From 8e75e68531ff6391a1a24752106f5dc3a074cabb Mon Sep 17 00:00:00 2001 From: Alexey Skalozub Date: Wed, 13 Jan 2016 21:59:27 +0200 Subject: [PATCH 0001/1059] Remove redundant i increments Doesn't matter performance-wise, but still... --- library/bignum.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 7841bea433..96769d767d 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -949,7 +949,7 @@ static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) while( c != 0 ) { z = ( *d < c ); *d -= c; - c = z; i++; d++; + c = z; d++; } } @@ -1187,8 +1187,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - for( i++; j > 0; j-- ) - mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] ); + for( ; j > 0; j-- ) + mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] ); X->s = A->s * B->s; From 3f21a35c36fd040d28fa67ae54abf7be12ec073b Mon Sep 17 00:00:00 2001 From: Matthias Weisser Date: Thu, 18 Aug 2016 07:55:05 +0200 Subject: [PATCH 0002/1059] Added checking for QNX operating system to make mbedtls build on QNX --- library/entropy_poll.c | 2 +- library/net.c | 2 +- library/timing.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index a116e605d2..67900c46c8 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -44,7 +44,7 @@ #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) + !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" #endif diff --git a/library/net.c b/library/net.c index 8b96321bc6..93bf0468ba 100644 --- a/library/net.c +++ b/library/net.c @@ -28,7 +28,7 @@ #if defined(MBEDTLS_NET_C) #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) + !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" #endif diff --git a/library/timing.c b/library/timing.c index a7c7ff0279..56f29bdb50 100644 --- a/library/timing.c +++ b/library/timing.c @@ -39,7 +39,7 @@ #if !defined(MBEDTLS_TIMING_ALT) #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) + !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) #error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" #endif From e75b88db492a6ca8bf5138667f514f3b2b93ecb0 Mon Sep 17 00:00:00 2001 From: Joris Aerts Date: Fri, 4 Nov 2016 23:05:56 +0100 Subject: [PATCH 0003/1059] Fix missing void argument declarations #678 --- library/memory_buffer_alloc.c | 12 ++++++------ library/version.c | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 545d5a2c32..c0a72c2ad1 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -113,7 +113,7 @@ static void debug_header( memory_header *hdr ) #endif } -static void debug_chain() +static void debug_chain( void ) { memory_header *cur = heap.first; @@ -180,7 +180,7 @@ static int verify_header( memory_header *hdr ) return( 0 ); } -static int verify_chain() +static int verify_chain( void ) { memory_header *prv = heap.first, *cur = heap.first->next; @@ -500,13 +500,13 @@ void mbedtls_memory_buffer_set_verify( int verify ) heap.verify = verify; } -int mbedtls_memory_buffer_alloc_verify() +int mbedtls_memory_buffer_alloc_verify( void ) { return verify_chain(); } #if defined(MBEDTLS_MEMORY_DEBUG) -void mbedtls_memory_buffer_alloc_status() +void mbedtls_memory_buffer_alloc_status( void ) { mbedtls_fprintf( stderr, "Current use: %zu blocks / %zu bytes, max: %zu blocks / " @@ -600,7 +600,7 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) heap.first_free = heap.first; } -void mbedtls_memory_buffer_alloc_free() +void mbedtls_memory_buffer_alloc_free( void ) { #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &heap.mutex ); @@ -620,7 +620,7 @@ static int check_pointer( void *p ) return( 0 ); } -static int check_all_free( ) +static int check_all_free( void ) { if( #if defined(MBEDTLS_MEMORY_DEBUG) diff --git a/library/version.c b/library/version.c index 6ca80d4695..fd96750885 100644 --- a/library/version.c +++ b/library/version.c @@ -30,7 +30,7 @@ #include "mbedtls/version.h" #include -unsigned int mbedtls_version_get_number() +unsigned int mbedtls_version_get_number( void ) { return( MBEDTLS_VERSION_NUMBER ); } From 4dab551698f68a327d738a6262378e9b80f0be14 Mon Sep 17 00:00:00 2001 From: aitap Date: Fri, 13 Jan 2017 13:22:31 +0400 Subject: [PATCH 0004/1059] mbedtls_net_accept: client_ip can be NULL This is currently used in example programs, but not explicitly documented. --- include/mbedtls/net_sockets.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index de335526fe..f09f8bf3bf 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -117,9 +117,10 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char * * \param bind_ctx Relevant socket * \param client_ctx Will contain the connected client socket - * \param client_ip Will contain the client IP address + * \param client_ip Will contain the client IP address, can be NULL * \param buf_size Size of the client_ip buffer - * \param ip_len Will receive the size of the client IP written + * \param ip_len Will receive the size of the client IP written, + * can be NULL if client_ip == NULL * * \return 0 if successful, or * MBEDTLS_ERR_NET_ACCEPT_FAILED, or From 2fab5c9605c5348be5ad08218a4f8d92f5376549 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Thu, 15 Dec 2016 18:51:13 -0800 Subject: [PATCH 0005/1059] Work around for GCC bug --- library/cmac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index b2fe713a03..9fcb439799 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -765,7 +765,7 @@ static int cmac_test_subkeys( int verbose, int block_size, int num_tests ) { - int i, ret; + int i, ret = 0; mbedtls_cipher_context_t ctx; const mbedtls_cipher_info_t *cipher_info; unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; @@ -847,7 +847,7 @@ static int cmac_test_wth_cipher( int verbose, int num_tests ) { const mbedtls_cipher_info_t *cipher_info; - int i, ret; + int i, ret = 0; unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; cipher_info = mbedtls_cipher_info_from_type( cipher_type ); From 222e2ff421609a7ff5e0565156028771d284f7ad Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 4 Apr 2017 11:37:15 +0200 Subject: [PATCH 0006/1059] Allow alternate core implementation of CCM --- include/mbedtls/ccm.h | 16 ++++++++++++++++ include/mbedtls/config.h | 1 + library/ccm.c | 3 +++ 3 files changed, 20 insertions(+) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index ef75839baa..579402fd48 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -28,6 +28,10 @@ #define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ +#if !defined(MBEDTLS_CCM_ALT) +// Regular implementation +// + #ifdef __cplusplus extern "C" { #endif @@ -125,6 +129,18 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ); +#ifdef __cplusplus +} +#endif + +#else /* !MBEDTLS_CCM_ALT */ +#include "ccm_alt.h" +#endif /* !MBEDTLS_CCM_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /** * \brief Checkup routine diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0f7e29bcf2..941769fd0c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -237,6 +237,7 @@ //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT +//#define MBEDTLS_CCM_ALT //#define MBEDTLS_DES_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT diff --git a/library/ccm.c b/library/ccm.c index 13a8fd1a24..9101e5f7c7 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -49,6 +49,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#if !defined(MBEDTLS_CCM_ALT) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; @@ -348,6 +350,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, return( 0 ); } +#endif /* !MBEDTLS_CCM_ALT */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /* From 633427732047dd1e0a3f76cd7d066362698c6692 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 4 Apr 2017 11:47:16 +0200 Subject: [PATCH 0007/1059] Allow alternate core implementation of CMAC --- include/mbedtls/cmac.h | 14 ++++++++++++++ include/mbedtls/config.h | 1 + library/cmac.c | 4 ++++ 3 files changed, 19 insertions(+) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 9a2b96bc92..4d3f2d2f4f 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -39,6 +39,8 @@ extern "C" { #define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */ #endif +#if !defined(MBEDTLS_CMAC_ALT) + /** * CMAC context structure - Contains internal state information only */ @@ -154,6 +156,18 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, unsigned char output[16] ); #endif /* MBEDTLS_AES_C */ +#ifdef __cplusplus +} +#endif + +#else /* !MBEDTLS_CMAC_ALT */ +#include "cmac_alt.h" +#endif /* !MBEDTLS_CMAC_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) /** * \brief Checkup routine diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0f7e29bcf2..2ef052b1e0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -237,6 +237,7 @@ //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT +//#define MBEDTLS_CMAC_ALT //#define MBEDTLS_DES_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT diff --git a/library/cmac.c b/library/cmac.c index b2fe713a03..5575d5c8d7 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -65,6 +65,8 @@ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ +#if !defined(MBEDTLS_CMAC_ALT) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; @@ -468,6 +470,8 @@ exit: } #endif /* MBEDTLS_AES_C */ +#endif /* !MBEDTLS_CMAC_ALT */ + #if defined(MBEDTLS_SELF_TEST) /* * CMAC test data for SP800-38B From 12d9f3c84d14cf1f01d8e8c1f18a430b9d764765 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 4 Apr 2017 12:01:42 +0200 Subject: [PATCH 0008/1059] Forgot version-features update for new config flag --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index e866e67a23..6d2e53f77e 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -90,6 +90,9 @@ static const char *features[] = { #if defined(MBEDTLS_CAMELLIA_ALT) "MBEDTLS_CAMELLIA_ALT", #endif /* MBEDTLS_CAMELLIA_ALT */ +#if defined(MBEDTLS_CMAC_ALT) + "MBEDTLS_CMAC_ALT", +#endif /* MBEDTLS_CMAC_ALT */ #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ From 3a93387cea490ea05db35b85cdbea1306345505d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 4 Apr 2017 12:02:37 +0200 Subject: [PATCH 0009/1059] Forgot version-features update for new config flag --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index e866e67a23..9bd40c4238 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -90,6 +90,9 @@ static const char *features[] = { #if defined(MBEDTLS_CAMELLIA_ALT) "MBEDTLS_CAMELLIA_ALT", #endif /* MBEDTLS_CAMELLIA_ALT */ +#if defined(MBEDTLS_CCM_ALT) + "MBEDTLS_CCM_ALT", +#endif /* MBEDTLS_CCM_ALT */ #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ From a6ed9c54299102e2d20fca70998f05e72916e1c4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 13:39:22 +0100 Subject: [PATCH 0010/1059] Backup errno in net_would_block Safe and restore the value of errno in net_would_block to be sure it's not affected by the guarding call to fcntl. Fixes #845. --- ChangeLog | 6 ++++++ library/net_sockets.c | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 13de8672c7..202262b539 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix net_would_block to avoid modification by errno through fcntl call. + Found by nkolban. Fixes #845. + = mbed TLS 2.4.2 branch released 2017-03-08 Security diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a4..a403bdf57b 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -270,13 +270,18 @@ static int net_would_block( const mbedtls_net_context *ctx ) */ static int net_would_block( const mbedtls_net_context *ctx ) { + int err = errno; + /* * Never return 'WOULD BLOCK' on a non-blocking socket */ if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK ) + { + errno = err; return( 0 ); + } - switch( errno ) + switch( errno = err ) { #if defined EAGAIN case EAGAIN: From 46cf773f2f50b7f7279f285e418ed5def7d91dfd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 14 May 2017 15:55:06 +0300 Subject: [PATCH 0011/1059] Fix wrong output in the benchmark application The benchmark application prints the performance in Kb/s, While it actually calculates KB/s. Resolves issue #850 --- programs/test/benchmark.c | 2 +- yotta/data/example-benchmark/README.md | 36 +++++++++++++------------- yotta/data/example-benchmark/main.cpp | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index eb578e7306..d88bc57ee8 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -126,7 +126,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \ + mbedtls_printf( "%9lu KB/s, %9lu cycles/byte\n", \ ii * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \ } while( 0 ) diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 8589e7bd60..8397f5e4a9 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -56,24 +56,24 @@ To build and run this example you must have: {{start}} - SHA-1 : 3644 Kb/s, 32 cycles/byte - SHA-256 : 1957 Kb/s, 59 cycles/byte - SHA-512 : 587 Kb/s, 200 cycles/byte - AES-CBC-128 : 1359 Kb/s, 86 cycles/byte - AES-CBC-192 : 1183 Kb/s, 99 cycles/byte - AES-CBC-256 : 1048 Kb/s, 111 cycles/byte - AES-GCM-128 : 421 Kb/s, 279 cycles/byte - AES-GCM-192 : 403 Kb/s, 292 cycles/byte - AES-GCM-256 : 385 Kb/s, 305 cycles/byte - AES-CCM-128 : 542 Kb/s, 216 cycles/byte - AES-CCM-192 : 484 Kb/s, 242 cycles/byte - AES-CCM-256 : 437 Kb/s, 268 cycles/byte - CTR_DRBG (NOPR) : 1002 Kb/s, 117 cycles/byte - CTR_DRBG (PR) : 705 Kb/s, 166 cycles/byte - HMAC_DRBG SHA-1 (NOPR) : 228 Kb/s, 517 cycles/byte - HMAC_DRBG SHA-1 (PR) : 210 Kb/s, 561 cycles/byte - HMAC_DRBG SHA-256 (NOPR) : 212 Kb/s, 557 cycles/byte - HMAC_DRBG SHA-256 (PR) : 185 Kb/s, 637 cycles/byte + SHA-1 : 3644 KB/s, 32 cycles/byte + SHA-256 : 1957 KB/s, 59 cycles/byte + SHA-512 : 587 KB/s, 200 cycles/byte + AES-CBC-128 : 1359 KB/s, 86 cycles/byte + AES-CBC-192 : 1183 KB/s, 99 cycles/byte + AES-CBC-256 : 1048 KB/s, 111 cycles/byte + AES-GCM-128 : 421 KB/s, 279 cycles/byte + AES-GCM-192 : 403 KB/s, 292 cycles/byte + AES-GCM-256 : 385 KB/s, 305 cycles/byte + AES-CCM-128 : 542 KB/s, 216 cycles/byte + AES-CCM-192 : 484 KB/s, 242 cycles/byte + AES-CCM-256 : 437 KB/s, 268 cycles/byte + CTR_DRBG (NOPR) : 1002 KB/s, 117 cycles/byte + CTR_DRBG (PR) : 705 KB/s, 166 cycles/byte + HMAC_DRBG SHA-1 (NOPR) : 228 KB/s, 517 cycles/byte + HMAC_DRBG SHA-1 (PR) : 210 KB/s, 561 cycles/byte + HMAC_DRBG SHA-256 (NOPR) : 212 KB/s, 557 cycles/byte + HMAC_DRBG SHA-256 (PR) : 185 KB/s, 637 cycles/byte RSA-2048 : 41 ms/ public RSA-2048 : 1349 ms/private RSA-4096 : 134 ms/ public diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp index ef38c442b1..36cfc0e27b 100644 --- a/yotta/data/example-benchmark/main.cpp +++ b/yotta/data/example-benchmark/main.cpp @@ -229,7 +229,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\r\n", \ + mbedtls_printf( "%9lu KB/s, %9lu cycles/byte\r\n", \ i * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \ } while( 0 ) From a7f51f6e1ff8da886ed26dc8408e1b01f2869440 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 15 May 2017 11:23:55 +0300 Subject: [PATCH 0012/1059] Remove Yotta module from footprint.sh script Remove Yotta module configuration usd in footprint.sh script --- scripts/footprint.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index d38e50af27..c08ef1c902 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -11,7 +11,6 @@ # # Configurations included: # default include/mbedtls/config.h -# yotta yotta/module/mbedtls/config.h # thread configs/config-thread.h # suite-b configs/config-suite-b.h # psk configs/config-ccm-psk-tls1_2.h @@ -102,11 +101,7 @@ log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION" log "$( arm-none-eabi-gcc --version | head -n1 )" log "CFLAGS=$ARMGCC_FLAGS" -# creates the yotta config -yotta/create-module.sh >/dev/null - doit default include/mbedtls/config.h -doit yotta yotta/module/mbedtls/config.h doit thread configs/config-thread.h doit suite-b configs/config-suite-b.h doit psk configs/config-ccm-psk-tls1_2.h From 4ae7d5df96b29ab275b9040796775aa337116cc3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 May 2017 11:59:29 +0200 Subject: [PATCH 0013/1059] Clarified documentation of mbedtls_ssl_setup Note that the configuration structure must remain accessible. The previous wording could have been taken as implying that it's ok to change the structure but changes wouldn't be taken into account. Also note that calling this function twice is not supported (it would at least be a memory leak). --- include/mbedtls/ssl.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 495e02cb0e..e3fd890cf2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -960,8 +960,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); * \note No copy of the configuration context is made, it can be * shared by many mbedtls_ssl_context structures. * - * \warning Modifying the conf structure after it has been used in this - * function is unsupported! + * \warning The conf structure will be accessed during the session. + * It must not be modified or freed as long as the session + * is active. + * + * \warning This function must be called exactly once per context. + * Calling mbedtls_ssl_setup again is not supported, even + * if no session is active. * * \param ssl SSL context * \param conf SSL configuration to use From 51a7ae1353f623d96bd2a7821dc12c1937baf89b Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 22 Feb 2017 16:23:26 +0000 Subject: [PATCH 0014/1059] Add missing ret code checks in PEM module Add missing return code checks in the functions pem_des_decrypt(), pem_3des_decrypt() and pem_aes_decrypt() so that the calling function mbedtls_pem_read_buffer() is notified of errors reported by the crypto primitives AES, DES and 3DES. --- ChangeLog | 10 ++++++++ library/pem.c | 63 +++++++++++++++++++++++++++++++++++---------------- 2 files changed, 53 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8797b1af69..daa9622f38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix unchecked return codes from AES, DES and 3DES functions in + pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively. + If a call to one of the functions of the cryptographic primitive modules + failed, the error may not be noticed by the function + mbedtls_pem_read_buffer() causing it to return invalid values. Found by + Guido Vranken. #756 + = mbed TLS 2.5.0 branch released 2017-05-17 Security diff --git a/library/pem.c b/library/pem.c index 8dd86a4ac9..87401ba55f 100644 --- a/library/pem.c +++ b/library/pem.c @@ -134,45 +134,55 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, /* * Decrypt with DES-CBC, using PBKDF1 for key derivation */ -static void pem_des_decrypt( unsigned char des_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des_decrypt( unsigned char des_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_des_context des_ctx; unsigned char des_key[8]; + int ret; mbedtls_des_init( &des_ctx ); pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ); - mbedtls_des_setkey_dec( &des_ctx, des_key ); - mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, + if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 ) + goto exit; + ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, des_iv, buf, buf ); +exit: mbedtls_des_free( &des_ctx ); mbedtls_zeroize( des_key, 8 ); + + return( ret ); } /* * Decrypt with 3DES-CBC, using PBKDF1 for key derivation */ -static void pem_des3_decrypt( unsigned char des3_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des3_decrypt( unsigned char des3_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_des3_context des3_ctx; unsigned char des3_key[24]; + int ret; mbedtls_des3_init( &des3_ctx ); pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ); - mbedtls_des3_set3key_dec( &des3_ctx, des3_key ); - mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, + if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 ) + goto exit; + ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, des3_iv, buf, buf ); +exit: mbedtls_des3_free( &des3_ctx ); mbedtls_zeroize( des3_key, 24 ); + + return( ret ); } #endif /* MBEDTLS_DES_C */ @@ -180,23 +190,28 @@ static void pem_des3_decrypt( unsigned char des3_iv[8], /* * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation */ -static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_aes_context aes_ctx; unsigned char aes_key[32]; + int ret; mbedtls_aes_init( &aes_ctx ); pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ); - mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ); - mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, + if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 ) + goto exit; + ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, aes_iv, buf, buf ); +exit: mbedtls_aes_free( &aes_ctx ); mbedtls_zeroize( aes_key, keylen ); + + return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -345,22 +360,30 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } + ret = 0; + #if defined(MBEDTLS_DES_C) if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC ) - pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_DES_CBC ) - pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC ) - pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC ) - pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC ) - pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_AES_C */ + if( ret != 0 ) + { + mbedtls_free( buf ); + return( ret ); + } + /* * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases. From a3b9adb6bd9e0d23b4e7797e5fdf2c310d9914e5 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 1 Mar 2017 11:53:29 +0000 Subject: [PATCH 0015/1059] Add negative testing for mbedtls_pem_read_buffer() --- tests/suites/test_suite_pem.data | 17 ++++++++++++++--- tests/suites/test_suite_pem.function | 13 +++++++++---- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 065e4a2b57..77546c586b 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,11 +17,22 @@ PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG +PEM read (malformed PEM DES-CBC) +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH + +PEM read (malformed PEM DES-EDE3-CBC) +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH + +PEM read (malformed PEM AES-128-CBC) +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 5e022109c1..c24595d47c 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -1,6 +1,8 @@ /* BEGIN_HEADER */ #include "mbedtls/base64.h" #include "mbedtls/pem.h" +#include "mbedtls/des.h" +#include "mbedtls/aes.h" /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ @@ -35,16 +37,19 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */ -void mbedtls_pem_read_buffer( char *header, char *footer, char *data, int ret ) +void mbedtls_pem_read_buffer( char *header, char *footer, char *data, + char *pwd, int res ) { mbedtls_pem_context ctx; + int ret; size_t use_len = 0; + size_t pwd_len = strlen( pwd ); mbedtls_pem_init( &ctx ); - TEST_ASSERT( mbedtls_pem_read_buffer( &ctx, header, footer, - (const unsigned char *)data, NULL, 0, - &use_len ) == ret ); + ret = mbedtls_pem_read_buffer( &ctx, header, footer, (unsigned char *)data, + (unsigned char *)pwd, pwd_len, &use_len ); + TEST_ASSERT( ret == res ); exit: mbedtls_pem_free( &ctx ); From 2fd1bb8f02c711e047889e10177d7360d256204c Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Thu, 12 Nov 2015 16:38:31 +0200 Subject: [PATCH 0016/1059] Add option to use smaller AES tables (table sizes reduced by 6144 bytes) This patch adds MBEDTLS_AES_SMALL_TABLES option to reduce number of AES look-up tables and thus save 6 KiB of memory. Enabling this option cause performance hit MBEDTLS_AES_SMALL_TABLES of ~7% on ARM and ~15% on x86-64. Benchmark on Cortex-A7 (armhf): Before: AES-CBC-128 : 14394 Kb/s, 0 cycles/byte AES-CBC-192 : 12442 Kb/s, 0 cycles/byte AES-CBC-256 : 10958 Kb/s, 0 cycles/byte After: AES-CBC-128 : 13342 Kb/s, 0 cycles/byte AES-CBC-192 : 11469 Kb/s, 0 cycles/byte AES-CBC-256 : 10058 Kb/s, 0 cycles/byte Benchmark on Intel Core i5-4570 (x86_64, 3.2 Ghz, no turbo): Before: AES-CBC-128 : 215759 Kb/s, 14 cycles/byte AES-CBC-192 : 190884 Kb/s, 16 cycles/byte AES-CBC-256 : 171536 Kb/s, 18 cycles/byte After: AES-CBC-128 : 185108 Kb/s, 16 cycles/byte AES-CBC-192 : 162839 Kb/s, 19 cycles/byte AES-CBC-256 : 144700 Kb/s, 21 cycles/byte --- include/mbedtls/config.h | 9 +++ library/aes.c | 140 +++++++++++++++++++++++++------------ library/version_features.c | 3 + 3 files changed, 106 insertions(+), 46 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c14..44def95b8c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -387,6 +387,15 @@ */ //#define MBEDTLS_AES_ROM_TABLES +/** + * \def MBEDTLS_AES_SMALL_TABLES + * + * Use less ROM/RAM for the AES implementation (saves about 6144 bytes). + * + * Uncomment this macro to use less memory for AES. + */ +//#define MBEDTLS_AES_SMALL_TABLES + /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY * diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b4..aabacf9f82 100644 --- a/library/aes.c +++ b/library/aes.c @@ -201,6 +201,8 @@ static const unsigned char FSb[256] = static const uint32_t FT0[256] = { FT }; #undef V +#ifndef MBEDTLS_AES_SMALL_TABLES + #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t FT1[256] = { FT }; #undef V @@ -213,6 +215,8 @@ static const uint32_t FT2[256] = { FT }; static const uint32_t FT3[256] = { FT }; #undef V +#endif /* !MBEDTLS_AES_SMALL_TABLES */ + #undef FT /* @@ -328,6 +332,8 @@ static const unsigned char RSb[256] = static const uint32_t RT0[256] = { RT }; #undef V +#ifndef MBEDTLS_AES_SMALL_TABLES + #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t RT1[256] = { RT }; #undef V @@ -340,6 +346,8 @@ static const uint32_t RT2[256] = { RT }; static const uint32_t RT3[256] = { RT }; #undef V +#endif /* !MBEDTLS_AES_SMALL_TABLES */ + #undef RT /* @@ -359,18 +367,22 @@ static const uint32_t RCON[10] = */ static unsigned char FSb[256]; static uint32_t FT0[256]; +#ifndef MBEDTLS_AES_SMALL_TABLES static uint32_t FT1[256]; static uint32_t FT2[256]; static uint32_t FT3[256]; +#endif /* !MBEDTLS_AES_SMALL_TABLES */ /* * Reverse S-box & tables */ static unsigned char RSb[256]; static uint32_t RT0[256]; +#ifndef MBEDTLS_AES_SMALL_TABLES static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; +#endif /* !MBEDTLS_AES_SMALL_TABLES */ /* * Round constants @@ -445,9 +457,11 @@ static void aes_gen_tables( void ) ( (uint32_t) x << 16 ) ^ ( (uint32_t) z << 24 ); +#ifndef MBEDTLS_AES_SMALL_TABLES FT1[i] = ROTL8( FT0[i] ); FT2[i] = ROTL8( FT1[i] ); FT3[i] = ROTL8( FT2[i] ); +#endif /* !MBEDTLS_AES_SMALL_TABLES */ x = RSb[i]; @@ -456,14 +470,48 @@ static void aes_gen_tables( void ) ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ ( (uint32_t) MUL( 0x0B, x ) << 24 ); +#ifndef MBEDTLS_AES_SMALL_TABLES RT1[i] = ROTL8( RT0[i] ); RT2[i] = ROTL8( RT1[i] ); RT3[i] = ROTL8( RT2[i] ); +#endif /* !MBEDTLS_AES_SMALL_TABLES */ } } +#undef ROTL8 + #endif /* MBEDTLS_AES_ROM_TABLES */ +#ifdef MBEDTLS_AES_SMALL_TABLES + +#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) +#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) ) +#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) ) + +#define AES_RT0(idx) RT0[idx] +#define AES_RT1(idx) ROTL8( RT0[idx] ) +#define AES_RT2(idx) ROTL16( RT0[idx] ) +#define AES_RT3(idx) ROTL24( RT0[idx] ) + +#define AES_FT0(idx) FT0[idx] +#define AES_FT1(idx) ROTL8( FT0[idx] ) +#define AES_FT2(idx) ROTL16( FT0[idx] ) +#define AES_FT3(idx) ROTL24( FT0[idx] ) + +#else /* MBEDTLS_AES_SMALL_TABLES */ + +#define AES_RT0(idx) RT0[idx] +#define AES_RT1(idx) RT1[idx] +#define AES_RT2(idx) RT2[idx] +#define AES_RT3(idx) RT3[idx] + +#define AES_FT0(idx) FT0[idx] +#define AES_FT1(idx) FT1[idx] +#define AES_FT2(idx) FT2[idx] +#define AES_FT3(idx) FT3[idx] + +#endif /* MBEDTLS_AES_SMALL_TABLES */ + void mbedtls_aes_init( mbedtls_aes_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_aes_context ) ); @@ -641,10 +689,10 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, { for( j = 0; j < 4; j++, SK++ ) { - *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^ - RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^ - RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^ - RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ]; + *RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^ + AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^ + AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^ + AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] ); } } @@ -660,50 +708,50 @@ exit: } #endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ -#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ -{ \ - X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \ - FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ - FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ - FT3[ ( Y3 >> 24 ) & 0xFF ]; \ - \ - X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \ - FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ - FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ - FT3[ ( Y0 >> 24 ) & 0xFF ]; \ - \ - X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \ - FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ - FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ - FT3[ ( Y1 >> 24 ) & 0xFF ]; \ - \ - X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \ - FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ - FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ - FT3[ ( Y2 >> 24 ) & 0xFF ]; \ +#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ +{ \ + X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \ + AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \ + AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \ + AES_FT3( ( Y3 >> 24 ) & 0xFF ); \ + \ + X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \ + AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \ + AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \ + AES_FT3( ( Y0 >> 24 ) & 0xFF ); \ + \ + X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \ + AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \ + AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \ + AES_FT3( ( Y1 >> 24 ) & 0xFF ); \ + \ + X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \ + AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \ + AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \ + AES_FT3( ( Y2 >> 24 ) & 0xFF ); \ } -#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ -{ \ - X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \ - RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ - RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ - RT3[ ( Y1 >> 24 ) & 0xFF ]; \ - \ - X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \ - RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ - RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ - RT3[ ( Y2 >> 24 ) & 0xFF ]; \ - \ - X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \ - RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ - RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ - RT3[ ( Y3 >> 24 ) & 0xFF ]; \ - \ - X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \ - RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ - RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ - RT3[ ( Y0 >> 24 ) & 0xFF ]; \ +#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ +{ \ + X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \ + AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \ + AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \ + AES_RT3( ( Y1 >> 24 ) & 0xFF ); \ + \ + X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \ + AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \ + AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \ + AES_RT3( ( Y2 >> 24 ) & 0xFF ); \ + \ + X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \ + AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \ + AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \ + AES_RT3( ( Y3 >> 24 ) & 0xFF ); \ + \ + X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \ + AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \ + AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \ + AES_RT3( ( Y0 >> 24 ) & 0xFF ); \ } /* diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3e..2b651996c7 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -198,6 +198,9 @@ static const char *features[] = { #if defined(MBEDTLS_AES_ROM_TABLES) "MBEDTLS_AES_ROM_TABLES", #endif /* MBEDTLS_AES_ROM_TABLES */ +#if defined(MBEDTLS_AES_SMALL_TABLES) + "MBEDTLS_AES_SMALL_TABLES", +#endif /* MBEDTLS_AES_SMALL_TABLES */ #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) "MBEDTLS_CAMELLIA_SMALL_MEMORY", #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ From 88ec2381d6af23935c491272375cea85d942d894 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 May 2017 13:51:16 +0100 Subject: [PATCH 0017/1059] Add configuration options for verification and blinding This commit defines some configuration options to control the mandatory use of blinding and verification in RSA private key operations. --- include/mbedtls/config.h | 72 +++++++++++++++++++++++++++++++++++++++- include/mbedtls/rsa.h | 35 ++++++++++++++++++- 2 files changed, 105 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c14..1ce92c5a1e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -970,16 +970,86 @@ */ #define MBEDTLS_PKCS1_V21 +/** + * \def MBEDTLS_RSA_FORCE_BLINDING + * + * Force the use of blinding in RSA private key operations. + * This makes these operations fail when the caller doesn't + * provide a PRNG. + * + * Comment this macro to allow RSA private key operations + * without blinding. + * + * \warning Disabling this can be a security risk! + * Blinding RSA private key operations is a way + * to prevent statistical timing attacks as in + * [P. Kocher ', Timing Attacks on Implementations + * of Diffie-Hellman, RSA, DSS, and Other Systems] + * + * \note Disabling this does not mean that blinding + * will never be used, but instead makes private + * key operations fail if, perhaps unintentionally, + * the user failed to call them with a PRNG. + * + * \note For more on the use of blinding in RSA + * private key operations, see the documentation + * of \c mbedtls_rsa_private. + */ +#define MBEDTLS_RSA_FORCE_BLINDING + /** * \def MBEDTLS_RSA_NO_CRT * - * Do not use the Chinese Remainder Theorem for the RSA private operation. + * Do not use the Chinese Remainder Theorem + * for the RSA private operation. * * Uncomment this macro to disable the use of CRT in RSA. * */ //#define MBEDTLS_RSA_NO_CRT +/** + * \def MBEDTLS_RSA_FORCE_CRT_VERIFICATION + * + * Force verification of results of RSA private key operations + * when RSA-CRT is used. + * + * Comment this macro to disable RSA-CRT verification. + * + * \warning Disabling this can be a security risk! + * Omitting verification makes the RSA-CRT + * signing vulnerable to the Bellcore + * glitch attack leading to private key + * compromise if an attacker can cause a + * glitch in a certain timeframe during + * the signing operation. Uncomment only + * if you're sure that glitches are out of + * your attack model. + */ +#define MBEDTLS_RSA_FORCE_CRT_VERIFICATION + +/** + * \def MBEDTLS_RSA_FORCE_VERIFICATION + * + * Force verification of results of any RSA private key + * operation regardless of the algorithm used. + * + * Uncomment this to enable unconditional RSA verification. + * + * \note This is to prevent the RSA signing operation + * (regardless of the particular algorithm chosen) + * from potential future glitch attacks. We are + * currently not aware of any such for our default + * implementation, therefore disabling the option + * by default. + * + * \note Enabling it comes at the cost of roughly an + * additional public key operation at the end of + * signing (low compared to private key operations), + * as well as minor memory consumption. + */ +//#define MBEDTLS_RSA_FORCE_VERIFICATION + /** * \def MBEDTLS_SELF_TEST * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdcd..e34fea0f28 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -63,6 +63,15 @@ #define MBEDTLS_RSA_SALT_LEN_ANY -1 +/* + * RSA configuration + */ +#if defined(MBEDTLS_RSA_FORCE_VERIFICATION) || \ + ( ! defined(MBEDTLS_RSA_NO_CRT) && \ + defined(MBEDTLS_RSA_FORCE_CRT_VERIFICATION ) ) +#define MBEDTLS_RSA_REQUIRE_VERIFICATION +#endif + /* * The above constants may be used even if the RSA module is compile out, * eg for alternative (PKCS#11) RSA implemenations in the PK layers. @@ -220,7 +229,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \brief Do an RSA private key operation * * \param ctx RSA context - * \param f_rng RNG function (Needed for blinding) + * \param f_rng RNG function (used for blinding) * \param p_rng RNG parameter * \param input input buffer * \param output output buffer @@ -229,6 +238,30 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). + * + * \note Enabling and disabling of blinding: + * - If f_rng is NULL and MBEDTLS_RSA_FORCE_BLINDING + * is disabled, blinding is disabled. + * - If f_rng is NULL and MBEDTLS_RSA_FORCE_BLINDING + * is enabled, the function fails. + * + * \note If blinding is used, both the base of exponentation + * and the exponent are blinded, preventing both statistical + * timing and power analysis attacks. + * + * \note Depending on the way RSA is implemented, a failure + * in the computation can lead to disclosure of the private + * key if the wrong result is passed to attacker - e.g., + * implementing RSA through CRT is vulnerable to the + * Bellcore glitch attack. + * + * As a remedy, the user can force double checking the + * result of the private key operation through the option + * MBEDTLS_RSA_FORCE_VERIFICATION. If verification is + * to be enabled only when RSA-CRT is used (as controlled + * by the configuration option MBEDTLS_RSA_NO_CRT), the + * option MBEDTLS_RSA_FORCE_CRT_VERIFICATION can be used. + * */ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From 5bc8729b9e7738d8f9a32e96b8e1fb2f597e3609 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 May 2017 15:09:31 +0100 Subject: [PATCH 0018/1059] Correct memory leak in RSA self test The RSA self test didn't free the RSA context on failure. --- library/rsa.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 122bc13605..c8090044a7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1772,7 +1772,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) @@ -1786,7 +1787,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) @@ -1799,7 +1801,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) @@ -1807,7 +1810,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) @@ -1825,7 +1829,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) @@ -1837,7 +1842,8 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + ret = 1; + goto cleanup; } if( verbose != 0 ) From a540068a56efcadb6cf05b7a197021aa7c4788b5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 May 2017 16:43:15 +0100 Subject: [PATCH 0019/1059] Modify PK test suite to provide PRNG to RSA signature function To prepare for the option of mandatory blinding, this commit changes the PK test suite to always call signature functions with a PRNG. --- tests/suites/test_suite_pk.function | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5fa8a693aa..33453ac6f8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -43,7 +43,7 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) { - return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen, + return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, @@ -51,7 +51,9 @@ int mbedtls_rsa_sign_func( void *ctx, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, + ((void) f_rng); + ((void) p_rng); + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) From 06811ced27d809610cfde1db85dd138452f40436 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 May 2017 15:10:34 +0100 Subject: [PATCH 0020/1059] Put configuration options for RSA blinding and verification to work. --- library/rsa.c | 132 +++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 108 insertions(+), 24 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index c8090044a7..d3feeba88b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -398,24 +398,68 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, { int ret; size_t olen; - mbedtls_mpi T, T1, T2; + + /* Temporary holding the result */ + mbedtls_mpi T; + + /* Temporaries holding P-1, Q-1 and the + * exponent blinding factor, respectively. */ mbedtls_mpi P1, Q1, R; -#if defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi D_blind; - mbedtls_mpi *D = &ctx->D; -#else + +#if !defined(MBEDTLS_RSA_NO_CRT) + /* Temporaries holding the results mod p resp. mod q. */ + mbedtls_mpi TP, TQ; + + /* Temporaries holding the blinded exponents for + * the mod p resp. mod q computation (if used). */ mbedtls_mpi DP_blind, DQ_blind; + + /* Pointers to actual exponents to be used - either the unblinded + * or the blinded ones, depending on the presence of a PRNG. */ mbedtls_mpi *DP = &ctx->DP; mbedtls_mpi *DQ = &ctx->DQ; +#else + /* Temporary holding the blinded exponent (if used). */ + mbedtls_mpi D_blind; + + /* Pointer to actual exponent to be used - either the unblinded + * or the blinded one, depending on the presence of a PRNG. */ + mbedtls_mpi *D = &ctx->D; +#endif + +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + /* Temporaries holding input mod p resp. mod q. */ + mbedtls_mpi IP, IQ; + + /* Temporaries holding double check results mod p resp. mod q; + * should in the end have the same values as IP and IQ. */ + mbedtls_mpi CP, CQ; + + /* Comparison results */ + int check = 0; +#endif + +#if defined(MBEDTLS_RSA_FORCE_BLINDING) + if( f_rng == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); #endif /* Make sure we have private key info, prevent possible misuse */ if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); +#if defined(MBEDTLS_THREADING_C) + if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) + return( ret ); +#endif + /* MPI Initialization */ + + mbedtls_mpi_init( &T ); + + mbedtls_mpi_init( &P1 ); + mbedtls_mpi_init( &Q1 ); + mbedtls_mpi_init( &R ); if( f_rng != NULL ) { @@ -427,12 +471,17 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, #endif } - -#if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); +#if !defined(MBEDTLS_RSA_NO_CRT) + mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); #endif +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + mbedtls_mpi_init( &IP ); mbedtls_mpi_init( &IQ ); + mbedtls_mpi_init( &CP ); mbedtls_mpi_init( &CQ ); +#endif + + /* End of MPI initialization */ + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) ); if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) { @@ -440,6 +489,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, goto cleanup; } +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IP, &T, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IQ, &T, &ctx->Q ) ); +#endif + if( f_rng != NULL ) { /* @@ -498,24 +552,25 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, /* * Faster decryption using the CRT * - * T1 = input ^ dP mod P - * T2 = input ^ dQ mod Q + * TP = input ^ dP mod P + * TQ = input ^ dQ mod Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, DP, &ctx->P, &ctx->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, DQ, &ctx->Q, &ctx->RQ ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) ); /* - * T = (T1 - T2) * (Q^-1 mod P) mod P + * T = (TP - TQ) * (Q^-1 mod P) mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T1, &T2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->QP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T1, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) ); /* - * T = T2 + T * Q + * T = TQ + T * Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &T2, &T1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) ); #endif /* MBEDTLS_RSA_NO_CRT */ if( f_rng != NULL ) @@ -528,6 +583,23 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); } + /* If requested by the config, verify the result to prevent glitching attacks. + * For that, check the two prime moduli separately. */ +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CP, &T, &ctx->E, &ctx->P, &ctx->RP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CQ, &T, &ctx->E, &ctx->Q, &ctx->RQ ) ); + + check |= mbedtls_mpi_cmp_mpi( &CP, &IP ); + check |= mbedtls_mpi_cmp_mpi( &CQ, &IQ ); + + if( check != 0 ) + { + /* Verification failed */ + ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; + goto cleanup; + } +#endif /* MBEDTLS_RSA_REQUIRE_VERIFICATION */ + olen = ctx->len; MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); @@ -537,8 +609,9 @@ cleanup: return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); #endif - mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &R ); + mbedtls_mpi_free( &P1 ); + mbedtls_mpi_free( &Q1 ); + mbedtls_mpi_free( &R ); if( f_rng != NULL ) { @@ -550,6 +623,17 @@ cleanup: #endif } + mbedtls_mpi_free( &T ); + +#if !defined(MBEDTLS_RSA_NO_CRT) + mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ ); +#endif + +#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) + mbedtls_mpi_free( &IP ); mbedtls_mpi_free( &IQ ); + mbedtls_mpi_free( &CP ); mbedtls_mpi_free( &CQ ); +#endif + if( ret != 0 ) return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret ); From b624b85b04e3b335ba6e03f1d06d7c5167bf7843 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 May 2017 09:00:08 +0100 Subject: [PATCH 0021/1059] Adapt ChangeLog --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 08edd77969..b6ab9665a8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix memory leak in RSA self test. + +Security + * Add option for mandatory use of blinding in RSA private key operations. + * Add options for verification of RSA private key operations to defend + against Bellcore glitch attack. + = mbed TLS 2.x.x branch released xxxx-xx-xx Security From 177d3cf7bbc60e3576387fcc7563a465c7fb086e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Jun 2017 15:52:48 +0100 Subject: [PATCH 0022/1059] Rename and document new configuration option for packing AES tables This commit renames the new AES table packing option introduced in the previous MBEDTLS_AES_PACK_TABLES and documents its use and memory vs. speed tradeoff. It also enhances the documentation of the other AES-related option MBEDTLS_AES_ROM_TABLES. --- include/mbedtls/config.h | 33 +++++++++++++++++++++++++++------ library/aes.c | 30 +++++++++++++++--------------- library/version_features.c | 6 +++--- 3 files changed, 45 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 44def95b8c..37a9d079a1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -381,20 +381,41 @@ /** * \def MBEDTLS_AES_ROM_TABLES * - * Store the AES tables in ROM. + * Use precomputed AES tables stored in ROM. + * + * Uncomment this macro to use precomputed AES tables stored in ROM. + * Comment this macro to generate AES tables in RAM at runtime. + * + * Tradeoff: Using precomputed ROM tables reduces the time to setup + * an AES context but comes at the cost of additional 8192b ROM use + * (resp. 2048b if \c MBEDTLS_AES_FEWER_TABLES below is used). + * + * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * - * Uncomment this macro to store the AES tables in ROM. */ //#define MBEDTLS_AES_ROM_TABLES /** - * \def MBEDTLS_AES_SMALL_TABLES + * \def MBEDTLS_AES_FEWER_TABLES * - * Use less ROM/RAM for the AES implementation (saves about 6144 bytes). + * Use less ROM/RAM for AES tables. + * + * Uncommenting this macro omits 75% of the AES tables from + * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) + * by computing their values on the fly during operations + * (the tables are entry-wise rotations of one another). + * + * Tradeoff: Uncommenting this reduces the RAM / ROM footprint + * by 6144b but at the cost of more arithmetic operations during + * runtime. Specifically, one has to compare 4 accesses within + * different tables to 4 accesses with additional arithmetic + * operations within the same table. The performance gain/loss + * depends on the system and memory details. + * + * This option is independent of \c MBEDTLS_AES_ROM_TABLES. * - * Uncomment this macro to use less memory for AES. */ -//#define MBEDTLS_AES_SMALL_TABLES +//#define MBEDTLS_AES_FEWER_TABLES /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY diff --git a/library/aes.c b/library/aes.c index aabacf9f82..de43306a22 100644 --- a/library/aes.c +++ b/library/aes.c @@ -201,7 +201,7 @@ static const unsigned char FSb[256] = static const uint32_t FT0[256] = { FT }; #undef V -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t FT1[256] = { FT }; @@ -215,7 +215,7 @@ static const uint32_t FT2[256] = { FT }; static const uint32_t FT3[256] = { FT }; #undef V -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ #undef FT @@ -332,7 +332,7 @@ static const unsigned char RSb[256] = static const uint32_t RT0[256] = { RT }; #undef V -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t RT1[256] = { RT }; @@ -346,7 +346,7 @@ static const uint32_t RT2[256] = { RT }; static const uint32_t RT3[256] = { RT }; #undef V -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ #undef RT @@ -367,22 +367,22 @@ static const uint32_t RCON[10] = */ static unsigned char FSb[256]; static uint32_t FT0[256]; -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES static uint32_t FT1[256]; static uint32_t FT2[256]; static uint32_t FT3[256]; -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ /* * Reverse S-box & tables */ static unsigned char RSb[256]; static uint32_t RT0[256]; -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ /* * Round constants @@ -457,11 +457,11 @@ static void aes_gen_tables( void ) ( (uint32_t) x << 16 ) ^ ( (uint32_t) z << 24 ); -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES FT1[i] = ROTL8( FT0[i] ); FT2[i] = ROTL8( FT1[i] ); FT3[i] = ROTL8( FT2[i] ); -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ x = RSb[i]; @@ -470,11 +470,11 @@ static void aes_gen_tables( void ) ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ ( (uint32_t) MUL( 0x0B, x ) << 24 ); -#ifndef MBEDTLS_AES_SMALL_TABLES +#ifndef MBEDTLS_AES_FEWER_TABLES RT1[i] = ROTL8( RT0[i] ); RT2[i] = ROTL8( RT1[i] ); RT3[i] = ROTL8( RT2[i] ); -#endif /* !MBEDTLS_AES_SMALL_TABLES */ +#endif /* !MBEDTLS_AES_FEWER_TABLES */ } } @@ -482,7 +482,7 @@ static void aes_gen_tables( void ) #endif /* MBEDTLS_AES_ROM_TABLES */ -#ifdef MBEDTLS_AES_SMALL_TABLES +#ifdef MBEDTLS_AES_FEWER_TABLES #define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) #define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) ) @@ -498,7 +498,7 @@ static void aes_gen_tables( void ) #define AES_FT2(idx) ROTL16( FT0[idx] ) #define AES_FT3(idx) ROTL24( FT0[idx] ) -#else /* MBEDTLS_AES_SMALL_TABLES */ +#else /* MBEDTLS_AES_FEWER_TABLES */ #define AES_RT0(idx) RT0[idx] #define AES_RT1(idx) RT1[idx] @@ -510,7 +510,7 @@ static void aes_gen_tables( void ) #define AES_FT2(idx) FT2[idx] #define AES_FT3(idx) FT3[idx] -#endif /* MBEDTLS_AES_SMALL_TABLES */ +#endif /* MBEDTLS_AES_FEWER_TABLES */ void mbedtls_aes_init( mbedtls_aes_context *ctx ) { diff --git a/library/version_features.c b/library/version_features.c index 2b651996c7..549f40d46c 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -198,9 +198,9 @@ static const char *features[] = { #if defined(MBEDTLS_AES_ROM_TABLES) "MBEDTLS_AES_ROM_TABLES", #endif /* MBEDTLS_AES_ROM_TABLES */ -#if defined(MBEDTLS_AES_SMALL_TABLES) - "MBEDTLS_AES_SMALL_TABLES", -#endif /* MBEDTLS_AES_SMALL_TABLES */ +#if defined(MBEDTLS_AES_FEWER_TABLES) + "MBEDTLS_AES_FEWER_TABLES", +#endif /* MBEDTLS_AES_FEWER_TABLES */ #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) "MBEDTLS_CAMELLIA_SMALL_MEMORY", #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ From 371f31c281fd986c33defafa4a99e08bd793728a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Jun 2017 15:56:54 +0100 Subject: [PATCH 0023/1059] Adapt ChangeLog --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1b6a3542d0..1d0a90d651 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,11 @@ Bugfix * In SSLv3, if refusing a renegotiation attempt, don't process any further data. +Features + * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables + during runtime, thereby reducing the RAM/ROM footprint by 6144 bytes. Suggested + and contributed by jkivilin in #394. + Changes * Send fatal alerts in many more cases instead of dropping the connection. From 9f4e670b14b41ac2978469852acae943f8a2b19c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 12 Jun 2017 10:23:19 +0100 Subject: [PATCH 0024/1059] Correct documentation for RSA_FORCE_BLINDING option --- include/mbedtls/config.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1ce92c5a1e..d54f0c3824 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -987,9 +987,12 @@ * of Diffie-Hellman, RSA, DSS, and Other Systems] * * \note Disabling this does not mean that blinding - * will never be used, but instead makes private - * key operations fail if, perhaps unintentionally, - * the user failed to call them with a PRNG. + * will never be used: if a PRNG is provided, + * blinding will be in place. Instead, disabling this + * option may result in private key operations being + * performed in a way potentially leaking sensitive + * information through side-channels when no PRNG + * is supplied by the user. * * \note For more on the use of blinding in RSA * private key operations, see the documentation From fd487394615f4139d23ef7dbf4a6b298b3a962b5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 14 Jun 2017 16:19:12 +0100 Subject: [PATCH 0025/1059] Add AES feature unavailable error code --- include/mbedtls/aes.h | 1 + include/mbedtls/error.h | 2 +- library/error.c | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc813..660ec2addc 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -38,6 +38,7 @@ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x006E /**< Feature not available, e.g. unsupported AES key size. */ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 5e549f6b6a..8dfeb6221b 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -52,7 +52,7 @@ * GCM 2 0x0012-0x0014 * BLOWFISH 2 0x0016-0x0018 * THREADING 3 0x001A-0x001E - * AES 2 0x0020-0x0022 + * AES 2 0x0020-0x0022 0x006E-0x006E * CAMELLIA 2 0x0024-0x0026 * XTEA 1 0x0028-0x0028 * BASE64 2 0x002A-0x002C diff --git a/library/error.c b/library/error.c index dd2db0c45c..11f7c60251 100644 --- a/library/error.c +++ b/library/error.c @@ -516,6 +516,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "AES - Invalid key length" ); if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) ) + mbedtls_snprintf( buf, buflen, "AES - Feature not available, e.g. unsupported AES key size" ); #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_ASN1_PARSE_C) From 58f98c23d5a37f412edcdce5c9d934161b667a07 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 14 Jun 2017 16:19:42 +0100 Subject: [PATCH 0026/1059] Run AES-192 selftest if available only This patch modifies the function mbedtls_aes_selftest() function to ensure that AES-192 tests are only run if the key size is supported by the available implementation. This is useful when using MBEDTLS_AES_ALT as some hardware crypto accelerators might not support AES-192. --- library/aes.c | 219 +++++++++++++++++++++++++------------------------- 1 file changed, 111 insertions(+), 108 deletions(-) diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b4..b5e8924507 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1221,9 +1221,11 @@ static const int aes_test_ctr_len[3] = */ int mbedtls_aes_self_test( int verbose ) { - int ret = 0, i, j, u, v; + int ret = 0, i, j, u, mode; + unsigned int keybits; unsigned char key[32]; unsigned char buf[64]; + const unsigned char *aes_tests; #if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) unsigned char iv[16]; #endif @@ -1249,45 +1251,47 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1; - v = i & 1; + keybits = 128 + u * 64; + mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-ECB-%3d (%s): ", 128 + u * 64, - ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + mbedtls_printf( " AES-ECB-%3d (%s): ", keybits, + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memset( buf, 0, 16 ); - if( v == MBEDTLS_AES_DECRYPT ) + if( mode == MBEDTLS_AES_DECRYPT ) { - mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 ); - - for( j = 0; j < 10000; j++ ) - mbedtls_aes_crypt_ecb( &ctx, v, buf, buf ); - - if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); + aes_tests = aes_test_ecb_dec[u]; } else { - mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 ); + ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + aes_tests = aes_test_ecb_enc[u]; + } - for( j = 0; j < 10000; j++ ) - mbedtls_aes_crypt_ecb( &ctx, v, buf, buf ); + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } + else if( ret != 0 ) + { + goto exit; + } - if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; + for( j = 0; j < 10000; j++ ) + { + ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf ); + if( ret != 0 ) goto exit; - } + } + + if( memcmp( buf, aes_tests, 16 ) != 0 ) + { + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1304,55 +1308,59 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1; - v = i & 1; + keybits = 128 + u * 64; + mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-CBC-%3d (%s): ", 128 + u * 64, - ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + mbedtls_printf( " AES-CBC-%3d (%s): ", keybits, + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memset( iv , 0, 16 ); memset( prv, 0, 16 ); memset( buf, 0, 16 ); - if( v == MBEDTLS_AES_DECRYPT ) + if( mode == MBEDTLS_AES_DECRYPT ) { - mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 ); - - for( j = 0; j < 10000; j++ ) - mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); - - if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); + aes_tests = aes_test_cbc_dec[u]; } else { - mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 ); + ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + aes_tests = aes_test_cbc_enc[u]; + } - for( j = 0; j < 10000; j++ ) + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } + else if( ret != 0 ) + { + goto exit; + } + + for( j = 0; j < 10000; j++ ) + { + if( mode == MBEDTLS_AES_ENCRYPT ) { unsigned char tmp[16]; - mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); - memcpy( tmp, prv, 16 ); memcpy( prv, buf, 16 ); memcpy( buf, tmp, 16 ); } - if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; + ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf ); + if( ret != 0 ) goto exit; - } + + } + + if( memcmp( buf, aes_tests, 16 ) != 0 ) + { + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1370,45 +1378,47 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1; - v = i & 1; + keybits = 128 + u * 64; + mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64, - ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits, + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memcpy( iv, aes_test_cfb128_iv, 16 ); - memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 ); + memcpy( key, aes_test_cfb128_key[u], keybits / 8 ); offset = 0; - mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 ); + ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } + else if( ret != 0 ) + { + goto exit; + } - if( v == MBEDTLS_AES_DECRYPT ) + if( mode == MBEDTLS_AES_DECRYPT ) { memcpy( buf, aes_test_cfb128_ct[u], 64 ); - mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); - - if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + aes_tests = aes_test_cfb128_pt; } else { memcpy( buf, aes_test_cfb128_pt, 64 ); - mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); + aes_tests = aes_test_cfb128_ct[u]; + } - if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf ); + if( ret != 0 ) + goto exit; - ret = 1; - goto exit; - } + if( memcmp( buf, aes_tests, 64 ) != 0 ) + { + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1426,51 +1436,41 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1; - v = i & 1; + mode = i & 1; if( verbose != 0 ) mbedtls_printf( " AES-CTR-128 (%s): ", - ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); memcpy( key, aes_test_ctr_key[u], 16 ); offset = 0; - mbedtls_aes_setkey_enc( &ctx, key, 128 ); + if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 ) + goto exit; - if( v == MBEDTLS_AES_DECRYPT ) + len = aes_test_ctr_len[u]; + + if( mode == MBEDTLS_AES_DECRYPT ) { - len = aes_test_ctr_len[u]; memcpy( buf, aes_test_ctr_ct[u], len ); - - mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, - buf, buf ); - - if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + aes_tests = aes_test_ctr_pt[u]; } else { - len = aes_test_ctr_len[u]; memcpy( buf, aes_test_ctr_pt[u], len ); + aes_tests = aes_test_ctr_ct[u]; + } - mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, - buf, buf ); + ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, + stream_block, buf, buf ); + if( ret != 0 ) + goto exit; - if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + if( memcmp( buf, aes_tests, len ) != 0 ) + { + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1484,6 +1484,9 @@ int mbedtls_aes_self_test( int verbose ) ret = 0; exit: + if( ret != 0 && verbose != 0 ) + mbedtls_printf( "failed\n" ); + mbedtls_aes_free( &ctx ); return( ret ); From 2a078da134a10a829d9fd33e6450fc6415d463ae Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 15 Jun 2017 11:30:51 +0100 Subject: [PATCH 0027/1059] Run AES-GCM-192 selftest if available only This patch modifies the function mbedtls_gcm_self_test() function to ensure that AES-GCM-192 tests are only run if the key size is supported by the available implementation. This is useful when using MBEDTLS_AES_ALT as some hardware crypto accelerators might not support AES-192. --- library/gcm.c | 189 ++++++++++++++++++++++++-------------------------- 1 file changed, 92 insertions(+), 97 deletions(-) diff --git a/library/gcm.c b/library/gcm.c index f1210c52c3..7b2760a62d 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -46,6 +46,7 @@ #endif #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#include "mbedtls/aes.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -742,34 +743,43 @@ int mbedtls_gcm_self_test( int verbose ) int i, j, ret; mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES; - mbedtls_gcm_init( &ctx ); - for( j = 0; j < 3; j++ ) { int key_len = 128 + 64 * j; for( i = 0; i < MAX_TESTS; i++ ) { + mbedtls_gcm_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d (%s): ", - key_len, i, "enc" ); + key_len, i, "enc" ); - mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], + key_len ); + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 ) + { + mbedtls_printf( "skipped\n" ); + break; + } + else if( ret != 0 ) + { + goto exit; + } ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, - pt_len[i], - iv[iv_index[i]], iv_len[i], - additional[add_index[i]], add_len[i], - pt[pt_index[i]], buf, 16, tag_buf ); + pt_len[i], + iv[iv_index[i]], iv_len[i], + additional[add_index[i]], add_len[i], + pt[pt_index[i]], buf, 16, tag_buf ); + if( ret != 0 ) + goto exit; - if( ret != 0 || - memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || - memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) + if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || + memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + ret = 1; + goto exit; } mbedtls_gcm_free( &ctx ); @@ -777,26 +787,31 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); + mbedtls_gcm_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d (%s): ", - key_len, i, "dec" ); + key_len, i, "dec" ); - mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], + key_len ); + if( ret != 0 ) + goto exit; ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT, - pt_len[i], - iv[iv_index[i]], iv_len[i], - additional[add_index[i]], add_len[i], - ct[j * 6 + i], buf, 16, tag_buf ); + pt_len[i], + iv[iv_index[i]], iv_len[i], + additional[add_index[i]], add_len[i], + ct[j * 6 + i], buf, 16, tag_buf ); - if( ret != 0 || - memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || + if( ret != 0 ) + goto exit; + + if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + ret = 1; + goto exit; } mbedtls_gcm_free( &ctx ); @@ -804,66 +819,51 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); + mbedtls_gcm_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", - key_len, i, "enc" ); + key_len, i, "enc" ); - mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], + key_len ); + if( ret != 0 ) + goto exit; ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT, - iv[iv_index[i]], iv_len[i], - additional[add_index[i]], add_len[i] ); + iv[iv_index[i]], iv_len[i], + additional[add_index[i]], add_len[i] ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; if( pt_len[i] > 32 ) { size_t rest_len = pt_len[i] - 32; ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32, buf + 32 ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; } else { ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; } ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 ); - if( ret != 0 || - memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || + if( ret != 0 ) + goto exit; + + if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + ret = 1; + goto exit; } mbedtls_gcm_free( &ctx ); @@ -871,80 +871,75 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); + mbedtls_gcm_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", - key_len, i, "dec" ); + key_len, i, "dec" ); - mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], + key_len ); + if( ret != 0 ) + goto exit; ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT, iv[iv_index[i]], iv_len[i], additional[add_index[i]], add_len[i] ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; if( pt_len[i] > 32 ) { size_t rest_len = pt_len[i] - 32; ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32, - buf + 32 ); + buf + 32 ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; } else { - ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf ); + ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], + buf ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; } ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 ); - if( ret != 0 || - memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || + if( ret != 0 ) + goto exit; + + if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + ret = 1; + goto exit; } mbedtls_gcm_free( &ctx ); if( verbose != 0 ) mbedtls_printf( "passed\n" ); - } } if( verbose != 0 ) mbedtls_printf( "\n" ); - return( 0 ); + ret = 0; + +exit: + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + mbedtls_gcm_free( &ctx ); + } + + return( ret ); } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ From d3e7e7d83f865591a31e5d1a2da14ca21d7da1fb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 15 Jun 2017 16:17:46 +0100 Subject: [PATCH 0028/1059] Add comment for skipped AES-192 test condition --- library/aes.c | 15 +++++++++++++++ library/gcm.c | 5 +++++ 2 files changed, 20 insertions(+) diff --git a/library/aes.c b/library/aes.c index b5e8924507..9063869303 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1271,6 +1271,11 @@ int mbedtls_aes_self_test( int verbose ) aes_tests = aes_test_ecb_enc[u]; } + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) { mbedtls_printf( "skipped\n" ); @@ -1330,6 +1335,11 @@ int mbedtls_aes_self_test( int verbose ) aes_tests = aes_test_cbc_enc[u]; } + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) { mbedtls_printf( "skipped\n" ); @@ -1390,6 +1400,11 @@ int mbedtls_aes_self_test( int verbose ) offset = 0; ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) { mbedtls_printf( "skipped\n" ); diff --git a/library/gcm.c b/library/gcm.c index 7b2760a62d..97e9d889d5 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -757,6 +757,11 @@ int mbedtls_gcm_self_test( int verbose ) ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 ) { mbedtls_printf( "skipped\n" ); From ad049a973c4b55eb4284d6b71f7dbcce01fbfa4d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 19 Jun 2017 16:31:54 +0100 Subject: [PATCH 0029/1059] Replace #if(n)def by #if (!)defined --- library/aes.