLS_MD_INVALID_HANDLE ); +} + +#endif /* MBEDTLS_MD_SINGLE_HASH */ + void mbedtls_md_init( mbedtls_md_context_t *ctx ) { memset( ctx, 0, sizeof( mbedtls_md_context_t ) ); diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 627934fc3..c151d3128 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -2906,6 +2906,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID */ +#if defined(MBEDTLS_MD_SINGLE_HASH) + if( strcmp( "MBEDTLS_MD_SINGLE_HASH", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_MD_SINGLE_HASH ); + return( 0 ); + } +#endif /* MBEDTLS_MD_SINGLE_HASH */ + /* If the symbol is not found, return an error */ return( 1 ); } From ccb2b62f0ae97b8561cc9887e3c078a658106a25 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Sep 2019 13:19:14 +0100 Subject: [PATCH 28/78] Remove handle from MD context in single hash config --- include/mbedtls/md.h | 11 +++++++++++ library/md.c | 2 ++ 2 files changed, 13 insertions(+) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 97d3b0696..2810a9180 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -104,8 +104,10 @@ typedef int mbedtls_md_handle_t; */ typedef struct mbedtls_md_context_t { +#if !defined(MBEDTLS_MD_SINGLE_HASH) /** Information about the associated message digest. */ mbedtls_md_handle_t md_info; +#endif /** The digest-specific context. */ void *md_ctx; @@ -114,11 +116,20 @@ typedef struct mbedtls_md_context_t void *hmac_ctx; } mbedtls_md_context_t; +#if !defined(MBEDTLS_MD_SINGLE_HASH) static inline mbedtls_md_handle_t mbedtls_md_get_handle( struct mbedtls_md_context_t const *ctx ) { return( ctx->md_info ); } +#else /* !MBEDTLS_MD_SINGLE_HASH */ +static inline mbedtls_md_handle_t mbedtls_md_get_handle( + struct mbedtls_md_context_t const *ctx ) +{ + ((void) ctx); + return( MBEDTLS_MD_UNIQUE_VALID_HANDLE ); +} +#endif /* !MBEDTLS_MD_SINGLE_HASH */ /** * \brief This function returns the list of digests supported by the diff --git a/library/md.c b/library/md.c index abc2ad3f5..cbe92dd68 100644 --- a/library/md.c +++ b/library/md.c @@ -1167,7 +1167,9 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in } } +#if !defined(MBEDTLS_MD_SINGLE_HASH) ctx->md_info = md_info; +#endif return( 0 ); } From d806d9da89a124a99afc1689e66269ae1ca63c76 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Aug 2019 16:09:10 +0100 Subject: [PATCH 29/78] Use SHA-256 as single hardcoded hash in baremetal configuration --- configs/baremetal.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configs/baremetal.h b/configs/baremetal.h index 8bed9a8ae..4a17de072 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -52,6 +52,8 @@ #define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID MBEDTLS_MD_SHA256 #define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID MBEDTLS_SSL_HASH_SHA256 +#define MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256 + /* Key exchanges */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 From c94fc6c0c2db62293bd4f96b5a2c701facb126aa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 14 Aug 2019 11:28:30 +0100 Subject: [PATCH 30/78] Add MBEDTLS_ALWAYS_INLINE macro to platform_util.h --- include/mbedtls/platform_util.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 09d096518..98384add7 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -113,6 +113,12 @@ void mbedtls_param_failed( const char *failure_condition, #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(__GNUC__) || defined(__arm__) +#define MBEDTLS_ALWAYS_INLINE __attribute__((always_inline)) +#else +#define MBEDTLS_ALWAYS_INLINE +#endif + /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) From d9bf9357252eb74c30de853c76c19d3b8dd8f4d8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Sep 2019 13:37:29 +0100 Subject: [PATCH 31/78] Disable invalid argument MD test case With the removal of the MD handle from the MD context, it's a precondition for any MD API outside of mbedtls_md_init() and mbedtls_md_setup() that the MD context has been successfully setup by precisely those functions beforehand, and hence must be bound to the single enabled valid MD handle. --- tests/suites/test_suite_md.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 515a28cfc..31d5aaf17 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -39,7 +39,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_MD_SINGLE_HASH */ void md_null_args( ) { mbedtls_md_context_t ctx; From bdaf0ea5d94c2f6bd56032e6d60455d606bbe5c5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 14 Aug 2019 11:33:43 +0100 Subject: [PATCH 32/78] Make MD info getters always inline --- library/md.c | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/library/md.c b/library/md.c index cbe92dd68..ab66744e6 100644 --- a/library/md.c +++ b/library/md.c @@ -771,73 +771,73 @@ const mbedtls_md_info_t mbedtls_sha512_info = { #if !defined(MBEDTLS_MD_SINGLE_HASH) -static inline mbedtls_md_type_t mbedtls_md_info_type( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type( mbedtls_md_handle_t info ) { return( info->type ); } -static inline const char * mbedtls_md_info_name( +MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name( mbedtls_md_handle_t info ) { return( info->name ); } -static inline int mbedtls_md_info_size( +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size( mbedtls_md_handle_t info ) { return( info->size ); } -static inline int mbedtls_md_info_block_size( +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( mbedtls_md_handle_t info ) { return( info->block_size ); } -static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( mbedtls_md_handle_t info ) { return( info->starts_func ); } -static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( mbedtls_md_handle_t info ) { return( info->update_func ); } -static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( mbedtls_md_handle_t info ) { return( info->finish_func ); } -static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( mbedtls_md_handle_t info ) { return( info->digest_func ); } -static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( mbedtls_md_handle_t info ) { return( info->ctx_alloc_func ); } -static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( mbedtls_md_handle_t info ) { return( info->ctx_free_func ); } -static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( mbedtls_md_handle_t info ) { return( info->clone_func ); } -static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( mbedtls_md_handle_t info ) { return( info->process_func ); @@ -845,84 +845,84 @@ static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( #else /* !MBEDTLS_MD_SINGLE_HASH */ -static inline mbedtls_md_type_t mbedtls_md_info_type( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline const char * mbedtls_md_info_name( +MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_NAME( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline int mbedtls_md_info_size( +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_SIZE( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline int mbedtls_md_info_block_size( +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_BLOCKSIZE( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); } -static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( mbedtls_md_handle_t info ) { ((void) info); From c763e9dc70e46d69bef778a555d9a95a7d665a02 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Sep 2019 12:46:51 +0100 Subject: [PATCH 33/78] Add test for MD hardcoding to all.sh --- tests/scripts/all.sh | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1e3287c46..f1317e7c3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -904,6 +904,34 @@ component_test_hardcoded_elliptic_curve_cmake_clang() { if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$' } +component_test_hardcoded_hash_cmake_clang() { + msg "build: cmake, full config + MBEDTLS_MD_SINGLE_HASH, clang" # ~ 50s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_SHA1_C + scripts/config.pl unset MBEDTLS_SHA512_C + scripts/config.pl set MBEDTLS_SHA256_NO_SHA224 + scripts/config.pl unset MBEDTLS_MD2_C + scripts/config.pl unset MBEDTLS_MD4_C + scripts/config.pl unset MBEDTLS_MD5_C + scripts/config.pl unset MBEDTLS_RIPEMD160_C + scripts/config.pl unset MBEDTLS_SSL_PROTO_SSL3 + scripts/config.pl unset MBEDTLS_SSL_PROTO_TLS1 + scripts/config.pl unset MBEDTLS_SSL_PROTO_TLS1_1 + scripts/config.pl unset MBEDTLS_SSL_CBC_RECORD_SPLITTING + scripts/config.pl set MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256 + + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . + make + + msg "test: main suites (full config + MBEDTLS_MD_SINGLE_HASH)" # ~ 5s + make test + + msg "test: ssl-opt.sh default (full config + MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)" # ~ 5s + if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$' +} + component_build_deprecated () { msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s scripts/config.pl full From 8fbacf941ffe0fee817001b47000cf876b44d411 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Sep 2019 13:55:19 +0100 Subject: [PATCH 34/78] check_config.h: Check MBEDTLS_MD_SINGLE_HASH is used with single MD This commit modifies check_config.h to check that precisely one hash is enabled if MBEDTLS_MD_SINGLE_HASH is set. This is not only a reasonable expectation, it is also necessary, because test suites assume that if a digest is enabled, it is also accessible through the MD abstraction layer. --- include/mbedtls/check_config.h | 67 ++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 6807ff33b..6955246b0 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -786,6 +786,73 @@ #define MBEDTLS_THREADING_IMPL #endif +/* Ensurethat precisely one hash is enabled. */ +#if defined(MBEDTLS_MD_SINGLE_HASH) + +#if defined(MBEDTLS_SHA256_C) +#define MBEDTLS_SHA256_ENABLED 1 +#else +#define MBEDTLS_SHA256_ENABLED 0 +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA256_NO_SHA224) +#define MBEDTLS_SHA224_ENABLED 1 +#else +#define MBEDTLS_SHA224_ENABLED 0 +#endif /* MBEDTLS_SHA256_C && !MBEDTLS_SHA256_NO_SHA224 */ + +#if defined(MBEDTLS_SHA512_C) +#define MBEDTLS_SHA512_ENABLED 2 +#else +#define MBEDTLS_SHA512_ENABLED 0 +#endif /* MBEDTLS_SHA512_C */ + +#if defined(MBEDTLS_SHA1_C) +#define MBEDTLS_SHA1_ENABLED 1 +#else +#define MBEDTLS_SHA1_ENABLED 0 +#endif /* MBEDTLS_SHA1_C */ + +#if defined(MBEDTLS_MD2_C) +#define MBEDTLS_MD2_ENABLED 1 +#else +#define MBEDTLS_MD2_ENABLED 0 +#endif /* MBEDTLS_MD2_C */ + +#if defined(MBEDTLS_MD4_C) +#define MBEDTLS_MD4_ENABLED 1 +#else +#define MBEDTLS_MD4_ENABLED 0 +#endif /* MBEDTLS_MD4_C */ + +#if defined(MBEDTLS_MD5_C) +#define MBEDTLS_MD5_ENABLED 1 +#else +#define MBEDTLS_MD5_ENABLED 0 +#endif /* MBEDTLS_MD5_C */ + +#if defined(MBEDTLS_RIPEMD160_C) +#define MBEDTLS_RIPEMD160_ENABLED 1 +#else +#define MBEDTLS_RIPEMD160_ENABLED 0 +#endif /* MBEDTLS_RIPEMD160_C */ + +#define MBEDTLS_HASHES_ENABLED \ + ( MBEDTLS_MD2_ENABLED + \ + MBEDTLS_MD4_ENABLED + \ + MBEDTLS_MD5_ENABLED + \ + MBEDTLS_RIPEMD160_ENABLED + \ + MBEDTLS_SHA1_ENABLED + \ + MBEDTLS_SHA256_ENABLED + \ + MBEDTLS_SHA512_ENABLED ) + +#if MBEDTLS_HASHES_ENABLED != 1 +#error "MBEDTLS_MD_SINGLE_HASH must be used with precisely one hash algorithm enabled." +#endif + +#undef MBEDTLS_HASHES_ENABLED +#endif /* MBEDTLS_MD_SINGLE_HASH */ + #if defined(MBEDTLS_THREADING_ALT) #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_ALT defined, but not all prerequisites" From 08cf43a9ecaacf2e0ad2567205c132bb53367d57 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 11:27:56 +0100 Subject: [PATCH 35/78] Fix typo MBEDTLS_SSL_CONF_SINGLE_HASH -> MBEDTLS_MD_SINGLE_HASH --- library/md.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/md.c b/library/md.c index ab66744e6..ca23167c5 100644 --- a/library/md.c +++ b/library/md.c @@ -114,8 +114,8 @@ /* Wrapper around MBEDTLS_MD_INFO_XXX_T() which makes sure that * the argument is macro-expanded before concatenated with the * field name. This allows to call these macros as - * MBEDTLS_MD_INFO_XXX( MBEDTLS_SSL_CONF_SINGLE_HASH ). - * where MBEDTLS_SSL_CONF_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ + * MBEDTLS_MD_INFO_XXX( MBEDTLS_MD_SINGLE_HASH ). + * where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ #define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) #define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) #define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) From 3a98eab2c4750709159265cda0ece5b9b9c6dbff Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 11:15:02 +0100 Subject: [PATCH 36/78] Don't return function pointers from MD info getters ARMC5 appears to use the heuristic that as soon as a function's address is taken, the function can no longer be removed from the resulting object file (which is not necessarily true if all uses of the functions address can be inlined). Circumvent this lack of optimization by not returning function pointers. --- library/md.c | 204 ++++++++++++++++++++++++++------------------------- 1 file changed, 103 insertions(+), 101 deletions(-) diff --git a/library/md.c b/library/md.c index ca23167c5..6fb5e4932 100644 --- a/library/md.c +++ b/library/md.c @@ -795,52 +795,58 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( return( info->block_size ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( mbedtls_md_handle_t info, + void *ctx ) { - return( info->starts_func ); + return( info->starts_func( ctx ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input, + size_t ilen ) { - return( info->update_func ); + return( info->update_func( ctx, input, ilen ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( mbedtls_md_handle_t info, + void *ctx, + unsigned char *output ) { - return( info->finish_func ); + return( info->finish_func( ctx, output ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( mbedtls_md_handle_t info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) { - return( info->digest_func ); + return( info->digest_func( input, ilen, output ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( mbedtls_md_handle_t info ) { - return( info->ctx_alloc_func ); + return( info->ctx_alloc_func() ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( mbedtls_md_handle_t info, + void *ctx ) { - return( info->ctx_free_func ); + info->ctx_free_func( ctx ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( mbedtls_md_handle_t info, + void *dst, + const void *src ) { - return( info->clone_func ); + info->clone_func( dst, src ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input ) { - return( info->process_func ); + return( info->process_func( ctx, input ) ); } #else /* !MBEDTLS_MD_SINGLE_HASH */ @@ -873,60 +879,70 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( return( MBEDTLS_MD_INFO_BLOCKSIZE( MBEDTLS_MD_SINGLE_HASH ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_starts_func_t *mbedtls_md_info_starts_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( mbedtls_md_handle_t info, + void *ctx ) { ((void) info); - return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); + return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_update_func_t *mbedtls_md_info_update_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input, + size_t ilen ) { ((void) info); - return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); + return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, input, ilen ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_finish_func_t *mbedtls_md_info_finish_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( mbedtls_md_handle_t info, + void *ctx, + unsigned char *output ) { ((void) info); - return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); + return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, output ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_digest_func_t *mbedtls_md_info_digest_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( mbedtls_md_handle_t info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) { ((void) info); - return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); + return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( input, ilen, output ) ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_ctx_alloc_func_t *mbedtls_md_info_ctx_alloc_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( mbedtls_md_handle_t info ) { ((void) info); - return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); + return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH )() ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_ctx_free_func_t *mbedtls_md_info_ctx_free_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( mbedtls_md_handle_t info, + void *ctx ) { ((void) info); - return( MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); + MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_clone_func_t *mbedtls_md_info_clone_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( mbedtls_md_handle_t info, + void *dst, + const void *src ) { ((void) info); - return( MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); + MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH )( dst, src ); } -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_process_func_t *mbedtls_md_info_process_func( - mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input ) { ((void) info); - return( MBEDTLS_MD_INFO_PROCESS_FUNC( MBEDTLS_MD_SINGLE_HASH ) ); + return( MBEDTLS_MD_INFO_PROCESS_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, input ) ); } #endif /* MBEDTLS_MD_SINGLE_HASH */ @@ -1111,8 +1127,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) if( ctx->md_ctx != NULL ) { - mbedtls_md_info_ctx_free_func( - mbedtls_md_get_handle( ctx ) )( ctx->md_ctx ); + mbedtls_md_info_ctx_free( mbedtls_md_get_handle( ctx ), ctx->md_ctx ); } if( ctx->hmac_ctx != NULL ) @@ -1135,8 +1150,8 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - mbedtls_md_info_clone_func( mbedtls_md_get_handle( dst ) ) - ( dst->md_ctx, src->md_ctx ); + mbedtls_md_info_clone( mbedtls_md_get_handle( dst ), + dst->md_ctx, src->md_ctx ); return( 0 ); } @@ -1152,7 +1167,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_ctx = mbedtls_md_info_ctx_alloc_func( md_info )(); + ctx->md_ctx = mbedtls_md_info_ctx_alloc( md_info ); if( ctx->md_ctx == NULL ) return( MBEDTLS_ERR_MD_ALLOC_FAILED ); @@ -1162,7 +1177,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in mbedtls_md_info_block_size( md_info ) ); if( ctx->hmac_ctx == NULL ) { - mbedtls_md_info_ctx_free_func( md_info )( ctx->md_ctx ); + mbedtls_md_info_ctx_free( md_info, ctx->md_ctx ); return( MBEDTLS_ERR_MD_ALLOC_FAILED ); } } @@ -1184,7 +1199,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_starts_func( md_info )( ctx->md_ctx ) ); + return( mbedtls_md_info_starts( md_info, ctx->md_ctx ) ); } int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) @@ -1197,8 +1212,8 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_update_func( md_info )( ctx->md_ctx, - input, ilen ) ); + return( mbedtls_md_info_update( md_info, ctx->md_ctx, + input, ilen ) ); } int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) @@ -1211,8 +1226,8 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_finish_func( md_info )( ctx->md_ctx, - output ) ); + return( mbedtls_md_info_finish( md_info, ctx->md_ctx, + output ) ); } int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen, @@ -1221,8 +1236,8 @@ int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_digest_func( md_info )( - input, ilen, output) ); + return( mbedtls_md_info_digest( md_info, input, + ilen, output) ); } #if defined(MBEDTLS_FS_IO) @@ -1245,14 +1260,14 @@ int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned cha if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) goto cleanup; - ret = mbedtls_md_info_starts_func( md_info )( ctx.md_ctx ); + ret = mbedtls_md_info_starts( md_info, ctx.md_ctx ); if( ret != 0 ) goto cleanup; while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) { - ret = mbedtls_md_info_update_func( md_info )( ctx.md_ctx, - buf, n ); + ret = mbedtls_md_info_update( md_info, ctx.md_ctx, + buf, n ); if( ret != 0 ) goto cleanup; } @@ -1263,8 +1278,8 @@ int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned cha } else { - ret = mbedtls_md_info_finish_func( md_info )( ctx.md_ctx, - output ); + ret = mbedtls_md_info_finish( md_info, ctx.md_ctx, + output ); } cleanup: @@ -1283,10 +1298,6 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, unsigned char *ipad, *opad; size_t i; - mbedtls_md_starts_func_t *starts; - mbedtls_md_update_func_t *update; - mbedtls_md_finish_func_t *finish; - mbedtls_md_handle_t md_info; if( ctx == NULL || ctx->hmac_ctx == NULL ) @@ -1296,19 +1307,18 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - starts = mbedtls_md_info_starts_func( md_info ); - update = mbedtls_md_info_update_func( md_info ); - finish = mbedtls_md_info_finish_func( md_info ); - if( keylen > (size_t) mbedtls_md_info_block_size( md_info ) ) { - if( ( ret = starts( ctx->md_ctx ) ) != 0 ) + if( ( ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ) ) != 0 ) goto cleanup; - if( ( ret = update( ctx->md_ctx, key, keylen ) ) ) + if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, + key, keylen ) ) != 0 ) + { goto cleanup; + } - if( ( ret = finish( ctx->md_ctx, sum ) ) != 0 ) + if( ( ret = mbedtls_md_info_finish( md_info, ctx->md_ctx, sum ) ) != 0 ) goto cleanup; keylen = mbedtls_md_info_size( md_info ); @@ -1328,10 +1338,10 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, opad[i] = (unsigned char)( opad[i] ^ key[i] ); } - if( ( ret = starts( ctx->md_ctx ) ) != 0 ) + if( ( ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ) ) != 0 ) goto cleanup; - if( ( ret = update( ctx->md_ctx, ipad, + if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, ipad, mbedtls_md_info_block_size( md_info ) ) ) != 0 ) { goto cleanup; @@ -1355,8 +1365,9 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_update_func( md_info )( - ctx->md_ctx, input, ilen ) ); + return( mbedtls_md_info_update( md_info, + ctx->md_ctx, input, + ilen ) ); } int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) @@ -1365,10 +1376,6 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; - mbedtls_md_starts_func_t *starts; - mbedtls_md_update_func_t *update; - mbedtls_md_finish_func_t *finish; - mbedtls_md_handle_t md_info; if( ctx == NULL || ctx->hmac_ctx == NULL ) @@ -1378,32 +1385,28 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - starts = mbedtls_md_info_starts_func( md_info ); - update = mbedtls_md_info_update_func( md_info ); - finish = mbedtls_md_info_finish_func( md_info ); - opad = (unsigned char *) ctx->hmac_ctx + mbedtls_md_info_block_size( md_info ); - if( ( ret = finish( ctx->md_ctx, tmp ) ) != 0 ) + if( ( ret = mbedtls_md_info_finish( md_info, ctx->md_ctx, tmp ) ) != 0 ) return( ret ); - if( ( ret = starts( ctx->md_ctx ) ) != 0 ) + if( ( ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ) ) != 0 ) return( ret ); - if( ( ret = update( ctx->md_ctx, opad, - mbedtls_md_info_block_size( md_info ) ) ) != 0 ) + if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, opad, + mbedtls_md_info_block_size( md_info ) ) ) != 0 ) { return( ret ); } - if( ( ret = update( ctx->md_ctx, tmp, + if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, tmp, mbedtls_md_info_size( md_info ) ) ) != 0 ) { return( ret ); } - if( ( ret = finish( ctx->md_ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md_info_finish( md_info, ctx->md_ctx, output ) ) != 0 ) return( ret ); return( 0 ); @@ -1425,13 +1428,13 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) ipad = (unsigned char *) ctx->hmac_ctx; - ret = mbedtls_md_info_starts_func( md_info )( ctx->md_ctx ); + ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ); if( ret != 0 ) return( ret ); - ret = mbedtls_md_info_update_func( md_info )( - ctx->md_ctx, ipad, - mbedtls_md_info_block_size( md_info ) ); + ret = mbedtls_md_info_update( md_info, + ctx->md_ctx, ipad, + mbedtls_md_info_block_size( md_info ) ); return( ret ); } @@ -1474,8 +1477,7 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( mbedtls_md_info_process_func( md_info )( - ctx->md_ctx, data ) ); + return( mbedtls_md_info_process( md_info, ctx->md_ctx, data ) ); } unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info ) From 3f7d270c18192a0ae2a5a58038fdc439f8ac5b10 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 11:52:46 +0100 Subject: [PATCH 37/78] md.c: Avoid overly long lines --- library/md.c | 104 +++++++++++++++++++++++++++++---------------------- 1 file changed, 60 insertions(+), 44 deletions(-) diff --git a/library/md.c b/library/md.c index 6fb5e4932..8d8f3371a 100644 --- a/library/md.c +++ b/library/md.c @@ -795,56 +795,64 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( return( info->block_size ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( mbedtls_md_handle_t info, - void *ctx ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( + mbedtls_md_handle_t info, + void *ctx ) { return( info->starts_func( ctx ) ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( mbedtls_md_handle_t info, - void *ctx, - const unsigned char *input, - size_t ilen ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input, + size_t ilen ) { return( info->update_func( ctx, input, ilen ) ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( mbedtls_md_handle_t info, - void *ctx, - unsigned char *output ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( + mbedtls_md_handle_t info, + void *ctx, + unsigned char *output ) { return( info->finish_func( ctx, output ) ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( mbedtls_md_handle_t info, - const unsigned char *input, - size_t ilen, - unsigned char *output ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( + mbedtls_md_handle_t info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) { return( info->digest_func( input, ilen, output ) ); } -MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( + mbedtls_md_handle_t info ) { return( info->ctx_alloc_func() ); } -MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( mbedtls_md_handle_t info, - void *ctx ) +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( + mbedtls_md_handle_t info, + void *ctx ) { info->ctx_free_func( ctx ); } -MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( mbedtls_md_handle_t info, - void *dst, - const void *src ) +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( + mbedtls_md_handle_t info, + void *dst, + const void *src ) { info->clone_func( dst, src ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( mbedtls_md_handle_t info, - void *ctx, - const unsigned char *input ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input ) { return( info->process_func( ctx, input ) ); } @@ -879,66 +887,74 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( return( MBEDTLS_MD_INFO_BLOCKSIZE( MBEDTLS_MD_SINGLE_HASH ) ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( mbedtls_md_handle_t info, - void *ctx ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( + mbedtls_md_handle_t info, + void *ctx ) { ((void) info); return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ) ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( mbedtls_md_handle_t info, - void *ctx, - const unsigned char *input, - size_t ilen ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input, + size_t ilen ) { ((void) info); return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH ) ( ctx, input, ilen ) ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( mbedtls_md_handle_t info, - void *ctx, - unsigned char *output ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( + mbedtls_md_handle_t info, + void *ctx, + unsigned char *output ) { ((void) info); return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH ) ( ctx, output ) ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( mbedtls_md_handle_t info, - const unsigned char *input, - size_t ilen, - unsigned char *output ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( + mbedtls_md_handle_t info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) { ((void) info); return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH ) ( input, ilen, output ) ); } -MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( mbedtls_md_handle_t info ) +MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( + mbedtls_md_handle_t info ) { ((void) info); return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH )() ); } -MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( mbedtls_md_handle_t info, - void *ctx ) +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( + mbedtls_md_handle_t info, + void *ctx ) { ((void) info); MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ); } -MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( mbedtls_md_handle_t info, - void *dst, - const void *src ) +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( + mbedtls_md_handle_t info, + void *dst, + const void *src ) { ((void) info); MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH )( dst, src ); } -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( mbedtls_md_handle_t info, - void *ctx, - const unsigned char *input ) +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input ) { ((void) info); return( MBEDTLS_MD_INFO_PROCESS_FUNC( MBEDTLS_MD_SINGLE_HASH ) From c4e4210aaba69c0a250331bc8608070d590daa65 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 12:43:22 +0100 Subject: [PATCH 38/78] Introduce md_internal.h Recall that in the default configuration, Mbed TLS provides access digest implementations through two layers of indirection: 1) Call of MD API (e.g. mbedtls_md_update()) 2) Call of function pointer from MD info structure 3) Actual digest implementation (e.g. mbedtls_sha256_update()). Ideally, if only a single digest is enabled - say SHA-256 - then calling mbedtls_md_update() should _directly_ jump to mbedtls_sha256_update(), with both layers of indirection removed. So far, however, setting MBEDTLS_MD_SINGLE_HASH will only remove the second - function pointer - layer of indirection, while keeping the non-inlined stub implementations of e.g. mbedtls_md_update() around. This commit is a step towards allowing to define implementations of the MD API as `static inline` in case we know that they are so small that they should be defined in md.h and not in md.c. In a nutshell, the approach is as follows: For an MD API function mbedtls_md_xxx() that should be inlin-able, introduce its implementation as a `static inline` wrapper `mbedtls_md_xxx_internal()` in md.h, and then define mbedtls_md_xxx() either in md.h or in md.c, by just calling mbedtls_md_xxx_internal(). Moving the implementations of those MD API functions that should be inlinable to md.h requires the presence of both the MD