From 248ae6dbb812367ce3d3dd41ee5cfe8d69842e3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 001/130] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- include/mbedtls/rsa.h | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdc..7d7469d50 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -329,9 +329,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -355,9 +361,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -383,9 +395,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From a9e775efe46b2d9de2e10fecf5f808e3f68d5aba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 002/130] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 7 +++++++ include/mbedtls/threading.h | 3 --- library/ecp.c | 20 -------------------- library/threading.c | 9 --------- 4 files changed, 7 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f0116bcf..29acca935 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x released xxxx-xx-xx + +Changes + * Removed mutexes from ECP hardware accelerator code. Now all hardware + accelerator code in the library leaves concurrency handling to the + platform. Reported by Steven Cooreman. #863 + = mbed TLS 2.5.1 released 2017-06-21 Security diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a89fd6496..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,9 +97,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex; -#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/ecp.c b/library/ecp.c index 56f22c272..1cfd4b10f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1690,11 +1690,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return( ret ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1719,11 +1714,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ return( ret ); } @@ -1831,11 +1821,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1853,11 +1838,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); diff --git a/library/threading.c b/library/threading.c index 55091e8db..07586756f 100644 --- a/library/threading.c +++ b/library/threading.c @@ -113,9 +113,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_init( &mbedtls_threading_ecp_mutex ); -#endif } /* @@ -125,9 +122,6 @@ void mbedtls_threading_free_alt( void ) { mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_free( &mbedtls_threading_ecp_mutex ); -#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -139,8 +133,5 @@ void mbedtls_threading_free_alt( void ) #endif mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT; -#endif #endif /* MBEDTLS_THREADING_C */ From 8c1b0be111c81bc354504168b732c978dab16d8b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 13:05:44 +0100 Subject: [PATCH 003/130] Enable MBEDTLS_AES_ROM_TABLES in config-no-entropy Enable the MBEDTLS_AES_ROM_TABLES option in the configs/config-no-entropy.h to place AES lookup tables in ROM. This saves considerable RAM space, a resource that is very limited in small devices that use this configuration. --- configs/config-no-entropy.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 95f17d456..73758602a 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -80,6 +80,9 @@ #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C +/* Miscellaneous options */ +#define MBEDTLS_AES_ROM_TABLES + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ From 6f45598d32d0fc2a322d6f8993097b5d5661cc37 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 12:57:44 +0100 Subject: [PATCH 004/130] Add ChangeLog entry for config-no-entropy.h change --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 29acca935..fd5194375 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 + * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file + config-no-entropy.h to reduce the RAM footprint. = mbed TLS 2.5.1 released 2017-06-21 From ee5a0ca3bba93e6906c8220db227be0215a221b8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Jun 2017 15:23:23 +0300 Subject: [PATCH 005/130] Minor: Fix typos in program comments Fix a couple of typos and writer's mistakes, in some reference program applications --- programs/pkey/ecdh_curve25519.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index aa15c4687..e7ead9a93 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -204,7 +204,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Verification: are the computed secret equal? + * Verification: are the computed secrets equal? */ mbedtls_printf( " . Checking if both computed secrets are equal..." ); fflush( stdout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e6366cec..a25886824 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2168,7 +2168,7 @@ handshake: #if defined(MBEDTLS_X509_CRT_PARSE_C) /* - * 5. Verify the server certificate + * 5. Verify the client certificate */ mbedtls_printf( " . Verifying peer X.509 certificate..." ); From e1b92fee55661a9adc61351784a13c1b01f016bf Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 006/130] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 ++- library/gcm.c | 6 ++- tests/suites/test_suite_gcm.aes128_de.data | 4 ++ tests/suites/test_suite_gcm.aes128_en.data | 4 ++ tests/suites/test_suite_gcm.aes192_de.data | 4 ++ tests/suites/test_suite_gcm.aes192_en.data | 4 ++ tests/suites/test_suite_gcm.aes256_de.data | 4 ++ tests/suites/test_suite_gcm.aes256_en.data | 4 ++ tests/suites/test_suite_gcm.function | 43 ++++++++++++++++++++++ 9 files changed, 76 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd5194375..491b18bd2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/gcm.c b/library/gcm.c index f1210c52c..fccb092bd 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -277,8 +277,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t use_len, olen = 0; /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ - if( ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) + /* IV is not allowed to be zero length */ + if( iv_len == 0 || + ( (uint64_t) iv_len ) >> 61 != 0 || + ( (uint64_t) add_len ) >> 61 != 0 ) { return( MBEDTLS_ERR_GCM_BAD_INPUT ); } diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index 6eaa711b9..2a2e32f0d 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index d8bee9d56..9453ffa70 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data index 841c6fa36..9e7bad00f 100644 --- a/tests/suites/test_suite_gcm.aes192_de.data +++ b/tests/suites/test_suite_gcm.aes192_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data index 18e56e79c..5ea110186 100644 --- a/tests/suites/test_suite_gcm.aes192_en.data +++ b/tests/suites/test_suite_gcm.aes192_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data index 0fe848978..9696a62be 100644 --- a/tests/suites/test_suite_gcm.aes256_de.data +++ b/tests/suites/test_suite_gcm.aes256_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data index 23d1689cc..0ff716d5d 100644 --- a/tests/suites/test_suite_gcm.aes256_en.data +++ b/tests/suites/test_suite_gcm.aes256_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 56c7e1899..308e14bb4 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -7,6 +7,49 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void gcm_bad_parameters( int cipher_id, int direction, + char *hex_key_string, char *hex_src_string, + char *hex_iv_string, char *hex_add_string, + int tag_len_bits, int gcm_result ) +{ + unsigned char key_str[128]; + unsigned char src_str[128]; + unsigned char dst_str[257]; + unsigned char iv_str[128]; + unsigned char add_str[128]; + unsigned char tag_str[128]; + unsigned char output[128]; + unsigned char tag_output[16]; + mbedtls_gcm_context ctx; + unsigned int key_len; + size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; + + mbedtls_gcm_init( &ctx ); + + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( add_str, 0x00, sizeof( add_str ) ); + memset( tag_str, 0x00, sizeof( tag_str ) ); + memset( output, 0x00, sizeof( output ) ); + memset( tag_output, 0x00, sizeof( tag_output ) ); + + key_len = unhexify( key_str, hex_key_string ); + pt_len = unhexify( src_str, hex_src_string ); + iv_len = unhexify( iv_str, hex_iv_string ); + add_len = unhexify( add_str, hex_add_string ); + + TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len, + add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result ); + +exit: + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, char *hex_key_string, char *hex_src_string, From 85bdcf8c16f280d76c4cd9f12f74a223a46e4419 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 007/130] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ library/x509_crt.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 491b18bd2..84ca3684a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/x509_crt.c b/library/x509_crt.c index d86857de8..915a7f63e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1171,13 +1171,13 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( dir == NULL ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) { closedir( dir ); return( ret ); } -#endif +#endif /* MBEDTLS_THREADING_C */ while( ( entry = readdir( dir ) ) != NULL ) { @@ -1210,10 +1210,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) cleanup: closedir( dir ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; -#endif +#endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ From eba5dabc61240aeded9cffd20b840f0d184d2e2c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 008/130] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 84ca3684a..05892db80 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/x509_crt.c b/library/x509_crt.c index 915a7f63e..a6dce95ba 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1146,7 +1146,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + { + ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } w_ret = mbedtls_x509_crt_parse_file( chain, filename ); if( w_ret < 0 ) @@ -1159,6 +1162,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( GetLastError() != ERROR_NO_MORE_FILES ) ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; +cleanup: FindClose( hFind ); #else /* _WIN32 */ int t_ret; From 7875b2428794a32b0b60a9c04f3bd07a86ad2460 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 009/130] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ library/dhm.c | 6 +++--- library/ecp.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 05892db80..c88239dfd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/dhm.c b/library/dhm.c index a4715d170..bec52a11d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -165,7 +165,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -251,7 +251,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -324,7 +324,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, count = 0; do { - mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); diff --git a/library/ecp.c b/library/ecp.c index 1cfd4b10f..5ad686398 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1128,7 +1128,7 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); @@ -1527,7 +1527,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); From 544039ac598e0d90f7ad73944bf052978f6a86d2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Jun 2017 14:31:29 +0100 Subject: [PATCH 010/130] Undo API change The previous commit b3e6872c9381ed4ce020d631dda1e0126c42b64f changed to public functions from ssl_ciphersuite.h to static inline. This commit reverts this change. --- include/mbedtls/ssl_ciphersuites.h | 36 ++---------------------------- library/ssl_ciphersuites.c | 36 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 931c1b3c3..9101d9cc7 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -359,23 +359,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciph mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -static inline int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) @@ -429,23 +414,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) { switch( info->key_exchange ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index c1a92d67d..95e6163cc 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1834,6 +1834,42 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers return( MBEDTLS_PK_NONE ); } } + #endif /* MBEDTLS_PK_C */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_PSK: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ From 0a38f1ac28aaf3de7631d3da0863b94167aad9b6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 11:25:37 +0100 Subject: [PATCH 011/130] Undo API change from SHA1 deprecation The previous commit bd5ceee484f201b90a384636ba12de86bd330cba removed the definition of the global constants - mbedtls_test_ca_crt_rsa_len, - mbedtls_test_cli_crt_rsa_len, - mbedtls_test_ca_crt_rsa, and - mbedtls_test_cli_crt_rsa. This commit restores these to maintain ABI compatibility. Further, it was noticed that without SHA256_C being enabled the previous code failed to compile because because the SHA1 resp. SHA256 certificates were only defined when the respective SHAXXX_C options were set, but the emission of the global variable mbedtls_test_ca_crt was unconditionally defined through the SHA256 certificate. Previously, the RSA SHA1 certificate was unconditionally defined and used for that. As a remedy, this commit makes sure some RSA certificate is defined and exported through the following rule: 1. If SHA256_C is active, define an RSA SHA256 certificate and export it as mbedtls_test_ca_crt. Also, define SHA1 certificates only if SHA1_C is set. 2. If SHA256_C is not set, always define SHA1 certificate and export it as mbedtls_test_ca_crt. --- library/certs.c | 75 +++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/library/certs.c b/library/certs.c index 5c0199891..f1379b8cb 100644 --- a/library/certs.c +++ b/library/certs.c @@ -116,31 +116,6 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec ); #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA1_C) -#define TEST_CA_CRT_RSA_SHA1 \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ -"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ -"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ -"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ -"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ -"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ -"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ -"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ -"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ -"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ -"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ -"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ -"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ -"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ -"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ -"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ -"-----END CERTIFICATE-----\r\n" -static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -#endif #if defined(MBEDTLS_SHA256_C) #define TEST_CA_CRT_RSA_SHA256 \ @@ -165,7 +140,46 @@ static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; "ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \ "n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \ "-----END CERTIFICATE-----\r\n" + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#define TEST_CA_CRT_RSA_SOME + static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; + +#endif + +#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C) +#define TEST_CA_CRT_RSA_SHA1 \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ +"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ +"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ +"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ +"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ +"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ +"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ +"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ +"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ +"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ +"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ +"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ +"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ +"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ +"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ +"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ +"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ +"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +#if !defined (TEST_CA_CRT_RSA_SOME) +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#endif + +static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; + #endif const char mbedtls_test_ca_key_rsa[] = @@ -257,7 +271,7 @@ const char mbedtls_test_srv_key_rsa[] = "-----END RSA PRIVATE KEY-----\r\n"; const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); -static const char mbedtls_test_cli_crt_rsa_sha256[] = +const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" @@ -279,6 +293,7 @@ static const char mbedtls_test_cli_crt_rsa_sha256[] = "ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n" "c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n" "-----END CERTIFICATE-----\r\n"; +const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); const