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/aes.c b/library/aes.c index de43306a22..6ed0956bf0 100644 --- a/library/aes.c +++ b/library/aes.c @@ -201,7 +201,7 @@ static const unsigned char FSb[256] = static const uint32_t FT0[256] = { FT }; #undef V -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t FT1[256] = { FT }; @@ -332,7 +332,7 @@ static const unsigned char RSb[256] = static const uint32_t RT0[256] = { RT }; #undef V -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) #define V(a,b,c,d) 0x##b##c##d##a static const uint32_t RT1[256] = { RT }; @@ -367,7 +367,7 @@ static const uint32_t RCON[10] = */ static unsigned char FSb[256]; static uint32_t FT0[256]; -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t FT1[256]; static uint32_t FT2[256]; static uint32_t FT3[256]; @@ -378,7 +378,7 @@ static uint32_t FT3[256]; */ static unsigned char RSb[256]; static uint32_t RT0[256]; -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; @@ -457,7 +457,7 @@ static void aes_gen_tables( void ) ( (uint32_t) x << 16 ) ^ ( (uint32_t) z << 24 ); -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) FT1[i] = ROTL8( FT0[i] ); FT2[i] = ROTL8( FT1[i] ); FT3[i] = ROTL8( FT2[i] ); @@ -470,7 +470,7 @@ static void aes_gen_tables( void ) ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ ( (uint32_t) MUL( 0x0B, x ) << 24 ); -#ifndef MBEDTLS_AES_FEWER_TABLES +#if !defined(MBEDTLS_AES_FEWER_TABLES) RT1[i] = ROTL8( RT0[i] ); RT2[i] = ROTL8( RT1[i] ); RT3[i] = ROTL8( RT2[i] ); @@ -482,7 +482,7 @@ static void aes_gen_tables( void ) #endif /* MBEDTLS_AES_ROM_TABLES */ -#ifdef MBEDTLS_AES_FEWER_TABLES +#if defined(MBEDTLS_AES_FEWER_TABLES) #define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) #define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) ) From 08a5c187730c733485931ac2bb0c9ab245667378 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 19 Jun 2017 16:33:58 +0100 Subject: [PATCH 0030/1059] Be less specific about memory usage predictions --- ChangeLog | 2 +- include/mbedtls/config.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1d0a90d651..da5c64e973 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,7 +20,7 @@ Bugfix Features * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables - during runtime, thereby reducing the RAM/ROM footprint by 6144 bytes. Suggested + during runtime, thereby reducing the RAM/ROM footprint by ~6kb. Suggested and contributed by jkivilin in #394. Changes diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 37a9d079a1..94e3efbc01 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -387,8 +387,8 @@ * Comment this macro to generate AES tables in RAM at runtime. * * Tradeoff: Using precomputed ROM tables reduces the time to setup - * an AES context but comes at the cost of additional 8192b ROM use - * (resp. 2048b if \c MBEDTLS_AES_FEWER_TABLES below is used). + * an AES context but comes at the cost of additional ~8kb ROM use + * (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used). * * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * @@ -406,7 +406,7 @@ * (the tables are entry-wise rotations of one another). * * Tradeoff: Uncommenting this reduces the RAM / ROM footprint - * by 6144b but at the cost of more arithmetic operations during + * by ~6kb but at the cost of more arithmetic operations during * runtime. Specifically, one has to compare 4 accesses within * different tables to 4 accesses with additional arithmetic * operations within the same table. The performance gain/loss From bdbca7b383b72f65f9a2bf2671e1f76f9f789703 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 16:23:21 +0100 Subject: [PATCH 0031/1059] Zeroize tmp buf on fail in load_file() dhm.c --- library/dhm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/dhm.c b/library/dhm.c index a4715d1703..f7e71f3f6d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -542,7 +542,10 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) if( fread( *buf, 1, *n, f ) != *n ) { fclose( f ); + + mbedtls_zeroize( *buf, *n + 1 ); mbedtls_free( *buf ); + return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); } From eb132b655c86607237d23b249edde6150029d27f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 16:30:31 +0100 Subject: [PATCH 0032/1059] Zeroize tmp buf in mbedtls_md_file() md.c --- library/md.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/md.c b/library/md.c index eda98f6361..75b971795e 100644 --- a/library/md.c +++ b/library/md.c @@ -312,12 +312,11 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne md_info->update_func( ctx.md_ctx, buf, n ); if( ferror( f ) != 0 ) - { ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; - goto cleanup; - } + else + md_info->finish_func( ctx.md_ctx, output ); - md_info->finish_func( ctx.md_ctx, output ); + mbedtls_zeroize( buf, sizeof( buf ) ); cleanup: fclose( f ); From f3612483ccf61c569ccc3efd79c64ac326e6f74c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 25 Jun 2017 11:24:18 +0300 Subject: [PATCH 0033/1059] Support verbose output of the test suites generate add ctest test-suites, with the --verbose argument to be given to the test suites. The verbose output will be shown **only** if ctest is run with `-v` parameter The verbose argument is to the test-suites, only when run through `ctest` --- tests/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index dc27979681..16e19a9275 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -31,7 +31,7 @@ function(add_test_suite suite_name) include_directories(${CMAKE_CURRENT_SOURCE_DIR}) add_executable(test_suite_${data_name} test_suite_${data_name}.c) target_link_libraries(test_suite_${data_name} ${libs}) - add_test(${data_name}-suite test_suite_${data_name}) + add_test(${data_name}-suite test_suite_${data_name} --verbose) endfunction(add_test_suite) if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) From 1adcd95a259c14cbb7f2d3525561ab03360e1339 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 09:58:59 +0100 Subject: [PATCH 0034/1059] Zeroize tmp bufs in entropy.c functions --- library/entropy.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index d4d1b27b7f..a500b53127 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -242,7 +242,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source, buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 ) { - return( ret ); + goto cleanup; } /* @@ -256,9 +256,12 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) } if( have_one_strong == 0 ) - return( MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE ); + ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; - return( 0 ); +cleanup: + mbedtls_zeroize( buf, sizeof( buf ) ); + + return( ret ); } /* @@ -370,6 +373,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) ret = 0; exit: + mbedtls_zeroize( buf, sizeof( buf ) ); + #if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); @@ -393,9 +398,9 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) /* Manually update the remaining stream with a separator value to diverge */ memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); - mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); - return( 0 ); + return( ret ); } #endif /* MBEDTLS_ENTROPY_NV_SEED */ @@ -421,12 +426,15 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p ret = 0; exit: + mbedtls_zeroize( buf, sizeof( buf ) ); + fclose( f ); return( ret ); } int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ) { + int ret = 0; FILE *f; size_t n; unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ]; @@ -442,14 +450,16 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * n = MBEDTLS_ENTROPY_MAX_SEED_SIZE; if( fread( buf, 1, n, f ) != n ) - { - fclose( f ); - return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); - } + ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; + else + ret = mbedtls_entropy_update_manual( ctx, buf, n ); fclose( f ); - mbedtls_entropy_update_manual( ctx, buf, n ); + mbedtls_zeroize( buf, sizeof( buf ) ); + + if( ret != 0 ) + return( ret ); return( mbedtls_entropy_write_seed_file( ctx, path ) ); } From 3fee7593a968f7f8a306501d5ea3e5e76a56669a Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 10:22:24 +0100 Subject: [PATCH 0035/1059] Zeroize tmp bufs in hmac_drbg.c functions --- library/hmac_drbg.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index bf5f9b5bd3..24c609e9ce 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -364,11 +364,14 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha exit: fclose( f ); + mbedtls_zeroize( buf, sizeof( buf ) ); + return( ret ); } int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) { + int ret = 0; FILE *f; size_t n; unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ]; @@ -387,14 +390,16 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch } if( fread( buf, 1, n, f ) != n ) - { - fclose( f ); - return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR ); - } + ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; + else + mbedtls_hmac_drbg_update( ctx, buf, n ); fclose( f ); - mbedtls_hmac_drbg_update( ctx, buf, n ); + mbedtls_zeroize( buf, sizeof( buf ) ); + + if( ret != 0 ) + return( ret ); return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) ); } From 1f2666f9ec38ad5b44b30202241fd30789ecc48d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 10:36:20 +0100 Subject: [PATCH 0036/1059] Zeroize return buf on failure in pkparse.c --- library/pkparse.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index efdf437466..06bde5317c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -101,7 +101,10 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) if( fread( *buf, 1, *n, f ) != *n ) { fclose( f ); + + mbedtls_zeroize( *buf, *n ); mbedtls_free( *buf ); + return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); } From 13f41e1c20a4a2ed81af332a4be32bd8265fc073 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 10:56:58 +0100 Subject: [PATCH 0037/1059] Zeroize tmp bufs in ctr_drbg.c functions --- library/ctr_drbg.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 55612c7fc9..7828c4e371 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -430,12 +430,11 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char goto exit; if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT ) - { ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; - goto exit; - } + else + ret = 0; - ret = 0; + mbedtls_zeroize( buf, sizeof( buf ) ); exit: fclose( f ); @@ -444,6 +443,7 @@ exit: int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ) { + int ret = 0; FILE *f; size_t n; unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ]; @@ -456,20 +456,18 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char fseek( f, 0, SEEK_SET ); if( n > MBEDTLS_CTR_DRBG_MAX_INPUT ) - { - fclose( f ); - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - } - - if( fread( buf, 1, n, f ) != n ) - { - fclose( f ); - return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); - } + ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; + else if( fread( buf, 1, n, f ) != n ) + ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; + else + mbedtls_ctr_drbg_update( ctx, buf, n ); fclose( f ); - mbedtls_ctr_drbg_update( ctx, buf, n ); + mbedtls_zeroize( buf, sizeof( buf ) ); + + if( ret != 0 ) + return( ret ); return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) ); } From 79a2e7ef069d6420070562e2fd8a9802fa3aa6ff Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 11:10:22 +0100 Subject: [PATCH 0038/1059] Zeroize return buf on failure in platform.c --- library/platform.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/platform.c b/library/platform.c index 8b336c38ec..441298bdee 100644 --- a/library/platform.c +++ b/library/platform.c @@ -228,12 +228,13 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) size_t n; if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL ) - return -1; + return( -1 ); if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) { fclose( file ); - return -1; + mbedtls_zeroize( buf, buf_len ); + return( -1 ); } fclose( file ); From 7351e124108f048c1fd526c5189f2945ad750bcf Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 11:20:02 +0100 Subject: [PATCH 0039/1059] Zeroize tmp buf in mbedtls_mpi_fill_random() --- library/bignum.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/bignum.c b/library/bignum.c index d3a150c3c1..bd8280b6f1 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -63,6 +63,10 @@ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; } +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -1882,6 +1886,8 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) ); cleanup: + mbedtls_zeroize( buf, sizeof( buf ) ); + return( ret ); } From a00498819f16f2d4970e598537791fb05f28ebe2 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 11:35:17 +0100 Subject: [PATCH 0040/1059] Zeroize old psk buf when changing value in ssl_tls --- library/ssl_tls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065b..9b5fccb5ca 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6051,6 +6051,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, if( conf->psk != NULL || conf->psk_identity != NULL ) { + mbedtls_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); mbedtls_free( conf->psk_identity ); conf->psk = NULL; @@ -6086,7 +6087,10 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( ssl->handshake->psk != NULL ) + { + mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len ); mbedtls_free( ssl->handshake->psk ); + } if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); From 03d70504ca3bf06a5c2bd6ad948effb25c59ed7f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 11:44:54 +0100 Subject: [PATCH 0041/1059] Zeroize heap buf on failure in pem.c --- library/pem.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pem.c b/library/pem.c index 8dd86a4ac9..a09257cc7c 100644 --- a/library/pem.c +++ b/library/pem.c @@ -341,6 +341,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) if( pwd == NULL ) { + mbedtls_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } @@ -369,10 +370,12 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { + mbedtls_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); } #else + mbedtls_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && From 59e6963a37a615b137ee4f9824f798dc704fdd96 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 13:26:58 +0100 Subject: [PATCH 0042/1059] Prevent clever optimization to prematurely quit loop in safe memcmp The previous version of `mbedtls_ssl_safer_memcmp` did not qualify the pointers to the arrays to be compared as volatile, theoretically opening the possibility for the compiler to notice that the loop operation `diff |= A[i] ^ B[i]` is pointless if `diff = -1`. This commit changes this. It also declares the stack variable `diff` as volatile, to force read and write in every loop; omitting that, the compiler would still be allowed to get away with reading `A[i]` and `B[i]` but not doing the XOR and not updating `diff`. --- include/mbedtls/ssl_internal.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 756360b181..8d3ab61ef9 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -600,9 +600,9 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) { size_t i; - const unsigned char *A = (const unsigned char *) a; - const unsigned char *B = (const unsigned char *) b; - unsigned char diff = 0; + volatile const unsigned char *A = (volatile const unsigned char *) a; + volatile const unsigned char *B = (volatile const unsigned char *) b; + volatile unsigned char diff = 0; for( i = 0; i < n; i++ ) diff |= A[i] ^ B[i]; From 83c9f495ffe70c7dd280b41fdfd4881485a3bc28 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 13:52:14 +0100 Subject: [PATCH 0043/1059] Prevent bounds check bypass through overflow in PSK identity parsing The check `if( *p + n > end )` in `ssl_parse_client_psk_identity` is unsafe because `*p + n` might overflow, thus bypassing the check. As `n` is a user-specified value up to 65K, this is relevant if the library happens to be located in the last 65K of virtual memory. This commit replaces the check by a safe version. --- library/ssl_srv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce6..97d7a9e80b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3436,7 +3436,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha /* * Receive client pre-shared key identity name */ - if( *p + 2 > end ) + if( end - *p < 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); @@ -3445,7 +3445,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha n = ( (*p)[0] << 8 ) | (*p)[1]; *p += 2; - if( n < 1 || n > 65535 || *p + n > end ) + if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); From 53c77cccc9ddb7e54f1c887cab7fcac57d68c343 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Jun 2017 16:15:06 +0100 Subject: [PATCH 0044/1059] Initialise pointers to avoid IAR compiler warnings --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe1..04ce8f7289 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2258,7 +2258,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) int ret; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; - unsigned char *p, *end; + unsigned char *p = NULL, *end = NULL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); From 79ae065117761fb32dd5b04a1f6800f0cb722e38 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Jun 2017 16:17:54 +0100 Subject: [PATCH 0045/1059] Add ChangeLog entry for IAR compilation warnings --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 84a05d0035..46acda75f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x released xxxx-xx-xx + +Bugfix + * Fix variable used before assignment compilation warnings with IAR + toolchain. Found by gkerrien38. + = mbed TLS 2.5.1 released xxxx-xx-xx Security From 4e2c07c6e10737cd780df8bb84c9795cecae3ab4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Jun 2017 16:57:26 +0100 Subject: [PATCH 0046/1059] Zeroize tmp buf in ctr_drbg_write_seed_file() --- library/ctr_drbg.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 7828c4e371..a31f7b816d 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -434,9 +434,9 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char else ret = 0; +exit: mbedtls_zeroize( buf, sizeof( buf ) ); -exit: fclose( f ); return( ret ); } @@ -456,8 +456,12 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char fseek( f, 0, SEEK_SET ); if( n > MBEDTLS_CTR_DRBG_MAX_INPUT ) - ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; - else if( fread( buf, 1, n, f ) != n ) + { + fclose( f ); + return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + } + + if( fread( buf, 1, n, f ) != n ) ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; else mbedtls_ctr_drbg_update( ctx, buf, n ); From 034ea7e754e74a94945e25615aea8f39e9e06222 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 28 Apr 2017 15:14:50 +0100 Subject: [PATCH 0047/1059] Add int return values to SHA1 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_sha1() * mbedtls_sha1_starts() * mbedtls_sha1_update() * mbedtls_sha1_finish() * mbedtls_sha1_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/sha1.h | 132 +++++++++++++++++++++++++++++++++++++++-- library/sha1.c | 90 ++++++++++++++++++++-------- 2 files changed, 192 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 7a67c6c1fb..9dde5b89e9 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_SHA1_ALT) // Regular implementation // @@ -78,8 +83,10 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * \brief SHA-1 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); +int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ); /** * \brief SHA-1 process buffer @@ -87,19 +94,103 @@ void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); * \param ctx SHA-1 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-1 final digest * * \param ctx SHA-1 context * \param output SHA-1 checksum result + * + * \return 0 if successful */ -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ); +int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, + unsigned char output[20] ); -/* Internal use */ -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); +/** + * \brief SHA-1 process data block (internal use only) + * + * \param ctx SHA-1 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_sha1_process_ext( mbedtls_sha1_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief SHA-1 context setup + * + * \deprecated Superseded by mbedtls_sha1_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( + mbedtls_sha1_context *ctx ) +{ + mbedtls_sha1_starts_ext( ctx ); +} + +/** + * \brief SHA-1 process buffer + * + * \deprecated Superseded by mbedtls_sha1_update_ext() in 2.5.0 + * + * \param ctx SHA-1 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( + mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha1_update_ext( ctx, input, ilen ); +} + +/** + * \brief SHA-1 final digest + * + * \deprecated Superseded by mbedtls_sha1_finish_ext() in 2.5.0 + * + * \param ctx SHA-1 context + * \param output SHA-1 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( + mbedtls_sha1_context *ctx, + unsigned char output[20] ) +{ + mbedtls_sha1_finish_ext( ctx, output ); +} + +/** + * \brief SHA-1 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_sha1_process_ext() in 2.5.0 + * + * \param ctx SHA-1 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process( + mbedtls_sha1_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_sha1_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -119,8 +210,37 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result + * + * \return 0 if successful */ -void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); +int mbedtls_sha1_ext( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = SHA-1( input buffer ) + * + * \deprecated Superseded by mbedtls_sha1_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-1 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, + size_t ilen, + unsigned char output[20] ) +{ + mbedtls_sha1_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/sha1.c b/library/sha1.c index 2ccf2a2f52..d2ec8bae9d 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -97,7 +97,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) +int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -107,10 +107,13 @@ void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; + + return( 0 ); } #if !defined(MBEDTLS_SHA1_PROCESS_ALT) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) +int mbedtls_sha1_process_ext( mbedtls_sha1_context *ctx, + const unsigned char data[64] ) { uint32_t temp, W[16], A, B, C, D, E; @@ -264,19 +267,24 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6 ctx->state[2] += C; ctx->state[3] += D; ctx->state[4] += E; + + return( 0 ); } #endif /* !MBEDTLS_SHA1_PROCESS_ALT */ /* * SHA-1 process buffer */ -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -290,7 +298,10 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha1_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_sha1_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -298,13 +309,17 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, while( ilen >= 64 ) { - mbedtls_sha1_process( ctx, input ); + if( ( ret = mbedtls_sha1_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } if( ilen > 0 ) memcpy( (void *) (ctx->buffer + left), input, ilen ); + + return( 0 ); } static const unsigned char sha1_padding[64] = @@ -318,8 +333,10 @@ static const unsigned char sha1_padding[64] = /* * SHA-1 final digest */ -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) +int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, + unsigned char output[20] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -334,14 +351,18 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_sha1_update( ctx, sha1_padding, padn ); - mbedtls_sha1_update( ctx, msglen, 8 ); + if( ( ret = mbedtls_sha1_update_ext( ctx, sha1_padding, padn ) ) != 0 ) + return( ret ); + if( ( ret = mbedtls_sha1_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); PUT_UINT32_BE( ctx->state[1], output, 4 ); PUT_UINT32_BE( ctx->state[2], output, 8 ); PUT_UINT32_BE( ctx->state[3], output, 12 ); PUT_UINT32_BE( ctx->state[4], output, 16 ); + + return( 0 ); } #endif /* !MBEDTLS_SHA1_ALT */ @@ -349,15 +370,27 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) /* * output = SHA-1( input buffer ) */ -void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) +int mbedtls_sha1_ext( const unsigned char *input, + size_t ilen, + unsigned char output[20] ) { + int ret; mbedtls_sha1_context ctx; mbedtls_sha1_init( &ctx ); - mbedtls_sha1_starts( &ctx ); - mbedtls_sha1_update( &ctx, input, ilen ); - mbedtls_sha1_finish( &ctx, output ); + + if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha1_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha1_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_sha1_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -406,29 +439,30 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); - mbedtls_sha1_starts( &ctx ); + if( mbedtls_sha1_starts_ext( &ctx ) != 0 ) + goto fail; if( i == 2 ) { memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - mbedtls_sha1_update( &ctx, buf, buflen ); + { + if( mbedtls_sha1_update_ext( &ctx, buf, buflen ) != 0 ) + goto fail; + } } else - mbedtls_sha1_update( &ctx, sha1_test_buf[i], - sha1_test_buflen[i] ); + { + if( mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i], + sha1_test_buflen[i] ) != 0 ) + goto fail; + } - mbedtls_sha1_finish( &ctx, sha1sum ); + mbedtls_sha1_finish_ext( &ctx, sha1sum ); if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; goto exit; - } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -437,6 +471,14 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); + goto exit; + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + ret = 1; + exit: mbedtls_sha1_free( &ctx ); From 1d85213602167ddfed3e5b52c2916321e1688dbf Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 28 Apr 2017 16:21:40 +0100 Subject: [PATCH 0048/1059] Add int return values to MD2 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_md2() * mbedtls_md2_starts() * mbedtls_md2_update() * mbedtls_md2_finish() * mbedtls_md2_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/md2.h | 130 +++++++++++++++++++++++++++++++++++++++--- library/md2.c | 69 ++++++++++++++++------ 2 files changed, 173 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 0f93fbf427..1f3b107730 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -31,6 +31,11 @@ #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_MD2_ALT) // Regular implementation // @@ -78,8 +83,10 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, * \brief MD2 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_md2_starts( mbedtls_md2_context *ctx ); +int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ); /** * \brief MD2 process buffer @@ -87,16 +94,99 @@ void mbedtls_md2_starts( mbedtls_md2_context *ctx ); * \param ctx MD2 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD2 final digest * * \param ctx MD2 context * \param output MD2 checksum result + * + * \return 0 if successful */ -void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ); +int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, + unsigned char output[16] ); + +/** + * \brief MD2 process data block (internal use only) + * + * \param ctx MD2 context + * + * \return 0 if successful + */ +int mbedtls_md2_process_ext( mbedtls_md2_context *ctx ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief MD2 context setup + * + * \deprecated Superseded by mbedtls_md2_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( + mbedtls_md2_context *ctx ) +{ + mbedtls_md2_starts_ext( ctx ); +} + +/** + * \brief MD2 process buffer + * + * \deprecated Superseded by mbedtls_md2_update_ext() in 2.5.0 + * + * \param ctx MD2 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( + mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md2_update_ext( ctx, input, ilen ); +} + +/** + * \brief MD2 final digest + * + * \deprecated Superseded by mbedtls_md2_finish_ext() in 2.5.0 + * + * \param ctx MD2 context + * \param output MD2 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( + mbedtls_md2_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md2_finish_ext( ctx, output ); +} + +/** + * \brief MD2 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_md2_process_ext() in 2.5.0 + * + * \param ctx MD2 context + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2_process( + mbedtls_md2_context *ctx ) +{ + mbedtls_md2_process_ext( ctx ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -117,7 +207,36 @@ extern "C" { * \param ilen length of the input data * \param output MD2 checksum result */ -void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ); +int mbedtls_md2_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = MD2( input buffer ) + * + * \deprecated Superseded by mbedtls_md2() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD2 checksum result + * + * \return 0 if successful + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md2_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine @@ -126,9 +245,6 @@ void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[ */ int mbedtls_md2_self_test( int verbose ); -/* Internal use */ -void mbedtls_md2_process( mbedtls_md2_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/md2.c b/library/md2.c index 95cbcce658..7dd2b6bcbb 100644 --- a/library/md2.c +++ b/library/md2.c @@ -105,16 +105,18 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, /* * MD2 context setup */ -void mbedtls_md2_starts( mbedtls_md2_context *ctx ) +int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ) { memset( ctx->cksum, 0, 16 ); memset( ctx->state, 0, 46 ); memset( ctx->buffer, 0, 16 ); ctx->left = 0; + + return( 0 ); } #if !defined(MBEDTLS_MD2_PROCESS_ALT) -void mbedtls_md2_process( mbedtls_md2_context *ctx ) +int mbedtls_md2_process_ext( mbedtls_md2_context *ctx ) { int i, j; unsigned char t = 0; @@ -146,14 +148,19 @@ void mbedtls_md2_process( mbedtls_md2_context *ctx ) ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] ); t = ctx->cksum[i]; } + + return( 0 ); } #endif /* !MBEDTLS_MD2_PROCESS_ALT */ /* * MD2 process buffer */ -void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; while( ilen > 0 ) @@ -172,16 +179,21 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s if( ctx->left == 16 ) { ctx->left = 0; - mbedtls_md2_process( ctx ); + if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + return( ret ); } } + + return( 0 ); } /* * MD2 final digest */ -void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) +int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, + unsigned char output[16] ) { + int ret; size_t i; unsigned char x; @@ -190,12 +202,16 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) for( i = ctx->left; i < 16; i++ ) ctx->buffer[i] = x; - mbedtls_md2_process( ctx ); + if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + return( ret ); memcpy( ctx->buffer, ctx->cksum, 16 ); - mbedtls_md2_process( ctx ); + if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + return( ret ); memcpy( output, ctx->state, 16 ); + + return( 0 ); } #endif /* !MBEDTLS_MD2_ALT */ @@ -203,15 +219,28 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) /* * output = MD2( input buffer ) */ -void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md2_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) { + int ret; mbedtls_md2_context ctx; mbedtls_md2_init( &ctx ); - mbedtls_md2_starts( &ctx ); - mbedtls_md2_update( &ctx, input, ilen ); - mbedtls_md2_finish( &ctx, output ); + + if( ( ret = mbedtls_md2_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md2_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md2_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + + mbedtls_md2_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -262,16 +291,12 @@ int mbedtls_md2_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD2 test #%d: ", i + 1 ); - mbedtls_md2( (unsigned char *) md2_test_str[i], - strlen( md2_test_str[i] ), md2sum ); + if( mbedtls_md2_ext( (unsigned char *)md2_test_str[i], + strlen( md2_test_str[i] ), md2sum ) != 0 ) + goto fail; if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -281,6 +306,12 @@ int mbedtls_md2_self_test( int verbose ) mbedtls_printf( "\n" ); return( 0 ); + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); } #endif /* MBEDTLS_SELF_TEST */ From bee0635b1593d879504e04136c3d10ce36cd6e34 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 28 Apr 2017 17:00:30 +0100 Subject: [PATCH 0049/1059] Add int return values to MD4 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_md4() * mbedtls_md4_starts() * mbedtls_md4_update() * mbedtls_md4_finish() * mbedtls_md4_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/md4.h | 134 +++++++++++++++++++++++++++++++++++++++--- library/md4.c | 80 ++++++++++++++++++------- 2 files changed, 186 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 45214d41d9..7968b69a0c 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_MD4_ALT) // Regular implementation // @@ -78,8 +83,10 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, * \brief MD4 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_md4_starts( mbedtls_md4_context *ctx ); +int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ); /** * \brief MD4 process buffer @@ -87,16 +94,103 @@ void mbedtls_md4_starts( mbedtls_md4_context *ctx ); * \param ctx MD4 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD4 final digest * * \param ctx MD4 context * \param output MD4 checksum result + * + * \return 0 if successful */ -void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ); +int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, + unsigned char output[16] ); + +/** + * \brief MD4 process data block (internal use only) + * + * \param ctx MD4 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_md4_process_ext( mbedtls_md4_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief MD4 context setup + * + * \deprecated Superseded by mbedtls_md4_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( + mbedtls_md4_context *ctx ) +{ + mbedtls_md4_starts_ext( ctx ); +} + +/** + * \brief MD4 process buffer + * + * \deprecated Superseded by mbedtls_md4_update_ext() in 2.5.0 + * + * \param ctx MD4 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( + mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md4_update_ext( ctx, input, ilen ); +} + +/** + * \brief MD4 final digest + * + * \deprecated Superseded by mbedtls_md4_finish_ext() in 2.5.0 + * + * \param ctx MD4 context + * \param output MD4 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( + mbedtls_md4_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md4_finish_ext( ctx, output ); +} + +/** + * \brief MD4 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_md4_process_ext() in 2.5.0 + * + * \param ctx MD4 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4_process( + mbedtls_md4_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_md4_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -116,8 +210,37 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output MD4 checksum result + * + * \return 0 if successful */ -void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ); +int mbedtls_md4_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = MD4( input buffer ) + * + * \deprecated Superseded by mbedtls_md4_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD4 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md4_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine @@ -126,9 +249,6 @@ void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[ */ int mbedtls_md4_self_test( int verbose ); -/* Internal use */ -void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ); - #ifdef __cplusplus } #endif diff --git a/library/md4.c b/library/md4.c index 11a77e3ae4..9239b6344e 100644 --- a/library/md4.c +++ b/library/md4.c @@ -98,7 +98,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, /* * MD4 context setup */ -void mbedtls_md4_starts( mbedtls_md4_context *ctx ) +int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -107,10 +107,13 @@ void mbedtls_md4_starts( mbedtls_md4_context *ctx ) ctx->state[1] = 0xEFCDAB89; ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; + + return( 0 ); } #if !defined(MBEDTLS_MD4_PROCESS_ALT) -void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ) +int mbedtls_md4_process_ext( mbedtls_md4_context *ctx, + const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -211,19 +214,24 @@ void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ctx->state[1] += B; ctx->state[2] += C; ctx->state[3] += D; + + return( 0 ); } #endif /* !MBEDTLS_MD4_PROCESS_ALT */ /* * MD4 process buffer */ -void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -238,7 +246,10 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s { memcpy( (void *) (ctx->buffer + left), (void *) input, fill ); - mbedtls_md4_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_md4_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -246,7 +257,9 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s while( ilen >= 64 ) { - mbedtls_md4_process( ctx, input ); + if( ( ret = mbedtls_md4_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } @@ -256,6 +269,8 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s memcpy( (void *) (ctx->buffer + left), (void *) input, ilen ); } + + return( 0 ); } static const unsigned char md4_padding[64] = @@ -269,8 +284,10 @@ static const unsigned char md4_padding[64] = /* * MD4 final digest */ -void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) +int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, + unsigned char output[16] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -285,13 +302,20 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_md4_update( ctx, (unsigned char *) md4_padding, padn ); - mbedtls_md4_update( ctx, msglen, 8 ); + ret = mbedtls_md4_update_ext( ctx, (unsigned char *)md4_padding, padn ); + if( ret != 0 ) + return( ret ); + + if( ( ret = mbedtls_md4_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); + PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); PUT_UINT32_LE( ctx->state[2], output, 8 ); PUT_UINT32_LE( ctx->state[3], output, 12 ); + + return( 0 ); } #endif /* !MBEDTLS_MD4_ALT */ @@ -299,15 +323,27 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) /* * output = MD4( input buffer ) */ -void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md4_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) { + int ret; mbedtls_md4_context ctx; mbedtls_md4_init( &ctx ); - mbedtls_md4_starts( &ctx ); - mbedtls_md4_update( &ctx, input, ilen ); - mbedtls_md4_finish( &ctx, output ); + + if( ( ret = mbedtls_md4_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md4_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md4_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_md4_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -358,16 +394,12 @@ int mbedtls_md4_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD4 test #%d: ", i + 1 ); - mbedtls_md4( (unsigned char *) md4_test_str[i], - strlen( md4_test_str[i] ), md4sum ); + if( mbedtls_md4_ext( (unsigned char *) md4_test_str[i], + strlen( md4_test_str[i] ), md4sum ) != 0 ) + goto fail; if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -377,6 +409,12 @@ int mbedtls_md4_self_test( int verbose ) mbedtls_printf( "\n" ); return( 0 ); + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); } #endif /* MBEDTLS_SELF_TEST */ From 2cfd7a982cd8de8a091104c081f61135b4487e47 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 10:19:27 +0100 Subject: [PATCH 0050/1059] Add int return values to MD5 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_md5() * mbedtls_md5_starts() * mbedtls_md5_update() * mbedtls_md5_finish() * mbedtls_md5_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/md5.h | 127 ++++++++++++++++++++++++++++++++++++++++-- library/md5.c | 76 ++++++++++++++++++------- 2 files changed, 177 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 5a64061aa0..7ecf49f906 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -78,8 +78,10 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, * \brief MD5 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_md5_starts( mbedtls_md5_context *ctx ); +int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ); /** * \brief MD5 process buffer @@ -87,19 +89,103 @@ void mbedtls_md5_starts( mbedtls_md5_context *ctx ); * \param ctx MD5 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD5 final digest * * \param ctx MD5 context * \param output MD5 checksum result + * + * \return 0 if successful */ -void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ); +int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, + unsigned char output[16] ); -/* Internal use */ -void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); +/** + * \brief MD5 process data block (internal use only) + * + * \param ctx MD5 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_md5_process_ext( mbedtls_md5_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief MD5 context setup + * + * \deprecated Superseded by mbedtls_md5_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( + mbedtls_md5_context *ctx ) +{ + mbedtls_md5_starts_ext( ctx ); +} + +/** + * \brief MD5 process buffer + * + * \deprecated Superseded by mbedtls_md5_update_ext() in 2.5.0 + * + * \param ctx MD5 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( + mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md5_update_ext( ctx, input, ilen ); +} + +/** + * \brief MD5 final digest + * + * \deprecated Superseded by mbedtls_md5_finish_ext() in 2.5.0 + * + * \param ctx MD5 context + * \param output MD5 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( + mbedtls_md5_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md5_finish_ext( ctx, output ); +} + +/** + * \brief MD5 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_md5_process_ext() in 2.5.0 + * + * \param ctx MD5 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5_process( + mbedtls_md5_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_md5_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -119,8 +205,37 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output MD5 checksum result + * + * \return 0 if successful */ -void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ); +int mbedtls_md5_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = MD5( input buffer ) + * + * \deprecated Superseded by mbedtls_md5_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD5 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md5_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/md5.c b/library/md5.c index 5d972dc9dd..dd046af853 100644 --- a/library/md5.c +++ b/library/md5.c @@ -97,7 +97,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, /* * MD5 context setup */ -void mbedtls_md5_starts( mbedtls_md5_context *ctx ) +int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -106,10 +106,13 @@ void mbedtls_md5_starts( mbedtls_md5_context *ctx ) ctx->state[1] = 0xEFCDAB89; ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; + + return( 0 ); } #if !defined(MBEDTLS_MD5_PROCESS_ALT) -void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) +int mbedtls_md5_process_ext( mbedtls_md5_context *ctx, + const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -230,19 +233,24 @@ void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ctx->state[1] += B; ctx->state[2] += C; ctx->state[3] += D; + + return( 0 ); } #endif /* !MBEDTLS_MD5_PROCESS_ALT */ /* * MD5 process buffer */ -void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -256,7 +264,9 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_md5_process( ctx, ctx->buffer ); + if( ( ret = mbedtls_md5_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -264,7 +274,9 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s while( ilen >= 64 ) { - mbedtls_md5_process( ctx, input ); + if( ( ret = mbedtls_md5_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } @@ -273,6 +285,8 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s { memcpy( (void *) (ctx->buffer + left), input, ilen ); } + + return( 0 ); } static const unsigned char md5_padding[64] = @@ -286,8 +300,10 @@ static const unsigned char md5_padding[64] = /* * MD5 final digest */ -void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) +int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, + unsigned char output[16] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -302,13 +318,18 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_md5_update( ctx, md5_padding, padn ); - mbedtls_md5_update( ctx, msglen, 8 ); + if( ( ret = mbedtls_md5_update_ext( ctx, md5_padding, padn ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md5_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); PUT_UINT32_LE( ctx->state[2], output, 8 ); PUT_UINT32_LE( ctx->state[3], output, 12 ); + + return( 0 ); } #endif /* !MBEDTLS_MD5_ALT */ @@ -316,15 +337,27 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) /* * output = MD5( input buffer ) */ -void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md5_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) { + int ret; mbedtls_md5_context ctx; mbedtls_md5_init( &ctx ); - mbedtls_md5_starts( &ctx ); - mbedtls_md5_update( &ctx, input, ilen ); - mbedtls_md5_finish( &ctx, output ); + + if( ( ret = mbedtls_md5_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md5_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md5_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_md5_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -379,15 +412,12 @@ int mbedtls_md5_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD5 test #%d: ", i + 1 ); - mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum ); + if( mbedtls_md5_ext( md5_test_buf[i], + md5_test_buflen[i], md5sum ) != 0 ) + goto fail; if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -397,6 +427,12 @@ int mbedtls_md5_self_test( int verbose ) mbedtls_printf( "\n" ); return( 0 ); + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); } #endif /* MBEDTLS_SELF_TEST */ From b1a8bf9725501333ffe535c6a5bce8d08bd6167b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 10:59:46 +0100 Subject: [PATCH 0051/1059] Add int return values to RIPEMD-160 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_ripemd160() * mbedtls_ripemd160_starts() * mbedtls_ripemd160_update() * mbedtls_ripemd160_finish() * mbedtls_ripemd160_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/ripemd160.h | 135 +++++++++++++++++++++++++++++++++--- library/ripemd160.c | 87 ++++++++++++++++------- 2 files changed, 189 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 7083fc8599..5ef4700c67 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_RIPEMD160_ALT) // Regular implementation // @@ -78,8 +83,10 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, * \brief RIPEMD-160 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ); +int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ); /** * \brief RIPEMD-160 process buffer @@ -87,20 +94,103 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ); * \param ctx RIPEMD-160 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, - const unsigned char *input, size_t ilen ); +int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief RIPEMD-160 final digest * * \param ctx RIPEMD-160 context * \param output RIPEMD-160 checksum result + * + * \return 0 if successful */ -void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] ); +int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, + unsigned char output[20] ); -/* Internal use */ -void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] ); +/** + * \brief RIPEMD-160 process data block (internal use only) + * + * \param ctx RIPEMD-160 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_ripemd160_process_ext( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief RIPEMD-160 context setup + * + * \deprecated Superseded by mbedtls_ripemd160_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( + mbedtls_ripemd160_context *ctx ) +{ + mbedtls_ripemd160_starts_ext( ctx ); +} + +/** + * \brief RIPEMD-160 process buffer + * + * \deprecated Superseded by mbedtls_ripemd160_update_ext() in 2.5.0 + * + * \param ctx RIPEMD-160 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( + mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_ripemd160_update_ext( ctx, input, ilen ); +} + +/** + * \brief RIPEMD-160 final digest + * + * \deprecated Superseded by mbedtls_ripemd160_finish_ext() in 2.5.0 + * + * \param ctx RIPEMD-160 context + * \param output RIPEMD-160 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( + mbedtls_ripemd160_context *ctx, + unsigned char output[20] ) +{ + mbedtls_ripemd160_finish_ext( ctx, output ); +} + +/** + * \brief RIPEMD-160 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_ripemd160_process_ext() in 2.5.0 + * + * \param ctx RIPEMD-160 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process( + mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_ripemd160_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -120,9 +210,38 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output RIPEMD-160 checksum result + * + * \return 0 if successful */ -void mbedtls_ripemd160( const unsigned char *input, size_t ilen, - unsigned char output[20] ); +int mbedtls_ripemd160_ext( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = RIPEMD-160( input buffer ) + * + * \deprecated Superseded by mbedtls_ripemd160_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output RIPEMD-160 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160( + const unsigned char *input, + size_t ilen, + unsigned char output[20] ) +{ + mbedtls_ripemd160_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/ripemd160.c b/library/ripemd160.c index cdb0a63c0f..f1d1f1e9db 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -96,7 +96,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, /* * RIPEMD-160 context setup */ -void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) +int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -106,13 +106,16 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; + + return( 0 ); } #if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT) /* * Process one block */ -void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] ) +int mbedtls_ripemd160_process_ext( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ) { uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; @@ -287,20 +290,24 @@ void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned c ctx->state[3] = ctx->state[4] + A + Bp; ctx->state[4] = ctx->state[0] + B + Cp; ctx->state[0] = C; + + return( 0 ); } #endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */ /* * RIPEMD-160 process buffer */ -void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, - const unsigned char *input, size_t ilen ) +int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -314,7 +321,10 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_ripemd160_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_ripemd160_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -322,7 +332,9 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, while( ilen >= 64 ) { - mbedtls_ripemd160_process( ctx, input ); + if( ( ret = mbedtls_ripemd160_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } @@ -331,6 +343,8 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, ilen ); } + + return( 0 ); } static const unsigned char ripemd160_padding[64] = @@ -344,8 +358,10 @@ static const unsigned char ripemd160_padding[64] = /* * RIPEMD-160 final digest */ -void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] ) +int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, + unsigned char output[20] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -360,29 +376,47 @@ void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char out last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_ripemd160_update( ctx, ripemd160_padding, padn ); - mbedtls_ripemd160_update( ctx, msglen, 8 ); + ret = mbedtls_ripemd160_update_ext( ctx, ripemd160_padding, padn ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ripemd160_update_ext( ctx, msglen, 8 ); + if( ret != 0 ) + return( ret ); PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); PUT_UINT32_LE( ctx->state[2], output, 8 ); PUT_UINT32_LE( ctx->state[3], output, 12 ); PUT_UINT32_LE( ctx->state[4], output, 16 ); + + return( 0 ); } /* * output = RIPEMD-160( input buffer ) */ -void mbedtls_ripemd160( const unsigned char *input, size_t ilen, - unsigned char output[20] ) +int mbedtls_ripemd160_ext( const unsigned char *input, + size_t ilen, + unsigned char output[20] ) { + int ret; mbedtls_ripemd160_context ctx; mbedtls_ripemd160_init( &ctx ); - mbedtls_ripemd160_starts( &ctx ); - mbedtls_ripemd160_update( &ctx, input, ilen ); - mbedtls_ripemd160_finish( &ctx, output ); + + if( ( ret = mbedtls_ripemd160_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ripemd160_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ripemd160_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_ripemd160_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -430,7 +464,7 @@ static const unsigned char ripemd160_test_md[TESTS][20] = */ int mbedtls_ripemd160_self_test( int verbose ) { - int i; + int i, ret; unsigned char output[20]; memset( output, 0, sizeof output ); @@ -440,17 +474,14 @@ int mbedtls_ripemd160_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); - mbedtls_ripemd160( (const unsigned char *) ripemd160_test_input[i], - strlen( ripemd160_test_input[i] ), - output ); + ret = mbedtls_ripemd160_ext( + (const unsigned char *)ripemd160_test_input[i], + strlen( ripemd160_test_input[i] ), output ); + if( ret != 0 ) + goto fail; if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -460,6 +491,12 @@ int mbedtls_ripemd160_self_test( int verbose ) mbedtls_printf( "\n" ); return( 0 ); + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); } #endif /* MBEDTLS_SELF_TEST */ From 72a7f53064e489471a130a06aea0b01a9039899c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 11:38:47 +0100 Subject: [PATCH 0052/1059] Add int return values to SHA-256 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_sha256() * mbedtls_sha256_starts() * mbedtls_sha256_update() * mbedtls_sha256_finish() * mbedtls_sha256_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/sha256.h | 140 ++++++++++++++++++++++++++++++++++++--- library/sha256.c | 97 +++++++++++++++++++-------- 2 files changed, 202 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index f8041adf08..3667e8c109 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_SHA256_ALT) // Regular implementation // @@ -80,8 +85,10 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 + * + * \return 0 if successful */ -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); +int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); /** * \brief SHA-256 process buffer @@ -89,20 +96,105 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); * \param ctx SHA-256 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ); +int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-256 final digest * * \param ctx SHA-256 context * \param output SHA-224/256 checksum result + * + * \return 0 if successful */ -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); +int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, + unsigned char output[32] ); -/* Internal use */ -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); +/** + * \brief SHA-256 process data block (internal use only) + * + * \param ctx SHA-256 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief SHA-256 context setup + * + * \deprecated Superseded by mbedtls_sha256_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( + mbedtls_sha256_context *ctx, + int is224 ) +{ + mbedtls_sha256_starts_ext( ctx, is224 ); +} + +/** + * \brief SHA-256 process buffer + * + * \deprecated Superseded by mbedtls_sha256_update_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( + mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha256_update_ext( ctx, input, ilen ); +} + +/** + * \brief SHA-256 final digest + * + * \deprecated Superseded by mbedtls_sha256_finish_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param output SHA-224/256 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( + mbedtls_sha256_context *ctx, + unsigned char output[32] ) +{ + mbedtls_sha256_finish_ext( ctx, output ); +} + +/** + * \brief SHA-256 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_sha256_process_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( + mbedtls_sha256_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_sha256_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -123,9 +215,41 @@ extern "C" { * \param ilen length of the input data * \param output SHA-224/256 checksum result * \param is224 0 = use SHA256, 1 = use SHA224 + * + * \return 0 if successful */ -void mbedtls_sha256( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ); +int mbedtls_sha256_ext( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = SHA-256( input buffer ) + * + * \deprecated Superseded by mbedtls_sha256_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-224/256 checksum result + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256( + const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ) +{ + mbedtls_sha256_ext( input, ilen, output, is224 ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/sha256.c b/library/sha256.c index ad25d38333..337b8e6437 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -100,7 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -131,6 +131,8 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) } ctx->is224 = is224; + + return( 0 ); } #if !defined(MBEDTLS_SHA256_PROCESS_ALT) @@ -179,7 +181,8 @@ static const uint32_t K[] = d += temp1; h = temp1 + temp2; \ } -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) +int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, + const unsigned char data[64] ) { uint32_t temp1, temp2, W[64]; uint32_t A[8]; @@ -232,20 +235,24 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da for( i = 0; i < 8; i++ ) ctx->state[i] += A[i]; + + return( 0 ); } #endif /* !MBEDTLS_SHA256_PROCESS_ALT */ /* * SHA-256 process buffer */ -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ) +int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -259,7 +266,10 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha256_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_sha256_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -267,13 +277,17 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in while( ilen >= 64 ) { - mbedtls_sha256_process( ctx, input ); + if( ( ret = mbedtls_sha256_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } if( ilen > 0 ) memcpy( (void *) (ctx->buffer + left), input, ilen ); + + return( 0 ); } static const unsigned char sha256_padding[64] = @@ -287,8 +301,10 @@ static const unsigned char sha256_padding[64] = /* * SHA-256 final digest */ -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) +int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, + unsigned char output[32] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -303,8 +319,11 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_sha256_update( ctx, sha256_padding, padn ); - mbedtls_sha256_update( ctx, msglen, 8 ); + if( ( ret = mbedtls_sha256_update_ext( ctx, sha256_padding, padn ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); PUT_UINT32_BE( ctx->state[1], output, 4 ); @@ -316,6 +335,8 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 if( ctx->is224 == 0 ) PUT_UINT32_BE( ctx->state[7], output, 28 ); + + return( 0 ); } #endif /* !MBEDTLS_SHA256_ALT */ @@ -323,16 +344,28 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 /* * output = SHA-256( input buffer ) */ -void mbedtls_sha256( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ) +int mbedtls_sha256_ext( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ) { + int ret; mbedtls_sha256_context ctx; mbedtls_sha256_init( &ctx ); - mbedtls_sha256_starts( &ctx, is224 ); - mbedtls_sha256_update( &ctx, input, ilen ); - mbedtls_sha256_finish( &ctx, output ); + + if( ( ret = mbedtls_sha256_starts_ext( &ctx, is224 ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_sha256_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -415,29 +448,31 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - mbedtls_sha256_starts( &ctx, k ); + if( mbedtls_sha256_starts_ext( &ctx, k ) != 0 ) + goto fail; if( j == 2 ) { memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - mbedtls_sha256_update( &ctx, buf, buflen ); + if( mbedtls_sha256_update_ext( &ctx, buf, buflen ) != 0 ) + goto fail; + } else - mbedtls_sha256_update( &ctx, sha256_test_buf[j], - sha256_test_buflen[j] ); + { + if( mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], + sha256_test_buflen[j] ) != 0 ) + goto fail; + } + + if( mbedtls_sha256_finish_ext( &ctx, sha256sum ) != 0 ) + goto fail; - mbedtls_sha256_finish( &ctx, sha256sum ); if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -446,6 +481,14 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); + goto exit; + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + ret = 1; + exit: mbedtls_sha256_free( &ctx ); mbedtls_free( buf ); From 614c689e0548b07a014da93f34fa0f1b147ea369 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 12:07:26 +0100 Subject: [PATCH 0053/1059] Add int return values to SHA-512 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_sha512() * mbedtls_sha512_starts() * mbedtls_sha512_update() * mbedtls_sha512_finish() * mbedtls_sha512_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/sha512.h | 142 ++++++++++++++++++++++++++++++++++++--- library/sha512.c | 95 ++++++++++++++++++-------- 2 files changed, 201 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 627694f425..3049110ab9 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_SHA512_ALT) // Regular implementation // @@ -80,8 +85,10 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * * \param ctx context to be initialized * \param is384 0 = use SHA512, 1 = use SHA384 + * + * \return 0 if successful */ -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); +int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ); /** * \brief SHA-512 process buffer @@ -89,17 +96,105 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); * \param ctx SHA-512 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ); +int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-512 final digest * * \param ctx SHA-512 context * \param output SHA-384/512 checksum result + * + * \return 0 if successful */ -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ); +int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, + unsigned char output[64] ); + +/** + * \brief SHA-512 process data block (internal use only) + * + * \param ctx SHA-512 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_sha512_process_ext( mbedtls_sha512_context *ctx, + const unsigned char data[128] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief SHA-512 context setup + * + * \deprecated Superseded by mbedtls_sha512_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( + mbedtls_sha512_context *ctx, + int is384 ) +{ + mbedtls_sha512_starts_ext( ctx, is384 ); +} + +/** + * \brief SHA-512 process buffer + * + * \deprecated Superseded by mbedtls_sha512_update_ext() in 2.5.0 + * + * \param ctx SHA-512 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( + mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha512_update_ext( ctx, input, ilen ); +} + +/** + * \brief SHA-512 final digest + * + * \deprecated Superseded by mbedtls_sha512_finish_ext() in 2.5.0 + * + * \param ctx SHA-512 context + * \param output SHA-384/512 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( + mbedtls_sha512_context *ctx, + unsigned char output[64] ) +{ + mbedtls_sha512_finish_ext( ctx, output ); +} + +/** + * \brief SHA-512 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_sha512_process_ext() in 2.5.0 + * + * \param ctx SHA-512 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process( + mbedtls_sha512_context *ctx, + const unsigned char data[128] ) +{ + mbedtls_sha512_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -120,9 +215,41 @@ extern "C" { * \param ilen length of the input data * \param output SHA-384/512 checksum result * \param is384 0 = use SHA512, 1 = use SHA384 + * + * \return 0 if successful */ -void mbedtls_sha512( const unsigned char *input, size_t ilen, - unsigned char output[64], int is384 ); +int mbedtls_sha512_ext( const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = SHA-512( input buffer ) + * + * \deprecated Superseded by mbedtls_sha512_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-384/512 checksum result + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512( + const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ) +{ + mbedtls_sha512_ext( input, ilen, output, is384 ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine @@ -131,9 +258,6 @@ void mbedtls_sha512( const unsigned char *input, size_t ilen, */ int mbedtls_sha512_self_test( int verbose ); -/* Internal use */ -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); - #ifdef __cplusplus } #endif diff --git a/library/sha512.c b/library/sha512.c index 724522ac68..74c7533b3f 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -114,7 +114,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) +int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -145,6 +145,8 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) } ctx->is384 = is384; + + return( 0 ); } #if !defined(MBEDTLS_SHA512_PROCESS_ALT) @@ -196,7 +198,8 @@ static const uint64_t K[80] = UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) }; -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) +int mbedtls_sha512_process_ext( mbedtls_sha512_context *ctx, + const unsigned char data[128] ) { int i; uint64_t temp1, temp2, W[80]; @@ -263,20 +266,24 @@ void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char da ctx->state[5] += F; ctx->state[6] += G; ctx->state[7] += H; + + return( 0 ); } #endif /* !MBEDTLS_SHA512_PROCESS_ALT */ /* * SHA-512 process buffer */ -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ) +int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; unsigned int left; if( ilen == 0 ) - return; + return( 0 ); left = (unsigned int) (ctx->total[0] & 0x7F); fill = 128 - left; @@ -289,7 +296,10 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *in if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha512_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_sha512_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -297,13 +307,17 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *in while( ilen >= 128 ) { - mbedtls_sha512_process( ctx, input ); + if( ( ret = mbedtls_sha512_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 128; ilen -= 128; } if( ilen > 0 ) memcpy( (void *) (ctx->buffer + left), input, ilen ); + + return( 0 ); } static const unsigned char sha512_padding[128] = @@ -321,8 +335,10 @@ static const unsigned char sha512_padding[128] = /* * SHA-512 final digest */ -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ) +int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, + unsigned char output[64] ) { + int ret; size_t last, padn; uint64_t high, low; unsigned char msglen[16]; @@ -337,8 +353,11 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 last = (size_t)( ctx->total[0] & 0x7F ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - mbedtls_sha512_update( ctx, sha512_padding, padn ); - mbedtls_sha512_update( ctx, msglen, 16 ); + if( ( ret = mbedtls_sha512_update_ext( ctx, sha512_padding, padn ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha512_update_ext( ctx, msglen, 16 ) ) != 0 ) + return( ret ); PUT_UINT64_BE( ctx->state[0], output, 0 ); PUT_UINT64_BE( ctx->state[1], output, 8 ); @@ -352,6 +371,8 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 PUT_UINT64_BE( ctx->state[6], output, 48 ); PUT_UINT64_BE( ctx->state[7], output, 56 ); } + + return( 0 ); } #endif /* !MBEDTLS_SHA512_ALT */ @@ -359,16 +380,28 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 /* * output = SHA-512( input buffer ) */ -void mbedtls_sha512( const unsigned char *input, size_t ilen, - unsigned char output[64], int is384 ) +int mbedtls_sha512_ext( const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ) { + int ret; mbedtls_sha512_context ctx; mbedtls_sha512_init( &ctx ); - mbedtls_sha512_starts( &ctx, is384 ); - mbedtls_sha512_update( &ctx, input, ilen ); - mbedtls_sha512_finish( &ctx, output ); + + if( ( ret = mbedtls_sha512_starts_ext( &ctx, is384 ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha512_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha512_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_sha512_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -471,29 +504,29 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - mbedtls_sha512_starts( &ctx, k ); + if( mbedtls_sha512_starts_ext( &ctx, k ) != 0 ) + goto fail; if( j == 2 ) { memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - mbedtls_sha512_update( &ctx, buf, buflen ); + if( mbedtls_sha512_update_ext( &ctx, buf, buflen ) != 0 ) + goto fail; } else - mbedtls_sha512_update( &ctx, sha512_test_buf[j], - sha512_test_buflen[j] ); + { + if( mbedtls_sha512_update_ext( &ctx, sha512_test_buf[j], + sha512_test_buflen[j] ) != 0 ) + goto fail; + } - mbedtls_sha512_finish( &ctx, sha512sum ); + if( mbedtls_sha512_finish_ext( &ctx, sha512sum ) != 0 ) + goto fail; if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -502,6 +535,14 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); + goto exit; + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + ret = 1; + exit: mbedtls_sha512_free( &ctx ); mbedtls_free( buf ); From cccfe08530a986a7f8df19df06f2c8b0ee72d1ca Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 10:36:39 +0100 Subject: [PATCH 0054/1059] Rename md process functions with _internal_ --- include/mbedtls/md2.h | 6 +++--- include/mbedtls/md4.h | 8 ++++---- include/mbedtls/md5.h | 8 ++++---- include/mbedtls/ripemd160.h | 8 ++++---- include/mbedtls/sha1.h | 8 ++++---- include/mbedtls/sha256.h | 8 ++++---- include/mbedtls/sha512.h | 8 ++++---- library/md2.c | 8 ++++---- library/md4.c | 8 ++++---- library/md5.c | 8 ++++---- library/ripemd160.c | 8 ++++---- library/sha1.c | 8 ++++---- library/sha256.c | 6 +++--- library/sha512.c | 8 ++++---- 14 files changed, 54 insertions(+), 54 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 1f3b107730..2c133a2aa8 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -119,7 +119,7 @@ int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, * * \return 0 if successful */ -int mbedtls_md2_process_ext( mbedtls_md2_context *ctx ); +int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -175,14 +175,14 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( /** * \brief MD2 process data block (internal use only) * - * \deprecated Superseded by mbedtls_md2_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md2_process() in 2.5.0 * * \param ctx MD2 context */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_process( mbedtls_md2_context *ctx ) { - mbedtls_md2_process_ext( ctx ); + mbedtls_internal_md2_process( ctx ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 7968b69a0c..671c6a4f11 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -120,8 +120,8 @@ int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, * * \return 0 if successful */ -int mbedtls_md4_process_ext( mbedtls_md4_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( /** * \brief MD4 process data block (internal use only) * - * \deprecated Superseded by mbedtls_md4_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md4_process() in 2.5.0 * * \param ctx MD4 context * \param data buffer holding one block of data @@ -186,7 +186,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ) { - mbedtls_md4_process_ext( ctx, data ); + mbedtls_internal_md4_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 7ecf49f906..816d081ab2 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -115,8 +115,8 @@ int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, * * \return 0 if successful */ -int mbedtls_md5_process_ext( mbedtls_md5_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -172,7 +172,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( /** * \brief MD5 process data block (internal use only) * - * \deprecated Superseded by mbedtls_md5_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md5_process() in 2.5.0 * * \param ctx MD5 context * \param data buffer holding one block of data @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) { - mbedtls_md5_process_ext( ctx, data ); + mbedtls_internal_md5_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 5ef4700c67..aea16b3663 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -120,8 +120,8 @@ int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_ripemd160_process_ext( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( /** * \brief RIPEMD-160 process data block (internal use only) * - * \deprecated Superseded by mbedtls_ripemd160_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.5.0 * * \param ctx RIPEMD-160 context * \param data buffer holding one block of data @@ -186,7 +186,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] ) { - mbedtls_ripemd160_process_ext( ctx, data ); + mbedtls_internal_ripemd160_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 9dde5b89e9..47a9f996ff 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -120,8 +120,8 @@ int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, * * \return 0 if successful */ -int mbedtls_sha1_process_ext( mbedtls_sha1_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( /** * \brief SHA-1 process data block (internal use only) * - * \deprecated Superseded by mbedtls_sha1_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.5.0 * * \param ctx SHA-1 context * \param data buffer holding one block of data @@ -186,7 +186,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) { - mbedtls_sha1_process_ext( ctx, data ); + mbedtls_internal_sha1_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 3667e8c109..76555f4fd4 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -122,8 +122,8 @@ int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, * * \return 0 if successful */ -int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( /** * \brief SHA-256 process data block (internal use only) * - * \deprecated Superseded by mbedtls_sha256_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.5.0 * * \param ctx SHA-256 context * \param data buffer holding one block of data @@ -190,7 +190,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) { - mbedtls_sha256_process_ext( ctx, data ); + mbedtls_internal_sha256_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 3049110ab9..0fbdb3b717 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -122,8 +122,8 @@ int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, * * \return 0 if successful */ -int mbedtls_sha512_process_ext( mbedtls_sha512_context *ctx, - const unsigned char data[128] ); +int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, + const unsigned char data[128] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( /** * \brief SHA-512 process data block (internal use only) * - * \deprecated Superseded by mbedtls_sha512_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.5.0 * * \param ctx SHA-512 context * \param data buffer holding one block of data @@ -190,7 +190,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) { - mbedtls_sha512_process_ext( ctx, data ); + mbedtls_internal_sha512_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/library/md2.c b/library/md2.c index 7dd2b6bcbb..a5d768b256 100644 --- a/library/md2.c +++ b/library/md2.c @@ -116,7 +116,7 @@ int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ) } #if !defined(MBEDTLS_MD2_PROCESS_ALT) -int mbedtls_md2_process_ext( mbedtls_md2_context *ctx ) +int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) { int i, j; unsigned char t = 0; @@ -179,7 +179,7 @@ int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, if( ctx->left == 16 ) { ctx->left = 0; - if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) return( ret ); } } @@ -202,11 +202,11 @@ int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, for( i = ctx->left; i < 16; i++ ) ctx->buffer[i] = x; - if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) return( ret ); memcpy( ctx->buffer, ctx->cksum, 16 ); - if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) return( ret ); memcpy( output, ctx->state, 16 ); diff --git a/library/md4.c b/library/md4.c index 9239b6344e..da4df7b141 100644 --- a/library/md4.c +++ b/library/md4.c @@ -112,8 +112,8 @@ int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ) } #if !defined(MBEDTLS_MD4_PROCESS_ALT) -int mbedtls_md4_process_ext( mbedtls_md4_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, + const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -247,7 +247,7 @@ int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, memcpy( (void *) (ctx->buffer + left), (void *) input, fill ); - if( ( ret = mbedtls_md4_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -257,7 +257,7 @@ int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_md4_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/md5.c b/library/md5.c index dd046af853..8150f941db 100644 --- a/library/md5.c +++ b/library/md5.c @@ -111,8 +111,8 @@ int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ) } #if !defined(MBEDTLS_MD5_PROCESS_ALT) -int mbedtls_md5_process_ext( mbedtls_md5_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, + const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -264,7 +264,7 @@ int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_md5_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -274,7 +274,7 @@ int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_md5_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/ripemd160.c b/library/ripemd160.c index f1d1f1e9db..8bf988eae9 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -114,8 +114,8 @@ int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ) /* * Process one block */ -int mbedtls_ripemd160_process_ext( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ) { uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; @@ -322,7 +322,7 @@ int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_ripemd160_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -332,7 +332,7 @@ int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_ripemd160_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/sha1.c b/library/sha1.c index d2ec8bae9d..fdd0878685 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -112,8 +112,8 @@ int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ) } #if !defined(MBEDTLS_SHA1_PROCESS_ALT) -int mbedtls_sha1_process_ext( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ) { uint32_t temp, W[16], A, B, C, D, E; @@ -299,7 +299,7 @@ int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_sha1_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -309,7 +309,7 @@ int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_sha1_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/sha256.c b/library/sha256.c index 337b8e6437..88435a3c4f 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -181,7 +181,7 @@ static const uint32_t K[] = d += temp1; h = temp1 + temp2; \ } -int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, +int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) { uint32_t temp1, temp2, W[64]; @@ -267,7 +267,7 @@ int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_sha256_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -277,7 +277,7 @@ int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_sha256_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/sha512.c b/library/sha512.c index 74c7533b3f..ff7e5ca5b6 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -198,8 +198,8 @@ static const uint64_t K[80] = UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) }; -int mbedtls_sha512_process_ext( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) +int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, + const unsigned char data[128] ) { int i; uint64_t temp1, temp2, W[80]; @@ -297,7 +297,7 @@ int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_sha512_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -307,7 +307,7 @@ int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, while( ilen >= 128 ) { - if( ( ret = mbedtls_sha512_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) return( ret ); input += 128; From b71b6307308b6615f006b9c9e450ba54eb109b7e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 10:51:17 +0100 Subject: [PATCH 0055/1059] Change test suites to use new MD API with ret code --- tests/suites/test_suite_mdx.function | 16 ++++++++++++---- tests/suites/test_suite_shax.function | 10 +++++----- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 9d0ee471f8..387e7eeb78 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -8,6 +8,7 @@ /* BEGIN_CASE depends_on:MBEDTLS_MD2_C */ void md2_text( char *text_src_string, char *hex_hash_string ) { + int ret; unsigned char src_str[100]; unsigned char hash_str[33]; unsigned char output[16]; @@ -18,7 +19,8 @@ void md2_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - mbedtls_md2( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md2_ext( src_str, strlen( (char *) src_str ), output ); + TEST_ASSERT( ret == 0 ) ; hexify( hash_str, output, sizeof output ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -28,6 +30,7 @@ void md2_text( char *text_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_MD4_C */ void md4_text( char *text_src_string, char *hex_hash_string ) { + int ret; unsigned char src_str[100]; unsigned char hash_str[33]; unsigned char output[16]; @@ -38,7 +41,8 @@ void md4_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - mbedtls_md4( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md4_ext( src_str, strlen( (char *) src_str ), output ); + TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -48,6 +52,7 @@ void md4_text( char *text_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_MD5_C */ void md5_text( char *text_src_string, char *hex_hash_string ) { + int ret; unsigned char src_str[100]; unsigned char hash_str[33]; unsigned char output[16]; @@ -58,7 +63,8 @@ void md5_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - mbedtls_md5( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md5_ext( src_str, strlen( (char *) src_str ), output ); + TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -68,6 +74,7 @@ void md5_text( char *text_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */ void ripemd160_text( char *text_src_string, char *hex_hash_string ) { + int ret; unsigned char src_str[100]; unsigned char hash_str[41]; unsigned char output[20]; @@ -78,7 +85,8 @@ void ripemd160_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - mbedtls_ripemd160( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_ripemd160_ext( src_str, strlen( (char *) src_str ), output ); + TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 6b3ee9c54c..b6f8f510cb 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -18,7 +18,7 @@ void mbedtls_sha1( char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha1( src_str, src_len, output ); + TEST_ASSERT( mbedtls_sha1_ext( src_str, src_len, output ) == 0 ); hexify( hash_str, output, 20 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -39,7 +39,7 @@ void sha224(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha256( src_str, src_len, output, 1 ); + TEST_ASSERT( mbedtls_sha256_ext( src_str, src_len, output, 1 ) == 0 ); hexify( hash_str, output, 28 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -60,7 +60,7 @@ void mbedtls_sha256(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha256( src_str, src_len, output, 0 ); + TEST_ASSERT( mbedtls_sha256_ext( src_str, src_len, output, 0 ) == 0 ); hexify( hash_str, output, 32 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -81,7 +81,7 @@ void sha384(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha512( src_str, src_len, output, 1 ); + TEST_ASSERT( mbedtls_sha512_ext( src_str, src_len, output, 1 ) == 0 ); hexify( hash_str, output, 48 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -102,7 +102,7 @@ void mbedtls_sha512(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha512( src_str, src_len, output, 0); + TEST_ASSERT( mbedtls_sha512_ext( src_str, src_len, output, 0 ) == 0 ); hexify( hash_str, output, 64 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); From 8d8204fc6f71375f8163961900a6c8852ad5b4e8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 11:07:30 +0100 Subject: [PATCH 0056/1059] Change x509write_crt to use new MD API ret code --- library/x509write_crt.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d1d9a22a7e..3faad7c5a3 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -177,8 +177,11 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); - mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); - c = buf + sizeof(buf) - 20; + ret = mbedtls_sha1_ext( buf + sizeof( buf ) - len, len, + buf + sizeof( buf ) - 20 ); + if( ret != 0 ) + return( ret ); + c = buf + sizeof( buf ) - 20; len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); @@ -199,8 +202,11 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); - mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); - c = buf + sizeof(buf) - 20; + ret = mbedtls_sha1_ext( buf + sizeof( buf ) - len, len, + buf + sizeof( buf ) - 20 ); + if( ret != 0 ) + return( ret ); + c = buf + sizeof( buf ) - 20; len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); @@ -398,7 +404,11 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, /* * Make signature */ - mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); + if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, + len, hash ) ) != 0 ) + { + return( ret ); + } if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len, f_rng, p_rng ) ) != 0 ) From 698089e07e59c61cd84414f48230506145ee96e0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 11:46:46 +0100 Subject: [PATCH 0057/1059] Change RSA to use new MD API and check return code --- library/rsa.c | 149 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 91 insertions(+), 58 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index bdd2538c3a..bd97d521b8 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -566,7 +566,7 @@ cleanup: * \param slen length of the source buffer * \param md_ctx message digest context to use */ -static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, +static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, size_t slen, mbedtls_md_context_t *md_ctx ) { unsigned char mask[MBEDTLS_MD_MAX_SIZE]; @@ -574,6 +574,7 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, unsigned char *p; unsigned int hlen; size_t i, use_len; + int ret; memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); memset( counter, 0, 4 ); @@ -589,10 +590,14 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, if( dlen < hlen ) use_len = dlen; - mbedtls_md_starts( md_ctx ); - mbedtls_md_update( md_ctx, src, slen ); - mbedtls_md_update( md_ctx, counter, 4 ); - mbedtls_md_finish( md_ctx, mask ); + if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 ) + goto exit; for( i = 0; i < use_len; ++i ) *p++ ^= mask[i]; @@ -602,7 +607,10 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, dlen -= use_len; } +exit: mbedtls_zeroize( mask, sizeof( mask ) ); + + return( ret ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -654,7 +662,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, p += hlen; /* Construct DB */ - mbedtls_md( md_info, label, label_len, p ); + if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 ) + return( ret ); p += hlen; p += olen - 2 * hlen - 2 - ilen; *p++ = 1; @@ -662,21 +671,24 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); - return( ret ); - } + goto exit; /* maskedDB: Apply dbMask to DB */ - mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, - &md_ctx ); + if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, + &md_ctx ) ) != 0 ) + goto exit; /* maskedSeed: Apply seedMask to seed */ - mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, - &md_ctx ); + if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, + &md_ctx ) ) != 0 ) + goto exit; +exit: mbedtls_md_free( &md_ctx ); + if( ret != 0 ) + return( ret ); + return( ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, output, output ) : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); @@ -843,20 +855,23 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, goto cleanup; } - - /* Generate lHash */ - mbedtls_md( md_info, label, label_len, lhash ); - /* seed: Apply seedMask to maskedSeed */ - mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, - &md_ctx ); - + if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, + &md_ctx ) ) != 0 || /* DB: Apply dbMask to maskedDB */ - mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, - &md_ctx ); + ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, + &md_ctx ) ) != 0 ) + { + mbedtls_md_free( &md_ctx ); + goto cleanup; + } mbedtls_md_free( &md_ctx ); + /* Generate lHash */ + if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 ) + goto cleanup; + /* * Check contents, in "constant-time" */ @@ -1107,28 +1122,28 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); - /* No need to zeroize salt: we didn't use it. */ - return( ret ); - } + goto exit; /* Generate H = Hash( M' ) */ - mbedtls_md_starts( &md_ctx ); - mbedtls_md_update( &md_ctx, p, 8 ); - mbedtls_md_update( &md_ctx, hash, hashlen ); - mbedtls_md_update( &md_ctx, salt, slen ); - mbedtls_md_finish( &md_ctx, p ); - mbedtls_zeroize( salt, sizeof( salt ) ); + if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 ) + goto exit; /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) offset = 1; /* maskedDB: Apply dbMask to DB */ - mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); - - mbedtls_md_free( &md_ctx ); + if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, + &md_ctx ) ) != 0 ) + goto exit; msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; sig[0] &= 0xFF >> ( olen * 8 - msb ); @@ -1136,6 +1151,14 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, p += hlen; *p++ = 0xBC; + mbedtls_zeroize( salt, sizeof( salt ) ); + +exit: + mbedtls_md_free( &md_ctx ); + + if( ret != 0 ) + return( ret ); + return( ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, sig ) : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); @@ -1382,23 +1405,21 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); - return( ret ); - } + goto exit; - mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); + if( ( ret = mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, + &md_ctx ) ) != 0 ) + goto exit; buf[0] &= 0xFF >> ( siglen * 8 - msb ); while( p < buf + siglen && *p == 0 ) p++; - if( p == buf + siglen || - *p++ != 0x01 ) + if( p == buf + siglen || *p++ != 0x01 ) { - mbedtls_md_free( &md_ctx ); - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + ret = MBEDTLS_ERR_RSA_INVALID_PADDING; + goto exit; } /* Actual salt len */ @@ -1407,25 +1428,31 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && slen != (size_t) expected_salt_len ) { - mbedtls_md_free( &md_ctx ); - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + ret = MBEDTLS_ERR_RSA_INVALID_PADDING; + goto exit; } /* * Generate H = Hash( M' ) */ - mbedtls_md_starts( &md_ctx ); - mbedtls_md_update( &md_ctx, zeros, 8 ); - mbedtls_md_update( &md_ctx, hash, hashlen ); - mbedtls_md_update( &md_ctx, p, slen ); - mbedtls_md_finish( &md_ctx, result ); + if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, zeros, 8 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, p, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_finish( &md_ctx, result ) ) != 0 ) + goto exit; + if( ( ret = memcmp( p + slen, result, hlen ) ) != 0 ) + ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; + +exit: mbedtls_md_free( &md_ctx ); - if( memcmp( p + slen, result, hlen ) == 0 ) - return( 0 ); - else - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + return( ret ); } /* @@ -1829,7 +1856,13 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " PKCS#1 data sign : " ); - mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); + if( mbedtls_sha1_ext( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) From f0e521e9f10c8552601b2f078c05ff1ecc69fec5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 12:11:42 +0100 Subject: [PATCH 0058/1059] Change ssl_cli to new MD API and check return code --- library/ssl_cli.c | 59 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 18 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe1..86267f5c12 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2493,8 +2493,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) mbedtls_md5_context mbedtls_md5; mbedtls_sha1_context mbedtls_sha1; - mbedtls_md5_init( &mbedtls_md5 ); - mbedtls_sha1_init( &mbedtls_sha1 ); + mbedtls_md5_init( &mbedtls_md5 ); hashlen = 36; @@ -2511,17 +2510,39 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) * SHA(ClientHello.random + ServerHello.random * + ServerParams); */ - mbedtls_md5_starts( &mbedtls_md5 ); - mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 ); - mbedtls_md5_update( &mbedtls_md5, params, params_len ); - mbedtls_md5_finish( &mbedtls_md5, hash ); + if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 || + ( ret = mbedtls_md5_update_ext( &mbedtls_md5, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_md5_update_ext( &mbedtls_md5, params, + params_len ) ) != 0 || + ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 ) + { + mbedtls_md5_free( &mbedtls_md5 ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + return( ret ); + } - mbedtls_sha1_starts( &mbedtls_sha1 ); - mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 ); - mbedtls_sha1_update( &mbedtls_sha1, params, params_len ); - mbedtls_sha1_finish( &mbedtls_sha1, hash + 16 ); + mbedtls_md5_free( &mbedtls_md5 ); + + mbedtls_sha1_init( &mbedtls_sha1 ); + + if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 || + ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, params, + params_len ) ) != 0 || + ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, + hash + 16 ) ) != 0 ) + { + mbedtls_sha1_free( &mbedtls_sha1 ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + return( ret ); + } - mbedtls_md5_free( &mbedtls_md5 ); mbedtls_sha1_free( &mbedtls_sha1 ); } else @@ -2532,6 +2553,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) if( md_alg != MBEDTLS_MD_NONE ) { mbedtls_md_context_t ctx; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); mbedtls_md_init( &ctx ); @@ -2545,19 +2567,20 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) * ServerDHParams params; * }; */ - if( ( ret = mbedtls_md_setup( &ctx, - mbedtls_md_info_from_type( md_alg ), 0 ) ) != 0 ) + if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 || + ( ret = mbedtls_md_starts( &ctx ) ) != 0 || + ( ret = mbedtls_md_update( &ctx, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_md_update( &ctx, params, params_len ) ) != 0 || + ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + mbedtls_md_free( &ctx ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( ret ); } - mbedtls_md_starts( &ctx ); - mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ); - mbedtls_md_update( &ctx, params, params_len ); - mbedtls_md_finish( &ctx, hash ); mbedtls_md_free( &ctx ); } else From d21d625e1fa8838286ac0daa06ae5aebca20c367 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 12:49:17 +0100 Subject: [PATCH 0059/1059] Change ssl_srv to new MD API and check return code --- library/ssl_srv.c | 59 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 19 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce6..f08a9bde10 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3099,8 +3099,7 @@ curve_matching_done: mbedtls_md5_context mbedtls_md5; mbedtls_sha1_context mbedtls_sha1; - mbedtls_md5_init( &mbedtls_md5 ); - mbedtls_sha1_init( &mbedtls_sha1 ); + mbedtls_md5_init( &mbedtls_md5 ); /* * digitally-signed struct { @@ -3116,20 +3115,38 @@ curve_matching_done: * + ServerParams); */ - mbedtls_md5_starts( &mbedtls_md5 ); - mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 ); - mbedtls_md5_update( &mbedtls_md5, dig_signed, dig_signed_len ); - mbedtls_md5_finish( &mbedtls_md5, hash ); + if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 || + ( ret = mbedtls_md5_update_ext( &mbedtls_md5, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_md5_update_ext( &mbedtls_md5, dig_signed, + dig_signed_len ) ) != 0 || + ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 ) + { + mbedtls_md5_free( &mbedtls_md5 ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret ); + return( ret ); + } - mbedtls_sha1_starts( &mbedtls_sha1 ); - mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 ); - mbedtls_sha1_update( &mbedtls_sha1, dig_signed, dig_signed_len ); - mbedtls_sha1_finish( &mbedtls_sha1, hash + 16 ); + mbedtls_md5_free( &mbedtls_md5 ); + + mbedtls_sha1_init( &mbedtls_sha1 ); + + if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 || + ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, dig_signed, + dig_signed_len ) ) != 0 || + ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, + hash + 16 ) ) != 0 ) + { + mbedtls_sha1_free( &mbedtls_sha1 ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret ); + return( ret ); + } + + mbedtls_sha1_free( &mbedtls_sha1 ); hashlen = 36; - - mbedtls_md5_free( &mbedtls_md5 ); - mbedtls_sha1_free( &mbedtls_sha1 ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ @@ -3153,16 +3170,20 @@ curve_matching_done: * ServerDHParams params; * }; */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) + if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 || + ( ret = mbedtls_md_starts( &ctx ) ) != 0 || + ( ret = mbedtls_md_update( &ctx, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_md_update( &ctx, dig_signed, + dig_signed_len ) ) != 0 || + ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + mbedtls_md_free( &ctx ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret ); return( ret ); } - mbedtls_md_starts( &ctx ); - mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ); - mbedtls_md_update( &ctx, dig_signed, dig_signed_len ); - mbedtls_md_finish( &ctx, hash ); + mbedtls_md_free( &ctx ); } else From 1ff60f437f8a5bfe5b7a1107a3149f1ce0a50dc9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 13:26:36 +0100 Subject: [PATCH 0060/1059] Change examples to use the new MD API and check ret code --- programs/hash/hello.c | 11 +++++++---- programs/pkey/dh_client.c | 6 +++++- programs/pkey/dh_server.c | 6 +++++- programs/pkey/ecdsa.c | 11 +++++------ programs/test/benchmark.c | 12 ++++++------ 5 files changed, 28 insertions(+), 18 deletions(-) diff --git a/programs/hash/hello.c b/programs/hash/hello.c index df420f284a..a69154f554 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -29,7 +29,9 @@ #include "mbedtls/platform.h" #else #include -#define mbedtls_printf printf +#define mbedtls_printf printf +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_MD5_C) @@ -45,13 +47,14 @@ int main( void ) #else int main( void ) { - int i; + int i, ret; unsigned char digest[16]; char str[] = "Hello, world!"; mbedtls_printf( "\n MD5('%s') = ", str ); - mbedtls_md5( (unsigned char *) str, 13, digest ); + if( ( ret = mbedtls_md5_ext( (unsigned char *) str, 13, digest ) ) != 0 ) + return( MBEDTLS_EXIT_FAILURE ); for( i = 0; i < 16; i++ ) mbedtls_printf( "%02x", digest[i] ); @@ -63,6 +66,6 @@ int main( void ) fflush( stdout ); getchar(); #endif - return( 0 ); + return( MBEDTLS_EXIT_SUCCESS ); } #endif /* MBEDTLS_MD5_C */ diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 875d0b0831..21c4a815fb 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -212,7 +212,11 @@ int main( void ) goto exit; } - mbedtls_sha1( buf, (int)( p - 2 - buf ), hash ); + if( ( ret = mbedtls_sha1_ext( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha1_ext returned %d\n\n", ret ); + goto exit; + } if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 8bf2b1b29f..daa96e64cb 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -203,7 +203,11 @@ int main( void ) /* * 5. Sign the parameters and send them */ - mbedtls_sha1( buf, n, hash ); + if( ( ret = mbedtls_sha1_ext( buf, n, hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha1_ext returned %d\n\n", ret ); + goto exit; + } buf[n ] = (unsigned char)( rsa.len >> 8 ); buf[n + 1] = (unsigned char)( rsa.len ); diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index c3ce56a0fe..ecb6c2230d 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -102,7 +102,6 @@ int main( int argc, char *argv[] ) mbedtls_ecdsa_context ctx_sign, ctx_verify; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_sha256_context sha256_ctx; unsigned char message[100]; unsigned char hash[32]; unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; @@ -113,7 +112,6 @@ int main( int argc, char *argv[] ) mbedtls_ecdsa_init( &ctx_sign ); mbedtls_ecdsa_init( &ctx_verify ); mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_sha256_init( &sha256_ctx ); memset( sig, 0, sizeof( sig ) ); memset( message, 0x25, sizeof( message ) ); @@ -165,9 +163,11 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Computing message hash..." ); fflush( stdout ); - mbedtls_sha256_starts( &sha256_ctx, 0 ); - mbedtls_sha256_update( &sha256_ctx, message, sizeof( message ) ); - mbedtls_sha256_finish( &sha256_ctx, hash ); + if( ( ret = mbedtls_sha256_ext( message, sizeof( message ), hash, 0 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha256_ext returned %d\n", ret ); + goto exit; + } mbedtls_printf( " ok\n" ); @@ -242,7 +242,6 @@ exit: mbedtls_ecdsa_free( &ctx_sign ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - mbedtls_sha256_free( &sha256_ctx ); return( ret ); } diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index eb578e7306..6ec7cf561d 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -327,32 +327,32 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MD4_C) if( todo.md4 ) - TIME_AND_TSC( "MD4", mbedtls_md4( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD4", mbedtls_md4_ext( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_MD5_C) if( todo.md5 ) - TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD5", mbedtls_md5_ext( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) if( todo.ripemd160 ) - TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ext( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA1_C) if( todo.sha1 ) - TIME_AND_TSC( "SHA-1", mbedtls_sha1( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "SHA-1", mbedtls_sha1_ext( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA256_C) if( todo.sha256 ) - TIME_AND_TSC( "SHA-256", mbedtls_sha256( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-256", mbedtls_sha256_ext( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_SHA512_C) if( todo.sha512 ) - TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-512", mbedtls_sha512_ext( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_ARC4_C) From 5f872df26a8d96f35eb9a66b675eea7cc3e7d582 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 14:12:44 +0100 Subject: [PATCH 0061/1059] Change func ptrs to have ret val in MD layer This patch modifies the internal md context structure in md_wrap.c to add return values to the function pointers. This enables us to use the new API in the corresponding MD modules so that failures can be found at any point in an MD computation. --- include/mbedtls/md_internal.h | 12 +-- library/md_wrap.c | 171 ++++++++++++++++++---------------- 2 files changed, 97 insertions(+), 86 deletions(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index e2441bbc49..c202598165 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -58,17 +58,17 @@ struct mbedtls_md_info_t int block_size; /** Digest initialisation function */ - void (*starts_func)( void *ctx ); + int (*starts_func)( void *ctx ); /** Digest update function */ - void (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); + int (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); /** Digest finalisation function */ - void (*finish_func)( void *ctx, unsigned char *output ); + int (*finish_func)( void *ctx, unsigned char *output ); /** Generic digest function */ - void (*digest_func)( const unsigned char *input, size_t ilen, - unsigned char *output ); + int (*digest_func)( const unsigned char *input, size_t ilen, + unsigned char *output ); /** Allocate a new context */ void * (*ctx_alloc_func)( void ); @@ -80,7 +80,7 @@ struct mbedtls_md_info_t void (*clone_func)( void *dst, const void *src ); /** Internal use only */ - void (*process_func)( void *ctx, const unsigned char *input ); + int (*process_func)( void *ctx, const unsigned char *input ); }; #if defined(MBEDTLS_MD2_C) diff --git a/library/md_wrap.c b/library/md_wrap.c index 2cfcae200e..bfd492736c 100644 --- a/library/md_wrap.c +++ b/library/md_wrap.c @@ -71,20 +71,20 @@ #if defined(MBEDTLS_MD2_C) -static void md2_starts_wrap( void *ctx ) +static int md2_starts_wrap( void *ctx ) { - mbedtls_md2_starts( (mbedtls_md2_context *) ctx ); + return( mbedtls_md2_starts_ext( (mbedtls_md2_context *) ctx ) ); } -static void md2_update_wrap( void *ctx, const unsigned char *input, +static int md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_md2_update( (mbedtls_md2_context *) ctx, input, ilen ); + return( mbedtls_md2_update_ext( (mbedtls_md2_context *) ctx, input, ilen ) ); } -static void md2_finish_wrap( void *ctx, unsigned char *output ) +static int md2_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_md2_finish( (mbedtls_md2_context *) ctx, output ); + return( mbedtls_md2_finish_ext( (mbedtls_md2_context *) ctx, output ) ); } static void *md2_ctx_alloc( void ) @@ -109,11 +109,11 @@ static void md2_clone_wrap( void *dst, const void *src ) (const mbedtls_md2_context *) src ); } -static void md2_process_wrap( void *ctx, const unsigned char *data ) +static int md2_process_wrap( void *ctx, const unsigned char *data ) { ((void) data); - mbedtls_md2_process( (mbedtls_md2_context *) ctx ); + return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); } const mbedtls_md_info_t mbedtls_md2_info = { @@ -124,7 +124,7 @@ const mbedtls_md_info_t mbedtls_md2_info = { md2_starts_wrap, md2_update_wrap, md2_finish_wrap, - mbedtls_md2, + mbedtls_md2_ext, md2_ctx_alloc, md2_ctx_free, md2_clone_wrap, @@ -135,20 +135,20 @@ const mbedtls_md_info_t mbedtls_md2_info = { #if defined(MBEDTLS_MD4_C) -static void md4_starts_wrap( void *ctx ) +static int md4_starts_wrap( void *ctx ) { - mbedtls_md4_starts( (mbedtls_md4_context *) ctx ); + return( mbedtls_md4_starts_ext( (mbedtls_md4_context *) ctx ) ); } -static void md4_update_wrap( void *ctx, const unsigned char *input, +static int md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_md4_update( (mbedtls_md4_context *) ctx, input, ilen ); + return( mbedtls_md4_update_ext( (mbedtls_md4_context *) ctx, input, ilen ) ); } -static void md4_finish_wrap( void *ctx, unsigned char *output ) +static int md4_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_md4_finish( (mbedtls_md4_context *) ctx, output ); + return( mbedtls_md4_finish_ext( (mbedtls_md4_context *) ctx, output ) ); } static void *md4_ctx_alloc( void ) @@ -170,12 +170,12 @@ static void md4_ctx_free( void *ctx ) static void md4_clone_wrap( void *dst, const void *src ) { mbedtls_md4_clone( (mbedtls_md4_context *) dst, - (const mbedtls_md4_context *) src ); + (const mbedtls_md4_context *) src ); } -static void md4_process_wrap( void *ctx, const unsigned char *data ) +static int md4_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_md4_process( (mbedtls_md4_context *) ctx, data ); + return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); } const mbedtls_md_info_t mbedtls_md4_info = { @@ -186,7 +186,7 @@ const mbedtls_md_info_t mbedtls_md4_info = { md4_starts_wrap, md4_update_wrap, md4_finish_wrap, - mbedtls_md4, + mbedtls_md4_ext, md4_ctx_alloc, md4_ctx_free, md4_clone_wrap, @@ -197,20 +197,20 @@ const mbedtls_md_info_t mbedtls_md4_info = { #if defined(MBEDTLS_MD5_C) -static void md5_starts_wrap( void *ctx ) +static int md5_starts_wrap( void *ctx ) { - mbedtls_md5_starts( (mbedtls_md5_context *) ctx ); + return( mbedtls_md5_starts_ext( (mbedtls_md5_context *) ctx ) ); } -static void md5_update_wrap( void *ctx, const unsigned char *input, +static int md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_md5_update( (mbedtls_md5_context *) ctx, input, ilen ); + return( mbedtls_md5_update_ext( (mbedtls_md5_context *) ctx, input, ilen ) ); } -static void md5_finish_wrap( void *ctx, unsigned char *output ) +static int md5_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_md5_finish( (mbedtls_md5_context *) ctx, output ); + return( mbedtls_md5_finish_ext( (mbedtls_md5_context *) ctx, output ) ); } static void *md5_ctx_alloc( void ) @@ -232,12 +232,12 @@ static void md5_ctx_free( void *ctx ) static void md5_clone_wrap( void *dst, const void *src ) { mbedtls_md5_clone( (mbedtls_md5_context *) dst, - (const mbedtls_md5_context *) src ); + (const mbedtls_md5_context *) src ); } -static void md5_process_wrap( void *ctx, const unsigned char *data ) +static int md5_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_md5_process( (mbedtls_md5_context *) ctx, data ); + return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); } const mbedtls_md_info_t mbedtls_md5_info = { @@ -248,7 +248,7 @@ const mbedtls_md_info_t mbedtls_md5_info = { md5_starts_wrap, md5_update_wrap, md5_finish_wrap, - mbedtls_md5, + mbedtls_md5_ext, md5_ctx_alloc, md5_ctx_free, md5_clone_wrap, @@ -259,20 +259,22 @@ const mbedtls_md_info_t mbedtls_md5_info = { #if defined(MBEDTLS_RIPEMD160_C) -static void ripemd160_starts_wrap( void *ctx ) +static int ripemd160_starts_wrap( void *ctx ) { - mbedtls_ripemd160_starts( (mbedtls_ripemd160_context *) ctx ); + return( mbedtls_ripemd160_starts_ext( (mbedtls_ripemd160_context *) ctx ) ); } -static void ripemd160_update_wrap( void *ctx, const unsigned char *input, +static int ripemd160_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_ripemd160_update( (mbedtls_ripemd160_context *) ctx, input, ilen ); + return( mbedtls_ripemd160_update_ext( (mbedtls_ripemd160_context *) ctx, + input, ilen ) ); } -static void ripemd160_finish_wrap( void *ctx, unsigned char *output ) +static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_ripemd160_finish( (mbedtls_ripemd160_context *) ctx, output ); + return( mbedtls_ripemd160_finish_ext( (mbedtls_ripemd160_context *) ctx, + output ) ); } static void *ripemd160_ctx_alloc( void ) @@ -297,9 +299,10 @@ static void ripemd160_clone_wrap( void *dst, const void *src ) (const mbedtls_ripemd160_context *) src ); } -static void ripemd160_process_wrap( void *ctx, const unsigned char *data ) +static int ripemd160_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_ripemd160_process( (mbedtls_ripemd160_context *) ctx, data ); + return( mbedtls_internal_ripemd160_process( + (mbedtls_ripemd160_context *) ctx, data ) ); } const mbedtls_md_info_t mbedtls_ripemd160_info = { @@ -310,7 +313,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { ripemd160_starts_wrap, ripemd160_update_wrap, ripemd160_finish_wrap, - mbedtls_ripemd160, + mbedtls_ripemd160_ext, ripemd160_ctx_alloc, ripemd160_ctx_free, ripemd160_clone_wrap, @@ -321,20 +324,21 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { #if defined(MBEDTLS_SHA1_C) -static void sha1_starts_wrap( void *ctx ) +static int sha1_starts_wrap( void *ctx ) { - mbedtls_sha1_starts( (mbedtls_sha1_context *) ctx ); + return( mbedtls_sha1_starts_ext( (mbedtls_sha1_context *) ctx ) ); } -static void sha1_update_wrap( void *ctx, const unsigned char *input, +static int sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_sha1_update( (mbedtls_sha1_context *) ctx, input, ilen ); + return( mbedtls_sha1_update_ext( (mbedtls_sha1_context *) ctx, + input, ilen ) ); } -static void sha1_finish_wrap( void *ctx, unsigned char *output ) +static int sha1_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_sha1_finish( (mbedtls_sha1_context *) ctx, output ); + return( mbedtls_sha1_finish_ext( (mbedtls_sha1_context *) ctx, output ) ); } static void *sha1_ctx_alloc( void ) @@ -359,9 +363,10 @@ static void sha1_ctx_free( void *ctx ) mbedtls_free( ctx ); } -static void sha1_process_wrap( void *ctx, const unsigned char *data ) +static int sha1_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_sha1_process( (mbedtls_sha1_context *) ctx, data ); + return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, + data ) ); } const mbedtls_md_info_t mbedtls_sha1_info = { @@ -372,7 +377,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = { sha1_starts_wrap, sha1_update_wrap, sha1_finish_wrap, - mbedtls_sha1, + mbedtls_sha1_ext, sha1_ctx_alloc, sha1_ctx_free, sha1_clone_wrap, @@ -386,26 +391,28 @@ const mbedtls_md_info_t mbedtls_sha1_info = { */ #if defined(MBEDTLS_SHA256_C) -static void sha224_starts_wrap( void *ctx ) +static int sha224_starts_wrap( void *ctx ) { - mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 1 ); + return( mbedtls_sha256_starts_ext( (mbedtls_sha256_context *) ctx, 1 ) ); } -static void sha224_update_wrap( void *ctx, const unsigned char *input, +static int sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_sha256_update( (mbedtls_sha256_context *) ctx, input, ilen ); + return( mbedtls_sha256_update_ext( (mbedtls_sha256_context *) ctx, + input, ilen ) ); } -static void sha224_finish_wrap( void *ctx, unsigned char *output ) +static int sha224_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_sha256_finish( (mbedtls_sha256_context *) ctx, output ); + return( mbedtls_sha256_finish_ext( (mbedtls_sha256_context *) ctx, + output ) ); } -static void sha224_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) +static int sha224_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) { - mbedtls_sha256( input, ilen, output, 1 ); + return( mbedtls_sha256_ext( input, ilen, output, 1 ) ); } static void *sha224_ctx_alloc( void ) @@ -430,9 +437,10 @@ static void sha224_clone_wrap( void *dst, const void *src ) (const mbedtls_sha256_context *) src ); } -static void sha224_process_wrap( void *ctx, const unsigned char *data ) +static int sha224_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_sha256_process( (mbedtls_sha256_context *) ctx, data ); + return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, + data ) ); } const mbedtls_md_info_t mbedtls_sha224_info = { @@ -450,15 +458,15 @@ const mbedtls_md_info_t mbedtls_sha224_info = { sha224_process_wrap, }; -static void sha256_starts_wrap( void *ctx ) +static int sha256_starts_wrap( void *ctx ) { - mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 0 ); + return( mbedtls_sha256_starts_ext( (mbedtls_sha256_context *) ctx, 0 ) ); } -static void sha256_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) +static int sha256_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) { - mbedtls_sha256( input, ilen, output, 0 ); + return( mbedtls_sha256_ext( input, ilen, output, 0 ) ); } const mbedtls_md_info_t mbedtls_sha256_info = { @@ -480,26 +488,28 @@ const mbedtls_md_info_t mbedtls_sha256_info = { #if defined(MBEDTLS_SHA512_C) -static void sha384_starts_wrap( void *ctx ) +static int sha384_starts_wrap( void *ctx ) { - mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 1 ); + return( mbedtls_sha512_starts_ext( (mbedtls_sha512_context *) ctx, 1 ) ); } -static void sha384_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) +static int sha384_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) { - mbedtls_sha512_update( (mbedtls_sha512_context *) ctx, input, ilen ); + return( mbedtls_sha512_update_ext( (mbedtls_sha512_context *) ctx, + input, ilen ) ); } -static void sha384_finish_wrap( void *ctx, unsigned char *output ) +static int sha384_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_sha512_finish( (mbedtls_sha512_context *) ctx, output ); + return( mbedtls_sha512_finish_ext( (mbedtls_sha512_context *) ctx, + output ) ); } -static void sha384_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) +static int sha384_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) { - mbedtls_sha512( input, ilen, output, 1 ); + return( mbedtls_sha512_ext( input, ilen, output, 1 ) ); } static void *sha384_ctx_alloc( void ) @@ -524,9 +534,10 @@ static void sha384_clone_wrap( void *dst, const void *src ) (const mbedtls_sha512_context *) src ); } -static void sha384_process_wrap( void *ctx, const unsigned char *data ) +static int sha384_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_sha512_process( (mbedtls_sha512_context *) ctx, data ); + return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, + data ) ); } const mbedtls_md_info_t mbedtls_sha384_info = { @@ -544,15 +555,15 @@ const mbedtls_md_info_t mbedtls_sha384_info = { sha384_process_wrap, }; -static void sha512_starts_wrap( void *ctx ) +static int sha512_starts_wrap( void *ctx ) { - mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 0 ); + return( mbedtls_sha512_starts_ext( (mbedtls_sha512_context *) ctx, 0 ) ); } -static void sha512_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) +static int sha512_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) { - mbedtls_sha512( input, ilen, output, 0 ); + return( mbedtls_sha512_ext( input, ilen, output, 0 ) ); } const mbedtls_md_info_t mbedtls_sha512_info = { From 0dd4fa0f45f0e426eaa3e2c8a058c32b6ff087eb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 14:16:07 +0100 Subject: [PATCH 0062/1059] Fix functions in MD layer to check return codes --- library/md.c | 101 +++++++++++++++++++++++++++------------------------ 1 file changed, 54 insertions(+), 47 deletions(-) diff --git a/library/md.c b/library/md.c index eda98f6361..a84f3042de 100644 --- a/library/md.c +++ b/library/md.c @@ -250,9 +250,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->starts_func( ctx->md_ctx ); - - return( 0 ); + return( ctx->md_info->starts_func( ctx->md_ctx ) ); } int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) @@ -260,9 +258,7 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->update_func( ctx->md_ctx, input, ilen ); - - return( 0 ); + return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); } int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) @@ -270,9 +266,7 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->finish_func( ctx->md_ctx, output ); - - return( 0 ); + return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); } int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, @@ -281,9 +275,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si if( md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - md_info->digest_func( input, ilen, output ); - - return( 0 ); + return( md_info->digest_func( input, ilen, output ) ); } #if defined(MBEDTLS_FS_IO) @@ -306,10 +298,12 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) goto cleanup; - md_info->starts_func( ctx.md_ctx ); + if( ( ret = md_info->starts_func( ctx.md_ctx ) ) != 0 ) + goto cleanup; while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - md_info->update_func( ctx.md_ctx, buf, n ); + if( ( ret = md_info->update_func( ctx.md_ctx, buf, n ) ) != 0 ) + goto cleanup; if( ferror( f ) != 0 ) { @@ -317,7 +311,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne goto cleanup; } - md_info->finish_func( ctx.md_ctx, output ); + ret = md_info->finish_func( ctx.md_ctx, output ); cleanup: fclose( f ); @@ -329,6 +323,7 @@ cleanup: int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ) { + int ret; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; unsigned char *ipad, *opad; size_t i; @@ -338,9 +333,12 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, if( keylen > (size_t) ctx->md_info->block_size ) { - ctx->md_info->starts_func( ctx->md_ctx ); - ctx->md_info->update_func( ctx->md_ctx, key, keylen ); - ctx->md_info->finish_func( ctx->md_ctx, sum ); + if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + goto cleanup; + if( ( ret = ctx->md_info->update_func( ctx->md_ctx, key, keylen ) ) != 0 ) + goto cleanup; + if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, sum ) ) != 0 ) + goto cleanup; keylen = ctx->md_info->size; key = sum; @@ -358,12 +356,15 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, opad[i] = (unsigned char)( opad[i] ^ key[i] ); } + if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + goto cleanup; + ret = ctx->md_info->update_func( ctx->md_ctx, ipad, + ctx->md_info->block_size ); + +cleanup: mbedtls_zeroize( sum, sizeof( sum ) ); - ctx->md_info->starts_func( ctx->md_ctx ); - ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size ); - - return( 0 ); + return( ret ); } int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) @@ -371,13 +372,12 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->update_func( ctx->md_ctx, input, ilen ); - - return( 0 ); + return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); } int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { + int ret; unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; @@ -386,17 +386,22 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; - ctx->md_info->finish_func( ctx->md_ctx, tmp ); - ctx->md_info->starts_func( ctx->md_ctx ); - ctx->md_info->update_func( ctx->md_ctx, opad, ctx->md_info->block_size ); - ctx->md_info->update_func( ctx->md_ctx, tmp, ctx->md_info->size ); - ctx->md_info->finish_func( ctx->md_ctx, output ); - - return( 0 ); + if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, tmp ) ) != 0 ) + return( ret ); + if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + return( ret ); + if( ( ret = ctx->md_info->update_func( ctx->md_ctx, opad, + ctx->md_info->block_size ) ) != 0 ) + return( ret ); + if( ( ret = ctx->md_info->update_func( ctx->md_ctx, tmp, + ctx->md_info->size ) ) != 0 ) + return( ret ); + return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); } int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) { + int ret; unsigned char *ipad; if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) @@ -404,15 +409,16 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) ipad = (unsigned char *) ctx->hmac_ctx; - ctx->md_info->starts_func( ctx->md_ctx ); - ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size ); - - return( 0 ); + if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + return( ret ); + return( ctx->md_info->update_func( ctx->md_ctx, ipad, + ctx->md_info->block_size ) ); } -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ) +int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) { mbedtls_md_context_t ctx; int ret; @@ -423,15 +429,18 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, mbedtls_md_init( &ctx ); if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 ) - return( ret ); + goto cleanup; - mbedtls_md_hmac_starts( &ctx, key, keylen ); - mbedtls_md_hmac_update( &ctx, input, ilen ); - mbedtls_md_hmac_finish( &ctx, output ); + if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 ) + goto cleanup; + if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 ) + goto cleanup; + ret = mbedtls_md_hmac_finish( &ctx, output ); +cleanup: mbedtls_md_free( &ctx ); - return( 0 ); + return( ret ); } int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) @@ -439,9 +448,7 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->process_func( ctx->md_ctx, data ); - - return( 0 ); + return( ctx->md_info->process_func( ctx->md_ctx, data ) ); } unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) From 8d08c4489ea2676f64c0b8f6eca6a9fe458b9f72 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 11:16:38 +0100 Subject: [PATCH 0063/1059] Change pem to use new MD API and check ret code --- library/pem.c | 99 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 66 insertions(+), 33 deletions(-) diff --git a/library/pem.c b/library/pem.c index 8dd86a4ac9..5303adcc43 100644 --- a/library/pem.c +++ b/library/pem.c @@ -82,31 +82,33 @@ static int pem_get_iv( const unsigned char *s, unsigned char *iv, return( 0 ); } -static void pem_pbkdf1( unsigned char *key, size_t keylen, - unsigned char *iv, - const unsigned char *pwd, size_t pwdlen ) +static int pem_pbkdf1( unsigned char *key, size_t keylen, + unsigned char *iv, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_md5_context md5_ctx; unsigned char md5sum[16]; size_t use_len; + int ret; mbedtls_md5_init( &md5_ctx ); /* * key[ 0..15] = MD5(pwd || IV) */ - mbedtls_md5_starts( &md5_ctx ); - mbedtls_md5_update( &md5_ctx, pwd, pwdlen ); - mbedtls_md5_update( &md5_ctx, iv, 8 ); - mbedtls_md5_finish( &md5_ctx, md5sum ); + if( ( ret = mbedtls_md5_starts_ext( &md5_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, pwd, pwdlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, iv, 8 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_finish_ext( &md5_ctx, md5sum ) ) != 0 ) + goto exit; if( keylen <= 16 ) { memcpy( key, md5sum, keylen ); - - mbedtls_md5_free( &md5_ctx ); - mbedtls_zeroize( md5sum, 16 ); - return; + goto exit; } memcpy( key, md5sum, 16 ); @@ -114,11 +116,16 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */ - mbedtls_md5_starts( &md5_ctx ); - mbedtls_md5_update( &md5_ctx, md5sum, 16 ); - mbedtls_md5_update( &md5_ctx, pwd, pwdlen ); - mbedtls_md5_update( &md5_ctx, iv, 8 ); - mbedtls_md5_finish( &md5_ctx, md5sum ); + if( ( ret = mbedtls_md5_starts_ext( &md5_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, md5sum, 16 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, pwd, pwdlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, iv, 8 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_finish_ext( &md5_ctx, md5sum ) ) != 0 ) + goto exit; use_len = 16; if( keylen < 32 ) @@ -126,53 +133,66 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, memcpy( key + 16, md5sum, use_len ); +exit: mbedtls_md5_free( &md5_ctx ); mbedtls_zeroize( md5sum, 16 ); + + return( ret ); } #if defined(MBEDTLS_DES_C) /* * Decrypt with DES-CBC, using PBKDF1 for key derivation */ -static void pem_des_decrypt( unsigned char des_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des_decrypt( unsigned char des_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_des_context des_ctx; unsigned char des_key[8]; + int ret; mbedtls_des_init( &des_ctx ); - pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ); + if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 ) + goto exit; mbedtls_des_setkey_dec( &des_ctx, des_key ); mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, des_iv, buf, buf ); +exit: mbedtls_des_free( &des_ctx ); mbedtls_zeroize( des_key, 8 ); + + return( ret ); } /* * Decrypt with 3DES-CBC, using PBKDF1 for key derivation */ -static void pem_des3_decrypt( unsigned char des3_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des3_decrypt( unsigned char des3_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_des3_context des3_ctx; unsigned char des3_key[24]; + int ret; mbedtls_des3_init( &des3_ctx ); - pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ); + if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 ) + goto exit; mbedtls_des3_set3key_dec( &des3_ctx, des3_key ); mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, des3_iv, buf, buf ); +exit: mbedtls_des3_free( &des3_ctx ); mbedtls_zeroize( des3_key, 24 ); + + return( ret ); } #endif /* MBEDTLS_DES_C */ @@ -180,23 +200,28 @@ static void pem_des3_decrypt( unsigned char des3_iv[8], /* * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation */ -static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_aes_context aes_ctx; unsigned char aes_key[32]; + int ret; mbedtls_aes_init( &aes_ctx ); - pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ); + if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 ) + goto exit; mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ); mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, aes_iv, buf, buf ); +exit: mbedtls_aes_free( &aes_ctx ); mbedtls_zeroize( aes_key, keylen ); + + return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -345,22 +370,30 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } + ret = 0; + #if defined(MBEDTLS_DES_C) if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC ) - pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_DES_CBC ) - pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC ) - pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC ) - pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC ) - pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_AES_C */ + if( ret != 0 ) + { + mbedtls_free( buf ); + return( ret ); + } + /* * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases. From 207cea57f984fa90e3ad2f6982cd18278b9db320 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 13:28:13 +0100 Subject: [PATCH 0064/1059] Change entropy to use new MD API and check ret code --- library/entropy.c | 51 ++++++++++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 18 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index d4d1b27b7f..72e0773cfa 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -75,9 +75,9 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) #endif #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_starts( &ctx->accumulator, 0 ); + mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ); #else - mbedtls_sha256_starts( &ctx->accumulator, 0 ); + mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ); #endif #if defined(MBEDTLS_HAVEGE_C) mbedtls_havege_init( &ctx->havege_data ); @@ -172,13 +172,16 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE]; size_t use_len = len; const unsigned char *p = data; + int ret; if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512( data, len, tmp, 0 ); + if( ( ret = mbedtls_sha512_ext( data, len, tmp, 0 ) ) != 0 ) + return( ret ); #else - mbedtls_sha256( data, len, tmp, 0 ); + if( ( ret = mbedtls_sha256_ext( data, len, tmp, 0 ) ) != 0 ) + return( ret ); #endif p = tmp; use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; @@ -188,14 +191,14 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id header[1] = use_len & 0xFF; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_update( &ctx->accumulator, header, 2 ); - mbedtls_sha512_update( &ctx->accumulator, p, use_len ); + if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) + return( ret ); + return( mbedtls_sha512_update_ext( &ctx->accumulator, p, use_len ) ); #else - mbedtls_sha256_update( &ctx->accumulator, header, 2 ); - mbedtls_sha256_update( &ctx->accumulator, p, use_len ); + if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) + return( ret ); + return( mbedtls_sha256_update_ext( &ctx->accumulator, p, use_len ) ); #endif - - return( 0 ); } int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, @@ -333,33 +336,45 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_finish( &ctx->accumulator, buf ); + if( ( ret = mbedtls_sha512_finish_ext( &ctx->accumulator, buf ) ) != 0 ) + goto exit; /* * Reset accumulator and counters and recycle existing entropy */ memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) ); - mbedtls_sha512_starts( &ctx->accumulator, 0 ); - mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + goto exit; /* * Perform second SHA-512 on entropy */ - mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ); + if( ( ret = mbedtls_sha512_ext( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + buf, 0 ) ) != 0 ) + goto exit; #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - mbedtls_sha256_finish( &ctx->accumulator, buf ); + if( ( ret = mbedtls_sha256_finish_ext( &ctx->accumulator, buf ) ) != 0 ) + goto exit; /* * Reset accumulator and counters and recycle existing entropy */ memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) ); - mbedtls_sha256_starts( &ctx->accumulator, 0 ); - mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + goto exit; /* * Perform second SHA-256 on entropy */ - mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ); + if( ( ret = mbedtls_sha256_ext( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + buf, 0 ) ) != 0 ) + goto exit; #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ for( i = 0; i < ctx->source_count; i++ ) From a7559cb7bab36b1da981f13073f1bcdc311f3407 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 16:12:31 +0100 Subject: [PATCH 0065/1059] Fix entropy module to work with hw accelerator This patch modifies the entropy.c module to ensure that the sha256 and sha512 contexts are correctly initialised and freed instead of skipping these calls or simply zeroizing with memset() or mbedtls_zeroize(). This is important as the sha contexts might otherwise leak memory or other resources, and even more so in the context of hardware accelerators where the configuration of the device might be done in the init and free calls. --- library/entropy.