info struct and all specific digest wrapper functions in md.h, and this is what this commit ensures, by moving them from md.c into a new internal header file md_internal.h. Implementing the aforementioned wrappers for those MD API that should be inlinable is left for subsequent commits. --- include/mbedtls/md.h | 2 + include/mbedtls/md_internal.h | 820 ++++++++++++++++++++++++++++++++ library/md.c | 864 +++------------------------------- 3 files changed, 881 insertions(+), 805 deletions(-) create mode 100644 include/mbedtls/md_internal.h diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 2810a9180..120473d94 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -131,6 +131,8 @@ static inline mbedtls_md_handle_t mbedtls_md_get_handle( } #endif /* !MBEDTLS_MD_SINGLE_HASH */ +#include "md_internal.h" + /** * \brief This function returns the list of digests supported by the * generic digest module. diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h new file mode 100644 index 000000000..568c9714b --- /dev/null +++ b/include/mbedtls/md_internal.h @@ -0,0 +1,820 @@ + /** + * \file md.h + * + * \brief This file contains the generic message-digest wrapper. + * + * \author Adriaan de Jong + */ +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_MD_INTERNAL_H +#define MBEDTLS_MD_INTERNAL_H + +#if defined(MBEDTLS_MD2_C) +#include "mbedtls/md2.h" +#endif + +#if defined(MBEDTLS_MD4_C) +#include "mbedtls/md4.h" +#endif + +#if defined(MBEDTLS_MD5_C) +#include "mbedtls/md5.h" +#endif + +#if defined(MBEDTLS_RIPEMD160_C) +#include "mbedtls/ripemd160.h" +#endif + +#if defined(MBEDTLS_SHA1_C) +#include "mbedtls/sha1.h" +#endif + +#if defined(MBEDTLS_SHA256_C) +#include "mbedtls/sha256.h" +#endif + +#if defined(MBEDTLS_SHA512_C) +#include "mbedtls/sha512.h" +#endif + +#include "mbedtls/platform_util.h" + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Message-digest information macro definition + */ + +/* SHA-256 */ +#define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 +#define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" +#define MBEDTLS_MD_INFO_SHA256_SIZE 32 +#define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 +#define MBEDTLS_MD_INFO_SHA256_STARTS_FUNC mbedtls_sha256_starts_wrap +#define MBEDTLS_MD_INFO_SHA256_UPDATE_FUNC mbedtls_sha224_update_wrap +#define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC mbedtls_sha224_finish_wrap +#define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC mbedtls_sha256_wrap +#define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC mbedtls_sha224_ctx_alloc +#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_sha224_ctx_free +#define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC mbedtls_sha224_clone_wrap +#define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC mbedtls_sha224_process_wrap + +/* + * Helper macros to extract fields from ciphersuites. + */ + +#define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE +#define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME +#define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE +#define MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) MD ## _BLOCKSIZE +#define MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) MD ## _STARTS_FUNC +#define MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) MD ## _UPDATE_FUNC +#define MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) MD ## _FINISH_FUNC +#define MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) MD ## _DIGEST_FUNC +#define MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) MD ## _ALLOC_FUNC +#define MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) MD ## _FREE_FUNC +#define MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) MD ## _CLONE_FUNC +#define MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) MD ## _PROCESS_FUNC + +/* Wrapper around MBEDTLS_MD_INFO_XXX_T() which makes sure that + * the argument is macro-expanded before concatenated with the + * field name. This allows to call these macros as + * MBEDTLS_MD_INFO_XXX( MBEDTLS_MD_SINGLE_HASH ). + * where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ +#define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) +#define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) +#define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) +#define MBEDTLS_MD_INFO_BLOCKSIZE( MD ) MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) +#define MBEDTLS_MD_INFO_STARTS_FUNC( MD ) MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_UPDATE_FUNC( MD ) MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_FINISH_FUNC( MD ) MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_DIGEST_FUNC( MD ) MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_ALLOC_FUNC( MD ) MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_FREE_FUNC( MD ) MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_CLONE_FUNC( MD ) MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) + +/** + * Message digest information. + * Allows message digest functions to be called in a generic way. + */ + +typedef int mbedtls_md_starts_func_t( void *ctx ); +typedef int mbedtls_md_update_func_t( void *ctx, + const unsigned char *input, + size_t ilen ); +typedef int mbedtls_md_finish_func_t( void *ctx, unsigned char *output ); +typedef int mbedtls_md_digest_func_t( const unsigned char *input, + size_t ilen, + unsigned char *output ); +typedef void* mbedtls_md_ctx_alloc_func_t( void ); +typedef void mbedtls_md_ctx_free_func_t( void *ctx ); +typedef void mbedtls_md_clone_func_t( void *st, const void *src ); +typedef int mbedtls_md_process_func_t( void *ctx, + const unsigned char *input ); + +#if !defined(MBEDTLS_MD_SINGLE_HASH) +struct mbedtls_md_info_t +{ + /** Digest identifier */ + mbedtls_md_type_t type; + + /** Name of the message digest */ + const char * name; + + /** Output length of the digest function in bytes */ + int size; + + /** Block length of the digest function in bytes */ + int block_size; + + /** Digest initialisation function */ + mbedtls_md_starts_func_t *starts_func; + + /** Digest update function */ + mbedtls_md_update_func_t *update_func; + + /** Digest finalisation function */ + mbedtls_md_finish_func_t *finish_func; + + /** Generic digest function */ + mbedtls_md_digest_func_t *digest_func; + + /** Allocate a new context */ + mbedtls_md_ctx_alloc_func_t *ctx_alloc_func; + + /** Free the given context */ + mbedtls_md_ctx_free_func_t *ctx_free_func; + + /** Clone state from a context */ + mbedtls_md_clone_func_t *clone_func; + + /** Internal use only */ + mbedtls_md_process_func_t *process_func; +}; + +/** + * \brief This macro builds an instance of ::mbedtls_md_info_t + * from an \c MBEDTLS_MD_INFO_XXX identifier. + */ +#define MBEDTLS_MD_INFO( MD ) \ + { MBEDTLS_MD_INFO_TYPE( MD ), \ + MBEDTLS_MD_INFO_NAME( MD ), \ + MBEDTLS_MD_INFO_SIZE( MD ), \ + MBEDTLS_MD_INFO_BLOCKSIZE( MD ), \ + MBEDTLS_MD_INFO_STARTS_FUNC( MD ), \ + MBEDTLS_MD_INFO_UPDATE_FUNC( MD ), \ + MBEDTLS_MD_INFO_FINISH_FUNC( MD ), \ + MBEDTLS_MD_INFO_DIGEST_FUNC( MD ), \ + MBEDTLS_MD_INFO_ALLOC_FUNC( MD ), \ + MBEDTLS_MD_INFO_FREE_FUNC( MD ), \ + MBEDTLS_MD_INFO_CLONE_FUNC( MD ), \ + MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) } + +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + +/* + * + * Definitions of MD information structures for various digests. + * + */ + +/* + * MD-2 + */ + +#if defined(MBEDTLS_MD2_C) + +static int mbedtls_md2_starts_wrap( void *ctx ) +{ + return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); +} + +static int mbedtls_md2_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); +} + +static int mbedtls_md2_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); +} + +static void* mbedtls_md2_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) ); + + if( ctx != NULL ) + mbedtls_md2_init( (mbedtls_md2_context *) ctx ); + + return( ctx ); +} + +static void mbedtls_md2_ctx_free( void *ctx ) +{ + mbedtls_md2_free( (mbedtls_md2_context *) ctx ); + mbedtls_free( ctx ); +} + +static void mbedtls_md2_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md2_clone( (mbedtls_md2_context *) dst, + (const mbedtls_md2_context *) src ); +} + +static int mbedtls_md2_process_wrap( void *ctx, const unsigned char *data ) +{ + ((void) data); + + return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); +} + +#endif /* MBEDTLS_MD2_C */ + +/* + * MD-4 + */ + +#if defined(MBEDTLS_MD4_C) + +static int mbedtls_md4_starts_wrap( void *ctx ) +{ + return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); +} + +static int mbedtls_md4_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); +} + +static int mbedtls_md4_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); +} + +static void* mbedtls_md4_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) ); + + if( ctx != NULL ) + mbedtls_md4_init( (mbedtls_md4_context *) ctx ); + + return( ctx ); +} + +static void mbedtls_md4_ctx_free( void *ctx ) +{ + mbedtls_md4_free( (mbedtls_md4_context *) ctx ); + mbedtls_free( ctx ); +} + +static void mbedtls_md4_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md4_clone( (mbedtls_md4_context *) dst, + (const mbedtls_md4_context *) src ); +} + +static int mbedtls_md4_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); +} + +#endif /* MBEDTLS_MD4_C */ + +/* + * MD-5 + */ + +#if defined(MBEDTLS_MD5_C) + +static int mbedtls_md5_starts_wrap( void *ctx ) +{ + return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); +} + +static int mbedtls_md5_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); +} + +static int mbedtls_md5_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); +} + +static void* mbedtls_md5_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) ); + + if( ctx != NULL ) + mbedtls_md5_init( (mbedtls_md5_context *) ctx ); + + return( ctx ); +} + +static void mbedtls_md5_ctx_free( void *ctx ) +{ + mbedtls_md5_free( (mbedtls_md5_context *) ctx ); + mbedtls_free( ctx ); +} + +static void mbedtls_md5_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md5_clone( (mbedtls_md5_context *) dst, + (const mbedtls_md5_context *) src ); +} + +static int mbedtls_md5_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); +} + +#endif /* MBEDTLS_MD5_C */ + +/* + * RIPEMD-160 + */ + +#if defined(MBEDTLS_RIPEMD160_C) + +static int mbedtls_ripemd160_starts_wrap( void *ctx ) +{ + return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); +} + +static int mbedtls_ripemd160_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, + input, ilen ) ); +} + +static int mbedtls_ripemd160_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, + output ) ); +} + +static void* mbedtls_ripemd160_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) ); + + if( ctx != NULL ) + mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx ); + + return( ctx ); +} + +static void mbedtls_ripemd160_ctx_free( void *ctx ) +{ + mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx ); + mbedtls_free( ctx ); +} + +static void mbedtls_ripemd160_clone_wrap( void *dst, const void *src ) +{ + mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst, + (const mbedtls_ripemd160_context *) src ); +} + +static int mbedtls_ripemd160_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_ripemd160_process( + (mbedtls_ripemd160_context *) ctx, data ) ); +} + +#endif /* MBEDTLS_RIPEMD160_C */ + +/* + * SHA-1 + */ + +#if defined(MBEDTLS_SHA1_C) + +static int mbedtls_sha1_starts_wrap( void *ctx ) +{ + return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); +} + +static int mbedtls_sha1_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, + input, ilen ) ); +} + +static int mbedtls_sha1_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); +} + +static void* mbedtls_sha1_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) ); + + if( ctx != NULL ) + mbedtls_sha1_init( (mbedtls_sha1_context *) ctx ); + + return( ctx ); +} + +static void mbedtls_sha1_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha1_clone( (mbedtls_sha1_context *) dst, + (const mbedtls_sha1_context *) src ); +} + +static void mbedtls_sha1_ctx_free( void *ctx ) +{ + mbedtls_sha1_free( (mbedtls_sha1_context *) ctx ); + mbedtls_free( ctx ); +} + +static int mbedtls_sha1_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, + data ) ); +} + +#endif /* MBEDTLS_SHA1_C */ + +/* + * SHA-224 and SHA-256 + */ + +#if defined(MBEDTLS_SHA256_C) + +#if !defined(MBEDTLS_SHA256_NO_SHA224) +static int mbedtls_sha224_starts_wrap( void *ctx ) +{ + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); +} +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ + +static int mbedtls_sha224_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, + input, ilen ) ); +} + +static int mbedtls_sha224_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, + output ) ); +} + +#if !defined(MBEDTLS_SHA256_NO_SHA224) +static int mbedtls_sha224_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); +} +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ + +static void* mbedtls_sha224_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) ); + + if( ctx != NULL ) + mbedtls_sha256_init( (mbedtls_sha256_context *) ctx ); + + return( ctx ); +} + +static void mbedtls_sha224_ctx_free( void *ctx ) +{ + mbedtls_sha256_free( (mbedtls_sha256_context *) ctx ); + mbedtls_free( ctx ); +} + +static void mbedtls_sha224_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha256_clone( (mbedtls_sha256_context *) dst, + (const mbedtls_sha256_context *) src ); +} + +static int mbedtls_sha224_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, + data ) ); +} + +static int mbedtls_sha256_starts_wrap( void *ctx ) +{ + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); +} + +static int mbedtls_sha256_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); +} + +#endif /* MBEDTLS_SHA256_C */ + +/* + * SHA-384 and SHA-512 + */ + +#if defined(MBEDTLS_SHA512_C) + +static int mbedtls_sha384_starts_wrap( void *ctx ) +{ + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); +} + +static int mbedtls_sha384_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, + input, ilen ) ); +} + +static int mbedtls_sha384_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, + output ) ); +} + +static int mbedtls_sha384_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); +} + +static void* mbedtls_sha384_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) ); + + if( ctx != NULL ) + mbedtls_sha512_init( (mbedtls_sha512_context *) ctx ); + + return( ctx ); +} + +static void mbedtls_sha384_ctx_free( void *ctx ) +{ + mbedtls_sha512_free( (mbedtls_sha512_context *) ctx ); + mbedtls_free( ctx ); +} + +static void mbedtls_sha384_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha512_clone( (mbedtls_sha512_context *) dst, + (const mbedtls_sha512_context *) src ); +} + +static int mbedtls_sha384_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, + data ) ); +} + +static int mbedtls_sha512_starts_wrap( void *ctx ) +{ + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); +} + +static int mbedtls_sha512_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); +} + +#endif /* MBEDTLS_SHA512_C */ + +/* + * Getter functions for MD info structure. + */ + +#if !defined(MBEDTLS_MD_SINGLE_HASH) + +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type( + mbedtls_md_handle_t info ) +{ + return( info->type ); +} + +MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name( + mbedtls_md_handle_t info ) +{ + return( info->name ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size( + mbedtls_md_handle_t info ) +{ + return( info->size ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( + mbedtls_md_handle_t info ) +{ + return( info->block_size ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( + mbedtls_md_handle_t info, + void *ctx ) +{ + return( info->starts_func( ctx ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input, + size_t ilen ) +{ + return( info->update_func( ctx, input, ilen ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( + mbedtls_md_handle_t info, + void *ctx, + unsigned char *output ) +{ + return( info->finish_func( ctx, output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( + mbedtls_md_handle_t info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) +{ + return( info->digest_func( input, ilen, output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( + mbedtls_md_handle_t info ) +{ + return( info->ctx_alloc_func() ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( + mbedtls_md_handle_t info, + void *ctx ) +{ + info->ctx_free_func( ctx ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( + mbedtls_md_handle_t info, + void *dst, + const void *src ) +{ + info->clone_func( dst, src ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input ) +{ + return( info->process_func( ctx, input ) ); +} + +#else /* !MBEDTLS_MD_SINGLE_HASH */ + +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_NAME( MBEDTLS_MD_SINGLE_HASH ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_SIZE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_BLOCKSIZE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( + mbedtls_md_handle_t info, + void *ctx ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input, + size_t ilen ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, input, ilen ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( + mbedtls_md_handle_t info, + void *ctx, + unsigned char *output ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( + mbedtls_md_handle_t info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( input, ilen, output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH )() ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( + mbedtls_md_handle_t info, + void *ctx ) +{ + ((void) info); + MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( + mbedtls_md_handle_t info, + void *dst, + const void *src ) +{ + ((void) info); + MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH )( dst, src ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_PROCESS_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, input ) ); +} + +#endif /* MBEDTLS_MD_SINGLE_HASH */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_MD_INTERNAL_H */ diff --git a/library/md.c b/library/md.c index 8d8f3371a..f81a1a9e3 100644 --- a/library/md.c +++ b/library/md.c @@ -48,166 +48,7 @@ #include #endif -#if defined(MBEDTLS_MD2_C) -#include "mbedtls/md2.h" -#endif - -#if defined(MBEDTLS_MD4_C) -#include "mbedtls/md4.h" -#endif - -#if defined(MBEDTLS_MD5_C) -#include "mbedtls/md5.h" -#endif - -#if defined(MBEDTLS_RIPEMD160_C) -#include "mbedtls/ripemd160.h" -#endif - -#if defined(MBEDTLS_SHA1_C) -#include "mbedtls/sha1.h" -#endif - -#if defined(MBEDTLS_SHA256_C) -#include "mbedtls/sha256.h" -#endif - -#if defined(MBEDTLS_SHA512_C) -#include "mbedtls/sha512.h" -#endif - -/* - * Message-digest information macro definition - */ - -/* SHA-256 */ -#define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 -#define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" -#define MBEDTLS_MD_INFO_SHA256_SIZE 32 -#define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 -#define MBEDTLS_MD_INFO_SHA256_STARTS_FUNC sha256_starts_wrap -#define MBEDTLS_MD_INFO_SHA256_UPDATE_FUNC sha224_update_wrap -#define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC sha224_finish_wrap -#define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC sha256_wrap -#define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC sha224_ctx_alloc -#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC sha224_ctx_free -#define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC sha224_clone_wrap -#define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC sha224_process_wrap - -/* - * Helper macros to extract fields from ciphersuites. - */ - -#define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE -#define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME -#define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE -#define MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) MD ## _BLOCKSIZE -#define MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) MD ## _STARTS_FUNC -#define MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) MD ## _UPDATE_FUNC -#define MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) MD ## _FINISH_FUNC -#define MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) MD ## _DIGEST_FUNC -#define MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) MD ## _ALLOC_FUNC -#define MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) MD ## _FREE_FUNC -#define MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) MD ## _CLONE_FUNC -#define MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) MD ## _PROCESS_FUNC - -/* Wrapper around MBEDTLS_MD_INFO_XXX_T() which makes sure that - * the argument is macro-expanded before concatenated with the - * field name. This allows to call these macros as - * MBEDTLS_MD_INFO_XXX( MBEDTLS_MD_SINGLE_HASH ). - * where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ -#define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) -#define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) -#define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) -#define MBEDTLS_MD_INFO_BLOCKSIZE( MD ) MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) -#define MBEDTLS_MD_INFO_STARTS_FUNC( MD ) MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_UPDATE_FUNC( MD ) MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_FINISH_FUNC( MD ) MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_DIGEST_FUNC( MD ) MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_ALLOC_FUNC( MD ) MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_FREE_FUNC( MD ) MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_CLONE_FUNC( MD ) MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) -#define MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) - -/** - * Message digest information. - * Allows message digest functions to be called in a generic way. - */ - -typedef int mbedtls_md_starts_func_t( void *ctx ); -typedef int mbedtls_md_update_func_t( void *ctx, - const unsigned char *input, - size_t ilen ); -typedef int mbedtls_md_finish_func_t( void *ctx, unsigned char *output ); -typedef int mbedtls_md_digest_func_t( const unsigned char *input, - size_t ilen, - unsigned char *output ); -typedef void* mbedtls_md_ctx_alloc_func_t( void ); -typedef void mbedtls_md_ctx_free_func_t( void *ctx ); -typedef void mbedtls_md_clone_func_t( void *st, const void *src ); -typedef int mbedtls_md_process_func_t( void *ctx, - const unsigned char *input ); - #if !defined(MBEDTLS_MD_SINGLE_HASH) -struct mbedtls_md_info_t -{ - /** Digest identifier */ - mbedtls_md_type_t type; - - /** Name of the message digest */ - const char * name; - - /** Output length of the digest function in bytes */ - int size; - - /** Block length of the digest function in bytes */ - int block_size; - - /** Digest initialisation function */ - mbedtls_md_starts_func_t *starts_func; - - /** Digest update function */ - mbedtls_md_update_func_t *update_func; - - /** Digest finalisation function */ - mbedtls_md_finish_func_t *finish_func; - - /** Generic digest function */ - mbedtls_md_digest_func_t *digest_func; - - /** Allocate a new context */ - mbedtls_md_ctx_alloc_func_t *ctx_alloc_func; - - /** Free the given context */ - mbedtls_md_ctx_free_func_t *ctx_free_func; - - /** Clone state from a context */ - mbedtls_md_clone_func_t *clone_func; - - /** Internal use only */ - mbedtls_md_process_func_t *process_func; -}; - -/** - * \brief This macro builds an instance of ::mbedtls_md_info_t - * from an \c MBEDTLS_MD_INFO_XXX identifier. - */ -#define MBEDTLS_MD_INFO( MD ) \ - { MBEDTLS_MD_INFO_TYPE( MD ), \ - MBEDTLS_MD_INFO_NAME( MD ), \ - MBEDTLS_MD_INFO_SIZE( MD ), \ - MBEDTLS_MD_INFO_BLOCKSIZE( MD ), \ - MBEDTLS_MD_INFO_STARTS_FUNC( MD ), \ - MBEDTLS_MD_INFO_UPDATE_FUNC( MD ), \ - MBEDTLS_MD_INFO_FINISH_FUNC( MD ), \ - MBEDTLS_MD_INFO_DIGEST_FUNC( MD ), \ - MBEDTLS_MD_INFO_ALLOC_FUNC( MD ), \ - MBEDTLS_MD_INFO_FREE_FUNC( MD ), \ - MBEDTLS_MD_INFO_CLONE_FUNC( MD ), \ - MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) } - -#endif /* !MBEDTLS_MD_SINGLE_HASH */ - /* * * Definitions of MD information structures for various digests. @@ -217,71 +58,21 @@ struct mbedtls_md_info_t /* * MD-2 */ - #if defined(MBEDTLS_MD2_C) - -static int md2_starts_wrap( void *ctx ) -{ - return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); -} - -static int md2_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); -} - -static int md2_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); -} - -static void *md2_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) ); - - if( ctx != NULL ) - mbedtls_md2_init( (mbedtls_md2_context *) ctx ); - - return( ctx ); -} - -static void md2_ctx_free( void *ctx ) -{ - mbedtls_md2_free( (mbedtls_md2_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md2_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md2_clone( (mbedtls_md2_context *) dst, - (const mbedtls_md2_context *) src ); -} - -static int md2_process_wrap( void *ctx, const unsigned char *data ) -{ - ((void) data); - - return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_md2_info = { MBEDTLS_MD_MD2, "MD2", 16, 16, - md2_starts_wrap, - md2_update_wrap, - md2_finish_wrap, + mbedtls_md2_starts_wrap, + mbedtls_md2_update_wrap, + mbedtls_md2_finish_wrap, mbedtls_md2_ret, - md2_ctx_alloc, - md2_ctx_free, - md2_clone_wrap, - md2_process_wrap, + mbedtls_md2_ctx_alloc, + mbedtls_md2_ctx_free, + mbedtls_md2_clone_wrap, + mbedtls_md2_process_wrap, }; -#endif /* !MBEDTLS_MD_SINGLE_HASH */ - #endif /* MBEDTLS_MD2_C */ /* @@ -289,67 +80,20 @@ const mbedtls_md_info_t mbedtls_md2_info = { */ #if defined(MBEDTLS_MD4_C) - -static int md4_starts_wrap( void *ctx ) -{ - return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); -} - -static int md4_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); -} - -static int md4_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); -} - -static void *md4_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) ); - - if( ctx != NULL ) - mbedtls_md4_init( (mbedtls_md4_context *) ctx ); - - return( ctx ); -} - -static void md4_ctx_free( void *ctx ) -{ - mbedtls_md4_free( (mbedtls_md4_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md4_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md4_clone( (mbedtls_md4_context *) dst, - (const mbedtls_md4_context *) src ); -} - -static int md4_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_md4_info = { MBEDTLS_MD_MD4, "MD4", 16, 64, - md4_starts_wrap, - md4_update_wrap, - md4_finish_wrap, + mbedtls_md4_starts_wrap, + mbedtls_md4_update_wrap, + mbedtls_md4_finish_wrap, mbedtls_md4_ret, - md4_ctx_alloc, - md4_ctx_free, - md4_clone_wrap, - md4_process_wrap, + mbedtls_md4_ctx_alloc, + mbedtls_md4_ctx_free, + mbedtls_md4_clone_wrap, + mbedtls_md4_process_wrap, }; -#endif /* MBEDTLS_MD_SINGLE_HASH */ - #endif /* MBEDTLS_MD4_C */ /* @@ -357,67 +101,20 @@ const mbedtls_md_info_t mbedtls_md4_info = { */ #if defined(MBEDTLS_MD5_C) - -static int md5_starts_wrap( void *ctx ) -{ - return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); -} - -static int md5_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); -} - -static int md5_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); -} - -static void *md5_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) ); - - if( ctx != NULL ) - mbedtls_md5_init( (mbedtls_md5_context *) ctx ); - - return( ctx ); -} - -static void md5_ctx_free( void *ctx ) -{ - mbedtls_md5_free( (mbedtls_md5_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md5_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md5_clone( (mbedtls_md5_context *) dst, - (const mbedtls_md5_context *) src ); -} - -static int md5_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_md5_info = { MBEDTLS_MD_MD5, "MD5", 16, 64, - md5_starts_wrap, - md5_update_wrap, - md5_finish_wrap, + mbedtls_md5_starts_wrap, + mbedtls_md5_update_wrap, + mbedtls_md5_finish_wrap, mbedtls_md5_ret, - md5_ctx_alloc, - md5_ctx_free, - md5_clone_wrap, - md5_process_wrap, + mbedtls_md5_ctx_alloc, + mbedtls_md5_ctx_free, + mbedtls_md5_clone_wrap, + mbedtls_md5_process_wrap, }; -#endif /* MBEDTLS_MD_SINGLE_HASH */ - #endif /* MBEDTLS_MD5_C */ /* @@ -425,70 +122,20 @@ const mbedtls_md_info_t mbedtls_md5_info = { */ #if defined(MBEDTLS_RIPEMD160_C) - -static int ripemd160_starts_wrap( void *ctx ) -{ - return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); -} - -static int ripemd160_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, - input, ilen ) ); -} - -static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, - output ) ); -} - -static void *ripemd160_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) ); - - if( ctx != NULL ) - mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx ); - - return( ctx ); -} - -static void ripemd160_ctx_free( void *ctx ) -{ - mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx ); - mbedtls_free( ctx ); -} - -static void ripemd160_clone_wrap( void *dst, const void *src ) -{ - mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst, - (const mbedtls_ripemd160_context *) src ); -} - -static int ripemd160_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_ripemd160_process( - (mbedtls_ripemd160_context *) ctx, data ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_ripemd160_info = { MBEDTLS_MD_RIPEMD160, "RIPEMD160", 20, 64, - ripemd160_starts_wrap, - ripemd160_update_wrap, - ripemd160_finish_wrap, + mbedtls_ripemd160_starts_wrap, + mbedtls_ripemd160_update_wrap, + mbedtls_ripemd160_finish_wrap, mbedtls_ripemd160_ret, - ripemd160_ctx_alloc, - ripemd160_ctx_free, - ripemd160_clone_wrap, - ripemd160_process_wrap, + mbedtls_ripemd160_ctx_alloc, + mbedtls_ripemd160_ctx_free, + mbedtls_ripemd160_clone_wrap, + mbedtls_ripemd160_process_wrap, }; -#endif /* !MBEDTLS_MD_SINGLE_HASH */ - #endif /* MBEDTLS_RIPEMD160_C */ /* @@ -496,69 +143,20 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { */ #if defined(MBEDTLS_SHA1_C) - -static int sha1_starts_wrap( void *ctx ) -{ - return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); -} - -static int sha1_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, - input, ilen ) ); -} - -static int sha1_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); -} - -static void *sha1_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) ); - - if( ctx != NULL ) - mbedtls_sha1_init( (mbedtls_sha1_context *) ctx ); - - return( ctx ); -} - -static void sha1_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha1_clone( (mbedtls_sha1_context *) dst, - (const mbedtls_sha1_context *) src ); -} - -static void sha1_ctx_free( void *ctx ) -{ - mbedtls_sha1_free( (mbedtls_sha1_context *) ctx ); - mbedtls_free( ctx ); -} - -static int sha1_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, - data ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_sha1_info = { MBEDTLS_MD_SHA1, "SHA1", 20, 64, - sha1_starts_wrap, - sha1_update_wrap, - sha1_finish_wrap, + mbedtls_sha1_starts_wrap, + mbedtls_sha1_update_wrap, + mbedtls_sha1_finish_wrap, mbedtls_sha1_ret, - sha1_ctx_alloc, - sha1_ctx_free, - sha1_clone_wrap, - sha1_process_wrap, + mbedtls_sha1_ctx_alloc, + mbedtls_sha1_ctx_free, + mbedtls_sha1_clone_wrap, + mbedtls_sha1_process_wrap, }; -#endif /* !MBEDTLS_MD_SINGLE_HASH */ - #endif /* MBEDTLS_SHA1_C */ /* @@ -566,98 +164,24 @@ const mbedtls_md_info_t mbedtls_sha1_info = { */ #if defined(MBEDTLS_SHA256_C) - -#if !defined(MBEDTLS_SHA256_NO_SHA224) -static int sha224_starts_wrap( void *ctx ) -{ - return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); -} -#endif /* !MBEDTLS_SHA256_NO_SHA224 */ - -static int sha224_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, - input, ilen ) ); -} - -static int sha224_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, - output ) ); -} - -#if !defined(MBEDTLS_SHA256_NO_SHA224) -static int sha224_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); -} -#endif /* !MBEDTLS_SHA256_NO_SHA224 */ - -static void *sha224_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) ); - - if( ctx != NULL ) - mbedtls_sha256_init( (mbedtls_sha256_context *) ctx ); - - return( ctx ); -} - -static void sha224_ctx_free( void *ctx ) -{ - mbedtls_sha256_free( (mbedtls_sha256_context *) ctx ); - mbedtls_free( ctx ); -} - -static void sha224_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha256_clone( (mbedtls_sha256_context *) dst, - (const mbedtls_sha256_context *) src ); -} - -static int sha224_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, - data ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) #if !defined(MBEDTLS_SHA256_NO_SHA224) const mbedtls_md_info_t mbedtls_sha224_info = { MBEDTLS_MD_SHA224, "SHA224", 28, 64, - sha224_starts_wrap, - sha224_update_wrap, - sha224_finish_wrap, - sha224_wrap, - sha224_ctx_alloc, - sha224_ctx_free, - sha224_clone_wrap, - sha224_process_wrap, + mbedtls_sha224_starts_wrap, + mbedtls_sha224_update_wrap, + mbedtls_sha224_finish_wrap, + mbedtls_sha224_wrap, + mbedtls_sha224_ctx_alloc, + mbedtls_sha224_ctx_free, + mbedtls_sha224_clone_wrap, + mbedtls_sha224_process_wrap, }; #endif /* !MBEDTLS_SHA256_NO_SHA224 */ -#endif /* !MBEDTLS_MD_SINGLE_HASH */ - -static int sha256_starts_wrap( void *ctx ) -{ - return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); -} - -static int sha256_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_sha256_info = MBEDTLS_MD_INFO( MBEDTLS_MD_INFO_SHA256 ); -#endif /* !MBEDTLS_MD_SINGLE_HASH */ - #endif /* MBEDTLS_SHA256_C */ /* @@ -665,306 +189,36 @@ const mbedtls_md_info_t mbedtls_sha256_info = */ #if defined(MBEDTLS_SHA512_C) - -static int sha384_starts_wrap( void *ctx ) -{ - return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); -} - -static int sha384_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, - input, ilen ) ); -} - -static int sha384_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, - output ) ); -} - -static int sha384_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); -} - -static void *sha384_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) ); - - if( ctx != NULL ) - mbedtls_sha512_init( (mbedtls_sha512_context *) ctx ); - - return( ctx ); -} - -static void sha384_ctx_free( void *ctx ) -{ - mbedtls_sha512_free( (mbedtls_sha512_context *) ctx ); - mbedtls_free( ctx ); -} - -static void sha384_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha512_clone( (mbedtls_sha512_context *) dst, - (const mbedtls_sha512_context *) src ); -} - -static int sha384_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, - data ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_sha384_info = { MBEDTLS_MD_SHA384, "SHA384", 48, 128, - sha384_starts_wrap, - sha384_update_wrap, - sha384_finish_wrap, - sha384_wrap, - sha384_ctx_alloc, - sha384_ctx_free, - sha384_clone_wrap, - sha384_process_wrap, + mbedtls_sha384_starts_wrap, + mbedtls_sha384_update_wrap, + mbedtls_sha384_finish_wrap, + mbedtls_sha384_wrap, + mbedtls_sha384_ctx_alloc, + mbedtls_sha384_ctx_free, + mbedtls_sha384_clone_wrap, + mbedtls_sha384_process_wrap, }; -#endif /* MBEDTLS_MD_SINGLE_HASH */ - -static int sha512_starts_wrap( void *ctx ) -{ - return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); -} - -static int sha512_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); -} - -#if !defined(MBEDTLS_MD_SINGLE_HASH) const mbedtls_md_info_t mbedtls_sha512_info = { MBEDTLS_MD_SHA512, "SHA512", 64, 128, - sha512_starts_wrap, - sha384_update_wrap, - sha384_finish_wrap, - sha512_wrap, - sha384_ctx_alloc, - sha384_ctx_free, - sha384_clone_wrap, - sha384_process_wrap, + mbedtls_sha512_starts_wrap, + mbedtls_sha384_update_wrap, + mbedtls_sha384_finish_wrap, + mbedtls_sha512_wrap, + mbedtls_sha384_ctx_alloc, + mbedtls_sha384_ctx_free, + mbedtls_sha384_clone_wrap, + mbedtls_sha384_process_wrap, }; -#endif /* MBEDTLS_MD_SINGLE_HASH */ - #endif /* MBEDTLS_SHA512_C */ -/* - * Getter functions for MD info structure. - */ - -#if !defined(MBEDTLS_MD_SINGLE_HASH) - -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type( - mbedtls_md_handle_t info ) -{ - return( info->type ); -} - -MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name( - mbedtls_md_handle_t info ) -{ - return( info->name ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size( - mbedtls_md_handle_t info ) -{ - return( info->size ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( - mbedtls_md_handle_t info ) -{ - return( info->block_size ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( - mbedtls_md_handle_t info, - void *ctx ) -{ - return( info->starts_func( ctx ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( - mbedtls_md_handle_t info, - void *ctx, - const unsigned char *input, - size_t ilen ) -{ - return( info->update_func( ctx, input, ilen ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( - mbedtls_md_handle_t info, - void *ctx, - unsigned char *output ) -{ - return( info->finish_func( ctx, output ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( - mbedtls_md_handle_t info, - const unsigned char *input, - size_t ilen, - unsigned char *output ) -{ - return( info->digest_func( input, ilen, output ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( - mbedtls_md_handle_t info ) -{ - return( info->ctx_alloc_func() ); -} - -MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( - mbedtls_md_handle_t info, - void *ctx ) -{ - info->ctx_free_func( ctx ); -} - -MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( - mbedtls_md_handle_t info, - void *dst, - const void *src ) -{ - info->clone_func( dst, src ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( - mbedtls_md_handle_t info, - void *ctx, - const unsigned char *input ) -{ - return( info->process_func( ctx, input ) ); -} - -#else /* !MBEDTLS_MD_SINGLE_HASH */ - -MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type( - mbedtls_md_handle_t info ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name( - mbedtls_md_handle_t info ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_NAME( MBEDTLS_MD_SINGLE_HASH ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size( - mbedtls_md_handle_t info ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_SIZE( MBEDTLS_MD_SINGLE_HASH ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( - mbedtls_md_handle_t info ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_BLOCKSIZE( MBEDTLS_MD_SINGLE_HASH ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( - mbedtls_md_handle_t info, - void *ctx ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( - mbedtls_md_handle_t info, - void *ctx, - const unsigned char *input, - size_t ilen ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH ) - ( ctx, input, ilen ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( - mbedtls_md_handle_t info, - void *ctx, - unsigned char *output ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH ) - ( ctx, output ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( - mbedtls_md_handle_t info, - const unsigned char *input, - size_t ilen, - unsigned char *output ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH ) - ( input, ilen, output ) ); -} - -MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( - mbedtls_md_handle_t info ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH )() ); -} - -MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( - mbedtls_md_handle_t info, - void *ctx ) -{ - ((void) info); - MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ); -} - -MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( - mbedtls_md_handle_t info, - void *dst, - const void *src ) -{ - ((void) info); - MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH )( dst, src ); -} - -MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( - mbedtls_md_handle_t info, - void *ctx, - const unsigned char *input ) -{ - ((void) info); - return( MBEDTLS_MD_INFO_PROCESS_FUNC( MBEDTLS_MD_SINGLE_HASH ) - ( ctx, input ) ); -} - -#endif /* MBEDTLS_MD_SINGLE_HASH */ - -#if !defined(MBEDTLS_MD_SINGLE_HASH) - /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ From 7a7b7227cba34aca0e8bb7898ed92427470b8fd9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 12:47:48 +0100 Subject: [PATCH 39/78] Add dummy def of MBEDTLS_MD_INFO_SHA256 to make check-names.sh happy --- include/mbedtls/md_internal.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 568c9714b..b1bb7e332 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -73,6 +73,9 @@ extern "C" { * Message-digest information macro definition */ +/* Dummy definition to keep check-names.sh happy - don't uncomment */ +//#define MBEDTLS_MD_INFO_SHA256 + /* SHA-256 */ #define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" From 527f7c9307d83122ba303af4c682d84e1959c311 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 12:46:07 +0100 Subject: [PATCH 40/78] MD: Demonstrate config-dep'n API inlining for mbedtls_md_starts() --- include/mbedtls/md.h | 34 +++++++++++++++++++++++++++++++++- library/md.c | 12 +++--------- 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 120473d94..b1caca8b7 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -82,6 +82,8 @@ typedef enum { #if !defined(MBEDTLS_MD_SINGLE_HASH) +#define MBEDTLS_MD_INLINABLE_API + /** * Opaque struct defined in md.c. */ @@ -93,6 +95,8 @@ typedef struct mbedtls_md_info_t const * mbedtls_md_handle_t; #else /* !MBEDTLS_MD_SINGLE_HASH */ +#define MBEDTLS_MD_INLINABLE_API MBEDTLS_ALWAYS_INLINE static inline + typedef int mbedtls_md_handle_t; #define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) 0 ) #define MBEDTLS_MD_UNIQUE_VALID_HANDLE ( (mbedtls_md_handle_t) 1 ) @@ -308,7 +312,7 @@ const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_starts( mbedtls_md_context_t *ctx ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( mbedtls_md_context_t *ctx ); /** * \brief This function feeds an input buffer into an ongoing @@ -500,6 +504,34 @@ int mbedtls_md_hmac( mbedtls_md_handle_t md_info, const unsigned char *key, size /* Internal use */ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ); +/* + * Internal wrapper functions for those MD API functions which should be + * inlined in some but not all configurations. The actual MD API will be + * implemented either here or in md.c, and forward to the wrappers. + */ + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_starts_internal( + mbedtls_md_context_t *ctx ) +{ + mbedtls_md_handle_t md_info; + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_starts( md_info, ctx->md_ctx ) ); +} + +#if defined(MBEDTLS_MD_SINGLE_HASH) +MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( + mbedtls_md_context_t *ctx ) +{ + return( mbedtls_md_starts_internal( ctx ) ); +} +#endif /* MBEDTLS_MD_SINGLE_HASH */ + #ifdef __cplusplus } #endif diff --git a/library/md.c b/library/md.c index f81a1a9e3..bf90b502b 100644 --- a/library/md.c +++ b/library/md.c @@ -459,18 +459,12 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in return( 0 ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { - mbedtls_md_handle_t md_info; - if( ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - md_info = mbedtls_md_get_handle( ctx ); - if( md_info == MBEDTLS_MD_INVALID_HANDLE ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( mbedtls_md_info_starts( md_info, ctx->md_ctx ) ); + return( mbedtls_md_starts_internal( ctx ) ); } +#endif /* !MBEDTLS_MD_SINGLE_HASH */ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) { From fdef5ac13b77dc8645e78d6aba7dead9dd91ce3e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 13:20:05 +0100 Subject: [PATCH 41/78] MD: Implement config dep'n inlining of mbedtls_md_update() --- include/mbedtls/md.h | 29 ++++++++++++++++++++++++++++- library/md.c | 17 +++++------------ 2 files changed, 33 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index b1caca8b7..cc04f2210 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -330,7 +330,9 @@ MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_update( mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the digest operation, @@ -524,12 +526,37 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_starts_internal( return( mbedtls_md_info_starts( md_info, ctx->md_ctx ) ); } +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_update_internal( + mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md_handle_t md_info; + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_update( md_info, ctx->md_ctx, + input, ilen ) ); +} + #if defined(MBEDTLS_MD_SINGLE_HASH) MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { return( mbedtls_md_starts_internal( ctx ) ); } + +MBEDTLS_MD_INLINABLE_API int mbedtls_md_update( + mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md_update_internal( ctx, input, ilen ) ); +} #endif /* MBEDTLS_MD_SINGLE_HASH */ #ifdef __cplusplus diff --git a/library/md.c b/library/md.c index bf90b502b..aa14f838d 100644 --- a/library/md.c +++ b/library/md.c @@ -464,21 +464,14 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { return( mbedtls_md_starts_internal( ctx ) ); } -#endif /* !MBEDTLS_MD_SINGLE_HASH */ -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md_update( mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ) { - mbedtls_md_handle_t md_info; - if( ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - md_info = mbedtls_md_get_handle( ctx ); - if( md_info == MBEDTLS_MD_INVALID_HANDLE ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( mbedtls_md_info_update( md_info, ctx->md_ctx, - input, ilen ) ); + return( mbedtls_md_update_internal( ctx, input, ilen ) ); } +#endif /* !MBEDTLS_MD_SINGLE_HASH */ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { From 993691d9ba9d9b3d984724802c6f12643d09ac72 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 13:24:44 +0100 Subject: [PATCH 42/78] MD: Implement config dep'n inlining of mbedtls_md_finish() --- include/mbedtls/md.h | 54 +++++++++++++++++++++++++++++++++++++++++--- library/md.c | 19 +++------------- 2 files changed, 54 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index cc04f2210..899623f7a 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -352,7 +352,8 @@ MBEDTLS_MD_INLINABLE_API int mbedtls_md_update( mbedtls_md_context_t *ctx, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_finish( mbedtls_md_context_t *ctx, + unsigned char *output ); /** * \brief This function calculates the message-digest of a buffer, @@ -372,8 +373,11 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen, - unsigned char *output ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md( + mbedtls_md_handle_t md_info, + const unsigned char *input, + size_t ilen, + unsigned char *output ); #if defined(MBEDTLS_FS_IO) /** @@ -543,6 +547,34 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_update_internal( input, ilen ) ); } +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_finish_internal( + mbedtls_md_context_t *ctx, unsigned char *output ) +{ + mbedtls_md_handle_t md_info; + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_finish( md_info, ctx->md_ctx, + output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_internal( + mbedtls_md_handle_t md_info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) +{ + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_digest( md_info, input, + ilen, output) ); +} + #if defined(MBEDTLS_MD_SINGLE_HASH) MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( mbedtls_md_context_t *ctx ) @@ -557,6 +589,22 @@ MBEDTLS_MD_INLINABLE_API int mbedtls_md_update( { return( mbedtls_md_update_internal( ctx, input, ilen ) ); } + +MBEDTLS_MD_INLINABLE_API int mbedtls_md_finish( + mbedtls_md_context_t *ctx, unsigned char *output ) +{ + return( mbedtls_md_finish_internal( ctx, output ) ); +} + +MBEDTLS_MD_INLINABLE_API int mbedtls_md( + mbedtls_md_handle_t md_info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) +{ + return( mbedtls_md_internal( md_info, input, ilen, output ) ); +} + #endif /* MBEDTLS_MD_SINGLE_HASH */ #ifdef __cplusplus diff --git a/library/md.c b/library/md.c index aa14f838d..b648baabc 100644 --- a/library/md.c +++ b/library/md.c @@ -471,31 +471,18 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, { return( mbedtls_md_update_internal( ctx, input, ilen ) ); } -#endif /* !MBEDTLS_MD_SINGLE_HASH */ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { - mbedtls_md_handle_t md_info; - if( ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - md_info = mbedtls_md_get_handle( ctx ); - if( md_info == MBEDTLS_MD_INVALID_HANDLE ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( mbedtls_md_info_finish( md_info, ctx->md_ctx, - output ) ); + return( mbedtls_md_finish_internal( ctx, output ) ); } int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen, unsigned char *output ) { - if( md_info == MBEDTLS_MD_INVALID_HANDLE ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( mbedtls_md_info_digest( md_info, input, - ilen, output) ); + return( mbedtls_md_internal( md_info, input, ilen, output ) ); } +#endif /* !MBEDTLS_MD_SINGLE_HASH */ #if defined(MBEDTLS_FS_IO) int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned char *output ) From 53ade9fa628a4db49acb6225c69a50476370e914 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 13:44:51 +0100 Subject: [PATCH 43/78] MD: Implement config dep'n inlining of mbedtls_md_process() --- include/mbedtls/md.h | 23 ++++++++++++++++++++++- library/md.c | 12 +++--------- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 899623f7a..104c5777a 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -508,7 +508,8 @@ int mbedtls_md_hmac( mbedtls_md_handle_t md_info, const unsigned char *key, size unsigned char *output ); /* Internal use */ -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_process( mbedtls_md_context_t *ctx, + const unsigned char *data ); /* * Internal wrapper functions for those MD API functions which should be @@ -575,6 +576,20 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_internal( ilen, output) ); } +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_process_internal( + mbedtls_md_context_t *ctx, const unsigned char *data ) +{ + mbedtls_md_handle_t md_info; + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_process( md_info, ctx->md_ctx, data ) ); +} + #if defined(MBEDTLS_MD_SINGLE_HASH) MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( mbedtls_md_context_t *ctx ) @@ -605,6 +620,12 @@ MBEDTLS_MD_INLINABLE_API int mbedtls_md( return( mbedtls_md_internal( md_info, input, ilen, output ) ); } +MBEDTLS_MD_INLINABLE_API int mbedtls_md_process( + mbedtls_md_context_t *ctx, const unsigned char *data ) +{ + return( mbedtls_md_process_internal( ctx, data ) ); +} + #endif /* MBEDTLS_MD_SINGLE_HASH */ #ifdef __cplusplus diff --git a/library/md.c b/library/md.c index b648baabc..09985328f 100644 --- a/library/md.c +++ b/library/md.c @@ -711,18 +711,12 @@ cleanup: return( ret ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) { - mbedtls_md_handle_t md_info; - if( ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - md_info = mbedtls_md_get_handle( ctx ); - if( md_info == MBEDTLS_MD_INVALID_HANDLE ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( mbedtls_md_info_process( md_info, ctx->md_ctx, data ) ); + return( mbedtls_md_process_internal( ctx, data ) ); } +#endif /* !MBEDTLS_MD_SINGLE_HASH */ unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info ) { From d73aabd1c23c8c3debd3eb2b29ab25cecf72bcb6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 15:14:51 +0100 Subject: [PATCH 44/78] Fixup: Declare digest info structures as static They're defined and used within library/md.c only and hence need not be of external linkage. --- library/md.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/md.c b/library/md.c index 09985328f..5e9c5b404 100644 --- a/library/md.c +++ b/library/md.c @@ -59,7 +59,7 @@ * MD-2 */ #if defined(MBEDTLS_MD2_C) -const mbedtls_md_info_t mbedtls_md2_info = { +static const mbedtls_md_info_t mbedtls_md2_info = { MBEDTLS_MD_MD2, "MD2", 16, @@ -80,7 +80,7 @@ const mbedtls_md_info_t mbedtls_md2_info = { */ #if defined(MBEDTLS_MD4_C) -const mbedtls_md_info_t mbedtls_md4_info = { +static const mbedtls_md_info_t mbedtls_md4_info = { MBEDTLS_MD_MD4, "MD4", 16, @@ -101,7 +101,7 @@ const mbedtls_md_info_t mbedtls_md4_info = { */ #if defined(MBEDTLS_MD5_C) -const mbedtls_md_info_t mbedtls_md5_info = { +static const mbedtls_md_info_t mbedtls_md5_info = { MBEDTLS_MD_MD5, "MD5", 16, @@ -122,7 +122,7 @@ const mbedtls_md_info_t mbedtls_md5_info = { */ #if defined(MBEDTLS_RIPEMD160_C) -const mbedtls_md_info_t mbedtls_ripemd160_info = { +static const mbedtls_md_info_t mbedtls_ripemd160_info = { MBEDTLS_MD_RIPEMD160, "RIPEMD160", 20, @@ -143,7 +143,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { */ #if defined(MBEDTLS_SHA1_C) -const mbedtls_md_info_t mbedtls_sha1_info = { +static const mbedtls_md_info_t mbedtls_sha1_info = { MBEDTLS_MD_SHA1, "SHA1", 20, @@ -165,7 +165,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = { #if defined(MBEDTLS_SHA256_C) #if !defined(MBEDTLS_SHA256_NO_SHA224) -const mbedtls_md_info_t mbedtls_sha224_info = { +static const mbedtls_md_info_t mbedtls_sha224_info = { MBEDTLS_MD_SHA224, "SHA224", 28, @@ -180,7 +180,7 @@ const mbedtls_md_info_t mbedtls_sha224_info = { mbedtls_sha224_process_wrap, }; #endif /* !MBEDTLS_SHA256_NO_SHA224 */ -const mbedtls_md_info_t mbedtls_sha256_info = +static const mbedtls_md_info_t mbedtls_sha256_info = MBEDTLS_MD_INFO( MBEDTLS_MD_INFO_SHA256 ); #endif /* MBEDTLS_SHA256_C */ @@ -189,7 +189,7 @@ const mbedtls_md_info_t mbedtls_sha256_info = */ #if defined(MBEDTLS_SHA512_C) -const mbedtls_md_info_t mbedtls_sha384_info = { +static const mbedtls_md_info_t mbedtls_sha384_info = { MBEDTLS_MD_SHA384, "SHA384", 48, @@ -203,7 +203,7 @@ const mbedtls_md_info_t mbedtls_sha384_info = { mbedtls_sha384_clone_wrap, mbedtls_sha384_process_wrap, }; -const mbedtls_md_info_t mbedtls_sha512_info = { +static const mbedtls_md_info_t mbedtls_sha512_info = { MBEDTLS_MD_SHA512, "SHA512", 64, From 7a78fe409bc74cbc9168291d6b9870274a040923 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 15:41:21 +0100 Subject: [PATCH 45/78] Fixup: Avoid unused function warning for MD wrappers --- include/mbedtls/md_internal.h | 112 +++++++++++++++++----------------- 1 file changed, 57 insertions(+), 55 deletions(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index b1bb7e332..53742fd9a 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -69,6 +69,8 @@ extern "C" { #endif +#define MBEDTLS_MD_WRAPPER MBEDTLS_ALWAYS_INLINE static inline + /* * Message-digest information macro definition */ @@ -216,23 +218,23 @@ struct mbedtls_md_info_t #if defined(MBEDTLS_MD2_C) -static int mbedtls_md2_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_md2_starts_wrap( void *ctx ) { return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); } -static int mbedtls_md2_update_wrap( void *ctx, const unsigned char *input, +MBEDTLS_MD_WRAPPER int mbedtls_md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); } -static int mbedtls_md2_finish_wrap( void *ctx, unsigned char *output ) +MBEDTLS_MD_WRAPPER int mbedtls_md2_finish_wrap( void *ctx, unsigned char *output ) { return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); } -static void* mbedtls_md2_ctx_alloc( void ) +MBEDTLS_MD_WRAPPER void* mbedtls_md2_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) ); @@ -242,19 +244,19 @@ static void* mbedtls_md2_ctx_alloc( void ) return( ctx ); } -static void mbedtls_md2_ctx_free( void *ctx ) +MBEDTLS_MD_WRAPPER void mbedtls_md2_ctx_free( void *ctx ) { mbedtls_md2_free( (mbedtls_md2_context *) ctx ); mbedtls_free( ctx ); } -static void mbedtls_md2_clone_wrap( void *dst, const void *src ) +MBEDTLS_MD_WRAPPER void mbedtls_md2_clone_wrap( void *dst, const void *src ) { mbedtls_md2_clone( (mbedtls_md2_context *) dst, (const mbedtls_md2_context *) src ); } -static int mbedtls_md2_process_wrap( void *ctx, const unsigned char *data ) +MBEDTLS_MD_WRAPPER int mbedtls_md2_process_wrap( void *ctx, const unsigned char *data ) { ((void) data); @@ -269,23 +271,23 @@ static int mbedtls_md2_process_wrap( void *ctx, const unsigned char *data ) #if defined(MBEDTLS_MD4_C) -static int mbedtls_md4_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_md4_starts_wrap( void *ctx ) { return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); } -static int mbedtls_md4_update_wrap( void *ctx, const unsigned char *input, +MBEDTLS_MD_WRAPPER int mbedtls_md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); } -static int mbedtls_md4_finish_wrap( void *ctx, unsigned char *output ) +MBEDTLS_MD_WRAPPER int mbedtls_md4_finish_wrap( void *ctx, unsigned char *output ) { return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); } -static void* mbedtls_md4_ctx_alloc( void ) +MBEDTLS_MD_WRAPPER void* mbedtls_md4_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) ); @@ -295,19 +297,19 @@ static void* mbedtls_md4_ctx_alloc( void ) return( ctx ); } -static void mbedtls_md4_ctx_free( void *ctx ) +MBEDTLS_MD_WRAPPER void mbedtls_md4_ctx_free( void *ctx ) { mbedtls_md4_free( (mbedtls_md4_context *) ctx ); mbedtls_free( ctx ); } -static void mbedtls_md4_clone_wrap( void *dst, const void *src ) +MBEDTLS_MD_WRAPPER void mbedtls_md4_clone_wrap( void *dst, const void *src ) { mbedtls_md4_clone( (mbedtls_md4_context *) dst, (const mbedtls_md4_context *) src ); } -static int mbedtls_md4_process_wrap( void *ctx, const unsigned char *data ) +MBEDTLS_MD_WRAPPER int mbedtls_md4_process_wrap( void *ctx, const unsigned char *data ) { return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); } @@ -320,23 +322,23 @@ static int mbedtls_md4_process_wrap( void *ctx, const unsigned char *data ) #if defined(MBEDTLS_MD5_C) -static int mbedtls_md5_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_md5_starts_wrap( void *ctx ) { return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); } -static int mbedtls_md5_update_wrap( void *ctx, const unsigned char *input, +MBEDTLS_MD_WRAPPER int mbedtls_md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); } -static int mbedtls_md5_finish_wrap( void *ctx, unsigned char *output ) +MBEDTLS_MD_WRAPPER int mbedtls_md5_finish_wrap( void *ctx, unsigned char *output ) { return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); } -static void* mbedtls_md5_ctx_alloc( void ) +MBEDTLS_MD_WRAPPER void* mbedtls_md5_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) ); @@ -346,19 +348,19 @@ static void* mbedtls_md5_ctx_alloc( void ) return( ctx ); } -static void mbedtls_md5_ctx_free( void *ctx ) +MBEDTLS_MD_WRAPPER void mbedtls_md5_ctx_free( void *ctx ) { mbedtls_md5_free( (mbedtls_md5_context *) ctx ); mbedtls_free( ctx ); } -static void mbedtls_md5_clone_wrap( void *dst, const void *src ) +MBEDTLS_MD_WRAPPER void mbedtls_md5_clone_wrap( void *dst, const void *src ) { mbedtls_md5_clone( (mbedtls_md5_context *) dst, (const mbedtls_md5_context *) src ); } -static int mbedtls_md5_process_wrap( void *ctx, const unsigned char *data ) +MBEDTLS_MD_WRAPPER int mbedtls_md5_process_wrap( void *ctx, const unsigned char *data ) { return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); } @@ -371,25 +373,25 @@ static int mbedtls_md5_process_wrap( void *ctx, const unsigned char *data ) #if defined(MBEDTLS_RIPEMD160_C) -static int mbedtls_ripemd160_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_starts_wrap( void *ctx ) { return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); } -static int mbedtls_ripemd160_update_wrap( void *ctx, const unsigned char *input, +MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, input, ilen ) ); } -static int mbedtls_ripemd160_finish_wrap( void *ctx, unsigned char *output ) +MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_finish_wrap( void *ctx, unsigned char *output ) { return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, output ) ); } -static void* mbedtls_ripemd160_ctx_alloc( void ) +MBEDTLS_MD_WRAPPER void* mbedtls_ripemd160_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) ); @@ -399,19 +401,19 @@ static void* mbedtls_ripemd160_ctx_alloc( void ) return( ctx ); } -static void mbedtls_ripemd160_ctx_free( void *ctx ) +MBEDTLS_MD_WRAPPER void mbedtls_ripemd160_ctx_free( void *ctx ) { mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx ); mbedtls_free( ctx ); } -static void mbedtls_ripemd160_clone_wrap( void *dst, const void *src ) +MBEDTLS_MD_WRAPPER void mbedtls_ripemd160_clone_wrap( void *dst, const void *src ) { mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst, (const mbedtls_ripemd160_context *) src ); } -static int mbedtls_ripemd160_process_wrap( void *ctx, const unsigned char *data ) +MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_process_wrap( void *ctx, const unsigned char *data ) { return( mbedtls_internal_ripemd160_process( (mbedtls_ripemd160_context *) ctx, data ) ); @@ -425,24 +427,24 @@ static int mbedtls_ripemd160_process_wrap( void *ctx, const unsigned char *data #if defined(MBEDTLS_SHA1_C) -static int mbedtls_sha1_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_sha1_starts_wrap( void *ctx ) { return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); } -static int mbedtls_sha1_update_wrap( void *ctx, const unsigned char *input, +MBEDTLS_MD_WRAPPER int mbedtls_sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, input, ilen ) ); } -static