char mbedtls_test_cli_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" @@ -354,19 +369,19 @@ const size_t mbedtls_test_cas_len[] = { }; #if defined(MBEDTLS_RSA_C) -const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256; +const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */ const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa; const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa; const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa; const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa; -const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256; +const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa; const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa; -const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa ); const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa ); const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1; const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa ); const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa ); -const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 ); +const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa ); const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa ); #else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */ const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec; From 649dcab1759588aa8bcccb2a6c40c3d4ce5821d4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:19 +0100 Subject: [PATCH 012/130] Clarify documentation for alternative AES implementations The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been superseded by mbedtls_aes_internal_decrypt and mbedtls_aes_internal_encrypt, respectively. Alternative implementations should now only replace the latter, and leave the maintenance wrapper definitions of the former untouched. This commit clarifies this in the documentation of the respective configuration options MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 12 +++++++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc81..6044a51aa 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,9 +287,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) + * \brief Old AES block encryption function without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -306,9 +304,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( } /** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) + * \brief Old AES block decryption function without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..2a2209a35 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -273,9 +273,15 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * have to stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. * * Uncomment a macro to enable alternate implementation of the corresponding * function. From 489b985fae447c89d65e56fe7be79a1968d18813 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:56 +0100 Subject: [PATCH 013/130] Export mbedtls_aes_(en/de)crypt to retain for API compatibility The commit f5bf7189d303e602992c750c09e429e23c7b2abf made the AES functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing the library's API. This commit reverts this. --- include/mbedtls/aes.h | 20 ++++++-------------- library/aes.c | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 6044a51aa..4a546acc9 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -295,13 +295,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); /** * \brief Old AES block decryption function without return value. @@ -312,13 +308,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( * \param input Ciphertext block * \param output Output (plaintext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b..58603849c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,6 +765,13 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_encrypt( ctx, input, output ); +} + /* * AES-ECB block decryption */ @@ -824,6 +831,13 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_decrypt( ctx, input, output ); +} + /* * AES-ECB block encryption/decryption */ From 1a28b01b5e500cf0f53df797a4a23aa0e328bb6b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Jul 2017 09:50:59 +0100 Subject: [PATCH 014/130] Make minor changes to documentation --- include/mbedtls/aes.h | 6 ++++-- include/mbedtls/config.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4a546acc9..1829f7240 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,7 +287,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Old AES block encryption function without return value. + * \brief Deprecated internal AES block encryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -300,7 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ); /** - * \brief Old AES block decryption function without return value. + * \brief Deprecated internal AES block decryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a2209a35..b10d87375 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -277,7 +277,7 @@ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * have to stay untouched. + * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES From 75c0c814e4bf9cf753d20c04f5eaebb04c7ab6c6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 20 Jul 2017 12:33:41 +0200 Subject: [PATCH 015/130] Update Changelog for API/ABI fixes to revert interface --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index c88239dfd..0209cfe9e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the + API consistent with mbed TLS 2.5.0. Specifically removed the inline + qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 From 122d89929617e9735773eb4dbb4cf0bf6e66724c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:03:23 +0100 Subject: [PATCH 016/130] Add library setup and teardown APIs Add the following two functions to allow platform setup and teardown operations for the full library to be hooked in: * mbedtls_platform_setup() * mbedtls_platform_teardown() An mbedtls_platform_context C structure is also added and two internal functions that are called by the corresponding setup and teardown functions above: * mbedtls_internal_platform_setup() * mbedtls_internal_plartform_teardown() Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow mbedtls_platform_context and internal function to be overriden by the user as needed for a platform. --- include/mbedtls/config.h | 1 + include/mbedtls/platform.h | 45 ++++++++++++++++++++++++++++++++++++++ library/platform.c | 30 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b10d87375..ffeeb34af 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,6 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_SETUP_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index b1b019e55..a9ff7e421 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,6 +288,51 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +typedef struct mbedtls_platform_context mbedtls_platform_context; +#else +#include "platform_alt.h" +#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ + +/** + * \brief Perform any platform initialisation operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be called before any other library function + */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Perform any platform teardown operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be after every other mbed TLS module has been + * correctly freed using the appropriate free function. + */ +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); + +/** + * \brief Internal function to perform any platform initialisation operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + * + * \return 0 if successful + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Internal function to perform any platform teardown operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 8b336c38e..2ac67cbe9 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,4 +304,34 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) +{ + return( mbedtls_internal_platform_setup( ctx ) ); +} + +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) +{ + mbedtls_internal_platform_teardown( ctx ); +} + +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +/* + * Placeholder internal platform setup that does nothing by default + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +{ + (void)ctx; + + return( 0 ); +} + +/* + * Placeholder internal platform teardown that does nothing by default + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +{ + (void)ctx; +} +#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ + #endif /* MBEDTLS_PLATFORM_C */ From ab8b624fd5f0b1d4752a34bb247204a5702ad379 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:19:13 +0100 Subject: [PATCH 017/130] Add ChangeLog entry for platform setup and teardown --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0209cfe9e..937991afc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() + to perform platform-specific setup and teardown operations. Furthermore, + the internal functions mbedtls_internal_platform_setup() and + mbedtls_internal_platform_teardown() to allow platform-specific hooks to + be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT + allows the internal functions to be overridden. This new APIs are + specially useful in some embedded environments that have hardware + acceleration support. + API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline From 82d7314c434338ff34b8dc43f0981ae1fb6f07e9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:25:17 +0100 Subject: [PATCH 018/130] Remove internal functions from setup API --- include/mbedtls/platform.h | 21 ++++----------------- library/platform.c | 18 ++++-------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a9ff7e421..29b80cd3e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,6 +289,10 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +struct mbedtls_platform_context { + char dummy; /**< Placeholder member as empty structs are not portable */ +}; + typedef struct mbedtls_platform_context mbedtls_platform_context; #else #include "platform_alt.h" @@ -316,23 +320,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform initialisation operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - * - * \return 0 if successful - */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform teardown operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 2ac67cbe9..f739f2f0f 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,21 +304,11 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) -{ - return( mbedtls_internal_platform_setup( ctx ) ); -} - -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) -{ - mbedtls_internal_platform_teardown( ctx ); -} - #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) /* - * Placeholder internal platform setup that does nothing by default + * Placeholder platform setup that does nothing by default */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) { (void)ctx; @@ -326,9 +316,9 @@ int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) } /* - * Placeholder internal platform teardown that does nothing by default + * Placeholder platform teardown that does nothing by default */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } From 849811c9ccda98bdd135c4f92369462d5e145d7d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:27:05 +0100 Subject: [PATCH 019/130] Modify ChangeLog according to API changes --- ChangeLog | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 937991afc..ae2d59ac5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,11 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - to perform platform-specific setup and teardown operations. Furthermore, - the internal functions mbedtls_internal_platform_setup() and - mbedtls_internal_platform_teardown() to allow platform-specific hooks to - be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT - allows the internal functions to be overridden. This new APIs are - specially useful in some embedded environments that have hardware - acceleration support. + and the context struct mbedtls_platform_context to perform + platform-specific setup and teardown operations. The macro + MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the + user in a platform_alt.h file. This new APIs are specially useful in some + embedded environments that have hardware acceleration support. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the From 9d80a363363dfff1c90754470528ed1c68a3611f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:32:40 +0100 Subject: [PATCH 020/130] Improve documentation for mbedtls_platform_context --- include/mbedtls/platform.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 29b80cd3e..88a0bdf33 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,11 +289,18 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) -struct mbedtls_platform_context { - char dummy; /**< Placeholder member as empty structs are not portable */ -}; -typedef struct mbedtls_platform_context mbedtls_platform_context; +/** + * \brief Platform context structure + * + * \note This structure may be used to assist platform-specific + * setup/teardown operations. + */ +typedef struct { + char dummy; /**< Placeholder member as empty structs are not portable */ +} +mbedtls_platform_context; + #else #include "platform_alt.h" #endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ From 9da69514ecbc69b9e1b4ad2ad85a82e18e8c68b8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:23:04 +0100 Subject: [PATCH 021/130] Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive as this macro enables/disables both functions. --- include/mbedtls/config.h | 2 +- include/mbedtls/platform.h | 4 ++-- library/platform.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ffeeb34af..de9993848 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,7 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 88a0bdf33..712bbe937 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,7 +288,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /** * \brief Platform context structure @@ -303,7 +303,7 @@ mbedtls_platform_context; #else #include "platform_alt.h" -#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** * \brief Perform any platform initialisation operations diff --git a/library/platform.c b/library/platform.c index f739f2f0f..af3b2f15e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,7 +304,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /* * Placeholder platform setup that does nothing by default */ @@ -322,6 +322,6 @@ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } -#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #endif /* MBEDTLS_PLATFORM_C */ From f92e5d5dbc6a52a14342997693f0cc5c9b6dd040 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:24:26 +0100 Subject: [PATCH 022/130] Fix typo in ChangeLog and update macro name --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae2d59ac5..d9682a5ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,8 @@ Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the - user in a platform_alt.h file. This new APIs are specially useful in some + MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden + by the user in a platform_alt.h file. This new APIs are required in some embedded environments that have hardware acceleration support. API Changes From 1d74c41a4913d1e49f11d22474f2a7f723d59138 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 023/130] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d9682a5ea..cf29b0a65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 49406c89788d582a1445216fe7cfb1c360ee4e40 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 024/130] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index cf29b0a65..ed0220f85 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8c50e72a0afe745be37e23f03ee98cd3597a3365 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 025/130] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ed0220f85..9fee9c43e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 45778acf85b7d19506478c777cdb0fe5e74a4669 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 026/130] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9fee9c43e..4181281c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e1b2f6bd33af2c5f1a542759a71267bcb46b1087 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 027/130] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4181281c7..0bb5d88c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8d65f95901b46e02e0284516be6af94b6005320b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 01:48:17 +0200 Subject: [PATCH 028/130] Correct order of sections in the ChangeLog --- ChangeLog | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0bb5d88c1..d9682a5ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,18 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From be4f75c12f9ee37eea8d836909fe04841567210b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 02:08:00 +0200 Subject: [PATCH 029/130] Add additional comments to platform setup/teardown functions --- include/mbedtls/platform.