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index 72e0773cfa..06dec9956f 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -68,15 +68,18 @@ static void mbedtls_zeroize( void *v, size_t n ) { void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) { - memset( ctx, 0, sizeof(mbedtls_entropy_context) ); + ctx->source_count = 0; + memset( ctx->source, 0, sizeof( ctx->source ) ); #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_init( &ctx->mutex ); #endif #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + mbedtls_sha512_init( &ctx->accumulator ); mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ); #else + mbedtls_sha256_init( &ctx->accumulator ); mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ); #endif #if defined(MBEDTLS_HAVEGE_C) @@ -113,6 +116,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL, MBEDTLS_ENTROPY_BLOCK_SIZE, MBEDTLS_ENTROPY_SOURCE_STRONG ); + ctx->initial_entropy_run = 0; #endif #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ } @@ -125,7 +129,16 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &ctx->mutex ); #endif - mbedtls_zeroize( ctx, sizeof( mbedtls_entropy_context ) ); +#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + mbedtls_sha512_free( &ctx->accumulator ); +#else + mbedtls_sha256_free( &ctx->accumulator ); +#endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) + ctx->initial_entropy_run = 0; +#endif + ctx->source_count = 0; + mbedtls_zeroize( ctx->source, sizeof( ctx->source ) ); } int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, @@ -342,7 +355,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) /* * Reset accumulator and counters and recycle existing entropy */ - memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) ); + mbedtls_sha512_free( &ctx->accumulator ); + mbedtls_sha512_init( &ctx->accumulator ); if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) goto exit; if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf, @@ -362,7 +376,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) /* * Reset accumulator and counters and recycle existing entropy */ - memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) ); + mbedtls_sha256_free( &ctx->accumulator ); + mbedtls_sha256_init( &ctx->accumulator ); if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) goto exit; if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf, From 95869c4934bd695d808ded3954c6a26c73fe2710 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 16:31:44 +0100 Subject: [PATCH 0066/1059] Do not start md accumulator in mbedtls_entropy_init This change moves the calls to mbedtls_sha256_starts() and mbedtls_sha512_starts() out of the mbedtls_entropy_init() function as these now have return codes which need to be checked. --- include/mbedtls/entropy.h | 1 + library/entropy.c | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 747aca4dfa..addb9616ce 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -121,6 +121,7 @@ mbedtls_entropy_source_state; */ typedef struct { + int accumulator_started; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) mbedtls_sha512_context accumulator; #else diff --git a/library/entropy.c b/library/entropy.c index 06dec9956f..67ec9010c1 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -75,12 +75,11 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_mutex_init( &ctx->mutex ); #endif + ctx->accumulator_started = 0; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) mbedtls_sha512_init( &ctx->accumulator ); - mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ); #else mbedtls_sha256_init( &ctx->accumulator ); - mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ); #endif #if defined(MBEDTLS_HAVEGE_C) mbedtls_havege_init( &ctx->havege_data ); @@ -139,6 +138,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) #endif ctx->source_count = 0; mbedtls_zeroize( ctx->source, sizeof( ctx->source ) ); + ctx->accumulator_started = 0; } int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, @@ -203,11 +203,26 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id header[0] = source_id; header[1] = use_len & 0xFF; + /* + * Start the accumulator if this has not already happened. Note that + * it is sufficient to start the accumulator here only because all calls to + * gather entropy eventually execute this code. + */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + if( ctx->accumulator_started == 0 && + ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + return( ret ); + else + ctx->accumulator_started = 1; if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) return( ret ); return( mbedtls_sha512_update_ext( &ctx->accumulator, p, use_len ) ); #else + if( ctx->accumulator_started == 0 && + ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + return( ret ); + else + ctx->accumulator_started = 1; if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) return( ret ); return( mbedtls_sha256_update_ext( &ctx->accumulator, p, use_len ) ); @@ -266,7 +281,9 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) */ if( olen > 0 ) { - entropy_update( ctx, (unsigned char) i, buf, olen ); + if( ( ret = entropy_update( ctx, (unsigned char) i, + buf, olen ) ) != 0 ) + return( ret ); ctx->source[i].size += olen; } } From 1a607a1b9aed054ed3cc14e882997b01da1c5807 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 17:09:42 +0100 Subject: [PATCH 0067/1059] Change ssl_tls to use new MD API and check ret code --- library/ssl_tls.c | 147 +++++++++++++++++++++++++--------------------- 1 file changed, 79 insertions(+), 68 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065b..b04917d141 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -221,6 +221,7 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ) { + int ret; size_t i; mbedtls_md5_context md5; mbedtls_sha1_context sha1; @@ -243,25 +244,35 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, { memset( padding, (unsigned char) ('A' + i), 1 + i ); - mbedtls_sha1_starts( &sha1 ); - mbedtls_sha1_update( &sha1, padding, 1 + i ); - mbedtls_sha1_update( &sha1, secret, slen ); - mbedtls_sha1_update( &sha1, random, rlen ); - mbedtls_sha1_finish( &sha1, sha1sum ); + if( ( ret = mbedtls_sha1_starts_ext( &sha1 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha1_update_ext( &sha1, padding, 1 + i ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha1_update_ext( &sha1, secret, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha1_update_ext( &sha1, random, rlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha1_finish_ext( &sha1, sha1sum ) ) != 0 ) + goto exit; - mbedtls_md5_starts( &md5 ); - mbedtls_md5_update( &md5, secret, slen ); - mbedtls_md5_update( &md5, sha1sum, 20 ); - mbedtls_md5_finish( &md5, dstbuf + i * 16 ); + if( ( ret = mbedtls_md5_starts_ext( &md5 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5, secret, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5, sha1sum, 20 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_finish_ext( &md5, dstbuf + i * 16 ) ) != 0 ) + goto exit; } +exit: mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); mbedtls_zeroize( padding, sizeof( padding ) ); mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); - return( 0 ); + return( ret ); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -978,25 +989,25 @@ void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) memset( pad_1, 0x36, 48 ); memset( pad_2, 0x5C, 48 ); - mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update( &md5, pad_1, 48 ); - mbedtls_md5_finish( &md5, hash ); + mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 ); + mbedtls_md5_update_ext( &md5, pad_1, 48 ); + mbedtls_md5_finish_ext( &md5, hash ); - mbedtls_md5_starts( &md5 ); - mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update( &md5, pad_2, 48 ); - mbedtls_md5_update( &md5, hash, 16 ); - mbedtls_md5_finish( &md5, hash ); + mbedtls_md5_starts_ext( &md5 ); + mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 ); + mbedtls_md5_update_ext( &md5, pad_2, 48 ); + mbedtls_md5_update_ext( &md5, hash, 16 ); + mbedtls_md5_finish_ext( &md5, hash ); - mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update( &sha1, pad_1, 40 ); - mbedtls_sha1_finish( &sha1, hash + 16 ); + mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 ); + mbedtls_sha1_update_ext( &sha1, pad_1, 40 ); + mbedtls_sha1_finish_ext( &sha1, hash + 16 ); - mbedtls_sha1_starts( &sha1 ); - mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update( &sha1, pad_2, 40 ); - mbedtls_sha1_update( &sha1, hash + 16, 20 ); - mbedtls_sha1_finish( &sha1, hash + 16 ); + mbedtls_sha1_starts_ext( &sha1 ); + mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 ); + mbedtls_sha1_update_ext( &sha1, pad_2, 40 ); + mbedtls_sha1_update_ext( &sha1, hash + 16, 20 ); + mbedtls_sha1_finish_ext( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1022,8 +1033,8 @@ void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); - mbedtls_md5_finish( &md5, hash ); - mbedtls_sha1_finish( &sha1, hash + 16 ); + mbedtls_md5_finish_ext( &md5, hash ); + mbedtls_sha1_finish_ext( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1046,7 +1057,7 @@ void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - mbedtls_sha256_finish( &sha256, hash ); + mbedtls_sha256_finish_ext( &sha256, hash ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1067,7 +1078,7 @@ void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - mbedtls_sha512_finish( &sha512, hash ); + mbedtls_sha512_finish_ext( &sha512, hash ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -4836,15 +4847,15 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_starts( &ssl->handshake->fin_md5 ); - mbedtls_sha1_starts( &ssl->handshake->fin_sha1 ); + mbedtls_md5_starts_ext( &ssl->handshake->fin_md5 ); + mbedtls_sha1_starts_ext( &ssl->handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ext( &ssl->handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ext( &ssl->handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -4854,15 +4865,15 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -4872,8 +4883,8 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len ); } #endif @@ -4882,7 +4893,7 @@ static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len ); } #endif @@ -4890,7 +4901,7 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len ); } #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -4943,29 +4954,29 @@ static void ssl_calc_finished_ssl( memset( padbuf, 0x36, 48 ); - mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 ); - mbedtls_md5_update( &md5, session->master, 48 ); - mbedtls_md5_update( &md5, padbuf, 48 ); - mbedtls_md5_finish( &md5, md5sum ); + mbedtls_md5_update_ext( &md5, (const unsigned char *) sender, 4 ); + mbedtls_md5_update_ext( &md5, session->master, 48 ); + mbedtls_md5_update_ext( &md5, padbuf, 48 ); + mbedtls_md5_finish_ext( &md5, md5sum ); - mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 ); - mbedtls_sha1_update( &sha1, session->master, 48 ); - mbedtls_sha1_update( &sha1, padbuf, 40 ); - mbedtls_sha1_finish( &sha1, sha1sum ); + mbedtls_sha1_update_ext( &sha1, (const unsigned char *) sender, 4 ); + mbedtls_sha1_update_ext( &sha1, session->master, 48 ); + mbedtls_sha1_update_ext( &sha1, padbuf, 40 ); + mbedtls_sha1_finish_ext( &sha1, sha1sum ); memset( padbuf, 0x5C, 48 ); - mbedtls_md5_starts( &md5 ); - mbedtls_md5_update( &md5, session->master, 48 ); - mbedtls_md5_update( &md5, padbuf, 48 ); - mbedtls_md5_update( &md5, md5sum, 16 ); - mbedtls_md5_finish( &md5, buf ); + mbedtls_md5_starts_ext( &md5 ); + mbedtls_md5_update_ext( &md5, session->master, 48 ); + mbedtls_md5_update_ext( &md5, padbuf, 48 ); + mbedtls_md5_update_ext( &md5, md5sum, 16 ); + mbedtls_md5_finish_ext( &md5, buf ); - mbedtls_sha1_starts( &sha1 ); - mbedtls_sha1_update( &sha1, session->master, 48 ); - mbedtls_sha1_update( &sha1, padbuf , 40 ); - mbedtls_sha1_update( &sha1, sha1sum, 20 ); - mbedtls_sha1_finish( &sha1, buf + 16 ); + mbedtls_sha1_starts_ext( &sha1 ); + mbedtls_sha1_update_ext( &sha1, session->master, 48 ); + mbedtls_sha1_update_ext( &sha1, padbuf , 40 ); + mbedtls_sha1_update_ext( &sha1, sha1sum, 20 ); + mbedtls_sha1_finish_ext( &sha1, buf + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); @@ -5022,8 +5033,8 @@ static void ssl_calc_finished_tls( ? "client finished" : "server finished"; - mbedtls_md5_finish( &md5, padbuf ); - mbedtls_sha1_finish( &sha1, padbuf + 16 ); + mbedtls_md5_finish_ext( &md5, padbuf ); + mbedtls_sha1_finish_ext( &sha1, padbuf + 16 ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 36, buf, len ); @@ -5074,7 +5085,7 @@ static void ssl_calc_finished_tls_sha256( ? "client finished" : "server finished"; - mbedtls_sha256_finish( &sha256, padbuf ); + mbedtls_sha256_finish_ext( &sha256, padbuf ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 32, buf, len ); @@ -5123,7 +5134,7 @@ static void ssl_calc_finished_tls_sha384( ? "client finished" : "server finished"; - mbedtls_sha512_finish( &sha512, padbuf ); + mbedtls_sha512_finish_ext( &sha512, padbuf ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 48, buf, len ); @@ -5437,17 +5448,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) defined(MBEDTLS_SSL_PROTO_TLS1_1) mbedtls_md5_init( &handshake->fin_md5 ); mbedtls_sha1_init( &handshake->fin_sha1 ); - mbedtls_md5_starts( &handshake->fin_md5 ); - mbedtls_sha1_starts( &handshake->fin_sha1 ); + mbedtls_md5_starts_ext( &handshake->fin_md5 ); + mbedtls_sha1_starts_ext( &handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) mbedtls_sha256_init( &handshake->fin_sha256 ); - mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ext( &handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ext( &handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From 276ebb650ed631c6748486d2f3344ed83b763a6a Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 3 Jul 2017 11:16:57 +0100 Subject: [PATCH 0068/1059] Add stdlib.h include to hello.c sample --- programs/hash/hello.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/hash/hello.c b/programs/hash/hello.c index a69154f554..a0c08c7342 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else +#include #include #define mbedtls_printf printf #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS From 7a005e2fa413fa828309221bb3ce03360c432aaa Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 3 Jul 2017 14:42:34 +0100 Subject: [PATCH 0069/1059] Remove invalid doxygen docs from deprecated func --- include/mbedtls/md2.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 2c133a2aa8..1d81c2844d 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -225,8 +225,6 @@ int mbedtls_md2_ext( const unsigned char *input, * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result - * - * \return 0 if successful */ MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, size_t ilen, From f01a644aac123e2dc6f1d119a5f9fd9959bc9673 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 3 Jul 2017 16:00:59 +0100 Subject: [PATCH 0070/1059] Add ChangeLog entry --- ChangeLog | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2f0116bcfc..0c8f541d0f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,27 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x released xxxx-xx-xx + +Bugfix + * Fix the entropy.c module to not call mbedtls_sha256_starts() or + mbedtls_sha512_starts() in the mbedtls_entropy_init() function. + * Fix the entropy.c module to ensure that mbedtls_sha256_init() or + mbedtls_sha512_init() is called before operating on the relevant context + structure. Also, ensure that message digest contexts are freed when + calling mbedtls_entropy_free(). + +API Changes + * The following functions in the MD2, MD4, MD5, SHA1, SHA256 and SHA512 + modules have been deprecated and replaced as shown below. The new + functions change the return type from void to int to allow returning error + codes when using MBEDTLS__ALT. + mbedtls__starts() -> mbedtls__starts_ext() + mbedtls__update() -> mbedtls__update_ext() + mbedtls__finish() -> mbedtls__finish_ext() + mbedtls__process() -> mbedtls_internal__process() + The type of the function pointers in the mbedtls_md_info_t struct have + also been modified taking into account the functions return code. + = mbed TLS 2.5.1 released 2017-06-21 Security From af0b31d76faa9f1a23bd46a2afc2cbf020b7361c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Jul 2017 14:23:54 +0100 Subject: [PATCH 0071/1059] Correctly set buf size in entropy_update_nv_seed() --- library/entropy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/entropy.c b/library/entropy.c index a500b53127..e6da98b10a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -387,7 +387,7 @@ exit: int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) { int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; - unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ]; + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; /* Read new seed and write it to NV */ if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) From bbafd34ebb94b67ccd86b972dac266ccb563a0b3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Jul 2017 14:25:21 +0100 Subject: [PATCH 0072/1059] Set len var to 0 when buf is freed in ssl_tls.c --- library/ssl_tls.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9b5fccb5ca..c85cc72d3e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6049,13 +6049,19 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - if( conf->psk != NULL || conf->psk_identity != NULL ) + if( conf->psk != NULL ) { mbedtls_zeroize( conf->psk, conf->psk_len ); + mbedtls_free( conf->psk ); - mbedtls_free( conf->psk_identity ); conf->psk = NULL; + conf->psk_len = 0; + } + if( conf->psk_identity != NULL ) + { + mbedtls_free( conf->psk_identity ); conf->psk_identity = NULL; + conf->psk_identity_len = 0; } if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL || @@ -6090,6 +6096,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, { mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len ); mbedtls_free( ssl->handshake->psk ); + ssl->handshake->psk_len = 0; } if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) From 364051ff5742d995eb93df926d6e9d0d58fb4c6d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Jul 2017 15:40:17 +0100 Subject: [PATCH 0073/1059] Add ChangeLog entry for buf zeroize --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 84a05d0035..e933cc5e84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x released xxxx-xx-xx + +Security + * Ensure that buffers are cleared after use if they contain sensitive data. + Changes were introduced in multiple places in the library. Cannot be + triggered remotely. + = mbed TLS 2.5.1 released xxxx-xx-xx Security From 6512193efff3b0be6ba144b8a0b4d7ec63099cb8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 5 Jul 2017 15:45:47 +0100 Subject: [PATCH 0074/1059] Zeroize tmp buffer in entropy_update() --- library/entropy.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/entropy.c b/library/entropy.c index e6da98b10a..90d09ebb17 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -195,6 +195,8 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id mbedtls_sha256_update( &ctx->accumulator, p, use_len ); #endif + mbedtls_zeroize( tmp, sizeof( tmp ) ); + return( 0 ); } From fe9483184f9c03094353796afcad9c1d351df49d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 6 Jul 2017 10:34:12 +0100 Subject: [PATCH 0075/1059] Remove malloc references in mbedtls/scripts --- scripts/find-mem-leak.cocci | 8 ++--- scripts/malloc-init.pl | 70 ------------------------------------ scripts/rm-calloc-cast.cocci | 7 ++++ scripts/rm-malloc-cast.cocci | 7 ---- 4 files changed, 11 insertions(+), 81 deletions(-) delete mode 100755 scripts/malloc-init.pl create mode 100644 scripts/rm-calloc-cast.cocci delete mode 100644 scripts/rm-malloc-cast.cocci diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci index 5cfe4522da..8179e2b3eb 100644 --- a/scripts/find-mem-leak.cocci +++ b/scripts/find-mem-leak.cocci @@ -2,8 +2,8 @@ expression x, y; statement S; @@ - x = mbedtls_malloc(...); - y = mbedtls_malloc(...); + x = mbedtls_calloc(...); + y = mbedtls_calloc(...); ... * if (x == NULL || y == NULL) S @@ -13,8 +13,8 @@ expression x, y; statement S; @@ if ( -* (x = mbedtls_malloc(...)) == NULL +* (x = mbedtls_calloc(...)) == NULL || -* (y = mbedtls_malloc(...)) == NULL +* (y = mbedtls_calloc(...)) == NULL ) S diff --git a/scripts/malloc-init.pl b/scripts/malloc-init.pl deleted file mode 100755 index b7d6fcface..0000000000 --- a/scripts/malloc-init.pl +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/perl - -# Check for malloc calls not shortly followed by initialisation. -# -# Known limitations: -# - false negative: can't see allocations spanning more than one line -# - possible false negatives, see patterns -# - false positive: malloc-malloc-init-init is not accepted -# - false positives: "non-standard" init functions (eg, the things being -# initialised is not the first arg, or initialise struct members) -# -# Since false positives are expected, the results must be manually reviewed. -# -# Typical usage: scripts/malloc-init.pl library/*.c - -use warnings; -use strict; - -use utf8; -use open qw(:std utf8); - -my $limit = 7; -my $inits = qr/memset|memcpy|_init|fread|base64_..code/; - -# cases to bear in mind: -# -# 0. foo = malloc(...); memset( foo, ... ); -# 1. *foo = malloc(...); memset( *foo, ... ); -# 2. type *foo = malloc(...); memset( foo, ...); -# 3. foo = malloc(...); foo_init( (type *) foo ); -# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); } -# -# The chosen patterns are a bit relaxed, but unlikely to cause false positives -# in real code (initialising *foo or &foo instead of foo will likely be caught -# by functional tests). -# -my $id = qr/([a-zA-Z-0-9_\->\.]*)/; -my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/; - -my $name; -my $line; -my @bad; - -die "Usage: $0 file.c [...]\n" unless @ARGV; - -while (my $file = shift @ARGV) -{ - open my $fh, "<", $file or die "read $file failed: $!\n"; - while (<$fh>) - { - if( /mbedtls_malloc\(/ ) { - if( /$id\s*=.*mbedtls_malloc\(/ ) { - push @bad, "$file:$line:$name" if $name; - $name = $1; - $line = $.; - } else { - push @bad, "$file:$.:???" unless /return mbedtls_malloc/; - } - } elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) { - undef $name; - } elsif( $name && $. - $line > $limit ) { - push @bad, "$file:$line:$name"; - undef $name; - undef $line; - } - } - close $fh or die; -} - -print "$_\n" for @bad; diff --git a/scripts/rm-calloc-cast.cocci b/scripts/rm-calloc-cast.cocci new file mode 100644 index 0000000000..89481c01a9 --- /dev/null +++ b/scripts/rm-calloc-cast.cocci @@ -0,0 +1,7 @@ +@rm_calloc_cast@ +expression x, n, m; +type T; +@@ + x = +- (T *) + mbedtls_calloc(n, m) diff --git a/scripts/rm-malloc-cast.cocci b/scripts/rm-malloc-cast.cocci deleted file mode 100644 index 9337dc5019..0000000000 --- a/scripts/rm-malloc-cast.cocci +++ /dev/null @@ -1,7 +0,0 @@ -@rm_malloc_cast@ -expression x, n; -type T; -@@ - x = -- (T *) - mbedtls_malloc(n) From d48ba2b336b03a15aa905a0b9a45c8541fbe237f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 6 Jul 2017 17:17:43 +0100 Subject: [PATCH 0076/1059] Improve ChangeLog entry --- ChangeLog | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e933cc5e84..810bcb261b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,8 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Ensure that buffers are cleared after use if they contain sensitive data. - Changes were introduced in multiple places in the library. Cannot be - triggered remotely. + Changes were introduced in multiple places in the library. = mbed TLS 2.5.1 released xxxx-xx-xx From b194a283a96727f50e74fec50efd2497b995b8ce Mon Sep 17 00:00:00 2001 From: Martijn de Milliano Date: Thu, 6 Jul 2017 23:55:59 +0200 Subject: [PATCH 0077/1059] dh_server: Fixed expected number of bytes received from client when receiving public value. --- programs/pkey/dh_server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 8bf2b1b29f..7906ac1b83 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -234,6 +234,7 @@ int main( void ) memset( buf, 0, sizeof( buf ) ); + n = dhm.len; if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n ) { mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); From 92d46f02460afa9765b5ca37a4de786b796adb78 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 10:46:51 +0100 Subject: [PATCH 0078/1059] Zeroize buf if mbedtls_base64_decode() fails --- library/pem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/pem.c b/library/pem.c index a09257cc7c..ea36df8823 100644 --- a/library/pem.c +++ b/library/pem.c @@ -331,6 +331,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) { + mbedtls_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); } From 83ebf78404e49324ce3802c2e4f3184386f1920f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Jul 2017 12:29:15 +0100 Subject: [PATCH 0079/1059] Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh --- tests/scripts/all.sh | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2cc..49b1653bda 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -428,6 +428,40 @@ make msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" make test +msg "build: default config with AES_FEWER_TABLES enabled" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_AES_FEWER_TABLES +CC=gcc CFLAGS='-Werror -Wall -Wextra' make + +msg "test: AES_FEWER_TABLES" +make test + +msg "build: default config with AES_ROM_TABLES enabled" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_AES_ROM_TABLES +CC=gcc CFLAGS='-Werror -Wall -Wextra' make + +msg "test: AES_ROM_TABLES" +make test + +msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_AES_FEWER_TABLES +scripts/config.pl set MBEDTLS_AES_ROM_TABLES +CC=gcc CFLAGS='-Werror -Wall -Wextra' make + +msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" +make test + +if uname -a | grep -F Linux >/dev/null; then +msg "build/test: make shared" # ~ 40s +cleanup +make SHARED=1 all check +fi + if uname -a | grep -F Linux >/dev/null; then msg "build/test: make shared" # ~ 40s cleanup @@ -572,4 +606,3 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup - From e507c82084a31a674d70e3b2337cf65e54b55c2c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 14:04:40 +0100 Subject: [PATCH 0080/1059] Fix typo and bracketing in macro args --- library/net_sockets.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a4..31c42db05a 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -63,8 +63,8 @@ #endif #endif /* _MSC_VER */ -#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0) -#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0) +#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) +#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) #define close(fd) closesocket(fd) static int wsa_init_done = 0; @@ -85,7 +85,7 @@ static int wsa_init_done = 0; #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* Some MS functions want int and MSVC warns if we pass size_t, - * but the standard fucntions use socklen_t, so cast only for MSVC */ + * but the standard functions use socklen_t, so cast only for MSVC */ #if defined(_MSC_VER) #define MSVC_INT_CAST (int) #else From a21247ead7d64298ca1e9194b39447954566ceb6 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:01:08 +0100 Subject: [PATCH 0081/1059] Remove unwanted whitespace in MD comments --- include/mbedtls/md2.h | 8 ++++---- include/mbedtls/md4.h | 8 ++++---- include/mbedtls/md5.h | 8 ++++---- include/mbedtls/ripemd160.h | 8 ++++---- include/mbedtls/sha1.h | 8 ++++---- include/mbedtls/sha256.h | 8 ++++---- include/mbedtls/sha512.h | 8 ++++---- 7 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 1d81c2844d..2a14b1002d 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -92,7 +92,7 @@ int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ); * \brief MD2 process buffer * * \param ctx MD2 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -146,7 +146,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( * \deprecated Superseded by mbedtls_md2_update_ext() in 2.5.0 * * \param ctx MD2 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( @@ -203,7 +203,7 @@ extern "C" { /** * \brief Output = MD2( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result */ @@ -222,7 +222,7 @@ int mbedtls_md2_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_md2() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result */ diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 671c6a4f11..f5d335d8f5 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -92,7 +92,7 @@ int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ); * \brief MD4 process buffer * * \param ctx MD4 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -148,7 +148,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( * \deprecated Superseded by mbedtls_md4_update_ext() in 2.5.0 * * \param ctx MD4 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( @@ -207,7 +207,7 @@ extern "C" { /** * \brief Output = MD4( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD4 checksum result * @@ -228,7 +228,7 @@ int mbedtls_md4_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_md4_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD4 checksum result */ diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 816d081ab2..5a7a00a6b0 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -87,7 +87,7 @@ int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ); * \brief MD5 process buffer * * \param ctx MD5 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -143,7 +143,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( * \deprecated Superseded by mbedtls_md5_update_ext() in 2.5.0 * * \param ctx MD5 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( @@ -202,7 +202,7 @@ extern "C" { /** * \brief Output = MD5( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD5 checksum result * @@ -223,7 +223,7 @@ int mbedtls_md5_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_md5_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD5 checksum result */ diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index aea16b3663..3186359887 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -92,7 +92,7 @@ int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ); * \brief RIPEMD-160 process buffer * * \param ctx RIPEMD-160 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -148,7 +148,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( * \deprecated Superseded by mbedtls_ripemd160_update_ext() in 2.5.0 * * \param ctx RIPEMD-160 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( @@ -207,7 +207,7 @@ extern "C" { /** * \brief Output = RIPEMD-160( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output RIPEMD-160 checksum result * @@ -228,7 +228,7 @@ int mbedtls_ripemd160_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_ripemd160_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output RIPEMD-160 checksum result */ diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 47a9f996ff..e18e6ac994 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -92,7 +92,7 @@ int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ); * \brief SHA-1 process buffer * * \param ctx SHA-1 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -148,7 +148,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( * \deprecated Superseded by mbedtls_sha1_update_ext() in 2.5.0 * * \param ctx SHA-1 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( @@ -207,7 +207,7 @@ extern "C" { /** * \brief Output = SHA-1( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result * @@ -228,7 +228,7 @@ int mbedtls_sha1_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha1_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result */ diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 76555f4fd4..5fce7ee936 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -94,7 +94,7 @@ int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); * \brief SHA-256 process buffer * * \param ctx SHA-256 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -152,7 +152,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( * \deprecated Superseded by mbedtls_sha256_update_ext() in 2.5.0 * * \param ctx SHA-256 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( @@ -211,7 +211,7 @@ extern "C" { /** * \brief Output = SHA-256( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-224/256 checksum result * \param is224 0 = use SHA256, 1 = use SHA224 @@ -234,7 +234,7 @@ int mbedtls_sha256_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha256_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-224/256 checksum result * \param is224 0 = use SHA256, 1 = use SHA224 diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 0fbdb3b717..7cba3f63c5 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -94,7 +94,7 @@ int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ); * \brief SHA-512 process buffer * * \param ctx SHA-512 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -152,7 +152,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( * \deprecated Superseded by mbedtls_sha512_update_ext() in 2.5.0 * * \param ctx SHA-512 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( @@ -211,7 +211,7 @@ extern "C" { /** * \brief Output = SHA-512( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-384/512 checksum result * \param is384 0 = use SHA512, 1 = use SHA384 @@ -234,7 +234,7 @@ int mbedtls_sha512_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha512_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-384/512 checksum result * \param is384 0 = use SHA512, 1 = use SHA384 From 6a3f30514a21d06aa27acd9cc63ab0c0f53f17b7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:18:54 +0100 Subject: [PATCH 0082/1059] Ensure MD self_test ret codes are not hidden Also fix a potential memory leak and an incorrect goto statement in sha1.c self_test --- library/ripemd160.c | 7 +++++-- library/sha1.c | 20 ++++++++++++-------- library/sha256.c | 21 +++++++++++++-------- library/sha512.c | 19 ++++++++++++------- 4 files changed, 42 insertions(+), 25 deletions(-) diff --git a/library/ripemd160.c b/library/ripemd160.c index 8bf988eae9..4e92bb735d 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -464,7 +464,7 @@ static const unsigned char ripemd160_test_md[TESTS][20] = */ int mbedtls_ripemd160_self_test( int verbose ) { - int i, ret; + int i, ret = 0; unsigned char output[20]; memset( output, 0, sizeof output ); @@ -481,7 +481,10 @@ int mbedtls_ripemd160_self_test( int verbose ) goto fail; if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -496,7 +499,7 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/sha1.c b/library/sha1.c index fdd0878685..64b70f051e 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -439,7 +439,7 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); - if( mbedtls_sha1_starts_ext( &ctx ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) goto fail; if( i == 2 ) @@ -448,21 +448,27 @@ int mbedtls_sha1_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - if( mbedtls_sha1_update_ext( &ctx, buf, buflen ) != 0 ) + ret = mbedtls_sha1_update_ext( &ctx, buf, buflen ); + if( ret != 0 ) goto fail; } } else { - if( mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i], - sha1_test_buflen[i] ) != 0 ) + ret = mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i], + sha1_test_buflen[i] ); + if( ret != 0 ) goto fail; } - mbedtls_sha1_finish_ext( &ctx, sha1sum ); + if( ( ret = mbedtls_sha1_finish_ext( &ctx, sha1sum ) ) != 0 ) + goto fail; if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) - goto exit; + { + ret = 1; + goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -477,8 +483,6 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - ret = 1; - exit: mbedtls_sha1_free( &ctx ); diff --git a/library/sha256.c b/library/sha256.c index 88435a3c4f..16a2f0b2fe 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -448,7 +448,7 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - if( mbedtls_sha256_starts_ext( &ctx, k ) != 0 ) + if( ( ret = mbedtls_sha256_starts_ext( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -456,23 +456,30 @@ int mbedtls_sha256_self_test( int verbose ) memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - if( mbedtls_sha256_update_ext( &ctx, buf, buflen ) != 0 ) + { + ret = mbedtls_sha256_update_ext( &ctx, buf, buflen ); + if( ret != 0 ) goto fail; + } } else { - if( mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], - sha256_test_buflen[j] ) != 0 ) - goto fail; + ret = mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], + sha256_test_buflen[j] ); + if( ret != 0 ) + goto fail; } - if( mbedtls_sha256_finish_ext( &ctx, sha256sum ) != 0 ) + if( ( ret = mbedtls_sha256_finish_ext( &ctx, sha256sum ) ) != 0 ) goto fail; if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -487,8 +494,6 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - ret = 1; - exit: mbedtls_sha256_free( &ctx ); mbedtls_free( buf ); diff --git a/library/sha512.c b/library/sha512.c index ff7e5ca5b6..76d21ddfae 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -504,7 +504,7 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - if( mbedtls_sha512_starts_ext( &ctx, k ) != 0 ) + if( ( ret = mbedtls_sha512_starts_ext( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -512,21 +512,28 @@ int mbedtls_sha512_self_test( int verbose ) memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - if( mbedtls_sha512_update_ext( &ctx, buf, buflen ) != 0 ) + { + ret = mbedtls_sha512_update_ext( &ctx, buf, buflen ); + if( ret != 0 ) goto fail; + } } else { - if( mbedtls_sha512_update_ext( &ctx, sha512_test_buf[j], - sha512_test_buflen[j] ) != 0 ) + ret = mbedtls_sha512_update_ext( &ctx, sha512_test_buf[j], + sha512_test_buflen[j] ); + if( ret != 0 ) goto fail; } - if( mbedtls_sha512_finish_ext( &ctx, sha512sum ) != 0 ) + if( ( ret = mbedtls_sha512_finish_ext( &ctx, sha512sum ) ) != 0 ) goto fail; if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -541,8 +548,6 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - ret = 1; - exit: mbedtls_sha512_free( &ctx ); mbedtls_free( buf ); From 94682d1d7d4a8492b0e832318bad670b427167b8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:26:37 +0100 Subject: [PATCH 0083/1059] Fix use of unitialized ret in rsa.c --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index bd97d521b8..4daa5b310d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -574,7 +574,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, unsigned char *p; unsigned int hlen; size_t i, use_len; - int ret; + int ret = 0; memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); memset( counter, 0, 4 ); From 0963e6cfac2230d68c6ed1aa220ac41f096796ff Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:34:08 +0100 Subject: [PATCH 0084/1059] Fix possible memory leak in _ext() --- library/md2.c | 10 +++++----- library/md4.c | 9 +++++---- library/md5.c | 9 +++++---- library/ripemd160.c | 9 +++++---- library/sha1.c | 9 +++++---- library/sha256.c | 9 +++++---- library/sha512.c | 9 +++++---- 7 files changed, 35 insertions(+), 29 deletions(-) diff --git a/library/md2.c b/library/md2.c index a5d768b256..8d887a1020 100644 --- a/library/md2.c +++ b/library/md2.c @@ -229,18 +229,18 @@ int mbedtls_md2_ext( const unsigned char *input, mbedtls_md2_init( &ctx ); if( ( ret = mbedtls_md2_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md2_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md2_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); - + goto exit; +exit: mbedtls_md2_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/md4.c b/library/md4.c index da4df7b141..1121fd1906 100644 --- a/library/md4.c +++ b/library/md4.c @@ -333,17 +333,18 @@ int mbedtls_md4_ext( const unsigned char *input, mbedtls_md4_init( &ctx ); if( ( ret = mbedtls_md4_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md4_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md4_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_md4_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/md5.c b/library/md5.c index 8150f941db..93f6434a12 100644 --- a/library/md5.c +++ b/library/md5.c @@ -347,17 +347,18 @@ int mbedtls_md5_ext( const unsigned char *input, mbedtls_md5_init( &ctx ); if( ( ret = mbedtls_md5_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md5_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md5_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_md5_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/ripemd160.c b/library/ripemd160.c index 4e92bb735d..0fc12a1ffd 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -406,17 +406,18 @@ int mbedtls_ripemd160_ext( const unsigned char *input, mbedtls_ripemd160_init( &ctx ); if( ( ret = mbedtls_ripemd160_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_ripemd160_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_ripemd160_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_ripemd160_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha1.c b/library/sha1.c index 64b70f051e..42f3d6cd54 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -380,17 +380,18 @@ int mbedtls_sha1_ext( const unsigned char *input, mbedtls_sha1_init( &ctx ); if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha1_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha1_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_sha1_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha256.c b/library/sha256.c index 16a2f0b2fe..fb03cd1dcc 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -355,17 +355,18 @@ int mbedtls_sha256_ext( const unsigned char *input, mbedtls_sha256_init( &ctx ); if( ( ret = mbedtls_sha256_starts_ext( &ctx, is224 ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha256_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha256_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_sha256_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha512.c b/library/sha512.c index 76d21ddfae..b1947f1ea0 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -391,17 +391,18 @@ int mbedtls_sha512_ext( const unsigned char *input, mbedtls_sha512_init( &ctx ); if( ( ret = mbedtls_sha512_starts_ext( &ctx, is384 ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha512_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha512_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_sha512_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) From c5c7d76bf5693578241382e729b73367c8775702 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:42:16 +0100 Subject: [PATCH 0085/1059] Add goto exit; stmt in rsa.c for consistency --- library/rsa.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 4daa5b310d..2f78ce366d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1446,8 +1446,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, if( ( ret = mbedtls_md_finish( &md_ctx, result ) ) != 0 ) goto exit; - if( ( ret = memcmp( p + slen, result, hlen ) ) != 0 ) + if( memcmp( p + slen, result, hlen ) != 0 ) + { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; + goto exit; + } exit: mbedtls_md_free( &md_ctx ); From 8798a10ff0473b216411e818127c57a4d1ca94b4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:46:23 +0100 Subject: [PATCH 0086/1059] Update ChangeLog entry as ssl_tls.c needs fixing --- ChangeLog | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0c8f541d0f..b9bc93155c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,7 +20,10 @@ API Changes mbedtls__finish() -> mbedtls__finish_ext() mbedtls__process() -> mbedtls_internal__process() The type of the function pointers in the mbedtls_md_info_t struct have - also been modified taking into account the functions return code. + also been modified taking into account the functions return code. Every + usage of the deprecated functions was updated. Furthermore, the MD return + codes are checked for error after every usage, except in the ssl_tls.c + module. = mbed TLS 2.5.1 released 2017-06-21 From 46f5a3e9b4d5db3cacfe2ba33480a27317c62d46 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 16:17:51 +0100 Subject: [PATCH 0087/1059] Check return codes from MD in ssl code --- include/mbedtls/ssl_internal.h | 17 ++++ library/ssl_cli.c | 85 ++----------------- library/ssl_srv.c | 87 +++----------------- library/ssl_tls.c | 144 +++++++++++++++++++++++++++++++++ 4 files changed, 177 insertions(+), 156 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 756360b181..c39c02db28 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -610,6 +610,23 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t return( diff ); } +#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) +int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len ); +#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ + MBEDTLS_SSL_PROTO_TLS1_1 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) +int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg ); +#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ + MBEDTLS_SSL_PROTO_TLS1_2 */ + #ifdef __cplusplus } #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 86267f5c12..312e2ec515 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2490,60 +2490,11 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_1) if( md_alg == MBEDTLS_MD_NONE ) { - mbedtls_md5_context mbedtls_md5; - mbedtls_sha1_context mbedtls_sha1; - - mbedtls_md5_init( &mbedtls_md5 ); - hashlen = 36; - - /* - * digitally-signed struct { - * opaque md5_hash[16]; - * opaque sha_hash[20]; - * }; - * - * md5_hash - * MD5(ClientHello.random + ServerHello.random - * + ServerParams); - * sha_hash - * SHA(ClientHello.random + ServerHello.random - * + ServerParams); - */ - if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 || - ( ret = mbedtls_md5_update_ext( &mbedtls_md5, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_md5_update_ext( &mbedtls_md5, params, - params_len ) ) != 0 || - ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 ) - { - mbedtls_md5_free( &mbedtls_md5 ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params, + params_len ); + if( ret != 0 ) return( ret ); - } - - mbedtls_md5_free( &mbedtls_md5 ); - - mbedtls_sha1_init( &mbedtls_sha1 ); - - if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 || - ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, params, - params_len ) ) != 0 || - ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, - hash + 16 ) ) != 0 ) - { - mbedtls_sha1_free( &mbedtls_sha1 ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( ret ); - } - - mbedtls_sha1_free( &mbedtls_sha1 ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ @@ -2552,36 +2503,12 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_2) if( md_alg != MBEDTLS_MD_NONE ) { - mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - - mbedtls_md_init( &ctx ); - /* Info from md_alg will be used instead */ hashlen = 0; - - /* - * digitally-signed struct { - * opaque client_random[32]; - * opaque server_random[32]; - * ServerDHParams params; - * }; - */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 || - ( ret = mbedtls_md_starts( &ctx ) ) != 0 || - ( ret = mbedtls_md_update( &ctx, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_md_update( &ctx, params, params_len ) ) != 0 || - ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) - { - mbedtls_md_free( &ctx ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, params, + params_len, md_alg ); + if( ret != 0 ) return( ret ); - } - - mbedtls_md_free( &ctx ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f08a9bde10..ab687159da 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3096,57 +3096,12 @@ curve_matching_done: defined(MBEDTLS_SSL_PROTO_TLS1_1) if( md_alg == MBEDTLS_MD_NONE ) { - mbedtls_md5_context mbedtls_md5; - mbedtls_sha1_context mbedtls_sha1; - - mbedtls_md5_init( &mbedtls_md5 ); - - /* - * digitally-signed struct { - * opaque md5_hash[16]; - * opaque sha_hash[20]; - * }; - * - * md5_hash - * MD5(ClientHello.random + ServerHello.random - * + ServerParams); - * sha_hash - * SHA(ClientHello.random + ServerHello.random - * + ServerParams); - */ - - if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 || - ( ret = mbedtls_md5_update_ext( &mbedtls_md5, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_md5_update_ext( &mbedtls_md5, dig_signed, - dig_signed_len ) ) != 0 || - ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 ) - { - mbedtls_md5_free( &mbedtls_md5 ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret ); - return( ret ); - } - - mbedtls_md5_free( &mbedtls_md5 ); - - mbedtls_sha1_init( &mbedtls_sha1 ); - - if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 || - ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, dig_signed, - dig_signed_len ) ) != 0 || - ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, - hash + 16 ) ) != 0 ) - { - mbedtls_sha1_free( &mbedtls_sha1 ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret ); - return( ret ); - } - - mbedtls_sha1_free( &mbedtls_sha1 ); - hashlen = 36; + ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, + dig_signed, + dig_signed_len ); + if( ret != 0 ) + return( ret ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ @@ -3155,36 +3110,14 @@ curve_matching_done: defined(MBEDTLS_SSL_PROTO_TLS1_2) if( md_alg != MBEDTLS_MD_NONE ) { - mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - - mbedtls_md_init( &ctx ); - /* Info from md_alg will be used instead */ hashlen = 0; - - /* - * digitally-signed struct { - * opaque client_random[32]; - * opaque server_random[32]; - * ServerDHParams params; - * }; - */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 || - ( ret = mbedtls_md_starts( &ctx ) ) != 0 || - ( ret = mbedtls_md_update( &ctx, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_md_update( &ctx, dig_signed, - dig_signed_len ) ) != 0 || - ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) - { - mbedtls_md_free( &ctx ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret ); + ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, + dig_signed, + dig_signed_len, + md_alg ); + if( ret != 0 ) return( ret ); - } - - - mbedtls_md_free( &ctx ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b04917d141..f93537a2ca 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8043,4 +8043,148 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } +#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) +int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len ) +{ + int ret = 0; + mbedtls_md5_context mbedtls_md5; + mbedtls_sha1_context mbedtls_sha1; + + mbedtls_md5_init( &mbedtls_md5 ); + mbedtls_sha1_init( &mbedtls_sha1 ); + + /* + * digitally-signed struct { + * opaque md5_hash[16]; + * opaque sha_hash[20]; + * }; + * + * md5_hash + * MD5(ClientHello.random + ServerHello.random + * + ServerParams); + * sha_hash + * SHA(ClientHello.random + ServerHello.random + * + ServerParams); + */ + if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_md5_update_ext( &mbedtls_md5, + ssl->handshake->randbytes, 64 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_md5_update_ext( &mbedtls_md5, data, data_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, output ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ext", ret ); + goto exit; + } + + if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, + ssl->handshake->randbytes, 64 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, data, + data_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, + output + 16 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ext", ret ); + goto exit; + } + +exit: + mbedtls_md5_free( &mbedtls_md5 ); + mbedtls_sha1_free( &mbedtls_sha1 ); + + if( ret != 0 ) + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + + return( ret ); + +} +#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ + MBEDTLS_SSL_PROTO_TLS1_1 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) +int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg ) +{ + int ret = 0; + mbedtls_md_context_t ctx; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + + mbedtls_md_init( &ctx ); + + /* + * digitally-signed struct { + * opaque client_random[32]; + * opaque server_random[32]; + * ServerDHParams params; + * }; + */ + if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + goto exit; + } + if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret ); + goto exit; + } + if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + goto exit; + } + if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + goto exit; + } + if( ( ret = mbedtls_md_finish( &ctx, output ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret ); + goto exit; + } + +exit: + mbedtls_md_free( &ctx ); + + if( ret != 0 ) + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + + return( ret ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ + MBEDTLS_SSL_PROTO_TLS1_2 */ + #endif /* MBEDTLS_SSL_TLS_C */ From 42e5e1084eeecf4b80cfba3557388b4d0942772c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 16:27:03 +0100 Subject: [PATCH 0088/1059] Add goto cleanup; for consistency md.c --- library/md.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/md.c b/library/md.c index a84f3042de..625b34c5e2 100644 --- a/library/md.c +++ b/library/md.c @@ -358,8 +358,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) goto cleanup; - ret = ctx->md_info->update_func( ctx->md_ctx, ipad, - ctx->md_info->block_size ); + if( ( ret = ctx->md_info->update_func( ctx->md_ctx, ipad, + ctx->md_info->block_size ) ) != 0 ) + goto cleanup; cleanup: mbedtls_zeroize( sum, sizeof( sum ) ); From 3395250f5fb8a996d1a85621446dc752d62f1785 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 16:29:16 +0100 Subject: [PATCH 0089/1059] Fix use of uninitialised ret ssl_tls.c --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f93537a2ca..0f7d015d80 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -221,7 +221,7 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ) { - int ret; + int ret = 0; size_t i; mbedtls_md5_context md5; mbedtls_sha1_context sha1; From b2b063ff3538f1a8f8a027009712e67b5a5fc4a9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 16:45:24 +0100 Subject: [PATCH 0090/1059] Add comment in entropy.c --- library/entropy.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/entropy.c b/library/entropy.c index 67ec9010c1..baca87cf71 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -366,6 +366,11 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + /* + * Note that at this stage it is assumed that the accumulator was started + * in a previous call to entropy_update(). If this is not guaranteed, the + * code below will fail. + */ if( ( ret = mbedtls_sha512_finish_ext( &ctx->accumulator, buf ) ) != 0 ) goto exit; From aa464ef23a49e386515e5245c444f202e45e2e4f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 14:21:53 +0100 Subject: [PATCH 0091/1059] Fix indentation and add goto cleanup; stmt --- library/md.c | 3 ++- library/ripemd160.c | 4 ++-- library/sha256.c | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/md.c b/library/md.c index 625b34c5e2..cec4243fd2 100644 --- a/library/md.c +++ b/library/md.c @@ -436,7 +436,8 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, goto cleanup; if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 ) goto cleanup; - ret = mbedtls_md_hmac_finish( &ctx, output ); + if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 ) + goto cleanup; cleanup: mbedtls_md_free( &ctx ); diff --git a/library/ripemd160.c b/library/ripemd160.c index 0fc12a1ffd..bf5058fe98 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -378,11 +378,11 @@ int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, ret = mbedtls_ripemd160_update_ext( ctx, ripemd160_padding, padn ); if( ret != 0 ) - return( ret ); + return( ret ); ret = mbedtls_ripemd160_update_ext( ctx, msglen, 8 ); if( ret != 0 ) - return( ret ); + return( ret ); PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); diff --git a/library/sha256.c b/library/sha256.c index fb03cd1dcc..0e24d69828 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -320,10 +320,10 @@ int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); if( ( ret = mbedtls_sha256_update_ext( ctx, sha256_padding, padn ) ) != 0 ) - return( ret ); + return( ret ); if( ( ret = mbedtls_sha256_update_ext( ctx, msglen, 8 ) ) != 0 ) - return( ret ); + return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); PUT_UINT32_BE( ctx->state[1], output, 4 ); From 2d0aa8be97bad9e8d65276716833f1e6d117c5b2 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 14:57:26 +0100 Subject: [PATCH 0092/1059] Fix MD selftest to use correct type and expose ret --- library/md2.c | 20 ++++++++++++++------ library/md4.c | 20 ++++++++++++++------ library/md5.c | 15 +++++++++------ library/ripemd160.c | 31 +++++++++++++++++-------------- library/sha1.c | 2 +- library/sha256.c | 2 +- library/sha512.c | 2 +- 7 files changed, 57 insertions(+), 35 deletions(-) diff --git a/library/md2.c b/library/md2.c index 8d887a1020..06d6ac288a 100644 --- a/library/md2.c +++ b/library/md2.c @@ -248,7 +248,7 @@ exit: /* * RFC 1319 test vectors */ -static const char md2_test_str[7][81] = +static const unsigned char md2_test_str[7][81] = { { "" }, { "a" }, @@ -256,10 +256,15 @@ static const char md2_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" \ + { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } }; +static const size_t md2_test_strlen[7] = +{ + 0, 1, 3, 14, 26, 62, 80 +}; + static const unsigned char md2_test_sum[7][16] = { { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D, @@ -283,7 +288,7 @@ static const unsigned char md2_test_sum[7][16] = */ int mbedtls_md2_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char md2sum[16]; for( i = 0; i < 7; i++ ) @@ -291,12 +296,15 @@ int mbedtls_md2_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD2 test #%d: ", i + 1 ); - if( mbedtls_md2_ext( (unsigned char *)md2_test_str[i], - strlen( md2_test_str[i] ), md2sum ) != 0 ) + ret = mbedtls_md2_ext( md2_test_str[i], md2_test_strlen[i], md2sum ); + if( ret != 0 ) goto fail; if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -311,7 +319,7 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/md4.c b/library/md4.c index 1121fd1906..f5972eb63b 100644 --- a/library/md4.c +++ b/library/md4.c @@ -352,7 +352,7 @@ exit: /* * RFC 1320 test vectors */ -static const char md4_test_str[7][81] = +static const unsigned char md4_test_str[7][81] = { { "" }, { "a" }, @@ -360,10 +360,15 @@ static const char md4_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" \ + { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } }; +static const size_t md4_test_strlen[7] = +{ + 0, 1, 3, 14, 26, 62, 80 +}; + static const unsigned char md4_test_sum[7][16] = { { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31, @@ -387,7 +392,7 @@ static const unsigned char md4_test_sum[7][16] = */ int mbedtls_md4_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char md4sum[16]; for( i = 0; i < 7; i++ ) @@ -395,12 +400,15 @@ int mbedtls_md4_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD4 test #%d: ", i + 1 ); - if( mbedtls_md4_ext( (unsigned char *) md4_test_str[i], - strlen( md4_test_str[i] ), md4sum ) != 0 ) + ret = mbedtls_md4_ext( md4_test_str[i], md4_test_strlen[i], md4sum ); + if( ret != 0 ) goto fail; if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -415,7 +423,7 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/md5.c b/library/md5.c index 93f6434a12..68a112ab78 100644 --- a/library/md5.c +++ b/library/md5.c @@ -373,11 +373,11 @@ static const unsigned char md5_test_buf[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" \ + { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } }; -static const int md5_test_buflen[7] = +static const size_t md5_test_buflen[7] = { 0, 1, 3, 14, 26, 62, 80 }; @@ -405,7 +405,7 @@ static const unsigned char md5_test_sum[7][16] = */ int mbedtls_md5_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char md5sum[16]; for( i = 0; i < 7; i++ ) @@ -413,12 +413,15 @@ int mbedtls_md5_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD5 test #%d: ", i + 1 ); - if( mbedtls_md5_ext( md5_test_buf[i], - md5_test_buflen[i], md5sum ) != 0 ) + ret = mbedtls_md5_ext( md5_test_buf[i], md5_test_buflen[i], md5sum ); + if( ret != 0 ) goto fail; if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -433,7 +436,7 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/ripemd160.c b/library/ripemd160.c index bf5058fe98..274a7c9c7e 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -426,18 +426,22 @@ exit: * http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC */ #define TESTS 8 -#define KEYS 2 -static const char *ripemd160_test_input[TESTS] = +static const unsigned char ripemd160_test_str[TESTS][81] = { - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890", + { "" }, + { "a" }, + { "abc" }, + { "message digest" }, + { "abcdefghijklmnopqrstuvwxyz" }, + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, + { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, + { "12345678901234567890123456789012345678901234567890123456789012" + "345678901234567890" }, +}; + +static const size_t ripemd160_test_strlen[TESTS] = +{ + 0, 1, 3, 14, 26, 56, 62, 80 }; static const unsigned char ripemd160_test_md[TESTS][20] = @@ -475,9 +479,8 @@ int mbedtls_ripemd160_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); - ret = mbedtls_ripemd160_ext( - (const unsigned char *)ripemd160_test_input[i], - strlen( ripemd160_test_input[i] ), output ); + ret = mbedtls_ripemd160_ext( ripemd160_test_str[i], + ripemd160_test_strlen[i], output ); if( ret != 0 ) goto fail; diff --git a/library/sha1.c b/library/sha1.c index 42f3d6cd54..8d38950356 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -405,7 +405,7 @@ static const unsigned char sha1_test_buf[3][57] = { "" } }; -static const int sha1_test_buflen[3] = +static const size_t sha1_test_buflen[3] = { 3, 56, 1000 }; diff --git a/library/sha256.c b/library/sha256.c index 0e24d69828..b765697929 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -380,7 +380,7 @@ static const unsigned char sha256_test_buf[3][57] = { "" } }; -static const int sha256_test_buflen[3] = +static const size_t sha256_test_buflen[3] = { 3, 56, 1000 }; diff --git a/library/sha512.c b/library/sha512.c index b1947f1ea0..d0faba9416 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -418,7 +418,7 @@ static const unsigned char sha512_test_buf[3][113] = { "" } }; -static const int sha512_test_buflen[3] = +static const size_t sha512_test_buflen[3] = { 3, 112, 1000 }; From 7e8e57c6d1192d7cf867166935a0d66e6e71743f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:19:29 +0100 Subject: [PATCH 0093/1059] Initialize RSA context in RSA test suite before first potentially failing operation The function `mbedtls_rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context, potentially resulting in a segmentation fault. Fixes one aspect of #1023. --- tests/suites/test_suite_rsa.function | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d48bc8595e..e9ae1bf96f 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -667,13 +667,12 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) const char *pers = "test_suite_rsa"; mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); + mbedtls_rsa_init ( &ctx, 0, 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) == 0 ); - mbedtls_rsa_init( &ctx, 0, 0 ); - TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); if( result == 0 ) { From 1b841cc9bf8f4756938946cce312f4dbff8bd87a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:22:45 +0100 Subject: [PATCH 0094/1059] Correct typo in entropy test suite data --- tests/suites/test_suite_entropy.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index e0dfae32aa..5cff399849 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -34,10 +34,10 @@ entropy_threshold:16:2:8 Entropy threshold #2 entropy_threshold:32:1:32 -Entropy thershold #3 +Entropy threshold #3 entropy_threshold:16:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -Entropy thershold #4 +Entropy threshold #4 entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED Check NV seed standard IO From 910f662cd7e804b5ecff9abb97d0e216122a675d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:23:24 +0100 Subject: [PATCH 0095/1059] Increase readability of verbose test suite output --- tests/suites/main_test.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index a7bb41de35..fe49bdfd80 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -432,24 +432,24 @@ int main(int argc, const char *argv[]) if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) { total_skipped++; - mbedtls_fprintf( stdout, "----\n" ); + mbedtls_fprintf( stdout, "----" ); if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE ) { - mbedtls_fprintf( stdout, " Test Suite not enabled" ); + mbedtls_fprintf( stdout, "\n Test Suite not enabled" ); } if( 1 == option_verbose && unmet_dep_count > 0 ) { - mbedtls_fprintf( stdout, " Unmet dependencies: " ); + mbedtls_fprintf( stdout, "\n Unmet dependencies: " ); for( i = 0; i < unmet_dep_count; i++ ) { mbedtls_fprintf(stdout, "%s ", unmet_dependencies[i]); free(unmet_dependencies[i]); } - mbedtls_fprintf( stdout, "\n" ); } + mbedtls_fprintf( stdout, "\n" ); fflush( stdout ); unmet_dep_count = 0; From 75efa792013d00bc35fab91e28cc0ebd29a86f71 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:23:43 +0100 Subject: [PATCH 0096/1059] Adapt generic test suite file to coding standard --- tests/suites/main_test.function | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index fe49bdfd80..5d1e9ecf02 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -396,7 +396,7 @@ int main(int argc, const char *argv[]) break; cnt = parse_arguments( buf, strlen(buf), params ); } - + // If there are no unmet dependencies execute the test if( unmet_dep_count == 0 ) { @@ -462,22 +462,22 @@ int main(int argc, const char *argv[]) else if( ret == DISPATCH_INVALID_TEST_DATA ) { mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); - fclose(file); + fclose( file ); mbedtls_exit( 2 ); } else total_errors++; - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 ) break; - if( strlen(buf) != 0 ) + if( strlen( buf ) != 0 ) { mbedtls_fprintf( stderr, "Should be empty %d\n", - (int) strlen(buf) ); + (int) strlen( buf ) ); return( 1 ); } } - fclose(file); + fclose( file ); /* In case we encounter early end of file */ for( i = 0; i < unmet_dep_count; i++ ) @@ -508,4 +508,3 @@ int main(int argc, const char *argv[]) return( total_errors != 0 ); } - From f058f34b5a892e73c0fe465e3180feab4659080a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:24:22 +0100 Subject: [PATCH 0097/1059] Support negative dependencies in test cases The entropy test suite uses a negative dependency "depends_on:!CONFIG_FLAG" for one of its tests. This kind of dependency (running a test only if some configuration flag is not defined) is currently not supported and instead results in the respective test case being dropped. This commit adds support for negative dependencies in test cases. --- tests/scripts/generate_code.pl | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 84e949dfad..f803a803de 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -312,7 +312,7 @@ END # and make check code my $dep_check_code; -my @res = $test_data =~ /^depends_on:([\w:]+)/msg; +my @res = $test_data =~ /^depends_on:([!:\w]+)/msg; my %case_deps; foreach my $deps (@res) { @@ -323,7 +323,23 @@ foreach my $deps (@res) } while( my ($key, $value) = each(%case_deps) ) { - $dep_check_code .= << "END"; + if( substr($key, 0, 1) eq "!" ) + { + my $key = substr($key, 1); + $dep_check_code .= << "END"; + if( strcmp( str, "!$key" ) == 0 ) + { +#if !defined($key) + return( DEPENDENCY_SUPPORTED ); +#else + return( DEPENDENCY_NOT_SUPPORTED ); +#endif + } +END + } + else + { + $dep_check_code .