int mbedtls_sha1_finish_wrap( void *ctx, unsigned char *output ) +MBEDTLS_MD_WRAPPER int mbedtls_sha1_finish_wrap( void *ctx, unsigned char *output ) { return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); } -static void* mbedtls_sha1_ctx_alloc( void ) +MBEDTLS_MD_WRAPPER void* mbedtls_sha1_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) ); @@ -452,19 +454,19 @@ static void* mbedtls_sha1_ctx_alloc( void ) return( ctx ); } -static void mbedtls_sha1_clone_wrap( void *dst, const void *src ) +MBEDTLS_MD_WRAPPER void mbedtls_sha1_clone_wrap( void *dst, const void *src ) { mbedtls_sha1_clone( (mbedtls_sha1_context *) dst, (const mbedtls_sha1_context *) src ); } -static void mbedtls_sha1_ctx_free( void *ctx ) +MBEDTLS_MD_WRAPPER void mbedtls_sha1_ctx_free( void *ctx ) { mbedtls_sha1_free( (mbedtls_sha1_context *) ctx ); mbedtls_free( ctx ); } -static int mbedtls_sha1_process_wrap( void *ctx, const unsigned char *data ) +MBEDTLS_MD_WRAPPER int mbedtls_sha1_process_wrap( void *ctx, const unsigned char *data ) { return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, data ) ); @@ -479,34 +481,34 @@ static int mbedtls_sha1_process_wrap( void *ctx, const unsigned char *data ) #if defined(MBEDTLS_SHA256_C) #if !defined(MBEDTLS_SHA256_NO_SHA224) -static int mbedtls_sha224_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_sha224_starts_wrap( void *ctx ) { return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); } #endif /* !MBEDTLS_SHA256_NO_SHA224 */ -static int mbedtls_sha224_update_wrap( void *ctx, const unsigned char *input, +MBEDTLS_MD_WRAPPER int mbedtls_sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, input, ilen ) ); } -static int mbedtls_sha224_finish_wrap( void *ctx, unsigned char *output ) +MBEDTLS_MD_WRAPPER int mbedtls_sha224_finish_wrap( void *ctx, unsigned char *output ) { return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, output ) ); } #if !defined(MBEDTLS_SHA256_NO_SHA224) -static int mbedtls_sha224_wrap( const unsigned char *input, size_t ilen, +MBEDTLS_MD_WRAPPER int mbedtls_sha224_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); } #endif /* !MBEDTLS_SHA256_NO_SHA224 */ -static void* mbedtls_sha224_ctx_alloc( void ) +MBEDTLS_MD_WRAPPER void* mbedtls_sha224_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) ); @@ -516,30 +518,30 @@ static void* mbedtls_sha224_ctx_alloc( void ) return( ctx ); } -static void mbedtls_sha224_ctx_free( void *ctx ) +MBEDTLS_MD_WRAPPER void mbedtls_sha224_ctx_free( void *ctx ) { mbedtls_sha256_free( (mbedtls_sha256_context *) ctx ); mbedtls_free( ctx ); } -static void mbedtls_sha224_clone_wrap( void *dst, const void *src ) +MBEDTLS_MD_WRAPPER void mbedtls_sha224_clone_wrap( void *dst, const void *src ) { mbedtls_sha256_clone( (mbedtls_sha256_context *) dst, (const mbedtls_sha256_context *) src ); } -static int mbedtls_sha224_process_wrap( void *ctx, const unsigned char *data ) +MBEDTLS_MD_WRAPPER int mbedtls_sha224_process_wrap( void *ctx, const unsigned char *data ) { return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, data ) ); } -static int mbedtls_sha256_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_sha256_starts_wrap( void *ctx ) { return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); } -static int mbedtls_sha256_wrap( const unsigned char *input, size_t ilen, +MBEDTLS_MD_WRAPPER int mbedtls_sha256_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); @@ -553,31 +555,31 @@ static int mbedtls_sha256_wrap( const unsigned char *input, size_t ilen, #if defined(MBEDTLS_SHA512_C) -static int mbedtls_sha384_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_sha384_starts_wrap( void *ctx ) { return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); } -static int mbedtls_sha384_update_wrap( void *ctx, const unsigned char *input, +MBEDTLS_MD_WRAPPER int mbedtls_sha384_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, input, ilen ) ); } -static int mbedtls_sha384_finish_wrap( void *ctx, unsigned char *output ) +MBEDTLS_MD_WRAPPER int mbedtls_sha384_finish_wrap( void *ctx, unsigned char *output ) { return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, output ) ); } -static int mbedtls_sha384_wrap( const unsigned char *input, size_t ilen, +MBEDTLS_MD_WRAPPER int mbedtls_sha384_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); } -static void* mbedtls_sha384_ctx_alloc( void ) +MBEDTLS_MD_WRAPPER void* mbedtls_sha384_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) ); @@ -587,30 +589,30 @@ static void* mbedtls_sha384_ctx_alloc( void ) return( ctx ); } -static void mbedtls_sha384_ctx_free( void *ctx ) +MBEDTLS_MD_WRAPPER void mbedtls_sha384_ctx_free( void *ctx ) { mbedtls_sha512_free( (mbedtls_sha512_context *) ctx ); mbedtls_free( ctx ); } -static void mbedtls_sha384_clone_wrap( void *dst, const void *src ) +MBEDTLS_MD_WRAPPER void mbedtls_sha384_clone_wrap( void *dst, const void *src ) { mbedtls_sha512_clone( (mbedtls_sha512_context *) dst, (const mbedtls_sha512_context *) src ); } -static int mbedtls_sha384_process_wrap( void *ctx, const unsigned char *data ) +MBEDTLS_MD_WRAPPER int mbedtls_sha384_process_wrap( void *ctx, const unsigned char *data ) { return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, data ) ); } -static int mbedtls_sha512_starts_wrap( void *ctx ) +MBEDTLS_MD_WRAPPER int mbedtls_sha512_starts_wrap( void *ctx ) { return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); } -static int mbedtls_sha512_wrap( const unsigned char *input, size_t ilen, +MBEDTLS_MD_WRAPPER int mbedtls_sha512_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); From c290847719f897ffd5cfe58ae59d2dc3aec58aea Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Sep 2019 16:56:11 +0100 Subject: [PATCH 46/78] Fixup md.h: Fix use of `inline` keyword in MSVC --- include/mbedtls/md.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 104c5777a..277656884 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -35,6 +35,11 @@ #include MBEDTLS_CONFIG_FILE #endif +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ From 6deddf761a18e58df6f9c430dae1fba1d8658f1f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Sep 2019 11:17:30 +0100 Subject: [PATCH 47/78] MD: Introduce macro for underlying context type --- include/mbedtls/md_internal.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 53742fd9a..4c08f8501 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -80,6 +80,7 @@ extern "C" { /* SHA-256 */ #define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 +#define MBEDTLS_MD_INFO_SHA256_CTX_TYPE mbedtls_sha256_context #define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" #define MBEDTLS_MD_INFO_SHA256_SIZE 32 #define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 @@ -96,6 +97,7 @@ extern "C" { * Helper macros to extract fields from ciphersuites. */ +#define MBEDTLS_MD_INFO_CTX_TYPE_T( MD ) MD ## _CTX_TYPE #define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE #define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME #define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE @@ -114,6 +116,7 @@ extern "C" { * field name. This allows to call these macros as * MBEDTLS_MD_INFO_XXX( MBEDTLS_MD_SINGLE_HASH ). * where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ +#define MBEDTLS_MD_INFO_CTX_TYPE( MD ) MBEDTLS_MD_INFO_CTX_TYPE_T( MD ) #define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) #define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) #define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) From 4a99765f941a6dd6e36fae7c28ee4e12e977720a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Sep 2019 11:55:25 +0100 Subject: [PATCH 48/78] MD: Introduce macro for initialization function --- include/mbedtls/md_internal.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 4c08f8501..2cd518577 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -81,6 +81,7 @@ extern "C" { /* SHA-256 */ #define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_MD_INFO_SHA256_CTX_TYPE mbedtls_sha256_context +#define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_sha256_init #define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" #define MBEDTLS_MD_INFO_SHA256_SIZE 32 #define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 @@ -98,6 +99,7 @@ extern "C" { */ #define MBEDTLS_MD_INFO_CTX_TYPE_T( MD ) MD ## _CTX_TYPE +#define MBEDTLS_MD_INFO_INIT_FUNC_T( MD ) MD ## _INIT_FUNC #define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE #define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME #define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE @@ -117,6 +119,7 @@ extern "C" { * MBEDTLS_MD_INFO_XXX( MBEDTLS_MD_SINGLE_HASH ). * where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ #define MBEDTLS_MD_INFO_CTX_TYPE( MD ) MBEDTLS_MD_INFO_CTX_TYPE_T( MD ) +#define MBEDTLS_MD_INFO_INIT_FUNC( MD ) MBEDTLS_MD_INFO_INIT_FUNC_T( MD ) #define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) #define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) #define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) @@ -764,6 +767,14 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( ( ctx, input, ilen ) ); } +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_init( + mbedtls_md_handle_t info, + void *ctx ) +{ + ((void) info); + MBEDTLS_MD_INFO_INIT_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ); +} + MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( mbedtls_md_handle_t info, void *ctx, From 52e36bc1a1d40d023f66cfec371200ac4a089d5d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Sep 2019 13:02:52 +0100 Subject: [PATCH 49/78] MD: Embed digest context structure into MD wrapper context --- include/mbedtls/md.h | 13 +++++++++++-- library/md.c | 11 ++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 277656884..942d1f53e 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -108,6 +108,8 @@ typedef int mbedtls_md_handle_t; #endif /* !MBEDTLS_MD_SINGLE_HASH */ +#include "md_internal.h" + /** * The generic message-digest context. */ @@ -118,11 +120,20 @@ typedef struct mbedtls_md_context_t mbedtls_md_handle_t md_info; #endif +#if !defined(MBEDTLS_MD_SINGLE_HASH) /** The digest-specific context. */ void *md_ctx; /** The HMAC part of the context. */ void *hmac_ctx; +#else + unsigned char md_ctx[ sizeof( MBEDTLS_MD_INFO_CTX_TYPE( + MBEDTLS_MD_SINGLE_HASH ) ) ]; + + unsigned char hmac_ctx[ 2 * MBEDTLS_MD_INFO_BLOCKSIZE( + MBEDTLS_MD_SINGLE_HASH ) ]; + +#endif /* MBEDTLS_MD_SINGLE_HASH */ } mbedtls_md_context_t; #if !defined(MBEDTLS_MD_SINGLE_HASH) @@ -140,8 +151,6 @@ static inline mbedtls_md_handle_t mbedtls_md_get_handle( } #endif /* !MBEDTLS_MD_SINGLE_HASH */ -#include "md_internal.h" - /** * \brief This function returns the list of digests supported by the * generic digest module. diff --git a/library/md.c b/library/md.c index 5e9c5b404..accf301ba 100644 --- a/library/md.c +++ b/library/md.c @@ -388,6 +388,11 @@ mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) void mbedtls_md_init( mbedtls_md_context_t *ctx ) { memset( ctx, 0, sizeof( mbedtls_md_context_t ) ); + +#if defined(MBEDTLS_MD_SINGLE_HASH) + mbedtls_md_info_init( mbedtls_md_get_handle( ctx ), + ctx->md_ctx ); +#endif } void mbedtls_md_free( mbedtls_md_context_t *ctx ) @@ -395,6 +400,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) if( ctx == NULL || mbedtls_md_get_handle( ctx ) == MBEDTLS_MD_INVALID_HANDLE ) return; +#if !defined(MBEDTLS_MD_SINGLE_HASH) if( ctx->md_ctx != NULL ) { mbedtls_md_info_ctx_free( mbedtls_md_get_handle( ctx ), ctx->md_ctx ); @@ -406,6 +412,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) 2 * mbedtls_md_info_block_size( mbedtls_md_get_handle( ctx ) ) ); mbedtls_free( ctx->hmac_ctx ); } +#endif /* MBEDTLS_MD_SINGLE_HASH */ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); } @@ -437,6 +444,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) ctx->md_ctx = mbedtls_md_info_ctx_alloc( md_info ); if( ctx->md_ctx == NULL ) return( MBEDTLS_ERR_MD_ALLOC_FAILED ); @@ -452,8 +460,9 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, in } } -#if !defined(MBEDTLS_MD_SINGLE_HASH) ctx->md_info = md_info; +#else + ((void) hmac); #endif return( 0 ); From 64b0623cbbd0b9ee397d5137324376c426b4e8d3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Sep 2019 13:02:32 +0100 Subject: [PATCH 50/78] MD: Implement config dep'n inlining of mbedtls_md_setup() --- include/mbedtls/md.h | 41 ++++++++++++++++++++++++++++++++++++++++- library/md.c | 28 ++-------------------------- 2 files changed, 42 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 942d1f53e..3b847b4a0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -256,7 +256,9 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_setup( mbedtls_md_context_t *ctx, + mbedtls_md_handle_t md_info, + int hmac ); /** * \brief This function clones the state of an message-digest @@ -531,6 +533,36 @@ MBEDTLS_MD_INLINABLE_API int mbedtls_md_process( mbedtls_md_context_t *ctx, * implemented either here or in md.c, and forward to the wrappers. */ +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_setup_internal( + mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ) +{ + if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + +#if !defined(MBEDTLS_MD_SINGLE_HASH) + ctx->md_ctx = mbedtls_md_info_ctx_alloc( md_info ); + if( ctx->md_ctx == NULL ) + return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + + if( hmac != 0 ) + { + ctx->hmac_ctx = mbedtls_calloc( 2, + mbedtls_md_info_block_size( md_info ) ); + if( ctx->hmac_ctx == NULL ) + { + mbedtls_md_info_ctx_free( md_info, ctx->md_ctx); + return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + } + } + + ctx->md_info = md_info; +#else + ((void) hmac); +#endif /* MBEDTLS_MD_SINGLE_HASH */ + + return( 0 ); +} + MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_starts_internal( mbedtls_md_context_t *ctx ) { @@ -605,6 +637,13 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_process_internal( } #if defined(MBEDTLS_MD_SINGLE_HASH) + +MBEDTLS_MD_INLINABLE_API int mbedtls_md_setup( + mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ) +{ + return( mbedtls_md_setup_internal( ctx, md_info, hmac ) ); +} + MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { diff --git a/library/md.c b/library/md.c index accf301ba..df010ae27 100644 --- a/library/md.c +++ b/library/md.c @@ -439,36 +439,12 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info } #endif +#if !defined(MBEDTLS_MD_SINGLE_HASH) int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ) { - if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - -#if !defined(MBEDTLS_MD_SINGLE_HASH) - ctx->md_ctx = mbedtls_md_info_ctx_alloc( md_info ); - if( ctx->md_ctx == NULL ) - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); - - if( hmac != 0 ) - { - ctx->hmac_ctx = mbedtls_calloc( 2, - mbedtls_md_info_block_size( md_info ) ); - if( ctx->hmac_ctx == NULL ) - { - mbedtls_md_info_ctx_free( md_info, ctx->md_ctx ); - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); - } - } - - ctx->md_info = md_info; -#else - ((void) hmac); -#endif - - return( 0 ); + return( mbedtls_md_setup_internal( ctx, md_info, hmac ) ); } -#if !defined(MBEDTLS_MD_SINGLE_HASH) int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { return( mbedtls_md_starts_internal( ctx ) ); From 94f48e00523ad931f9db4a34b02b92c28298101f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Sep 2019 13:02:57 +0100 Subject: [PATCH 51/78] MD: Use no-op for context SHA-256 init() and free() When MBEDTLS_MD_SINGLE_HASH is set, the underlying digest's context is embedded into mbedtls_md_context_t, which is zeroized before the underlying digest's init() function is called. For those digests where initialization is zeroization, the init() call can therefore be omitted. Similarly, when free()-ing an mbedtls_md_context_t, the entire context is zeroized in the end, hence if the underlying digest's free() function is zeroization, it can be omitted. --- include/mbedtls/md_internal.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 2cd518577..d44c8af73 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -79,9 +79,21 @@ extern "C" { //#define MBEDTLS_MD_INFO_SHA256 /* SHA-256 */ +static inline void mbedtls_md_sha256_init_free_dummy( void* ctx ) +{ + /* Zero-initialization can be skipped. */ + ((void) ctx); +} #define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_MD_INFO_SHA256_CTX_TYPE mbedtls_sha256_context +#if defined(MBEDTLS_MD_SINGLE_HASH) +/* mbedtls_md_sha256_init() only zeroizes, which is redundant + * because mbedtls_md_context is zeroized in mbedtls_md_init(), + * and the mbedtls_sha256_context is embedded in mbedtls_md_context_t. */ +#define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_md_sha256_init_free_dummy +#else #define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_sha256_init +#endif /* MBEDTLS_MD_SINGLE_HASH */ #define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" #define MBEDTLS_MD_INFO_SHA256_SIZE 32 #define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 @@ -90,7 +102,14 @@ extern "C" { #define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC mbedtls_sha224_finish_wrap #define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC mbedtls_sha256_wrap #define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC mbedtls_sha224_ctx_alloc +#if defined(MBEDTLS_MD_SINGLE_HASH) +/* mbedtls_md_sha256_free() only zeroizes, which is redundant + * because mbedtls_md_context is zeroized in mbedtls_md_init(), + * and the mbedtls_sha256_context is embedded in mbedtls_md_context_t. */ +#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_md_sha256_init_free_dummy +#else #define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_sha224_ctx_free +#endif /* MBEDTLS_MD_SINGLE_HASH */ #define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC mbedtls_sha224_clone_wrap #define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC mbedtls_sha224_process_wrap From 3252c4d913fa58157950d75ced27f6e7aaa1ebb5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Sep 2019 15:03:56 +0100 Subject: [PATCH 52/78] Fixup MD: Avoid always-false pointer comparison When MBEDTLS_MD_SINGLE_HASH is set, both the underlying digest context and the HMAC data are embedded into the mbedtls_md_context; otherwise, they're dynamically allocated and referenced from mbedtls_md_context. When the HMAC data is embedded in mbedtls_md_context, it's unnecessary to check whether mbedtls_md_context::hmac_ctx is NULL, because that's never the case in defined behaviour, but the check has kept for uniformity so far. However, contrary to the expectation that compilers would silently remove this check as always false, ARMC6 complains about it, breaking some tests in all.sh. This commit fixes this by guarding checks for mbedtls_md_context::hmac_ctx == NULL by !MBEDTLS_MD_SINGLE_HASH. --- library/md.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/library/md.c b/library/md.c index df010ae27..882942e13 100644 --- a/library/md.c +++ b/library/md.c @@ -529,9 +529,14 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, mbedtls_md_handle_t md_info; - if( ctx == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + md_info = mbedtls_md_get_handle( ctx ); if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -587,9 +592,14 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, { mbedtls_md_handle_t md_info; - if( ctx == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + md_info = mbedtls_md_get_handle( ctx ); if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -607,9 +617,14 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) mbedtls_md_handle_t md_info; - if( ctx == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + md_info = mbedtls_md_get_handle( ctx ); if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -648,9 +663,14 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) mbedtls_md_handle_t md_info; - if( ctx == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + md_info = mbedtls_md_get_handle( ctx ); if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); From 55fdae04f705fe71353cbe0e65a32db7a58a9497 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 6 Sep 2019 11:57:32 +0100 Subject: [PATCH 53/78] Fixup: Improve comment on helper macros in md_internal.h --- include/mbedtls/md_internal.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index d44c8af73..38f89dbea 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -132,11 +132,11 @@ static inline void mbedtls_md_sha256_init_free_dummy( void* ctx ) #define MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) MD ## _CLONE_FUNC #define MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) MD ## _PROCESS_FUNC -/* Wrapper around MBEDTLS_MD_INFO_XXX_T() which makes sure that +/* Wrapper around MBEDTLS_MD_INFO_{FIELD}_T() which makes sure that * the argument is macro-expanded before concatenated with the * field name. This allows to call these macros as - * MBEDTLS_MD_INFO_XXX( MBEDTLS_MD_SINGLE_HASH ). - * where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_XXX. */ + * MBEDTLS_MD_INFO_{FIELD}( MBEDTLS_MD_SINGLE_HASH ). + * where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_{DIGEST}. */ #define MBEDTLS_MD_INFO_CTX_TYPE( MD ) MBEDTLS_MD_INFO_CTX_TYPE_T( MD ) #define MBEDTLS_MD_INFO_INIT_FUNC( MD ) MBEDTLS_MD_INFO_INIT_FUNC_T( MD ) #define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) From f207562cdca8d9fb94f2f34adf2998a2fc921499 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 6 Sep 2019 11:58:41 +0100 Subject: [PATCH 54/78] Fixup: Typo in all.sh component description for single-MD hardcoding --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f1317e7c3..eec23a8a7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -928,7 +928,7 @@ component_test_hardcoded_hash_cmake_clang() { msg "test: main suites (full config + MBEDTLS_MD_SINGLE_HASH)" # ~ 5s make test - msg "test: ssl-opt.sh default (full config + MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)" # ~ 5s + msg "test: ssl-opt.sh default (full config + MBEDTLS_MD_SINGLE_HASH)" # ~ 5s if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$' } From f6cc3cd2a5132c2fb5feb68c414cf56e848d8bb4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 6 Sep 2019 11:59:11 +0100 Subject: [PATCH 55/78] Fixup: Typo in check_config.h entry for single hash encoding --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 6955246b0..96340e88b 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -786,7 +786,7 @@ #define MBEDTLS_THREADING_IMPL #endif -/* Ensurethat precisely one hash is enabled. */ +/* Ensure that precisely one hash is enabled. */ #if defined(MBEDTLS_MD_SINGLE_HASH) #if defined(MBEDTLS_SHA256_C) From 18c8936a7338c0981838eb41ec426ed48b19128a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 6 Sep 2019 11:59:39 +0100 Subject: [PATCH 56/78] Fixup: Correct Doxygen file name primitive in md_internal.h --- include/mbedtls/md_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 38f89dbea..87f78375e 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -1,5 +1,5 @@ /** - * \file md.h + * \file md_internal.h * * \brief This file contains the generic message-digest wrapper. * From 56d1b2389ca76712769c44b506de83e652aa2d8b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 6 Sep 2019 12:01:23 +0100 Subject: [PATCH 57/78] Fixup: Don't assume that alt SHA256 impln's have trivial init/free --- include/mbedtls/md_internal.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 87f78375e..84944ee44 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -86,14 +86,14 @@ static inline void mbedtls_md_sha256_init_free_dummy( void* ctx ) } #define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_MD_INFO_SHA256_CTX_TYPE mbedtls_sha256_context -#if defined(MBEDTLS_MD_SINGLE_HASH) +#if defined(MBEDTLS_MD_SINGLE_HASH) && !defined(MBEDTLS_SHA256_ALT) /* mbedtls_md_sha256_init() only zeroizes, which is redundant * because mbedtls_md_context is zeroized in mbedtls_md_init(), * and the mbedtls_sha256_context is embedded in mbedtls_md_context_t. */ #define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_md_sha256_init_free_dummy #else #define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_sha256_init -#endif /* MBEDTLS_MD_SINGLE_HASH */ +#endif /* MBEDTLS_MD_SINGLE_HASH && !MBEDTLS_SHA256_ALT */ #define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" #define MBEDTLS_MD_INFO_SHA256_SIZE 32 #define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 @@ -102,14 +102,14 @@ static inline void mbedtls_md_sha256_init_free_dummy( void* ctx ) #define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC mbedtls_sha224_finish_wrap #define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC mbedtls_sha256_wrap #define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC mbedtls_sha224_ctx_alloc -#if defined(MBEDTLS_MD_SINGLE_HASH) +#if defined(MBEDTLS_MD_SINGLE_HASH) && !defined(MBEDTLS_SHA256_ALT) /* mbedtls_md_sha256_free() only zeroizes, which is redundant * because mbedtls_md_context is zeroized in mbedtls_md_init(), * and the mbedtls_sha256_context is embedded in mbedtls_md_context_t. */ #define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_md_sha256_init_free_dummy #else #define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_sha224_ctx_free -#endif /* MBEDTLS_MD_SINGLE_HASH */ +#endif /* MBEDTLS_MD_SINGLE_HASH && !MBEDTLS_SHA256_ALT */ #define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC mbedtls_sha224_clone_wrap #define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC mbedtls_sha224_process_wrap From 9ec3fe0d4371b3d384b53da199775def7ab3abee Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 1 Jul 2019 17:36:12 +0100 Subject: [PATCH 58/78] Introduce configuration option to remove CRT verification callbacks --- configs/baremetal.h | 1 + include/mbedtls/config.h | 11 ++++++ include/mbedtls/ssl.h | 8 +++-- include/mbedtls/x509_crt.h | 30 ++++++++++------ library/ssl_tls.c | 10 ++++-- library/version_features.c | 3 ++ library/x509.c | 9 +++++ library/x509_crt.c | 35 +++++++++++++----- programs/ssl/query_config.c | 8 +++++ programs/ssl/ssl_client2.c | 20 +++++++---- programs/x509/cert_app.c | 19 ++++++++-- scripts/config.pl | 2 ++ tests/scripts/all.sh | 15 ++++++++ tests/ssl-opt.sh | 36 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 6 ++-- tests/suites/test_suite_x509parse.function | 41 +++++++++++++++++++--- 16 files changed, 213 insertions(+), 41 deletions(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index 1b522551a..e1066fe7b 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -116,6 +116,7 @@ #define MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID #define MBEDTLS_X509_ON_DEMAND_PARSING #define MBEDTLS_X509_ALWAYS_FLUSH +#define MBEDTLS_X509_REMOVE_VERIFY_CALLBACK #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f32498b1b..22b6e5430 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2018,6 +2018,17 @@ */ //#define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +/** + * \def MBEDTLS_X509_REMOVE_VERIFY_CALLBACK + * + * Remove support for X.509 certificate verification callbacks. + * + * Uncomment to save some bytes of code by removing support for X.509 + * certificate verification callbacks in mbedtls_x509_crt_verify() and + * related verification API. + */ +#define MBEDTLS_X509_REMOVE_VERIFY_CALLBACK + /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 40ad4b114..db5465a36 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1033,7 +1033,8 @@ struct mbedtls_ssl_config void *p_sni; /*!< context for SNI callback */ #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) /** Callback to customize X.509 certificate chain verification */ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); void *p_vrfy; /*!