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 712bbe937..25b5d2129 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -312,7 +312,13 @@ mbedtls_platform_context; * * \return 0 if successful * - * \note This function should be called before any other library function + * \note This function is intended to allow platform specific initialisation, + * and should be called before any other library functions. Its + * implementation is platform specific, and by default, unless platform + * specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** @@ -322,8 +328,13 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \return 0 if successful * - * \note This function should be after every other mbed TLS module has been - * correctly freed using the appropriate free function. + * \note This function should be called after every other mbed TLS module has + * been correctly freed using the appropriate free function. + * Its implementation is platform specific, and by default, unless + * platform specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From c0da47dd1ea251c200f1971593a13def3d9e2084 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 23:48:55 +0100 Subject: [PATCH 030/130] Fix platform setup/teardown feature and comments Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it as a feature in 'version_features.c'. --- include/mbedtls/platform.h | 2 -- library/version_features.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 25b5d2129..35010f885 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -326,8 +326,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \param ctx mbed TLS context * - * \return 0 if successful - * * \note This function should be called after every other mbed TLS module has * been correctly freed using the appropriate free function. * Its implementation is platform specific, and by default, unless diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..bb172f298 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -69,6 +69,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) "MBEDTLS_PLATFORM_NV_SEED_ALT", #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ From 05d9535c9016d0ea709fa396bfc8c1ed6b73913c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:05:55 +0100 Subject: [PATCH 031/130] Enable 64-bit compilation with ARM Compiler 6 This patch fixes the conditional preprocessor directives in include/mbedtls/bignum.h to enable 64-bit compilation with ARM Compiler 6. --- ChangeLog | 2 ++ include/mbedtls/bignum.h | 68 ++++++++++++++++++++++++---------------- 2 files changed, 43 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index d9682a5ea..6c2f783cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix conditional preprocessor directives in bignum.h to enable 64-bit + compilation when using ARM Compiler 6. Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 1a5b4b675..ac89069dc 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -106,33 +106,47 @@ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM */ -#if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(_MSC_VER) && defined(_M_AMD64) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; -#else - #if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - (defined(__sparc__) && defined(__arch64__)) || \ - defined(__s390x__) || defined(__mips64) ) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #else - #define MBEDTLS_HAVE_INT32 - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */ -#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */ +#if !defined(MBEDTLS_HAVE_INT32) + #if defined(_MSC_VER) && defined(_M_AMD64) + /* Always choose 64-bit when using MSC */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #elif defined(__GNUC__) && ( \ + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + ( defined(__sparc__) && defined(__arch64__) ) || \ + defined(__s390x__) || defined(__mips64) ) + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #elif defined(__ARMCC_VERSION) && defined(__aarch64__) + /* __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif +#endif /* !MBEDTLS_HAVE_INT32 */ + +#if !defined(MBEDTLS_HAVE_INT64) + /* Default to 32-bit compilation */ + #if !defined(MBEDTLS_HAVE_INT32) + #define MBEDTLS_HAVE_INT32 + #endif /* !MBEDTLS_HAVE_INT32 */ + typedef int32_t mbedtls_mpi_sint; + typedef uint32_t mbedtls_mpi_uint; + typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus extern "C" { From dd29c2f2c3da25f3d379d07bd68d4056407870ba Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:35:51 +0100 Subject: [PATCH 032/130] Add all.sh test to force 32-bit compilation --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2c..743735e39 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -438,6 +438,17 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + +msg "build: gcc, force 32-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + +msg "test: gcc, force 32-bit compilation" +make test fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From 6ee7dad8961a089f0c405c5bdc2fc58efc2bff08 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 11:49:32 +0100 Subject: [PATCH 033/130] Allow forcing 64-bit integer type Allow forcing 64-bit integer type for bignum operations. Also introduce the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length integer in unknown compilers. --- include/mbedtls/bignum.h | 61 ++++++++++++++++++++++++++-------- include/mbedtls/check_config.h | 10 ++++++ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ac89069dc..3b76c1cac 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -103,13 +103,28 @@ /* * Define the base integer type, architecture-wise. * - * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) - * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM + * 32 or 64-bit integer types can be forced regardless of the underlying + * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 + * respectively and undefining MBEDTLS_HAVE_ASM. + * + * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * disabled by defining MBEDTLS_NO_UDBL_DIVISION. + * + * The double length integer types can be configured by defining + * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the + * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL + * must be a complete statement of the form: + * typedef mbedtls_t_udbl + * for example: + * #define MBEDTLS_TYPE_UDBL \ + * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) /* Always choose 64-bit when using MSC */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; #elif defined(__GNUC__) && ( \ @@ -118,22 +133,39 @@ defined(__ia64__) || defined(__alpha__) || \ ( defined(__sparc__) && defined(__arch64__) ) || \ defined(__s390x__) || defined(__mips64) ) - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* __ARMCC_VERSION is defined for both armcc and armclang and + /* + * __ARMCC_VERSION is defined for both armcc and armclang and * __aarch64__ is only defined by armclang when compiling 64-bit code */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ + #elif defined(MBEDTLS_HAVE_INT64) + /* Force 64-bit integers with unknown compiler */ + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) + MBEDTLS_TYPE_UDBL; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -144,8 +176,9 @@ #endif /* !MBEDTLS_HAVE_INT32 */ typedef int32_t mbedtls_mpi_sint; typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + typedef uint64_t mbedtls_t_udbl; + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index dab1113d8..7261e7da9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -650,6 +650,16 @@ #error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) +#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" +#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ + +#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ + defined(MBEDTLS_HAVE_ASM +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" + "defined simultaneously" +#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From 9a9adcd6aab77abe97ed77ae200516f2fe1d20ed Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Jun 2017 15:19:20 +0200 Subject: [PATCH 034/130] MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION Changed the option to disable the use of 64-bit division, to an option to disable the use of double-width division, whether that's 64 or 128-bit. --- ChangeLog | 7 +++++++ include/mbedtls/config.h | 25 +++++++++++++++++++++++++ tests/scripts/all.sh | 7 +++++++ 3 files changed, 39 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6c2f783cd..c3ec3c3cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. +Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. + * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the + double-width integer type used in the bignum module when the compiler is + unknown. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index de9993848..a921f4787 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -55,6 +55,31 @@ */ #define MBEDTLS_HAVE_ASM +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. + */ +//#define MBEDTLS_NO_UDBL_DIVISION + /** * \def MBEDTLS_HAVE_SSE2 * diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 743735e39..630ddfb36 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -468,6 +468,13 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s +cleanup +scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +echo "Checking that software 64-bit division is not required" +! grep __aeabi_uldiv library/*.o + msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 710f54182f09b419a15de67c9ae10ebb6d48a002 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2017 18:01:54 +0200 Subject: [PATCH 035/130] Checked names --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index bb172f298..5cbe8aca3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -36,6 +36,9 @@ static const char *features[] = { #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_NO_UDBL_DIVISION) + "MBEDTLS_NO_UDBL_DIVISION", +#endif /* MBEDTLS_NO_UDBL_DIVISION */ #if defined(MBEDTLS_HAVE_SSE2) "MBEDTLS_HAVE_SSE2", #endif /* MBEDTLS_HAVE_SSE2 */ From bebc5f69f8d21ff6feec49de96fffb2949e215f9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 12:11:19 +0100 Subject: [PATCH 036/130] Fix typo in check_config.h --- include/mbedtls/bignum.h | 4 ++-- include/mbedtls/check_config.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3b76c1cac..c8d94c920 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -107,10 +107,10 @@ * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 * respectively and undefining MBEDTLS_HAVE_ASM. * - * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. * - * The double length integer types can be configured by defining + * The double-width integer types can be configured by defining * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL * must be a complete statement of the form: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7261e7da9..e846b429a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -654,8 +654,8 @@ #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ -#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ - defined(MBEDTLS_HAVE_ASM +#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ + defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" "defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ From 713c6fdd4e7ec2170c474c73d4302d5d9e4eca1f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:15 +0100 Subject: [PATCH 037/130] Fix check_config.h #error directive --- include/mbedtls/check_config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e846b429a..fa72454e5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -656,8 +656,7 @@ #if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" - "defined simultaneously" +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ /* From 33264d7a96c8a66c76b36e81854e9b9da8e1dba3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:34 +0100 Subject: [PATCH 038/130] Add tests for 64 and 32-bit int types compilation --- tests/scripts/all.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 630ddfb36..7466b5403 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,10 +447,31 @@ scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "test: gcc, force 32-bit compilation" +msg "build: gcc, force 64-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + +msg "test: gcc, force 64-bit compilation" make test + +msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make fi # x86_64 +msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 6fb65864a20c0ebb0ad571bd6a755a0c279d3f73 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:27:35 +0100 Subject: [PATCH 039/130] Fix no 64-bit division test in all.sh --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7466b5403..1f5bad44b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -491,6 +491,18 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +scripts/config.pl full +scripts/config.pl unset MBEDTLS_NET_C +scripts/config.pl unset MBEDTLS_TIMING_C +scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY +# following things are not in the default config +scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c +scripts/config.pl unset MBEDTLS_THREADING_PTHREAD +scripts/config.pl unset MBEDTLS_THREADING_C +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib echo "Checking that software 64-bit division is not required" From de2e70431f01341291be75a778f4c3c43cfbd471 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 17:33:09 +0100 Subject: [PATCH 040/130] Remove MBEDTLS_TYPE_UDBL option --- ChangeLog | 3 --- include/mbedtls/bignum.h | 14 +------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index c3ec3c3cd..008db7ace 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,9 +19,6 @@ API Changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. - * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the - double-width integer type used in the bignum module when the compiler is - unknown. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index c8d94c920..456a80420 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -109,15 +109,6 @@ * * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. - * - * The double-width integer types can be configured by defining - * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the - * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL - * must be a complete statement of the form: - * typedef mbedtls_t_udbl - * for example: - * #define MBEDTLS_TYPE_UDBL \ - * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) @@ -162,10 +153,6 @@ /* Force 64-bit integers with unknown compiler */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) - MBEDTLS_TYPE_UDBL; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -178,6 +165,7 @@ typedef uint32_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ From c327aa1542315a79cc9451973631c81217be52bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:50:25 +0100 Subject: [PATCH 041/130] Remove MBEDTLS_TYPE_UDBL tests from all.sh --- tests/scripts/all.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f5bad44b..65dc47175 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -458,20 +458,15 @@ CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make msg "test: gcc, force 64-bit compilation" make test -msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +msg "build: gcc, force 64-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 -msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make - msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From fdd11b253125253b6abb76da3e8f42f3c91a3076 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:56:22 +0100 Subject: [PATCH 042/130] Improve MBEDTLS_NO_UDBL_DIVISION description --- include/mbedtls/config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a921f4787..47c719640 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -76,7 +76,10 @@ * * Note that division for the native integer type is always required. * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. */ //#define MBEDTLS_NO_UDBL_DIVISION From 3422ddfa4c8e5f21c5339f692eb3318d7163c607 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 043/130] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 008db7ace..539fff102 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() @@ -16,10 +16,6 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. - Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 @@ -35,6 +31,8 @@ Bugfix compilation when using ARM Compiler 6. Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 537e2e9bb3098377febf51a20b1befdd99d5746b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 044/130] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 539fff102..292d5f380 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 237ab35b4aa7d2a9b480da5f447647fa07c41c6a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 045/130] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 292d5f380..240bff40a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8a26de6d99b3eb7800156a197a66180b82e39f16 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 046/130] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 240bff40a..127123117 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e6ec1d2d44b0272744106e533cd756e3c0747263 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 047/130] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 127123117..562fa6a78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From de1586799d9f2794e28fb94a382bac59d36a15a8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 22 Jul 2017 11:49:55 +0200 Subject: [PATCH 048/130] Added missing credit to Changelog and format fixes --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 562fa6a78..40b4fae44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 + Found by James Cowgill. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -44,7 +45,7 @@ Bugfix Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. + 64-bit division. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 51aaa99473aa3e5f62440b1d683f4858ea4e188c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 23 Jul 2017 13:42:36 +0200 Subject: [PATCH 049/130] Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them. --- tests/scripts/all.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65dc47175..d9c5bbfa4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -486,6 +486,7 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -526,11 +527,20 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean +# ARM Compiler 6 - Target ARMv7-A armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + +# ARM Compiler 6 - Target ARMv7-M armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + +# ARM Compiler 6 - Target ARMv8-A - AArch32 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + +# ARM Compiler 6 - Target ARMv8-M armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -armc6_build_test "--target=aarch64-arm-none-eabi" + +# ARM Compiler 6 - Target ARMv8-A - AArch64 +armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" msg "build: allow SHA1 in certificates by default" cleanup From b3136be542b4a5b4aa02ab72e3a40ac5e3b4fb15 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 21 Jun 2017 14:57:25 +0300 Subject: [PATCH 050/130] github templates Add templates for github, for templates to be used in new issues and new PRs --- .github/issue_template.md | 40 ++++++++++++++++++++++++++++++++ .github/pull_request_template.md | 39 +++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 .github/issue_template.md create mode 100644 .github/pull_request_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md new file mode 100644 index 000000000..3398f49e6 --- /dev/null +++ b/.github/issue_template.md @@ -0,0 +1,40 @@ +Note: This is just a template, so feel free to use/remove the unnecessary things + +### Description +- Type: Bug | Enhancement\Feature Request | Question +- Priority: Blocker | Major | Minor + +--------------------------------------------------------------- +## Bug + +**OS** +linux|windows|?? + +**mbed TLS build:** +Version: x.x.x or git commit id +Configuration: please attach config.h file +Compiler and options (if you used a pre-built binary, please indicate how you obtained it): +Additional environment information: + +**peer device TLS stack and version** +openSSL | GnuTls | other +version: + +**Expected behavior** + +**Actual behavior** + +**Steps to reproduce** + +---------------------------------------------------------------- +## Enhancement\Feature Request + +**Incentive for change** + +**Suggested enhancement** + +----------------------------------------------------------------- + +## Question + +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..dac8bde2a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,39 @@ +Notes: +* Pull requests will not be accepted until: +- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) + or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) +- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) +* This is just a template, so feel free to use/remove the unnecessary things +## Description +A few sentences describing the overall goals of the pull request's commits. + + +## Status +**READY/IN DEVELOPMENT/HOLD** + +## Requires Backporting +When there is a bug fix, it should be backported to legacy supported branches. +legacy supported branches will not be backported if: +- This PR is a new feature\enhancement +- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch + +Yes | NO +What branch? + +## Migrations +If there is any API change, what's the incentive and logic for it. + +YES | NO + +## Additional comments +Any additional information that could be of interest + +## Todos +- [ ] Tests +- [ ] Documentation +- [ ] Changelog updated +- [ ] Backported + + +## Steps to test or reproduce +Outline the steps to test or reproduce the PR here. \ No newline at end of file From 779d9f6886b94dd6f5366ab29348830e0eea64ec Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 13:28:48 +0300 Subject: [PATCH 051/130] Update after Simon's comment Update the comment with Simon's comments --- .github/issue_template.md | 11 ++++++----- .github/pull_request_template.md | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 3398f49e6..772d98b33 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,16 +8,17 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -linux|windows|?? +mbed-OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id -Configuration: please attach config.h file +OS version: x.x.x +Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: **peer device TLS stack and version** -openSSL | GnuTls | other +openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other version: **Expected behavior** @@ -29,7 +30,7 @@ version: ---------------------------------------------------------------- ## Enhancement\Feature Request -**Incentive for change** +**Justification - why does the library need this feature?** **Suggested enhancement** @@ -37,4 +38,4 @@ version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index dac8bde2a..fa0c7e964 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ Notes: -* Pull requests will not be accepted until: +* Pull requests cannot be accepted until: - The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) - or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) + or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) - The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) * This is just a template, so feel free to use/remove the unnecessary things ## Description @@ -18,7 +18,7 @@ legacy supported branches will not be backported if: - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch Yes | NO -What branch? +Which branch? ## Migrations If there is any API change, what's the incentive and logic for it. @@ -36,4 +36,4 @@ Any additional information that could be of interest ## Steps to test or reproduce -Outline the steps to test or reproduce the PR here. \ No newline at end of file +Outline the steps to test or reproduce the PR here. From 3aa712dff78b10f8fd1b6c4ca58187f80b152560 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 24 Jul 2017 14:19:02 +0200 Subject: [PATCH 052/130] Minor typo fixes in the github template files --- .github/issue_template.md | 6 +++--- .github/pull_request_template.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 772d98b33..33f68fba1 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -17,9 +17,9 @@ Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: -**peer device TLS stack and version** -openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other -version: +**Peer device TLS stack and version** +OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other +Version: **Expected behavior** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fa0c7e964..485b54195 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -12,8 +12,8 @@ A few sentences describing the overall goals of the pull request's commits. **READY/IN DEVELOPMENT/HOLD** ## Requires Backporting -When there is a bug fix, it should be backported to legacy supported branches. -legacy supported branches will not be backported if: +When there is a bug fix, it should be backported to all maintained and supported branches. +Changes do not have to be backported if: - This PR is a new feature\enhancement - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch From fcb7491a49f3a1617b8e8a42cbf78bb432e2c579 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 053/130] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 +++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++ tests/scripts/check-names.sh | 2 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 000000000..d0ed4a38f --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 000000000..6b2da10ed --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 191594ce0..4c66440e2 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -12,7 +12,7 @@ set -eu if grep --version|head -n1|grep GNU >/dev/null; then :; else - echo "This script requires GNU grep." + echo "This script requires GNU grep.">&2 exit 1 fi From 84f986c0e0c1258d8a87e3edbdfb945af0b72690 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 054/130] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f..f78df991d 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 9508923e9a949ce52e0c133cb0f2a5c2b185cb19 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 055/130] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d..400d63ee5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From ee16553d8e7054739310da2cb7c1705b0dcef2aa Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 056/130] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee5..6bd9110c5 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed..ee54a6cff 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From 4d90d56dfe3beb2b1da61b8518f609dcba05011a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 057/130] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- {test => tests}/git-scripts/README.md | 4 ++-- {test => tests}/git-scripts/pre-push.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename {test => tests}/git-scripts/README.md (67%) rename {test => tests}/git-scripts/pre-push.sh (100%) diff --git a/test/git-scripts/README.md b/tests/git-scripts/README.md similarity index 67% rename from test/git-scripts/README.md rename to tests/git-scripts/README.md index 6bd9110c5..29d7501b3 100644 --- a/test/git-scripts/README.md +++ b/tests/git-scripts/README.md @@ -4,12 +4,12 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tesst/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` +`ln -s ../../tests/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** diff --git a/test/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh similarity index 100% rename from test/git-scripts/pre-push.sh rename to tests/git-scripts/pre-push.sh From 853c46c8d3f621233e1a2f8d618ae1fbbba6ac60 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 058/130] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ library/x509_crl.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 40b4fae44..5c8f377c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/library/x509_crl.c b/library/x509_crl.c index 76c49f135..55d12acd0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -352,14 +352,14 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, return( ret ); } - crl->version++; - - if( crl->version > 2 ) + if( crl->version < 0 || crl->version > 1 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crl->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) From ae7b1c4aed5301cf17db0b1f382cccf07f7acddc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 10:57:34 +0000 Subject: [PATCH 059/130] Add CSR DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 08f332441..428be111f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1531,6 +1531,9 @@ X509 CSR ASN.1 (extra data after signature) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CSR ASN.1 (invalid version overflow) +mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 File parse (no issues) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 From 2a9fd0e5c766a93c2a862bc647b219d5230c74c4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 11:11:12 +0000 Subject: [PATCH 060/130] Add CRL DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 428be111f..2e84f7858 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1182,6 +1182,12 @@ X509 CRL ASN1 (TBSCertList, no entries) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 +X509 CRL ASN1 (invalid version 2) +x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 CRL ASN1 (invalid version overflow) +x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From eacc616a9cc6a40a28132bb3e7ae7267654e6656 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 15:29:07 +0000 Subject: [PATCH 061/130] Add CRT DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2e84f7858..dfa1f71e7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1118,6 +1118,12 @@ X509 Certificate ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 Certificate ASN1 (invalid version 3) +x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 Certificate ASN1 (invalid version overflow) +x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 487b7a9efc0bfad52816d2dd8dddfb3ff5790148 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 062/130] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5c8f377c1..8e9d174e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -212,6 +212,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509_crt.c b/library/x509_crt.c index a6dce95ba..2cab63c86 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -748,14 +748,14 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * return( ret ); } - crt->version++; - - if( crt->version > 3 ) + if( crt->version < 0 || crt->version > 2 ) { mbedtls_x509_crt_free( crt ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crt->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) From 642ea1f399ad9b3a2bd0358547ff4e966c66b908 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 17 Feb 2017 13:54:43 +0000 Subject: [PATCH 063/130] Prevent signed integer overflow in CSR parsing Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard. --- ChangeLog | 4 ++++ library/x509_csr.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8e9d174e9..42a74e126 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,10 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of diff --git a/library/x509_csr.c b/library/x509_csr.c index f92b66c58..26a06db4f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */ From ab0a8042f44b2ceb5b515da538334eed488c6518 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 26 Jul 2017 17:25:55 +0100 Subject: [PATCH 064/130] Fix merge errors in ChangeLog --- ChangeLog | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 42a74e126..e8d1da5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -46,10 +30,17 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER encoded X509 CSRs. The overflow would enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of @@ -216,9 +207,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From b6479192d835fad7e46605be62ff91673eeeafb0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 065/130] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- include/mbedtls/rsa.h | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdc..7d7469d50 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -329,9 +329,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -355,9 +361,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -383,9 +395,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From bfea4a7c02133df3bb5198373e735c53ced23917 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 066/130] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 7 ++++++- include/mbedtls/threading.h | 3 --- library/ecp.c | 20 -------------------- library/threading.c | 9 --------- 4 files changed, 6 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index 66883d4bb..da9ee0b1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.y.z released YYYY-MM-DD += mbed TLS 2.x.x released xxxx-xx-xx Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, @@ -18,6 +18,11 @@ API changes verification of the peer's certificate failed due to an overlong chain or a fatal error in the vrfy callback. +Changes + * Removed mutexes from ECP hardware accelerator code. Now all hardware + accelerator code in the library leaves concurrency handling to the + platform. Reported by Steven Cooreman. #863 + = mbed TLS 2.5.1 released 2017-06-21 Security diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a89fd6496..