= << "END"; if( strcmp( str, "$key" ) == 0 ) { #if defined($key) @@ -333,6 +349,7 @@ while( my ($key, $value) = each(%case_deps) ) #endif } END + } } # Make mapping code From c6deafc0d495b3e80cd42cf8de451960f6e2190d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 14:06:42 +0100 Subject: [PATCH 0098/1059] Omit RSA key generation test if no strong entropy is present The RSA key generation test needs strong entropy to succeed. This commit captures the presence of a strong entropy source in a preprocessor flag and only runs the key generation test if that flag is set. --- include/mbedtls/entropy.h | 10 ++++++++++ library/entropy.c | 3 +++ tests/suites/test_suite_entropy.data | 8 ++++++-- tests/suites/test_suite_rsa.function | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 747aca4dfa..b374b34eca 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -55,6 +55,16 @@ #define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D /**< No strong sources have been added to poll. */ #define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F /**< Read/write error in file. */ +/* Indicates whether at least one standard strong entropy source is enabled. */ +#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ + ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ + ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ + defined(MBEDTLS_HAVEGE_C) || \ + defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + defined(ENTROPY_NV_SEED) ) ) +#define MBEDTLS_ENTROPY_HAVE_STRONG +#endif + /** * \name SECTION: Module settings * diff --git a/library/entropy.c b/library/entropy.c index d4d1b27b7f..4de168250a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -83,6 +83,9 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_havege_init( &ctx->havege_data ); #endif + /* Reminder: Update MBEDTLS_ENTROPY_HAVE_STRONG when + * adding more strong entropy sources here. */ + #if defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 5cff399849..bf9ce49edf 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -52,10 +52,14 @@ entropy_nv_seed:"000000000000000000000000000000000000000000000000000000000000000 Check NV seed manually #3 entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" -Entropy self test -depends_on:!MBEDTLS_TEST_NULL_ENTROPY +Entropy self test (with strong entropy) +depends_on:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_ENTROPY_HAVE_STRONG entropy_selftest:0 +Entropy self test (without strong entropy) +depends_on:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_ENTROPY_HAVE_STRONG +entropy_selftest:1 + Entropy self test (MBEDTLS_TEST_NULL_ENTROPY) depends_on:MBEDTLS_TEST_NULL_ENTROPY entropy_selftest:1 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e9ae1bf96f..f64e1a73aa 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -658,7 +658,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_HAVE_STRONG */ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) { mbedtls_rsa_context ctx; From 47deec488f8da931ee82961d47c5e6eb9ffb94c4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 24 Jul 2017 12:27:09 +0100 Subject: [PATCH 0099/1059] Move flag indicating presence of strong entropy to test code --- include/mbedtls/entropy.h | 10 ---------- library/entropy.c | 4 ++-- tests/suites/helpers.function | 16 +++++++++++++++- tests/suites/test_suite_entropy.data | 8 ++------ tests/suites/test_suite_entropy.function | 6 +++--- tests/suites/test_suite_rsa.function | 1 + 6 files changed, 23 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index b374b34eca..747aca4dfa 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -55,16 +55,6 @@ #define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D /**< No strong sources have been added to poll. */ #define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F /**< Read/write error in file. */ -/* Indicates whether at least one standard strong entropy source is enabled. */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ - ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ - ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ - defined(MBEDTLS_HAVEGE_C) || \ - defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ - defined(ENTROPY_NV_SEED) ) ) -#define MBEDTLS_ENTROPY_HAVE_STRONG -#endif - /** * \name SECTION: Module settings * diff --git a/library/entropy.c b/library/entropy.c index 4de168250a..10449b8d0a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -83,8 +83,8 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_havege_init( &ctx->havege_data ); #endif - /* Reminder: Update MBEDTLS_ENTROPY_HAVE_STRONG when - * adding more strong entropy sources here. */ + /* Reminder: Update MBEDTLS_ENTROPY_HAVE_STRONG in the test files + * when adding more strong entropy sources here. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 63815df852..39cd3c7687 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -102,6 +102,21 @@ typedef UINT32 uint32_t; static int test_errors = 0; +/*----------------------------------------------------------------------------*/ +/* Helper flags for complex dependencies */ + +/* Indicates whether we expect mbedtls_entropy_init + * to initialize some strong entropy source. */ +#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ + ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ + ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ + defined(MBEDTLS_HAVEGE_C) || \ + defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + defined(ENTROPY_NV_SEED) ) ) +#define MBEDTLS_ENTROPY_HAVE_STRONG +#endif + + /*----------------------------------------------------------------------------*/ /* Helper Functions */ @@ -401,4 +416,3 @@ static void test_fail( const char *test, int line_no, const char* filename ) mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", test, line_no, filename ); } - diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index bf9ce49edf..5cff399849 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -52,14 +52,10 @@ entropy_nv_seed:"000000000000000000000000000000000000000000000000000000000000000 Check NV seed manually #3 entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" -Entropy self test (with strong entropy) -depends_on:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_ENTROPY_HAVE_STRONG +Entropy self test +depends_on:!MBEDTLS_TEST_NULL_ENTROPY entropy_selftest:0 -Entropy self test (without strong entropy) -depends_on:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_ENTROPY_HAVE_STRONG -entropy_selftest:1 - Entropy self test (MBEDTLS_TEST_NULL_ENTROPY) depends_on:MBEDTLS_TEST_NULL_ENTROPY entropy_selftest:1 diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 97a21bc18b..7983c767ee 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -163,7 +163,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG */ void entropy_func_len( int len, int ret ) { mbedtls_entropy_context ctx; @@ -224,7 +224,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG */ void entropy_threshold( int threshold, int chunk_size, int result ) { mbedtls_entropy_context ctx; @@ -377,7 +377,7 @@ void entropy_nv_seed( char *read_seed_str ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */ void entropy_selftest( int result ) { TEST_ASSERT( mbedtls_entropy_self_test( 1 ) == result ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f64e1a73aa..f41b14cc3f 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -8,6 +8,7 @@ #include "mbedtls/sha512.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" + /* END_HEADER */ /* BEGIN_DEPENDENCIES From efdfeeba6a97b0c1f9d28fe5972263d8e0a6c70d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 12:15:13 +0100 Subject: [PATCH 0100/1059] Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA --- tests/ssl-opt.sh | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d7e0b8c013..92acd4e1f2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,7 +2106,7 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -: ${MAX_IM_CA:='20'} +: ${MAX_IM_CA:='19'} MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 34164a83fc..0dfdd61c22 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -7,7 +7,7 @@ #include "mbedtls/oid.h" #include "mbedtls/base64.h" -#if MBEDTLS_X509_MAX_INTERMEDIATE_CA >= 19 +#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 #error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ than the current threshold 19. To test larger values, please \ adapt the script tests/data_files/dir-max/long.sh." From bcfa6f42e3da922d13722fe912dcb772649e501c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 15:59:35 +0100 Subject: [PATCH 0101/1059] Fix the check for max CA intermediates in ssl-opt.sh The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA so the check has been changed to confirm the default value, and to show an error otherwise. --- tests/ssl-opt.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 92acd4e1f2..280fc63486 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,22 +2106,17 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -: ${MAX_IM_CA:='19'} +MAX_IM_CA='8' MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) -if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then +if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then printf "The ${CONFIG_H} file contains a value for the configuration of\n" - printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is greater than the script’s\n" + printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" printf "test value of ${MAX_IM_CA}. \n" printf "\n" - printf "By default, this value cannot be higher as there are insufficient\n" - printf "test certificate files available to test with.\n" + printf "The tests assume this value and if it changes, the tests in this\n" + printf "script should also be adjusted.\n" printf "\n" - printf "To generate additional test certificates use the script:\n" - printf " tests/data_files/dir-maxpath/long.sh\n" - printf "\n" - printf "To test using an alternative value, please set the environment variable\n" - printf "MAX_IM_CA or change the default value in the script tests/ssl-opt.sh.\n" exit 1 fi From c6f346b60cc15e392eb9cb3927fbff1169a0d9a7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 28 Jul 2017 16:36:51 +0100 Subject: [PATCH 0102/1059] Fix get option in config.pl script --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 2757f17fe3..406413bd52 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -205,7 +205,7 @@ for my $line (@config_lines) { $done = 1; } } elsif (!$done && $action eq "get") { - if ($line =~ /^\s*#define\s*$name\s*(.*)\s*\b/) { + if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) { $value = $1; $done = 1; } From c08d9ddd55f192dec6537fa10ee303628af59ee0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 0103/1059] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 55cccd5e65..f3fa22c004 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From d5a75f44a16ed54605ee327886c52d90aa0351dd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 0104/1059] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f3fa22c004..ecbbb4c8bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 368d55c549b27a258949162e1a8fd2cd0f559111 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 0105/1059] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ecbbb4c8bf..e7c42737e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 7faf92a2febc1483e678f9ca477346094767dad8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 0106/1059] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index e7c42737e3..59bdfaef6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From a207e750892e140860480b41f7745b0de22a52b7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 0107/1059] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 59bdfaef6e..8db6551c5d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From f16ce1cfb7bd60e220bd772248da0b207c9a1412 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 0108/1059] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 ++++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 0000000000..d0ed4a38f9 --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 0000000000..6b2da10ed1 --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh From e9b3f7ea3f0288e4d15dde069abbee1776c904ce Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 0109/1059] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f9..f78df991d5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 13067fca9d78ca30d18d0ddbc80b761e76f21aca Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 0110/1059] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d5..400d63ee55 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From cf61d7d9921db0b94f0b2da10b34affc09a0a7e5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 0111/1059] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee55..6bd9110c51 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed1..ee54a6cffe 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From 2dfb02151d0e5de147beeccd0bc88492409171dd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 0112/1059] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- test/git-scripts/README.md | 16 ------------ test/git-scripts/pre-push.sh | 47 ------------------------------------ 2 files changed, 63 deletions(-) delete mode 100644 test/git-scripts/README.md delete mode 100755 test/git-scripts/pre-push.sh diff --git a/test/git-scripts/README.md b/test/git-scripts/README.md deleted file mode 100644 index 6bd9110c51..0000000000 --- a/test/git-scripts/README.md +++ /dev/null @@ -1,16 +0,0 @@ -README for git hooks script -=========================== -git has a way to run scripts, which are invoked by specific git commands. -The git hooks are located in `/.git/hooks`, and as such are not under version control -for more information, see the [git documentation](https://git-scm.com/docs/githooks). - -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. - -Example: - -Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` - -**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** - -These scripts can also be used independently. diff --git a/test/git-scripts/pre-push.sh b/test/git-scripts/pre-push.sh deleted file mode 100755 index ee54a6cffe..0000000000 --- a/test/git-scripts/pre-push.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# pre-push.sh -# -# This file is part of mbed TLS (https://tls.mbed.org) -# -# Copyright (c) 2017, ARM Limited, All Rights Reserved -# -# Purpose -# -# Called by "git push" after it has checked the remote status, but before anything has been -# pushed. If this script exits with a non-zero status nothing will be pushed. -# This script can also be used independently, not using git. -# -# This hook is called with the following parameters: -# -# $1 -- Name of the remote to which the push is being done -# $2 -- URL to which the push is being done -# -# If pushing without using a named remote those arguments will be equal. -# -# Information about the commits which are being pushed is supplied as lines to -# the standard input in the form: -# -# -# - -REMOTE="$1" -URL="$2" - -echo "REMOTE is $REMOTE" -echo "URL is $URL" - -set -eu - -run_test() -{ - TEST=$1 - echo "running '$TEST'" - if ! `$TEST > /dev/null 2>&1`; then - echo "test '$TEST' failed" - return 1 - fi -} - -run_test ./tests/scripts/check-doxy-blocks.pl -run_test ./tests/scripts/check-names.sh -run_test ./tests/scripts/check-generated-files.sh From ce49a250333ff25ca896108bc3f953cbb21f9638 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 0113/1059] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db6551c5d..59a1c0d638 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 6b171e4aec10ccde54196cede7496a4295d7f13d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 0114/1059] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 59a1c0d638..1b1028bff0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -237,6 +237,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From f601ec5f34a3795bd32b2f0113d7479812f2928c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:22:17 +0100 Subject: [PATCH 0115/1059] Reliably zeroize sensitive data in Crypt-and-Hash sample application The AES sample application programs/aes/crypt_and_hash could miss zeroizing the stack-based key buffer in case of an error during operation. This commit fixes this and also clears all command line arguments (one of which might be the key) before exit. --- programs/aes/crypt_and_hash.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index adb95e03ca..a16e91e188 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -224,8 +224,6 @@ int main( int argc, char *argv[] ) } } - memset( argv[6], 0, strlen( argv[6] ) ); - #if defined(_WIN32_WCE) filesize = fseek( fin, 0L, SEEK_END ); #else @@ -303,8 +301,6 @@ int main( int argc, char *argv[] ) } - memset( key, 0, sizeof( key ) ); - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, MBEDTLS_ENCRYPT ) != 0 ) { @@ -444,8 +440,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &md_ctx, digest ); } - memset( key, 0, sizeof( key ) ); - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, MBEDTLS_DECRYPT ) != 0 ) { @@ -540,7 +534,16 @@ exit: if( fout ) fclose( fout ); + /* Zeroize all command line arguments to also cover + the case when the user has missed or reordered some, + in which case the key might not be in argv[6]. */ + for( i = 0; i < argc; i++ ) + memset( argv[i], 0, strlen( argv[i] ) ); + + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); memset( buffer, 0, sizeof( buffer ) ); + memset( output, 0, sizeof( output ) ); memset( digest, 0, sizeof( digest ) ); mbedtls_cipher_free( &cipher_ctx ); From ce37e6269ed709ad08da0924cb5e6635ebf36860 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:24:34 +0100 Subject: [PATCH 0116/1059] Reliably zeroize sensitive data in AES sample application The AES sample application programs/aes/aescrypt2 could miss zeroizing the stack-based key buffer in case of an error during operation. This commit fixes this and also clears another temporary buffer as well as all command line arguments (one of which might be the key) before exit. --- programs/aes/aescrypt2.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index c77d77f5fb..7cd3349fe7 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -79,7 +79,9 @@ int main( int argc, char *argv[] ) FILE *fkey, *fin = NULL, *fout = NULL; char *p; + unsigned char IV[16]; + unsigned char tmp[16]; unsigned char key[512]; unsigned char digest[32]; unsigned char buffer[1024]; @@ -123,10 +125,10 @@ int main( int argc, char *argv[] ) } mode = atoi( argv[1] ); - memset(IV, 0, sizeof(IV)); - memset(key, 0, sizeof(key)); - memset(digest, 0, sizeof(digest)); - memset(buffer, 0, sizeof(buffer)); + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); + memset( digest, 0, sizeof( digest ) ); + memset( buffer, 0, sizeof( buffer ) ); if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT ) { @@ -185,8 +187,6 @@ int main( int argc, char *argv[] ) } } - memset( argv[4], 0, strlen( argv[4] ) ); - #if defined(_WIN32_WCE) filesize = fseek( fin, 0L, SEEK_END ); #else @@ -272,7 +272,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &sha_ctx, digest ); } - memset( key, 0, sizeof( key ) ); mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 ); mbedtls_md_hmac_starts( &sha_ctx, digest, 32 ); @@ -319,7 +318,6 @@ int main( int argc, char *argv[] ) if( mode == MODE_DECRYPT ) { - unsigned char tmp[16]; /* * The encrypted file must be structured as follows: @@ -374,7 +372,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &sha_ctx, digest ); } - memset( key, 0, sizeof( key ) ); mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 ); mbedtls_md_hmac_starts( &sha_ctx, digest, 32 ); @@ -441,6 +438,15 @@ exit: if( fout ) fclose( fout ); + /* Zeroize all command line arguments to also cover + the case when the user has missed or reordered some, + in which case the key might not be in argv[4]. */ + for( i = 0; i < (unsigned int) argc; i++ ) + memset( argv[i], 0, strlen( argv[i] ) ); + + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); + memset( tmp, 0, sizeof( tmp ) ); memset( buffer, 0, sizeof( buffer ) ); memset( digest, 0, sizeof( digest ) ); From 7ec83df47fe478781b6b2e104a1e2c1feb69bfb8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:26:53 +0100 Subject: [PATCH 0117/1059] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1b1028bff0..6bf2a5a6d8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,9 @@ Security (default: 8) intermediates, even when it was not trusted. Could be triggered remotely on both sides. (With auth_mode set to required (default), the handshake was correctly aborted.) + * Realiably zeroize sensitive data after use in AES example applications + programs/aes/aescrypt2 and programs/aes/crypt_and_hash. + Found by Laurent Simon. Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 840bace4176a89553d42468b8f58b5b75118594f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 11:36:21 +0100 Subject: [PATCH 0118/1059] Correct comment --- programs/aes/aescrypt2.c | 3 +-- programs/aes/crypt_and_hash.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 7cd3349fe7..4acf38dd74 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -155,7 +155,7 @@ int main( int argc, char *argv[] ) } /* - * Read the secret key and clean the command line. + * Read the secret key from file or command line */ if( ( fkey = fopen( argv[4], "rb" ) ) != NULL ) { @@ -318,7 +318,6 @@ int main( int argc, char *argv[] ) if( mode == MODE_DECRYPT ) { - /* * The encrypted file must be structured as follows: * diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a16e91e188..0e272ebe48 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -192,7 +192,7 @@ int main( int argc, char *argv[] ) } /* - * Read the secret key and clean the command line. + * Read the secret key from file or command line */ if( ( fkey = fopen( argv[6], "rb" ) ) != NULL ) { From 61937d4a83db6b5d976ca45e3517336809db2539 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 Apr 2017 15:01:23 +0100 Subject: [PATCH 0119/1059] Rename time and index parameter to avoid name conflict. As noted in #557, several functions use 'index' resp. 'time' as parameter names in their declaration and/or definition, causing name conflicts with the functions in the C standard library of the same name some compilers warn about. This commit renames the arguments accordingly. --- ChangeLog | 2 ++ include/mbedtls/ecp.h | 4 ++-- include/mbedtls/x509.h | 10 +++++----- library/cmac.c | 6 +++--- library/entropy.c | 14 ++++++------- library/x509.c | 44 ++++++++++++++++++++--------------------- library/x509write_crt.c | 8 ++++---- 7 files changed, 45 insertions(+), 43 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6bf2a5a6d8..fb8d32143a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -172,6 +172,8 @@ Bugfix The PK and RSA modules use different types for passing hash length and without these checks the type cast could lead to data loss. Found by Guido Vranken. + * Avoid shadowing of time and index functions through mbed TLS function + arguments. Found by inestlerode. Fixes #557. = mbed TLS 2.4.2 branch released 2017-03-08 diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index bf9abeff6b..dad9aef002 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -461,7 +461,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \brief Set a group using well-known domain parameters * * \param grp Destination group - * \param index Index in the list of well-known domain parameters + * \param id Index in the list of well-known domain parameters * * \return 0 if successful, * MBEDTLS_ERR_MPI_XXX if initialization failed @@ -470,7 +470,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \note Index should be a value of RFC 4492's enum NamedCurve, * usually in the form of a MBEDTLS_ECP_DP_XXX macro. */ -int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index ); +int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** * \brief Set a group from a TLS ECParameters record diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 128eaded6f..d7e318dfdc 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -247,12 +247,12 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se * \note Intended usage is "if( is_past( valid_to ) ) ERROR". * Hence the return value of 1 if on internal errors. * - * \param time mbedtls_x509_time to check + * \param to mbedtls_x509_time to check * * \return 1 if the given time is in the past or an error occured, * 0 otherwise. */ -int mbedtls_x509_time_is_past( const mbedtls_x509_time *time ); +int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); /** * \brief Check a given mbedtls_x509_time against the system time @@ -261,12 +261,12 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *time ); * \note Intended usage is "if( is_future( valid_from ) ) ERROR". * Hence the return value of 1 if on internal errors. * - * \param time mbedtls_x509_time to check + * \param from mbedtls_x509_time to check * * \return 1 if the given time is in the future or an error occured, * 0 otherwise. */ -int mbedtls_x509_time_is_future( const mbedtls_x509_time *time ); +int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); /** * \brief Checkup routine @@ -295,7 +295,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts ); int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *time ); + mbedtls_x509_time *t ); int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial ); int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, diff --git a/library/cmac.c b/library/cmac.c index 035ad071d4..6df56aa9a8 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -169,10 +169,10 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1, const unsigned char *input2, const size_t block_size ) { - size_t index; + size_t idx; - for( index = 0; index < block_size; index++ ) - output[ index ] = input1[ index ] ^ input2[ index ]; + for( idx = 0; idx < block_size; idx++ ) + output[ idx ] = input1[ idx ] ^ input2[ idx ]; } /* diff --git a/library/entropy.c b/library/entropy.c index d4d1b27b7f..23de4062a4 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -132,24 +132,24 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, mbedtls_entropy_f_source_ptr f_source, void *p_source, size_t threshold, int strong ) { - int index, ret = 0; + int idx, ret = 0; #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) return( ret ); #endif - index = ctx->source_count; - if( index >= MBEDTLS_ENTROPY_MAX_SOURCES ) + idx = ctx->source_count; + if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES ) { ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES; goto exit; } - ctx->source[index].f_source = f_source; - ctx->source[index].p_source = p_source; - ctx->source[index].threshold = threshold; - ctx->source[index].strong = strong; + ctx->source[idx].f_source = f_source; + ctx->source[idx].p_source = p_source; + ctx->source[idx].threshold = threshold; + ctx->source[idx].strong = strong; ctx->source_count++; diff --git a/library/x509.c b/library/x509.c index 88e32b067e..e94a8a329f 100644 --- a/library/x509.c +++ b/library/x509.c @@ -496,25 +496,25 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res ) return( 0 ); } -static int x509_date_is_valid(const mbedtls_x509_time *time) +static int x509_date_is_valid(const mbedtls_x509_time *t) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; - CHECK_RANGE( 0, 9999, time->year ); - CHECK_RANGE( 0, 23, time->hour ); - CHECK_RANGE( 0, 59, time->min ); - CHECK_RANGE( 0, 59, time->sec ); + CHECK_RANGE( 0, 9999, t->year ); + CHECK_RANGE( 0, 23, t->hour ); + CHECK_RANGE( 0, 59, t->min ); + CHECK_RANGE( 0, 59, t->sec ); - switch( time->mon ) + switch( t->mon ) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: - CHECK_RANGE( 1, 31, time->day ); + CHECK_RANGE( 1, 31, t->day ); break; case 4: case 6: case 9: case 11: - CHECK_RANGE( 1, 30, time->day ); + CHECK_RANGE( 1, 30, t->day ); break; case 2: - CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day ); + CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day ); break; default: return( ret ); @@ -528,7 +528,7 @@ static int x509_date_is_valid(const mbedtls_x509_time *time) * field. */ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, - mbedtls_x509_time *time ) + mbedtls_x509_time *tm ) { int ret; @@ -542,26 +542,26 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, /* * Parse year, month, day, hour, minute */ - CHECK( x509_parse_int( p, yearlen, &time->year ) ); + CHECK( x509_parse_int( p, yearlen, &tm->year ) ); if ( 2 == yearlen ) { - if ( time->year < 50 ) - time->year += 100; + if ( tm->year < 50 ) + tm->year += 100; - time->year += 1900; + tm->year += 1900; } - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); + CHECK( x509_parse_int( p, 2, &tm->mon ) ); + CHECK( x509_parse_int( p, 2, &tm->day ) ); + CHECK( x509_parse_int( p, 2, &tm->hour ) ); + CHECK( x509_parse_int( p, 2, &tm->min ) ); /* * Parse seconds if present */ if ( len >= 2 ) { - CHECK( x509_parse_int( p, 2, &time->sec ) ); + CHECK( x509_parse_int( p, 2, &tm->sec ) ); len -= 2; } else @@ -582,7 +582,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, if ( 0 != len ) return ( MBEDTLS_ERR_X509_INVALID_DATE ); - CHECK( x509_date_is_valid( time ) ); + CHECK( x509_date_is_valid( tm ) ); return ( 0 ); } @@ -593,7 +593,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, * generalTime GeneralizedTime } */ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *time ) + mbedtls_x509_time *tm ) { int ret; size_t len, year_len; @@ -619,7 +619,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, if( ret != 0 ) return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - return x509_parse_time( p, len, year_len, time ); + return x509_parse_time( p, len, year_len, tm ); } int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d1d9a22a7e..4d674abcf8 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -264,7 +264,7 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, } static int x509_write_time( unsigned char **p, unsigned char *start, - const char *time, size_t size ) + const char *t, size_t size ) { int ret; size_t len = 0; @@ -272,10 +272,10 @@ static int x509_write_time( unsigned char **p, unsigned char *start, /* * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) */ - if( time[0] == '2' && time[1] == '0' && time [2] < '5' ) + if( t[0] == '2' && t[1] == '0' && t[2] < '5' ) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) time + 2, + (const unsigned char *) t + 2, size - 2 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) ); @@ -283,7 +283,7 @@ static int x509_write_time( unsigned char **p, unsigned char *start, else { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) time, + (const unsigned char *) t, size ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) ); From 9fae22269b154024d8c5a99c2aba6caa585da1a8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 22:32:23 +0100 Subject: [PATCH 0120/1059] Fix ChangeLog for duplication after merge --- ChangeLog | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index fb8d32143a..5ecf181ebf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's @@ -25,7 +9,7 @@ Security (default: 8) intermediates, even when it was not trusted. Could be triggered remotely on both sides. (With auth_mode set to required (default), the handshake was correctly aborted.) - * Realiably zeroize sensitive data after use in AES example applications + * Reliably zeroize sensitive data after use in AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. Found by Laurent Simon. From a55e084bce6e4d74af0380ec8ae852cfb1ee357e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 23:46:43 +0100 Subject: [PATCH 0121/1059] Fix naked call to time() with platform call In ssl_cache.c a call to time() was being made instead of it's platform equivalent. --- library/ssl_cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 9b62de2dcc..c771d7fe2a 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -138,7 +138,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = time( NULL ), oldest = 0; + mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0; mbedtls_ssl_cache_entry *old = NULL; #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; From a418e82a35abeab3cd24f2ea0cd7162771308b53 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 23:52:10 +0100 Subject: [PATCH 0122/1059] Add credit to Changelog to fix for #666 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5ecf181ebf..0b92f2a519 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,8 @@ Bugfix * Fix a potential integer overflow in the version verification for DER encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. + * Fix a call to the libc function time() to call the platform abstraction + function mbedtls_time() instead. Found by wairua. Fix for #666 Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of From 38fc3a05484e750d626ec9092534bca2cc4de1a5 Mon Sep 17 00:00:00 2001 From: Peter Huewe Date: Sat, 29 Jul 2017 02:01:22 +0200 Subject: [PATCH 0123/1059] Remove duplicated defintion of PRINT_ERROR The PRINT_ERROR macros are already defined exactly the same in line 101ff, so we can remove them here. --- programs/test/benchmark.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index eb578e7306..20adad445d 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -131,15 +131,6 @@ do { \ ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \ } while( 0 ) -#if defined(MBEDTLS_ERROR_C) -#define PRINT_ERROR \ - mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \ - mbedtls_printf( "FAILED: %s\n", tmp ); -#else -#define PRINT_ERROR \ - mbedtls_printf( "FAILED: -0x%04x\n", -ret ); -#endif - #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) #define MEMORY_MEASURE_INIT \ From 3f2557e6f132a564a92484be2d7d90d26cd8ccf5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Aug 2017 18:06:12 +0100 Subject: [PATCH 0124/1059] Fix style and missing item in ChangeLog --- ChangeLog | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0b92f2a519..7e00019fdb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,9 +7,9 @@ Security mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) - * Reliably zeroize sensitive data after use in AES example applications + triggered remotely on both sides. (With auth_mode set to 'required' + (the default), the handshake was correctly aborted). + * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. Found by Laurent Simon. @@ -18,15 +18,16 @@ Features and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden - by the user in a platform_alt.h file. This new APIs are required in some - embedded environments that have hardware acceleration support. + by the user in a platform_alt.h file. These new functions are required in + some embedded environments to provide a means to initialise underlying + hardware acceleration. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 - Found by James Cowgill. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found + by James Cowgill. #978 * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. @@ -35,40 +36,45 @@ API Changes a fatal error in the vrfy callback. Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported + * Add a check if iv_len is zero, and return an error if it is zero. Reported by roberto. #716 * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 + always be implemented by pthread support. #696 * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. - Found by redplait #590 + Found by redplait. #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 + Reported and fix suggested by guidovranken. #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER - encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously + encoded X.509 certificates. The overflow could enable maliciously constructed certificates to bypass the certificate verification check. * Fix a call to the libc function time() to call the platform abstraction - function mbedtls_time() instead. Found by wairua. Fix for #666 + function mbedtls_time() instead. Found by wairua. #666 + * Avoid shadowing of time and index functions through mbed TLS function + arguments. Found by inestlerode. #557. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. #708 + 64-bit division. This is useful on embedded platforms where 64-bit division + created a dependency on external libraries. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file config-no-entropy.h to reduce the RAM footprint. + * Added a test script that can be hooked into git that verifies commits + before they are pushed. = mbed TLS 2.5.1 released 2017-06-21 @@ -158,8 +164,6 @@ Bugfix The PK and RSA modules use different types for passing hash length and without these checks the type cast could lead to data loss. Found by Guido Vranken. - * Avoid shadowing of time and index functions through mbed TLS function - arguments. Found by inestlerode. Fixes #557. = mbed TLS 2.4.2 branch released 2017-03-08 @@ -228,9 +232,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From 85b602e5d0ba9fb8c5e8dd1b0eccf7268289a3f2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 0125/1059] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 7e00019fdb..a696591b69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -75,6 +75,7 @@ Changes config-no-entropy.h to reduce the RAM footprint. * Added a test script that can be hooked into git that verifies commits before they are pushed. + * Improve documentation of PKCS1 decryption functions. = mbed TLS 2.5.1 released 2017-06-21 From 7c02c503eab4508930736475136bafc4762493cb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 4 Aug 2017 13:32:15 +0100 Subject: [PATCH 0126/1059] Change PK module preprocessor check on word size There were preprocessor directives in pk.c and pk_wrap.c that cheked whether the bit length of size_t was greater than that of unsigned int. However, the check relied on the MBEDTLS_HAVE_INT64 macro being defined which is not directly related to size_t. This might result in errors in some platforms. This change modifies the check to use the macros SIZE_MAX and UINT_MAX instead making the code more robust. --- library/pk.c | 7 +++---- library/pk_wrap.c | 14 +++++++------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/library/pk.c b/library/pk.c index 8d13bc5ce3..b52c73fbc6 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,8 +29,6 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" -#include "mbedtls/bignum.h" - #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif @@ -42,6 +40,7 @@ #endif #include +#include /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -213,10 +212,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, int ret; const mbedtls_pk_rsassa_pss_options *pss_opts; -#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ if( options == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index db6274cbf9..2c164b7dfd 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -30,7 +30,6 @@ /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" -#include "mbedtls/bignum.h" #include @@ -51,6 +50,7 @@ #endif #include +#include #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* Implementation that should never be optimized out by the compiler */ @@ -77,10 +77,10 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, { int ret; -#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); @@ -101,10 +101,10 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { -#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ *sig_len = ((mbedtls_rsa_context *) ctx)->len; @@ -415,10 +415,10 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; -#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ *sig_len = rsa_alt->key_len_func( rsa_alt->key ); From b68733bf62f7d443d74ab4c7a206d1f54f044701 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 18 Jun 2017 16:03:14 +0300 Subject: [PATCH 0127/1059] ECDSA alternative support Support for alternative implementation of ECDSA, at the higher layer --- ChangeLog | 4 ++ include/mbedtls/config.h | 1 + library/ecdsa.c | 103 +++++++++++++++++++------------------ library/version_features.c | 3 ++ 4 files changed, 61 insertions(+), 50 deletions(-) diff --git a/ChangeLog b/ChangeLog index 243bd6bc0e..e9be97bd43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ Changes * Clarify ECDSA documentation and improve the sample code to avoid misunderstandings and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. + * Add support for alternative implementation for ECDSA, controlled by new + configuration flag MBEDTLS_ECDSA_ALT in config.h. + Alternative Ecdsa is supported for implementation of `mbedtls_ecdsa_sign` + and `mbedtls_ecdsa_verify`. = mbed TLS 2.5.0 branch released 2017-05-17 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c14..54dc2372de 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -238,6 +238,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_ECDSA_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/library/ecdsa.c b/library/ecdsa.c index 4156f3c3c4..d95dcae22f 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -37,11 +37,10 @@ #include "mbedtls/asn1write.h" #include - +#include "mbedtls/platform.h" #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #include "mbedtls/hmac_drbg.h" #endif - /* * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 @@ -65,6 +64,8 @@ cleanup: return( ret ); } +#if !defined(MBEDTLS_ECDSA_ALT) + /* * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) @@ -154,43 +155,6 @@ cleanup: return( ret ); } -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -/* - * Deterministic signature wrapper - */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) -{ - int ret; - mbedtls_hmac_drbg_context rng_ctx; - unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; - size_t grp_len = ( grp->nbits + 7 ) / 8; - const mbedtls_md_info_t *md_info; - mbedtls_mpi h; - - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - mbedtls_mpi_init( &h ); - mbedtls_hmac_drbg_init( &rng_ctx ); - - /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); - MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); - mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); - - ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, &rng_ctx ); - -cleanup: - mbedtls_hmac_drbg_free( &rng_ctx ); - mbedtls_mpi_free( &h ); - - return( ret ); -} -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ /* * Verify ECDSA signature of hashed message (SEC1 4.1.4) @@ -278,6 +242,56 @@ cleanup: return( ret ); } +/* + * Generate key pair + */ +int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + return( mbedtls_ecp_group_load( &ctx->grp, gid ) || + mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); +} + +#endif /* MBEDTLS_ECDSA_ALT */ + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +/* + * Deterministic signature wrapper + */ +int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg ) +{ + int ret; + mbedtls_hmac_drbg_context rng_ctx; + unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; + size_t grp_len = ( grp->nbits + 7 ) / 8; + const mbedtls_md_info_t *md_info; + mbedtls_mpi h; + + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + mbedtls_mpi_init( &h ); + mbedtls_hmac_drbg_init( &rng_ctx ); + + /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); + MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); + mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); + + ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, &rng_ctx ); + +cleanup: + mbedtls_hmac_drbg_free( &rng_ctx ); + mbedtls_mpi_free( &h ); + + return( ret ); +} +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + /* * Convert a signature (given by context) to ASN.1 */ @@ -301,7 +315,6 @@ static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, return( 0 ); } - /* * Compute and write signature */ @@ -402,16 +415,6 @@ cleanup: return( ret ); } -/* - * Generate key pair - */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - return( mbedtls_ecp_group_load( &ctx->grp, gid ) || - mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); -} - /* * Set context from an mbedtls_ecp_keypair */ diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3e..df7f957fea 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -93,6 +93,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_ECDSA_ALT) + "MBEDTLS_ECDSA_ALT", +#endif /* MBEDTLS_ECDSA_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ From 433f39c4370b52c51ddc03c958672a9d03dede23 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 18 Jun 2017 17:57:51 +0300 Subject: [PATCH 0128/1059] ECDH alternative implementation support Add alternative implementation support for ECDH at the higher layer --- ChangeLog | 4 ++++ include/mbedtls/config.h | 1 + library/ecdh.c | 3 ++- library/version_features.c | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 243bd6bc0e..a2a2a366b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ Changes * Clarify ECDSA documentation and improve the sample code to avoid misunderstandings and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. + * Add support for alternative implementation for ECDH, controlled by new + configuration flag MBEDTLS_ECDH_ALT in config.h. + Alternative Ecdh is supported for implementation of `mbedtls_ecdh_gen_public` + and `mbedtls_ecdh_compute_shared`. = mbed TLS 2.5.0 branch released 2017-05-17 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c14..a29312a26b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -238,6 +238,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_ECDH_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/library/ecdh.c b/library/ecdh.c index c0a8147312..b66cb58676 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -38,6 +38,7 @@ #include +#if !defined(MBEDTLS_ECDH_ALT) /* * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair */ @@ -81,7 +82,7 @@ cleanup: return( ret ); } - +#endif /* MBEDTLS_ECDH_ALT */ /* * Initialize context */ diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3e..7b08f04bef 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -93,6 +93,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_ECDH_ALT) + "MBEDTLS_ECDH_ALT", +#endif /* MBEDTLS_ECDH_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ From 01971d094e8c49e57a2ca8e90f4d7f3bf9761f2c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Aug 2017 10:48:01 +0100 Subject: [PATCH 0129/1059] Fix language in Changelog for clarity --- ChangeLog | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index a696591b69..d3ad3b967e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + * Fix authentication bypass in SSL/TLS: when authmode is set to optional, mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to 'required' + (default: 8) intermediates, even when it was not trusted. This could be + triggered remotely from either side. (With authmode set to 'required' (the default), the handshake was correctly aborted). * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. @@ -19,8 +19,8 @@ Features platform-specific setup and teardown operations. The macro MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden by the user in a platform_alt.h file. These new functions are required in - some embedded environments to provide a means to initialise underlying - hardware acceleration. + some embedded environments to provide a means of initialising underlying + cryptographic acceleration hardware. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the @@ -31,19 +31,18 @@ API Changes * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. - * With authmode set to optional, handshake is now aborted if the + * With authmode set to optional, the TLS handshake is now aborted if the verification of the peer's certificate failed due to an overlong chain or - a fatal error in the vrfy callback. + a fatal error in the verify callback. Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. Reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + * Add a check if iv_len is zero in GCM, and return an error if it is zero. + Reported by roberto. #716 + * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait. #590 + * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(), + in the case of an error. Found by redplait. #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken. #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit From 72ea31b026e1fc61b01662474aa5125817b968bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Aug 2017 11:51:16 +0100 Subject: [PATCH 0130/1059] Update version number to 2.6.0 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 10 +++++----- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3ad3b967e..227faed6b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.6.0 branch released 2017-08-10 Security * Fix authentication bypass in SSL/TLS: when authmode is set to optional, diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 929c1bee52..87b5041bb1 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -21,7 +21,7 @@ */ /** - * @mainpage mbed TLS v2.5.1 source code documentation + * @mainpage mbed TLS v2.6.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 4bc322df56..5df1c932db 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.5.1" +PROJECT_NAME = "mbed TLS v2.6.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 45486a995c..3b209a6b07 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -38,17 +38,17 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 5 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_MINOR 6 +#define MBEDTLS_VERSION_PATCH 0 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02050100 -#define MBEDTLS_VERSION_STRING "2.5.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.5.1" +#define MBEDTLS_VERSION_NUMBER 0x02060000 +#define MBEDTLS_VERSION_STRING "2.6.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.6.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7a9f185e2c..c332d45777 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -140,15 +140,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.5.1 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.6.0 SOVERSION 0) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.5.1 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.6.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.5.1 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.6.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 2432b46ebc..1442a384c4 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.5.1" +check_compiletime_version:"2.6.0" Check runtime library version -check_runtime_version:"2.5.1" +check_runtime_version:"2.6.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From b5e6a77010a859e13bd177f96d786de91c6c2212 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 16 Aug 2017 11:23:31 +0300 Subject: [PATCH 0131/1059] Add Contribution guidelines to github Add Contribution Guidelines that will be shown in github, when PRs are made. --- CONTRIBUTING.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000000..55ebf15b1c --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,40 @@ +We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions: + +- All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. +- To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. +- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. +As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. + +### Making a Contribution + +1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. +2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. +3. Write a test which shows that the bug was fixed or that the feature works as expected. +4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :) + +### Backports + +mbed TLS maintains some legacy branches, which are release as LTS versions. As such, backporting to these branches should be handled according to the following rules: + +1. If the contribution is a new feature\enhancement, no backporting is needed +2. Bug fixes should be backported, as long as the legacy branches have these bugs reproduced +3. Changes in the API, do not require backporting. If a bug fix introduced new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. + +It would be highly appreciated if a contribution would be backported to a legacy branch as well. +At the moment, the legacy branches are: + +1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3) +2. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) +3. [development](https://github.com/ARMmbed/mbedtls/tree/development) + +### Tests + +As mentioned, tests that show the correctness of the feature\bug fix should be added to the Pull Request, if not such test exist. +mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. + +### Continuous Integration Tests + +Once a PR has been made, the Continuous Integration tests ( CI ) are triggered and run. You should follow the result of the CI tests, and fix failures. + + + \ No newline at end of file From 7f888982fd3a2d924b890ca7c8c0d23faf7d79a1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 16 Aug 2017 16:05:52 +0300 Subject: [PATCH 0132/1059] Modify Contribution Guidelines after comments Modify the Contribution guidelines after comments from Gilles, Andres and Jaeden --- CONTRIBUTING.md | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 55ebf15b1c..bfd6cb3d70 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,24 +1,32 @@ We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions: + - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. + - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release. + +### Contributor License Agreement ( CLA ) - All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. -- To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. -- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. -As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. +- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. + +### Coding Standards +- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission. +- The code should be written in a clean and readable style. +- The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs. +- The code should be secure, and will be reviewed in a security point of view as well. ### Making a Contribution 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. 2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. -4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :) +4. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) ### Backports -mbed TLS maintains some legacy branches, which are release as LTS versions. As such, backporting to these branches should be handled according to the following rules: +mbed TLS maintains some legacy branches, which are released as LTS versions. mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules: -1. If the contribution is a new feature\enhancement, no backporting is needed -2. Bug fixes should be backported, as long as the legacy branches have these bugs reproduced -3. Changes in the API, do not require backporting. If a bug fix introduced new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. +1. If the contribution is a new feature or enhancement, no backporting is needed. +2. Bug fixes should be backported to the legacy branches containing these bugs. +3. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. It would be highly appreciated if a contribution would be backported to a legacy branch as well. At the moment, the legacy branches are: @@ -29,12 +37,24 @@ At the moment, the legacy branches are: ### Tests -As mentioned, tests that show the correctness of the feature\bug fix should be added to the Pull Request, if not such test exist. +As mentioned, tests that show the correctness of the feature or bug fix should be added to the Pull Request, if no such tests exist. mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. +Sample applications, if needed, should be modified as well. + ### Continuous Integration Tests -Once a PR has been made, the Continuous Integration tests ( CI ) are triggered and run. You should follow the result of the CI tests, and fix failures. +Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. + +### Documentation + +mbed TLS should be well documented. If documentation is needed, speak out! + +1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation. +2. Complex parts in the code should include comments. +3. If needed, a Readme file is advised +4. If a KB article should be added, write this as a comment in the PR description. +5. A Changelog entry should be added for this contribution. \ No newline at end of file From 1680d3dc1929f325f80530b8eb97a11fc96296bf Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 16 Aug 2017 17:28:21 +0300 Subject: [PATCH 0133/1059] Add a couple of statements to the contribution section Add a notice for short contributions, and for Apache license header that should be added. Added an adivce to enable the git hooks scripts as well. --- CONTRIBUTING.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bfd6cb3d70..95219e5444 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,6 +19,8 @@ We gratefully accept bug reports and contributions from the community. There are 2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. 4. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) +5. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. +6. mbed TLS is release with Apache license, and as such, all the added files should include the Apache license header. ### Backports @@ -45,6 +47,7 @@ Sample applications, if needed, should be modified as well. ### Continuous Integration Tests Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. +It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible. ### Documentation From 7766a2c9c0eb5f3d4972fb73574d39b8d97d797a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 21 Aug 2017 10:57:57 +0200 Subject: [PATCH 0134/1059] Improve some comments --- include/mbedtls/ssl.h | 2 +- tests/scripts/depends-hashes.pl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ff1cca4470..61be3383b5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1586,7 +1586,7 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, /** * \brief Set the data required to verify peer certificate * - * \note See \c mbedtls_x509_verify() for notes regarding the + * \note See \c mbedtls_x509_crt_verify() for notes regarding the * parameters ca_chain (maps to trust_ca for that function) * and ca_crl. * diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index 96cc9020b5..46628a72de 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -37,6 +37,7 @@ my $config_h = 'include/mbedtls/config.h'; my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` ); +# for md we want to catch MD5_C but not MD_C, hence the extra dot my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p'; my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p'; my @hashes = split( /\s+/, From be2f0b5e270a72d43991db690f358d2bc5753fd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 21 Aug 2017 11:00:22 +0200 Subject: [PATCH 0135/1059] Fix test that didn't check full value of flags --- tests/suites/test_suite_x509parse.data | 42 +++++++++++----------- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index afa86a1d84..717ce33ee3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -773,87 +773,87 @@ x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-e X509 Certificate verification callback: bad name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED -x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0004\n" +x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n" X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x0000\n" +x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n" X509 Certificate verification callback: trusted EE cert, expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: simple depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: simple, EE expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: simple, root expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two trusted roots depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: two trusted roots, reversed order depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x0000\n" +x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, EE expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0001\n" +x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: intermediate ca, int expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, root expired depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates, root included depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x0000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates, top int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x0000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates, low int trusted depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C -x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x0000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x0000\n" +x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: no intermediate, bad signature depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED -x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0008\n" +x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" X509 Certificate verification callback: one intermediate, bad signature depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C -x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x0000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x0000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x0008\n" +x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" X509 Parse Selftest depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b3b6f4dce0..2e9abb3e71 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -145,7 +145,7 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, " - flags 0x%04x\n", *flags ); + ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags ); MBEDTLS_X509_SAFE_SNPRINTF; ctx->p = p; From f231eaae28c5272e1ebbc1d56ed6d0b44a9a5bd1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 22 Aug 2017 14:50:14 +0300 Subject: [PATCH 0136/1059] Add configuration file in md.h include `*config.h*` in md.h as MACROS in the header file get ignored. Fix for #1001. --- ChangeLog | 2 ++ include/mbedtls/md.h | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index e8d1da5c98..a58975ee6a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ Bugfix * Fix a potential integer overflow in the version verification for DER encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. + * Include configuration file in md.h, to fix compilation warnings. + Reported by aaronmdjones in #1001 Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 9b996a951b..89be847cee 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -27,6 +27,12 @@ #include +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ From a3ebec242376147b963f2529922580a48ba6d21e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:06:24 +0100 Subject: [PATCH 0137/1059] Declare RSA helper functions This commit adds convenience functions to the RSA module for computing a complete RSA private key (with fields N, P, Q, D, E, DP, DQ, QP) from a subset of core parameters, e.g. (N, D, E). --- include/mbedtls/rsa.h | 136 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 7d7469d509..7a519d51e5 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -73,6 +73,142 @@ extern "C" { #endif +/** + * Helper functions for RSA-related operations on MPI's. + */ + +/** + * \brief Compute RSA prime moduli P, Q from public modulus N=PQ +& and a pair of private and public key. + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param N RSA modulus N = PQ, with P, Q to be found + * \param D RSA private exponent + * \param E RSA public exponent + * \param f_rng PRNG to be used for randomization, or NULL + * \param p_rng PRNG context for f_rng, or NULL + * \param P Pointer to MPI holding first prime factor of N on success + * \param Q Pointer to MPI holding second prime factor of N on success + * + * \return - 0 if successful. In this case, P and Q constitute a + * factorization of N, and it is guaranteed that D and E + * are indeed modular inverses modulo P-1 and modulo Q-1. + * The values of N, D and E are unchanged. It is checked + * that P, Q are prime if a PRNG is provided. + * - A non-zero error code otherwise. In this case, the values + * of N, D, E are undefined. + * + * \note The input MPI's are deliberately not declared as constant + * and may therefore be used for in-place calculations by + * the implementation. In particular, their values can be + * corrupted when the function fails. If the user cannot + * tolerate this, he has to make copies of the MPI's prior + * to calling this function. See \c mbedtls_mpi_copy for this. + */ +int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_mpi *P, mbedtls_mpi *Q ); + +/** + * \brief Compute RSA private exponent from + * prime moduli and public key. + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of RSA modulus + * \param Q Second prime factor of RSA modulus + * \param E RSA public exponent + * \param D Pointer to MPI holding the private exponent on success. + * + * \note This function does not check whether P and Q are primes. + * + * \return - 0 if successful. In this case, D is set to a simultaneous + * modular inverse of E modulo both P-1 and Q-1. + * - A non-zero error code otherwise. In this case, the values + * of P, Q, E are undefined. + * + * \note The input MPI's are deliberately not declared as constant + * and may therefore be used for in-place calculations by + * the implementation. In particular, their values can be + * corrupted when the function fails. If the user cannot + * tolerate this, he has to make copies of the MPI's prior + * to calling this function. See \c mbedtls_mpi_copy for this. + */ +int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *E, + mbedtls_mpi *D ); + + +/** + * \brief Generate RSA-CRT parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of N + * \param Q Second prime factor of N + * \param D RSA private exponent + * \param DP Output variable for D modulo P-1 + * \param DQ Output variable for D modulo Q-1 + * \param QP Output variable for the modular inverse of Q modulo P. + * + * \return 0 on success, non-zero error code otherwise. + * + */ +int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ); + + +/** + * \brief Check validity of core RSA parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param N RSA modulus N = PQ + * \param P First prime factor of N + * \param Q Second prime factor of N + * \param D RSA private exponent + * \param E RSA public exponent + * \param f_rng PRNG to be used for randomization, or NULL + * \param p_rng PRNG context for f_rng, or NULL + * + * \return - 0 if the following conditions are satisfied: + * - N = PQ if N,P,Q != NULL + * - D and E are modular inverses modulo P-1 and Q-1 + * if D,E,P,Q != NULL + * - P prime if f_rng, P != NULL + * - Q prime if f_rng, Q != NULL + * - A non-zero error code otherwise. In this case, the values + * of N, P, Q, D, E are undefined. + * + * \note The function can be used with a restricted set of arguments + * to perform specific checks only. E.g., calling it with + * (-,P,-,-,-) and a PRNG amounts to a primality check for P. + * + * \note The input MPI's are deliberately not declared as constant + * and may therefore be used for in-place calculations by + * the implementation. In particular, their values can be + * corrupted when the function fails. If the user cannot + * tolerate this, he has to make copies of the MPI's prior + * to calling this function. See \c mbedtls_mpi_copy for this. + */ +int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * Implementation of RSA interface + */ + /** * \brief RSA context structure */ From e2e8b8da1da30453c14427a8d6a95437147a2f80 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:06:45 +0100 Subject: [PATCH 0138/1059] Implement RSA helper functions --- library/rsa.c | 401 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 401 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index bdd2538c3a..7a7f2f1480 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -71,6 +71,407 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } +/* + * Context-independent RSA helper functions. + * + * The following three functions + * - mbedtls_rsa_deduce_moduli + * - mbedtls_rsa_deduce_private + * - mbedtls_rsa_check_params + * are helper functions operating on the core RSA parameters + * (represented as MPI's). They do not use the RSA context structure + * and therefore need not be replaced when providing an alternative + * RSA implementation. + * + * Their purpose is to provide common MPI operations in the context + * of RSA that can be easily shared across multiple implementations. + */ + +/* + * mbedtls_rsa_deduce_moduli + * + * Given the modulus N=PQ and a pair of public and private + * exponents E and D, respectively, factor N. + * + * Setting F := lcm(P-1,Q-1), the idea is as follows: + * + * (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2) + * is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the + * square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four + * possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1) + * or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime + * factors of N. + * + * (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same + * construction still applies since (-)^K is the identity on the set of + * roots of 1 in Z/NZ. + * + * The public and private key primitives (-)^E and (-)^D are mutually inverse + * bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e. + * if and only if DE - 1 is a multiple of F, say DE - 1 = F * L. + * Splitting L = 2^t * K with K odd, we have + * + * DE - 1 = FL = (F/2) * (2^(t+1)) * K, + * + * so (F / 2) * K is among the numbers + * + * (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord + * + * where ord is the order of 2 in (DE - 1). + * We can therefore iterate through these numbers apply the construction + * of (a) and (b) above to attempt to factor N. + * + */ +int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_mpi *P, mbedtls_mpi *Q ) +{ + /* Implementation note: + * + * Space-efficiency is given preference over time-efficiency here: + * several calculations are done in place and temporarily change + * the values of D and E. + * + * Specifically, D is replaced the largest odd divisor of DE - 1 + * throughout the calculations. + */ + + int ret = 0; + + uint16_t attempt; /* Number of current attempt */ + uint16_t iter; /* Number of squares computed in the current attempt */ + + uint16_t bitlen_half; /* Half the bitsize of the modulus N */ + uint16_t order; /* Order of 2 in DE - 1 */ + + mbedtls_mpi K; /* Temporary used for two purposes: + * - During factorization attempts, stores a andom integer + * in the range of [0,..,N] + * - During verification, holding intermediate results. + */ + + if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || + mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( D, N ) >= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) + { + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } + + /* + * Initializations and temporary changes + */ + + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( P ); + mbedtls_mpi_init( Q ); + + /* Replace D by DE - 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( D, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( D, D, 1 ) ); + + if( ( order = mbedtls_mpi_lsb( D ) ) == 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* After this operation, D holds the largest odd divisor + * of DE - 1 for the original values of D and E. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( D, order ) ); + + /* This is used to generate a few numbers around N / 2 + * if no PRNG is provided. */ + if( f_rng == NULL ) + bitlen_half = mbedtls_mpi_bitlen( N ) / 2; + + /* + * Actual work + */ + + for( attempt = 0; attempt < 30; ++attempt ) + { + /* Generate some number in [0,N], either randomly + * if a PRNG is given, or try numbers around N/2 */ + if( f_rng != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &K, + mbedtls_mpi_size( N ), + f_rng, p_rng ) ); + } + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &K, 1 ) ) ; + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &K, bitlen_half ) ) ; + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, attempt + 1 ) ); + } + + /* Check if gcd(K,N) = 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) + continue; + + /* Go through K^X + 1, K^(2X) + 1, K^(4X) + 1, ... + * and check whether they have nontrivial GCD with N. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, D, N, + Q /* temporarily use Q for storing Montgomery + * multiplication helper values */ ) ); + + for( iter = 1; iter < order; ++iter ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + + if( mbedtls_mpi_cmp_int( P, 1 ) == 1 && + mbedtls_mpi_cmp_mpi( P, N ) == -1 ) + { + /* + * Have found a nontrivial divisor P of N. + * Set Q := N / P and verify D, E. + */ + + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, &K, N, P ) ); + + /* + * Verify that DE - 1 is indeed a multiple of + * lcm(P-1, Q-1), i.e. that it's a multiple of both + * P-1 and Q-1. + */ + + /* Restore DE - 1 and temporarily replace P, Q by P-1, Q-1. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( D, order ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); + + /* Compute DE-1 mod P-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, D, P ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* Compute DE-1 mod Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, D, Q ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* + * All good, restore P, Q and D and return. + */ + + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( D, D, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( D, NULL, D, E ) ); + + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); + } + } + + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + +cleanup: + + mbedtls_mpi_free( &K ); + return( ret ); +} + +/* + * Given P, Q and the public exponent E, deduce D. + * This is essentially a modular inversion. + */ + +int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E ) +{ + int ret = 0; + mbedtls_mpi K; + + if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 0 ) == 0 ) + { + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } + + mbedtls_mpi_init( &K ); + + /* Temporarily replace P and Q by P-1 and Q-1, respectively. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); + + /* Temporarily compute the gcd(P-1, Q-1) in D. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, P, Q ) ); + + /* Compute LCM(P-1, Q-1) in K */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); + + /* Compute modular inverse of E in LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); + + /* Restore P and Q. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); + + /* Double-check result */ + MBEDTLS_MPI_CHK( mbedtls_rsa_check_params( NULL, P, Q, D, E, NULL, NULL ) ); + +cleanup: + + mbedtls_mpi_free( &K ); + + return( ret ); +} + +/* + * Check that core RSA parameters are sane. + * + * Note that the inputs are not declared const and may be + * altered on an unsuccessful run. + */ + +int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret = 0; + mbedtls_mpi K; + + mbedtls_mpi_init( &K ); + + /* + * Step 1: If PRNG provided, check that P and Q are prime + */ + + if( f_rng != NULL && P != NULL && + ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) + { + goto cleanup; + } + + if( f_rng != NULL && Q != NULL && + ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) + { + goto cleanup; + } + + /* + * Step 2: Check that N = PQ + */ + + if( P != NULL && Q != NULL && N != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); + if( mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + } + + /* + * Step 3: Check that D, E are inverse modulo P-1 and Q-1 + */ + + if( P != NULL && Q != NULL && D != NULL && E != NULL ) + { + /* Temporarily replace P, Q by P-1, Q-1. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + + /* Compute DE-1 mod P-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* Compute DE-1 mod Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, Q ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* Restore P, Q. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); + } + +cleanup: + + mbedtls_mpi_free( &K ); + + return( ret ); +} + +int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ) +{ + int ret = 0; + mbedtls_mpi K; + mbedtls_mpi_init( &K ); + + if( DP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); + } + + if( DQ != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); + } + + if( QP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); + } + +cleanup: + mbedtls_mpi_free( &K ); + + return( ret ); +} + +{ + int ret = 0; + + + + + +cleanup: + + return( ret ); +} + + /* * Initialize an RSA context */ From cbb59bc2a830301ea645a9e5cf5eee0a1c6288e1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:11:08 +0100 Subject: [PATCH 0139/1059] Extend RSA interface to allow structure-independent setup This commit extends the RSA interface by import/export calls that can be used to setup an RSA context from a subset of the core RSA parameters (N,P,Q,D,E). The intended workflow is the following: 1. Call mbedtls_rsa_import one or multiple times to import the core parameters. 2. Call mbedtls_rsa_complete to deduce remaining core parameters as well as any implementation-defined internal helper variables. The RSA context is ready for use after this call. The import function comes in two variants mbedtls_rsa_import and mbedtls_rsa_import_raw, the former taking pointers to MPI's as input, the latter pointers buffers holding to big-endian encoded MPI's. The reason for this splitting is the following: When only providing an import function accepting const MPI's, a user trying to import raw binary data into an RSA context has to convert these to MPI's first which before passing them to the import function, introducing an unnecessary copy of the data in memory. The alternative would be to have another MPI-based import-function with move-semantics, but this would be in contrast to the rest of the library's interfaces. Similarly, there are functions mbedtls_rsa_export and mbedtls_rsa_export_raw for exporting the core RSA parameters, either as MPI's or in big-endian binary format. The main import/export functions deliberately do not include the additional helper values DP, DQ and QP present in ASN.1-encoded RSA private keys. To nonetheless be able to check whether given parameters DP, DQ and QP are in accordance with a given RSA private key, the interface is extended by a function mbedtls_rsa_check_opt (in line with mbedtls_rsa_check_privkey, mbedtls_rsa_check_pubkey and mbedtls_rsa_check_pub_priv). Exporting the optional parameters is taken care of by mbedtls_export_opt (currently MPI format only). --- include/mbedtls/rsa.h | 198 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 196 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 7a519d51e5..6f527c176c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -274,6 +274,190 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, int hash_id); + +/** + * \brief Import a set of core parameters into an RSA context + * + * \param ctx Initialized RSA context to store parameters + * \param N RSA modulus, or NULL + * \param P First prime factor of N, or NULL + * \param Q Second prime factor of N, or NULL + * \param D Private exponent, or NULL + * \param E Public exponent, or NULL + * + * \note This function can be called multiple times for successive + * imports if the parameters are not simultaneously present. + * Any sequence of calls to this function should be followed + * by a call to \c mbedtls_rsa_complete which will check + * and complete the provided information to a ready-for-use + * public or private RSA key. + * + * \return 0 if successful, non-zero error code on failure. + */ +int mbedtls_rsa_import( mbedtls_rsa_context *ctx, + const mbedtls_mpi *N, + const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *E ); + +/** + * \brief Import core RSA parameters in raw big-endian + * binary format into an RSA context + * + * \param ctx Initialized RSA context to store parameters + * \param N RSA modulus, or NULL + * \param N_len Byte length of N, ignored if N == NULL + * \param P First prime factor of N, or NULL + * \param P_len Byte length of P, ignored if P == NULL + * \param Q Second prime factor of N, or NULL + * \param Q_len Byte length of Q, ignored if Q == NULL + * \param D Private exponent, or NULL + * \param D_len Byte length of D, ignored if D == NULL + * \param E Public exponent, or NULL + * \param E_len Byte length of E, ignored if E == NULL + * + * \note This function can be called multiple times for successive + * imports if the parameters are not simultaneously present. + * Any sequence of calls to this function should be followed + * by a call to \c mbedtls_rsa_complete which will check + * and complete the provided information to a ready-for-use + * public or private RSA key. + * + * \return 0 if successful, non-zero error code on failure. + */ + +int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len ); + +/** + * \brief Attempt to complete an RSA context from + * a set of imported core parameters. + * + * \param ctx Initialized RSA context to store parameters + * \param f_rng RNG function, + * \param p_rng RNG parameter + * + * To setup an RSA public key, precisely N and E + * must have been imported. + * + * To setup an RSA private key, enough information must be + * present for the other parameters to be efficiently derivable. + * + * The default implementation supports the following: + * (a) Derive P, Q from N, D, E + * (b) Derive N, D from P, Q, E. + * + * Alternative implementations need not support these + * and may return MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. + * + * \note The PRNG is used for probabilistic algorithms + * like the derivation of P, Q from N, D, E, as + * well as primality checks. + * + * \return - 0 if successful. In this case, all core parameters + * as well as other internally needed parameters have + * been generated, and it is guaranteed that they are + * sane in the sense of \c mbedtls_rsa_check_params + * (with primality of P, Q checked if a PRNG is given). + * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted + * derivations failed. + */ +int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief Check if CRT-parameters match core parameters + * + * \param ctx Complete RSA private key context + * \param DP Private exponent modulo P-1, or NULL + * \param DQ Private exponent modulo Q-1, or NULL + * \param QP Modular inverse of Q modulo P, or NULL + * + * \return 0 if successful, testifying that the non-NULL optional + * parameters provided are in accordance with the core + * RSA parameters. Non-zero error code otherwise. + * + * \note This function performs in-place computations on the + * parameters DP, DQ and QP. If modification cannot be + * tolerated, you should make copies with mbedtls_mpi_copy + * before calling this function. + * + */ +int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, + mbedtls_mpi *DQ, + mbedtls_mpi *QP ); + +/** + * \brief Export core parameters of an RSA key + * + * \param ctx Initialized RSA context + * \param N MPI to hold the RSA modulus, or NULL + * \param P MPI to hold the first prime factor of N, or NULL + * \param Q MPI to hold the second prime factor of N, or NULL + * \param D MPI to hold the private exponent, or NULL + * \param E MPI to hold the public exponent, or NULL + * + * \return 0 if successful, non-zero error code otherwise. + * + */ +int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, + mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E ); + +/** + * \brief Export core parameters of an RSA key + * in raw big-endian binary format + * + * \param ctx Initialized RSA context + * \param N Byte array to store the RSA modulus, or NULL + * \param N_len Size of buffer for modulus + * \param P Byte array to hold the first prime factor of N, or NULL + * \param P_len Size of buffer for first prime factor + * \param Q Byte array to hold the second prime factor of N, or NULL + * \param Q_len Size of buffer for second prime factor + * \param D Byte array to hold the private exponent, or NULL + * \param D_len Size of buffer for private exponent + * \param E Byte array to hold the public exponent, or NULL + * \param E_len Size of buffer for public exponent + * + * \note The length fields are ignored if the corresponding + * buffer pointers are NULL. + * + * \return 0 if successful. In this case, the non-NULL buffers + * pointed to by N, P, Q, D, E are fully written, with + * additional unused space filled leading by 0-bytes. + * + */ +int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len ); + +/** + * \brief Export CRT parameters of a private RSA key + * + * \param ctx Initialized RSA context + * \param DP MPI to hold D modulo P-1, or NULL + * \param DQ MPI to hold D modulo Q-1, or NULL + * \param QP MPI to hold modular inverse of Q modulo P, or NULL + * + * \return 0 if successful, non-zero error code otherwise. + * + * \note Alternative RSA implementations not using CRT-parameters + * internally can implement this function using based on + * \c mbedtls_rsa_deduce_opt. + * + */ +int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); + /** * \brief Set padding for an already initialized RSA context * See \c mbedtls_rsa_init() for details. @@ -284,6 +468,16 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, */ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); +/** + * \brief Get length of RSA modulus in bytes + * + * \param ctx Initialized RSA context + * + * \return Length of RSA modulus, in bytes. + * + */ +size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); + /** * \brief Generate an RSA keypair * @@ -469,7 +663,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size @@ -501,7 +695,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size From 617c1aeb1853f305ef01df5795d8cf1985bc5538 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:11:24 +0100 Subject: [PATCH 0140/1059] Implement new RSA interface functions --- library/rsa.c | 331 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 331 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 7a7f2f1480..c807f911c8 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -459,18 +459,339 @@ cleanup: return( ret ); } + +/* + * Default RSA interface implementation + */ + + +int mbedtls_rsa_import( mbedtls_rsa_context *ctx, + const mbedtls_mpi *N, + const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *E ) +{ + int ret; + + if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || + ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) || + ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) || + ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || + ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + if( N != NULL ) + ctx->len = mbedtls_mpi_size( &ctx->N ); + + return( 0 ); +} + +int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len ) +{ + int ret; + + if( N != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) ); + ctx->len = mbedtls_mpi_size( &ctx->N ); + } + + if( P != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) ); + + if( Q != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) ); + + if( D != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) ); + + if( E != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) ); + +cleanup: + + if( ret != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + + return( 0 ); +} + +int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret = 0; + const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 ); + const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 ); + const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 ); + const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 ); + const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 ); + /* + * Check whether provided parameters are enough + * to deduce all others. The following incomplete + * parameter sets for private keys are supported: + * + * (1) P, Q missing. + * (2) D and potentially N missing. + * + */ + const int complete = have_N && have_P && have_Q && have_D && have_E; + const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E; + const int d_missing = have_P && have_Q && !have_D && have_E; + const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E; + const int is_priv = complete || pq_missing || d_missing; + if( !is_priv && !is_pub ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* + * Step 1: Deduce and verify all core parameters. + */ + + if( pq_missing ) + { + /* This includes sanity checking of core parameters, + * so no further checks necessary. */ + ret = mbedtls_rsa_deduce_moduli( &ctx->N, &ctx->D, &ctx->E, + f_rng, p_rng, + &ctx->P, &ctx->Q ); + if( ret != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + + } + else if( d_missing ) + { + /* If a PRNG is provided, check if P, Q are prime. */ + if( f_rng != NULL && + ( ( ret = mbedtls_mpi_is_prime( &ctx->P, f_rng, p_rng ) ) != 0 || + ( ret = mbedtls_mpi_is_prime( &ctx->Q, f_rng, p_rng ) ) != 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + /* Compute N if missing. */ + if( !have_N && + ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + /* Deduce private exponent. This includes double-checking of the result, + * so together with the primality test above all core parameters are + * guaranteed to be sane if this call succeeds. */ + if( ( ret = mbedtls_rsa_deduce_private( &ctx->P, &ctx->Q, + &ctx->D, &ctx->E ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + } + else if( complete ) + { + /* Check complete set of imported core parameters. */ + if( ( ret = mbedtls_rsa_check_params( &ctx->N, &ctx->P, &ctx->Q, + &ctx->D, &ctx->E, + f_rng, p_rng ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + } + + /* In the remaining case of a public key, there's nothing to check for. */ + + /* + * Step 2: Deduce all additional parameters specific + * to our current RSA implementaiton. + */ + + if( is_priv ) + { + ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP ); + if( ret != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + /* + * Step 3: Double check + */ + + if( is_priv ) + { + if( ( ret = mbedtls_rsa_check_privkey( ctx ) ) != 0 ) + return( ret ); + } + else + { + if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 ) + return( ret ); + } + + return( 0 ); +} + +/* + * Check if CRT parameters match RSA context. + * This has to be implemented even if CRT is not used, + * in order to be able to validate DER encoded RSA keys, + * which always contain CRT parameters. + */ +int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ) +{ + /* Check if key is private or public */ + const int opt_present = + mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0; + + if( !opt_present ) + { + /* Checking optional parameters only makes sense for private keys. */ + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + + /* Alternative implementations not having DP, DQ, QP as part of + * the RSA context structure could perform the following checks instead: + * (1) Check that DP - P == 0 mod P - 1 + * (2) Check that DQ - Q == 0 mod Q - 1 + * (3) Check that QP * P - 1 == 0 mod P + */ + + if( ( DP != NULL && mbedtls_mpi_cmp_mpi( DP, &ctx->DP ) != 0 ) || + ( DQ != NULL && mbedtls_mpi_cmp_mpi( DQ, &ctx->DQ ) != 0 ) || + ( QP != NULL && mbedtls_mpi_cmp_mpi( QP, &ctx->QP ) != 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + + return( 0 ); +} + +int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len ) +{ + int ret = 0; + + /* Check if key is private or public */ + const int is_priv = + mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + + if( !is_priv ) + { + /* If we're trying to export private parameters for a public key, + * something must be wrong. */ + if( P != NULL || Q != NULL || D != NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + } + + if( N != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) ); + + if( P != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) ); + + if( Q != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) ); + + if( D != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) ); + + if( E != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) ); cleanup: return( ret ); } +int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, + mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E ) +{ + int ret; + + /* Check if key is private or public */ + int is_priv = + mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + + if( !is_priv ) + { + /* If we're trying to export private parameters for a public key, + * something must be wrong. */ + if( P != NULL || Q != NULL || D != NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + } + + /* Export all requested core parameters. */ + + if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) || + ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) || + ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) || + ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) || + ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) ) + { + return( ret ); + } + + return( 0 ); +} + +/* + * Export CRT parameters + * This must also be implemented if CRT is not used, for being able to + * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt + * can be used in this case. + */ +int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) +{ + int ret; + + /* Check if key is private or public */ + int is_priv = + mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + + if( !is_priv ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* Export all requested blinding parameters. */ + + if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) || + ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || + ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) + { + return( ret ); + } + + return( 0 ); +} /* * Initialize an RSA context @@ -497,6 +818,16 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id ctx->hash_id = hash_id; } +/* + * Get length in bytes of RSA modulus + */ + +size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) +{ + return( mbedtls_mpi_size( &ctx->N ) ); +} + + #if defined(MBEDTLS_GENPRIME) /* From 8fd5548241b11589799b7a5dde0d44bf09975df6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:07:48 +0100 Subject: [PATCH 0141/1059] Minor formatting changes --- include/mbedtls/rsa.h | 24 +++++++++++++----------- library/pkwrite.c | 8 ++++---- tests/suites/test_suite_rsa.function | 9 +++++++-- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 6f527c176c..366502a85b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -235,7 +235,7 @@ typedef struct mbedtls_mpi Vf; /*!< cached un-blinding value */ int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ + MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ int hash_id; /*!< Hash identifier of mbedtls_md_type_t as specified in the mbedtls_md.h header file for the EME-OAEP and EMSA-PSS @@ -271,8 +271,8 @@ mbedtls_rsa_context; * MBEDTLS_MD_NONE) for verifying them. */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id); + int padding, + int hash_id); /** @@ -466,7 +466,8 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); +void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, + int hash_id); /** * \brief Get length of RSA modulus in bytes @@ -493,12 +494,12 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - unsigned int nbits, int exponent ); + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + unsigned int nbits, int exponent ); /** - * \brief Check a public RSA key + * \brief Check if a context contains an RSA public key * * \param ctx RSA context to be checked * @@ -507,7 +508,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); /** - * \brief Check a private RSA key + * \brief Check if a context contains a complete + * and valid RSA private key. * * \param ctx RSA context to be checked * @@ -729,10 +731,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The input buffer must be as large as the size + * \note The input buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, diff --git a/library/pkwrite.c b/library/pkwrite.c index 83b798c119..e00545881b 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -62,7 +62,7 @@ * } */ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, - mbedtls_rsa_context *rsa ) + mbedtls_rsa_context *rsa ) { int ret; size_t len = 0; @@ -83,7 +83,7 @@ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, * EC public key is an EC point */ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) + mbedtls_ecp_keypair *ec ) { int ret; size_t len = 0; @@ -111,7 +111,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, * } */ static int pk_write_ec_param( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) + mbedtls_ecp_keypair *ec ) { int ret; size_t len = 0; @@ -128,7 +128,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start, #endif /* MBEDTLS_ECP_C */ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, - const mbedtls_pk_context *key ) + const mbedtls_pk_context *key ) { int ret; size_t len = 0; diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d48bc8595e..a4f5e1e043 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -156,7 +156,9 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, unhexify( message_str, message_hex_string ); hash_len = unhexify( hash_result, hash_result_string ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_len, hash_result, output ) == 0 ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, + hash_len, hash_result, output ) == 0 ); hexify( output_str, output, ctx.len ); @@ -212,7 +214,10 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, hash_len = unhexify( hash_result, hash_result_string ); unhexify( result_str, result_hex_str ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_len, hash_result, result_str ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, + hash_len, hash_result, + result_str ) == correct ); /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) From 6b4ce49991607b25cb3b300aed7dc820675d0ea7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:00:21 +0100 Subject: [PATCH 0142/1059] Add tests for rsa_deduce_private This commit adds tests for the new library function mbedtls_rsa_deduce_private for deducing the private RSA exponent D from the public exponent E and the factorization (P,Q) of the RSA modulus: - Two toy examples with small numbers that can be checked by hand, one working fine and another failing due to bad parameters. - Two real world examples, one fine and one with bad parameters. --- tests/suites/test_suite_rsa.data | 12 ++++++ tests/suites/test_suite_rsa.function | 58 ++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5013ac8b00..737df0b58d 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -367,6 +367,18 @@ mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSA Deduce Private, toy example +mbedtls_rsa_deduce_private:10:"7":10:"11":10:"7":10:"13":0:0 + +RSA Deduce Private, toy example, corrupted +mbedtls_rsa_deduce_private:10:"3":10:"5":10:"3":10:"3":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + +RSA Deduce Private +mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":0:0 + +RSA Deduce Private, corrupted +mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a4f5e1e043..3234649b62 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -693,6 +693,64 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_rsa_deduce_private( int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_E, char *input_E, + int radix_D, char *output_D, + int corrupt, int result ) +{ + mbedtls_mpi P, Q, D, Dp, E, R, Rp; + + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp ); + mbedtls_mpi_init( &E ); + mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp ); + + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 ); + + if( corrupt ) + { + /* Make E even */ + TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 ); + } + + /* Try to deduce D from N, P, Q, E. */ + TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &D, &E ) == result ); + + if( !corrupt ) + { + /* + * Check that D and Dp agree modulo LCM(P-1, Q-1). + */ + + /* Replace P,Q by P-1, Q-1 */ + TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 ); + + /* Check D == Dp modulo P-1 */ + TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); + + /* Check D == Dp modulo Q-1 */ + TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); + } + +exit: + + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp ); + mbedtls_mpi_free( &E ); + mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { From e78fd8d1b62d3b19ff07313dcdd64a20cf55cff9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:00:44 +0100 Subject: [PATCH 0143/1059] Add tests for rsa_deduce_moduli This commit adds test for the new library function mbedtls_rsa_deduce_moduli for deducing the prime factors (P,Q) of an RSA modulus N from knowledge of a pair (D,E) of public and private exponent: - Two toy examples that can be checked by hand, one fine and with bad parameters. - Two real world examples, one fine and one with bad parameters. --- tests/suites/test_suite_rsa.data | 12 ++++++ tests/suites/test_suite_rsa.function | 56 ++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 737df0b58d..610bc78932 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -379,6 +379,18 @@ mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18 RSA Deduce Private, corrupted mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +RSA Deduce Moduli, toy example +mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 + +RSA Deduce Moduli, toy example, corrupted +mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +RSA Deduce Moduli +mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 + +RSA Deduce Moduli, corrupted +mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 3234649b62..dc7ec40a02 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -693,6 +693,62 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +void mbedtls_rsa_deduce_moduli( int radix_N, char *input_N, + int radix_D, char *input_D, + int radix_E, char *input_E, + int radix_P, char *output_P, + int radix_Q, char *output_Q, + int corrupt, int result ) +{ + mbedtls_mpi N, P, Pp, Q, Qp, D, E; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; + + mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, strlen( pers ) ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 ); + + if( corrupt ) + TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); + + /* Try to deduce P, Q from N, D, E only. */ + TEST_ASSERT( mbedtls_rsa_deduce_moduli( &N, &D, &E, mbedtls_ctr_drbg_random, + &ctr_drbg, &P, &Q ) == result ); + + if( !corrupt ) + { + /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ + TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) || + ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) ); + } + +exit: + + mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); + + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_rsa_deduce_private( int radix_P, char *input_P, int radix_Q, char *input_Q, From c77ab892e5bc4d8c1c06dc8dd409d3fba27094d8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:01:06 +0100 Subject: [PATCH 0144/1059] Add tests for rsa_import, rsa_import_raw and rsa_complete This commit adds numerous tests for the new library functions mbedtls_rsa_import and mbedtls_rsa_import_raw in conjunction with mbedtls_rsa_complete for importing and completing core sets of core RSA parameters (N,P,Q,D,E) into an RSA context, with the importing accepting either MPI's or raw big endian buffers. Each test is determined by the following parameters: 1) Set of parameters provided We're testing full sets (N,P,Q,D,E), partial sets (N,-,-,D,E) and (N,P,Q,-,E) that are sufficient to generate missing parameters, and the partial and insufficient set (N, -, Q, -, E). 2) Simultaenous or successive importing The functions rsa_import and rsa_import_raw accept importing parameters at once or one after another. We test both. 3) Sanity of parameters --- tests/suites/test_suite_rsa.data | 60 ++++++++ tests/suites/test_suite_rsa.function | 199 +++++++++++++++++++++++++++ 2 files changed, 259 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 610bc78932..15bd3dfbf4 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -391,6 +391,66 @@ mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac RSA Deduce Moduli, corrupted mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +RSA Import (N,P,Q,D,E) +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Import (N,P,Q,D,E), successive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 + +RSA Import (N,-,-,D,E) +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Import (N,-,-,D,E), succesive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 + +RSA Import (N,P,Q,-,E) +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:0 + +RSA Import (N,P,Q,-,E), successive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 + +RSA Import (N,-,Q,-,E) +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA Import (N,-,Q,-,E), successive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA Import (N,-,-,-,E), complete public key +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0 + +RSA Import (N,-,-,-,E), complete public key, successive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0 + +RSA Import Raw (N,P,Q,D,E), complete private key +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 + +RSA Import Raw (N,P,Q,D,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 + +RSA Import Raw (N,-,-,D,E) +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 + +RSA Import Raw (N,-,-,D,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 + +RSA Import Raw (N,P,Q,-,E) +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:0 + +RSA Import Raw (N,P,Q,-,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 + +RSA Import Raw (N,-,Q,-,E) +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA Import Raw (N,-,Q,-,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA Import Raw (N,-,-,-,E) +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0 + +RSA Import Raw (N,-,-,-,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0 + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index dc7ec40a02..19867ec3ba 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -807,6 +807,205 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +void mbedtls_rsa_import( int radix_N, char *input_N, + int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_D, char *input_D, + int radix_E, char *input_E, + int successive, + int result ) +{ + mbedtls_mpi N, P, Q, D, E; + mbedtls_rsa_context ctx; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; + + mbedtls_ctr_drbg_init( &ctr_drbg ); + + mbedtls_entropy_init( &entropy ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, strlen( pers ) ) == 0 ); + + mbedtls_rsa_init( &ctx, 0, 0 ); + + mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + if( strlen( input_N ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + + if( strlen( input_P ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + + if( strlen( input_Q ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + + if( strlen( input_D ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + + if( strlen( input_E ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_import( &ctx, + strlen( input_N ) ? &N : NULL, + strlen( input_P ) ? &P : NULL, + strlen( input_Q ) ? &Q : NULL, + strlen( input_D ) ? &D : NULL, + strlen( input_E ) ? &E : NULL ) == 0 ); + } + else + { + /* Import N, P, Q, D, E separately. + * This should make no functional difference. */ + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + strlen( input_N ) ? &N : NULL, + NULL, NULL, NULL, NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + NULL, + strlen( input_P ) ? &P : NULL, + NULL, NULL, NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + NULL, NULL, + strlen( input_Q ) ? &Q : NULL, + NULL, NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + NULL, NULL, NULL, + strlen( input_D ) ? &D : NULL, + NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + NULL, NULL, NULL, NULL, + strlen( input_E ) ? &E : NULL ) == 0 ); + } + + TEST_ASSERT( mbedtls_rsa_complete( &ctx, + mbedtls_ctr_drbg_random, + &ctr_drbg ) == result ); + +exit: + + mbedtls_rsa_free( &ctx ); + + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + + mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +void mbedtls_rsa_import_raw( char *input_N, + char *input_P, char *input_Q, + char *input_D, char *input_E, + int successive, + int result ) +{ + unsigned char bufN[1000]; + unsigned char bufP[1000]; + unsigned char bufQ[1000]; + unsigned char bufD[1000]; + unsigned char bufE[1000]; + + size_t lenN = 0; + size_t lenP = 0; + size_t lenQ = 0; + size_t lenD = 0; + size_t lenE = 0; + + mbedtls_rsa_context ctx; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; + + mbedtls_ctr_drbg_init( &ctr_drbg ); + + mbedtls_entropy_init( &entropy ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) == 0 ); + + mbedtls_rsa_init( &ctx, 0, 0 ); + + if( strlen( input_N ) ) + lenN = unhexify( bufN, input_N ); + + if( strlen( input_P ) ) + lenP = unhexify( bufP, input_P ); + + if( strlen( input_Q ) ) + lenQ = unhexify( bufQ, input_Q ); + + if( strlen( input_D ) ) + lenD = unhexify( bufD, input_D ); + + if( strlen( input_E ) ) + lenE = unhexify( bufE, input_E ); + + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + ( lenN > 0 ) ? bufN : NULL, lenN, + ( lenP > 0 ) ? bufP : NULL, lenP, + ( lenQ > 0 ) ? bufQ : NULL, lenQ, + ( lenD > 0 ) ? bufD : NULL, lenD, + ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 ); + } + else + { + /* Import N, P, Q, D, E separately. + * This should make no functional difference. */ + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + ( lenN > 0 ) ? bufN : NULL, lenN, + NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + NULL, 0, + ( lenP > 0 ) ? bufP : NULL, lenP, + NULL, 0, NULL, 0, NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + NULL, 0, NULL, 0, + ( lenQ > 0 ) ? bufQ : NULL, lenQ, + NULL, 0, NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + NULL, 0, NULL, 0, NULL, 0, + ( lenD > 0 ) ? bufD : NULL, lenD, + NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, + ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 ); + } + + TEST_ASSERT( mbedtls_rsa_complete( &ctx, + mbedtls_ctr_drbg_random, + &ctr_drbg ) == result ); + +exit: + + mbedtls_rsa_free( &ctx ); + + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { From 417f2d610721e819ae0f0340e3bdecec0a91329d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:44:51 +0100 Subject: [PATCH 0145/1059] Add tests for rsa_export This commit adds tests for the new library function mbedtls_rsa_export. Each test case performs the following steps: - Parse and convert a set of hex-string decoded core RSA parameters into MPI's. - Use these to initialize an RSA context - Export core RSA parameters as MPI's again afterwards - Compare initial MPI's to exported ones. In the private key case, all core parameters are exported and sanity-checked, regardless of whether they were also used during setup. Each test split is performed twice, once with successive and once with simultaneous exporting. --- tests/suites/test_suite_rsa.data | 21 +++++ tests/suites/test_suite_rsa.function | 125 +++++++++++++++++++++++++++ 2 files changed, 146 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 15bd3dfbf4..9128be9986 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -451,6 +451,27 @@ mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Import Raw (N,-,-,-,E), successive mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0 +RSA Export (N,P,Q,D,E) +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0 + +RSA Export (N,P,Q,D,E), successive +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1 + +RSA Export (N,-,-,D,E) +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0 + +RSA Export (N,-,-,D,E), succesive +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1 + +RSA Export (N,P,Q,-,E) +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0 + +RSA Export (N,P,Q,-,E), successive +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1 + +RSA Export (N,-,-,-,E) +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0 + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 19867ec3ba..6229b829cc 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -905,6 +905,131 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_rsa_export( int radix_N, char *input_N, + int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_D, char *input_D, + int radix_E, char *input_E, + int successive ) +{ + /* Original MPI's with which we set up the RSA context */ + mbedtls_mpi N, P, Q, D, E; + + /* Exported MPI's */ + mbedtls_mpi Ne, Pe, Qe, De, Ee; + + const int have_N = ( strlen( input_N ) > 0 ); + const int have_P = ( strlen( input_P ) > 0 ); + const int have_Q = ( strlen( input_Q ) > 0 ); + const int have_D = ( strlen( input_D ) > 0 ); + const int have_E = ( strlen( input_E ) > 0 ); + + const int is_priv = have_P || have_Q || have_D; + + mbedtls_rsa_context ctx; + + mbedtls_rsa_init( &ctx, 0, 0 ); + + mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + mbedtls_mpi_init( &Ne ); + mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe ); + mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee ); + + /* Setup RSA context */ + + if( have_N ) + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + + if( have_P ) + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + + if( have_Q ) + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + + if( have_D ) + TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + + if( have_E ) + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + strlen( input_N ) ? &N : NULL, + strlen( input_P ) ? &P : NULL, + strlen( input_Q ) ? &Q : NULL, + strlen( input_D ) ? &D : NULL, + strlen( input_E ) ? &E : NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + + /* + * Export parameters and compare to original ones. + */ + + /* N and E must always be present. */ + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 ); + } + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 ); + + /* If we were providing enough information to setup a complete private context, + * we expect to be able to export all core parameters. */ + + if( is_priv ) + { + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe, + &De, NULL ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL, + NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe, + NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, + &De, NULL ) == 0 ); + } + + if( have_P ) + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 ); + + if( have_Q ) + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 ); + + if( have_D ) + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 ); + + /* While at it, perform a sanity check */ + TEST_ASSERT( mbedtls_rsa_check_params( &Ne, &Pe, &Qe, &De, &Ee, + NULL, NULL ) == 0 ); + } + +exit: + + mbedtls_rsa_free( &ctx ); + + mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); + + mbedtls_mpi_free( &Ne ); + mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe ); + mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ void mbedtls_rsa_import_raw( char *input_N, char *input_P, char *input_Q, From f1b9a2c78358a00ab264054781e3ebfc5caa7627 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:49:22 +0100 Subject: [PATCH 0146/1059] Add tests for rsa_export_raw This commit adds tests for the new library function mbedtls_rsa_export_raw. Each test case performs the following steps: - Parse and convert a set of hex-string decoded core RSA parameters into big endian byte arrays. - Use these to initialize an RSA context - Export core RSA parameters as byte arrays again afterwards - Compare byte strings. Each test split is performed twice, once with successive and once with simultaneous exporting. --- tests/suites/test_suite_rsa.data | 21 +++++ tests/suites/test_suite_rsa.function | 131 +++++++++++++++++++++++++++ 2 files changed, 152 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 9128be9986..88ff9badbe 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -472,6 +472,27 @@ mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Export (N,-,-,-,E) mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0 +RSA Export Raw (N,P,Q,D,E) +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0 + +RSA Export Raw (N,P,Q,D,E), successive +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1 + +RSA Export Raw (N,-,-,D,E) +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0 + +RSA Export Raw (N,-,-,D,E), succesive +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1 + +RSA Export Raw (N,P,Q,-,E) +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0 + +RSA Export Raw (N,P,Q,-,E), successive +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1 + +RSA Export Raw (N,-,-,-,E) +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0 + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 6229b829cc..d5ca5fcae6 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1030,6 +1030,137 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +void mbedtls_rsa_export_raw( char *input_N, char *input_P, + char *input_Q, char *input_D, + char *input_E, int successive ) +{ + /* Original raw buffers with which we set up the RSA context */ + unsigned char bufN[1000]; + unsigned char bufP[1000]; + unsigned char bufQ[1000]; + unsigned char bufD[1000]; + unsigned char bufE[1000]; + + size_t lenN = 0; + size_t lenP = 0; + size_t lenQ = 0; + size_t lenD = 0; + size_t lenE = 0; + + /* Exported buffers */ + unsigned char bufNe[ sizeof( bufN ) ]; + unsigned char bufPe[ sizeof( bufP ) ]; + unsigned char bufQe[ sizeof( bufQ ) ]; + unsigned char bufDe[ sizeof( bufD ) ]; + unsigned char bufEe[ sizeof( bufE ) ]; + + const int have_N = ( strlen( input_N ) > 0 ); + const int have_P = ( strlen( input_P ) > 0 ); + const int have_Q = ( strlen( input_Q ) > 0 ); + const int have_D = ( strlen( input_D ) > 0 ); + const int have_E = ( strlen( input_E ) > 0 ); + + const int is_priv = have_P || have_Q || have_D; + + mbedtls_rsa_context ctx; + + mbedtls_rsa_init( &ctx, 0, 0 ); + + /* Setup RSA context */ + + if( have_N ) + lenN = unhexify( bufN, input_N ); + + if( have_P ) + lenP = unhexify( bufP, input_P ); + + if( have_Q ) + lenQ = unhexify( bufQ, input_Q ); + + if( have_D ) + lenD = unhexify( bufD, input_D ); + + if( have_E ) + lenE = unhexify( bufE, input_E ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + have_N ? bufN : NULL, lenN, + have_P ? bufP : NULL, lenP, + have_Q ? bufQ : NULL, lenQ, + have_D ? bufD : NULL, lenD, + have_E ? bufE : NULL, lenE ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + + /* + * Export parameters and compare to original ones. + */ + + /* N and E must always be present. */ + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN, + NULL, 0, NULL, 0, NULL, 0, + bufEe, lenE ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN, + NULL, 0, NULL, 0, NULL, 0, + NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, + NULL, 0, NULL, 0, NULL, 0, + bufEe, lenE ) == 0 ); + } + TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 ); + TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 ); + + /* If we were providing enough information to setup a complete private context, + * we expect to be able to export all core parameters. */ + + if( is_priv ) + { + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, + bufPe, lenP ? lenP : sizeof( bufPe ), + bufQe, lenQ ? lenQ : sizeof( bufQe ), + bufDe, lenD ? lenD : sizeof( bufDe ), + NULL, 0 ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, + bufPe, lenP ? lenP : sizeof( bufPe ), + NULL, 0, NULL, 0, + NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, + bufQe, lenQ ? lenQ : sizeof( bufQe ), + NULL, 0, NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, + NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ), + NULL, 0 ) == 0 ); + } + + if( have_P ) + TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 ); + + if( have_Q ) + TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 ); + + if( have_D ) + TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 ); + + } + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ void mbedtls_rsa_import_raw( char *input_N, char *input_P, char *input_Q, From ce00263bd293b643840dbbdc97800296ee5c413c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 13:22:36 +0100 Subject: [PATCH 0147/1059] Add tests for rsa_check_params This commit adds test for the new library function mbedtls_rsa_check_params for checking a set of RSA core parameters. There are some toy example tests with small numbers that can be verified by hand, as well as tests with real world numbers. Complete, partial and corrupted data are tested, as well the check for primality exactly if a PRNG is provided. --- tests/suites/test_suite_rsa.data | 33 ++++++++++++++ tests/suites/test_suite_rsa.function | 64 ++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 88ff9badbe..5bef580c47 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -367,6 +367,39 @@ mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSA Check Params, toy example +mbedtls_rsa_check_params:10:"15":10:"3":10:"5":10:"3":10:"3":0:0 + +RSA Check Params, toy example, N missing +mbedtls_rsa_check_params:10:"":10:"3":10:"5":10:"3":10:"3":0:0 + +RSA Check Params, toy example, E missing +mbedtls_rsa_check_params:10:"15":10:"3":10:"5":10:"3":10:"":0:0 + +RSA Check Params, toy example, corrupted +mbedtls_rsa_check_params:10:"16":10:"3":10:"5":10:"3":10:"3":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +RSA Check Params, toy example, non-primes, no PRNG +mbedtls_rsa_check_params:10:"45":10:"9":10:"5":10:"7":10:"23":0:0 + +RSA Check Params, toy example, non-primes, PRNG +mbedtls_rsa_check_params:10:"45":10:"9":10:"5":10:"7":10:"23":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + +RSA Check Params +mbedtls_rsa_check_params:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Check Params, N missing +mbedtls_rsa_check_params:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Check Params, bad N +mbedtls_rsa_check_params:16:"b38bc65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +RSA Check Params, non-prime, no PRNG +mbedtls_rsa_check_params:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd18":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"":0:0 + +RSA Check Params, non-prime, PRNG +mbedtls_rsa_check_params:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd18":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + RSA Deduce Private, toy example mbedtls_rsa_deduce_private:10:"7":10:"11":10:"7":10:"13":0:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d5ca5fcae6..1f3c3b3395 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1030,6 +1030,70 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_rsa_check_params( int radix_N, char *input_N, + int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_D, char *input_D, + int radix_E, char *input_E, + int prng, int result ) +{ + /* Original MPI's with which we set up the RSA context */ + mbedtls_mpi N, P, Q, D, E; + + const int have_N = ( strlen( input_N ) > 0 ); + const int have_P = ( strlen( input_P ) > 0 ); + const int have_Q = ( strlen( input_Q ) > 0 ); + const int have_D = ( strlen( input_D ) > 0 ); + const int have_E = ( strlen( input_E ) > 0 ); + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; + + mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) == 0 ); + + if( have_N ) + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + + if( have_P ) + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + + if( have_Q ) + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + + if( have_D ) + TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + + if( have_E ) + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_params( have_N ? &N : NULL, + have_P ? &P : NULL, + have_Q ? &Q : NULL, + have_D ? &D : NULL, + have_E ? &E : NULL, + prng ? mbedtls_ctr_drbg_random : NULL, + prng ? &ctr_drbg : NULL ) == result ); +exit: + + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + + mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ void mbedtls_rsa_export_raw( char *input_N, char *input_P, char *input_Q, char *input_D, From 3a701161ff9b40d0945d0668ac4866237618938b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 22 Aug 2017 13:52:43 +0100 Subject: [PATCH 0148/1059] Adapt RSA selftest to new RSA interface This commit replaces direct manipulation of structure fields in the RSA selftest by calls to the extended interface. --- library/rsa.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index c807f911c8..78db24031e 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2495,17 +2495,23 @@ int mbedtls_rsa_self_test( int verbose ) unsigned char sha1sum[20]; #endif + mbedtls_mpi K; + + mbedtls_mpi_init( &K ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - rsa.len = KEY_LEN; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.N , 16, RSA_N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.E , 16, RSA_E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.D , 16, RSA_D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.P , 16, RSA_P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.Q , 16, RSA_Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.DP, 16, RSA_DP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.DQ, 16, RSA_DQ ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.QP, 16, RSA_QP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_P ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, &K, NULL, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_Q ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, &K, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_D ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, &K, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) ); + + MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa, NULL, NULL ) ); if( verbose != 0 ) mbedtls_printf( " RSA key validation: " ); @@ -2519,6 +2525,15 @@ int mbedtls_rsa_self_test( int verbose ) return( 1 ); } + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DP ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, &K, NULL, NULL ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DQ ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, &K, NULL ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_QP ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, NULL, &K ) ); + if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 encryption : " ); @@ -2592,6 +2607,7 @@ int mbedtls_rsa_self_test( int verbose ) mbedtls_printf( "\n" ); cleanup: + mbedtls_mpi_free( &K ); mbedtls_rsa_free( &rsa ); #else /* MBEDTLS_PKCS1_V15 */ ((void) verbose); From 6a1e7e5f4c072a6dee04473bd5602ab0bb1c7095 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 22 Aug 2017 13:55:00 +0100 Subject: [PATCH 0149/1059] Adapt pk_wrap.c to new RSA interface This commit replaces direct manipulation of RSA context structure fields by calls to the extended RSA interface in pk_wrap.c. --- library/pk_wrap.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index db6274cbf9..bdc0f3927f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -68,7 +68,8 @@ static int rsa_can_do( mbedtls_pk_type_t type ) static size_t rsa_get_bitlen( const void *ctx ) { - return( 8 * ((const mbedtls_rsa_context *) ctx)->len ); + const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx; + return( 8 * mbedtls_rsa_get_len( rsa ) ); } static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, @@ -76,21 +77,23 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *sig, size_t sig_len ) { int ret; + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + size_t rsa_len = mbedtls_rsa_get_len( rsa ); #if defined(MBEDTLS_HAVE_INT64) if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* MBEDTLS_HAVE_INT64 */ - if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) + if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( (mbedtls_rsa_context *) ctx, NULL, NULL, + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); - if( sig_len > ((mbedtls_rsa_context *) ctx)->len ) + if( sig_len > rsa_len ) return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); return( 0 ); @@ -101,14 +104,16 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + #if defined(MBEDTLS_HAVE_INT64) if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* MBEDTLS_HAVE_INT64 */ - *sig_len = ((mbedtls_rsa_context *) ctx)->len; + *sig_len = mbedtls_rsa_get_len( rsa ); - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, (unsigned int) hash_len, hash, sig ) ); } @@ -117,10 +122,12 @@ static int rsa_decrypt_wrap( void *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - if( ilen != ((mbedtls_rsa_context *) ctx)->len ) + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + + if( ilen != mbedtls_rsa_get_len( rsa ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, f_rng, p_rng, + return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); } @@ -129,13 +136,14 @@ static int rsa_encrypt_wrap( void *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - *olen = ((mbedtls_rsa_context *) ctx)->len; + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + *olen = mbedtls_rsa_get_len( rsa ); if( *olen > osize ) return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); - return( mbedtls_rsa_pkcs1_encrypt( (mbedtls_rsa_context *) ctx, - f_rng, p_rng, MBEDTLS_RSA_PUBLIC, ilen, input, output ) ); + return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, + ilen, input, output ) ); } static int rsa_check_pair_wrap( const void *pub, const void *prv ) From d58c5b2d164b0c05f5da81a843276ead828db683 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 22 Aug 2017 14:33:21 +0100 Subject: [PATCH 0150/1059] Adapt pkparse.c to new RSA interface --- library/pkparse.c | 123 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 94 insertions(+), 29 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index efdf437466..a6916e7b9b 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -520,19 +520,33 @@ static int pk_get_rsapubkey( unsigned char **p, return( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 ) + /* Import N */ + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0 ) ) != 0 ) + return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + + *p += len; + + /* Import E */ + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) + return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + + if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, *p, len ) ) != 0 ) + return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + + *p += len; + + if( ( ret = mbedtls_rsa_complete( rsa, NULL, NULL ) ) != 0 ) + return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + if( *p != end ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); - - rsa->len = mbedtls_mpi_size( &rsa->N ); - return( 0 ); } #endif /* MBEDTLS_RSA_C */ @@ -643,10 +657,16 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen ) { - int ret; + int ret, version; size_t len; unsigned char *p, *end; + mbedtls_mpi DP, DQ, QP; + + mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); + mbedtls_mpi_init( &QP ); + p = (unsigned char *) key; end = p + keylen; @@ -674,45 +694,90 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, end = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) + if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); } - if( rsa->ver != 0 ) + if( version != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); } - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } + /* Import N */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0 ) ) != 0 ) + goto cleanup; + p += len; - rsa->len = mbedtls_mpi_size( &rsa->N ); + /* Import E */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, p, len ) ) != 0 ) + goto cleanup; + p += len; + + /* Import D */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, + p, len, NULL, 0 ) ) != 0 ) + goto cleanup; + p += len; + + /* Import P */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0, + NULL, 0, NULL, 0 ) ) != 0 ) + goto cleanup; + p += len; + + /* Import Q */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len, + NULL, 0, NULL, 0 ) ) != 0 ) + goto cleanup; + p += len; + + /* Complete the RSA private key */ + if( ( ret = mbedtls_rsa_complete( rsa, NULL, NULL ) ) != 0 ) + goto cleanup; + + /* Check optional parameters */ + if( ( ret = mbedtls_asn1_get_mpi( &p, end, &DP ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &DQ ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 || + ( ret = mbedtls_rsa_check_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + goto cleanup; if( p != end ) { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; } - if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) +cleanup: + + mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); + mbedtls_mpi_free( &QP ); + + if( ret != 0 ) { + if( ( ret & 0xff80 ) == 0 ) + ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; + else + ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + mbedtls_rsa_free( rsa ); - return( ret ); } - return( 0 ); + return( ret ); } #endif /* MBEDTLS_RSA_C */ From 15f81fa21cfed84bcf79517d77c05baab696fcc0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 12:38:27 +0100 Subject: [PATCH 0151/1059] Adapt pkwrite.c to new RSA interface --- library/pkwrite.c | 92 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 81 insertions(+), 11 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index e00545881b..cb3c426f6a 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -66,9 +66,27 @@ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, { int ret; size_t len = 0; + mbedtls_mpi T; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->E ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->N ) ); + mbedtls_mpi_init( &T ); + + /* Export E */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export N */ + if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + goto end_of_export; + len += ret; + +end_of_export: + + mbedtls_mpi_free( &T ); + if( ret < 0 ) + return( ret ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | @@ -205,18 +223,70 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) { + mbedtls_mpi T; /* Temporary holding the exported parameters */ mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->QP ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->DQ ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->DP ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->Q ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->P ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->D ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->E ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->N ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); + /* + * Export the parameters one after another to avoid simultaneous copies. + */ + mbedtls_mpi_init( &T ); + + /* Export QP */ + if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export DQ */ + if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export DP */ + if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export Q */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, &T, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export P */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export D */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, &T, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export E */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export N */ + if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + end_of_export: + + mbedtls_mpi_free( &T ); + if( ret < 0 ) + return( ret ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); From d71dc159a6c6b0705ce1e5385f021fca7ad2d96d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:32:42 +0100 Subject: [PATCH 0152/1059] Adapt PK test suite to use new interface --- library/pkwrite.c | 20 ++++++++++++------- tests/suites/test_suite_pk.function | 30 +++++++++++++---------------- 2 files changed, 26 insertions(+), 24 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index cb3c426f6a..8eabd889b5 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -251,31 +251,36 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ len += ret; /* Export Q */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, &T, NULL, NULL ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + &T, NULL, NULL ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; /* Export P */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, NULL, NULL, NULL ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, + NULL, NULL, NULL ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; /* Export D */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, &T, NULL ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + NULL, &T, NULL ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; /* Export E */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + NULL, NULL, &T ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; /* Export N */ - if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, + NULL, NULL, NULL ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; @@ -288,8 +293,9 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, + buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); } else #endif /* MBEDTLS_RSA_C */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5fa8a693aa..58b6013d75 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -333,18 +333,19 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, unsigned char cipher[1000]; size_t clear_len, olen, cipher_len; rnd_pseudo_info rnd_info; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; mbedtls_pk_init( &pk ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); memset( clear, 0, sizeof( clear ) ); memset( cipher, 0, sizeof( cipher ) ); - clear_len = unhexify( clear, clear_hex ); + clear_len = unhexify( clear, clear_hex ); cipher_len = unhexify( cipher, cipher_hex ); /* init pk-rsa context */ @@ -352,21 +353,15 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, rsa = mbedtls_pk_rsa( pk ); /* load public key */ - rsa->len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); /* load private key */ - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &rsa->P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &rsa->Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &rsa->E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &rsa->D , &rsa->E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &rsa->DP, &rsa->D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &rsa->DQ, &rsa->D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &rsa->QP, &rsa->Q, &rsa->P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( rsa, NULL, NULL ) == 0 ); /* decryption test */ memset( output, 0, sizeof( output ) ); @@ -381,7 +376,8 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_pk_free( &pk ); } /* END_CASE */ From 6d43f9e0a43922793176a87bd44aa867302c3c06 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:35:17 +0100 Subject: [PATCH 0153/1059] Adapt PKCS v15 test suite to new RSA interface --- tests/suites/test_suite_pkcs1_v15.function | 87 +++++++++++----------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 09fe05bb3d..1a06e4fbaf 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -21,19 +21,21 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, mbedtls_rsa_context ctx; size_t msg_len; rnd_buf_info info; + mbedtls_mpi N, E; info.length = unhexify( rnd_buf, seed ); info.buf = rnd_buf; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( message_str, 0x00, 1000 ); memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -47,6 +49,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -62,12 +65,13 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; size_t output_len; rnd_pseudo_info rnd_info; + mbedtls_mpi N, P, Q, E; ((void) seed); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( message_str, 0x00, 1000 ); @@ -75,21 +79,14 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -103,7 +100,8 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -121,14 +119,15 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, unsigned char output_str[1000]; unsigned char rnd_buf[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; size_t msg_len; rnd_buf_info info; info.length = unhexify( rnd_buf, salt ); info.buf = rnd_buf; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( message_str, 0x00, 1000 ); @@ -136,21 +135,14 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -167,7 +159,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -183,28 +176,34 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E, unsigned char result_str[1000]; mbedtls_rsa_context ctx; size_t msg_len; + mbedtls_mpi N, E; ((void) salt); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); unhexify( result_str, result_hex_str ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), + message_str, msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + digest, 0, hash_result, + result_str ) == result ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ From 6326a6da7f1bb69869af97ef425c5f1c0393a497 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:38:22 +0100 Subject: [PATCH 0154/1059] Adapt PKCS v21 test suite to new RSA interface --- tests/suites/test_suite_pkcs1_v21.function | 102 +++++++++++---------- 1 file changed, 54 insertions(+), 48 deletions(-) diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 4f1ff4509f..bd09930454 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -21,19 +21,21 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E, mbedtls_rsa_context ctx; size_t msg_len; rnd_buf_info info; + mbedtls_mpi N, E; info.length = unhexify( rnd_buf, seed ); info.buf = rnd_buf; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( message_str, 0x00, 1000 ); memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -47,6 +49,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E, } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -62,12 +65,14 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; size_t output_len; rnd_pseudo_info rnd_info; + mbedtls_mpi N, P, Q, E; ((void) seed); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( message_str, 0x00, 1000 ); @@ -75,21 +80,14 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -103,7 +101,8 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -121,14 +120,15 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, unsigned char output_str[1000]; unsigned char rnd_buf[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; size_t msg_len; rnd_buf_info info; + mbedtls_mpi N, P, Q, E; info.length = unhexify( rnd_buf, salt ); info.buf = rnd_buf; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( message_str, 0x00, 1000 ); @@ -136,29 +136,24 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, + msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, + digest, 0, hash_result, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len); @@ -167,7 +162,8 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -183,28 +179,34 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char *input_N, int radix_E, unsigned char result_str[1000]; mbedtls_rsa_context ctx; size_t msg_len; + mbedtls_mpi N, E; ((void) salt); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); unhexify( result_str, result_hex_str ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, + msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + digest, 0, hash_result, result_str ) == result ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -225,16 +227,19 @@ void pkcs1_rsassa_pss_verify_ext( int mod, unsigned char result_str[1000]; mbedtls_rsa_context ctx; size_t msg_len, hash_len; + mbedtls_mpi N, E; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -262,6 +267,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, result_str ) == result_full ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ From ceb7a9ddb3c0cf6b63adce4389ce53cd95bdd903 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 08:33:08 +0100 Subject: [PATCH 0155/1059] Adapt RSA test suites to new RSA interface --- tests/suites/test_suite_rsa.function | 197 +++++++++++++++------------ 1 file changed, 107 insertions(+), 90 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1f3c3b3395..e3952d8f30 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -26,11 +26,12 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; int msg_len; rnd_pseudo_info rnd_info; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); @@ -39,29 +40,25 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), + message_str, msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, digest, 0, + hash_result, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len ); @@ -70,7 +67,8 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -86,15 +84,18 @@ void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int d mbedtls_rsa_context ctx; int msg_len; + mbedtls_mpi N, E; + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -106,6 +107,7 @@ void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int d TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -123,12 +125,13 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; int hash_len; rnd_pseudo_info rnd_info; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); @@ -136,21 +139,14 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -180,7 +176,9 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); + mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -198,16 +196,20 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, mbedtls_rsa_context ctx; size_t hash_len, olen; + mbedtls_mpi N, E; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); + mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); memset( output, 0x00, sizeof( output ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -236,6 +238,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -252,6 +255,9 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int size_t msg_len; rnd_pseudo_info rnd_info; + mbedtls_mpi N, E; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); + memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); @@ -259,10 +265,11 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -276,6 +283,7 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -292,15 +300,19 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode, mbedtls_rsa_context ctx; size_t msg_len; + mbedtls_mpi N, E; + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -314,6 +326,7 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode, } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -328,11 +341,13 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; size_t output_len; rnd_pseudo_info rnd_info; + mbedtls_mpi N, P, Q, E; + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); @@ -340,21 +355,15 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -369,7 +378,8 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -383,16 +393,20 @@ void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *i unsigned char output_str[1000]; mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ + mbedtls_mpi N, E; + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); memset( message_str, 0x00, 1000 ); memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -423,6 +437,7 @@ void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *i } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 ); } @@ -437,32 +452,26 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char * unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; rnd_pseudo_info rnd_info; int i; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); memset( message_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -503,7 +512,9 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char * } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); + mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 ); } /* END_CASE */ @@ -523,21 +534,25 @@ void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *in int result ) { mbedtls_rsa_context ctx; + mbedtls_mpi N, E; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); if( strlen( input_N ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); } if( strlen( input_E ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); } + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -674,12 +689,14 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) == 0 ); mbedtls_rsa_init( &ctx, 0, 0 ); - TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); + TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, + &ctr_drbg, nrbits, exponent ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); From c95fad35669a3330e4ec1a8be148280389335379 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:44:30 +0100 Subject: [PATCH 0156/1059] Adapt dh_server example program to new RSA interface --- programs/pkey/dh_server.c | 42 ++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 8bf2b1b29f..49066cd431 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -86,6 +86,8 @@ int main( void ) mbedtls_dhm_context dhm; mbedtls_aes_context aes; + mbedtls_mpi N, P, Q, D, E; + mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); @@ -93,6 +95,9 @@ int main( void ) mbedtls_aes_init( &aes ); mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + /* * 1. Setup the RNG */ @@ -124,24 +129,34 @@ int main( void ) mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + ret ); fclose( f ); goto exit; } - - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; - fclose( f ); + if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_complete( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + ret ); + goto exit; + } + /* * 2b. Get the DHM modulus and generator */ @@ -287,6 +302,9 @@ int main( void ) exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); + mbedtls_net_free( &client_fd ); mbedtls_net_free( &listen_fd ); From 83aad1fa869381d4b257c40e0e32ada7eee77323 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:45:10 +0100 Subject: [PATCH 0157/1059] Adapt gen_key example program to new RSA interface --- library/rsa.c | 3 +++ programs/pkey/gen_key.c | 39 ++++++++++++++++++++++++++++----------- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 78db24031e..cc8f5722b9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -894,6 +894,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, ctx->len = ( mbedtls_mpi_bitlen( &ctx->N ) + 7 ) >> 3; + /* Double-check */ + MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) ); + cleanup: mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 48126948d8..ed6ed308ef 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -191,6 +191,7 @@ int main( int argc, char *argv[] ) char buf[1024]; int i; char *p, *q; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "gen_key"; @@ -201,6 +202,11 @@ int main( int argc, char *argv[] ) /* * Set to sane values */ + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + mbedtls_pk_init( &key ); mbedtls_ctr_drbg_init( &ctr_drbg ); memset( buf, 0, sizeof( buf ) ); @@ -323,7 +329,7 @@ int main( int argc, char *argv[] ) if( opt.type == MBEDTLS_PK_RSA ) { ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg, - opt.rsa_keysize, 65537 ); + opt.rsa_keysize, 65537 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); @@ -336,7 +342,7 @@ int main( int argc, char *argv[] ) if( opt.type == MBEDTLS_PK_ECKEY ) { ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ), - mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); @@ -359,14 +365,22 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); - mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL ); - mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL ); - mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL ); - mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ); - mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ); - mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); + mbedtls_mpi_write_file( "P: ", &P, 16, NULL ); + mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ); + mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ); + mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ); + mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ); } else #endif @@ -409,6 +423,10 @@ exit: #endif } + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + mbedtls_pk_free( &key ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); @@ -422,4 +440,3 @@ exit: } #endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - From 54ebf9971d1645b2f08623df4b9e40204c4ffd61 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:45:38 +0100 Subject: [PATCH 0158/1059] Adapt key_app example program to new RSA interface --- programs/pkey/key_app.c | 53 +++++++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 13 deletions(-) diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index b6b84464d2..f1b548d05f 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -84,17 +84,23 @@ struct options int main( int argc, char *argv[] ) { int ret = 0; - mbedtls_pk_context pk; char buf[1024]; int i; char *p, *q; + mbedtls_pk_context pk; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + /* * Set to sane values */ mbedtls_pk_init( &pk ); memset( buf, 0, sizeof(buf) ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + if( argc == 0 ) { usage: @@ -189,14 +195,22 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); - mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL ); - mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL ); - mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL ); - mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ); - mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ); - mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); + mbedtls_mpi_write_file( "P: ", &P, 16, NULL ); + mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ); + mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ); + mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ); + mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ); } else #endif @@ -239,8 +253,15 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); + + if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL, + NULL, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); } else #endif @@ -265,11 +286,17 @@ int main( int argc, char *argv[] ) exit: #if defined(MBEDTLS_ERROR_C) - mbedtls_strerror( ret, buf, sizeof(buf) ); - mbedtls_printf( " ! Last error was: %s\n", buf ); + if( ret != 0 ) + { + mbedtls_strerror( ret, buf, sizeof(buf) ); + mbedtls_printf( " ! Last error was: %s\n", buf ); + } #endif mbedtls_pk_free( &pk ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); From 40371ec7838b8b0a030912e43e8b54728536a2ff Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:46:17 +0100 Subject: [PATCH 0159/1059] Adapt key_app_writer example program to new RSA interface --- programs/pkey/key_app_writer.c | 49 +++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 9d120772a6..52b0f8e744 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -76,7 +76,7 @@ #define OUTPUT_FORMAT_DER 1 #define USAGE \ - "\n usage: key_app param=<>...\n" \ + "\n usage: key_app_writer param=<>...\n" \ "\n acceptable parameters:\n" \ " mode=private|public default: none\n" \ " filename=%%s default: keyfile.key\n" \ @@ -190,17 +190,23 @@ static int write_private_key( mbedtls_pk_context *key, const char *output_file ) int main( int argc, char *argv[] ) { int ret = 0; - mbedtls_pk_context key; char buf[1024]; int i; char *p, *q; + mbedtls_pk_context key; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + /* * Set to sane values */ mbedtls_pk_init( &key ); memset( buf, 0, sizeof( buf ) ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + if( argc == 0 ) { usage: @@ -300,14 +306,22 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); - mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL ); - mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL ); - mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL ); - mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ); - mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ); - mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); + mbedtls_mpi_write_file( "P: ", &P, 16, NULL ); + mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ); + mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ); + mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ); + mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ); } else #endif @@ -353,8 +367,15 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); + + if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL, + NULL, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); } else #endif @@ -394,6 +415,10 @@ exit: #endif } + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + mbedtls_pk_free( &key ); #if defined(_WIN32) From ccef18c2ff28541877366c63eee6e41d7f28016b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:46:45 +0100 Subject: [PATCH 0160/1059] Adapt rsa_decrypt example program to new RSA interface --- programs/pkey/rsa_decrypt.c | 50 ++++++++++++++++++++++++++++--------- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index b64e1564a5..493c8706ef 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -64,6 +64,7 @@ int main( int argc, char *argv[] ) int return_val, exit_val, c; size_t i; mbedtls_rsa_context rsa; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char result[1024]; @@ -91,6 +92,9 @@ int main( int argc, char *argv[] ) mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, @@ -114,14 +118,14 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( return_val = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + if( ( return_val = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 ) { exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", @@ -129,11 +133,31 @@ int main( int argc, char *argv[] ) fclose( f ); goto exit; } - - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; - fclose( f ); + if( ( return_val = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + return_val ); + goto exit; + } + + if( ( return_val = mbedtls_rsa_complete( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + return_val ); + goto exit; + } + + /* Although we're not using them, verify CRT parameters */ + if( ( return_val = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_check_crt returned %d\n\n", + return_val ); + goto exit; + } + /* * Extract the RSA encrypted value from the text file */ @@ -184,6 +208,9 @@ exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); mbedtls_rsa_free( &rsa ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); @@ -193,4 +220,3 @@ exit: return( exit_val ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ - From d6ba5e3d8b7572a9cce4cb712cddf61523f459df Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:48:07 +0100 Subject: [PATCH 0161/1059] Adapt rsa_sign example program to new RSA interface --- programs/pkey/rsa_sign.c | 50 +++++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 11 deletions(-) diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index affbf7afc3..5f615618f2 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -61,8 +61,14 @@ int main( int argc, char *argv[] ) unsigned char hash[32]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + ret = 1; if( argc != 2 ) @@ -87,24 +93,35 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); fclose( f ); goto exit; } - - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; - fclose( f ); + if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_complete( &rsa, NULL, NULL ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + ret ); + goto exit; + } + mbedtls_printf( "\n . Checking the private key" ); fflush( stdout ); if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 ) @@ -113,6 +130,14 @@ int main( int argc, char *argv[] ) goto exit; } + /* Although we're not using them, verify CRT parameters */ + if( ( ret = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_check_crt returned %d\n\n", + ret ); + goto exit; + } + /* * Compute the SHA-256 hash of the input file, * then calculate the RSA signature of the hash. @@ -158,6 +183,9 @@ int main( int argc, char *argv[] ) exit: mbedtls_rsa_free( &rsa ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); From 0c2639386ee09f7c971ea827c938e776d5caafd0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:47:06 +0100 Subject: [PATCH 0162/1059] Adapt rsa_encrypt example program to new RSA interface --- programs/pkey/rsa_encrypt.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index b9cb187656..81c27d888f 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -69,6 +69,7 @@ int main( int argc, char *argv[] ) unsigned char input[1024]; unsigned char buf[512]; const char *pers = "rsa_encrypt"; + mbedtls_mpi N, E; exit_val = MBEDTLS_EXIT_SUCCESS; @@ -86,6 +87,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); @@ -112,8 +114,8 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( return_val = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + if( ( return_val = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 ) { exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", @@ -121,11 +123,17 @@ int main( int argc, char *argv[] ) fclose( f ); goto exit; } - - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; - fclose( f ); + if( ( return_val = mbedtls_rsa_import( &rsa, &N, NULL, + NULL, NULL, &E ) ) != 0 ) + { + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + return_val ); + goto exit; + } + if( strlen( argv[1] ) > 100 ) { exit_val = MBEDTLS_EXIT_FAILURE; @@ -171,6 +179,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); mbedtls_rsa_free( &rsa ); From f073de0c257008998d79ccd6cd54e7eac9aa494c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 07:42:28 +0100 Subject: [PATCH 0163/1059] Adapt rsa_genkey example program to use new RSA interface --- programs/pkey/rsa_genkey.c | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index e199ad247d..3dae0a6c89 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -65,6 +65,7 @@ int main( void ) mbedtls_rsa_context rsa; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; FILE *fpub = NULL; FILE *fpriv = NULL; const char *pers = "rsa_genkey"; @@ -87,9 +88,12 @@ int main( void ) fflush( stdout ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, - EXPONENT ) ) != 0 ) + EXPONENT ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret ); goto exit; @@ -98,6 +102,14 @@ int main( void ) mbedtls_printf( " ok\n . Exporting the public key in rsa_pub.txt...." ); fflush( stdout ); + if( ( ret = mbedtls_rsa_export ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + ret = 1; + goto exit; + } + if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL ) { mbedtls_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" ); @@ -105,8 +117,8 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_mpi_write_file( "N = ", &rsa.N, 16, fpub ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "E = ", &rsa.E, 16, fpub ) ) != 0 ) + if( ( ret = mbedtls_mpi_write_file( "N = ", &N, 16, fpub ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "E = ", &E, 16, fpub ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); goto exit; @@ -122,14 +134,14 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_mpi_write_file( "N = " , &rsa.N , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "E = " , &rsa.E , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "D = " , &rsa.D , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "P = " , &rsa.P , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "Q = " , &rsa.Q , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "DP = ", &rsa.DP, 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "DQ = ", &rsa.DQ, 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "QP = ", &rsa.QP, 16, fpriv ) ) != 0 ) + if( ( ret = mbedtls_mpi_write_file( "N = " , &N , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "E = " , &E , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "D = " , &D , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "P = " , &P , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "Q = " , &Q , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "DP = ", &DP, 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "DQ = ", &DQ, 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "QP = ", &QP, 16, fpriv ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); goto exit; @@ -157,6 +169,9 @@ exit: if( fpriv != NULL ) fclose( fpriv ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); mbedtls_rsa_free( &rsa ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); From 1a59e791e52ae41ccdafa321d82e0cd9849c8e7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 07:41:10 +0100 Subject: [PATCH 0164/1059] Remove CRT fields from RSA context if RSA_NO_CRT is defined --- include/mbedtls/rsa.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 366502a85b..8aefdb6603 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -223,13 +223,19 @@ typedef struct mbedtls_mpi D; /*!< private exponent */ mbedtls_mpi P; /*!< 1st prime factor */ mbedtls_mpi Q; /*!< 2nd prime factor */ + +#if !defined(MBEDTLS_RSA_NO_CRT) mbedtls_mpi DP; /*!< D % (P - 1) */ mbedtls_mpi DQ; /*!< D % (Q - 1) */ mbedtls_mpi QP; /*!< 1 / (Q % P) */ +#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi RN; /*!< cached R^2 mod N */ + +#if !defined(MBEDTLS_RSA_NO_CRT) mbedtls_mpi RP; /*!< cached R^2 mod P */ mbedtls_mpi RQ; /*!< cached R^2 mod Q */ +#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi Vi; /*!< cached blinding value */ mbedtls_mpi Vf; /*!< cached un-blinding value */ From 131134fa1af672066318737a568c0539922176ed Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 08:31:07 +0100 Subject: [PATCH 0165/1059] Adapt RSA test suite to deal with RSA_NON_CRT option --- tests/suites/test_suite_rsa.data | 3 +++ tests/suites/test_suite_rsa.function | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5bef580c47..e1c51a9b13 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -272,12 +272,15 @@ RSA Check Private key #6 (No D) mbedtls_rsa_check_privkey:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Private key #7 (No DP) +depends_on:!MBEDTLS_RSA_NO_CRT mbedtls_rsa_check_privkey:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Private key #8 (No DQ) +depends_on:!MBEDTLS_RSA_NO_CRT mbedtls_rsa_check_privkey:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Private key #9 (No QP) +depends_on:!MBEDTLS_RSA_NO_CRT mbedtls_rsa_check_privkey:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Private key #10 (Incorrect) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e3952d8f30..c8506db3a1 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -590,6 +590,7 @@ void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q { TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 ); } +#if !defined(MBEDTLS_RSA_NO_CRT) if( strlen( input_DP ) ) { TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 ); @@ -602,6 +603,11 @@ void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q { TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 ); } +#else + ((void) radix_DP); ((void) input_DP); + ((void) radix_DQ); ((void) input_DQ); + ((void) radix_QP); ((void) input_QP); +#endif TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result ); @@ -657,6 +663,7 @@ void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub, { TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 ); } +#if !defined(MBEDTLS_RSA_NO_CRT) if( strlen( input_DP ) ) { TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 ); @@ -669,6 +676,11 @@ void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub, { TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 ); } +#else + ((void) radix_DP); ((void) input_DP); + ((void) radix_DQ); ((void) input_DQ); + ((void) radix_QP); ((void) input_QP); +#endif TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result ); From 23344b5fccf792a9945e982b59adc2352f596c4d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 07:43:27 +0100 Subject: [PATCH 0166/1059] Adapt rsa_complete to deal with RSA_NO_CRT option --- library/rsa.c | 86 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 73 insertions(+), 13 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index cc8f5722b9..0808a71d5f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -612,6 +612,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * to our current RSA implementaiton. */ +#if !defined(MBEDTLS_RSA_NO_CRT) if( is_priv ) { ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, @@ -619,6 +620,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, if( ret != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } +#endif /* MBEDTLS_RSA_NO_CRT */ /* * Step 3: Double check @@ -647,31 +649,89 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) { - /* Check if key is private or public */ - const int opt_present = - mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0; + int ret = 0; - if( !opt_present ) + /* Check if key is private or public */ + const int is_priv = + mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + + if( !is_priv ) { /* Checking optional parameters only makes sense for private keys. */ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - /* Alternative implementations not having DP, DQ, QP as part of - * the RSA context structure could perform the following checks instead: - * (1) Check that DP - P == 0 mod P - 1 - * (2) Check that DQ - Q == 0 mod Q - 1 - * (3) Check that QP * P - 1 == 0 mod P - */ - +#if !defined(MBEDTLS_RSA_NO_CRT) if( ( DP != NULL && mbedtls_mpi_cmp_mpi( DP, &ctx->DP ) != 0 ) || ( DQ != NULL && mbedtls_mpi_cmp_mpi( DQ, &ctx->DQ ) != 0 ) || ( QP != NULL && mbedtls_mpi_cmp_mpi( QP, &ctx->QP ) != 0 ) ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } +#else /* MBEDTLS_RSA_NO_CRT */ + + /* + * Check that DP, DQ and QP are in accordance with core parameters. + * (1) Check that DP - P == 0 mod P - 1 + * (2) Check that DQ - Q == 0 mod Q - 1 + * (3) Check that QP * P - 1 == 0 mod P + + * Alternative implementation also not using DP, DQ and QP + * should be able to reuse this codepath. + */ + + /* Check (1) */ + if( DP != NULL ) + { + /* Temporarily replace P by P-1 and compute DP - D mod P-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( DP, DP, &ctx->D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, DP, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); + + if( mbedtls_mpi_cmp_int( DP, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + } + + /* Check (1) */ + if( DQ != NULL ) + { + /* Temporarily replace Q by Q-1 and compute DQ - D mod Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( DQ, DQ, &ctx->D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, DQ, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); + + if( mbedtls_mpi_cmp_int( DQ, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + } + + /* Check (3) */ + if( QP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( QP, QP, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( QP, QP, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( QP, QP, &ctx->P ) ); + if( mbedtls_mpi_cmp_int( QP, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + } + +cleanup: + +#endif + + if( ret != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( 0 ); } From 33c30a0c7ecbbb09c7bcf8976b3f77ee25d3af44 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 07:00:22 +0100 Subject: [PATCH 0167/1059] Adapt rsa_copy and rsa_free to deal with RSA_NO_CRT option --- library/rsa.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 0808a71d5f..9a111b75c5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2425,13 +2425,16 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) ); + +#if !defined(MBEDTLS_RSA_NO_CRT) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) ); +#endif + + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) ); @@ -2452,11 +2455,16 @@ cleanup: void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) { mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->RN ); - mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); mbedtls_mpi_free( &ctx->DP ); - mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->D ); + mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D ); + mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N ); +#if !defined(MBEDTLS_RSA_NO_CRT) + mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); + mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); + mbedtls_mpi_free( &ctx->DP ); +#endif /* MBEDTLS_RSA_NO_CRT */ + #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &ctx->mutex ); #endif From dc95c890ad4c81e8df66f8a9ab42d24941730fb4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:57:02 +0100 Subject: [PATCH 0168/1059] Adapt rsa_deduce_crt to deal with RSA_NO_CRT option --- library/rsa.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 9a111b75c5..a1a9debb30 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -841,14 +841,21 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, if( !is_priv ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_RSA_NO_CRT) /* Export all requested blinding parameters. */ - if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) || ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) { - return( ret ); + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } +#else + if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, + DP, DQ, QP ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } +#endif return( 0 ); } From bee3aaeb5068b6fa3f072c82574c612abc8b07b0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:59:15 +0100 Subject: [PATCH 0169/1059] Adapt rsa_gen_key to deal with RSA_NO_CRT option --- library/rsa.c | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index a1a9debb30..78814bbdc6 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -906,7 +906,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, unsigned int nbits, int exponent ) { int ret; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi H, G; if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -914,8 +914,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( nbits % 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); - mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &H ); + mbedtls_mpi_init( &G ); /* * find primes P and Q with Q < P so that: @@ -926,10 +926,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, do { MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, - f_rng, p_rng ) ); + f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, - f_rng, p_rng ) ); + f_rng, p_rng ) ); if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; @@ -939,34 +939,43 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, continue; if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) - mbedtls_mpi_swap( &ctx->P, &ctx->Q ); + mbedtls_mpi_swap( &ctx->P, &ctx->Q ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); + /* Temporarily replace P,Q by P-1, Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); } while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ); + /* Restore P,Q */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); + + ctx->len = mbedtls_mpi_size( &ctx->N ); + /* * D = E^-1 mod ((P-1)*(Q-1)) * DP = D mod (P - 1) * DQ = D mod (Q - 1) * QP = Q^-1 mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D , &ctx->E, &H ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) ); - ctx->len = ( mbedtls_mpi_bitlen( &ctx->N ) + 7 ) >> 3; + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &H ) ); + +#if !defined(MBEDTLS_RSA_NO_CRT) + MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP ) ); +#endif /* MBEDTLS_RSA_NO_CRT */ /* Double-check */ MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) ); cleanup: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &H ); + mbedtls_mpi_free( &G ); if( ret != 0 ) { From 6345dd33b9e8996a4face60a7960ed078c1f9d10 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:59:48 +0100 Subject: [PATCH 0170/1059] Adapt rsa_check_privkey to deal with NO_CRT option --- library/rsa.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 78814bbdc6..dc1fae59cb 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1025,9 +1025,10 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) if( !ctx->P.p || !ctx->Q.p || !ctx->D.p ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); - mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 ); - mbedtls_mpi_init( &L1 ); mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); + mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); + mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); + mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 ); mbedtls_mpi_init( &L1 ); + mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) ); @@ -1041,27 +1042,33 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1 ) ); +#if !defined(MBEDTLS_RSA_NO_CRT) MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) ); +#endif + /* * Check for a valid PKCS1v2 private key */ - if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 || + if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 || +#if !defined(MBEDTLS_RSA_NO_CRT) mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 || mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 || mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 || +#endif mbedtls_mpi_cmp_int( &L2, 0 ) != 0 || - mbedtls_mpi_cmp_int( &I, 1 ) != 0 || + mbedtls_mpi_cmp_int( &I, 1 ) != 0 || mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } cleanup: - mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); - mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 ); - mbedtls_mpi_free( &L1 ); mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ ); + mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); + mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); + mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 ); mbedtls_mpi_free( &L1 ); + mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) From bf37b103708a1d434a26bbe2310088aabb611567 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 10:29:42 +0100 Subject: [PATCH 0171/1059] Add test run for RSA_NO_CRT to all.sh --- tests/scripts/all.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9c5bbfa4a..b84d5289b3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -439,6 +439,15 @@ msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make +msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_RSA_NO_CRT +CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make + +msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" +make test + msg "build: gcc, force 32-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From ab3773123c80c7895f50377def0be42f1d1d6269 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 16:24:51 +0100 Subject: [PATCH 0172/1059] Add support for alternative RSA implementations Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and re-implementing the RSA interface specified in rsa.h. Through the previous reworkings, the adherence to the interface is the only implementation obligation - in particular, implementors are free to use a different layout for the RSA context structure. --- include/mbedtls/config.h | 1 + include/mbedtls/rsa.h | 8 ++++++++ library/rsa.c | 3 +++ library/version_features.c | 3 +++ 4 files changed, 15 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c7196402..ec004f5b31 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -267,6 +267,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_RSA_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 8aefdb6603..0deff00319 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -209,6 +209,8 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, * Implementation of RSA interface */ +#if !defined(MBEDTLS_RSA_ALT) + /** * \brief RSA context structure */ @@ -252,6 +254,12 @@ typedef struct } mbedtls_rsa_context; +#else + +#include "rsa_alt.h" + +#endif /* MBEDTLS_RSA_ALT */ + /** * \brief Initialize an RSA context * diff --git a/library/rsa.c b/library/rsa.c index dc1fae59cb..2976b71c24 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -464,6 +464,7 @@ cleanup: * Default RSA interface implementation */ +#if !defined(MBEDTLS_RSA_ALT) int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, @@ -2493,6 +2494,8 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) #endif } +#endif /* !MBEDTLS_RSA_ALT */ + #if defined(MBEDTLS_SELF_TEST) #include "mbedtls/sha1.h" diff --git a/library/version_features.c b/library/version_features.c index 5cbe8aca37..9bf6c61ecf 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -99,6 +99,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_RSA_ALT) + "MBEDTLS_RSA_ALT", +#endif /* MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ From b0c5edcc2f7108604c179e68057ffa8e46d51026 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 22:16:10 +0100 Subject: [PATCH 0173/1059] Correct typo in rsa.h --- include/mbedtls/rsa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0deff00319..6e07bfd606 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -79,7 +79,7 @@ extern "C" { /** * \brief Compute RSA prime moduli P, Q from public modulus N=PQ -& and a pair of private and public key. + * and a pair of private and public key. * * \note This is a 'static' helper function not operating on * an RSA context. Alternative implementations need not From fb81c0ec2efbe0ec73990e010ece6be9e9634cae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 24 Aug 2017 06:55:11 +0100 Subject: [PATCH 0174/1059] Guard primality checks in RSA module by MBEDTLS_GENPRIME Primality testing is guarded by the configuration flag MBEDTLS_GENPRIME and used in the new RSA helper functions. This commit adds a corresponding preprocessor directive. --- library/rsa.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 2976b71c24..72f661061c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -361,6 +361,7 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, * Step 1: If PRNG provided, check that P and Q are prime */ +#if defined(MBEDTLS_GENPRIME) if( f_rng != NULL && P != NULL && ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) { @@ -372,6 +373,10 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, { goto cleanup; } +#else + ((void) f_rng); + ((void) p_rng); +#endif /* MBEDTLS_GENPRIME */ /* * Step 2: Check that N = PQ @@ -571,6 +576,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, } else if( d_missing ) { +#if defined(MBEDTLS_GENPRIME) /* If a PRNG is provided, check if P, Q are prime. */ if( f_rng != NULL && ( ( ret = mbedtls_mpi_is_prime( &ctx->P, f_rng, p_rng ) ) != 0 || @@ -578,6 +584,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } +#endif /* MBEDTLS_GENPRIME */ /* Compute N if missing. */ if( !have_N && From 750e8b4596c5c0a3d84303b432fe5be60cc4337c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 07:54:27 +0100 Subject: [PATCH 0175/1059] Rename rsa_check_params->rsa_validate_params and change error codes --- include/mbedtls/rsa.h | 21 +++------ library/rsa.c | 69 +++++++++++++++++----------- tests/suites/test_suite_rsa.data | 46 +++++++++---------- tests/suites/test_suite_rsa.function | 30 ++++++------ 4 files changed, 86 insertions(+), 80 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 6e07bfd606..90c667b5be 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -186,24 +186,17 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * if D,E,P,Q != NULL * - P prime if f_rng, P != NULL * - Q prime if f_rng, Q != NULL - * - A non-zero error code otherwise. In this case, the values - * of N, P, Q, D, E are undefined. + * - A non-zero error code otherwise. * * \note The function can be used with a restricted set of arguments * to perform specific checks only. E.g., calling it with * (-,P,-,-,-) and a PRNG amounts to a primality check for P. - * - * \note The input MPI's are deliberately not declared as constant - * and may therefore be used for in-place calculations by - * the implementation. In particular, their values can be - * corrupted when the function fails. If the user cannot - * tolerate this, he has to make copies of the MPI's prior - * to calling this function. See \c mbedtls_mpi_copy for this. */ -int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * Implementation of RSA interface @@ -374,7 +367,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * \return - 0 if successful. In this case, all core parameters * as well as other internally needed parameters have * been generated, and it is guaranteed that they are - * sane in the sense of \c mbedtls_rsa_check_params + * sane in the sense of \c mbedtls_rsa_validate_params * (with primality of P, Q checked if a PRNG is given). * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. diff --git a/library/rsa.c b/library/rsa.c index 72f661061c..07cd66becf 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -331,7 +331,7 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); /* Double-check result */ - MBEDTLS_MPI_CHK( mbedtls_rsa_check_params( NULL, P, Q, D, E, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_validate_params( NULL, P, Q, D, E, NULL, NULL ) ); cleanup: @@ -342,20 +342,19 @@ cleanup: /* * Check that core RSA parameters are sane. - * - * Note that the inputs are not declared const and may be - * altered on an unsuccessful run. */ -int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret = 0; - mbedtls_mpi K; + mbedtls_mpi K, L; mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); /* * Step 1: If PRNG provided, check that P and Q are prime @@ -365,12 +364,14 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, if( f_rng != NULL && P != NULL && ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } if( f_rng != NULL && Q != NULL && ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } #else @@ -385,9 +386,10 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, if( P != NULL && Q != NULL && N != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); - if( mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) + if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } } @@ -398,37 +400,48 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, if( P != NULL && Q != NULL && D != NULL && E != NULL ) { - /* Temporarily replace P, Q by P-1, Q-1. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || + mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } /* Compute DE-1 mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } /* Compute DE-1 mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } - - /* Restore P, Q. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); } cleanup: mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + /* Wrap MPI error codes by RSA check failure error code */ + if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) + { + ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } return( ret ); } @@ -605,9 +618,9 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, else if( complete ) { /* Check complete set of imported core parameters. */ - if( ( ret = mbedtls_rsa_check_params( &ctx->N, &ctx->P, &ctx->Q, - &ctx->D, &ctx->E, - f_rng, p_rng ) ) != 0 ) + if( ( ret = mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, + &ctx->D, &ctx->E, + f_rng, p_rng ) ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index e1c51a9b13..8b1d1d59a6 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,4 +1,4 @@ -RSA PKCS1 Verify v1.5 CAVS #1 + Date: Fri, 25 Aug 2017 07:29:35 +0100 Subject: [PATCH 0176/1059] Remove double-checking code from rsa_deduce_moduli and rsa_complete --- library/rsa.c | 50 ++------------------------------------------------ 1 file changed, 2 insertions(+), 48 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 07cd66becf..d0cc9e0334 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -88,7 +88,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { */ /* - * mbedtls_rsa_deduce_moduli * * Given the modulus N=PQ and a pair of public and private * exponents E and D, respectively, factor N. @@ -167,8 +166,6 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, */ mbedtls_mpi_init( &K ); - mbedtls_mpi_init( P ); - mbedtls_mpi_init( Q ); /* Replace D by DE - 1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( D, D, E ) ); @@ -231,44 +228,14 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, { /* * Have found a nontrivial divisor P of N. - * Set Q := N / P and verify D, E. + * Set Q := N / P. */ MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, &K, N, P ) ); - /* - * Verify that DE - 1 is indeed a multiple of - * lcm(P-1, Q-1), i.e. that it's a multiple of both - * P-1 and Q-1. - */ + /* Restore D */ - /* Restore DE - 1 and temporarily replace P, Q by P-1, Q-1. */ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( D, order ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); - - /* Compute DE-1 mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, D, P ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto cleanup; - } - - /* Compute DE-1 mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, D, Q ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto cleanup; - } - - /* - * All good, restore P, Q and D and return. - */ - - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( D, D, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( D, NULL, D, E ) ); @@ -330,9 +297,6 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); - /* Double-check result */ - MBEDTLS_MPI_CHK( mbedtls_rsa_validate_params( NULL, P, Q, D, E, NULL, NULL ) ); - cleanup: mbedtls_mpi_free( &K ); @@ -615,16 +579,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } } - else if( complete ) - { - /* Check complete set of imported core parameters. */ - if( ( ret = mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, - &ctx->D, &ctx->E, - f_rng, p_rng ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); - } - } /* In the remaining case of a public key, there's nothing to check for. */ From d363799a9dfde3596a0aa763897abdfd6b4c411e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 07:55:03 +0100 Subject: [PATCH 0177/1059] Add mbedtls_rsa_validate_crt This commit adds the function mbedtls_rsa_validate_crt for validating a set of CRT parameters. The function mbedtls_rsa_check_crt is simplified accordingly. --- include/mbedtls/rsa.h | 34 +++++++++- library/rsa.c | 146 ++++++++++++++++++++++++++---------------- 2 files changed, 124 insertions(+), 56 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 90c667b5be..734c779c1e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -198,6 +198,38 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Check validity of RSA CRT parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of RSA modulus + * \param Q Second prime factor of RSA modulus + * \param D RSA private exponent + * \param DP MPI to check for D modulo P-1 + * \param DQ MPI to check for D modulo P-1 + * \param QP MPI to check for the modular inverse of Q modulo P. + * + * \return - 0 if the following conditions are satisfied: + * - D = DP mod P-1 if P, D, DP != NULL + * - Q = DQ mod P-1 if P, D, DQ != NULL + * - QP = Q^-1 mod P if P, Q, QP != NULL + * - MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, + * potentially including MBEDTLS_ERR_MPI_XXX if some + * MPI calculations failed. + * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient + * data was provided to check DP, DQ or QP. + * + * \note The function can be used with a restricted set of arguments + * to perform specific checks only. E.g., calling it with the + * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. + */ +int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); + /** * Implementation of RSA interface */ @@ -394,7 +426,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * before calling this function. * */ -int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, +int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); diff --git a/library/rsa.c b/library/rsa.c index d0cc9e0334..bd72aee8e3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -304,6 +304,92 @@ cleanup: return( ret ); } +/* + * Check that RSA CRT parameters are in accordance with core parameters. + */ + +int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP ) +{ + int ret = 0; + + mbedtls_mpi K, L; + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); + + /* Check that DP - P == 0 mod P - 1 */ + if( DP != NULL ) + { + if( P == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + + if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } + } + + /* Check that DQ - Q == 0 mod Q - 1 */ + if( DQ != NULL ) + { + if( Q == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + + if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } + } + + /* Check that QP * P - 1 == 0 mod P */ + if( QP != NULL ) + { + if( P == NULL || Q == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } + } + +cleanup: + + /* Wrap MPI error codes by RSA check failure error code */ + if( ret != 0 && + ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && + ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) + { + ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + return( ret ); +} + /* * Check that core RSA parameters are sane. */ @@ -621,8 +707,8 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * in order to be able to validate DER encoded RSA keys, * which always contain CRT parameters. */ -int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ) +int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) { int ret = 0; @@ -648,61 +734,11 @@ int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, mbedtls_mpi *DP, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } #else /* MBEDTLS_RSA_NO_CRT */ - - /* - * Check that DP, DQ and QP are in accordance with core parameters. - * (1) Check that DP - P == 0 mod P - 1 - * (2) Check that DQ - Q == 0 mod Q - 1 - * (3) Check that QP * P - 1 == 0 mod P - - * Alternative implementation also not using DP, DQ and QP - * should be able to reuse this codepath. - */ - - /* Check (1) */ - if( DP != NULL ) + if( ( ret = mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, + DP, DQ, QP ) ) != 0 ) { - /* Temporarily replace P by P-1 and compute DP - D mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( DP, DP, &ctx->D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, DP, &ctx->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); - - if( mbedtls_mpi_cmp_int( DP, 0 ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - - /* Check (1) */ - if( DQ != NULL ) - { - /* Temporarily replace Q by Q-1 and compute DQ - D mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( DQ, DQ, &ctx->D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, DQ, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); - - if( mbedtls_mpi_cmp_int( DQ, 0 ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } - } - - /* Check (3) */ - if( QP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( QP, QP, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( QP, QP, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( QP, QP, &ctx->P ) ); - if( mbedtls_mpi_cmp_int( QP, 0 ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } - } - -cleanup: - #endif if( ret != 0 ) From d9431a781748e64f3a90f8a08d3d31fe8dc9548f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 08:03:13 +0100 Subject: [PATCH 0178/1059] Minor comments improvement --- library/rsa.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index bd72aee8e3..073bde528d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -74,16 +74,24 @@ static void mbedtls_zeroize( void *v, size_t n ) { /* * Context-independent RSA helper functions. * - * The following three functions - * - mbedtls_rsa_deduce_moduli - * - mbedtls_rsa_deduce_private - * - mbedtls_rsa_check_params - * are helper functions operating on the core RSA parameters - * (represented as MPI's). They do not use the RSA context structure - * and therefore need not be replaced when providing an alternative - * RSA implementation. + * There are two classes of helper functions: + * (1) Parameter-generating helpers. These are: + * - mbedtls_rsa_deduce_moduli + * - mbedtls_rsa_deduce_private + * - mbedtls_rsa_deduce_crt + * Each of these functions takes a set of core RSA parameters + * and generates some other, or CRT related parameters. + * (2) Parameter-checking helpers. These are: + * - mbedtls_rsa_validate_params + * - mbedtls_rsa_validate_crt + * They take a set of core or CRT related RSA parameters + * and check their validity. * - * Their purpose is to provide common MPI operations in the context + * The helper functions do not use the RSA context structure + * and therefore do not need to be replaced when providing + * an alternative RSA implementation. + * + * Their main purpose is to provide common MPI operations in the context * of RSA that can be easily shared across multiple implementations. */ @@ -504,18 +512,21 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, mbedtls_mpi K; mbedtls_mpi_init( &K ); + /* DP = D mod P-1 */ if( DP != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); } + /* DQ = D mod Q-1 */ if( DQ != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); } + /* QP = Q^{-1} mod P */ if( QP != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); From b269a8584ac6a2cf0c246cf7d45c370dacf38e20 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 08:03:21 +0100 Subject: [PATCH 0179/1059] Change mbedtls_rsa_check_privkey to use new helper functions --- library/rsa.c | 69 ++++++++------------------------------------------- 1 file changed, 11 insertions(+), 58 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 073bde528d..903a57ca36 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1038,66 +1038,19 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { - int ret; - mbedtls_mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP; - - if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 ) - return( ret ); - - if( !ctx->P.p || !ctx->Q.p || !ctx->D.p ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - - mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); - mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); - mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 ); mbedtls_mpi_init( &L1 ); - mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); - mbedtls_mpi_init( &QP ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G2, &P1, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1 ) ); - -#if !defined(MBEDTLS_RSA_NO_CRT) - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) ); -#endif - - /* - * Check for a valid PKCS1v2 private key - */ - if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 || -#if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 || - mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 || - mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 || -#endif - mbedtls_mpi_cmp_int( &L2, 0 ) != 0 || - mbedtls_mpi_cmp_int( &I, 1 ) != 0 || - mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) + if( mbedtls_rsa_check_pubkey( ctx ) != 0 || + mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, + &ctx->D, &ctx->E, NULL, NULL ) != 0 ) { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } - -cleanup: - mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); - mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); - mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 ); mbedtls_mpi_free( &L1 ); - mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ ); - mbedtls_mpi_free( &QP ); - - if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) - return( ret ); - - if( ret != 0 ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED + ret ); +#if !defined(MBEDTLS_RSA_NO_CRT) + else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 ) + { + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } +#endif return( 0 ); } From 603b8c62c44c90fd37babc6743868252b39c18d5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:03:07 +0100 Subject: [PATCH 0180/1059] Clarify guarantees made by successful mbedtls_rsa_complete call --- include/mbedtls/rsa.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 734c779c1e..48b0145ebc 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -396,11 +396,9 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * like the derivation of P, Q from N, D, E, as * well as primality checks. * - * \return - 0 if successful. In this case, all core parameters - * as well as other internally needed parameters have - * been generated, and it is guaranteed that they are - * sane in the sense of \c mbedtls_rsa_validate_params - * (with primality of P, Q checked if a PRNG is given). + * \return - 0 if successful. In this case, all imported core + * parameters are guaranteed to be sane, the RSA context + * has been fully setup and is ready for use. * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. */ From c6075cc5acccf5bdd105a31300da7957a16e7ce3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:45:35 +0100 Subject: [PATCH 0181/1059] Don't use CRT for signature verification If CRT is not used, the helper fields CRT are not assumed to be present in the RSA context structure, so do the verification directly in this case. If CRT is used, verification could be done using CRT, but we're sticking to ordinary verification for uniformity. --- library/rsa.c | 41 +++++++++++------------------------------ 1 file changed, 11 insertions(+), 30 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index d3feeba88b..0c5bc4fb5d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -428,15 +428,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, #endif #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - /* Temporaries holding input mod p resp. mod q. */ - mbedtls_mpi IP, IQ; - - /* Temporaries holding double check results mod p resp. mod q; - * should in the end have the same values as IP and IQ. */ - mbedtls_mpi CP, CQ; - - /* Comparison results */ - int check = 0; + /* Temporaries holding the initial input and the double + * checked result; should be the same in the end. */ + mbedtls_mpi I, C; #endif #if defined(MBEDTLS_RSA_FORCE_BLINDING) @@ -476,8 +470,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, #endif #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - mbedtls_mpi_init( &IP ); mbedtls_mpi_init( &IQ ); - mbedtls_mpi_init( &CP ); mbedtls_mpi_init( &CQ ); + mbedtls_mpi_init( &I ); + mbedtls_mpi_init( &C ); #endif /* End of MPI initialization */ @@ -490,8 +484,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, } #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IP, &T, &ctx->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IQ, &T, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); #endif if( f_rng != NULL ) @@ -583,18 +576,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); } - /* If requested by the config, verify the result to prevent glitching attacks. - * For that, check the two prime moduli separately. */ + /* If requested by the config, verify the result to prevent glitching attacks. */ #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CP, &T, &ctx->E, &ctx->P, &ctx->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CQ, &T, &ctx->E, &ctx->Q, &ctx->RQ ) ); - - check |= mbedtls_mpi_cmp_mpi( &CP, &IP ); - check |= mbedtls_mpi_cmp_mpi( &CQ, &IQ ); - - if( check != 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, &ctx->N, &ctx->RN ) ); + if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) { - /* Verification failed */ ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } @@ -630,8 +616,8 @@ cleanup: #endif #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) - mbedtls_mpi_free( &IP ); mbedtls_mpi_free( &IQ ); - mbedtls_mpi_free( &CP ); mbedtls_mpi_free( &CQ ); + mbedtls_mpi_free( &C ); + mbedtls_mpi_free( &I ); #endif if( ret != 0 ) @@ -1245,11 +1231,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, size_t nb_pad, olen, oid_size = 0; unsigned char *p = sig; const char *oid = NULL; - unsigned char *sig_try = NULL, *verif = NULL; - size_t i; - unsigned char diff; - volatile unsigned char diff_no_optimize; - int ret; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); From 43f94721ab4e331517b71e678d9c5a72b6834958 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:50:00 +0100 Subject: [PATCH 0182/1059] Add quick-check for presence of relevant parameters in rsa_private --- library/rsa.