< context for X.509 verify calllback */ @@ -1588,7 +1589,8 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); */ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) /** * \brief Set the verification callback (Optional). * @@ -1603,7 +1605,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #if !defined(MBEDTLS_SSL_CONF_RNG) /** diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 182ab15b0..f0801df79 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -502,14 +502,17 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * verification process. */ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY) - const char *cn, + const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ - uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); + uint32_t *flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + ); /** * \brief Verify the certificate signature according to profile @@ -545,9 +548,12 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY) const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ - uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); + uint32_t *flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + ); /** * \brief Restartable version of \c mbedtls_crt_verify_with_profile() @@ -579,8 +585,10 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ mbedtls_x509_crt_restart_ctx *rs_ctx ); #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e47c45657..6aebc0814 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7181,7 +7181,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, ssl->hostname, #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &ssl->session_negotiate->verify_result, - ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + ssl->conf->f_vrfy, ssl->conf->p_vrfy, +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + rs_ctx ); if( verify_ret != 0 ) { @@ -8523,7 +8526,8 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) #endif /* MBEDTLS_SSL_CONF_AUTHMODE */ } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) @@ -8531,7 +8535,7 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, conf->f_vrfy = f_vrfy; conf->p_vrfy = p_vrfy; } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #if !defined(MBEDTLS_SSL_CONF_RNG) void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, diff --git a/library/version_features.c b/library/version_features.c index bb655c0c9..23aaa2a52 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -576,6 +576,9 @@ static const char *features[] = { #if defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) "MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION", #endif /* MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ +#if defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + "MBEDTLS_X509_REMOVE_VERIFY_CALLBACK", +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) "MBEDTLS_X509_RSASSA_PSS_SUPPORT", #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ diff --git a/library/x509.c b/library/x509.c index 19cc64b79..0eca0592a 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1250,11 +1250,20 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n X.509 signature verify: "); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &flags, NULL, NULL ); +#else + ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, +#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) + NULL, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ + &flags ); +#endif + if( ret != 0 ) { if( verbose != 0 ) diff --git a/library/x509_crt.c b/library/x509_crt.c index 0089ef2a3..730126be8 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -3590,9 +3590,12 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) + uint32_t *flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) + , void *p_vrfy +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + ) { return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, &mbedtls_x509_crt_profile_default, @@ -3600,7 +3603,10 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ flags, - f_vrfy, p_vrfy, NULL ) ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + f_vrfy, p_vrfy, +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + NULL ) ); } /* @@ -3613,16 +3619,23 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) + uint32_t *flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) + , void *p_vrfy +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + ) { return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, profile, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - flags, f_vrfy, p_vrfy, NULL ) ); + flags, +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + f_vrfy, p_vrfy, +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + NULL ) ); } /* @@ -3643,8 +3656,10 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ uint32_t *flags, +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; @@ -3702,7 +3717,11 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, ver_chain.items[0].flags |= ee_flags; /* Build final flags, calling callback on the way if any */ +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); +#else + ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, NULL, NULL ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ exit: #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index dd5051466..0f555b717 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1578,6 +1578,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ +#if defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + if( strcmp( "MBEDTLS_X509_REMOVE_VERIFY_CALLBACK", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_X509_REMOVE_VERIFY_CALLBACK ); + return( 0 ); + } +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 788793a49..6fa051a90 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -664,6 +664,8 @@ static int send_cb( void *ctx, unsigned char const *buf, size_t len ) !MBEDTLS_SSL_CONF_RECV_TIMEOUT */ #if defined(MBEDTLS_X509_CRT_PARSE_C) + +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) static unsigned char peer_crt_info[1024]; /* @@ -704,6 +706,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, return( 0 ); } +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -1894,8 +1897,10 @@ int main( int argc, char *argv[] ) #endif } +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ @@ -2316,10 +2321,11 @@ int main( int argc, char *argv[] ) else mbedtls_printf( " ok\n" ); -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) mbedtls_printf( " . Peer certificate information ...\n" ); mbedtls_printf( "%s\n", peer_crt_info ); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ +#endif /* !MBEDTLS_X509_REMOVE_INFO && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2648,9 +2654,10 @@ send_request: mbedtls_printf( " . Restarting connection from same port..." ); fflush( stdout ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { @@ -2825,9 +2832,10 @@ reconnect: mbedtls_printf( " . Reconnecting with saved session..." ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 74efea388..b82f83f8f 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -129,6 +129,7 @@ static void my_debug( void *ctx, int level, } #endif /* MBEDTLS_DEBUG_C */ +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags ) { char buf[1024]; @@ -148,6 +149,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl return( 0 ); } +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #if defined(MBEDTLS_SSL_CONF_RNG) int rng_wrap( void *ctx, unsigned char *dst, size_t len ); @@ -363,11 +365,21 @@ int main( int argc, char *argv[] ) { mbedtls_printf( " . Verifying X.509 certificate..." ); - if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - &flags, my_verify, NULL ) ) != 0 ) + &flags, + my_verify, NULL ); +#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, +#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) + NULL, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ + &flags ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + if( ret != 0 ) { char vrfy_buf[512]; @@ -436,7 +448,10 @@ int main( int argc, char *argv[] ) { mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED ); mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); + +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); +#endif } else mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); diff --git a/scripts/config.pl b/scripts/config.pl index 751ea1db1..0922e53a7 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -43,6 +43,7 @@ # MBEDTLS_X509_CRT_REMOVE_TIME # MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID # MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +# MBEDTLS_X509_REMOVE_VERIFY_CALLBACK # MBEDTLS_ZLIB_SUPPORT # MBEDTLS_PKCS11_C # and any symbol beginning _ALT @@ -110,6 +111,7 @@ MBEDTLS_X509_REMOVE_INFO MBEDTLS_X509_CRT_REMOVE_TIME MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +MBEDTLS_X509_REMOVE_VERIFY_CALLBACK MBEDTLS_ZLIB_SUPPORT MBEDTLS_PKCS11_C MBEDTLS_NO_UDBL_DIVISION diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1e3287c46..ff0019bbf 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1348,6 +1348,21 @@ component_test_no_hostname_verification () { if_build_succeeded tests/ssl-opt.sh } +component_test_no_x509_verify_callback () { + msg "build: full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 10s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_X509_REMOVE_VERIFY_CALLBACK + make CFLAGS='-Werror -O1' + + msg "test: full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 10s + make test + + msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 1 min + if_build_succeeded tests/ssl-opt.sh +} + component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s scripts/config.pl baremetal diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index da87793ec..38bfed728 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1188,6 +1188,7 @@ run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \ requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SHA-1 forbidden by default in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI debug_level=2 allow_sha1=0" \ @@ -1212,6 +1213,7 @@ run_test "SHA-256 allowed by default in server certificate" \ requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SHA-1 forbidden by default in client certificate" \ "$P_SRV auth_mode=required allow_sha1=0" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ @@ -3653,6 +3655,7 @@ run_test "DER format: with 9 trailing random bytes" \ # Tests for auth_mode requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: server badcert, client required" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -3664,6 +3667,7 @@ run_test "Authentication: server badcert, client required" \ -c "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: server badcert, client optional" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -3675,6 +3679,7 @@ run_test "Authentication: server badcert, client optional" \ -C "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: server goodcert, client optional, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ @@ -3687,6 +3692,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \ -C "SSL - No CA Chain is set, but required to operate" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ @@ -3783,6 +3789,7 @@ run_test "Authentication: client has no cert, server required (TLS)" \ -s "No client certification received from the client, but required by the authentication mode" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client badcert, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -3805,6 +3812,7 @@ run_test "Authentication: client badcert, server required" \ # before reading the alert message. requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -3823,6 +3831,7 @@ run_test "Authentication: client cert not trusted, server required" \ -s "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -3858,6 +3867,7 @@ run_test "Authentication: client badcert, server none" \ -S "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -3876,6 +3886,7 @@ run_test "Authentication: client no cert, server optional" \ -S "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: openssl client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional ca_file=data_files/test-ca2.crt" \ "$O_CLI" \ @@ -3908,6 +3919,7 @@ run_test "Authentication: client no cert, openssl server required" \ requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client no cert, ssl3" \ "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ @@ -4026,6 +4038,7 @@ run_test "Authentication: do not send CA list in CertificateRequest" \ -S "requested DN" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: send CA list in CertificateRequest, client self signed" \ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -4041,6 +4054,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig # Tests for certificate selection based on SHA verson requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4052,6 +4066,7 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ -C "signed using.*ECDSA with SHA1" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4063,6 +4078,7 @@ run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ -c "signed using.*ECDSA with SHA1" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4074,6 +4090,7 @@ run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ -c "signed using.*ECDSA with SHA1" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4086,6 +4103,7 @@ run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ -C "signed using.*ECDSA with SHA1" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ "$P_SRV crt_file=data_files/server6.crt \ key_file=data_files/server6.key \ @@ -4100,6 +4118,7 @@ run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ # tests for SNI requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: no SNI callback" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key" \ @@ -4111,6 +4130,7 @@ run_test "SNI: no SNI callback" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: matching cert 1" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4123,6 +4143,7 @@ run_test "SNI: matching cert 1" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: matching cert 2" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4189,6 +4210,7 @@ run_test "SNI: client auth override: optional -> none" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: CA no override" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4209,6 +4231,7 @@ run_test "SNI: CA no override" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: CA override" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4229,6 +4252,7 @@ run_test "SNI: CA override" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4250,6 +4274,7 @@ run_test "SNI: CA override with CRL" \ # Tests for SNI and DTLS requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, no SNI callback" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key" \ @@ -4261,6 +4286,7 @@ run_test "SNI: DTLS, no SNI callback" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, matching cert 1" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4273,6 +4299,7 @@ run_test "SNI: DTLS, matching cert 1" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, matching cert 2" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4339,6 +4366,7 @@ run_test "SNI: DTLS, client auth override: optional -> none" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, CA no override" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4378,6 +4406,7 @@ run_test "SNI: DTLS, CA override" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ @@ -4816,6 +4845,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ -C "Ciphersuite is TLS-" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ @@ -4848,6 +4878,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail" \ -C "Ciphersuite is TLS-" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ @@ -6399,6 +6430,7 @@ run_test "EC restart: TLS, max_ops=1000" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "EC restart: TLS, max_ops=1000, badsign" \ "$P_SRV auth_mode=required ca_file=data_files/test-ca2.crt \ crt_file=data_files/server5-badsign.crt \ @@ -6435,6 +6467,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ -C "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ "$P_SRV auth_mode=required ca_file=data_files/test-ca2.crt \ @@ -6535,6 +6568,7 @@ run_test "SSL async private: sign, RSA, TLS 1.1" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SSL async private: sign, SNI" \ "$P_SRV debug_level=3 \ async_operations=s async_private_delay1=0 async_private_delay2=0 \ @@ -6998,6 +7032,7 @@ run_test "DTLS client auth: required" \ -s "Verifying peer X.509 certificate... ok" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "DTLS client auth: optional, client has no cert" \ "$P_SRV dtls=1 auth_mode=optional" \ "$P_CLI dtls=1 crt_file=none key_file=none" \ @@ -7005,6 +7040,7 @@ run_test "DTLS client auth: optional, client has no cert" \ -s "! Certificate was missing" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "DTLS client auth: none, client has no cert" \ "$P_SRV dtls=1 auth_mode=none" \ "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 375feb9a3..aa4099537 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -560,11 +560,11 @@ depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBE x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #19 (Valid Cert, denying callback) -depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none" X509 CRT verification #19 (Not trusted Cert, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all" X509 CRT verification #21 (domain matching wildcard certificate, case insensitive) @@ -920,7 +920,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #92 (bad name, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 96ad7d932..130d90fa8 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -334,7 +334,10 @@ void x509_verify_restart( char *crt_file, char *ca_file, NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &flags, - NULL, NULL, &rs_ctx ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + NULL, NULL, +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == result ); @@ -355,7 +358,10 @@ void x509_verify_restart( char *crt_file, char *ca_file, NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &flags, - NULL, NULL, &rs_ctx ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + NULL, NULL, +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + &rs_ctx ); TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); exit: @@ -376,7 +382,9 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, mbedtls_x509_crl crl; uint32_t flags = 0; int res; +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL; +#endif const mbedtls_x509_crt_profile *profile; #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) char * cn_name = NULL; @@ -406,6 +414,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, else TEST_ASSERT( "Unknown algorithm profile" == 0 ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) if( strcmp( verify_callback, "NULL" ) == 0 ) f_vrfy = NULL; else if( strcmp( verify_callback, "verify_none" ) == 0 ) @@ -414,16 +423,28 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, f_vrfy = verify_all; else TEST_ASSERT( "No known verify callback selected" == 0 ); +#else + if( strcmp( verify_callback, "NULL" ) != 0 ) + TEST_ASSERT( "Verify callbacks disabled" == 0 ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) cn_name, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &flags, f_vrfy, NULL ); +#else + res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, +#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) + cn_name, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ + &flags ); +#endif TEST_ASSERT( res == ( result ) ); if( flags != (uint32_t) flags_result ) @@ -441,7 +462,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ void x509_verify_callback( char *crt_file, char *ca_file, char *name, int exp_ret, char *exp_vrfy_out ) { @@ -827,11 +848,21 @@ void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int, TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 ); /* Try to verify that chain */ +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - &flags, NULL, NULL ); + &flags, + NULL, NULL ); +#else + ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, +#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) + NULL, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ + &flags ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + TEST_ASSERT( ret == ret_chk ); TEST_ASSERT( flags == (uint32_t) flags_chk ); @@ -841,7 +872,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result, int result, char *profile_name, int vrfy_fatal_lvls ) From adc282a5e881293540d02db94c02f6bfb002101a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 16 Aug 2019 17:14:25 +0100 Subject: [PATCH 59/78] Add zero-cost abstraction layer for CRT verification chain When verifying an X.509 certificate, the current verification logic maintains an instance of the internal mbedtls_x509_crt_verify_chain structure representing the state of the verification process. This instance references the list of certificates that comprise the chain built so far together with their verification flags. This information must be stored during verification because it's being passed to the verification callback at the end of verification - if the user has specified those. If the user hasn't specified a verification callback, it is not necessary to maintain the list of CRTs, and it is also not necessary to maintain verification flags for each CRT individually, as they're merged at the end of the verification process. To allow a readable simplification of the code in case no verification callbacks are used, this commit introduces a zero-cost abstraction layer for the functionality that's required from the verification chain structure: - init/reset - add a new CRT to the chain - get pointer to current CRT flags - add flags to EE certificate - get current chain length - trigger callbacks and get final (merged) flags This gives flexibility for re-implementing the verification chain structure, e.g. in the case where no verification callbacks are provided, and there's hence no need to store CRTs and flags individually. This will be done in a later commit. --- include/mbedtls/x509_crt.h | 3 + library/x509_crt.c | 152 ++++++++++++++++++++++--------------- 2 files changed, 92 insertions(+), 63 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index f0801df79..e90f6a09a 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -249,6 +249,9 @@ typedef struct /* for find_parent_in() */ mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ + /* current child CRT */ + mbedtls_x509_crt *cur_crt; + #if defined(MBEDTLS_HAVE_TIME_DATE) mbedtls_x509_crt *fallback_parent; int fallback_signature_is_good; diff --git a/library/x509_crt.c b/library/x509_crt.c index 730126be8..a04e33ccb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -669,23 +669,6 @@ static int x509_check_wildcard( char const *cn, } #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ -/* - * Reset (init or clear) a verify_chain - */ -static void x509_crt_verify_chain_reset( - mbedtls_x509_crt_verify_chain *ver_chain ) -{ - size_t i; - - for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) - { - ver_chain->items[i].crt = NULL; - ver_chain->items[i].flags = (uint32_t) -1; - } - - ver_chain->len = 0; -} - /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ @@ -3202,6 +3185,82 @@ static int x509_crt_check_ee_locally_trusted( return( -1 ); } +/* + * Reset (init or clear) a verify_chain + */ +static void x509_crt_verify_chain_reset( + mbedtls_x509_crt_verify_chain *ver_chain ) +{ + size_t i; + + for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) + { + ver_chain->items[i].crt = NULL; + ver_chain->items[i].flags = (uint32_t) -1; + } + + ver_chain->len = 0; +} + +/* + * Merge the flags for all certs in the chain, after calling callback + */ +static int x509_crt_verify_chain_get_flags( + const mbedtls_x509_crt_verify_chain *ver_chain, + uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + int ret; + unsigned i; + uint32_t cur_flags; + const mbedtls_x509_crt_verify_chain_item *cur; + + for( i = ver_chain->len; i != 0; --i ) + { + cur = &ver_chain->items[i-1]; + cur_flags = cur->flags; + + if( NULL != f_vrfy ) + if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) + return( ret ); + + *flags |= cur_flags; + } + + return( 0 ); +} + +static void x509_crt_verify_chain_add_ee_flags( + mbedtls_x509_crt_verify_chain *chain, + uint32_t ee_flags ) +{ + chain->items[0].flags |= ee_flags; +} + +static void x509_crt_verify_chain_add_crt( + mbedtls_x509_crt_verify_chain *chain, + mbedtls_x509_crt *crt ) +{ + mbedtls_x509_crt_verify_chain_item *cur; + cur = &chain->items[chain->len]; + cur->crt = crt; + cur->flags = 0; + chain->len++; +} + +static uint32_t* x509_crt_verify_chain_get_cur_flags( + mbedtls_x509_crt_verify_chain *chain ) +{ + return( &chain->items[chain->len - 1].flags ); +} + +static unsigned x509_crt_verify_chain_len( + mbedtls_x509_crt_verify_chain const *chain ) +{ + return( chain->len ); +} + /* * Build and verify a certificate chain * @@ -3254,7 +3313,6 @@ static int x509_crt_verify_chain( * catch potential issues with jumping ahead when restarting */ int ret; uint32_t *flags; - mbedtls_x509_crt_verify_chain_item *cur; mbedtls_x509_crt *child_crt; mbedtls_x509_crt *parent_crt; int parent_is_trusted; @@ -3269,10 +3327,7 @@ static int x509_crt_verify_chain( /* restore saved state */ *ver_chain = rs_ctx->ver_chain; /* struct copy */ self_cnt = rs_ctx->self_cnt; - - /* restore derived state */ - cur = &ver_chain->items[ver_chain->len - 1]; - child_crt = cur->crt; + child_crt = rs_ctx->cur_crt; child_is_trusted = 0; goto find_parent; @@ -3291,16 +3346,13 @@ static int x509_crt_verify_chain( int self_issued; /* Add certificate to the verification chain */ - cur = &ver_chain->items[ver_chain->len]; - cur->crt = child_crt; - cur->flags = 0; - ver_chain->len++; + x509_crt_verify_chain_add_crt( ver_chain, child_crt ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) find_parent: #endif - flags = &cur->flags; + flags = x509_crt_verify_chain_get_cur_flags( ver_chain ); { mbedtls_x509_crt_sig_info child_sig; @@ -3342,7 +3394,7 @@ find_parent: *flags |= MBEDTLS_X509_BADCERT_BAD_PK; /* Special case: EE certs that are locally trusted */ - if( ver_chain->len == 1 && self_issued && + if( x509_crt_verify_chain_len( ver_chain ) == 1 && self_issued && x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) { mbedtls_x509_crt_frame_release( child_crt ); @@ -3364,7 +3416,8 @@ find_parent: ret = x509_crt_find_parent( &child_sig, child_crt->next, trust_ca, &parent_crt, &parent_is_trusted, &signature_is_good, - ver_chain->len - 1, self_cnt, rs_ctx ); + x509_crt_verify_chain_len( ver_chain ) - 1, + self_cnt, rs_ctx ); x509_crt_free_sig_info( &child_sig ); } @@ -3376,6 +3429,7 @@ find_parent: rs_ctx->in_progress = x509_crt_rs_find_parent; rs_ctx->self_cnt = self_cnt; rs_ctx->ver_chain = *ver_chain; /* struct copy */ + rs_ctx->cur_crt = child_crt; return( ret ); } #else @@ -3392,13 +3446,14 @@ find_parent: /* Count intermediate self-issued (not necessarily self-signed) certs. * These can occur with some strategies for key rollover, see [SIRO], * and should be excluded from max_pathlen checks. */ - if( ver_chain->len != 1 && self_issued ) + if( x509_crt_verify_chain_len( ver_chain ) != 1 && self_issued ) self_cnt++; /* path_cnt is 0 for the first intermediate CA, * and if parent is trusted it's not an intermediate CA */ if( ! parent_is_trusted && - ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) + x509_crt_verify_chain_len( ver_chain ) > + MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { /* return immediately to avoid overflow the chain array */ return( MBEDTLS_ERR_X509_FATAL_ERROR ); @@ -3552,35 +3607,6 @@ static int x509_crt_verify_name( const mbedtls_x509_crt *crt, } #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ -/* - * Merge the flags for all certs in the chain, after calling callback - */ -static int x509_crt_merge_flags_with_cb( - uint32_t *flags, - const mbedtls_x509_crt_verify_chain *ver_chain, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ - int ret; - unsigned i; - uint32_t cur_flags; - const mbedtls_x509_crt_verify_chain_item *cur; - - for( i = ver_chain->len; i != 0; --i ) - { - cur = &ver_chain->items[i-1]; - cur_flags = cur->flags; - - if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) - return( ret ); - - *flags |= cur_flags; - } - - return( 0 ); -} - /* * Verify the certificate validity (default profile, not restartable) */ @@ -3714,13 +3740,13 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, goto exit; /* Merge end-entity flags */ - ver_chain.items[0].flags |= ee_flags; + x509_crt_verify_chain_add_ee_flags( &ver_chain, ee_flags ); /* Build final flags, calling callback on the way if any */ #if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) - ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); + ret = x509_crt_verify_chain_get_flags( &ver_chain, flags, f_vrfy, p_vrfy ); #else - ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, NULL, NULL ); + ret = x509_crt_verify_chain_get_flags( &ver_chain, flags, NULL, NULL ); #endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ exit: From 8d6d3206036e2017cdccf638bc46a2b2e5e00d66 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 16 Aug 2019 17:18:15 +0100 Subject: [PATCH 60/78] Re-implement verify chain if vrfy cbs are disabled This commit re-implements the previously introduced internal verification chain API in the case where verification callbacks are disabled. In this situation, it is not necessary to maintain the list of individual certificates and flags comprising the verification chain - instead, it suffices to just keep track of the length and the total (=merged) flags. --- include/mbedtls/x509_crt.h | 12 ++++++++ library/x509_crt.c | 58 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e90f6a09a..aa0ec9749 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -214,6 +214,8 @@ typedef struct mbedtls_x509write_cert mbedtls_x509write_cert; #endif /* MBEDTLS_X509_CRT_WRITE_C */ +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + /** * Item in a verification chain: cert and flags for it */ @@ -236,6 +238,16 @@ typedef struct unsigned len; } mbedtls_x509_crt_verify_chain; +#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + +typedef struct +{ + unsigned len; + uint32_t flags; +} mbedtls_x509_crt_verify_chain; + +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** diff --git a/library/x509_crt.c b/library/x509_crt.c index a04e33ccb..5f2af7fcb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -3185,6 +3185,8 @@ static int x509_crt_check_ee_locally_trusted( return( -1 ); } +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + /* * Reset (init or clear) a verify_chain */ @@ -3261,6 +3263,62 @@ static unsigned x509_crt_verify_chain_len( return( chain->len ); } +#else + +/* + * Reset (init or clear) a verify_chain + */ +static void x509_crt_verify_chain_reset( + mbedtls_x509_crt_verify_chain *ver_chain ) +{ + ver_chain->len = 0; + ver_chain->flags = 0; +} + +/* + * Merge the flags for all certs in the chain, after calling callback + */ +static int x509_crt_verify_chain_get_flags( + const mbedtls_x509_crt_verify_chain *ver_chain, + uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + ((void) f_vrfy); + ((void) p_vrfy); + *flags = ver_chain->flags; + return( 0 ); +} + +static void x509_crt_verify_chain_add_ee_flags( + mbedtls_x509_crt_verify_chain *chain, + uint32_t ee_flags ) +{ + chain->flags |= ee_flags; +} + +static void x509_crt_verify_chain_add_crt( + mbedtls_x509_crt_verify_chain *chain, + mbedtls_x509_crt *crt ) +{ + ((void) crt); + chain->len++; +} + +static uint32_t* x509_crt_verify_chain_get_cur_flags( + mbedtls_x509_crt_verify_chain *chain ) +{ + return( &chain->flags ); +} + +static unsigned x509_crt_verify_chain_len( + mbedtls_x509_crt_verify_chain const *chain ) +{ + return( chain->len ); +} + +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + /* * Build and verify a certificate chain * From 03d77469279e409fa794afcf3cd14db776e6e8d9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Aug 2019 16:24:56 +0100 Subject: [PATCH 61/78] ECC restart: Use optional verification mode in bad signature test This way, the verification failure string will still be printed even if verification callbacks are disabled, allowing to increase test coverage. --- tests/ssl-opt.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 38bfed728..b0e4515d7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6430,22 +6430,19 @@ run_test "EC restart: TLS, max_ops=1000" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "EC restart: TLS, max_ops=1000, badsign" \ "$P_SRV auth_mode=required ca_file=data_files/test-ca2.crt \ crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \ - debug_level=1 ec_max_ops=1000" \ - 1 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=optional" \ + 0 \ -c "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -c "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" \ -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_ECP_RESTARTABLE From cd839c9aa7e8ee649e49de36bf0fe13d1be29eaa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 29 Aug 2019 11:11:00 +0100 Subject: [PATCH 62/78] Fix Doxygen warnings regarding removed verify cb+ctx parameters --- include/mbedtls/x509_crt.