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,9 +97,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex; -#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/ecp.c b/library/ecp.c index 56f22c272..1cfd4b10f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1690,11 +1690,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return( ret ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1719,11 +1714,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ return( ret ); } @@ -1831,11 +1821,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1853,11 +1838,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); diff --git a/library/threading.c b/library/threading.c index 55091e8db..07586756f 100644 --- a/library/threading.c +++ b/library/threading.c @@ -113,9 +113,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_init( &mbedtls_threading_ecp_mutex ); -#endif } /* @@ -125,9 +122,6 @@ void mbedtls_threading_free_alt( void ) { mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_free( &mbedtls_threading_ecp_mutex ); -#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -139,8 +133,5 @@ void mbedtls_threading_free_alt( void ) #endif mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT; -#endif #endif /* MBEDTLS_THREADING_C */ From 28f320e60ecae5e91d5fece0a8fe89e83b2858ab Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 13:05:44 +0100 Subject: [PATCH 067/130] Enable MBEDTLS_AES_ROM_TABLES in config-no-entropy Enable the MBEDTLS_AES_ROM_TABLES option in the configs/config-no-entropy.h to place AES lookup tables in ROM. This saves considerable RAM space, a resource that is very limited in small devices that use this configuration. --- configs/config-no-entropy.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 95f17d456..73758602a 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -80,6 +80,9 @@ #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C +/* Miscellaneous options */ +#define MBEDTLS_AES_ROM_TABLES + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ From 92fcfe2933960bc367897f43b1dd8cbc54dc96ca Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 12:57:44 +0100 Subject: [PATCH 068/130] Add ChangeLog entry for config-no-entropy.h change --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index da9ee0b1d..c349a66e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 + * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file + config-no-entropy.h to reduce the RAM footprint. = mbed TLS 2.5.1 released 2017-06-21 From 2a47be50129fa330442698efc01e285dfb49639c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Jun 2017 15:23:23 +0300 Subject: [PATCH 069/130] Minor: Fix typos in program comments Fix a couple of typos and writer's mistakes, in some reference program applications --- programs/pkey/ecdh_curve25519.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index aa15c4687..e7ead9a93 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -204,7 +204,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Verification: are the computed secret equal? + * Verification: are the computed secrets equal? */ mbedtls_printf( " . Checking if both computed secrets are equal..." ); fflush( stdout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e6366cec..a25886824 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2168,7 +2168,7 @@ handshake: #if defined(MBEDTLS_X509_CRT_PARSE_C) /* - * 5. Verify the server certificate + * 5. Verify the client certificate */ mbedtls_printf( " . Verifying peer X.509 certificate..." ); From 5a21fd62bf2cfc34d2f33071e15212f0b20204bd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 070/130] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 ++- library/gcm.c | 6 ++- tests/suites/test_suite_gcm.aes128_de.data | 4 ++ tests/suites/test_suite_gcm.aes128_en.data | 4 ++ tests/suites/test_suite_gcm.aes192_de.data | 4 ++ tests/suites/test_suite_gcm.aes192_en.data | 4 ++ tests/suites/test_suite_gcm.aes256_de.data | 4 ++ tests/suites/test_suite_gcm.aes256_en.data | 4 ++ tests/suites/test_suite_gcm.function | 43 ++++++++++++++++++++++ 9 files changed, 76 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c349a66e8..9034b42c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/gcm.c b/library/gcm.c index f1210c52c..fccb092bd 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -277,8 +277,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t use_len, olen = 0; /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ - if( ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) + /* IV is not allowed to be zero length */ + if( iv_len == 0 || + ( (uint64_t) iv_len ) >> 61 != 0 || + ( (uint64_t) add_len ) >> 61 != 0 ) { return( MBEDTLS_ERR_GCM_BAD_INPUT ); } diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index 6eaa711b9..2a2e32f0d 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index d8bee9d56..9453ffa70 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data index 841c6fa36..9e7bad00f 100644 --- a/tests/suites/test_suite_gcm.aes192_de.data +++ b/tests/suites/test_suite_gcm.aes192_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data index 18e56e79c..5ea110186 100644 --- a/tests/suites/test_suite_gcm.aes192_en.data +++ b/tests/suites/test_suite_gcm.aes192_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data index 0fe848978..9696a62be 100644 --- a/tests/suites/test_suite_gcm.aes256_de.data +++ b/tests/suites/test_suite_gcm.aes256_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data index 23d1689cc..0ff716d5d 100644 --- a/tests/suites/test_suite_gcm.aes256_en.data +++ b/tests/suites/test_suite_gcm.aes256_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 56c7e1899..308e14bb4 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -7,6 +7,49 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void gcm_bad_parameters( int cipher_id, int direction, + char *hex_key_string, char *hex_src_string, + char *hex_iv_string, char *hex_add_string, + int tag_len_bits, int gcm_result ) +{ + unsigned char key_str[128]; + unsigned char src_str[128]; + unsigned char dst_str[257]; + unsigned char iv_str[128]; + unsigned char add_str[128]; + unsigned char tag_str[128]; + unsigned char output[128]; + unsigned char tag_output[16]; + mbedtls_gcm_context ctx; + unsigned int key_len; + size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; + + mbedtls_gcm_init( &ctx ); + + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( add_str, 0x00, sizeof( add_str ) ); + memset( tag_str, 0x00, sizeof( tag_str ) ); + memset( output, 0x00, sizeof( output ) ); + memset( tag_output, 0x00, sizeof( tag_output ) ); + + key_len = unhexify( key_str, hex_key_string ); + pt_len = unhexify( src_str, hex_src_string ); + iv_len = unhexify( iv_str, hex_iv_string ); + add_len = unhexify( add_str, hex_add_string ); + + TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len, + add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result ); + +exit: + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, char *hex_key_string, char *hex_src_string, From 8ab0595538c20096fe3f9102389b6541e3db7862 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 071/130] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ library/x509_crt.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9034b42c7..7a72030fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_crt.c b/library/x509_crt.c index 3b8614125..d7b857e58 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1171,13 +1171,13 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( dir == NULL ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) { closedir( dir ); return( ret ); } -#endif +#endif /* MBEDTLS_THREADING_C */ while( ( entry = readdir( dir ) ) != NULL ) { @@ -1210,10 +1210,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) cleanup: closedir( dir ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; -#endif +#endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ From 3e19df5c95aba62f59816110d479816bd0c4f492 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 072/130] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7a72030fa..c81c259e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_crt.c b/library/x509_crt.c index d7b857e58..5ec855192 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1146,7 +1146,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + { + ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } w_ret = mbedtls_x509_crt_parse_file( chain, filename ); if( w_ret < 0 ) @@ -1159,6 +1162,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( GetLastError() != ERROR_NO_MORE_FILES ) ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; +cleanup: FindClose( hFind ); #else /* _WIN32 */ int t_ret; From 7269fee0b6403793f62ffa030ceceb49aca79227 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 073/130] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ library/dhm.c | 6 +++--- library/ecp.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c81c259e3..96f4b31f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/dhm.c b/library/dhm.c index a4715d170..bec52a11d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -165,7 +165,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -251,7 +251,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -324,7 +324,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, count = 0; do { - mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); diff --git a/library/ecp.c b/library/ecp.c index 1cfd4b10f..5ad686398 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1128,7 +1128,7 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); @@ -1527,7 +1527,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); From d300a5734afff24be846412bbb9347c19c3db4ed Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Jun 2017 14:31:29 +0100 Subject: [PATCH 074/130] Undo API change The previous commit b3e6872c9381ed4ce020d631dda1e0126c42b64f changed to public functions from ssl_ciphersuite.h to static inline. This commit reverts this change. --- include/mbedtls/ssl_ciphersuites.h | 36 ++---------------------------- library/ssl_ciphersuites.c | 36 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 931c1b3c3..9101d9cc7 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -359,23 +359,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciph mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -static inline int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) @@ -429,23 +414,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) { switch( info->key_exchange ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index c1a92d67d..95e6163cc 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1834,6 +1834,42 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers return( MBEDTLS_PK_NONE ); } } + #endif /* MBEDTLS_PK_C */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_PSK: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ From 639ce56b6a270d9d376430d365b75b29e8f4de50 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 11:25:37 +0100 Subject: [PATCH 075/130] Undo API change from SHA1 deprecation The previous commit bd5ceee484f201b90a384636ba12de86bd330cba removed the definition of the global constants - mbedtls_test_ca_crt_rsa_len, - mbedtls_test_cli_crt_rsa_len, - mbedtls_test_ca_crt_rsa, and - mbedtls_test_cli_crt_rsa. This commit restores these to maintain ABI compatibility. Further, it was noticed that without SHA256_C being enabled the previous code failed to compile because because the SHA1 resp. SHA256 certificates were only defined when the respective SHAXXX_C options were set, but the emission of the global variable mbedtls_test_ca_crt was unconditionally defined through the SHA256 certificate. Previously, the RSA SHA1 certificate was unconditionally defined and used for that. As a remedy, this commit makes sure some RSA certificate is defined and exported through the following rule: 1. If SHA256_C is active, define an RSA SHA256 certificate and export it as mbedtls_test_ca_crt. Also, define SHA1 certificates only if SHA1_C is set. 2. If SHA256_C is not set, always define SHA1 certificate and export it as mbedtls_test_ca_crt. --- library/certs.c | 75 +++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/library/certs.c b/library/certs.c index 5c0199891..f1379b8cb 100644 --- a/library/certs.c +++ b/library/certs.c @@ -116,31 +116,6 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec ); #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA1_C) -#define TEST_CA_CRT_RSA_SHA1 \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ -"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ -"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ -"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ -"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ -"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ -"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ -"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ -"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ -"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ -"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ -"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ -"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ -"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ -"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ -"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ -"-----END CERTIFICATE-----\r\n" -static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -#endif #if defined(MBEDTLS_SHA256_C) #define TEST_CA_CRT_RSA_SHA256 \ @@ -165,7 +140,46 @@ static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; "ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \ "n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \ "-----END CERTIFICATE-----\r\n" + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#define TEST_CA_CRT_RSA_SOME + static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; + +#endif + +#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C) +#define TEST_CA_CRT_RSA_SHA1 \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ +"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ +"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ +"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ +"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ +"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ +"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ +"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ +"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ +"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ +"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ +"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ +"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ +"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ +"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ +"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ +"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ +"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +#if !defined (TEST_CA_CRT_RSA_SOME) +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#endif + +static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; + #endif const char mbedtls_test_ca_key_rsa[] = @@ -257,7 +271,7 @@ const char mbedtls_test_srv_key_rsa[] = "-----END RSA PRIVATE KEY-----\r\n"; const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); -static const char mbedtls_test_cli_crt_rsa_sha256[] = +const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" @@ -279,6 +293,7 @@ static const char mbedtls_test_cli_crt_rsa_sha256[] = "ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n" "c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n" "-----END CERTIFICATE-----\r\n"; +const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); const char mbedtls_test_cli_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" @@ -354,19 +369,19 @@ const size_t mbedtls_test_cas_len[] = { }; #if defined(MBEDTLS_RSA_C) -const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256; +const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */ const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa; const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa; const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa; const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa; -const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256; +const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa; const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa; -const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa ); const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa ); const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1; const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa ); const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa ); -const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 ); +const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa ); const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa ); #else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */ const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec; From 6d84ae7e5786398b2d88c38b7b1c0d3f9e55c8bd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:19 +0100 Subject: [PATCH 076/130] Clarify documentation for alternative AES implementations The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been superseded by mbedtls_aes_internal_decrypt and mbedtls_aes_internal_encrypt, respectively. Alternative implementations should now only replace the latter, and leave the maintenance wrapper definitions of the former untouched. This commit clarifies this in the documentation of the respective configuration options MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 12 +++++++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc81..6044a51aa 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,9 +287,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) + * \brief Old AES block encryption function without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -306,9 +304,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( } /** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) + * \brief Old AES block decryption function without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..2a2209a35 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -273,9 +273,15 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * have to stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. * * Uncomment a macro to enable alternate implementation of the corresponding * function. From bedc2050b64af4915bf53ed9508bbf18781ad4fc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:56 +0100 Subject: [PATCH 077/130] Export mbedtls_aes_(en/de)crypt to retain for API compatibility The commit f5bf7189d303e602992c750c09e429e23c7b2abf made the AES functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing the library's API. This commit reverts this. --- include/mbedtls/aes.h | 20 ++++++-------------- library/aes.c | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 6044a51aa..4a546acc9 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -295,13 +295,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); /** * \brief Old AES block decryption function without return value. @@ -312,13 +308,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( * \param input Ciphertext block * \param output Output (plaintext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b..58603849c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,6 +765,13 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_encrypt( ctx, input, output ); +} + /* * AES-ECB block decryption */ @@ -824,6 +831,13 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_decrypt( ctx, input, output ); +} + /* * AES-ECB block encryption/decryption */ From ca1cdb2bf3cb89f1ab65bd339ff40bb634601b3e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Jul 2017 09:50:59 +0100 Subject: [PATCH 078/130] Make minor changes to documentation --- include/mbedtls/aes.h | 6 ++++-- include/mbedtls/config.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4a546acc9..1829f7240 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,7 +287,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Old AES block encryption function without return value. + * \brief Deprecated internal AES block encryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -300,7 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ); /** - * \brief Old AES block decryption function without return value. + * \brief Deprecated internal AES block decryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a2209a35..b10d87375 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -277,7 +277,7 @@ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * have to stay untouched. + * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES From 51e8c3ed7eaec62cdade23ba4017422463f91345 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 20 Jul 2017 12:33:41 +0200 Subject: [PATCH 079/130] Update Changelog for API/ABI fixes to revert interface --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 96f4b31f0..e7b596fab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the + API consistent with mbed TLS 2.5.0. Specifically removed the inline + qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 From 2a6f39cb63486ba174d8d781661e64a7c97f6b25 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:03:23 +0100 Subject: [PATCH 080/130] Add library setup and teardown APIs Add the following two functions to allow platform setup and teardown operations for the full library to be hooked in: * mbedtls_platform_setup() * mbedtls_platform_teardown() An mbedtls_platform_context C structure is also added and two internal functions that are called by the corresponding setup and teardown functions above: * mbedtls_internal_platform_setup() * mbedtls_internal_plartform_teardown() Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow mbedtls_platform_context and internal function to be overriden by the user as needed for a platform. --- include/mbedtls/config.h | 1 + include/mbedtls/platform.h | 45 ++++++++++++++++++++++++++++++++++++++ library/platform.c | 30 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b10d87375..ffeeb34af 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,6 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_SETUP_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index b1b019e55..a9ff7e421 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,6 +288,51 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +typedef struct mbedtls_platform_context mbedtls_platform_context; +#else +#include "platform_alt.h" +#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ + +/** + * \brief Perform any platform initialisation operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be called before any other library function + */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Perform any platform teardown operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be after every other mbed TLS module has been + * correctly freed using the appropriate free function. + */ +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); + +/** + * \brief Internal function to perform any platform initialisation operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + * + * \return 0 if successful + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Internal function to perform any platform teardown operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 8b336c38e..2ac67cbe9 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,4 +304,34 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) +{ + return( mbedtls_internal_platform_setup( ctx ) ); +} + +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) +{ + mbedtls_internal_platform_teardown( ctx ); +} + +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +/* + * Placeholder internal platform setup that does nothing by default + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +{ + (void)ctx; + + return( 0 ); +} + +/* + * Placeholder internal platform teardown that does nothing by default + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +{ + (void)ctx; +} +#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ + #endif /* MBEDTLS_PLATFORM_C */ From 63e672b09d4a6275ab21871ddb42615c1e6aa7bc Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:19:13 +0100 Subject: [PATCH 081/130] Add ChangeLog entry for platform setup and teardown --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index e7b596fab..18273fb82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() + to perform platform-specific setup and teardown operations. Furthermore, + the internal functions mbedtls_internal_platform_setup() and + mbedtls_internal_platform_teardown() to allow platform-specific hooks to + be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT + allows the internal functions to be overridden. This new APIs are + specially useful in some embedded environments that have hardware + acceleration support. + API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline From 3c8a39d28a8b40c2de93c68d5af0cd1d01282d39 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:25:17 +0100 Subject: [PATCH 082/130] Remove internal functions from setup API --- include/mbedtls/platform.h | 21 ++++----------------- library/platform.c | 18 ++++-------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a9ff7e421..29b80cd3e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,6 +289,10 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +struct mbedtls_platform_context { + char dummy; /**< Placeholder member as empty structs are not portable */ +}; + typedef struct mbedtls_platform_context mbedtls_platform_context; #else #include "platform_alt.h" @@ -316,23 +320,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform initialisation operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - * - * \return 0 if successful - */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform teardown operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 2ac67cbe9..f739f2f0f 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,21 +304,11 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) -{ - return( mbedtls_internal_platform_setup( ctx ) ); -} - -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) -{ - mbedtls_internal_platform_teardown( ctx ); -} - #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) /* - * Placeholder internal platform setup that does nothing by default + * Placeholder platform setup that does nothing by default */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) { (void)ctx; @@ -326,9 +316,9 @@ int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) } /* - * Placeholder internal platform teardown that does nothing by default + * Placeholder platform teardown that does nothing by default */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } From 052ac860aea8e94c0c25f711f09bb785def04943 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:27:05 +0100 Subject: [PATCH 083/130] Modify ChangeLog according to API changes --- ChangeLog | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 18273fb82..5b8f5e887 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,11 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - to perform platform-specific setup and teardown operations. Furthermore, - the internal functions mbedtls_internal_platform_setup() and - mbedtls_internal_platform_teardown() to allow platform-specific hooks to - be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT - allows the internal functions to be overridden. This new APIs are - specially useful in some embedded environments that have hardware - acceleration support. + and the context struct mbedtls_platform_context to perform + platform-specific setup and teardown operations. The macro + MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the + user in a platform_alt.h file. This new APIs are specially useful in some + embedded environments that have hardware acceleration support. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the From 64b02cd947f68f62e9d9c0b9d844f652fa11a2a7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:32:40 +0100 Subject: [PATCH 084/130] Improve documentation for mbedtls_platform_context --- include/mbedtls/platform.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 29b80cd3e..88a0bdf33 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,11 +289,18 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) -struct mbedtls_platform_context { - char dummy; /**< Placeholder member as empty structs are not portable */ -}; -typedef struct mbedtls_platform_context mbedtls_platform_context; +/** + * \brief Platform context structure + * + * \note This structure may be used to assist platform-specific + * setup/teardown operations. + */ +typedef struct { + char dummy; /**< Placeholder member as empty structs are not portable */ +} +mbedtls_platform_context; + #else #include "platform_alt.h" #endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ From d91f99f868a98657ba04773a75b598c99f861863 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:23:04 +0100 Subject: [PATCH 085/130] Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive as this macro enables/disables both functions. --- include/mbedtls/config.h | 2 +- include/mbedtls/platform.h | 4 ++-- library/platform.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ffeeb34af..de9993848 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,7 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 88a0bdf33..712bbe937 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,7 +288,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /** * \brief Platform context structure @@ -303,7 +303,7 @@ mbedtls_platform_context; #else #include "platform_alt.h" -#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** * \brief Perform any platform initialisation operations diff --git a/library/platform.c b/library/platform.c index f739f2f0f..af3b2f15e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,7 +304,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /* * Placeholder platform setup that does nothing by default */ @@ -322,6 +322,6 @@ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } -#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #endif /* MBEDTLS_PLATFORM_C */ From 586d3773ecdfaf343d4e792a393b76b618f1692f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:24:26 +0100 Subject: [PATCH 086/130] Fix typo in ChangeLog and update macro name --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b8f5e887..ed00182bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,8 @@ Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the - user in a platform_alt.h file. This new APIs are specially useful in some + MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden + by the user in a platform_alt.h file. This new APIs are required in some embedded environments that have hardware acceleration support. API Changes From 3240c55b306ffb07574ab331b345fc015a0b151a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 087/130] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ed00182bc..d8d02c263 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e56d1ec60a55cb2a3a50935cffcad067be108d9e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 088/130] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d8d02c263..75cd44bd7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From d551c24ddb3e84eb546adff1794238611891246d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 089/130] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 75cd44bd7..4937cbb84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 5274f274f0e09e6ca6eac08514447d4727dc8e9a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 090/130] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4937cbb84..963def14c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 528c62127127c4909448489fc1888d0e66b74357 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 091/130] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 963def14c..f157caf84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 9a6748cff17fbf6e961a91de6db6f6bc26b79af5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 01:48:17 +0200 Subject: [PATCH 092/130] Correct order of sections in the ChangeLog --- ChangeLog | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f157caf84..ed00182bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,18 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From d3be27a92ac201a92bb502847cbdfa8023dfde18 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 02:08:00 +0200 Subject: [PATCH 093/130] Add additional comments to platform setup/teardown functions --- include/mbedtls/platform.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 712bbe937..25b5d2129 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -312,7 +312,13 @@ mbedtls_platform_context; * * \return 0 if successful * - * \note This function should be called before any other library function + * \note This function is intended to allow platform specific initialisation, + * and should be called before any other library functions. Its + * implementation is platform specific, and by default, unless platform + * specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** @@ -322,8 +328,13 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \return 0 if successful * - * \note This function should be after every other mbed TLS module has been - * correctly freed using the appropriate free function. + * \note This function should be called after every other mbed TLS module has + * been correctly freed using the appropriate free function. + * Its implementation is platform specific, and by default, unless + * platform specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From a95d630197bd4356dac33ad6d8f7f170e318a00c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 23:48:55 +0100 Subject: [PATCH 094/130] Fix platform setup/teardown feature and comments Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it as a feature in 'version_features.c'. --- include/mbedtls/platform.h | 2 -- library/version_features.