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index aa0ec9749..662ec68a1 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -521,12 +521,12 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, mbedtls_x509_crl *ca_crl, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY) const char *cn, -#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */ uint32_t *flags -#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY) , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy -#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */ ); /** @@ -562,12 +562,12 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, const mbedtls_x509_crt_profile *profile, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY) const char *cn, -#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */ uint32_t *flags -#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY) , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy -#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */ ); /** @@ -598,12 +598,12 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, const mbedtls_x509_crt_profile *profile, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY) const char *cn, -#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */ uint32_t *flags, -#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY) int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, -#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */ mbedtls_x509_crt_restart_ctx *rs_ctx ); #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) From cd239f88396323a2e913b32039166956b97b1fbe Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 29 Aug 2019 11:52:43 +0100 Subject: [PATCH 63/78] X.509: Don't remove verify callback by default --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 22b6e5430..3d78ece77 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2027,7 +2027,7 @@ * certificate verification callbacks in mbedtls_x509_crt_verify() and * related verification API. */ -#define MBEDTLS_X509_REMOVE_VERIFY_CALLBACK +//#define MBEDTLS_X509_REMOVE_VERIFY_CALLBACK /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT From 14b0a680839348f63805eb7197406d865a70b66b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 29 Aug 2019 15:26:15 +0100 Subject: [PATCH 64/78] x509_crt.c: Indicate guarding condition in #else branch --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5f2af7fcb..0676e6481 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -3263,7 +3263,7 @@ static unsigned x509_crt_verify_chain_len( return( chain->len ); } -#else +#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ /* * Reset (init or clear) a verify_chain From 392a8d0e64f5be054daf3ac7c447c7d53dba4b9c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Sep 2019 09:09:58 +0100 Subject: [PATCH 65/78] x509.c: Minor readability improvement --- library/x509.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/library/x509.c b/library/x509.c index 0eca0592a..beb263327 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1250,19 +1250,15 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n X.509 signature verify: "); + ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, +#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) + NULL, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ + &flags #if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) - ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, -#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) - NULL, -#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - &flags, NULL, NULL ); -#else - ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, -#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) - NULL, -#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - &flags ); + , NULL, NULL #endif + ); if( ret != 0 ) { From 0b62ce8ed45889d552824c571270294b7be44354 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Wed, 4 Sep 2019 14:04:57 +0300 Subject: [PATCH 66/78] Use function for 16/24/32-bit BE conversion Use functions for 16/24/32-bit big endian conversion to save ROM. --- include/mbedtls/platform_util.h | 78 ++++++++++++++++ library/platform_util.c | 51 ++++++++++ library/sha256.c | 50 ++-------- library/ssl_cli.c | 136 +++++++++------------------ library/ssl_cookie.c | 12 +-- library/ssl_srv.c | 109 ++++++++-------------- library/ssl_ticket.c | 4 +- library/ssl_tls.c | 159 ++++++++++---------------------- 8 files changed, 276 insertions(+), 323 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 09d096518..77e7efeb3 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -189,6 +189,84 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, struct tm *tm_buf ); #endif /* MBEDTLS_HAVE_TIME_DATE */ +/** + * \brief Convert 32-bit number to big endian format. + * + * This function converts 32-bit number to big endian format and + * writes it to given buffer. + * + * \param buf Address where converted number is written. + * \param num Number that needs to be converted to big endian. + * + * \return Address to end of buffer where number is written. + */ +unsigned char * mbedtls_platform_put_uint32_be( unsigned char *buf, + unsigned long num ); + +/** + * \brief Convert 24-bit number to big endian format. + * + * This function converts 24-bit number to big endian format and + * writes it to given buffer. + * + * \param buf Address where converted number is written. + * \param num Number that needs to be converted to big endian. + * + * \return Address to end of buffer where number is written. + */ +unsigned char * mbedtls_platform_put_uint24_be( unsigned char *buf, + unsigned long num ); + +/** + * \brief Convert 16-bit number to big endian format. + * + * This function converts 16-bit number to big endian format and + * writes it to given buffer. + * + * \param buf Address where converted number is written. + * \param num Number that needs to be converted to big endian. + * + * \return Address to end of buffer where number is written. + */ +unsigned char * mbedtls_platform_put_uint16_be( unsigned char *buf, + unsigned long num ); + +/** + * \brief Convert 32-bit number from big endian format. + * + * The function reads 32-bit number form Big Endian format and + * returns it to the caller. + * + * \param buf Buffer where 32-bit number locates. + * + * \return Converted number. + */ +unsigned int mbedtls_platform_get_uint32_be( const unsigned char *buf ); + +/** + * \brief Convert 24-bit number from big endian format. + * + * The function reads 24-bit number form Big Endian format and + * returns it to the caller. + * + * \param buf Buffer where 24-bit number locates. + * + * \return Converted number. + */ +unsigned int mbedtls_platform_get_uint24_be( const unsigned char *buf ); + +/** + * \brief Convert 16-bit number from big endian format. + * + * The function reads 16-bit number form Big Endian format and + * returns it to the caller. + * + * \param buf Buffer where 16-bit number locates. + * + * \return Converted number. + */ +unsigned short mbedtls_platform_get_uint16_be( const unsigned char *b ); + #ifdef __cplusplus } #endif diff --git a/library/platform_util.c b/library/platform_util.c index 756e22679..f90176910 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -134,3 +134,54 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ + +unsigned char * mbedtls_platform_put_uint32_be( unsigned char *buf, + unsigned long num) +{ + *buf++ = (unsigned char) ( num >> 24 ); + *buf++ = (unsigned char) ( num >> 16 ); + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +unsigned char * mbedtls_platform_put_uint24_be( unsigned char *buf, + unsigned long num ) +{ + *buf++ = (unsigned char) ( num >> 16 ); + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +unsigned char * mbedtls_platform_put_uint16_be( unsigned char *buf, + unsigned long num ) +{ + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +unsigned int mbedtls_platform_get_uint32_be( const unsigned char *buf ) +{ + return ( ( (unsigned int) buf[0] << 24 ) | + ( (unsigned int) buf[1] << 16 ) | + ( (unsigned int) buf[2] << 8 ) | + ( (unsigned int) buf[3] ) ); +} + +unsigned int mbedtls_platform_get_uint24_be( const unsigned char *buf ) +{ + return ( ( buf[0] << 16 ) | + ( buf[1] << 8) | + ( buf[2] ) ); +} + +unsigned short mbedtls_platform_get_uint16_be( const unsigned char *buf ) +{ + return ( ( buf[0] << 8 ) | + ( buf[1] ) ); +} diff --git a/library/sha256.c b/library/sha256.c index c576a0346..1c1df0257 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -49,40 +49,12 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define SHA256_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) #define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) #if !defined(MBEDTLS_SHA256_ALT) -/* - * 32-bit integer manipulation (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) -#endif - -static inline void sha256_put_uint32_be( uint32_t n, - unsigned char *b, - uint8_t i ) -{ - b[i ] = (unsigned char) ( n >> 24 ); - b[i + 1] = (unsigned char) ( n >> 16 ); - b[i + 2] = (unsigned char) ( n >> 8 ); - b[i + 3] = (unsigned char) ( n ); -} - void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { SHA256_VALIDATE( ctx != NULL ); @@ -227,7 +199,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, for( i = 0; i < 64; i++ ) { if( i < 16 ) - GET_UINT32_BE( W[i], data, 4 * i ); + W[i] = mbedtls_platform_get_uint32_be( &data[4 * i] ); else R( i ); @@ -238,7 +210,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, } #else /* MBEDTLS_SHA256_SMALLER */ for( i = 0; i < 16; i++ ) - GET_UINT32_BE( W[i], data, 4 * i ); + W[i] = mbedtls_platform_get_uint32_be( &data[4 * i] ); for( i = 0; i < 16; i += 8 ) { @@ -385,8 +357,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - sha256_put_uint32_be( high, ctx->buffer, 56 ); - sha256_put_uint32_be( low, ctx->buffer, 60 ); + mbedtls_platform_put_uint32_be( ctx->buffer + 56, high ); + mbedtls_platform_put_uint32_be( ctx->buffer + 60, low ); if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); @@ -394,18 +366,16 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, /* * Output final state */ - sha256_put_uint32_be( ctx->state[0], output, 0 ); - sha256_put_uint32_be( ctx->state[1], output, 4 ); - sha256_put_uint32_be( ctx->state[2], output, 8 ); - sha256_put_uint32_be( ctx->state[3], output, 12 ); - sha256_put_uint32_be( ctx->state[4], output, 16 ); - sha256_put_uint32_be( ctx->state[5], output, 20 ); - sha256_put_uint32_be( ctx->state[6], output, 24 ); + + for ( int s_pos = 0, o_pos = 0; s_pos < 7; s_pos++, o_pos += 4 ) + { + mbedtls_platform_put_uint32_be( &output[o_pos], ctx->state[s_pos] ); + } #if !defined(MBEDTLS_SHA256_NO_SHA224) if( ctx->is224 == 0 ) #endif - sha256_put_uint32_be( ctx->state[7], output, 28 ); + mbedtls_platform_put_uint32_be( &output[28], ctx->state[7] ); return( 0 ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5c2d87073..6a9523ecb 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -102,18 +102,14 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * } ServerNameList; * */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); - - *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SERVERNAME ); + p = mbedtls_platform_put_uint16_be( p, hostname_len + 5 ); + p = mbedtls_platform_put_uint16_be( p, hostname_len + 3 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len ) & 0xFF ); + + p = mbedtls_platform_put_uint16_be( p, hostname_len ); memcpy( p, ssl->hostname, hostname_len ); @@ -148,8 +144,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, /* * Secure renegotiation */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ); *p++ = 0x00; *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; @@ -237,15 +232,10 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, * SignatureAndHashAlgorithm * supported_signature_algorithms<2..2^16-2>; */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF ); - - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF ); - - *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SIG_ALG ); + p = mbedtls_platform_put_uint16_be( p, ( sig_alg_len + 2 ) ); + p = mbedtls_platform_put_uint16_be( p, sig_alg_len ); *olen = 6 + sig_alg_len; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && @@ -290,18 +280,13 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); - - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); - - *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ); + p = mbedtls_platform_put_uint16_be( p, ( elliptic_curve_len + 2 ) ); + p = mbedtls_platform_put_uint16_be( p, ( elliptic_curve_len ) ); MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id ) - *p++ = tls_id >> 8; - *p++ = tls_id & 0xFF; + p = mbedtls_platform_put_uint16_be( p, tls_id ); + MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID *olen = 6 + elliptic_curve_len; @@ -324,8 +309,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ); *p++ = 0x00; *p++ = 2; @@ -362,8 +346,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ECJPAKE_KKPP ); /* * We may need to send ClientHello multiple times for Hello verification. @@ -410,8 +393,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, kkpp_len ); *olen = kkpp_len + 4; } @@ -452,11 +434,10 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, } /* Add extension ID + size */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_CID ); ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + + p = mbedtls_platform_put_uint16_be( p, ext_len ); *p++ = (uint8_t) ssl->own_cid_len; memcpy( p, ssl->own_cid, ssl->own_cid_len ); @@ -487,8 +468,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ); *p++ = 0x00; *p++ = 1; @@ -521,8 +501,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_TRUNCATED_HMAC ); *p++ = 0x00; *p++ = 0x00; @@ -556,8 +535,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ); *p++ = 0x00; *p++ = 0x00; @@ -592,8 +570,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ); *p++ = 0x00; *p++ = 0x00; @@ -625,11 +602,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); - - *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( tlen ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SESSION_TICKET ); + p = mbedtls_platform_put_uint16_be( p, tlen ); *olen = 4; @@ -673,8 +647,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ALPN ); /* * opaque ProtocolName<1..2^8-1>; @@ -697,12 +670,9 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, *olen = p - buf; /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); - + mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -730,11 +700,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); - + p = mbedtls_platform_put_uint32_be( p, t ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); #else if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) @@ -1012,8 +978,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); - *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); n++; } #endif @@ -1141,8 +1106,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ext_len > 0 ) { - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ext_len ); p += ext_len; } @@ -1497,7 +1461,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - list_len = ( buf[0] << 8 ) | buf[1]; + list_len = mbedtls_platform_get_uint16_be( buf ); if( list_len != len - 2 ) { mbedtls_ssl_pend_fatal_alert( ssl, @@ -1743,11 +1707,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */ } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", - ( (uint32_t) buf[2] << 24 ) | - ( (uint32_t) buf[3] << 16 ) | - ( (uint32_t) buf[4] << 8 ) | - ( (uint32_t) buf[5] ) ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", mbedtls_platform_get_uint32_be(&buf[2])) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); @@ -1790,7 +1750,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } /* ciphersuite (used later) */ - i = ( buf[35 + n] << 8 ) | buf[36 + n]; + i = mbedtls_platform_get_uint16_be( &buf[ 35 + n ] ); /* * Read and check compression @@ -2462,8 +2422,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl, defined(MBEDTLS_SSL_PROTO_TLS1_2) if( len_bytes == 2 ) { - out[0] = (unsigned char)( *olen >> 8 ); - out[1] = (unsigned char)( *olen ); + mbedtls_platform_put_uint16_be( out, *olen ); *olen += 2; } #endif @@ -2977,7 +2936,8 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - sig_len = ( p[0] << 8 ) | p[1]; + + sig_len = mbedtls_platform_get_uint16_be( p ); p += 2; if( p != end - sig_len ) @@ -3573,9 +3533,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < n + 2 ) return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), @@ -3690,9 +3648,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); memcpy( p, ssl->conf->psk_identity, n ); p += ssl->conf->psk_identity_len; @@ -3736,9 +3692,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), @@ -4036,8 +3990,7 @@ sign: return( ret ); } - ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); - ssl->out_msg[5 + offset] = (unsigned char)( n ); + mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + offset], n ); ssl->out_msglen = 6 + n + offset; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -4103,10 +4056,9 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); - lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) | - ( msg[2] << 8 ) | ( msg[3] ); + lifetime = mbedtls_platform_get_uint32_be( msg ); - ticket_len = ( msg[4] << 8 ) | ( msg[5] ); + ticket_len = mbedtls_platform_get_uint16_be( &msg[4] ); if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen ) { diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 6f0be8a26..a06cc3c18 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -172,12 +172,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, #else t = ctx->serial++; #endif - - (*p)[0] = (unsigned char)( t >> 24 ); - (*p)[1] = (unsigned char)( t >> 16 ); - (*p)[2] = (unsigned char)( t >> 8 ); - (*p)[3] = (unsigned char)( t ); - *p += 4; + *p = mbedtls_platform_put_uint32_be( *p, t ); #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) @@ -243,10 +238,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx, cur_time = ctx->serial; #endif - cookie_time = ( (unsigned long) cookie[0] << 24 ) | - ( (unsigned long) cookie[1] << 16 ) | - ( (unsigned long) cookie[2] << 8 ) | - ( (unsigned long) cookie[3] ); + cookie_time = mbedtls_platform_get_uint32_be( cookie ); if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout ) return( -1 ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fd1ece0d8..4fa92fe0b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -98,7 +98,8 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + servername_list_size = mbedtls_platform_get_uint16_be( buf ); + if( servername_list_size + 2 != len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); @@ -110,7 +111,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, p = buf + 2; while( servername_list_size > 2 ) { - hostname_len = ( ( p[1] << 8 ) | p[2] ); + hostname_len = mbedtls_platform_get_uint16_be( &p[1] ); if( hostname_len + 3 > servername_list_size ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); @@ -218,7 +219,9 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + + sig_alg_list_size = mbedtls_platform_get_uint16_be( buf ); + if( sig_alg_list_size + 2 != len || sig_alg_list_size % 2 != 0 ) { @@ -293,7 +296,8 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + + list_size = mbedtls_platform_get_uint16_be( buf ); if( list_size + 2 != len || list_size % 2 != 0 ) { @@ -658,6 +662,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, } list_len = ( buf[0] << 8 ) | buf[1]; + if( list_len != len - 2 ) { mbedtls_ssl_pend_fatal_alert( ssl, @@ -751,8 +756,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk, while( ec_tls_ids_len-- != 0 ) { - uint16_t const cur_tls_id = - ( acceptable_ec_tls_ids[0] << 8 ) | acceptable_ec_tls_ids[1]; + uint16_t const cur_tls_id = mbedtls_platform_get_uint16_be( acceptable_ec_tls_ids ); if( cur_tls_id == tls_id ) return( 0 ); @@ -1102,7 +1106,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF; + n = mbedtls_platform_get_uint16_be( buf ); if( n < 17 || n > 512 ) { @@ -1162,9 +1166,9 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) */ MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n ); - ciph_len = ( buf[0] << 8 ) | buf[1]; - sess_len = ( buf[2] << 8 ) | buf[3]; - chal_len = ( buf[4] << 8 ) | buf[5]; + ciph_len = mbedtls_platform_get_uint16_be( &buf[0] ); + sess_len = mbedtls_platform_get_uint16_be( &buf[2] ); + chal_len = mbedtls_platform_get_uint16_be( &buf[4] ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d", ciph_len, sess_len, chal_len ) ); @@ -1489,7 +1493,7 @@ read_record_header: } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; + msg_len = mbedtls_platform_get_uint16_be( ssl->in_len ); #if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) @@ -1578,8 +1582,7 @@ read_record_header: if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) { /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); if( cli_msg_seq != ssl->handshake->in_msg_seq ) { @@ -1594,8 +1597,8 @@ read_record_header: else #endif { - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->in_msg_seq = cli_msg_seq + 1; } @@ -1783,8 +1786,8 @@ read_record_header: } #endif /* MBEDTLS_SSL_PROTO_TLS */ - ciph_len = ( buf[ciph_offset + 0] << 8 ) - | ( buf[ciph_offset + 1] ); + + ciph_len = mbedtls_platform_get_uint16_be( &buf[ciph_offset + 0] ); if( ciph_len < 2 || ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ @@ -2323,9 +2326,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_TRUNCATED_HMAC ); *p++ = 0x00; *p++ = 0x00; @@ -2367,13 +2368,9 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, * opaque cid<0..2^8-1>; * } ConnectionId; */ - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_CID ); ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, ext_len ); *p++ = (uint8_t) ssl->own_cid_len; memcpy( p, ssl->own_cid, ssl->own_cid_len ); @@ -2423,9 +2420,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ); *p++ = 0x00; *p++ = 0x00; @@ -2451,8 +2446,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret " "extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ); *p++ = 0x00; *p++ = 0x00; @@ -2476,9 +2470,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SESSION_TICKET ); *p++ = 0x00; *p++ = 0x00; @@ -2541,9 +2533,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ); *p++ = 0x00; *p++ = 1; @@ -2626,9 +2616,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, kkpp_len ); *olen = kkpp_len + 4; } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -2652,16 +2640,11 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, * 6 . 6 protocol name length * 7 . 7+n protocol name */ - buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + mbedtls_platform_put_uint16_be( &buf[0], MBEDTLS_TLS_EXT_ALPN ); *olen = 7 + strlen( ssl->alpn_chosen ); - - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); - - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); + mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); + mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF ); @@ -2791,10 +2774,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); + p = mbedtls_platform_put_uint32_be( p, t ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); #else @@ -3121,8 +3101,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS - p[0] = (unsigned char)( sa_len >> 8 ); - p[1] = (unsigned char)( sa_len ); + mbedtls_platform_put_uint16_be( p, sa_len ); sa_len += 2; p += sa_len; } @@ -3167,8 +3146,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) break; } - *p++ = (unsigned char)( dn_size >> 8 ); - *p++ = (unsigned char)( dn_size ); + p = mbedtls_platform_put_uint16_be( p, dn_size ); memcpy( p, frame->subject_raw.p, dn_size ); p += dn_size; @@ -3185,8 +3163,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); - ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size ); + mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + ct_len + sa_len], total_dn_size ); ret = mbedtls_ssl_write_handshake_msg( ssl ); @@ -3740,8 +3717,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) if( signature_len != 0 ) { - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 ); - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len ); + mbedtls_platform_put_uint16_be( &ssl->out_msg[ssl->out_msglen], signature_len ); + ssl->out_msglen += 2; MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", ssl->out_msg + ssl->out_msglen, @@ -4610,7 +4587,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) goto exit; } - sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; + sig_len = mbedtls_platform_get_uint16_be( &ssl->in_msg[i] ); i += 2; if( i + sig_len != ssl->in_hslen ) @@ -4682,15 +4659,9 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret ); tlen = 0; } + mbedtls_platform_put_uint32_be( &ssl->out_msg[4], lifetime ); - ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF; - ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF; - ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF; - ssl->out_msg[7] = ( lifetime ) & 0xFF; - - ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF ); - + mbedtls_platform_put_uint16_be( &ssl->out_msg[8], tlen ); ssl->out_msglen = 10 + tlen; /* diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 5fe693c8f..eeaeb52da 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -221,8 +221,8 @@ int mbedtls_ssl_ticket_write( void *p_ticket, { goto cleanup; } - state_len_bytes[0] = ( clear_len >> 8 ) & 0xff; - state_len_bytes[1] = ( clear_len ) & 0xff; + + mbedtls_platform_put_uint16_be( state_len_bytes, clear_len ); /* Encrypt and authenticate */ tag = state + clear_len; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e47c45657..25351aef4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2102,8 +2102,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end - p < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + p = mbedtls_platform_put_uint16_be( p, psk_len ); if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2144,8 +2143,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); } - *(p++) = (unsigned char)( len >> 8 ); - *(p++) = (unsigned char)( len ); + p = mbedtls_platform_put_uint16_be( p, len ); p += len; MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); @@ -2185,8 +2183,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch MBEDTLS_DEBUG_ECDH_Z ); #endif /* MBEDTLS_USE_TINYCRYPT */ - *(p++) = (unsigned char)( zlen >> 8 ); - *(p++) = (unsigned char)( zlen ); + p = mbedtls_platform_put_uint16_be( p, zlen ); p += zlen; } @@ -2201,8 +2198,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end - p < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + p = mbedtls_platform_put_uint16_be( p, psk_len ); if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2241,8 +2237,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, memcpy( header, ctr, 8 ); header[ 8] = (unsigned char) type; - header[ 9] = (unsigned char)( len >> 8 ); - header[10] = (unsigned char)( len ); + mbedtls_platform_put_uint16_be( &header[9], len ); memset( padding, 0x36, padlen ); mbedtls_md_starts( md_ctx ); @@ -2394,15 +2389,13 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, { memcpy( add_data + 11, rec->cid, rec->cid_len ); add_data[11 + rec->cid_len + 0] = rec->cid_len; - add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF; + mbedtls_platform_put_uint16_be( &add_data[11 + rec->cid_len + 1], rec->data_len ); *add_data_len = 13 + 1 + rec->cid_len; } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF; + mbedtls_platform_put_uint16_be( &add_data[11], rec->data_len ); *add_data_len = 13; } } @@ -4150,13 +4143,8 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ memcpy( ssl->out_msg, cur->p, 6 ); - ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff ); - ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff ); - ssl->out_msg[8] = ( ( frag_off ) & 0xff ); - - ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff ); - ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff ); - ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff ); + mbedtls_platform_put_uint24_be( &ssl->out_msg[6], frag_off ); + mbedtls_platform_put_uint24_be( &ssl->out_msg[9], cur_hs_frag_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); @@ -4353,9 +4341,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) */ if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - ssl->out_msg[1] = (unsigned char)( hs_len >> 16 ); - ssl->out_msg[2] = (unsigned char)( hs_len >> 8 ); - ssl->out_msg[3] = (unsigned char)( hs_len ); + mbedtls_platform_put_uint24_be( &ssl->out_msg[1], hs_len ); /* * DTLS has additional fields in the Handshake layer, @@ -4383,8 +4369,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Write message_seq and update it, except for HelloRequest */ if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) { - ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; - ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; + mbedtls_platform_put_uint16_be( &ssl->out_msg[4], ssl->handshake->out_msg_seq ); ++( ssl->handshake->out_msg_seq ); } else @@ -4495,8 +4480,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->conf->transport, ssl->out_hdr + 1 ); memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); - ssl->out_len[0] = (unsigned char)( len >> 8 ); - ssl->out_len[1] = (unsigned char)( len ); + mbedtls_platform_put_uint16_be( ssl->out_len, len ); if( ssl->transform_out != NULL ) { @@ -4539,8 +4523,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) memcpy( ssl->out_cid, rec.cid, rec.cid_len ); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_msglen = len = rec.data_len; - ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->out_len[1] = (unsigned char)( rec.data_len ); + mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len ); } protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); @@ -4641,16 +4624,12 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[9] << 16 ) | - ( ssl->in_msg[10] << 8 ) | - ssl->in_msg[11] ); + return mbedtls_platform_get_uint24_be( &ssl->in_msg[9] ); } static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[6] << 16 ) | - ( ssl->in_msg[7] << 8 ) | - ssl->in_msg[8] ); + return mbedtls_platform_get_uint24_be( &ssl->in_msg[6] ); } static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) @@ -4753,9 +4732,7 @@ static size_t ssl_get_reassembly_buffer_size( size_t msg_len, static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[1] << 16 ) | - ( ssl->in_msg[2] << 8 ) | - ssl->in_msg[3] ); + return mbedtls_platform_get_uint24_be( &ssl->in_msg[1] ); } int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) @@ -4777,7 +4754,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { int ret; - unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned int recv_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); if( ssl_check_hs_header( ssl ) != 0 ) { @@ -5104,12 +5081,12 @@ static int ssl_check_dtls_clihlo_cookie( /* Go back and fill length fields */ obuf[27] = (unsigned char)( *olen - 28 ); - obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); - obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); - obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); + mbedtls_platform_put_uint24_be( &obuf[14], ( *olen - 25 ) ); + obuf[22] = obuf[14]; + obuf[23] = obuf[15]; + obuf[24] = obuf[16]; - obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); - obuf[12] = (unsigned char)( ( *olen - 13 ) ); + mbedtls_platform_put_uint16_be( &obuf[11], ( *olen - 13 ) ); return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); } @@ -5371,8 +5348,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, */ rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; - rec->data_len = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) | - ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 ); + rec->data_len = mbedtls_platform_get_uint16_be( &buf[rec_hdr_len_offset] ); MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " @@ -5451,7 +5427,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) { - unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; + unsigned int rec_epoch = mbedtls_platform_get_uint16_be( &ssl->in_ctr[0] ); /* * Check for an epoch 0 ClientHello. We can't use in_msg here to @@ -5798,9 +5774,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) { /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = ( hs_buf->data[1] << 16 ) | - ( hs_buf->data[2] << 8 ) | - hs_buf->data[3]; + size_t msg_len = mbedtls_platform_get_uint24_be( &hs_buf->data[1] ); /* Double-check that we haven't accidentally buffered * a message that doesn't fit into the input buffer. */ @@ -5899,7 +5873,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_MSG_HANDSHAKE: { unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned recv_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + mbedtls_ssl_hs_buffer *hs_buf; size_t msg_len = ssl->in_hslen - 12; @@ -6497,8 +6472,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_hdr[0] = rec.type; ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msglen = rec.data_len; - ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->in_len[1] = (unsigned char)( rec.data_len ); + mbedtls_platform_put_uint16_be( ssl->in_len, rec.data_len ); return( 0 ); } @@ -6830,17 +6804,13 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); } - ssl->out_msg[i ] = (unsigned char)( n >> 16 ); - ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); - ssl->out_msg[i + 2] = (unsigned char)( n ); + mbedtls_platform_put_uint24_be( &ssl->out_msg[i], n ); i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); i += n; crt = crt->next; } - ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); - ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); - ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); + mbedtls_platform_put_uint24_be( &ssl->out_msg[4], ( i - 7 ) ); ssl->out_msglen = i; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -6947,7 +6917,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, /* * Same message structure as in mbedtls_ssl_write_certificate() */ - n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; + n = mbedtls_platform_get_uint16_be( &ssl->in_msg[i + 1] ); if( ssl->in_msg[i] != 0 || ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) @@ -6982,8 +6952,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, } /* Read length of the next CRT in the chain. */ - n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) - | (unsigned int) ssl->in_msg[i + 2]; + n = mbedtls_platform_get_uint16_be( &ssl->in_msg[i + 1] ); i += 3; if( n < 128 || i + n > ssl->in_hslen ) @@ -9789,8 +9758,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, { const int ciphersuite = mbedtls_ssl_session_get_ciphersuite( session ); - *p++ = (unsigned char)( ( ciphersuite >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ciphersuite ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ciphersuite ); #if defined(MBEDTLS_ZLIB_SUPPORT) *p++ = (unsigned char)( @@ -9803,11 +9771,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, memcpy( p, session->master, 48 ); p += 48; - - *p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session->verify_result ); } /* @@ -9824,9 +9788,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len ) & 0xFF ); + p = mbedtls_platform_put_uint24_be( p, cert_len ); if( session->peer_cert != NULL ) { @@ -9869,9 +9831,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len ) & 0xFF ); + p = mbedtls_platform_put_uint24_be( p, session->ticket_len ); if( session->ticket != NULL ) { @@ -9879,10 +9839,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, p += session->ticket_len; } - *p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session->ticket_lifetime ); } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -10017,7 +9974,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - ciphersuite = ( p[0] << 8 ) | p[1]; + ciphersuite = mbedtls_platform_get_uint16_be( p ); p += 2; #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) @@ -10041,10 +9998,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, memcpy( session->master, p, 48 ); p += 48; - session->verify_result = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->verify_result = mbedtls_platform_get_uint32_be( p ); p += 4; /* Immediately clear invalid pointer values that have been read, in case @@ -10068,7 +10022,8 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 3 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + cert_len = mbedtls_platform_get_uint24_be( &p[0] ); + p += 3; if( cert_len == 0 ) @@ -10139,7 +10094,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 3 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + session->ticket_len = mbedtls_platform_get_uint24_be( &p[0] ); p += 3; if( session->ticket_len != 0 ) @@ -10158,10 +10113,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 4 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->ticket_lifetime = mbedtls_platform_get_uint32_be( p ); p += 4; #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -11267,10 +11219,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4 + session_len; if( used <= buf_len ) { - *p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session_len ); ret = ssl_session_save( ssl->session, 1, p, session_len, &session_len ); @@ -11312,10 +11261,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, ssl->badmac_seen ); } #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ @@ -11362,8 +11308,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 2; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->mtu >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->mtu ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ssl->mtu ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -11466,10 +11411,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < 4 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session_len = ( (size_t) p[0] << 24 ) | - ( (size_t) p[1] << 16 ) | - ( (size_t) p[2] << 8 ) | - ( (size_t) p[3] ); + session_len = mbedtls_platform_get_uint32_be( p ); p += 4; /* This has been allocated by ssl_handshake_init(), called by @@ -11558,10 +11500,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < 4 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + ssl->badmac_seen = mbedtls_platform_get_uint32_be( p ); p += 4; #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ @@ -11607,7 +11546,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->mtu = ( p[0] << 8 ) | p[1]; + ssl->mtu = mbedtls_platform_get_uint16_be( p ); p += 2; #endif /* MBEDTLS_SSL_PROTO_DTLS */ From ee9bfca823b41d07d11305b341eefdec72dda6ea Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Fri, 6 Sep 2019 16:59:00 +0300 Subject: [PATCH 67/78] Update signature of BE conversion functions --- include/mbedtls/platform_util.h | 26 +++++++++++++------------- library/platform_util.c | 18 +++++++++--------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 77e7efeb3..e0c0c615e 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -30,7 +30,7 @@ #else #include MBEDTLS_CONFIG_FILE #endif - +#include #include #if defined(MBEDTLS_HAVE_TIME_DATE) #include "platform_time.h" @@ -193,43 +193,43 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, * \brief Convert 32-bit number to big endian format. * * This function converts 32-bit number to big endian format and - * writes it to given buffer. + * writes it to the given buffer. * * \param buf Address where converted number is written. * \param num Number that needs to be converted to big endian. * * \return Address to end of buffer where number is written. */ -unsigned char * mbedtls_platform_put_uint32_be( unsigned char *buf, - unsigned long num ); +unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, + uint32_t num ); /** * \brief Convert 24-bit number to big endian format. * * This function converts 24-bit number to big endian format and - * writes it to given buffer. + * writes it to the given buffer. * * \param buf Address where converted number is written. * \param num Number that needs to be converted to big endian. * * \return Address to end of buffer where number is written. */ -unsigned char * mbedtls_platform_put_uint24_be( unsigned char *buf, - unsigned long num ); +unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, + uint32_t num ); /** * \brief Convert 16-bit number to big endian format. * * This function converts 16-bit number to big endian format and - * writes it to given buffer. + * writes it to the given buffer. * * \param buf Address where converted number is written. * \param num Number that needs to be converted to big endian. * * \return Address to end of buffer where number is written. */ -unsigned char * mbedtls_platform_put_uint16_be( unsigned char *buf, - unsigned long num ); +unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, + uint32_t num ); /** * \brief Convert 32-bit number from big endian format. @@ -241,7 +241,7 @@ unsigned char * mbedtls_platform_put_uint16_be( unsigned char *buf, * * \return Converted number. */ -unsigned int mbedtls_platform_get_uint32_be( const unsigned char *buf ); +uint32_t mbedtls_platform_get_uint32_be( const unsigned char *buf ); /** * \brief Convert 24-bit number from big endian format. @@ -253,7 +253,7 @@ unsigned int mbedtls_platform_get_uint32_be( const unsigned char *buf ); * * \return Converted number. */ -unsigned int mbedtls_platform_get_uint24_be( const unsigned char *buf ); +uint32_t mbedtls_platform_get_uint24_be( const unsigned char *buf ); /** * \brief Convert 16-bit number from big endian format. @@ -265,7 +265,7 @@ unsigned int mbedtls_platform_get_uint24_be( const unsigned char *buf ); * * \return Converted number. */ -unsigned short mbedtls_platform_get_uint16_be( const unsigned char *b ); +uint16_t mbedtls_platform_get_uint16_be( const unsigned char *buf ); #ifdef __cplusplus } diff --git a/library/platform_util.c b/library/platform_util.c index f90176910..062aa3e08 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -135,8 +135,8 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ -unsigned char * mbedtls_platform_put_uint32_be( unsigned char *buf, - unsigned long num) +unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, + uint32_t num ) { *buf++ = (unsigned char) ( num >> 24 ); *buf++ = (unsigned char) ( num >> 16 ); @@ -146,8 +146,8 @@ unsigned char * mbedtls_platform_put_uint32_be( unsigned char *buf, return buf; } -unsigned char * mbedtls_platform_put_uint24_be( unsigned char *buf, - unsigned long num ) +unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, + uint32_t num ) { *buf++ = (unsigned char) ( num >> 16 ); *buf++ = (unsigned char) ( num >> 8 ); @@ -156,8 +156,8 @@ unsigned char * mbedtls_platform_put_uint24_be( unsigned char *buf, return buf; } -unsigned char * mbedtls_platform_put_uint16_be( unsigned char *buf, - unsigned long num ) +unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, + uint32_t num ) { *buf++ = (unsigned char) ( num >> 8 ); *buf++ = (unsigned char) ( num ); @@ -165,7 +165,7 @@ unsigned char * mbedtls_platform_put_uint16_be( unsigned char *buf, return buf; } -unsigned int mbedtls_platform_get_uint32_be( const unsigned char *buf ) +uint32_t mbedtls_platform_get_uint32_be( const unsigned char *buf ) { return ( ( (unsigned int) buf[0] << 24 ) | ( (unsigned int) buf[1] << 16 ) | @@ -173,14 +173,14 @@ unsigned int mbedtls_platform_get_uint32_be( const unsigned char *buf ) ( (unsigned int) buf[3] ) ); } -unsigned int mbedtls_platform_get_uint24_be( const unsigned char *buf ) +uint32_t mbedtls_platform_get_uint24_be( const unsigned char *buf ) { return ( ( buf[0] << 16 ) | ( buf[1] << 8) | ( buf[2] ) ); } -unsigned short mbedtls_platform_get_uint16_be( const unsigned char *buf ) +uint16_t mbedtls_platform_get_uint16_be( const unsigned char *buf ) { return ( ( buf[0] << 8 ) | ( buf[1] ) ); From 6e3f09b43132efdf2a51eb4cec30a2c583cfa473 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Fri, 6 Sep 2019 17:37:01 +0300 Subject: [PATCH 68/78] Review corrections -Fix compiler warnings by typecast -Add missing brackets to few places -Remove additional line change --- library/ssl_cli.c | 2 +- library/ssl_srv.c | 2 +- library/ssl_tls.c | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 6a9523ecb..530b06790 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -700,7 +700,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - p = mbedtls_platform_put_uint32_be( p, t ); + p = mbedtls_platform_put_uint32_be( p, (uint32_t) t ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); #else if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 4fa92fe0b..46015743b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2774,7 +2774,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - p = mbedtls_platform_put_uint32_be( p, t ); + p = mbedtls_platform_put_uint32_be( p, (uint32_t) t ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); #else diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 25351aef4..c8e708037 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2236,7 +2236,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, padlen = 40; memcpy( header, ctr, 8 ); - header[ 8] = (unsigned char) type; + header[8] = (unsigned char) type; mbedtls_platform_put_uint16_be( &header[9], len ); memset( padding, 0x36, padlen ); @@ -4624,12 +4624,12 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) { - return mbedtls_platform_get_uint24_be( &ssl->in_msg[9] ); + return ( mbedtls_platform_get_uint24_be( &ssl->in_msg[9] ) ); } static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) { - return mbedtls_platform_get_uint24_be( &ssl->in_msg[6] ); + return ( mbedtls_platform_get_uint24_be( &ssl->in_msg[6] ) ); } static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) @@ -4732,7 +4732,7 @@ static size_t ssl_get_reassembly_buffer_size( size_t msg_len, static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) { - return mbedtls_platform_get_uint24_be( &ssl->in_msg[1] ); + return ( mbedtls_platform_get_uint24_be( &ssl->in_msg[1] ) ); } int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) From 4f4849a379a0f238a350ff07d932705a03f31185 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Mon, 9 Sep 2019 10:21:18 +0300 Subject: [PATCH 69/78] Review corrections 2 -Fix MSVC compiler warnings about size_t to uint32_t conversions by updating GET/PUT functions signature to use size_t. -Add type casts to functions calling GET/PUT conversions -Remove additional space after return statement --- include/mbedtls/platform_util.h | 12 +++++------ library/platform_util.c | 12 +++++------ library/sha256.c | 4 ++-- library/ssl_cli.c | 6 +++--- library/ssl_cookie.c | 2 +- library/ssl_srv.c | 15 ++++++++------ library/ssl_tls.c | 36 ++++++++++++++++++--------------- 7 files changed, 47 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index e0c0c615e..01e7f3052 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -201,7 +201,7 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, * \return Address to end of buffer where number is written. */ unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, - uint32_t num ); + size_t num ); /** * \brief Convert 24-bit number to big endian format. @@ -215,7 +215,7 @@ unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, * \return Address to end of buffer where number is written. */ unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, - uint32_t num ); + size_t num ); /** * \brief Convert 16-bit number to big endian format. @@ -229,7 +229,7 @@ unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, * \return Address to end of buffer where number is written. */ unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, - uint32_t num ); + size_t num ); /** * \brief Convert 32-bit number from big endian format. @@ -241,7 +241,7 @@ unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, * * \return Converted number. */ -uint32_t mbedtls_platform_get_uint32_be( const unsigned char *buf ); +size_t mbedtls_platform_get_uint32_be( const unsigned char *buf ); /** * \brief Convert 24-bit number from big endian format. @@ -253,7 +253,7 @@ uint32_t mbedtls_platform_get_uint32_be( const unsigned char *buf ); * * \return Converted number. */ -uint32_t mbedtls_platform_get_uint24_be( const unsigned char *buf ); +size_t mbedtls_platform_get_uint24_be( const unsigned char *buf ); /** * \brief Convert 16-bit number from big endian format. @@ -265,7 +265,7 @@ uint32_t mbedtls_platform_get_uint24_be( const unsigned char *buf ); * * \return Converted number. */ -uint16_t mbedtls_platform_get_uint16_be( const unsigned char *buf ); +size_t mbedtls_platform_get_uint16_be( const unsigned char *buf ); #ifdef __cplusplus } diff --git a/library/platform_util.c b/library/platform_util.c index 062aa3e08..8f8a3aa0a 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -136,7 +136,7 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, - uint32_t num ) + size_t num ) { *buf++ = (unsigned char) ( num >> 24 ); *buf++ = (unsigned char) ( num >> 16 ); @@ -147,7 +147,7 @@ unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, } unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, - uint32_t num ) + size_t num ) { *buf++ = (unsigned char) ( num >> 16 ); *buf++ = (unsigned char) ( num >> 8 ); @@ -157,7 +157,7 @@ unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, } unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, - uint32_t num ) + size_t num ) { *buf++ = (unsigned char) ( num >> 8 ); *buf++ = (unsigned char) ( num ); @@ -165,7 +165,7 @@ unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, return buf; } -uint32_t mbedtls_platform_get_uint32_be( const unsigned char *buf ) +size_t mbedtls_platform_get_uint32_be( const unsigned char *buf ) { return ( ( (unsigned int) buf[0] << 24 ) | ( (unsigned int) buf[1] << 16 ) | @@ -173,14 +173,14 @@ uint32_t mbedtls_platform_get_uint32_be( const unsigned char *buf ) ( (unsigned int) buf[3] ) ); } -uint32_t mbedtls_platform_get_uint24_be( const unsigned char *buf ) +size_t mbedtls_platform_get_uint24_be( const unsigned char *buf ) { return ( ( buf[0] << 16 ) | ( buf[1] << 8) | ( buf[2] ) ); } -uint16_t mbedtls_platform_get_uint16_be( const unsigned char *buf ) +size_t mbedtls_platform_get_uint16_be( const unsigned char *buf ) { return ( ( buf[0] << 8 ) | ( buf[1] ) ); diff --git a/library/sha256.c b/library/sha256.c index 1c1df0257..314cb2c1a 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -199,7 +199,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, for( i = 0; i < 64; i++ ) { if( i < 16 ) - W[i] = mbedtls_platform_get_uint32_be( &data[4 * i] ); + W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); else R( i ); @@ -210,7 +210,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, } #else /* MBEDTLS_SHA256_SMALLER */ for( i = 0; i < 16; i++ ) - W[i] = mbedtls_platform_get_uint32_be( &data[4 * i] ); + W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); for( i = 0; i < 16; i += 8 ) { diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 530b06790..331285f24 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1707,7 +1707,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */ } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", mbedtls_platform_get_uint32_be(&buf[2])) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", (unsigned long)mbedtls_platform_get_uint32_be(&buf[2])) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); @@ -1750,7 +1750,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } /* ciphersuite (used later) */ - i = mbedtls_platform_get_uint16_be( &buf[ 35 + n ] ); + i = (int)mbedtls_platform_get_uint16_be( &buf[ 35 + n ] ); /* * Read and check compression @@ -4056,7 +4056,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); - lifetime = mbedtls_platform_get_uint32_be( msg ); + lifetime = (uint32_t)mbedtls_platform_get_uint32_be( msg ); ticket_len = mbedtls_platform_get_uint16_be( &msg[4] ); diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index a06cc3c18..67f9114bb 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -238,7 +238,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx, cur_time = ctx->serial; #endif - cookie_time = mbedtls_platform_get_uint32_be( cookie ); + cookie_time = (unsigned long)mbedtls_platform_get_uint32_be( cookie ); if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout ) return( -1 ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 46015743b..fa073e43a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -756,7 +756,8 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk, while( ec_tls_ids_len-- != 0 ) { - uint16_t const cur_tls_id = mbedtls_platform_get_uint16_be( acceptable_ec_tls_ids ); + uint16_t const cur_tls_id = (uint16_t) + mbedtls_platform_get_uint16_be( acceptable_ec_tls_ids ); if( cur_tls_id == tls_id ) return( 0 ); @@ -1166,9 +1167,9 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) */ MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n ); - ciph_len = mbedtls_platform_get_uint16_be( &buf[0] ); - sess_len = mbedtls_platform_get_uint16_be( &buf[2] ); - chal_len = mbedtls_platform_get_uint16_be( &buf[4] ); + ciph_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[0] ); + sess_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[2] ); + chal_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[4] ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d", ciph_len, sess_len, chal_len ) ); @@ -1582,7 +1583,8 @@ read_record_header: if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) { /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + unsigned int cli_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); if( cli_msg_seq != ssl->handshake->in_msg_seq ) { @@ -1597,7 +1599,8 @@ read_record_header: else #endif { - unsigned int cli_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + unsigned int cli_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->in_msg_seq = cli_msg_seq + 1; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c8e708037..2829d6528 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -497,7 +497,7 @@ static unsigned int ssl_mfl_code_to_length( int mfl ) switch( mfl ) { case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); + return( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); case MBEDTLS_SSL_MAX_FRAG_LEN_512: return 512; case MBEDTLS_SSL_MAX_FRAG_LEN_1024: @@ -507,7 +507,7 @@ static unsigned int ssl_mfl_code_to_length( int mfl ) case MBEDTLS_SSL_MAX_FRAG_LEN_4096: return 4096; default: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); + return( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); } } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -2186,6 +2186,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch p = mbedtls_platform_put_uint16_be( p, zlen ); p += zlen; + MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z ); } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ @@ -4624,12 +4626,12 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) { - return ( mbedtls_platform_get_uint24_be( &ssl->in_msg[9] ) ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[9] ) ); } static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) { - return ( mbedtls_platform_get_uint24_be( &ssl->in_msg[6] ) ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[6] ) ); } static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) @@ -4732,7 +4734,7 @@ static size_t ssl_get_reassembly_buffer_size( size_t msg_len, static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) { - return ( mbedtls_platform_get_uint24_be( &ssl->in_msg[1] ) ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[1] ) ); } int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) @@ -4754,7 +4756,8 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { int ret; - unsigned int recv_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + unsigned int recv_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); if( ssl_check_hs_header( ssl ) != 0 ) { @@ -5427,7 +5430,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) { - unsigned int rec_epoch = mbedtls_platform_get_uint16_be( &ssl->in_ctr[0] ); + unsigned int rec_epoch = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_ctr[0] ); /* * Check for an epoch 0 ClientHello. We can't use in_msg here to @@ -5774,7 +5778,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) { /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = mbedtls_platform_get_uint24_be( &hs_buf->data[1] ); + uint32_t msg_len = (uint32_t)mbedtls_platform_get_uint24_be( &hs_buf->data[1] ); /* Double-check that we haven't accidentally buffered * a message that doesn't fit into the input buffer. */ @@ -5873,7 +5877,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_MSG_HANDSHAKE: { unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + unsigned recv_msg_seq = (unsigned) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); mbedtls_ssl_hs_buffer *hs_buf; size_t msg_len = ssl->in_hslen - 12; @@ -9446,7 +9451,7 @@ static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT && ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO || ssl->state == MBEDTLS_SSL_SERVER_HELLO ) ) - return ( 0 ); + return( 0 ); if( ssl->handshake == NULL || ssl->handshake->mtu == 0 ) return( ssl->mtu ); @@ -9974,7 +9979,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - ciphersuite = mbedtls_platform_get_uint16_be( p ); + ciphersuite = (int)mbedtls_platform_get_uint16_be( p ); p += 2; #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) @@ -9998,7 +10003,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, memcpy( session->master, p, 48 ); p += 48; - session->verify_result = mbedtls_platform_get_uint32_be( p ); + session->verify_result = (uint32_t)mbedtls_platform_get_uint32_be( p ); p += 4; /* Immediately clear invalid pointer values that have been read, in case @@ -10113,7 +10118,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 4 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->ticket_lifetime = mbedtls_platform_get_uint32_be( p ); + session->ticket_lifetime = (uint32_t)mbedtls_platform_get_uint32_be( p ); p += 4; #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -11500,7 +11505,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < 4 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->badmac_seen = mbedtls_platform_get_uint32_be( p ); + ssl->badmac_seen = (unsigned)mbedtls_platform_get_uint32_be( p ); p += 4; #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ @@ -11545,8 +11550,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) if( (size_t)( end - p ) < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl->mtu = mbedtls_platform_get_uint16_be( p ); + ssl->mtu = (uint16_t)mbedtls_platform_get_uint16_be( p ); p += 2; #endif /* MBEDTLS_SSL_PROTO_DTLS */ From a3fa06e62add46dead954e30db64bde78ae56000 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Mon, 9 Sep 2019 12:22:51 +0300 Subject: [PATCH 70/78] Review corrections 3 -Remove additional trace cause by rebase -Update remaining 16/24/32-bit values to use functions, this uses additional 36 bytes. --- library/ssl_cli.c | 22 +++++++++------------- library/ssl_srv.c | 38 +++++++++++++++++--------------------- library/ssl_ticket.c | 2 +- library/ssl_tls.c | 5 +---- 4 files changed, 28 insertions(+), 39 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 331285f24..8ce158258 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -968,8 +968,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; } @@ -1725,8 +1724,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n ) { - ext_len = ( ( buf[38 + n] << 8 ) - | ( buf[39 + n] ) ); + ext_len = mbedtls_platform_get_uint16_be( &buf[38 + n] ); if( ( ext_len > 0 && ext_len < 4 ) || ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) @@ -1914,10 +1912,10 @@ server_picked_valid_suite: while( ext_len ) { - unsigned int ext_id = ( ( ext[0] << 8 ) - | ( ext[1] ) ); - unsigned int ext_size = ( ( ext[2] << 8 ) - | ( ext[3] ) ); + unsigned int ext_id = (unsigned int) + mbedtls_platform_get_uint16_be( ext ); + unsigned int ext_size = (unsigned int) + mbedtls_platform_get_uint16_be( &ext[2] ); if( ext_size + 4 > ext_len ) { @@ -2287,7 +2285,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, "(psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - len = (*p)[0] << 8 | (*p)[1]; + len = mbedtls_platform_get_uint16_be( *p ); *p += 2; if( end - (*p) < (int) len ) @@ -3248,8 +3246,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 ) { - size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + size_t sig_alg_len = mbedtls_platform_get_uint16_be( &buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] ); #if defined(MBEDTLS_DEBUG_C) unsigned char* sig_alg; size_t i; @@ -3289,8 +3286,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* certificate_authorities */ - dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + dn_len = mbedtls_platform_get_uint16_be( &buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] ); n += dn_len; if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fa073e43a..902f2fdd2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -315,7 +315,8 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, while( list_size > 0 ) { - uint16_t const peer_tls_id = ( p[0] << 8 ) | p[1]; + uint16_t const peer_tls_id = (uint16_t) + mbedtls_platform_get_uint16_be( p ); MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( own_tls_id ) if( own_tls_id == peer_tls_id && @@ -661,7 +662,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - list_len = ( buf[0] << 8 ) | buf[1]; + list_len = mbedtls_platform_get_uint16_be ( buf ); if( list_len != len - 2 ) { @@ -1447,7 +1448,7 @@ read_record_header: } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d", - ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) ); + (int)mbedtls_platform_get_uint16_be( ssl->in_len ) ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]", buf[1], buf[2] ) ); @@ -1562,11 +1563,12 @@ read_record_header: } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d", - ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) ); + (int)mbedtls_platform_get_uint24_be( &buf[1]) ) ); /* We don't support fragmentation of ClientHello (yet?) */ if( buf[1] != 0 || - msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) + msg_len != ( mbedtls_ssl_hs_hdr_len( ssl ) + + mbedtls_platform_get_uint16_be( &buf[2]) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); @@ -1863,8 +1865,7 @@ read_record_header: return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - ext_len = ( buf[ext_offset + 0] << 8 ) - | ( buf[ext_offset + 1] ); + ext_len = mbedtls_platform_get_uint16_be( &buf[ext_offset + 0] ); if( ( ext_len > 0 && ext_len < 4 ) || msg_len != ext_offset + 2 + ext_len ) @@ -1891,8 +1892,8 @@ read_record_header: MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) ); - ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) ); + ext_id = (unsigned int)mbedtls_platform_get_uint16_be( ext ); + ext_size = (unsigned int)mbedtls_platform_get_uint16_be( &ext[2] ); if( ext_size + 4 > ext_len ) { @@ -2495,8 +2496,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ); #if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) @@ -2565,8 +2565,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ); *p++ = 0x00; *p++ = 2; @@ -2606,8 +2605,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ECJPAKE_KKPP ); ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, @@ -2883,8 +2881,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_handshake_get_resume( ssl->handshake ) ? "a" : "no" ) ); ciphersuite = mbedtls_ssl_session_get_ciphersuite( ssl->session_negotiate ); - *p++ = (unsigned char)( ciphersuite >> 8 ); - *p++ = (unsigned char)( ciphersuite ); + p = mbedtls_platform_put_uint16_be( p, ciphersuite ); *p++ = (unsigned char)( mbedtls_ssl_session_get_compression( ssl->session_negotiate ) ); @@ -2961,8 +2958,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) if( ext_len > 0 ) { - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ext_len ); p += ext_len; } @@ -3802,7 +3798,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = mbedtls_platform_get_uint16_be ( *p ); *p += 2; if( *p + n > end ) @@ -4058,7 +4054,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = mbedtls_platform_get_uint16_be( *p ); *p += 2; if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) ) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index eeaeb52da..69e14cff7 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -298,7 +298,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) goto cleanup; - enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1]; + enc_len = mbedtls_platform_get_uint16_be( enc_len_p ); tag = ticket + enc_len; if( len != 4 + 12 + 2 + enc_len + 16 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2829d6528..7f689afbf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2185,9 +2185,6 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch p = mbedtls_platform_put_uint16_be( p, zlen ); p += zlen; - - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z ); } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ @@ -5380,7 +5377,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { - rec_epoch = ( rec->ctr[0] << 8 ) | rec->ctr[1]; + rec_epoch = (uint32_t)mbedtls_platform_get_uint16_be( rec->ctr ); /* Check that the datagram is large enough to contain a record * of the advertised length. */ From 9b3b19407a31a04d859c3ccb31293ff2af1e9b50 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Mon, 9 Sep 2019 17:02:35 +0300 Subject: [PATCH 71/78] Review corrections 4 - Try to follow english grammar in function documentation - Fix too long line - Remove additional brackets - Follow mbedtls coding style in for-statement --- include/mbedtls/platform_util.h | 62 ++++++++++++++++----------------- library/sha256.c | 4 +-- library/ssl_cli.c | 7 ++-- 3 files changed, 36 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 01e7f3052..fbb595a16 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -190,78 +190,76 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* MBEDTLS_HAVE_TIME_DATE */ /** - * \brief Convert 32-bit number to big endian format. + * \brief Convert a 32-bit number to the big endian format and write it to + * the given buffer. * - * This function converts 32-bit number to big endian format and - * writes it to the given buffer. + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. * - * \param buf Address where converted number is written. - * \param num Number that needs to be converted to big endian. - * - * \return Address to end of buffer where number is written. + * \return Address to the end of buffer where the converted number is + * written. */ unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, size_t num ); /** - * \brief Convert 24-bit number to big endian format. + * \brief Convert a 24-bit number to the big endian format and write it to + * the given buffer. * - * This function converts 24-bit number to big endian format and - * writes it to the given buffer. + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. * - * \param buf Address where converted number is written. - * \param num Number that needs to be converted to big endian. - * - * \return Address to end of buffer where number is written. + * \return Address to the end of buffer where the converted number is + * written. */ unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, size_t num ); /** - * \brief Convert 16-bit number to big endian format. + * \brief Convert a 16-bit number to the big endian format and write it to + * the given buffer. * - * This function converts 16-bit number to big endian format and - * writes it to the given buffer. * - * \param buf Address where converted number is written. - * \param num Number that needs to be converted to big endian. + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. * - * \return Address to end of buffer where number is written. + * \return Address to the end of buffer where the converted number is + * written. */ unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, size_t num ); /** - * \brief Convert 32-bit number from big endian format. + * \brief Convert a 32-bit number from the big endian format. * - * The function reads 32-bit number form Big Endian format and - * returns it to the caller. + * The function reads a 32-bit number from the given buffer in the + * big endian format and returns it to the caller. * - * \param buf Buffer where 32-bit number locates. + * \param buf Buffer where the 32-bit number locates. * * \return Converted number. */ size_t mbedtls_platform_get_uint32_be( const unsigned char *buf ); /** - * \brief Convert 24-bit number from big endian format. + * \brief Convert a 24-bit number from the big endian format. * - * The function reads 24-bit number form Big Endian format and - * returns it to the caller. + * The function reads a 14-bit number from the given buffer in the + * big endian format and returns it to the caller. * - * \param buf Buffer where 24-bit number locates. + * \param buf Buffer where the 24-bit number locates. * * \return Converted number. */ size_t mbedtls_platform_get_uint24_be( const unsigned char *buf ); /** - * \brief Convert 16-bit number from big endian format. + * \brief Convert a 16-bit number from the big endian format. * - * The function reads 16-bit number form Big Endian format and - * returns it to the caller. + * The function reads a 16-bit number from the given buffer in the + * big endian format and returns it to the caller. * - * \param buf Buffer where 16-bit number locates. + * \param buf Buffer where the 16-bit number locates. * * \return Converted number. */ diff --git a/library/sha256.c b/library/sha256.c index 314cb2c1a..d0bf54275 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -320,7 +320,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) { - int ret; + int ret, s_pos, o_pos; uint32_t used; uint32_t high, low; @@ -367,7 +367,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * Output final state */ - for ( int s_pos = 0, o_pos = 0; s_pos < 7; s_pos++, o_pos += 4 ) + for( s_pos = 0, o_pos = 0; s_pos < 7; s_pos++, o_pos += 4 ) { mbedtls_platform_put_uint32_be( &output[o_pos], ctx->state[s_pos] ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8ce158258..6b240afdf 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -281,8 +281,8 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, } p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ); - p = mbedtls_platform_put_uint16_be( p, ( elliptic_curve_len + 2 ) ); - p = mbedtls_platform_put_uint16_be( p, ( elliptic_curve_len ) ); + p = mbedtls_platform_put_uint16_be( p, elliptic_curve_len + 2 ); + p = mbedtls_platform_put_uint16_be( p, elliptic_curve_len ); MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id ) p = mbedtls_platform_put_uint16_be( p, tls_id ); @@ -1706,7 +1706,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */ } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", (unsigned long)mbedtls_platform_get_uint32_be(&buf[2])) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", + (unsigned long)mbedtls_platform_get_uint32_be(&buf[2])) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); From cffedb548f58ea2252a58d53a2b85aa15c7d9390 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 9 Sep 2019 16:28:54 +0100 Subject: [PATCH 72/78] Add SPDX lines to each imported TinyCrypt file Out of the 6 tinycrypt files included in Mbed TLS, this commit adds SPDX lines to each for the BSD 3 Clause licence. --- include/tinycrypt/ecc.h | 2 ++ include/tinycrypt/ecc_dh.h | 2 ++ include/tinycrypt/ecc_dsa.h | 2 ++ tinycrypt/ecc.c | 2 ++ tinycrypt/ecc_dh.c | 2 ++ tinycrypt/ecc_dsa.c | 2 ++ 6 files changed, 12 insertions(+) diff --git a/include/tinycrypt/ecc.h b/include/tinycrypt/ecc.h index 37a7ef1af..55f1ea86e 100644 --- a/include/tinycrypt/ecc.h +++ b/include/tinycrypt/ecc.h @@ -3,6 +3,8 @@ /* Copyright (c) 2014, Kenneth MacKay * All rights reserved. * + * SPDX-License-Identifier: BSD-3-Clause + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * diff --git a/include/tinycrypt/ecc_dh.h b/include/tinycrypt/ecc_dh.h index c680a77e6..ac4ff142d 100644 --- a/include/tinycrypt/ecc_dh.h +++ b/include/tinycrypt/ecc_dh.h @@ -4,6 +4,8 @@ * Copyright (c) 2014, Kenneth MacKay * All rights reserved. * + * SPDX-License-Identifier: BSD-3-Clause + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * diff --git a/include/tinycrypt/ecc_dsa.h b/include/tinycrypt/ecc_dsa.h index cc5eebcdd..349f061b3 100644 --- a/include/tinycrypt/ecc_dsa.h +++ b/include/tinycrypt/ecc_dsa.h @@ -4,6 +4,8 @@ * Copyright (c) 2014, Kenneth MacKay * All rights reserved. * + * SPDX-License-Identifier: BSD-3-Clause + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c index ab1956a50..1f32170dd 100644 --- a/tinycrypt/ecc.c +++ b/tinycrypt/ecc.c @@ -4,6 +4,8 @@ * Copyright (c) 2014, Kenneth MacKay * All rights reserved. * + * SPDX-License-Identifier: BSD-3-Clause + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c index 8aae1a214..08b92a423 100644 --- a/tinycrypt/ecc_dh.c +++ b/tinycrypt/ecc_dh.c @@ -4,6 +4,8 @@ * Copyright (c) 2014, Kenneth MacKay * All rights reserved. * + * SPDX-License-Identifier: BSD-3-Clause + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index 374309191..c093ebefc 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -3,6 +3,8 @@ /* Copyright (c) 2014, Kenneth MacKay * All rights reserved. * + * SPDX-License-Identifier: BSD-3-Clause + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, From 4f58d696e280bf06709dd5921f9802ae11de526c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 9 Sep 2019 16:30:30 +0100 Subject: [PATCH 73/78] Add LICENSE and README for tinycrypt This commit adds a LICENSE file and README file to tinycrypt, to help auditing of the source code for licenses and also to indicate the origin of the work. --- tinycrypt/LICENSE | 61 +++++++++++++++++++++++++++++++++++++++ tinycrypt/README | 73 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+) create mode 100644 tinycrypt/LICENSE create mode 100644 tinycrypt/README diff --git a/tinycrypt/LICENSE b/tinycrypt/LICENSE new file mode 100644 index 000000000..2e1db516a --- /dev/null +++ b/tinycrypt/LICENSE @@ -0,0 +1,61 @@ + +================================================================================ + + TinyCrypt Cryptographic Library + +================================================================================ + + Copyright (c) 2017, Intel Corporation. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + - Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + - Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + - Neither the name of the Intel Corporation nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +================================================================================ +Copyright (c) 2014, Kenneth MacKay +All rights reserved. + +https://github.com/kmackay/micro-ecc + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +================================================================================ diff --git a/tinycrypt/README b/tinycrypt/README new file mode 100644 index 000000000..4cd149891 --- /dev/null +++ b/tinycrypt/README @@ -0,0 +1,73 @@ + +================================================================================ + + TinyCrypt Cryptographic Library + +================================================================================ + + Copyright (c) 2017, Intel Corporation. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + - Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + - Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + - Neither the name of the Intel Corporation nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +================================================================================ + +Overview: + +The TinyCrypt Library provides an implementation for constrained devices of a +minimal set of standard cryptography primitives. + +This is a modified form of the library based on version 0.2.8. included as part +of Mbed TLS as a compilation option. It is not included in it's full form and +those wishing to use TinyCrypt should use the original unmodified project. + +The original project, can be found here: https://github.com/intel/tinycrypt + +Contributions should be made upstream to that project, and full documentation +can be found in the originating repository. + +================================================================================ + +Organization: + +tinycrypt: C source code of the cryptographic primitives. +include/tinycrypt: C header files of the cryptographic primitives. + +No documentation is provided, and instead is available with the original +project. + +Tests are provided as part of Mbed TLS and the Mbed TLS test suites. + +================================================================================ + +Building: + +To include TinyCrypt as part of Mbed TLS, enable the configuration option +MBEDTLS_USE_TINYCRYPT in the configration file 'include/mbedtls/config.h', and +build as Mbed TLS as normal. + +================================================================================ + From 92c3d1f4f4b1b48b5d34d1e86692c193af4401ab Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 9 Sep 2019 17:25:08 +0100 Subject: [PATCH 74/78] Addition of copyright statements to tinycrypt files Each of the tinycrypt files have had some very minor changes, so need a copyright statement. --- include/tinycrypt/ecc.h | 7 +++++-- include/tinycrypt/ecc_dh.h | 7 +++++-- include/tinycrypt/ecc_dsa.h | 7 +++++-- tinycrypt/ecc.c | 7 +++++-- tinycrypt/ecc_dh.c | 7 +++++-- tinycrypt/ecc_dsa.c | 7 +++++-- 6 files changed, 30 insertions(+), 12 deletions(-) diff --git a/include/tinycrypt/ecc.h b/include/tinycrypt/ecc.h index 55f1ea86e..9c53f3e7e 100644 --- a/include/tinycrypt/ecc.h +++ b/include/tinycrypt/ecc.h @@ -1,10 +1,13 @@ /* ecc.h - TinyCrypt interface to common ECC functions */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* Copyright (c) 2014, Kenneth MacKay * All rights reserved. * - * SPDX-License-Identifier: BSD-3-Clause - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * diff --git a/include/tinycrypt/ecc_dh.h b/include/tinycrypt/ecc_dh.h index ac4ff142d..a2edb0155 100644 --- a/include/tinycrypt/ecc_dh.h +++ b/include/tinycrypt/ecc_dh.h @@ -1,11 +1,14 @@ /* ecc_dh.h - TinyCrypt interface to EC-DH implementation */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* * Copyright (c) 2014, Kenneth MacKay * All rights reserved. * - * SPDX-License-Identifier: BSD-3-Clause - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * diff --git a/include/tinycrypt/ecc_dsa.h b/include/tinycrypt/ecc_dsa.h index 349f061b3..e54a77e85 100644 --- a/include/tinycrypt/ecc_dsa.h +++ b/include/tinycrypt/ecc_dsa.h @@ -1,11 +1,14 @@ /* ecc_dh.h - TinyCrypt interface to EC-DSA implementation */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* * Copyright (c) 2014, Kenneth MacKay * All rights reserved. * - * SPDX-License-Identifier: BSD-3-Clause - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c index 1f32170dd..cef1469ee 100644 --- a/tinycrypt/ecc.c +++ b/tinycrypt/ecc.c @@ -1,11 +1,14 @@ /* ecc.c - TinyCrypt implementation of common ECC functions */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* * Copyright (c) 2014, Kenneth MacKay * All rights reserved. * - * SPDX-License-Identifier: BSD-3-Clause - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c index 08b92a423..ec1328e14 100644 --- a/tinycrypt/ecc_dh.c +++ b/tinycrypt/ecc_dh.c @@ -1,11 +1,14 @@ /* ec_dh.c - TinyCrypt implementation of EC-DH */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* * Copyright (c) 2014, Kenneth MacKay * All rights reserved. * - * SPDX-License-Identifier: BSD-3-Clause - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index c093ebefc..a3893d37f 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -1,10 +1,13 @@ /* ec_dsa.c - TinyCrypt implementation of EC-DSA */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* Copyright (c) 2014, Kenneth MacKay * All rights reserved. * - * SPDX-License-Identifier: BSD-3-Clause - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, From 05ab73224a06a43b5294b09cbb3f260931f35408 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 9 Sep 2019 17:40:20 +0100 Subject: [PATCH 75/78] Typos in the tinycrypt README --- tinycrypt/README | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tinycrypt/README b/tinycrypt/README index 4cd149891..d97e615a0 100644 --- a/tinycrypt/README +++ b/tinycrypt/README @@ -40,11 +40,11 @@ Overview: The TinyCrypt Library provides an implementation for constrained devices of a minimal set of standard cryptography primitives. -This is a modified form of the library based on version 0.2.8. included as part -of Mbed TLS as a compilation option. It is not included in it's full form and +This is a modified form of the library based on version 0.2.8 included as part +of Mbed TLS as a compilation option. It is not included in its full form and those wishing to use TinyCrypt should use the original unmodified project. -The original project, can be found here: https://github.com/intel/tinycrypt +The original project can be found here: https://github.com/intel/tinycrypt Contributions should be made upstream to that project, and full documentation can be found in the originating repository. From 389b16d9f929a2c3cdbbe1f1b774bf3eeb541ff9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 9 Sep 2019 18:29:35 +0100 Subject: [PATCH 76/78] Minor changes to tinycrypt README Qualification of title and addition of copyright statement in tinycrypt README --- tinycrypt/README | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tinycrypt/README b/tinycrypt/README index d97e615a0..d0f49a69e 100644 --- a/tinycrypt/README +++ b/tinycrypt/README @@ -2,6 +2,7 @@ ================================================================================ TinyCrypt Cryptographic Library + (integrated as part of Mbed TLS) ================================================================================ @@ -35,6 +36,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ================================================================================ +Copyright (c) 2019 ARM Limited + +================================================================================ Overview: The TinyCrypt Library provides an implementation for constrained devices of a From 84eeb4fd96e724aedd4477f3faaadf0b5da268f9 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Tue, 10 Sep 2019 10:32:30 +0300 Subject: [PATCH 77/78] Review corrections 5 -Remove unintentional type chaneg (size_t to uint32_t) -Follow mbedtls coding style in trace message --- library/ssl_cli.c | 2 +- library/ssl_tls.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 6b240afdf..425d357d5 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1707,7 +1707,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", - (unsigned long)mbedtls_platform_get_uint32_be(&buf[2])) ); + (unsigned long)mbedtls_platform_get_uint32_be( &buf[2] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7f689afbf..c9d406420 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5775,7 +5775,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) { /* Synthesize a record containing the buffered HS message. */ - uint32_t msg_len = (uint32_t)mbedtls_platform_get_uint24_be( &hs_buf->data[1] ); + size_t msg_len = mbedtls_platform_get_uint24_be( &hs_buf->data[1] ); /* Double-check that we haven't accidentally buffered * a message that doesn't fit into the input buffer. */ From 3d7439e90f304d09690d8efc3d83a88282e92dc9 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Tue, 10 Sep 2019 11:30:40 +0300 Subject: [PATCH 78/78] Review corrections 6 -Explicitly discard unnecessary return values of mbedtls_platform_put_uintXX_be by adding void casting. --- library/sha256.c | 9 +++++---- library/ssl_cli.c | 8 ++++---- library/ssl_srv.c | 18 ++++++++++-------- library/ssl_ticket.c | 2 +- library/ssl_tls.c | 31 +++++++++++++++++-------------- 5 files changed, 37 insertions(+), 31 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index d0bf54275..98965f7a7 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -357,8 +357,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - mbedtls_platform_put_uint32_be( ctx->buffer + 56, high ); - mbedtls_platform_put_uint32_be( ctx->buffer + 60, low ); + (void)mbedtls_platform_put_uint32_be( ctx->buffer + 56, high ); + (void)mbedtls_platform_put_uint32_be( ctx->buffer + 60, low ); if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); @@ -369,13 +369,14 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, for( s_pos = 0, o_pos = 0; s_pos < 7; s_pos++, o_pos += 4 ) { - mbedtls_platform_put_uint32_be( &output[o_pos], ctx->state[s_pos] ); + (void)mbedtls_platform_put_uint32_be( &output[o_pos], + ctx->state[s_pos] ); } #if !defined(MBEDTLS_SHA256_NO_SHA224) if( ctx->is224 == 0 ) #endif - mbedtls_platform_put_uint32_be( &output[28], ctx->state[7] ); + (void)mbedtls_platform_put_uint32_be( &output[28], ctx->state[7] ); return( 0 ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 425d357d5..e3aabb7f0 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -670,9 +670,9 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, *olen = p - buf; /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); + (void)mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ - mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); + (void)mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -2421,7 +2421,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl, defined(MBEDTLS_SSL_PROTO_TLS1_2) if( len_bytes == 2 ) { - mbedtls_platform_put_uint16_be( out, *olen ); + (void)mbedtls_platform_put_uint16_be( out, *olen ); *olen += 2; } #endif @@ -3987,7 +3987,7 @@ sign: return( ret ); } - mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + offset], n ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + offset], n ); ssl->out_msglen = 6 + n + offset; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 902f2fdd2..3afc565b1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2641,11 +2641,11 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, * 6 . 6 protocol name length * 7 . 7+n protocol name */ - mbedtls_platform_put_uint16_be( &buf[0], MBEDTLS_TLS_EXT_ALPN ); + (void)mbedtls_platform_put_uint16_be( &buf[0], MBEDTLS_TLS_EXT_ALPN ); *olen = 7 + strlen( ssl->alpn_chosen ); - mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); - mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); + (void)mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); + (void)mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF ); @@ -3100,7 +3100,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS - mbedtls_platform_put_uint16_be( p, sa_len ); + (void)mbedtls_platform_put_uint16_be( p, sa_len ); sa_len += 2; p += sa_len; } @@ -3162,7 +3162,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + ct_len + sa_len], total_dn_size ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + ct_len + sa_len], + total_dn_size ); ret = mbedtls_ssl_write_handshake_msg( ssl ); @@ -3716,7 +3717,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) if( signature_len != 0 ) { - mbedtls_platform_put_uint16_be( &ssl->out_msg[ssl->out_msglen], signature_len ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[ssl->out_msglen], + signature_len ); ssl->out_msglen += 2; MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", @@ -4658,9 +4660,9 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret ); tlen = 0; } - mbedtls_platform_put_uint32_be( &ssl->out_msg[4], lifetime ); + (void)mbedtls_platform_put_uint32_be( &ssl->out_msg[4], lifetime ); - mbedtls_platform_put_uint16_be( &ssl->out_msg[8], tlen ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[8], tlen ); ssl->out_msglen = 10 + tlen; /* diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 69e14cff7..285e73663 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -222,7 +222,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket, goto cleanup; } - mbedtls_platform_put_uint16_be( state_len_bytes, clear_len ); + (void)mbedtls_platform_put_uint16_be( state_len_bytes, clear_len ); /* Encrypt and authenticate */ tag = state + clear_len; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c9d406420..cf6ef129a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2236,7 +2236,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, memcpy( header, ctr, 8 ); header[8] = (unsigned char) type; - mbedtls_platform_put_uint16_be( &header[9], len ); + (void)mbedtls_platform_put_uint16_be( &header[9], len ); memset( padding, 0x36, padlen ); mbedtls_md_starts( md_ctx ); @@ -2388,13 +2388,14 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, { memcpy( add_data + 11, rec->cid, rec->cid_len ); add_data[11 + rec->cid_len + 0] = rec->cid_len; - mbedtls_platform_put_uint16_be( &add_data[11 + rec->cid_len + 1], rec->data_len ); + (void)mbedtls_platform_put_uint16_be( &add_data[11 + rec->cid_len + 1], + rec->data_len ); *add_data_len = 13 + 1 + rec->cid_len; } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - mbedtls_platform_put_uint16_be( &add_data[11], rec->data_len ); + (void)mbedtls_platform_put_uint16_be( &add_data[11], rec->data_len ); *add_data_len = 13; } } @@ -4142,8 +4143,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ memcpy( ssl->out_msg, cur->p, 6 ); - mbedtls_platform_put_uint24_be( &ssl->out_msg[6], frag_off ); - mbedtls_platform_put_uint24_be( &ssl->out_msg[9], cur_hs_frag_len ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[6], frag_off ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[9], + cur_hs_frag_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); @@ -4340,7 +4342,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) */ if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - mbedtls_platform_put_uint24_be( &ssl->out_msg[1], hs_len ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[1], hs_len ); /* * DTLS has additional fields in the Handshake layer, @@ -4368,7 +4370,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Write message_seq and update it, except for HelloRequest */ if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) { - mbedtls_platform_put_uint16_be( &ssl->out_msg[4], ssl->handshake->out_msg_seq ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4], + ssl->handshake->out_msg_seq ); ++( ssl->handshake->out_msg_seq ); } else @@ -4479,7 +4482,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->conf->transport, ssl->out_hdr + 1 ); memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); - mbedtls_platform_put_uint16_be( ssl->out_len, len ); + (void)mbedtls_platform_put_uint16_be( ssl->out_len, len ); if( ssl->transform_out != NULL ) { @@ -4522,7 +4525,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) memcpy( ssl->out_cid, rec.cid, rec.cid_len ); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_msglen = len = rec.data_len; - mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len ); + (void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len ); } protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); @@ -5081,12 +5084,12 @@ static int ssl_check_dtls_clihlo_cookie( /* Go back and fill length fields */ obuf[27] = (unsigned char)( *olen - 28 ); - mbedtls_platform_put_uint24_be( &obuf[14], ( *olen - 25 ) ); + (void)mbedtls_platform_put_uint24_be( &obuf[14], ( *olen - 25 ) ); obuf[22] = obuf[14]; obuf[23] = obuf[15]; obuf[24] = obuf[16]; - mbedtls_platform_put_uint16_be( &obuf[11], ( *olen - 13 ) ); + (void)mbedtls_platform_put_uint16_be( &obuf[11], ( *olen - 13 ) ); return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); } @@ -6474,7 +6477,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_hdr[0] = rec.type; ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msglen = rec.data_len; - mbedtls_platform_put_uint16_be( ssl->in_len, rec.data_len ); + (void)mbedtls_platform_put_uint16_be( ssl->in_len, rec.data_len ); return( 0 ); } @@ -6806,13 +6809,13 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); } - mbedtls_platform_put_uint24_be( &ssl->out_msg[i], n ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[i], n ); i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); i += n; crt = crt->next; } - mbedtls_platform_put_uint24_be( &ssl->out_msg[4], ( i - 7 ) ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[4], ( i - 7 ) ); ssl->out_msglen = i; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;