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 25b5d2129..35010f885 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -326,8 +326,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \param ctx mbed TLS context * - * \return 0 if successful - * * \note This function should be called after every other mbed TLS module has * been correctly freed using the appropriate free function. * Its implementation is platform specific, and by default, unless diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..bb172f298 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -69,6 +69,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) "MBEDTLS_PLATFORM_NV_SEED_ALT", #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ From aa27dfeecca2fbd722aa3b47a7ccab75571155de Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:05:55 +0100 Subject: [PATCH 095/130] Enable 64-bit compilation with ARM Compiler 6 This patch fixes the conditional preprocessor directives in include/mbedtls/bignum.h to enable 64-bit compilation with ARM Compiler 6. --- ChangeLog | 2 ++ include/mbedtls/bignum.h | 68 ++++++++++++++++++++++++---------------- 2 files changed, 43 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed00182bc..6f902fadb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix conditional preprocessor directives in bignum.h to enable 64-bit + compilation when using ARM Compiler 6. Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 1a5b4b675..ac89069dc 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -106,33 +106,47 @@ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM */ -#if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(_MSC_VER) && defined(_M_AMD64) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; -#else - #if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - (defined(__sparc__) && defined(__arch64__)) || \ - defined(__s390x__) || defined(__mips64) ) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #else - #define MBEDTLS_HAVE_INT32 - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */ -#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */ +#if !defined(MBEDTLS_HAVE_INT32) + #if defined(_MSC_VER) && defined(_M_AMD64) + /* Always choose 64-bit when using MSC */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #elif defined(__GNUC__) && ( \ + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + ( defined(__sparc__) && defined(__arch64__) ) || \ + defined(__s390x__) || defined(__mips64) ) + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #elif defined(__ARMCC_VERSION) && defined(__aarch64__) + /* __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif +#endif /* !MBEDTLS_HAVE_INT32 */ + +#if !defined(MBEDTLS_HAVE_INT64) + /* Default to 32-bit compilation */ + #if !defined(MBEDTLS_HAVE_INT32) + #define MBEDTLS_HAVE_INT32 + #endif /* !MBEDTLS_HAVE_INT32 */ + typedef int32_t mbedtls_mpi_sint; + typedef uint32_t mbedtls_mpi_uint; + typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus extern "C" { From 5e873fb464b62b697624b46ebba7fab24aa7c306 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:35:51 +0100 Subject: [PATCH 096/130] Add all.sh test to force 32-bit compilation --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2c..743735e39 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -438,6 +438,17 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + +msg "build: gcc, force 32-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + +msg "test: gcc, force 32-bit compilation" +make test fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From d7fce008c5e196bc6f883d24f66a97190df76f23 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 11:49:32 +0100 Subject: [PATCH 097/130] Allow forcing 64-bit integer type Allow forcing 64-bit integer type for bignum operations. Also introduce the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length integer in unknown compilers. --- include/mbedtls/bignum.h | 61 ++++++++++++++++++++++++++-------- include/mbedtls/check_config.h | 10 ++++++ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ac89069dc..3b76c1cac 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -103,13 +103,28 @@ /* * Define the base integer type, architecture-wise. * - * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) - * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM + * 32 or 64-bit integer types can be forced regardless of the underlying + * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 + * respectively and undefining MBEDTLS_HAVE_ASM. + * + * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * disabled by defining MBEDTLS_NO_UDBL_DIVISION. + * + * The double length integer types can be configured by defining + * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the + * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL + * must be a complete statement of the form: + * typedef mbedtls_t_udbl + * for example: + * #define MBEDTLS_TYPE_UDBL \ + * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) /* Always choose 64-bit when using MSC */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; #elif defined(__GNUC__) && ( \ @@ -118,22 +133,39 @@ defined(__ia64__) || defined(__alpha__) || \ ( defined(__sparc__) && defined(__arch64__) ) || \ defined(__s390x__) || defined(__mips64) ) - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* __ARMCC_VERSION is defined for both armcc and armclang and + /* + * __ARMCC_VERSION is defined for both armcc and armclang and * __aarch64__ is only defined by armclang when compiling 64-bit code */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ + #elif defined(MBEDTLS_HAVE_INT64) + /* Force 64-bit integers with unknown compiler */ + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) + MBEDTLS_TYPE_UDBL; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -144,8 +176,9 @@ #endif /* !MBEDTLS_HAVE_INT32 */ typedef int32_t mbedtls_mpi_sint; typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + typedef uint64_t mbedtls_t_udbl; + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index dab1113d8..7261e7da9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -650,6 +650,16 @@ #error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) +#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" +#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ + +#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ + defined(MBEDTLS_HAVE_ASM +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" + "defined simultaneously" +#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From b1a977f5a7629aba1f4e55581b681f92a660d242 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Jun 2017 15:19:20 +0200 Subject: [PATCH 098/130] MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION Changed the option to disable the use of 64-bit division, to an option to disable the use of double-width division, whether that's 64 or 128-bit. --- ChangeLog | 7 +++++++ include/mbedtls/config.h | 25 +++++++++++++++++++++++++ tests/scripts/all.sh | 7 +++++++ 3 files changed, 39 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6f902fadb..96c83e097 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. +Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. + * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the + double-width integer type used in the bignum module when the compiler is + unknown. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index de9993848..a921f4787 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -55,6 +55,31 @@ */ #define MBEDTLS_HAVE_ASM +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. + */ +//#define MBEDTLS_NO_UDBL_DIVISION + /** * \def MBEDTLS_HAVE_SSE2 * diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 743735e39..630ddfb36 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -468,6 +468,13 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s +cleanup +scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +echo "Checking that software 64-bit division is not required" +! grep __aeabi_uldiv library/*.o + msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 683ac27b0f6e12855b3e0133a3037c65c47abdef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2017 18:01:54 +0200 Subject: [PATCH 099/130] Checked names --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index bb172f298..5cbe8aca3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -36,6 +36,9 @@ static const char *features[] = { #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_NO_UDBL_DIVISION) + "MBEDTLS_NO_UDBL_DIVISION", +#endif /* MBEDTLS_NO_UDBL_DIVISION */ #if defined(MBEDTLS_HAVE_SSE2) "MBEDTLS_HAVE_SSE2", #endif /* MBEDTLS_HAVE_SSE2 */ From 93db11a395062a02099f53aec7ec1945a2046fe8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 12:11:19 +0100 Subject: [PATCH 100/130] Fix typo in check_config.h --- include/mbedtls/bignum.h | 4 ++-- include/mbedtls/check_config.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3b76c1cac..c8d94c920 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -107,10 +107,10 @@ * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 * respectively and undefining MBEDTLS_HAVE_ASM. * - * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. * - * The double length integer types can be configured by defining + * The double-width integer types can be configured by defining * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL * must be a complete statement of the form: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7261e7da9..e846b429a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -654,8 +654,8 @@ #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ -#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ - defined(MBEDTLS_HAVE_ASM +#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ + defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" "defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ From b39467dda7e40a6336eb66bf6a246589c945036b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:15 +0100 Subject: [PATCH 101/130] Fix check_config.h #error directive --- include/mbedtls/check_config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e846b429a..fa72454e5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -656,8 +656,7 @@ #if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" - "defined simultaneously" +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ /* From 9946783218070a9f9d7aa60735857fe4089800ca Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:34 +0100 Subject: [PATCH 102/130] Add tests for 64 and 32-bit int types compilation --- tests/scripts/all.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 630ddfb36..7466b5403 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,10 +447,31 @@ scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "test: gcc, force 32-bit compilation" +msg "build: gcc, force 64-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + +msg "test: gcc, force 64-bit compilation" make test + +msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make fi # x86_64 +msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 465db7eba1b8d49726303337600eaf3729f8b074 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:27:35 +0100 Subject: [PATCH 103/130] Fix no 64-bit division test in all.sh --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7466b5403..1f5bad44b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -491,6 +491,18 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +scripts/config.pl full +scripts/config.pl unset MBEDTLS_NET_C +scripts/config.pl unset MBEDTLS_TIMING_C +scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY +# following things are not in the default config +scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c +scripts/config.pl unset MBEDTLS_THREADING_PTHREAD +scripts/config.pl unset MBEDTLS_THREADING_C +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib echo "Checking that software 64-bit division is not required" From df1486afe4964ec012babfb3a5665124896464f5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 17:33:09 +0100 Subject: [PATCH 104/130] Remove MBEDTLS_TYPE_UDBL option --- ChangeLog | 3 --- include/mbedtls/bignum.h | 14 +------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 96c83e097..e654c1ff0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,9 +19,6 @@ API Changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. - * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the - double-width integer type used in the bignum module when the compiler is - unknown. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index c8d94c920..456a80420 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -109,15 +109,6 @@ * * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. - * - * The double-width integer types can be configured by defining - * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the - * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL - * must be a complete statement of the form: - * typedef mbedtls_t_udbl - * for example: - * #define MBEDTLS_TYPE_UDBL \ - * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) @@ -162,10 +153,6 @@ /* Force 64-bit integers with unknown compiler */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) - MBEDTLS_TYPE_UDBL; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -178,6 +165,7 @@ typedef uint32_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ From f755bb3adff97bc16b3d0b20ac7eb589bc7bbb12 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:50:25 +0100 Subject: [PATCH 105/130] Remove MBEDTLS_TYPE_UDBL tests from all.sh --- tests/scripts/all.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f5bad44b..65dc47175 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -458,20 +458,15 @@ CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make msg "test: gcc, force 64-bit compilation" make test -msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +msg "build: gcc, force 64-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 -msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make - msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From c630ce6b4c27d2a37682f52d11053f77ee31fdf5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:56:22 +0100 Subject: [PATCH 106/130] Improve MBEDTLS_NO_UDBL_DIVISION description --- include/mbedtls/config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a921f4787..47c719640 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -76,7 +76,10 @@ * * Note that division for the native integer type is always required. * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. */ //#define MBEDTLS_NO_UDBL_DIVISION From 325294013f7b4a725394b4922c56f7d23ac40a79 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 107/130] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e654c1ff0..741d1f4db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() @@ -16,10 +16,6 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. - Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 @@ -51,6 +47,8 @@ API changes a fatal error in the vrfy callback. Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From e13b224d17992f85469a7ee92586864091fd7537 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 108/130] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 741d1f4db..4f7a00500 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 5843db932d7d0162f341732214edfd84abef84c0 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 109/130] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4f7a00500..148f4e730 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From b2d6e591f92d7cd9d9668a502d4667e505ab34f9 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 110/130] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 148f4e730..5a83ec705 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 80697a0c11b361946c563c13d3cc8be14ebd69fe Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 111/130] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5a83ec705..422d137de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 256da0f0d8f654d2a0629320e0365ad48018373d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 22 Jul 2017 11:49:55 +0200 Subject: [PATCH 112/130] Added missing credit to Changelog and format fixes --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 422d137de..d3d1e0bf2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 + Found by James Cowgill. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -60,7 +61,7 @@ API changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. + 64-bit division. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 2c4d558873a3ae8d75868b70871331dfb9f92b3d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 23 Jul 2017 13:42:36 +0200 Subject: [PATCH 113/130] Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them. --- tests/scripts/all.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65dc47175..d9c5bbfa4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -486,6 +486,7 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -526,11 +527,20 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean +# ARM Compiler 6 - Target ARMv7-A armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + +# ARM Compiler 6 - Target ARMv7-M armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + +# ARM Compiler 6 - Target ARMv8-A - AArch32 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + +# ARM Compiler 6 - Target ARMv8-M armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -armc6_build_test "--target=aarch64-arm-none-eabi" + +# ARM Compiler 6 - Target ARMv8-A - AArch64 +armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" msg "build: allow SHA1 in certificates by default" cleanup From 4b53513db5d818532561546e7ba2d5b76b88cd93 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 21 Jun 2017 14:57:25 +0300 Subject: [PATCH 114/130] github templates Add templates for github, for templates to be used in new issues and new PRs --- .github/issue_template.md | 40 ++++++++++++++++++++++++++++++++ .github/pull_request_template.md | 39 +++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 .github/issue_template.md create mode 100644 .github/pull_request_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md new file mode 100644 index 000000000..3398f49e6 --- /dev/null +++ b/.github/issue_template.md @@ -0,0 +1,40 @@ +Note: This is just a template, so feel free to use/remove the unnecessary things + +### Description +- Type: Bug | Enhancement\Feature Request | Question +- Priority: Blocker | Major | Minor + +--------------------------------------------------------------- +## Bug + +**OS** +linux|windows|?? + +**mbed TLS build:** +Version: x.x.x or git commit id +Configuration: please attach config.h file +Compiler and options (if you used a pre-built binary, please indicate how you obtained it): +Additional environment information: + +**peer device TLS stack and version** +openSSL | GnuTls | other +version: + +**Expected behavior** + +**Actual behavior** + +**Steps to reproduce** + +---------------------------------------------------------------- +## Enhancement\Feature Request + +**Incentive for change** + +**Suggested enhancement** + +----------------------------------------------------------------- + +## Question + +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..dac8bde2a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,39 @@ +Notes: +* Pull requests will not be accepted until: +- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) + or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) +- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) +* This is just a template, so feel free to use/remove the unnecessary things +## Description +A few sentences describing the overall goals of the pull request's commits. + + +## Status +**READY/IN DEVELOPMENT/HOLD** + +## Requires Backporting +When there is a bug fix, it should be backported to legacy supported branches. +legacy supported branches will not be backported if: +- This PR is a new feature\enhancement +- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch + +Yes | NO +What branch? + +## Migrations +If there is any API change, what's the incentive and logic for it. + +YES | NO + +## Additional comments +Any additional information that could be of interest + +## Todos +- [ ] Tests +- [ ] Documentation +- [ ] Changelog updated +- [ ] Backported + + +## Steps to test or reproduce +Outline the steps to test or reproduce the PR here. \ No newline at end of file From 05b9498d9424c9a8baeaf5902de3e871982f2bbc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 13:28:48 +0300 Subject: [PATCH 115/130] Update after Simon's comment Update the comment with Simon's comments --- .github/issue_template.md | 11 ++++++----- .github/pull_request_template.md | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 3398f49e6..772d98b33 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,16 +8,17 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -linux|windows|?? +mbed-OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id -Configuration: please attach config.h file +OS version: x.x.x +Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: **peer device TLS stack and version** -openSSL | GnuTls | other +openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other version: **Expected behavior** @@ -29,7 +30,7 @@ version: ---------------------------------------------------------------- ## Enhancement\Feature Request -**Incentive for change** +**Justification - why does the library need this feature?** **Suggested enhancement** @@ -37,4 +38,4 @@ version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index dac8bde2a..fa0c7e964 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ Notes: -* Pull requests will not be accepted until: +* Pull requests cannot be accepted until: - The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) - or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) + or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) - The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) * This is just a template, so feel free to use/remove the unnecessary things ## Description @@ -18,7 +18,7 @@ legacy supported branches will not be backported if: - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch Yes | NO -What branch? +Which branch? ## Migrations If there is any API change, what's the incentive and logic for it. @@ -36,4 +36,4 @@ Any additional information that could be of interest ## Steps to test or reproduce -Outline the steps to test or reproduce the PR here. \ No newline at end of file +Outline the steps to test or reproduce the PR here. From 6f262c4e3e9281c4bae9d4ee1cfe79a8fe241225 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 24 Jul 2017 14:19:02 +0200 Subject: [PATCH 116/130] Minor typo fixes in the github template files --- .github/issue_template.md | 6 +++--- .github/pull_request_template.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 772d98b33..33f68fba1 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -17,9 +17,9 @@ Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: -**peer device TLS stack and version** -openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other -version: +**Peer device TLS stack and version** +OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other +Version: **Expected behavior** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fa0c7e964..485b54195 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -12,8 +12,8 @@ A few sentences describing the overall goals of the pull request's commits. **READY/IN DEVELOPMENT/HOLD** ## Requires Backporting -When there is a bug fix, it should be backported to legacy supported branches. -legacy supported branches will not be backported if: +When there is a bug fix, it should be backported to all maintained and supported branches. +Changes do not have to be backported if: - This PR is a new feature\enhancement - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch From bf007d297d9dd1e539805830b5888697ed2a38c6 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 117/130] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 +++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++ tests/scripts/check-names.sh | 2 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 000000000..d0ed4a38f --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 000000000..6b2da10ed --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 191594ce0..4c66440e2 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -12,7 +12,7 @@ set -eu if grep --version|head -n1|grep GNU >/dev/null; then :; else - echo "This script requires GNU grep." + echo "This script requires GNU grep.">&2 exit 1 fi From 3f9cc28f020e5cf0c6ecd7794802a53aa235b9e6 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 118/130] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f..f78df991d 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 50bdf74b5c53bd40e64a26597a96044a4663043d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 119/130] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d..400d63ee5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From d731eb8f55cb372ea1f905750b86a14034a45c28 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 120/130] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee5..6bd9110c5 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed..ee54a6cff 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From d922c78aa4d3d60643b1aad464fe6a77c3498b2b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 121/130] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- {test => tests}/git-scripts/README.md | 4 ++-- {test => tests}/git-scripts/pre-push.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename {test => tests}/git-scripts/README.md (67%) rename {test => tests}/git-scripts/pre-push.sh (100%) diff --git a/test/git-scripts/README.md b/tests/git-scripts/README.md similarity index 67% rename from test/git-scripts/README.md rename to tests/git-scripts/README.md index 6bd9110c5..29d7501b3 100644 --- a/test/git-scripts/README.md +++ b/tests/git-scripts/README.md @@ -4,12 +4,12 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tesst/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` +`ln -s ../../tests/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** diff --git a/test/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh similarity index 100% rename from test/git-scripts/pre-push.sh rename to tests/git-scripts/pre-push.sh From 4f753c1186b52b8b5b06f47d789f632b454175a5 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 122/130] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ library/x509_crl.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3d1e0bf2..58ee285a5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/library/x509_crl.c b/library/x509_crl.c index 76c49f135..55d12acd0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -352,14 +352,14 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, return( ret ); } - crl->version++; - - if( crl->version > 2 ) + if( crl->version < 0 || crl->version > 1 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crl->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) From 6fb6d79a370c6959219e83559195c19084f7efcd Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 10:57:34 +0000 Subject: [PATCH 123/130] Add CSR DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ea56f3fbc..daa92e9ee 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1543,6 +1543,9 @@ X509 CSR ASN.1 (extra data after signature) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CSR ASN.1 (invalid version overflow) +mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 File parse (no issues) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 From c124061681b7968d8cf7f67d4c6912bfc1e8efa0 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 11:11:12 +0000 Subject: [PATCH 124/130] Add CRL DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index daa92e9ee..3437a2a22 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1182,6 +1182,12 @@ X509 CRL ASN1 (TBSCertList, no entries) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 +X509 CRL ASN1 (invalid version 2) +x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 CRL ASN1 (invalid version overflow) +x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From 7d6ec7bacc9f03d671af9155f484296f675470f8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 15:29:07 +0000 Subject: [PATCH 125/130] Add CRT DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 3437a2a22..b8c902e23 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1118,6 +1118,12 @@ X509 Certificate ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 Certificate ASN1 (invalid version 3) +x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 Certificate ASN1 (invalid version overflow) +x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 80164741e181a87ae18fa91a07f7201931b4d097 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 126/130] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 58ee285a5..567e98883 100644 --- a/ChangeLog +++ b/ChangeLog @@ -228,6 +228,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509_crt.c b/library/x509_crt.c index 5ec855192..c6209fb40 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -748,14 +748,14 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * return( ret ); } - crt->version++; - - if( crt->version > 3 ) + if( crt->version < 0 || crt->version > 2 ) { mbedtls_x509_crt_free( crt ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crt->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) From 2e3ddfac5fedaf9f05b086c3e0a8ae69ea432e42 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 17 Feb 2017 13:54:43 +0000 Subject: [PATCH 127/130] Prevent signed integer overflow in CSR parsing Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard. --- ChangeLog | 4 ++++ library/x509_csr.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 567e98883..eea691958 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,10 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_csr.c b/library/x509_csr.c index f92b66c58..26a06db4f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */ From 00d3cc61a6f5a7a6451344f48146009f09fadd0f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 26 Jul 2017 17:25:55 +0100 Subject: [PATCH 128/130] Fix merge errors in ChangeLog --- ChangeLog | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index eea691958..55595640e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -46,10 +30,17 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER encoded X509 CSRs. The overflow would enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, @@ -232,9 +223,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From 06b786372ccb5e78cc72ac3640e24fc3e9a44c06 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 01:00:17 +0100 Subject: [PATCH 129/130] Change a ssl-opt.sh script sanity checks Change the check in ssl-opt.sh for MBEDTLS_X509_MAX_INTERMEDIATE_CA to check config.h instead of the x509 headers. --- tests/ssl-opt.sh | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b4d36a94c..d7e0b8c01 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,18 +2106,24 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -MAX_IM_CA=8 -MAX_IM_CA_REGEX="#define[[:blank:]]\+MBEDTLS_X509_MAX_INTERMEDIATE_CA" -MAX_IM_CA_REGEX="${MAX_IM_CA_REGEX}[[:blank:]]\+${MAX_IM_CA}[[:blank:]]*$" +: ${MAX_IM_CA:='20'} +MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) -if grep "${MAX_IM_CA_REGEX}" ../include/mbedtls/x509.h > /dev/null; -then :; -else - echo "$(echo 'The tests for long intermediate chains assume the value' \ - ${MAX_IM_CA} 'for MBEDTLS_X509_MAX_INTERMEDIATE_CA.' \ - 'To test other values, please manually adapt the max_int' \ - 'tests in ssl-opt.sh.')" - return +if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then + printf "The ${CONFIG_H} file contains a value for the configuration of\n" + printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is greater than the script’s\n" + printf "test value of ${MAX_IM_CA}. \n" + printf "\n" + printf "By default, this value cannot be higher as there are insufficient\n" + printf "test certificate files available to test with.\n" + printf "\n" + printf "To generate additional test certificates use the script:\n" + printf " tests/data_files/dir-maxpath/long.sh\n" + printf "\n" + printf "To test using an alternative value, please set the environment variable\n" + printf "MAX_IM_CA or change the default value in the script tests/ssl-opt.sh.\n" + + exit 1 fi run_test "Authentication: server max_int chain, client default" \ From b060cc21b111c44dbe8d0957d996d69de44cf0bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 01:04:34 +0100 Subject: [PATCH 130/130] Reorder and group sections in the ChangeLog --- ChangeLog | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 55595640e..55cccd5e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's + X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA + (default: 8) intermediates, even when it was not trusted. Could be + triggered remotely on both sides. (With auth_mode set to required + (default), the handshake was correctly aborted.) + Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -16,6 +24,12 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 Found by James Cowgill. + * Certificate verification functions now set flags to -1 in case the full + chain was not verified due to an internal error (including in the verify + callback) or chain length limitations. + * With authmode set to optional, handshake is now aborted if the + verification of the peer's certificate failed due to an overlong chain or + a fatal error in the vrfy callback. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -42,22 +56,6 @@ Bugfix encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. -Security - * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, - mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's - X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) - -API changes - * Certificate verification functions now set flags to -1 in case the full - chain was not verified due to an internal error (including in the verify - callback) or chain length limitations. - * With authmode set to optional, handshake is now aborted if the - verification of the peer's certificate failed due to an overlong chain or - a fatal error in the vrfy callback. - Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. #708