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 0c5bc4fb5d..9b7d346c24 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -425,7 +425,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, /* Pointer to actual exponent to be used - either the unblinded * or the blinded one, depending on the presence of a PRNG. */ mbedtls_mpi *D = &ctx->D; -#endif +#endif /* MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) /* Temporaries holding the initial input and the double @@ -438,9 +438,24 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); #endif - /* Make sure we have private key info, prevent possible misuse */ - if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL ) + /* Sanity-check that all relevant fields are at least set, + * but don't perform a full keycheck. */ + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) + { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#if !defined(MBEDTLS_RSA_NO_CRT) + if( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif /* MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) @@ -1294,7 +1309,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, } if( mode == MBEDTLS_RSA_PUBLIC ) - return( mbedtls_rsa_public( ctx, sig, sig ) ); + return( mbedtls_rsa_public( ctx, sig, sig ) ); /* * In order to prevent Lenstra's attack, make the signature in a From cc209ca56d0592404f5019a03f4887e383f956d0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:51:03 +0100 Subject: [PATCH 0183/1059] Remove signature verification from rsa_rsassa_pkcs1_v15_sign This verification path is redundant now that verification is uniformly done in rsa_private. --- library/rsa.c | 37 +------------------------------------ 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 9b7d346c24..680df0d8e5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1311,42 +1311,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, if( mode == MBEDTLS_RSA_PUBLIC ) return( mbedtls_rsa_public( ctx, sig, sig ) ); - /* - * In order to prevent Lenstra's attack, make the signature in a - * temporary buffer and check it before returning it. - */ - sig_try = mbedtls_calloc( 1, ctx->len ); - if( sig_try == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - - verif = mbedtls_calloc( 1, ctx->len ); - if( verif == NULL ) - { - mbedtls_free( sig_try ); - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - } - - MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) ); - - /* Compare in constant time just in case */ - for( diff = 0, i = 0; i < ctx->len; i++ ) - diff |= verif[i] ^ sig[i]; - diff_no_optimize = diff; - - if( diff_no_optimize != 0 ) - { - ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED; - goto cleanup; - } - - memcpy( sig, sig_try, ctx->len ); - -cleanup: - mbedtls_free( sig_try ); - mbedtls_free( verif ); - - return( ret ); + return( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); } #endif /* MBEDTLS_PKCS1_V15 */ From 771d30edac2f8b38b4d3e628cd62e109f2a85c1c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 13:54:04 +0100 Subject: [PATCH 0184/1059] Add missing calls to mbedtls_pem_free in mbedtls_pk_parse --- library/pkparse.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index efdf437466..de0881adb2 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1082,7 +1082,10 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ret == 0 ) { if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + { + mbedtls_pem_free( &pem ); return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + } if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), @@ -1114,7 +1117,10 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ret == 0 ) { if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) + { + mbedtls_pem_free( &pem ); return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + } if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), From fab356996336ba286d71b5747ed981b6021878ff Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 13:38:26 +0100 Subject: [PATCH 0185/1059] Use in-place decryption in pk_parse_pkcs8_encrypted_der The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit RSA keys. This commit resolves the problem by performing the key-decryption in-place, circumventing the introduction of another stack or heap copy of the key. There are two situations where pk_parse_pkcs8_encrypted_der is invoked: 1. When processing a PEM-encoded encrypted key in mbedtls_pk_parse_key. This does not need adaption since the PEM context used to hold the decoded key is already constructed and owned by mbedtls_pk_parse_key. 2. When processing a DER-encoded encrypted key in mbedtls_pk_parse_key. In this case, mbedtls_pk_parse_key calls pk_parse_pkcs8_encrypted_der with the buffer provided by the user, which is declared const. The commit therefore adds a small code paths making a copy of the keybuffer before calling pk_parse_pkcs8_encrypted_der. --- library/pkparse.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index de0881adb2..3368f5bb2c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -936,12 +936,12 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( mbedtls_pk_context *pk, - const unsigned char *key, size_t keylen, + unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen ) { int ret, decrypted = 0; size_t len; - unsigned char buf[2048]; + unsigned char *buf; unsigned char *p, *end; mbedtls_asn1_buf pbe_alg_oid, pbe_params; #if defined(MBEDTLS_PKCS12_C) @@ -949,8 +949,6 @@ static int pk_parse_key_pkcs8_encrypted_der( mbedtls_md_type_t md_alg; #endif - memset( buf, 0, sizeof( buf ) ); - p = (unsigned char *) key; end = p + keylen; @@ -985,8 +983,7 @@ static int pk_parse_key_pkcs8_encrypted_der( if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - if( len > sizeof( buf ) ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + buf = p; /* * Decrypt EncryptedData with appropriate PDE @@ -1087,7 +1084,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); } - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), pem.buf, pem.buflen ) ) != 0 ) { @@ -1122,7 +1119,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); } - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), pem.buf, pem.buflen ) ) != 0 ) { @@ -1200,12 +1197,24 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, * error */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) - if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, - pwd, pwdlen ) ) == 0 ) { - return( 0 ); + unsigned char *key_copy; + + if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) + return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + + memcpy( key_copy, key, keylen ); + + ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, + pwd, pwdlen ); + + mbedtls_zeroize( key_copy, keylen ); + mbedtls_free( key_copy ); } + if( ret == 0 ) + return( 0 ); + mbedtls_pk_free( pk ); if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) @@ -1223,7 +1232,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) { return( 0 ); @@ -1236,7 +1245,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 ) { return( 0 ); From 37c6b6b339d8eb342ac610d4109453e5699dc536 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sat, 26 Aug 2017 08:15:22 +0100 Subject: [PATCH 0186/1059] Add tests for encrypted 2048 and 4096-bit RSA keys --- tests/data_files/keyfile_2048 | 27 +++ tests/data_files/keyfile_2048.3des | 30 +++ tests/data_files/keyfile_2048.aes128 | 30 +++ tests/data_files/keyfile_2048.aes192 | 30 +++ tests/data_files/keyfile_2048.aes256 | 30 +++ tests/data_files/keyfile_2048.des | 30 +++ tests/data_files/keyfile_4096 | 51 +++++ tests/data_files/keyfile_4096.3des | 54 +++++ tests/data_files/keyfile_4096.aes128 | 54 +++++ tests/data_files/keyfile_4096.aes192 | 54 +++++ tests/data_files/keyfile_4096.aes256 | 54 +++++ tests/data_files/keyfile_4096.des | 54 +++++ tests/data_files/pkcs8_pbe_sha1_2des_2048.der | Bin 0 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_2des_2048.key | 29 +++ tests/data_files/pkcs8_pbe_sha1_2des_4096.der | Bin 0 -> 2422 bytes tests/data_files/pkcs8_pbe_sha1_2des_4096.key | 53 +++++ tests/data_files/pkcs8_pbe_sha1_3des_2048.der | Bin 0 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_3des_2048.key | 29 +++ tests/data_files/pkcs8_pbe_sha1_3des_4096.der | Bin 0 -> 2422 bytes tests/data_files/pkcs8_pbe_sha1_3des_4096.key | 53 +++++ .../pkcs8_pbe_sha1_rc4_128_2048.der | Bin 0 -> 1254 bytes .../pkcs8_pbe_sha1_rc4_128_2048.key | 29 +++ .../pkcs8_pbe_sha1_rc4_128_4096.der | Bin 0 -> 2414 bytes .../pkcs8_pbe_sha1_rc4_128_4096.key | 53 +++++ .../pkcs8_pbes2_pbkdf2_3des_2048.der | Bin 0 -> 1298 bytes .../pkcs8_pbes2_pbkdf2_3des_2048.key | 30 +++ .../pkcs8_pbes2_pbkdf2_3des_4096.der | Bin 0 -> 2458 bytes .../pkcs8_pbes2_pbkdf2_3des_4096.key | 54 +++++ .../pkcs8_pbes2_pbkdf2_des_2048.der | Bin 0 -> 1295 bytes .../pkcs8_pbes2_pbkdf2_des_2048.key | 29 +++ .../pkcs8_pbes2_pbkdf2_des_4096.der | Bin 0 -> 2455 bytes .../pkcs8_pbes2_pbkdf2_des_4096.key | 54 +++++ tests/suites/test_suite_pkparse.data | 212 ++++++++++++++++-- 33 files changed, 1105 insertions(+), 18 deletions(-) create mode 100644 tests/data_files/keyfile_2048 create mode 100644 tests/data_files/keyfile_2048.3des create mode 100644 tests/data_files/keyfile_2048.aes128 create mode 100644 tests/data_files/keyfile_2048.aes192 create mode 100644 tests/data_files/keyfile_2048.aes256 create mode 100644 tests/data_files/keyfile_2048.des create mode 100644 tests/data_files/keyfile_4096 create mode 100644 tests/data_files/keyfile_4096.3des create mode 100644 tests/data_files/keyfile_4096.aes128 create mode 100644 tests/data_files/keyfile_4096.aes192 create mode 100644 tests/data_files/keyfile_4096.aes256 create mode 100644 tests/data_files/keyfile_4096.des create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_2048.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_2048.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_4096.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_4096.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_2048.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_2048.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_4096.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_4096.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key diff --git a/tests/data_files/keyfile_2048 b/tests/data_files/keyfile_2048 new file mode 100644 index 0000000000..35f6ee8157 --- /dev/null +++ b/tests/data_files/keyfile_2048 @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAieB9VRoWSXNwOBE/oR4/BhFEh8goR4jIysmjU2v6+WU5Xjtj +/G0EHK6OKpqUNF0mtBzeckZokzUOFt14VghYrUQKwYGb5Slc6ghXaQLeAkr0dfKx +JgTj6t5mMsqV3CrCFl/P6DAEyRg8paquPPYHczkwM8UZRB002IoYNXpLafM2XTnB +TKlskSWU/h2JzWrwwwZkMKyHAuIQ44x8vEtqSJDmX72qKJgsXJN54Yh1IPnMxXam +St4FtOhJHDHDQRB96tpzU9wGIcIFzuyOP7gUnisyobt9Xz0vc+vingOn1jKuQlyS +3fUpJHbGvwsTndLVsmbnlK9hvu1CAUb41PBoAQIDAQABAoIBAAjSPRKRzbU7VoWv +zNNhHQUlW64YR0N0Y+xdhD6VHQSRzl7SC+6dhvLS1DOzmiHTh+NkKXNEP/KTJWif +GNDgTdQgE1QYF8JMqC4tBHKqhUu+Qe+97EmTbIWdXwqG3Zmtfqdxz9p6IARBsbej +uOwbjZR4pzXYuWobOENWaoAZZ/PKS5yo6oMTgmn4navy2QJ2f7fduCF4YmMXRpnO +ORhAx1HCOgymPEhUzXaIiRsDzqY9nVxpz/S4UBw61JL4zQHTJpFe6EQokAFgsG6m +22cEvgdTn7cnf+pzh08XByXbD+WM9CYxe20GhtG62YY1zRTgK+9rxhiHobmNk7VU +YWQDEYUCgYEA/krm/p04dYRaRXcSOCdei57+R5toYYEH7g2DXaKLai171gUzc1k3 +z5TdXGSBBsAf59XBZ/5pXUgHzoOvd6d6aaVey7vkiaZQy9k0wbPK3qgFPhK1YbOc +UbMVEigtDLg0/5ZQ725mfXSp1oUsDbGEVTkeTakb8bTNr6qwtbzECP8CgYEAis17 +qAFQRWoFo6AqtAyG+xFC6C/ih5eboq2wibusXfloeb2dBd8ARpjSZ8H25+8m+Atq +fZRMzMfKRGRI59w/a10knRaafaVYFW27lMAuG8PcYeuRnM2MH1lFTsnWArBJKd7N +0FczGVMEufH9l+xaLLt76o3f3KTBScAk5tFSjv8CgYAa5qebJdy0KeU21graX+fT +k2VJA/q93d2N5GYSQMDI4bjpAjHYMQcDcbcdMBCqOybk6qsEKljRIm6Y/TtRyCje +Bj2KBf1+Rlbjyb2YBEIg3dt4HpiLlmmiBvTir9dcMhyBMVCsk5xKB050QDBR3oam +UV2QT6SCJGNiAwegojCG1wKBgDbLh9V7L0U35aICyNjrWR4kYlVnEfaVU0uVZev5 +usIeg7ALusFml6VHD0kGuYI2Vxv05cVNlkQBW0hEjsN5n0+zJZEeKz8O1wcemr7O +X2V2nLnLVWChhH+brlC8PVAyZ6+v1XA5/GIy89q0PXiMRc0C9phSCd4A7I1A3VCB +siXhAoGAJtiHq2Hy8Oh6JK+vEgXTyxYkqc8TRQn+sdg++9ObBv58XDGCwzvkK1J8 +NCLV1R5tOssownh9RkGbZ/qrhVxreUfSXa3tCuyF7bD0URULhCYCS7BNwVEHCUol +BwAbLAtcDnWZsVkpyCD/d8SUCovDyNLFMxacu3MuZCQuRRvnNqM= +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.3des b/tests/data_files/keyfile_2048.3des new file mode 100644 index 0000000000..1ac99fc4de --- /dev/null +++ b/tests/data_files/keyfile_2048.3des @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,769BBE561AFA55C5 + +4nlR2uEny6CDJHEdEG8Y3CUh5Pn54k7lCgd9UvP3CAo5DmKn7nGG+1Hvjky+dLD3 +pDCLOKKNUYM7Dx+HWw4SSfQzYfq2NySnTvnkGITEQfoqIBjQ+O0jkgPS2MTaB+lh +Vs0DYz26OWna8OAjR2gxxXxruCLmY4psmqYd6DX3yIlFawDTwFSbbhZpEGtJ/i/m +aQ1aRZGEgCgpmVIEPigHJaDZYUP6pSev8FPilGm9QbGkJSK10HIrBrk3xLAQtZVB +SYs/k3G7ZUNFF8GbvmyYmnx7Pfzsx90RZsHjRxW7je/eY5v7hf9XRcEnefLQ61ux +lfBKW8S+yVZueC34RIupsYKd8K9/iaAwkpRaCyiVNKicBlgoKPYSr3xGk06DMTTU +vYUZ/Usa8Bvc29MP+qHb/D4D/fKZiHJABNEVecWCnCBdZbCgSlrjEKMVeYg3nTAx +VrkvcPenfafuIBLPb2zYUGlehNmd7sWWVqCBQO64Xlmwy6ALpYBwlBUwpU75jB4w +H7duzO1+UAAz0WssleNKKbUc3YLwpojU6/y11bJw51BFjquTfxbkoTuXvALLiPQY +yUmFze+2DYeCRhlz/rPePHh9JzHBnm94vo48uThNzvf6aAdrqgHs5dbstotKpqW8 +bhlhzKdYjIcWV2JXV9klX3l7GA4aoSSlJAmljyxjGYPM8G3Zl0S/v9nUFXm8/o+e +e8HTTKnCUUUGOyForwo2mzoeTiDT5R/L5divX7Ni+liqQXWAnQEsHi+98RfkdDtn +86lW1uqEVLRT7E98fHDdSLtIXRbgBMO76dExWvqwtPPDj2UlOK3x4i4S4AOf/iy1 ++cmoBjwUVDcj/AaBBd9IzbSu/YUKxFNwmi7KPOJ2ZfJncqixoNb2cUPrWg37m7hD +5dodU4a56lUn04phzuem4z4HmNJqPFIDGUfePEQvgbkU1n+38yW7pQeP2xhJEYhv +ZqnSa1HK/mE8dZOldPQtOwUr4FwTc4JQwNW6vRmx1eothOfoaWpMWFPMOfKqL20O +JMN66nIqB7f0AXf+b2kVgTH46di/ldnbG5kj94h4zRd05ZfYJQKFktMYpi5/D+gS +7uZU7kLMeg4Ox5m3Wy1SuvIEvrdUtAULhO9i6DKu1SAn+9HPML3//hAxVmocJa5T +IGSSaOjRGluhbXjjGGJjm4GKP6WWNinprkT9xi46bWOlmi7/r8MMkLQ12aIeIwnY +1ClnkD+8AVDqZait8qZyJ8zYBUaS/v5lCS3tsTmjWfECFOsuJf+asintIWBP9tfj +YJPRxqpQ7+Idgd5a5LfLjalC+nLP6MzYoYtG2/erUr/YAYbr8Nmce9XH0m9f9Qhz +wGDRv/ydOJX+tK+ElPebeodDh7YGnOr/wrwTuuM/EQ4t/gFOYT+uFsrH4XvUAKU9 +TI1PewoS6+hDTzTB38KkYzfYPzVmRPHOegQWUf6QBYyWXg/2aL5am+S82ROCh+M2 +VZ0vHXs6b80gNBVm3wmCej51//biiBUZp/gundDksI4z3ucD6feQrbx6Qhlu6YTF +TW2LtoRtE+LdUkjEBZD2jwQKWIAXxY3/wMBeEo59mnBrbgRMfjYESQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes128 b/tests/data_files/keyfile_2048.aes128 new file mode 100644 index 0000000000..847cb7fb13 --- /dev/null +++ b/tests/data_files/keyfile_2048.aes128 @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,3ACD4E1226A197871FFE1D9EEC0BE0C7 + +yCMsLxfTSxyPdDUOtPAfcyMkUT6x3XsTPnRgBWGL3+tR1WviaRivMd0dHDH3gFS6 +NFaWZ4RLqVmj52D8VmHVGaZTup0Xeeoog4M3ooFerM8RMINZq1U0VW7o1BIMcWE+ +FIkjP5UP2+rhDTZbbU8YoGa0Q6cOYGRzu55c/x59S1QAz0M22MfpstNw1Gd+K5vH +jGmvdEkkPAYMh7t1kFMHt8Pt4hyBdBO9xeOJTfGLsWGQl6PZVLhOCH3pVHMSa3Z+ +7yu9CmUmFoiiKxzx4oavwlcPnzYUtnUoh1+Yvc3wzDwPiq4/rVtxMRGJ1GNO1nyP +sCTj/DKRzQY9ca06HRl6KQP4FLILbxLodOHWLj8sAEgIIdpAX1j2YBkvMR2usldD +RwEl6sBrldVz/kIK9BF6ThAFKIEHs6zNhPI0H1KC7AlsWFXxn+mHMwpg04Kw7Qdc +D+1x7EdiLMR8pcHxYYVhfgIJwnkS49wQ2ujn4vQijmWrXkB1n0soxTGHZiZr/J+i +8AzuS/RXwb0XzWD3wUivArIJSG5gF8u/ewfkSQcHrNFD2+O43dApEZQWx6EVPXBA +DDHO1HbvGvN8wvo9SlgN8cL9DlMRcmUp9Y7JYohCq02t8iPwAP11dMUjc6pA6a1G +He4/IB4H4E80Ldwz4L/KiP3LYwc6DoXz7C7XFrYHc/tvQ5Wl99Mk2shxhPmC8t0b +1hrNQFm00kL8ieGJMEi4hcSzG557CK5OKqigUWBb9hF1z/D2hRNt2rF8+6YmkmLq +HJgtyb7I5+u/lrCkiYjiJEJIwHVyaOswaMGX/VFNHXYxsCowslvRKhHGPIFfGzsv +H4LOjGEF7YDr+wb72WYmQ7aMIUTntmxoIlj90WRsZBSzs4WeiIE9zOkAUpq/E13I +fKbxvOSJoNnkQ97sWSq2KkdAa6Cni81c1aVPIBWsfxf0zHoffpHcLEKdGwvR/QOs +79KjkBypahLIqKLSv+/6nUv4cgHryrWV5SGBA2tDU9Kpd9oFIhhRFALnX7iHoY9v +zVIXa+I7LnL7J1vY2r1gybkud/dW5cj8ktBn2cPIKWja7OwdQ0r1XP3agHUng5F+ +fS4KKcqrIJc1u8jBKW2iCZ1blPL1dHnD882IaKbgAimmPPWY2M3V3NYY+U/HCgRn +dPflKeuBx8EVj5RnXJDb9hKyLUHZ7rwWkJl4ebPNKidCbdJTAge5BLQncbOwjytV +M8HdMtk5AzBZ7yPQ9UYrUpBJZZtV4fTY6Anlz5KtUAuQluAAcIMmdSQwL2nuimMt +Q65Ws5gvVx6CA7JVfCgLPt577z7EUNuGPTZ2MVOgsok9KDtkm30QZ7btB6H4eROY +H5qw2z6+m/LXhS7MdlLChbUJYQ3REmfHoiAPt+wiHVCvb+iTkMaWd41F3L9Ku9Kg +4XsNsu1I695Mxgoy0cokJrx75OAML8UMcc3JBSKiT2Tyqa5g4LVitqRzC+Bmywn+ +1LV0FLViAeOa9Znq4oh6YTPnq2obsYgDDWwXLd19T6zZMyIuyqFIKheCUjb8Tkcd +X0Yow6UfByeYxRsEcJ+kOGESjglGHCd1hVP5oaXfopmEHDV6s43o1LDNTO3lE1ft +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes192 b/tests/data_files/keyfile_2048.aes192 new file mode 100644 index 0000000000..7df17ef8c0 --- /dev/null +++ b/tests/data_files/keyfile_2048.aes192 @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,0FA7D4B72A5225AAD0A49DC257E29504 + +j8E0QV2YwI9uwTQIW+nl+LP6Fe7uTQsalCqvSLGuEy6uBeyjFMwaW7Sovz0BuHIM +ZvuL/KEGJnWg259cK/dxV5PS9ATz7ak/2rkb/rCKxYbPoFjFb0PIPqPhwuD4KCvl +obeT1NQFMeE+yOQW1Fe0hCXwRtGjw8qQVMrfb5sPuvTLSvD31XuzBx8AhYWZWJ4T +ETnVqTYahGFJfwQclHxIRPDiflmPwK0mZKtNZRDk5EA7wUQ+jnB/vKbdrSYcDS7q +et8n13+KjGucYX9rBHRo44AksP4iy7IwmNLdV00zND3jr8lcg39zjZd+5Vgj6mtA +tPZrZ12TFJQ6R5mVwnNTousWvYEY+fCe3xa7hNMzYQ2royLj2Y4cL/r9yrqhwJTp +yqYBIDH7t5xEvwww27vNiMrpWBrJ81O83bsGJDwn1knOjyO48zyZWSvBbCEPmPQX +B26mVBa3Ihp7uWfySnFFTDBc/bo/PBbr7YcQmRtt70jl/h4w1aOyrY3GHNL5j+VP +RKbZHkFbdTcsGIMil8uoWNA9ysra7xGvd0UdqpEffXVmtTrQ8i18FiqW3RsJoD3q +gw6Mm59LNaQJYe4/K/yaVKSJjOZb+a34sQjWjEOFWfDx2Go6/xZiQYRZAu3BFG5E +rs8F0RWAI27KTyVi1Nyv1FB/FVjhhrZHFJ0Na9Pn+EwaQ3UHbgOnAYzrWrMpviF5 +NTGCCXNLezbUFsHoY+Aa4kDD6O9PCYu8QD4uxAA9lrdYzdSFYGMaODpxkbCOyiws +VHm7BdNpFtXDcNpe1pJqo2MwpubR4UJf0Sdb6Vny9wujhHK7mvG4yuPbgcE3JFgO +hwutCwfiuErcCVmDUz83g0cwb+kCaovHFOxLMcf83dIOHPLQ7RlipBRxNFAr/A0z +cE9gJn2mumxX8AznBq+CjXlDe3okJY+gLFPQRurLS7HLkx9HCC5hC1Rtz+ublt4P +MMd4IONQPNAyycgK3v3U2+tYXuDY+Ys61p5AuHtWXc1drGw5oJICW7XJo4qpuzdF +V1iArLM488o1dYUJsA1ZtzaahmjfBBKOSYWmuxkG1VbI66Gr03gvTEM5itrBYBSO +4LMO7v8q7Ee7PATOdfbSzepEWNK3FwxuPIssKLak2FYHQrHMj2n267gUxUqN0Vql +Htz3yqFC+2v9GYX8M0w880SPbIiya3YBoQiNsvvJiQPX7LOyfPeVHQcBAtNiFEqU +zpnHZmTNp8smBNDjnnDG/kvx0AZma3jKJGInRKAm1Hvq/OxcgY3MRFFFmqFHJymT +2/TaxY+uKTHuemDktqkagjNrSkfl/pUkVBM//kSToQipvPPCSY4IrxCEy3evokgD +l8t//cSxZ+gysNSb5BfUVn0OacdCMNX59N+6EZqlemRP12br7EGZI51TtRI9Yrf5 +wTHgAJYHUzdlZFXY7Le9rlAqP9NvAyHeco13usz61hft2VYbzsSLCpr9TNdrWAp5 +STiqgigEDSdadgVmdGPW7wtwo/sBSJqn4t0E3ft21hBnZTrJMtVOjaOZH1vAjbbg +GMAYWVm+kNQlcWZ/5m4d5JEBqAO44uf2DOJFKB6BSqMq4uLRMd2ad36D8yD20EoU +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes256 b/tests/data_files/keyfile_2048.aes256 new file mode 100644 index 0000000000..c4528af54d --- /dev/null +++ b/tests/data_files/keyfile_2048.aes256 @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,511900B2A1B48AA3743724F105949A8C + +1bvPjaxx3owwhwO2763Zv8MDBgVZfK2hF+5pujHKuw3YH/Qntpnml3nqkSV0gLAM +vqxc6u2HRZFp0PhEEgeFP5UWhLS0F+lTByVzHThe+e/ihgvzZUFyto0SqqBz7hui +9BIpTGiGMckW7+AwzE3PgBERus7vTYxlnkvXjyUGsDCgfiqsfyU8I7q1s+3Tk8D7 +dCCHjo78bQ7uQ20htuje3bZqC4/AySd2k9UcyQ8QhdqCIgV6NjrT6iEFdkcwBPoh +9ZcbK6KWxG4zoKOmVtwrMfjEDKKoE1pJw01qE5mOcUJ+iEiLmNrZxQkSytu5A67d +yy34rEXs7MI7woh/TVW+rXlQcWhMlRSmsU3VymT7ghbXJQxc6NBTkvolCpz/tYdQ +0qr0V8khTQXWj71knrVdwe/NSaKX5GHJHs7Fp+V2L20uDgTc64x6JlLB9zpa+PJp +1LslcakIUsC/MXNonm7xZi0m3YoVQzXvMxAVY5PwMYzEm01olpxCakZo6LY5EjUs +bZElTHPey4RckyZmHwAzDLH6wcVFYdjhMWS/cHmJm6/j8jIRnFMpICknRAJgvfRf +zIm+WPZ6dUF2twRbbCuC6s4NxoKWTNRmzSRaxVt9CjLxOvuO41wJZ2aa7j+krlS0 +4SZo6Faay2OATt0eHhPciA2JlGUUyocIbMIxw4Lw8esTz8LU4xQIOUdR7hO/biv2 +Fdceg9iNajXem3pUF1vrkpYEJKaaIzyW4STaquF66XymP9qFwsMA09bv68qpJhA4 +Tg2Oo+3mWXhPv7zOj9dgmRjDMN5A6UBOjIS+bBkqBvEYB3X4h/YFJvHiwZh5YQDS +y0fObDaAl1lAFRDlUQgj1RhdGFzb7EKGi76L1AJ0ifYKgo29UTGZZ6G6OoMH/dNC +UdXmKuv3/zBDaJMY6to34D9qnYZvqzyyFMJjDQ6U+SVmxr0+Mc7yKMRp/pNFKVH1 +1jXg9KgpyE5YSFkNy5jNDMOkKpYE5AxCtw0ZL6YqElWIYESBEp8bwiK8TLiihZIM +cNehQUEeIXtlbp+jdJdF7Fv6NlQqi4LYW+z1ismkRGqRMFpatCWDZgTE3N/WtenZ +fNgG81hdHtGjGu8u4ZaWiGICZeEHLDHHnnJInPv0vubHfq6QpZXCf6wglgWcCAOo +iSC+wPkMxSvYv2NPrXSKObwgTidtFxP6Rif3Tw1K0NbQMXwiwlFlYJzSoScWFXVc +Y0jwHQYetW0d3s8pdRlfiMuH9WcuyBKTPdRp2qJbDvMPhIkyCfxlon1Y6HudM/LH +TgtDvoocD+Hz4eAGjtlSPALEKFAw9jk7PTh5n5Xi8PQOD9BtmVfKrGodCEVvsuWS +2D4fIBJrRn1gx2S/myv9NHdY27RhM+aE0ec+hUyIUbtX8nCtwYiD3aM+1pLqpbBt +uanVuLMGzxibRDHXgw9gaPMZU/9Abl6jKP73kSSybCUsLQaqlmiaXWrt6Kb7Lz9Q +GKECXwTRYRWKm3Pr8aLiP0sNCx0mpYbrNB91QGYzMxIKyqTh9ccMmYbWCgpW9xr1 +0ycuyY2KZO1iZZZvX7aBC0HiXpmoeBVIwCEx5VnQRa+53kmPrvgmAD4UxOZLH/wg +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.des b/tests/data_files/keyfile_2048.des new file mode 100644 index 0000000000..048fe79739 --- /dev/null +++ b/tests/data_files/keyfile_2048.des @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,4796A5CA4097FA2D + +Od7a7T2LoN2Hf00FTfCe+ZMu28YxdKLYKE5WF8YFC9FxwcO3mYPo7ROHZNG3sxvC +Er0NpOKSOg4Ni4QQKLCfiTljV07dK6Cy/fi20a74x73Vs/AC241uNlDBr6/R2Aht +nQqQxi15mjvofHPFtfG2wxhAMVd1j+hYKjrV67+X7x2GHxthRZu0vy0wC4HJSZWT +1SigoP6Lh6lbuaGdE2qvgqycD8NYLPEvYEyVr9FnnXg2W8wtSA2x8XqpHc1szwjO +XCSS2NFkkwMU7sVEzhz8wufbiG7aTFgQ4BNY6CN2u4sbfpWVH06vITPjVXeSdqbh +qD6jXSJbUyk7uBcRV8XUxuiOzzLQX7ijn9Hid2pX+TQhkKNYUZv1L8MrffYln2+L +txRYlOn0zl9T84amHwbwvRDjbrO0Kby3kbquGsL6EpHcq5HSSrPzqGjJeYOF5Ym5 +/xO52cz1YGU340eEJ1K1liW17pym6hy8hiD3xO/H0d2CLktp1aPKMX/HBkn4i7dG +8JmPySxMCBn3/vTps+4+tL8M63cNOOF0eb5RwhgX3hRk/bne1zvLLsZokGR4Z0Kj +Ru14fX2OZSpzzSthrcFWVygo3jlDzNzQfmf7s8s9XXH3lKQp1yNIYORqIyyNWGab +CRWoBNCpMcQqD3vCoi+NxbbA/tBc/TQTi5S3a1KNALqg+O+GoSM10qXFSyI55Nlx +EOmsNpS2T18E5eFjiQwuj5j6/qzMUDqFrt8P+QKAFDedJK0VCohIbALF7tiN0QR0 +EUfx2D5emuO+oMF1pa0XXy1EiG137dscOYxkcLemAkb49kv7dH4rAmU/pBW8GpwN +q3EVxN/0kCrS9UGU2w0FJxQy8nmkM2spnkUI0vMbDH1YWFi3hZE3oNs9VdIImXYo +IZ4nvkFJ3DRZxtV69CJGPwvypKG7v/BoHJNsupGBnsDhIN7gePKz7LOV+ucCg+yL +ZC+s6iN8CdvEBzmZvE0IdcGZEPKvTlbm94+uOVm7Vs5akbdbcHjUi7eeiOyYgC22 +0ACV2bKFcKbD6aDV+963luMfJxyLi/G8qUmjD4PRHxwg2C10NHmgD0fqA8V9urqZ +OY7KY5UZ+PQKN5YyJUKWEFLT+uMoH/q7ChwwSZbxUhaN+QTskr4eVIP8n9XWGyNo +VHlLx3tBjrFnkLwnlaTtXxcGGBQt7x+et8Imlgut9f7/w/2GKYSVtxuvLWNjfkWl +0+QIntSyRDHI3eVss+KXSYLyp4UafktHdSi0mIx+Ia3dpPt1ZPLo1IB7xebGCBx+ +9pPVhzfAIVx4B8KME8hcsR+WDUB46KoBpzMQCrmDfU1jdr1YmEXUZFk6m5aiGXsA +hm+VFGxx8m/eZUexvOo7JJ0A4zpQahUuaCpqmYQ9eulUCG59T6t/4mZoHrRfrVvs +qDfHQOgCqHwACgPn4qcn8uLym3L5TqY0o7yjhRHsCPUg8nN3Kox7Wv6xEDfLLFuM +vvNsqWvqyrPPUPV8FQKFZd4DquElvJg/YL0elZ4WvrxKs7qv7+iEGUNQQe+nRxJW +O9hCWxvg0Sbq5+i4P8qmBS64auGeTqM2NouuXBBv82dPZgx9ZFzBDw== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096 b/tests/data_files/keyfile_4096 new file mode 100644 index 0000000000..4999077aea --- /dev/null +++ b/tests/data_files/keyfile_4096 @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAkfkL9r8wEbm5rrsc9TwDi0lUaf6MPgYt+31JveSBl3EAX2HB +DlQLXSYHtFpj1p8Qi6peXf4U20+o6+MefB35J9eN75cpl4F0UY1zoXT3juF3T4f7 +/lGiHLevqxvEt2acK9/9YQYBV5iydDiPWUpOCTgMSsU1j9YklcSC7U+oVgTWXVla +80P53fw9yPHknM6uVXzgeI2A3/FaF4WF5n2eEZTLMRfxT2C73ySgZN5kWgaMjJvP +x/q5QJ+cLH9m/Z/xm8fDSWHrB125iAnLYOFNLkYIpLg/Tc62gZLzFyQQj96lIkqj +p+hoLrf0oRTKwkicOiIug0OP+CLrX4AxxZ1eHF9DMFgMMS3ymQvLl732DMyyJfyV +tXgeb8AKBuPAg9GNbDfZktJ9Azna5FjOeqngu/5Svfemd2gSLVLwiDGjm19euhG9 +01k85Haos2NjfvQZv8R6H6df6lGkch4tFMbeSaP0OEIukJU3agGRq4r9CrdbtoKh +7s+cewsbQf7xIkRGdovV389MotB3CO8wzamrJ1DRcmuFIhe64r0DhUZ8IUv8UAHc +ZmZ/uZ+EZeQOdz04LmcBV1WUqllU0jLTmKUk3X4dJ9E1/VDFbGmvstshdVOtDAHD +xI7hRLYtDYPYqpvIEuRQHTvDqtKzeVP5wU6Fqrsq8nvP0m8Vs72mmWA7JgECAwEA +AQKCAgEAgrsvEc9sd5OETo7ZgnA7JFWKOlt0sl/Kcr9keaLaxQy5LrNXuUNf4g6b +O9TwMVjH8q2kUj2p5DhVqtz/gl09tYcBYSBaaYvQ5vDuLB2bUOVwe1PoRX5K17lS +pMX7yd0l5M14GZrNPOxOdnPpPiij9vGxYI16SNWacl9Kesqqkk9GxNev8spgT4UG +uJ6bBiy8SWfLiWwBjY6UBxjYMPMzy78cs10kCtkxqMketPfPnCjdW1h4IDvWCaBo +uBlp3Z+PPNsNdP0zBqfT75gGA0AEZXrnZs50M3T8UtOOzpzIEHFwJ2P9afVkyOKL +PnBmntV0xUOzsG+j0rFDZ4ZiDP/BNfd3d3G3wDSYuUcg2XZe5VvdGOFkUAa4zk/z +6DI9nB6aEfq06GA9emaroTxNEED36dhnr82rV5bqS3RaI0sdPDOG7UGsxGItsdft +7L7/rzfMgI5wOyhNdOgeF4rdGtzADaRXMC1JblON1n/G9tbRJIVeELWPwSb62aQJ +rVYNafJjUWejpWMVd8NSBeC2s/cmhhNnF3ZUjHRh4fRx4jfTcPuuYi8ccwULDp9m +lbryYyclm1eUHmi8Lh1A2j0yZf1OTAaEQPQ62HBdlOnM+mgSPYI0w3oW68BOp5qQ +AuHmOfeCFql+exzruexKhzFxFmYadORkedVmh7KhE4EO4Ls6A/kCggEBAPXMNYgG +EfsWdp/IlnUg9Jf73VzPcG3feOg917sbzqKfgTY/VRtyhiJh4NLebXTZE1v0j3sr +rGQXtRXkvvgKtkDZmMB24aINf78RlxKUFFAHHQzpH1eNdxscOaYwc49R1SNZvyyh ++vzJHT6l5Y++gnsKzfdyFSZjF6pWSuupYMqHp+jXnrIvT6Ew0md0SM8I1Lt4vWG6 +PpJzhVWJ+EZSkzs1oApL7mAq5nIaxRc9VGRzFMi3p9VKJWcgLIyCTQcRd8uTsiYh +X4Qp2s4z8l5WSxLoHxzMMrSBc+j6yIC/rBcbdsfXQuaDG4RSB5UdbHd1suE1rDvG +3iRKyztVGpug7RMCggEBAJgIHwjwCPhthBipMm84v+o9clGk7GPofsp1d1V9gQs0 +/f5IqCsERCVcI+4il2inM+Gl6WAFAbwv2GrwzEgIJ15gstgaWdTnnmfGIDGG5A++ +nLPhvHyNUDek8pU5ZZX0uM2pHfNkCmLcZS3p2gCMTW4j9RSgtT9FpntVpGyRWn1/ +4Px0Lc5bke+c/HuXVnJ8TS8dOEgMzn5eVx8/UgqvGo5/bZXsNdOWjkVRUgFfrn+m +er7+VaO/lMFKWAoA7FyAjb37B4blxRVTAySCDtE7QFsNE4+HvSiMxoL2qpOpm696 +kp9Hw8TIkYEc5BA2S2e09pvnaYk61mbBfsz2DzcS5xsCggEBAOfCbs8c+iNIIP20 +ArnaIwaTQzvZlGblCXnhpeIU7BdGUm019id1KqiMpZHujEJa0/gmdotquJeACwzj +rHTwlLw879y5uzIzjDo6ebnYyfZTXr7nqNfC2YVEbc8XbD68qD02yB1rdd6YOuzx +O6z3sswVefNRLEQPtyazSt09zbfphRb1B/t2xJx2Dk3hxS0BZKSHyfm1xH4OUrA+ +8UxNW+m+PHK4+cDPco4wU5oAB+zW3cgL80IXMYE1QwwRaFO70rqvPpDZctiJJni7 +XlI5B3yCRaO/nie4z/PjUt6i277F9I+llr0G7hErz154aeeRoOLc2tNaRebuZwZA +zl/jsuUCggEAQ4r4HsRld9lP4pTo7zjLKon6DAO1cf2Mtu3RAo4rkosMfLhS3imb +DO4OmHGNytTd29YWBK60wqKPB5PLbgURWICldBTg7BGq8ne3Pcmr8MLCY7haQQuX +I+GIVHuXgjOjFtuXjtZXNuyrluZaD/xFOjWHYI61d1K+T/UQg5tgFHmHvyDuaMuN +3mJkWZQ2t845jEDzDC+EXegT1LIRBOYeakh6qyyyDTrKIkmqoSmdIOEZj1j3OzSW +Jfmde3RFjiMe1dR815WlJYAn2UReyN4GDW2VzyKDC0zftLdZuRiVLjTKhzEe7IIf +ArmPKRS2E3D2TvVUkb8uGaDFcNGwmMsxGQKCAQEAvALBprORw97j7qcPnMIO5/sD +jx+oglAWI4EkeOzvB7r5TiJrirPkjoBOk9W97WNUQ3vOYSuKJ1wJhMM8n3gVwdjP +LXcfeP2p+TSeARCQ3r54+OqSuwElOsyhT1GzZ+GvyRD9kOOBpU3zVCfsyGz8X2Tf +U5W70nCUrFgaZa6uwmUsOrnxmusN429PUHwsj8QbfrobaZI7n/bH+J6zG9wc54OQ +s2XMK1XOXkS1WYEf6PHsXux8ogYhBT/W52JQ05Wl7AJz/Kc5U1/NBGiQfN6PbA5s +9wYPwUpKPn/iisfFAyxPUZGdpXQVI0wdFN/834Nf4te6INzSsCRMqYX+QGuSTw== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.3des b/tests/data_files/keyfile_4096.3des new file mode 100644 index 0000000000..d608730f80 --- /dev/null +++ b/tests/data_files/keyfile_4096.3des @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,C49557C4D4A4968E + +qlXFWXp6OLjn/F8uMYgmMhV5UpDsFidTPbRpXs2Jlj289804AWCqfPr8AKCNVjoU +KuzdyuHnIUh7/Z0HfwnSncod9FD/vOUrg0j1mX3nQrM1IppNRClU8DnBIMi35ZQY +ObT5dyuTIxfxmAFMMrPMpoJs0Jfq1Wuqer4Z3OdU5sL9wTxvGl7aMVlrjN7NJiaH +j2LD3/z73dl3Whcrib6Z0ZI+GwFZHhgNHsx2c7DdlNPXAlW2fdLiwUHd4Li5sbAE +B6lV2qmvgO634KmpXka7AWAMMLEHGNArN1SIi+Ll9pcec+tJclysnFvgSAnjtt2n +eaqBWXneaJrKH3MM7fpeYKM6lCxsZaxWBxOCSM9XvFgi9QO587FrjZcak3JkxVpo +nISJlgYTMEmUpbmqfG3xHQa9uLd2HVIHw8FZkH25p3Uu86Tf5uuMSn91kU9+uvl3 +xq3JOAG+KqRl4AI1BhCuJeWv0cgRw7eNMj2He3qZ0+rFnqSpvgKB9gVVsSjAMl5c +g0WDcmiaTlF9e9or5HJCSOoGc5kkTHD412CNDHolYXGSiUOeWXvt1VFJJ4aJ0Lmo +WWgCcWllUuSabs8RCzEuuBAVEitJjUcUcG6FizXo+T92Mrw98PLFhut/UbOOYIIY +AbTL0ponOUMHCdkgPTOTXyEbL/Um6dAzCixf/WL2bJ4RcVML7yk7dVuwdgdnru9j +zxOoatuFkjvbGOG+7I8y+Qqv5qUAR235VwDiXVMyNJhFIk21Z5Qyo563R1t0kEI7 +SkuSNM+3mlx6TAgX6R0L0LwH+mS0PwFPeh3TA4hOtkEExexhsH8ks7lkJ7V1JEgQ +js+2r/ePzXpdNwrhUotUbbWz1khj9gGQ+9OV3vByJ2UFTgEgTqAwGwSrGJfQerdS +uAlbsEDSMCiP7zb3cGdXQLY7ztBJTksWPj9OJEy+LY2qD9Kc8/4ftrUZnumChvfw +9HClkFAN7CpkWUl/31KPGFayjU2wuhXI3Duo23+GOMLnaJ/uH3lc0bEWVQpJEc8g +NwpIZEHWSBARsOzmuP0xZs2URvHUpFxkQaoLBk3k2q3pqEBj3q0ApqAE0rb7jIFI +1n0FCLmPBMQob4BWgbhr5ow41dbtZaxjtkbIOp0129Xmwf+i1V2huwJM6AUPDWiM +eMPya1/uAX9x9d4mRSe44GBulSTYwf7eDZCB9dgABI2F4HbjePD/qFYQEoshAhpe +YXuL5EDwIgRzkS36tTcUuRzewcoSz8D/SUrsjfxzK+JEExqBSJm6rmS32hW8XmQb +Li9bT648+FAIu0wId9veTPkwVgIFUz7QKjUOd1WHIbU6OkWpuKE6woQ7BoQy6tRa +pdOAIhBfmEGL/qV6agqNcqgF6qxf+2R8sp/58EFjXgeY1nY7ZINGLqfWP158ZswX +P7JfkJ7kg3UNBG/mbM07hFALKTaGHjjQtY1xRz9FWA2fPzxbfv5hIwb/EQ2CchwV +zEVhpl3khkepiE4tGY4FEYmhOoh+5wJ03Ay4vkVRo7OnJaHMFOjQVo7Jwi8jtu89 +lKf5kSnvdbhhDVo0Gb5rbyAOQprCFdhj4Ko8MzBH+NCtPRXv8Jk2N5Zc32Q3+7Io +0lUH8SunlYu2ykOmTo/IRCqVDiv4gvCeUNrjthsr0yVgfkYZw9ud+BTaX96O2uXC +cjnSws5XrgeetKS5VV8Ogo/X4dTeSlau9UlN28R+hKmTU78Ncrs+lAQo2hSYQKMF +AL2MS1f4y32SVXeZrLgU2Meg9vF27eIQRaD7UR27GU+pwCL5IoOyNeUYz4Ci9UUA +YmNR/kuVQWk5E0qBVELTX/fOCCBoFbtak2ufWTu95WXPendiYQ7R3pmX0ZiVf7CU +0+QkwBqIT1kFDKsidTqfFYTkM8vX0GrI1AGv+xqzMualIAI5Kx+NNJuwzoZu0cZp +Vgk59ve6idtMJSql5IvdI6zFKmSZ8lSbLnoQnUv2Uc0s3vZrj5C0UO7hRVMT1FHa +avZEKzGWDfRAvbMPnsT0iuACJF9thU5rm2uzdr2ln/9U6BmrJgJeqD0txP+ikToy +MeIK6ZnV+fUejCy/qWqrNSji1mnLcU0vSV4HzlHAa/gYyAAHOOlV1fosgewmpm8p +I7SxZ5C7s5mBmLc7Ueam0i72nCGRsxK9+w0VHj9JcfH8oFKnjb9dyAOcLnXvYE5q +zURrLXmAfPaZbIx2z6d97gtkupOICzr45cLVCgAiU2rkQQr0TicIzG3GSpX4J6pG +8vMfBTH5AJ2M6B4Ni/QXc8U28NcTCMjbDKQ9lDO2MCCSMzdbU9PW07Rtym1ph+Tl +o1EV/67kxtrOUV1YTnt7WWty8NFUEMDi/TdTBERQyz0YhRHdDzo8dk/s7b+eIvJc +qdft8UM+ElZ02Pe2Fb/0sEJGO4yL8PQEhCwar7b/QIlM6PDXVgd6tLh13WajoGUU +C5OGC7WIYgzL09pOW9vPqV/LCBQUEQ/StRNrXS9TGuXHFmkmS/VeWOY3FdugI4mY +B4/Ws+3b9xZ7eXa7h/B/2AazjKqjZ2U84yRnbmyK56bMDSB03Y4HtpDApx4bLCad +UE5nObIUx8pUc55A71HYfmPqmK1bRsThsEZkjKsAEGaiflhkFLu8nVlphvFkGE3P +GerttzRweOHdEtnxkVdr2GHqzedj9X/gwzKWBPl5Ngm1lFR+q7mS9u90bAbfFpTk +oiQc00QnmAmMFanMs4ncb/6DQZ57LLprPaH+rstIIKW7BbhlmjoyWHrgn7kVn93L +ip67aX3xgE5HBxVmfUvAd6CxAoSGQBmurYk5lVe71ePLB2a+Op8LhJ8S03u9nZG6 +6w99tFdMgpBUgSsFsbxAZZ/ltn7LxvLLcP4yQFoIQhlK/NRY+RQHEgVbvBDVmRCA +WcRfGz+AGMqGpeIAah8X2qBpNcHVpGQ3pS6GNmbT3GdJrdWvnXpmniOCz2wdv5S0 +M9MMlNdCK/UyoM+nF6fJngMINQNECVtOyevBo7ukADf+oisMj/V+Xl0egU0rsAzG +F5JZbKlYEpwbJAdTesRKiD7GDVK/h/2nEtr0RrzgXdhE7I9ZLWbfo8AZrD97wIN3 +bcCjpsxhqy/RqMpft1ZXMtqhCD3RBYzLdd6E4c+BlgR8XiN8puKGj9MnmWjujl8j +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes128 b/tests/data_files/keyfile_4096.aes128 new file mode 100644 index 0000000000..09530538d0 --- /dev/null +++ b/tests/data_files/keyfile_4096.aes128 @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,6B62153E2407E123D027E7EA4D1DF26E + +Cp66825tjpbBQ5Qcq+y7kWlmn6qskut5oYCipmNnE+0qgSPAeIuaCAHf5U/N/IFg +zUn4EZnD03zkB0Bq1ei+8abHnyTSkMANDO0TcSnHMVeBr/TNTtwB6QjlwDv+zLUF +EEaFoKFcoxE52tjDqS1S9IGq+lv+p9hEIi5fNOLkxh+AMsabQqUklAg8rn5aN3Kn +gzCfNnX4nZJMf8JJWXOFn+kJCh2HD0NXmKhKj4Psxn8xftkUHlKJsjdUbCQhwD3x +lxj9CSYrePDehxsBIBDuanY8WoUOQ77Iv7Y3YBKlmvNDESeQLuRYRSpCSl5hIMlI +7/2yMkx+Pl1Ep7CM2FGC8qrdZb8x64G5GtxIWP8EHqAgV5jAbCwuViBf1xcZ1UMn +DMswwO3miy1ggWkBGJhazzKPrJ7dqEAwHLqxaNfNAjdTdihDd8DpRnrmwprFjIQX +KPwVuMit4h9Xcl8M1cKijtnjOBtfk/BVOkP9cGbU+kCl6TBl1NqhDecpAu1R6r68 +q0ROxGvDjABCwHfZA2TbHVGsn/aBqLwn6mauWX9c8Z4JmOLf7nir17FOe0PUJNGT +EdCTpErScYaJLYbz9mnK8L75S9hgt3gED5UG2hH1YJjKDf20KqxEWskiHdAj5Ael +0qX4rG7+sui/go5QAATS2YMiRco+M/Bq8nCURYvvOqUL9X8Q6/kgsGofSoR1CGE8 +HcS2ubr5jjCakmN82pYj1YOVWbvzyJ+/bc8qXOsdCRJJTB+IvimCf2dKKkc+um/g +pYWYtauJxAAc+gGlCAZa9NB6mz8/cDcj7p6mDZ89K4T2zgD3PbfLEnQoJFqbHvvA +mCJkQBkLkSxuMHWmylPdVkChZvpZN4grqeQNQMnatejp0lqFnv6ZehJmJm5LnKJj +vuuijQNfhv0Vdsr+FxbnV/MmpKctf8aes+2YE3u6k2TBzbhbFmvD9QzNGk1KgagY +s79CRyj8UhavfE88/LpdU0RkJbl3ffbstGDXkOx5UpHphasch53YWCyN+y7KUiEJ +tHU87mSbtyy0MAZr2RcZP4AKf1pdTRquO1o4S1PvExkKkdzCbTXD9Rcj34WbGirG +fgMf5uba690hBZdafIlJr0Ol40QBZbPSdk9zJwFWKpGwBZb9J6QkVR8fVH61+lpj +bWs5SoNKJ9t2Jw7WaX025WuKzORAwUYU3CLs/r6XptA5daN9VeILnFda1Aj+MKga +HLihqFYgrXOqgzdGuGpMKD0oKP5tu/KzkXqkdUr7xA9xchnx+gwmEYYMIH5Wl1TV +3sCLP0tbqlVXa3Uy3iLPf/rrL6nXY487Q2jS401F1JHuegOLtp03uDzkr4mTaw4K +78gbYUySkfFnKb11s8/ZtafZmKNKCeVRkmo+rglZ7CQ82atxIDy5uST5a1BgW2XT +1SRDNTCoopuP7iaX2ktuLARCVWk0BySWWfnDhKLBhdqxbPrarp0drAT59/IgUFyx +MFRUrploUmZ4TvMJ9QSeC1WEgEn70PDMAEZ8oaQu0DOX5CYA4QQVVlm5Si0Lys8R +Kky5YnzRG49yYnxqfmEkUPWVanIzcSLvqaXEcsNKSLLAvs5uhlLQNuTHOGkaERzx +Z1VQwKAPkLLtFRHnXMvEBlfuoLrGclC7MZukPrEC2QPz4IOgS5lIsmyKsVPcD9Jd +89B+4nAA/RlXik/m9bfKp2LVmzl5xQ9mbEN0sSZBXjrGh9cmwWY3SV0qPuUtjv1d +YSwQ9JI1AdwoyurbsgeGyIpP+o8lfEDUPJORcLeLjTCfJb113mz3b+S47ETZRhIj +eXxNebSwpSQyKejpOt8yKNLuyOel3bgxb3J7bFofOw42FwLd7T5PNRPt+kTlLthX +CbO3960CENB1aYd+TbSfMeHteuxI6uPyfiVGa5wpBh00zKl1zhNII7tLA1a9Pul1 +em8Jn4MHtH1oO1+Hw3gMn0HzfIWOTxi+IxmpHU8PLFkCV7UJYwdk2Wb4NmyXE3+c +fp5NDiQR9fnFWBW3rqZ4ubIr126bkdTSYqjCAUClszegqm6oY6SUjfQzuwJaZpLR +tDouKHiHLG76Qxz8codVcy3Jc8fClJPXyj8A5qMp7sCZVDiv7yramalFfF+wQCCi +H1nQk9mVd7BGbH3VU11PCkm4isilwlS7TJPGInCAi4PVI+HaEHBhKUrl2Z2at7UR +07GpPjV+6iLLio0FglaRzGBf/Q1Hps6rJ0Pe0jSp9CH7xKsaUG1MbiwgzSmu7IBt +to6gYlLbj+YRdgxoGJyrgPixxfNgxEkcNstGo8RbLZZpDL2T+4W64hlP6PcY4dpV +VJddVfKV08J+DBYOkFy5nFV6ay6d49uRbCyRT+KsqoH0rpMivJGbTBl33TAQDHko +oZdg5mlFiHg5SHLzPYGmH5FqPqAPZxHVc9JWHMbNQreKd6+UXDg+JSblTtWfgSy6 +O13/NoJ01DFy2WvrbSgrqThFAaRWkixQPpXLFCXCvFhGsw6ukla9mKc70oRp4zIb +h4/JBm1tW/MGbIDjGY/zcZeM1XEZLh2aGHiOeUNC/wbd57pFRr58Be7SUg9J4RAM +RJN/GkCDCUsOIyQzFDn0rCphN7gYsb6dZkCp6w3U/f6MTAETSkc/xn1K93WvV2iq +PbuUY/O7Dq6zavzhXhhEjPSST6x16JwaeVdXYjeIZptIoo9fFcxDVFGHcaOI+dPY +9QcQlL/uocYdZ9+bjBPnY2l8sObjr7JoizfKO54qECrgKZj3D8HRsDZHtmzIAFW7 +tK+FrP3c7FT8yUalaxgxoWEL3XtHynC1jawJzoaDNnrjr8Xq6UDK3Bsbd/6wGBaS +h3WInxkUMTxQ2l6ccGBYuYrk1d7bZgZgbw6qI43BhjGXo/AZr+Rg+HiCobIKjgpl +nwxxgt4BuoHU5+hOtXGTXa9r2IDYP0nzLt9pWKrlO4MvDRyijQVppGz4EuuO3QCJ ++Dt7wOO6B+VnncidbUMLtCtADXy2dYXP4UWwGbC8VzoQyiJg9VU63a/NwaOf167b +n8vFDcd8ErAQVm+wJzuFDymGBK8WkGGK98RB4/r4WtoUDbOJRx+ELu/dRzHtK4+x +rc8IUhgZnZlpFRDVCZZFkwQQdviVGkrGCprtzJo0owLl4BKIy28rTu4VUoBOmH8w +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes192 b/tests/data_files/keyfile_4096.aes192 new file mode 100644 index 0000000000..203d57a652 --- /dev/null +++ b/tests/data_files/keyfile_4096.aes192 @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,8AD7089E60B2EF8FE869EC60E0F3B161 + +F0RA2bY0ofjsvKaTHKhWzLvrDBPB/mZY7R5bfOU9Mk/OKtFxWo09uzQgTLsbG5Z3 +7esNgfAmB0Awm5np3OAfxb9dqprhSOoSSzBzd2TPy9AE3U6NwNPmv2DC+r312+M/ +QwGStdM4k8qAoi5c+GF6S8gqwZzTxInFd6AnoTvUJOZEmctMgGXz4xpW9ys7W2rR +ThumSKL6++oXPFjOsvBbVzMxscRIS/yEWnZvkxyzGpoN6+ewcXQYwbmIZpn2yYCm +M6liobqp5QweJZVANYPHWa6i+Xa8BsYAy311BQ8kVLiitoH8ok2tyrX4zkFqtX/J +MND3G17tOs2sDEtVfJHzxDau0G1zsbL6iQuwSg8fBDmk797iiT+7YYI7M5QhfmSd +oqrRoje8knwCbBZWfDb0mdHv0D1Z4dNqVcoO+YbndUf6mKLDvOCcnSZivSB2tcFZ +K4BoJJa6vGeWhIZ5i98WIfa/G1k7TNDEl/WJIcegTJMkT1YIeOtzodgnihKhAhUS +wyKmpmTvUNvaro5jFXJ1IYTpveyi6TpT2SM9/W/qJ07ih1ZqWynD7A4cEf1Q080v +hRxccwsVNkzQfA3DBigvrwmcm5xxNx4A/YrcqWbHIaudvQpsinTQTnE8A9c4SWti +SzfTLxkgxio8DADk+gTmh/kFx7AEaK0Wjyx3irLki+BmqcwzY0lYa9JECUktw9+F +jmakvBLHylkuFmnQzYhG2Km1+o83YkPpa7tXxQbuhw1YdLN0+PZRhZVz17FxZlv3 +824STsOCs4hhnOD4bqFaVgnj35SRa22K6BjkdSGHV2ZndLmKNbABg+qQmttS+rPV +WbgroCF54qM4ZciMlLBxlvIxJI8pIXkTwSRdBqMUFN/QNGFzWNFyYyIXKTz+T8ns +8LWy/Udvx6WQMAWHHEhzp+GbBOWnY2a+C0gENq80HK6n7d0tKWzRYy0dhUpki50A +yu1G2HvpDUboZQtlzBwXi9PXUZH7T9UPrymYchJrdW22Wz8oN4hyp6KQdrVSJ8YA +QpURkWaJfnWAdp+cQrRKl1x5mpDGShcRg6+hbpd7NGks1vNIFALb6/lTWmYQCZiR +ZjtGHubdUJIVqQovfJXL1fpOheR5k/N4UsqCc9Aal7cbcpIqGuWdDNL4caeI1SF0 +u3oYwK/58CBZQI09e+nQT4UHZb1+L9jr2EAgN45PU2XZ//Mz/+1/5MEZvMP0/lGq +ppUqwRRhBnDaueOrXmoh4XGTSYia3wsd8Zr5ElgvuYBjiUe49MwixI1UA8mmx6WG +JdgD3DE6W4soft3NuGYhQi3JzqlrqCux0KakYYORdrrdwXLszJf3euG1oqpmYhho +fIwH95eRygWBh+/kgN5CcVx50d0WZB4lteSEHQj8CZdlkEHwBGStVo7FtKRHQ2Uq +6eLB6VjxbpX2GxaS422xs/xGOoY7rnblB/9CKjdHYJ7xt/HPgOpkJxQv/6gcQqO/ +lIwxEj91hS7Hye+HCjGgK0XMG9so3ijT4UwLUvlVuePgdu3nwlAdVEXXBpRodsPA +fyZyYQbU4Rl0SVfwiZAZQ64rSvgjbHzb6vcu/hIzsSyuFLSk9CwFdPFqsLR+WRTH +JniyFGR/x4MM5OqStUbbNyFTIJgSN5KKgQ4Xd3BcK97hDX8cPhyaNxQ9y8HQSjqz +qfnq4t7VoNCIPqBdQ1en40Q76nYtq/9+1ENXZEJAgoiyZfKZm2Zw8HPYqLluhzzr +D7H+fmBAwngY8be1J3nphNM/m/oSzU3qbiKun2vORCkCPIrg5Hp9JQ1Ns4bQLVKn +7mAjgHCaB9kVzpNVokoMX8xlj5aaslke6y1NyA0T5RPb6oaD+KGmvQP6kZ2kP9z+ +uuKLwBkUFKlo+sqm4bV5DPg6bOJ8+xwd/yDv4NbY8qNWxKFXHmsgDjZZ/tOh/BP6 +RWXjFdSYD/R64wiXkJEylpBlEMvgCVPjm/+nHuNaLW0gV610kSd/jZhYkjzEYICH +O4qOTs014X53NjvnHBFwCoQSKmL0GqKIXnvJbpn6aOnN6UMsFxAbZyjytM/1C3w1 +lXbqTRI+dgA5Q5uxAa0QpA2HL2CqHuYfpLOsbT7dd+5wpaqffcUF3YyFyl4eCh5z +70CpqR3DOn47FbapjWGCbkYtIuLBo0TqlHWnX9k1XBsYdNSli7llyeAiY3w2k3Ho +HlXjaY1tuUjdmuJzB0MZ1G0ZUoW5mM9sVx1euab++rxDAMwR+qiOji+k3U6Qz2pM +d3waK8bSAmweFdfRZpeXh10ai4WVEJai30BXoiVEmnMTVTUp7pIjGX+q+x45wW1w +uoFPcjaTKLlNYNyBhPYOFtSymxJlHLvKnHaCp/DTCHHB/4knrX9We3mnSN2L6JuY +LNjbhtLFl646jYUsXanpLJHMQtgA30W4ddDMG8fUxKa4VcskrewBxbXb6+zS/Mql +EhYsdcTirrC4M7cknFI83z3wenvLdwSJicl4KRaCrJo33ayOCvU4qO9Whr2m3GZo +lxf6pcD082DhN+vw7oCQ9KvTEMDP1Hb+7Or1yD7aQrY2ZLv4kNicVMwAaaDHsuHj +fk9n05irX/1+fph2foJ5JJHP3Noh7rAIGH4qSIQY/w6MJ2IygEeS+JJt9z5q5GTI +VbwZ7XlFNZO83hG8XqcdXlOIl03utxhXYXu5bWqdWOfPdNyHDaF091jexC9ZfMGP +jc/Wv0Ig6lIGAgBhhBYIXV6E3i//+T3MJgvVIXgV6YmvZwOSWUw03JrHX4Fx6v0z +dP+LFD/xlwwBWgj9UN61Okzup0u5TE9vMy0P9mOkxlPzyo1bDnzqZYH+Eth7ZpF4 +04rodTycoTF63sFeX2LDzAgbtD1VdbLY9P9SlEEN3S3ZvjQOVnChaUXi4dU8riUj +GIw7VjIzlPdlq8WPvqueYVZK/t1OitNUHo6qUscFm2HMstR6dtpC2B/3wzr/3ECs +ChNTAcBibelDLRSFVgVTmHQK5e7cRVNK/uesIU75aICbNXjTMdLLZz1uOrHhpQUY +CcQOmOhM5Vc9I3EbglbQzVJkOACXV9w2Ak0EEXyFEiXmIuVRnSaiG13PqvpZWrdU +LVqnzUcsICEDZWQNbYVz3D9lV6Ox/hTsMv0lKDfrTepI2AXeTJ68uy4os/RG080c +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes256 b/tests/data_files/keyfile_4096.aes256 new file mode 100644 index 0000000000..062986035a --- /dev/null +++ b/tests/data_files/keyfile_4096.aes256 @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,B3D9724EA29BBCF46A5040D3B872750B + +DgCxMRNHyW13QuP0pGqEhke/+HP0/3HEKVZ0DLRAKhVYpKF1sHrPYD02dI6+6916 +b4Ny+LG0qEY7Lsv0NOAZq9alCMqKntUuXvRM5FeBDl4o0WKbR9y5i4c2LCutHIjx +AtYAP9gkvwfPolz8sM6GdWO2DLZLp3W/pQOrDKXdtU1wD9xcv/V0yfakSWMw2VPc +o8Lv1VkukXeP0aV5ZauaMYg6ZRebVIXtryt5BdXeR4IpZx/nbwrajalhcswYxGv6 +J+p2R67kbxED6XseD5darr9zZHV6I+m9vesetvnxFWYLR/j5nmGzuSi+8EAieuuC +vl+YaehTumHRsWWqQmr+4DBTh9dI5gxkP589Esy3Gim95oV/YxvTpWNOLEkbxTPr +Rq1tythoitFQ8sSNtpH9x56wC6mtOj4NOxyPIOb0+keYmzGFuLOhT6/TtJjMLYKj +1P+74kaYBAhlI7CVbnXiwyNR8nZxvaonXuixJvfJnERK6OyhfUoU7HaUjBrVCv3S +hEE4CqIkdlYjBl4UOcehKd8fPf79OSmFk58bUYZ1Bv2rf8SbLB0WUovnfL9Kdiat +uSW10c/ImG1y8NEF0uG6el71KpZX/fwZn+Ek7NJdc+fQxAfJniWIdAxalv5C1FBj +J6Rx1VWfSOUH+qbUkI3lkPmqAKK9SuIbh6B5tf43XYlWijeJUbMkH5CRHaS944Cj +2rcW23oWNmltKtXbfmjSRZiCN+nhQeRFEUuiUSMB5Qv3k0hPNLwVphSpDUFvclLc +UIzuDJCdYViTTgAGzVsM1Ob1zjBmtGc/gHZMOCHqXPZr7TFBhicXhAXzF40TX4ml +qBc3/Qn/2pM3yKM7+W8GgSN/kyU7E1R1bL2QhiXIXdhB0La9yhZKB702z7zVXa8k +QxJxiaS56cskCkIzb+/iW8JK2BW7A2q4gj45FDV7ITGsFT3rT0qF2pvxjfzClwwH +czxv/M25q3syT+P2H0b0EyJznkU5kpqBwL3dxLejybTQWMxEDElCF7YZS4LhRg7N +8sfIW8k13ko6/Jmkyb9zzsKTfoRMi2rAJQPaFbAqLHDiQJmo1HB4Wr3iYvHVnazl +WADVY1eSB6nMbGwZxNZDRU6Ul96nW5CoRUJCq2Y7ctN7wjomqKGZhhsp2fx1a2hQ +vrsYooqCM1EEVp+F2y9mJsuCl43EFPV7YJlGHbPUNF2s2hpBi0sWwWIWLMSnflh4 +eB+Jopij9C4plAPVF5LdcWxzDaZU//URaGoWeCPbAzLdKCXezVEGaQgm8PIcmLZU +XL09+4kIhptqw8GCjbjwArrceRhXrTuDsajv+uTfEthK5j7V963tWYF4DLYOtt9o +ecqQuCrVeeusnI7iSpiIwod1mYxNb7UoXui7yb9QcJemlBr/Ez3BfyAy9yQSXjGW +cM9ArsTG+n+IsPxNROQ/W2V7HJKfmVRjBcBgJnfl8sj3jxosLGxFtfnP8slzVAVi +KHaYSOOjR7KSiW91/7yvTMxXRuVGtARYalN+HrMssszpFFSCS1ubgYO+dKWmKGLl +VtgPiAwj7jghGvYUBg1EXoihi5j1HYIU5mPBEIuT9YVokHgg5eT+Wm5BG5SkVNIt +2Y8Z0zWXgnO0iDIHyxCNAajQXbQnBnx01QY3/PVowksQG/KhSFa/PLiGgxwNC+z0 +bTZiEbtHBe5O7kfoIvazYmuSOgyCfPkukEszxAivwcmZ7uIWwHlC74oXILvzJVuH +lvLXBEtnsfDEwjEnMevssUhnFgJ8hihwODF71L+2VBwjDqRkndjAVYBhON34Vg/R +0LGhtUSYMFfOfk0yrltNxD5iaMMIeds1Jktkn6Xz70rFy0Ykt59iTjrza6bDhGgY +h4ZSG9jO4Xknb/meoOacYb/3xX1pA9JQbb3G/R7haC5l9wmtMGFy2G3NPqtAtwKZ +2gDBrqu9MOp7a2Mxm3brQXE/rhlJB0AjyyioyOsGZKV/okY8bhGyGhx/1bgrDcob +LCP6XykjvFGOAU2RWAYkbvl4CKW9Bo1x1XrF9+QpPAXUg4lCLW6Fwoom3QVo/oIr +sZstrV4d7ajfbU8KeKz3+sG6O5xO49NXNtptYml7zMUFXsVsFbnVwLOqcTbtg68A +ICLYa0iFRTSgidqd7coY3yee5xwf8LkPGVnoUrtog6GWE4lLLamKF3+mPrtB+KAH +BWy42+yLrV07IDLVcAQdSNhKT1ppXxIE+ZnWQgPu3GJOmWxiRbygD9N7HbiaByDA +QAFVtsPdqQX05LVGoWE/EZsOQbxoXm8WQ2GxTUZQyMWFTOmRuxKa3tIwQOCPlQlX +xOdGIof2a7aAXIUAl91f+64uU09WXxt9UgPgV3WYLrsV0xHPLqMISYGkOJ13CpJi +TalaKQpm03W7nymKPST7QV5c21xZ1Q5DW5r/zOBF0+WbMJaHrqoZANvg2dzKUKWx +lbmCmclpWnTXl5LhIupCW8S2ft0Gpcypzj91du4LJoyTGi6mpqtGT/ZyrB3TpjYp +MtreLfl5R91IKBj7rW7/qUNRfBAsbhic6L/JXLNDIpqWBlk6vyU/dOwnt8GNa/xV +SELIaZZyofmRabnMISWPj48LoqqVUpWO+LhHDtqOo4f9Kp7cRfMJ1cVzMAL2fg18 +dQ7Gu4Kfv/CSQvl7YUZEMGFAAI264Nn8vnbhzsv+a5RDB4MYZQwCHUIIAczx+iEg +7PX/83vn/oZO/bmtJ+g2KDp1oBg3fab/rBOGsFucF3Pe+kBTZy23PpL1oX6xxqA3 +D0gN79PTLiOSV432aIIuCIm0LexCxAUW3c9CES9faNA2W0uyprVDPF+ML4sx8b1z +GRdVnsUcdJQzfG+JqJKeNb6lVVjOJIaG2/jtBvAzL3d0sNX2oSPJk0ruITRCsPfx +ZrPwjhZIZA/CjQ5PhzmLeL7P0Ker9E8HGI6UUdX5/Gh4DsfCwRfqP4hsc0TkjBum +bwFa5y9Bag/sTNzEOHVjWm5A1YhYGK8zl+NB109HYmAh5pryqWLwckREIB2uL7Bl +c8n8Z3wGeaC6Y6KEnrZlAdQyoTeBG2qQtW8iS4T17VF0JbCm8Crp9CbpkodksXZ2 +WyV//WE3Qgur3e+EYmZLyR3FwPym/zGTChoPFdsR+g8nDEJDSxJtmM/e0xMcJIJN +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.des b/tests/data_files/keyfile_4096.des new file mode 100644 index 0000000000..59d67719fe --- /dev/null +++ b/tests/data_files/keyfile_4096.des @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,2E1F86610218C7B3 + ++MJCE88fZkQQVdfI30MO09vUhc7VYoC5g0/idfl9dpNVV2mqy/M2lmH1NeTiGB3V +DY6zf05uSMj+IQBduchbmhlbRmDH41di917QJaysH0D/GbG57tHJW+Qet9dD4FPv +YuTnYvy1nyceFJ8n23kuVQoRIBKKRc9GOe06BEpUQGd/dPEuCyy/Am7jK4IZBWup +QcurBNyzsCqSiIYobIrymnUb62yS0eWabcD5L1ATxc90jL23HTivUfXHHD6D5ENO +n/ARuBvasopR7ZQPExokOjTD7e9mHJ5vnfK5JHd4VYLAs+IEYfTfMhOPheEIHas7 +ODOBtn4cLuNupP0m3BNKHbTg8t3iEu6/in0BcHkPyVCeDX/19Ga2T8inDAT7wC/U +OdYo71PTmRLrb9Ak8msGgsR1mzziBcz7ZNjQCoU+MuNJ82zFMQuw7A/TB7zRFoyR +qyP55Gu8yTM8K13wBvnvH7o9ttJNB3lwqo88po5foN8Tu8Q4T8M+2CEmxgYhZS7d +8LY1B3xmtpyyfuXXI/ten4s/aZ6vO1hnTCFq5sgwHH69JnvYxMAqPmEj1s6K6x/0 +OFzL0RPRXFPAKoJgd8gtSj7PEZ0MmrQxkmVFRU6EdO9waRxNDTN9aCqrTratrSJp +jUHLb72Xw98XEoVmTKWRTEodB4zuV+OjlGu6op7GhqroQPSQmwkVKg3wXIRJhDHg +61yj8m6Ph8qDUOn6WqixbBmyshyETIO4dDP7k2dsaRnduLtkicbeFIU8Q5sfkiVg +mDB67gGKJMGWNWthtwjVLtgE1y7Cpgj+tEWwZQkgnPKi9lT9dJodgysXMLIgaDS1 +XUUk0Ynt29jqAAvOUoikpQzf8DZqmYDpkhKnf8M2ATxsybrNnnb7/2W2kQe9wNsP +fq/z0iK/LM6sf+7y5sIifYlP80XRHJ/3K9T7sDZkK03xp0ok2+dZxAILjkuHGkJt +ANLTXuwgslPKusNgZNMVlpk0wJQCET2pRQNKUOjnRjo1T94gt5eBHUqX8qIlEHEn +9ANHy5AdKkI3Ay4G7qqAigz2+c2yXeF/8+HBHKX0F70VOiYvmKouufuntJ6FP9FN +i0QBIRKT/MgslD/WrAAjhjoTwoSLhnz50iQiim/UaIc7LkgqMypSsi29UQcNfQKg +4p0jPTJ11YE54IawbXVt5IEihhSNJBwuJEIa7ENDp8MAQXTe/9CXaj6rRNeqKLp7 +Oz1D6zHe7lYxFMSXi3jWsmqq48r7Kxc/hnn/WjHupGXjrszoTlc9/Vu+Q64wr9iV +bWq8nsz3IXCjJISOblO7CLVvuv5O46U0mADmxlftcjfbnTYuylixmZMtIncC8vgf +4GTi6bMub6hCuV0UWtMrjSNnIgatNdVoxq3kjKxwPjF1Vd27Pu6wnJgbDdMRhx87 +tJdcuPE8xDpAPW8U+zGyhhuvdbWTCXzlR64uJFpCS3TnGqQ3vE3uYsg4Bnpbw4So +A6dTvhw5Q/4+DDzpNXZkHY21zNtaDHs3Mbbr1ma+RrFlIU0PwgjjryogdGP9REoK +5XN5hvITGhzf0Hj3YwkWzU78Fmv87FQC7mtA9ag2Bfjc93axeOqKP7Gzel/iX4DR +dRZyUQ9E1Jthl+XgfRR7iQoZYI81plJjIj9xr0P2jG8ShjzKBdldsYD+sKQF8jfD +4obHk+gw9STV2u6EjFC26WfD4Ux11IL4sMRUXyVQng4DWameIiYHWesiR1ryIX5U +QGdEfUpTRiO+HTuLgOxc6eh801cvfbR7CU6WM4p0EBHbWcDnHRZHO3cM18W7JtO2 +J9g/F5ZInU2iji8v86fFtr1e8l1Mly7Njo7VTYJgqCT5G5bQ6C44y1ttwvSW9486 +T2AqshbmFIIhExA/inRzWPbPyQydj51TH0llWP1ZgQbBYjVX+Q8Nd2AdcJd/L5dq +/bfHbl3U2bTqZ1iT2HvS1wcwEOa+zlQgecmWg5VhEE5RGlhfLZNFYa08bYBIX4Yg +QOa+iHbwT5YOnPf9V1wGL+wZryzTXIT35lGa4GtqcZYvUz++gzlzv+LJnscTZJDx +zYSmeRI0jgjeJv6gIDRJiz9TBAr8Yug6ZGXLFGy8oTdhY80MQAlcS7UA21jQe2eN +tW5PW67ezVaoK5TnSIcMp3v8fsb8xNr9iK8sAvVaSLbtKQaj+8oOCnPfpjhgYYOy +VhPVRg6b2ZWNuFL+kSn+fEdaenWv5jNk/lfHnRuINjkjAXPiY2oBNLsoQPs/5/zA +aAIgO7507k2RI0Lhfeof+9XgJXbZBjTpvnxLWs8I1vY2SsycCXo6I6PwhFEYzTkX +hiWrHwPG6XqfVQspptIvCT2NmxDE73/ODuJgGrLx2Ok/gDOch85x6EyhTBklp83i +PBY6/vnoHj/evPwZl/wlSm8rTsLZhEj77teLiSul4sEpAttjEpjszBm0PBWR/RW8 +DyIQHjt2tZ6+9riPqXP0OBTyIluMuGR8XzGDhGI9lH6ndQFnl+rOfKt8j70cuDTp +wUHDHWwXm96yy2DxdIx2uMu19NI+FpHpGWaQgxW/AIUymtw+2NS+ihj5rsJ7xMF9 +EPIfUr3SUqnIqJ6lJNAN+hHFQgv/N1zhzNtkd4kftrzwWGdQHuVdu6CNnDzOUFKT +TWaq2BFkV76kl1L0DWFMefDPVXpD8vSqb99MGmdtlsqT6Czl98Q4+RPqk3QVFUJz +/2ClpgJriqeTJnZt25jjKUYEAATPjdBTDoaFFinkJo7802SRpOjaUGaR6ICatmdl +2pgTPHYGjz+YxucUbRQfeYj/gXRb7srOI/MlkCUinppTzJESCcVbnurWNsBJo+yD +2YgKoMZk0ARmYHw+sJ44fUmTU3/g9z+xHx97bqZCkqa+vNBeT7VmqRTrlHEzFnJI +UeqlyKtBq7P0z80OENkViVgnvzVakn9cd/4R/rQfy7jysGqLbXIt88fvFmcjLHdQ ++tcIjb68uxFo1W9KDVvj7iHrQpOaA9fKb42/AD5B1ditj4BvnbW+kma7IRGeG2FM +csj9KdGZNcwi+/X8lV9eoRN5U6F4NaGRI47P2wrICFY3WpYjvvM2bc2TNiwGOJmj +WA+fa9+a/l1UUjthsfMtLROPUJ6XBxLAAE0HWFmhx9Us3+Wm4pNu948ljecr21d5 +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.der b/tests/data_files/pkcs8_pbe_sha1_2des_2048.der new file mode 100644 index 0000000000000000000000000000000000000000..935d9fa7014a4c4a97fa0a31f66f62f4f957dc60 GIT binary patch literal 1262 zcmVr$Zvrn8a!P^ zj#qhNwXVUA_(!J1B)+IxBmqyV$OV!8p5@vI-b*VGvD6l^S#7@roy2xh1r|heeQL>i zj?8wv!6RKw(VL+K0=;9+43_h0tStWN<}=0j{Md-L-Pp2{yBmw;P)3S~sEd~S zhML2?{)rm!%Rk4?1)q)`(1gB`N}{R>^uxrgcc(c&EVr@!jcPJZ$T#rxyko5O;b21C zKs$0b5y^HV^PeAJ>p6rW1+dXnr|Z zxMWemPNwGbO*&haq#eoCOrusv+fB#kUA1t0);0MPr#-r)B%ZrH2(j@&Cp zV#k7?Gf3%iGADdK`FZd~$28YJUOM+tBfpwr(zhtB! zDABdx0}Khc`b92Z1WgHeb-Pg!>)M!$=&Jf*u*=_eC*n&~VBgziH(1mPn@G7RGIO>^ zi=B12AAT5&nAOUtr50f+E>-ar+r9dQmhYkvJ$}&-K*;|#6fsR034``RwuUX1*3vTl zo!C9goBeq(V4r#~esOAYpf@pJiMJA|Z$Pbfg>W2DXU^Cx?q4EkTfhcbMP2d<#JFLL zmYZE-O*Ft?sQZSGgh(#Xogsq6=g6M4pcb*?_ELA(Ue{4*Zi&*(sV|K$*OAIW=_e>> zLoY~rLli;M=Zs3zCTr0atC$nF?)*=z4OgpcMC4#2VcKpGM{EeQA0Q-}M_NrJvcXU~ z5kFUj_QMx9cvm^VWGq+JQt&KfXvPny`=4xkR#rZDC=_1y_2MDg@;&8=6F4Qm3spI? z-^5MvBt=Tg1DkS<==ze(<+hC6S2-E3BdFRLkbJ+cYNo6GHBurM8O~yu=Fs{xr#>t& z2*iRtzDm=S`U8R)pup~GL-cIM9P1PAop_p2!Y|6X;TXVx-=br12j`1lAlj$oVhV{B zRIqt(>ROeBkaQ7-VJuGm1w_qfBr`0pIB-`sas`4gNFf343aoxX<;;%>RDWwG3EVe% z7w%vUza4ws0)F~MLxKmS6C^huNAmm`3jp}*19^@|yBX=_hSDJs50ykfHc^t$ z!ym97Z)3h^al9~y9=b>h+J>ePlb}d$X&j}5fBcQdHdlcL{o@3zX0$^W_*{JN7g*z9 zP{O1h2Cas>XLuzoyc#X>=4`*F1pX+lh3`HVjl2`rR*Xm2>5?1BI7IMAl}dG?5YOP) Y3~S125U7CdZ_^?jIHo}?pa+_c8#pj)!~g&Q literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key new file mode 100644 index 0000000000..e05f22cdc8 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEEMA4ECC0AvA+c58vLAgIIAASCBMh9ku9CbE1W63cd +HGEVS7iodjHFNt2Vsjh8B7GSQ5lyAy3wozXJYYvgtw/N4EZ8Jdmdklj+ck+s48Tr +3giAn8huTBx4HAU70AR5T0Wjbgks+bTnRyHPxs0uZkwgQIlMFfFh/ZnhayXsyxRP +03kTimiJ1m3Kwch495it9eBmZmEAiHRlBwspAfT3UXjpVd/8qECbuYNn/uyme2et +BatTFTK3vKsV3msEl5/bmzc45Qga7n0bNqoNi22tI2jaqrH1ybxueoD0E+52RQXD +ViZdEQXS7YhtLYj02Rlbmlp72Y9tww9MF+uXO1xWtSJsthNQFN9g46mLlXAOPUf2 +xWiDIrcCsh72d7sEhKRF4AXQEpDb34XziB0046yUSi1zilRswStINEIL2F/ssqme +SMmEyphL2k8iwarQsYmUnoS4bDcWcKXkMmY2j2eZs0YMIgc4sRSnzKmwRGqvLXrF +NQNcJqJCnJgrhTTxrKlrC3ptbjtQpazv4hblqjdOtUOc5yXgm4jPZVsf82NZlH1i +HzUa4UT/Ne30diLxy8UAWZkPFup4Gn+bXFONEWywiYqvvpunkCXMCX9/6tpCn2s/ +K8m3+HE+eZW2RX239NYCwpFKazlQKySw4tc4CiN0LDO8rkxCyaSODej8hVqEj3TK +YviNS847cULC0dz3UrWkBv/YBY1MzvEty9yx7TNRc9c/X/NwSUH3YFWIhATBdufp +moTh8j0aRTC3jy2Steconay3qbdLP5zK2riGEqP9fbrNr9R1gfGNJQ9J+Yg5rYJF +fuxJ8bmgh9mtmqgdYkhe9vaLgBmMcLjTFo9GNHLKrpHMHfboim7avQskg9leLX0k +GAkY3vRvJqbC2M9rUVtSxNYbvbA4n1VJ9gSoLhVIXz0UpPi2YV6f3c0H7mpWQ1ZY +fBxgUVy9hoV7q3FwbcgoUU/BGxQ19BTrSAinnRn2n4UkbnYeYnjv89SB0yBFZfQB +u6VVXmHALMqCoc4H8EEfyk+5R4eLKm5Ww1rar6DmK3TIhANvcsrOpftZ8AoNj10h +CzDvzhMODRwPNM994D6zo6GJh7UGF5ksZvtFreZSHCmW5YtGgiikvKWYYrwQTLyq +HR+ytVmJhSoIpQsHMG961hZ/Qd8Tdg7/feDo+DaDidASbg3+4pZGOHCcmtrBSuup +gRncAbxFy3C0684xbHYENbq75ikegx7VXrlYC4sDYKtw/Qu+z7cOsEKzJ4WbXqMn +Bez5QaKKBBODEuCVOu5gfYoxcWNnUBBxmGF2LFlBU8SzHooZN/rBzIXv2I420dUo +XxyB/7dyyZuN3+/FDDwDcWhnS6oKtuhBW2/AwlnLmexICSIkRLzko8HqvdTav8ow +xShAP4plrwIPNlxirRtesWaDVIEcv1GxdKe+sOJOFEiAFGf+5xECeK79vq+A3Fuc +/ih4wKFYAXK2T5dBTrg3aHs8I4qg7l2Le2i0/ODFUAjMD2/wbSBnPlJj8brdabQe +lMmiz2iLK/HN0JGSq2CMBuF4zgPMbG2Tji1qSuKN4iSE3IJET+iGsH4zQ8SBETIK +bbKUkNL0BhFL9R1uSOPRBnI8wu58aDLEJ+KphlHpIouBohz+b82SfFPbrUQ9zIkG +PiknJ5EvALgdG+nOQqI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.der b/tests/data_files/pkcs8_pbe_sha1_2des_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..a73a21201b58fcf5b91df5fe87f8363b409edddd GIT binary patch literal 2422 zcmV-+35oVFf(ddk90m$1hDe6@4FL=R1TYQ+2%)y?zFwE_CjtTp00e>wP^rqkV*(^Zgx7jn0tF> z|B|o|4@_;u2zGgpk^(!?7hyHg&K0Zu)(#r5R zAYj2rDyw2@fUAoGOy)*BuLOmc#MURCg0 zWM9xyjBD%y0ahWdhgvnG6JK$IAtPrzoC`U4M*VCZzyLQYi9iBhdwMq;U$VS=!EqXa zpaS3FSiL3YAtp5Ml()(G;sBE)ptu9pYGLE@>PyY_bvFQ5dI4=5mTyhBF7IN7i}-lb z0=olq;Vfl6NARb)S>lcylBW>EEn?6=PMtRFh(Rdqb3&rfKvP6n6w5c)x>VvdCMA}9|lOJ)L zJa^=~I}1;c`C(nRV(Tn64{f;(&}&PwRpaai)))iOJd|if$)fYEa<|u}BcE zwiOZ8Zq(xt`?6<@>0&$!L?)ip?==`V4fk|rfi;t!agc(>cv!i3o8=1EpAyHNT!S|w zs(tVurmGwP2_x!0A?{rQQjuKPZMKtn=EPCCiUP$|<#bVPW)7wZ zT4GnLS4ZkX>@KSY2{CtcPa}j_Zs-eS;dgb2aMa98YZkSdkc>=~@v5bUL#0Y*6tpjfP(tsIV;nMgFOORUY1WDH(u-Ic-A7oMoJjv#83F;*{QPrL%)MI> zt~ay)8ychT*-c+0m-W{GSQXcL2s{a|mS~(4ynhfad1@F)ry+v`&IC*tc zg`kvMcb(raN)hI=yYVDvhbj0?>Da9q{RFhNU;NfExW5Ef?p4!d?0CmOZ}&h#szJ!) zWZ;o_;*^s-O}zZ6Taf05)b8wzH+V6))W@3m70^kctBi@jcI^!HG}EB9gM`Tw0D&5- z>$+!}H2fR%XdZIFJacj5r^Igp!wy!H8o?K0=-!Xx{J0nVCRM=hy$ENc&@)xbx*(0k zLi5ms4ScGCcMG_1uiAxFG4TgnzKVdK%4-Q0pk;F9O)9gt%G9SB!wle0YcopR>%Ui8 z$Gr>$Z?MbJ7aeJyR3w%=if`5z2C17UgkZSJ3@A|8JOh92D!oq8;?Mst+t`bY7w0=7 z5Z>B_V?9MY9F=0uZyi-Uihj$nU-G-qH(Y*yGxKBiAOmBRCyOX|9CuS(@SMx>p>!N) zZ=8;vJ?H3Y;t{jilh$ssrXd8_>FM?q=Qj8RAwqXFTKNv_{OC1e_Z^}P!z4(FyheE2 zuP1U=X@3#8t2DvRX_Q65XT{3pthg)YUa;&>Y_8H%QZt(qTECE}O&Xx42s-QUYDu`( zTQYB?X5ETbA*=;)->NYLNp()JhG*q+e*C(K-Pr=Wt>kkXNo0*bWnu3I0+NDTtdo3!T-xc7dw#ktc)84Y3buC+Ig;d8msT0zhOb z(Op0Hdd^dzD!wIp&s$XKkS1LGPD&jKw&*Ca@Dx!FdWuxg5q>dpc;!w^4xo0U&6y!; zmhBV)eXjB4#d`7EWGquERdj6NNZ2Q#qB}*IW11;?!2sZUX<&>k^MRj2M`t{qzS@Rv z32TB7{6ik-GYAMe68fn?Kh3KSt%ahIWUg1tZ@g;qq8WjDQlOEHfL~YZ1q4a1Z-x^A z|1lF6(^-J%>n0T}czf7_!YBN!@Gp2#? zH!xr@Jc`eQ1*)s8XbEhZsMQU7cY1yCcM`c+@N#`Uvt@d#v6A{Mu{n1E6_oJHNi1T6 z-2j9q=_C$IEo%DG{mGZ03%dQYkUwWB({N8Y_E(>p%5TAZs}wvukzSq`nh0=zJ`Ynb zUMUuNf*v5>^;@a_sbdOAIKCsaaAJLz?YtmDgCk8~WOyA*q+JY+|L-3_rIBw6tD@d(YYlspYT{p60#-Yc=Z2TuJ3;Y@k%>VzXk zU?6f+I7+0pi05JZn}ggrhr{Vid|^C*^hWNThO5ee1TAG|piDrIPuVryT)KLkO_(MJ z>_)N9T)!f%pI4S&za@U;qTYv|24GdE;O=v%K7v<{Gv{DSm^X6Nc<_Huu!(b#Z5>|@4i+9rd~qinmH6#iYs41w*ei2&jK zQO)nU1|<3&0G-ffS>{cLXEAAe@Q}E zG~jOPptjtrJ4Y)DF6Tf literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key new file mode 100644 index 0000000000..2ca214a247 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJcjAcBgoqhkiG9w0BDAEEMA4ECIpgp+ssMIzDAgIIAASCCVBDJHT4FOJ+26Sd +3kuSYQDyknBs7j+ylhQNFD9E8Du9RM+TVKQbt1FuJ6cjAwRhiZrx3zfyAhPvMWBA +v0sJuO0F7aNibKWc3iMNaL9d0bm8vPrTL5Lz6fhCbejgFJG3DecVMYRLCLjchUFZ +BS1acSyRN+7v+f/T11i6+PfOVdPga4innQOvYkr8AocduLbrlWJCWtnaVIh8e90S +VfTJgqKYYG2ez31SR+V+pzWJSHI7bQZraZ/YpIE7eeMrfJlHW7eDtc0jK4TTlP8r +YFt5TNl8nGnM/NE7RYcJfTVnddmFGGaHshYA5RK8L+A7rjmEv8wS6l/CJxRooex7 +zKvRwQLQsBgUsYzffpJz/fI2lPQrNDrAtNdK+haz4SiSLdK2GVNHoS/HkCH6wN7F +caaKkVxj4aldmDtI7zpOWBl/GlSZ7d2/0BwjQeAaaduA47WZ7u0ljgykeBJd1eI/ +t1dWeFvHnO3iOvQ1E1hagCWFufrA79Dkxc2sADwxofR3gZiVa8jDue+sHu1HA0P8 +ekhy/Jf/aKH0fSD1oddCHz+aUHFedwZmZdSdEY1y4fO8VJod6Uwqu6iVPsvJ4qLE +W9sArxJ0nTz7uELk84ij6Yz0ZRWlTb6PM2KRnj3TMne0ff6BmTBpfOjOjxKOdVzQ +HA8YNHZ5ZfJLQR3my2mt1CUGT5Tw5+0/7bsIveSgV1+LKC6llpZRstJt0c8CmUl8 +Yg+YvLFUDN8bHQD8OAa92gmmZvWbqr55vz+NV6/F5CfvhnghwWelaQ7NOE/3rGyd +K5RRJTjtYGZfjuCXt3Ve0m6mWS4XqE0jszIAiC0xxGCaYIoQww5tFxj9MBwA1nVK +o6HjdcDLuqry9qdzvwemw9vDRF9NPd995g0AFO6CwAG+gyOiWbO0usd195CG+Taq +kOiT/THcHtk8Gq5tFWxcJ0zkuIoEX4LTJ1EOsCbcY4cien7G6jZ7BTakZqAB6JBl +4fnh7BXPPuBcrqrDiKyBoHNW1J6cB+J0zakKT+F47R6cu31DNgzq9BbCExu9l1JN +7Rb+K07Na8pQgLNbaGOSOATYczhcqWIPKt3qUllEBTCalTLK0ho8foO9ctqZsJ5+ +MM2/gYO/WsnSJ/JbqHnqg9Ng5xG71iahs5r+2R+9hwuzVHNo8Oe0JnT0eoElQNQx +Xk1iNrOb+/0xzMTCTYoAT/i7SdlpLnDAMvPNaF0KfYJoPxKwmhMSD1J0C8PJKx3J +CLhvBpJbdyY2utAv81DqEYAskzfxlka8h+i0gjVNoCT/a9keEPhu/dn4SmAiPHYa +h0l9aKXnUSm8JgHCohwhUlKPpUyRo4GBsBJSoXvNtYS2jzHKofbAyjWoQ8UFarCL +HVYeLLUmROTSDux39ULkmL7rL1mVkIecRBYqYV7Fl9+t7hF2Tz64D3OdQ74D7wct +BmRhBAJczFFcic64n1CdYNSxVdto9qa9wVnyKjFEeQAw7pfxU/3Hxen0hkZG51y9 +U4WSVLohunyuHWqpcopV91Rr5P8N5b33FVgl8HF44vcnn+KTmIwzzZ1qSgoHN63+ +kOAv5HU/aY12/ZCNCiyMs1EY3t7mTE19CNR6gIuXoD6MsBKiAm+XaCpSUnTbPv04 +m1bPS30nqTWpcZMSHaGoWx7cuSijmBX80imC9n2VsDE0O3P/I7WcM6OGwv7pQx7u +/aJkbk8wDjJcc10DYlmLdcBr093lBc0lKfuKEDLPJGo+eJt5JxWi7rGKNgLoaa/V +lRHWr1sJGhLXPZl4Y+CJM4TdMerZwHPFIndgZChs8OLHpgQsr2SCkPy+cjF10Q9u +QQEuh5DiOexB/auRiE0c7SHlLYWVeADlf1ImIW6fX5SAjyjWWjT8KP3cHq3mdSX8 +y6rxL9myDGHp7I/z5x7ZvqM/4RWTUhL4bKFnX9goiLJ0Tcpo5NdRR1nKLeTZrTiF +z5O0Zt6r0rYPXCqesecSwHhDVPpDhS1UDGNiUSk1QVNCdorvgU5B9X3ugC/nUVRx +b8DPbE+5i+GWms0RjPBlKy3M0TVhOUltFnyPwiADs3CRZ/l8HrokYLOpSiJJ5RuT +I7aVPeubvPgm4efW0h7o0r5NwMAth1L0ABZRlKeShyx5Bqz7g7umvTRH80VTB36j +wvWPM93SOAbccq4A5rBNtZkH+vJe8KshJEQezBdr3PtxCspKmBjHEXvppx2WDMBh +RdJXlCowoAgwzs4+dp8GhABYdEvJ+xCTYmcDX3wM296iWpV+wfgDCV3/mpGDpa2u +gOtZl0+kPAbjbj9fOkunQlyEGMy3HUfhxXsKcK4n94aY9rCYuTOohimuSdLFqEX/ +s77SA+e+q5Mnfw2axLlNKa8WzpT0W6M2Kw+pFf7uk6qXVYtypUJyvPDDoh64zpDM +G81Wr98g9iDTbAvzslAoO+z11g382Jdt+UPq9BDQtUgHwIhUGubcgs0N7Cu8m4JM +mVFu2JyKeBigekzyVvceKnvV8k7VUHu7hPt/zSnUinLKXGC5UGfVJSBwA9VyOA0v +O/6SNcFsnx0vDb+g2hqTX773/avq/LIoHlw/b3oKtNOnw0SAjocJJW444Yh/FnES +nGKUX/9bHEiAcWglqXEnRfQWQChHYjvGN8fMWgDMOGh46PvBf1v/HQtdBfacEFZ2 +98Eh0rUWvjp9YfjaiCI90XLBLb9iavUeDNg5ks77KBllqrZlKJJxZXVBXbrosVe/ +O/Rf3Izluo8Sc3J3QftDOe1huQA92b5vQcH386esZs7E6gtILUMIML24h9VfTTvQ +31Y2auKpN5uFl0QVVlnY0JQ5G0fue7XNHLyrKif2VOExDYzcBwLP/IFmDgRi2dAV +gBm8WASp1eCZSDYGf6aTWA0ouHG7WfV4kPI2njIUWk7enbsUbbqdfvWGE+taweFX +A7XFbpeCAVwZpP5C3iK7aPV6Zf7ctvrS1/qutfKIQEiBAO4FaAlxVSvLjVdIZlAx +3ZD0pYH//GJwjvzAmRUN/laSRj7GVePfIkJdpSzeU3RtFb8ekChbamQIx7ZbMNgU +r28PfKxO1xwLswMY95XgFJjl7cgDNxyCgrqiAihSc0kIeD3HCaXq1l4SqpBRIyBs +qacV1cWIVfLQP9nvDFuS/sVMFBhzSXSmjAnJQ6IHTvcQUSbADf2X3PkQTFTlnSUe +LF6ihYqh9JYWVY1SHkFU1hxgKgz9Gg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_2048.der b/tests/data_files/pkcs8_pbe_sha1_3des_2048.der new file mode 100644 index 0000000000000000000000000000000000000000..582bcf324bc2c53bf677a06a49c6a487c1be0d3a GIT binary patch literal 1262 zcmVr$mUhDi9r1( zvg}RK(@`*Um}F}j5nAI$XFZ0{eLKw3M>P{eJ8xxZ0o0;XIo8aO)tQp%A?}M47X?mQ|W5)?+m&6_wwNXf^WKlBhZ(`gFSAnnCo(^?>0(jv3)vzEgSQ= z6XMPL7{4vrVl-Y7UsPFSyGKZur<>ca6ymDEt-_e!4SDP!s5&8m?Tt-{OvL)F? z@gdQJx^cG-K*nR`Oj+qZ`vh{HO|D-SX`!L}o@%XP@tZM(QO4K@>%^fyGW9Enr*Y)q zzDT%TOQT5ha8*rrpT9q3kY6{b<_(ICZYZlCNkLIfea1`B9O4VeM<5~90DFEF?gu1# z+I|o3@;sEZp}+Vs4{)6@tug5}{Ob@#Q^MuX?3%>8(iR<&Gk~3FUJ^GEKxU>gFX38iQs*C*qf`1@|?6y7@;$LHReDvK?Kpyqex0QBLR%JNRhrzR(g|j^E9)FyJ+eGI^i(qkSqC{smS(Kn4O&JUFLt(OoOlq#KXsrEG_0@%j?5 z;`jmm9blWhtm+NrW*A%pw6=9;VmokVD1P4gNA{gI&AB3*E*roY9BMdvS2W=a+iG@~ zr!2Ug&~dpLHG&|oXxhyl@nWX(Qh;x(6t8a}tDI+qeG^z7Qu8cMYo;wxfVkNYgaKso zl`EJkZX?%-n!`lvhB|=#XhlyPgyKx2NHfRS*wz$5a<*LKAaf9lhZ+?zzwirjuJe!C;f00|+$*Svdb!Rhu8Vi`Q~U_IMYYH}^dqHC?nU^< z4sk;SQ&PsFi#3>MKVlel+1{)U@_xJBt{;mFnt3}(p~elIXB>bi-xkn^tg)?ZX613Z Y{%!t8m;w@YU5KXVWRkMZ~y=R literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_2048.key b/tests/data_files/pkcs8_pbe_sha1_3des_2048.key new file mode 100644 index 0000000000..2874f50b63 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_3des_2048.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEDMA4ECM3pCBusaVRoAgIIAASCBMgZZBwVJeBPrqxX +hi7/gjk9K8Vx/YJa4nPH2oJdye5SiS0/q8ASZqRsn5jBdPAJBHDiFRWy/41FaTlx +s7vsT7742TYD/e+ZVHA6UaPJdhzECX+GvjfIhBOd7y6Eiuxij/ZexslcrZRwbYVJ +5+H28KdN3AWY7ACq21t/lwv05cOcy1NHs6oqQjm9JV+8qxh5HuGP9SYNpN5OD6Hr +ai7I6q7v+U4qd8kvtLcoL3rkLTxQncH1f6hZeKlJMCJv43rtwJWE26VnKDyGrbdP +a4vXwk5HwytHTcH9uvK5tjTmPRC52go82aviax6Fx/dvMhsTwyVqw8Ywap+wD4MS +8BTpDUyO4v0VEWc2zNk3c93wkHUjXRoG5O6BHhJG1sVIPgzUeCZyjHB3gVHDmYTT +ZQ3FLyqQsEVefeiUz+s6LbDwXVLZVhX5PSVnetIVxRkkeCada0fA/fjhFLKucK8k +vsim891a0VdLll8lB92pvuQD3S0JpTW3EdeGUBxMNHgx3NkfZMEFObFgG0mAEy2U +9ybc574YxfVDGMMCWrt83L0F3LOnLvqOjQSsasg1QjLAvqruyeWtmWFgiS7MJ9VI +6oGG8ZnNvXIQ5AG4VdbrllV32oi4JugJ8LrTrjnh+r4pd8MrEB21wleWIPe+jeZa +dmgQKJ0r+QvnejsytlXIFlQ6eBB+cw1qo4mKI2DnwUAfOBu7h/OSD1oRF/+Y01WP +9ptC1CdTdK8mCD8QW0v5Z3FLLUIlONdig4Fq+se4Uwwq5JlFypWFE5Er9l8DTb2c +ruZoEjhKnL8cW1I0VBr89fhCyutlyKPeWMNmzdBt+U5NsKB1arqDH8hssKQWCbme +65gRebXN0fWMXFONintX7sVPu2oqI+x0UA0s399rqPXmAVBHWA45Z4i/Zuvreb38 +LoqfF09rvj5roqo2HTJt4pGjFBVngNXv+8lClUixm0bdGV2dr/o39c3LtiooxRzd +Pd0iLNAWLiQmW0Mk24WfG6q59iVSc6W0EDizbAZWG0MsV0VmOon9HtxCMqNVG0CW +DM1UDfAJ1D2nKXaAuj/JFsCvJ18M5M6fvETi7WOCSrYgIgmNP7kum04+fgAhbV8O +ehwEBag9e1/L3NVkySrM0z1tRWa49dxtL549rKdNAfOrwHZWYr2WQJnpXwWpEOuJ +Z6s10S2XiQhyl41iK9EA7Kouowed3dOzJavsm9Wpnbm5i/3CTKps5rT7bSMKN3hq +n9xPQEJUdc0lvG50LJfIWB8aHQIpsAUUyMOKHesKRXV68RMfs5aVUMP6jIuzqrbC +OLd5SDLUEu+LKVfaB71eCExVEuSVqOVum9CJipMjzXPZa1AOLvr30t/pZpRWutbs +eYIBVfJDgLtvPGtnPGOQEFbZBqCNJLWIARYxZZhVnnNAfG79ZJ8BdI7tl3tkpDM1 +Fn6k67yHfjS7n/rCFBKo3KPZHnwSUpYtQkTuHoqLQT1yBKjTV1qHLJLvsx/QUhzg +7r00IW0gtFgTE+dD8fYbN+pEku0KqnGUS9lCw9NJEr0iF8c79FpPhyT+4E4RZeNL +OlU93qSoPoA7BBhEcsOkpiLiZHj/EVkLJKAvYCloNz8GUb1p1sEO7rrOpqtVD5tv +GSw+8WKYTLWZE9MWxNA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_4096.der b/tests/data_files/pkcs8_pbe_sha1_3des_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..e8cefc04de3a6adbf0dde59d4d98f718b1c82bc7 GIT binary patch literal 2422 zcmV-+35oVFf(ddk90m$1hDe6@4FL=R127H*2qge9tRl7kd;$Up00e>wPy!COLlv)DfT9VWR9b!g<2#4Ik>qQ*)!0s6lh;Vd>h|nm8Zw4XUc0vN#e&`C*40eTJ&1EvI~K-jYKs01%b2 z&yNyR0SX2V1hHPDDiPC9Otqq1u{i%{kD384~0D@Cmdhi6qMZ30Dur$+y+WwS7n9KFe ztl-zenBe8jH*{SFU)9thPurxO@3)L?O4eyPj@xG#2hvLeQHR?*I|OFZP| zsX0vy{=72z^2~L!Tsp&>wJ_6`9^U06i+v*jS0hL zJYsSYk#97KZbT52;D)b=Xc5&SKrIXB65^&!k%K@-D&Tp+*_xW824}I^-NG zx}Y{m16~$IrOWQBndW55F66D2c$B!95{eSkb(tgCGVab6)o&AkWBWyjK3=g70lsA~ zioVAomd72e7GvX5RsJ=WTL8M)GrQwv)g+GEE3xE?TR(luG)rD-t9I``ZUZwNzpwEK zMhCa=dI#3?U>9WMy)Ba@=n5SC*lC{)LSu-9`M1Ww&_TiQ$18vzue;U0&i+Zpa7ieB zKefD(LjJsRWhyYpwqiV&g;Rj2`Yee^S&d5(0kPlRxg=K<)xExjYknbmDs;**gBqh$ z&Wy88UR=@#1!O<6o**Qkg@#`U5Eo@%JW+__DLUAS8C;!G`7e^@KYY){CC^HLb4-P<=~wsN*K!1lNrTk>HXMuk1Pi#V&?2O!%!ocWk`Ax_(={T_`*i?%L$oJmWjE%at9xo#XG1aJBDDAxUB* zjY9#aqNr9grwIyGQ z1#ZUtE$T^6MwK{8`gL}sV{a=kiZf6oFTDMEWS1WK^@)?$*xE*%DhY+FGY`NWArIE7 zVWIuJzB`K{hnYM_2AAc`%RuF~6MRixKrc}_11x1+T^#%y&NjF0OLq`Uk<-7`clnb6 zW&oI2E_Gwoj7c$CtWZGKLUOoX0ZyWM1RZ+cE}(U8%sY64{!rC|C&n3n+E!2It^OHMy0yq1*k-1nzGJR%MDPgqcf zduI&yx46D;O4ystNZe_Z{$c*`U~`%5`oS_;BYLD0QKkuT-WW&*X4@2154UY|*7hdk zA60p+tBHc~zC4XN`H_2R~>CL3o<#keW{pRL$`#hmW1xK9_pD)V9GZ_v6)moco6ZtDxvUq zQ-Qh6Y|}R{2Uo+aZvRR{6FgpO&>beu$xgX>EjtodpBd#s0~F)T&84}&C;jQMw6L>a z0)B?yE~>r?(Q1IJciRK)_!X=@5*NQI6XSlne=5!hSaqk!h9~SDsTh_&gU7()c~hnb z`kIMt<-TvsS@u@0kfkbaPF~9%F4{P!y#}bHGCKPZ@PdLuOlPr|V)>tPx5;Qb(Phrc zqi61G7VRF{E3&-qUW;8&zG&d62{A0lxb002!6%X~DBwt{byRrs>JbFN=%|}4+y%#D zE9N{3n1jisQP2htAvB)CO$-{<)Cl0Pidl?~#iz@3FwEZj#^b|+xB0KH!W?cq(S>%* zjDRTn{b9PH@`u#M%}N)K8r3g@4Ljy`RkC9U1lZ!RP01*>d?3rz`Bi#)9@hD zX&bO7vI>-GCKK=Q%hI2YkA-aSTCH9GSs!B&V1FR{)LN{A2!MT_ru=UAH%2|gX}Q%^ zM#7F!`I5=3p{v!Q$1h9`iA7?epN3KrU^SNu59$M4rMzVQgXc-ncQzY2*E8EJSNJRtbPyA zzMy^hV3Bjsiv}ekM0=auQyw+zL{VMZAE{#ht%@?4T%LxG$xg%@A^;PF^;lt07>u#9 zBGO0b9W0bW&XLtanO|F(YW!{km8S22+(y|oQ1^#axFPaA=mYQ)F~yp58bNt$hUZkK z_u6Qx4FX#l;OUN@p7I>BTVYAv_Edm_YB<_rzy+JWx>tT6DJO{OkaL-L8xUx|CX%16 ze{bL$r0+T-Z57L=&@^PI2}1qLI}sjwBr>s>8?@gAdAv|2yT+U7%S5GIF=n3KMV?Fb zjf-Cd{GmS% z8Ki_wzWRgTnZ6y*_%BiYJmEQ#2Z#gCg#U#C> z)8v?65EYJ4LbHkTwIMTUfO9nG!aP6llrpNli-;!fJ~UgKQNKD z;jGAoNyLt+z=>eFO`wG(`&p|CW)}0NX)mg5F%oKQRrW#Un@ngbuYtT@ol^ns46_S5 zt2wH$%Q#;4Biy3+=&{Wq!(qPn==t@R)H_0URh{bdjZQgWFq(mMWsJ7EBvI~1-qyVo zI3k*4%?Z;W#rOm##fZyL8g-0vZz8k90;C<^41`{2ehmWfq#)3}R1 z?B`o4rAL*p_G?r2y|-(wtQaC;WFx@p+}WR0e#Oit)pgMDO5?><)u?eE*K0w2`pqmYW~7Oh`+)7R2mjf_9pT&FcO?>x&QzG literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key new file mode 100644 index 0000000000..21ad4166c3 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE4jAcBgoqhkiG9w0BDAEBMA4ECLhM7LCVyIdRAgIIAASCBMC1LBF5f+s/Y4/l +ttdYBasNsmSdbAHr7uKFELCvdAZJrcBNjMfO/lyS+KeH4N7hG9CX+qJ5ydK5yKog +rcjUdVixRfP0HwhUyqVDwe8L7gwzf0VDq2ObUkM6a55Gw0rcTWfz86kM0PSBgNlc +Z1pAdMhjXMYBwSo3eH+yVbcyemWP1KyYFD4xan/RMdZJNrTIOaG/9ccFrQXsnXpH +C42JC8cqufj3WEvRzbuNYsdlAqD7aEvSPDsHIe1SAXUUmyFBvkJtRo5xatqQ0lBo +VDxpgx38EP6mUQ2pE4gPY+YFbn/PTajNrBv9IlDO42yPC90QAxo4OVd2NF1hH/Hx +zoIuEKvOefr8wZjZhwosFt2MvPWr0B1tNPNdIyyihp+ZdZn8yQxWDdBgiwGAdhdz +Misp9XphHmnRl2rpsWtThnZ9o+00UovchtQ+wFEZO59Xp8b4eM9acEk0Ktqkohg8 +4qQSYoAQkSZbPAqVB9nYTMhqolY7X9vL1/O7AsWACGlQzQUBZyUJBeT+UB5dlNNI +ncdBQa/HmZXoF+SKmikchJnBJ3wBAcHBddw4Yw48adYvuhB9XQn3cl2YHyZENyzB +b9jlQ5TcqiFzuZnPPwvOAOst05lYt3s08ewuPHCCb2tGiaLmIakQ9lvx8C/W67b5 +nH+E2verRjsRR2/Yj+aJBdvTuTSSKcCnEFey5wOVF0iWx5AuPdSEFf82LTeF2Dlw +bWiAaGIJFKUcotGUHnUB3Dp8s4rLPVgEoy2wyYJzYK1NyFD736Yn0vbi5l0WuAEp +HBTxrL28TxH6LDkSlb840bV5zPFVpKHH7Jb+jkya7iW1SGFU5bIHZrEJCa2rRiR9 +RUXvSJ7WuzaZmJa3OIsgsC8PB07zcoHdwERuVLYMoBZcMkI+/ThM4hEg/KMJ8BI7 +9A6VZ411tkTx+Vh7Qm2/t3OECeG28fogoDq5IR/qOMA8XstYGt3aJrUbMh47Znr5 +HtYmu0xFsmBGMTwZGnI0CPCyiMIwL0X3u41xP89x7+2VSAnSf9pzQWAJ2wYFWy/O +6VrBGfK5AqLK0Him+qfPqNT2663LjzSKy9MxCqte8BpVhJS1Lq6NS0FfvLnfBwSJ +TVrB2ERnKwgrxk2wIOAmzvsyLTpkM3OX1+rEEkjDTzcP1bDN4DseEzDgsXQythML +quS1cDEJvtMglw5ha3dnAawRnhHSTw8U4I750ZJhcgisryCP7NDecQp4gdXKOcI8 +f3Kpew6Iw9g2uBGzySebxJ4EPLygLYzn4n5Qm1BxMx0Rtxigmz7kNVx2LSma6v6g +ldBdUM/1wsk/wsfchNPKjzn/15sxdqE/i6CGO4BRZLY+f8TCh7T557AHVa+h/Tf2 +k0/pSyA5FSlfHaqAG7ythmvlGTgpe/ypeYsKsZzslmFEM9jYkfWbnD88sYgmZwhK +Bbg5p67BTPad6fRzp+M2JSGTz4zID2/78zttGF9+760OOqbazTN82SVdt2Hc5kPj +aHCFl5ZeFpaCuMojv/RbNdsHAryYpgaEwK91lh1Da6MPrq7Pc8J0df2Ns095kx5S +XinqwOUvRMCD8310j9fISt9mBiH2BG+69pz0CTMWL3Gje78oKEVaFfaFa/r4SjXD +01/LrZRT +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..496d602aebc1a479aa2860457774cd4a920fd837 GIT binary patch literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R0Wb~(2t8Or%k%ly$N~Zg00e>wNKTh*ngTgF z81c8uS3%57HW6slfS`~>Hl`bouo)So+(rq7E5TVJLIQcj`*%NQ3e1Tmhb0wz)ri~J z7khNK!hG!UPRPFjqgRuSNc|}M6qzSW6Y`J{$g8ZjI%eFLX~mKZilN3VX@v-`FZb}Z z)WDufq&3Wz$P9DJu4saPqQQOlw9sl?<(Qk%BBq}8!>>pe0k{?|wC8p5YHP|rr-_mZ zH7q2z8yUlb9%{LOS%_tVY#dhdLW%3(bW$;EXb>s_`?vV`cJg1u;2l{gtsrgb{& zO-9iCK5?ByuO7(K+IOHA;s-RWsNr;!8OWo1zrE{k4Yc&cD|c{BnAp&MN_LU{*i6b! z+Rv2BiTA)m0XF>vCNv33Ayl1i*ffCuugmG=uYNi14w*SP5fxZ|a|Zv_4|ou$I`+li zNh%@3!E0D^=)oQ&%jJ@iFZH8rElKfzNQyIPHS(rb6ETa2KrC?59-{AP-hsLgiD`si zrBu(adlFwhcVSNsMh;;Y7&!_(Jc1`wbo6xO`0v>Y)-B_t_@C(*f?7l%X6Myrw!H7E zoi`%KK9i1T5FLU6t8iY7PT+||y($ZK@~7GXq}5x7%D>xsx0!yCjS}8ta6oNG@bcbBSv0qqo#kqBM zvkWuEgbe^Mc)a8_7i+oK02c}yT3qCnVaN(GQja=i1rSB6yX&H?cXqlPpYXh@&E`^! zFbCrs+y+evhWRE)A`#abagd{s>{Y0`f|Qxija=6s*RnUZy5o7+j)>$Mo)I3PK~M+X z4Rh#8E2F$3fFrC5D`1|QHw8Po?j~STMfz=m{bLF8VJirHVfyy<+OcoHWPe-<-BMJL z{+OXrHQ9v^I>Os9>8#&Di$aNrMyirhj-)Wkxv32S;pjiSExR+POCZEE>vEyGq+Ryj z?2?K*&u>)Fdp_e~koP=TmYb6Z5Mvia!GRM{B^?8b<|K>8NGRks&WpCNmU!UiNJqao zH6N`fQ)++I&mY|kPt72WU#58#$Z;pes6v?Q~&G&jtKAOz;8U(k})c`=$tAK z4mSdV6WzDsr{&CI&3EI%PuuvU{z8`Df2T5!klq0u(8xG2?IE*rZN6!0$tr{;D=Ig2 z#@mgei#cYLhjArO;asWu^oa+X zWCUHr%+aRM=hc*NxeKZn=eOGT*c8ZXSgLByHOQ~CPKoi9yBGhX|1`X!Y_|<8BNZaC zN!vmNaXKy;H33+uYo-YM4Jif7+U+q1N;bDKXCnPm=i5tGsr4_6p+S%2@BA1(^30@N zPL_l~n?v{%*)ncd4pr(L7P{pu5V~H*)&G?`+f{0%RkW31yWdzM`DA{~V@0sA%Md}< zzQt*NO4mW$HBa(Ow9EG=@m+)tUfw+Xoj|<5h?Iawdp#t$TR{=Aw$Qf_1GQmL9a8jM z&&;czK7V+1cZmKANq{xrpcVV=_&%>E+kc)II6{eb6ZS_)=s+cR8|Qq!qPY&xUd0JO zUkMdi=P1Wp3Gayo$Dh6Z3A&Iy4t-R*)OS+GeK$2LBI-%lG%FR-&*>mB7$oF*Rdh;@~cH!S+o zBPXv`d2jy&*3yb4gtKF!a=%8X#3=8&6f7P6<`6aqFxx=2mKN-YPNNXl4e;*vWjjETvl zI*!jgs)ogFXtXL}W<&vqM0_z2cMB$}L|M1)SJtK3Z1_q51|Jwc}?8&S;Z z;t%VYQ5;ffHIXrGmC4mDTVasj7pPta62n2(u|9rIE#B68nVI_NE~79JhAT99nSama&>(*2kls;$ z^l}(4*HH6VHp9n`f|Qrp+(h?>mi;HC2J3W zCdMd#4$*lcI{%C9b)emYZ!s@Z>giL#5v&eUo0}Afkq8T`0IGYV0p?*v3l*|$#i0v@ z+qyC=G^?lCRFZ(9u`G2hr#qTB1)`BhioOKf`1d0=3gsOWDv*%&PLg&N!JYQvfom`= z{EO;g*}RmMC@lH`4w#@F-R!ykcAu(kO1DhuhzBK(5Szq%ti$Va9OILJ%9xrU_68aG z6XO4syUry92F)j(>x~B|E>!BUlJ3D*A>UYWm+l!}y-w*0o&T(WXyCaa gVrO8do{%DRas6zCD?Hc(qtG=eQ1%Bc@VSV4XQ2SJ6951J literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key new file mode 100644 index 0000000000..92e0e15618 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJajAcBgoqhkiG9w0BDAEBMA4ECHvTDAvIXz7AAgIIAASCCUjmBX8AmQpI9qj9 +Eo6lmEmiUx+lObs/dCZP7u5PPftqIRtvg3O+170z+r7uYglA8RqbYFg/JmK0CT+S +/A10tdB60Oz5hDC6KramdtnyeeH0H/KR+GkBaWQdY/7MLmC2YAtQV8toKVbuFfoX +StBmlMTPiEtANXoJqD2l+wpIDSD/TPNRmiMTh74oU466Stxah85wUbbSoi5QlqUm +td/cTP3A7BumyUl/PYWHx26TO+dvdvg6bCT/IJyVZt3Xp5pjQCIH/HOr6i1+IUtF +JSPcfRVfvmWD46RjhOHTTWFUPx8gUDoMkabOD2iivmSiAYJNY8wZtqIO19EAjsxG +RuleRANfaNIFjkz8mU1QQzct98GDX7+OKCWBLSDzzNQFWvMZ8p1UIh7PcIdEpEdF +gSqHjLmDYk4IVNtBHg2hChjrZ+F/4chSMykehuyDwsn1BhUtRST/Atml6XoryBnE +2imMAvq6Guu8BOUfOYJHU+FBojKox2K9tadY/DvFRXNMOw7TSVY+v/t9ZGlwTrX0 +6e3dSKBjQHN7P1a9TinOgY7nwGMowYaEv+xyJ89h8a4H04SG+N4WqbHf2+B5KpNN +gwMlps+hT6V2/9LfJpJCb0GpB73Mxkc+RAFZVOUZlEtSyMbOgoRjF0S0IRSvP1/3 +auHEr1z62LTXsh+kAIvOOH+2zN91S5wn3xjFLepI6jq5QYk0jfyIRDcLzX5dpPSf +Q0QJmG4Pzx7ScAUfYh30Ga9FjQSWQjGbeHwTQ2V0QbqweNfdLEaYm7mSzNAtuaGD +y34Bta2mIQ3eWo6c/ipdViLzsCh5wBUuMXA+bWGHTPbyYae7jalnK6k6sfCe7teC +fC+im8v2tiO/eTl+82/NquFKyRfTHWCFC2AbgAJNqV0BxBeHAKYVNCYRXXhPD0Ag +0D7afVUFrsnL0DvLEdQ93YRV4Ykrcw8wl/bnGTRqfmAaiXkdP+gScxlWJH97r4Sq +sYN5S+M9653ETiZlQLsELtVf9LNbGja5qK2kdr6CdYts4fQS2sxjwADGjdaP4ANR +RwVvRsIX1uxfFI6kSwnOf6NxIkSz58i925e2w6bSv0/IDp+Ofu0fyGLECzVLNhoj +79tzEA3dXZr7jRzf00itVYcaPxzMJMROZWgdWvKPVJAPrSEiCCvmTfC+LMAHSHqB +6ajEO6Vkft60cfC7qRgpjKquaVkwPqSr9Wu75WTVG+cqEulZ+nJqFVUhFM6CqPyW +ER5d3M793S7dinii8E4BiqgFtnw3DtAt4WJh8cj5R64SxoddIyXmGQY8gPunjzF3 +62frHXLeuRx18AYRCyBL0emL+AEmPiUdEM3ltKv/YA+GEZcmCI11ZXLASkvb2HEp +MjiPH4OACqN50fb82qXurRCxNLteocd+BUO2ESyQDhFjHhH4zgWmBmSnMTUYCTm2 +KP19HV53QlMv4rwNLU1ASle5F6dUgnYTYpdQ/0UslKCSyesrfWOCscXvYYrVCqSm +6QN3/FoUcWwGLWX51LsaBfxIzrf2hIjHbmXlYwujcWMtrSPillPZP+w381xSTPVv +S/HEn8BKifMD2zLxF4w2MLHYO562lVGpkxdGlrufPUfKZrZ7AB6BDUBbj36GIFfN +s7vpIcboXmaycv2FhmUlvmhyYBudB+g4pfVSUdQyqg+dQQqyrrisZXyaIQKl+RIv +1RKb1rij6I5Ay1TCPuWRMhBK9yAEkQ0quC7Xd/1O/vVKpMSWkj5fMKNHA2XZfaUA +NJCkap0bQyEEi5qG5HGDTD5+NVRfj4v6U0fzBsuya35hHdSsjPHbzMic7IvUesDb +QwjQLxIpibWd2g2QHwY2eLCjLf9Sgo7rnOH/4lbFVWPiB46yrYACatnSRZu95nZT +C3MDgYKqxzjkcl+qohpRODnR8iDosl0GgeOAn/7de/RRVhjRs7RtYg+94fJCOOkr +LGgL8kdB/k1cVzn42z9+A6sVtKuduo5tTOAheEN59+440wO2P0CAy86kjrOCEsxc +tcm6FLxJrtQfUG/jp3uqoWpe7WjyD2P9YilJO85QrFzfFX2VLhssQlr+cThnyc82 +iRJp/idj6dpda1A75sg14sfk7tiEs1mo1gn5LQV+/9JQjEp6hJag3JJuUqJsNoVG +45P0Pbv/LAZ84h9E8TMfLauSZ+r5AY8heiWHahg+MiCOPdsp7TbhYF3fichCB/0/ +7dHuxP0Mu/4725kLDxFfkn/M5jtRnT0jXlzcZoVramqWPhagkvSjcpJy/csLjWJN +VisGc6GbTUe2XvEeUQb8/Fx6MS477PZsLEHu/gtkH2jBMnbXhRtbBjVPsRQjG0mc +g24itQD7FE3ZCwrB0m6kv2hrQfYDrK2F46oK83DwqnNlRHjMIgmIekBIwAz5AmzH +2tnMw8F2ISZE+PaQ110RuBCTrCKG0sQPfF/7RIbeaq/aHjvmBTDxYZS2Co5Un8RM +pxENTFdtTB+yXs8iUoeFXRrNcdXQXvME7PymTP9768le3JjtOIwq6f4dnRdlvUEq +SnwPWChWK26c9/1G7Zml+m5Ya++Ya5RZThvDBPCMIOlu7k04IkNOBFV83AsVT5lo +vkLlcLz8OPv/OpWCc1FcxsmXQHD3fKFI+mSM/JMyGA+VKcXedjXJwuRAVz2ZgHk1 +n3LZAfVF9IEZPgt1qFuHsc2j2YUwf4T330R9dNc5N2LzwyxLp1Q0Qer57UCI9IQR +K3k6PszIYyHLISqniGdiokjiXidiAeDCB0Kll2sK/GFmezEefQrte3nlLaV+Wh7Q +qo0pwTxkW96OzDIVj4sHqheb5y8Rifhf6E8NSBlrswgWCOC0DfNnbDn50GxlpCpy +8axIY9JbPNpNlcG9Iik0bIHRHRYF6h1M54QsKXQwX12DGRYVfm/Y37l3IMYSXp4o +sj/EpBwht3mMh8BYFz7Z9pcSGRpzUCu0Eos9v2vchwkcQJuWLztmLy8LCnWU3mB1 +ACZ00ce3SuBfbPp79ZMXVZIjz6r6fUX1nFrVh9s01Q29VFb5oatb+Mk8PHflebvi +i/z0Ku2K5tcyl8wzIVUwHyr9DlzSXRHePT9CI0JmWnVOy/jiB0LVWN7mlEuEjmsk +fh9h/67/JvVfpU3opyBu9mR5D0y3NSWUdvGkaFJ/my1I/jPDclQ02TgUIcuJyQGo +V8gMphCDNGFehLwnptI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der new file mode 100644 index 0000000000000000000000000000000000000000..9a1eb403186a69fe60d074baa6e69c9c499abc63 GIT binary patch literal 1298 zcmV+t1?~DUf&~sRKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?75TGU8UT`>y+ z0tf&w6b1+?hDe6@4Fd-R2pt!R*d)5-dIW+5$gS+|5#`0XSzTa~$4eyiFxjj4hT<-C zsun4oor!5Eh?X6Lvkg8rJ@{S=ym7?sBK;ax?IS;5DNda9`0&`&tfAsArYg6JW%3ik z<}@cA+*GAL0Y{ZAJ5eq;e~SAausAs^Ek-i_A9 z12cXYs| z3cUM6FdBI)P|uqS847xzmeD$j76uxGr0sgzot4o;^5ewcAluy9BzGwVuvo)=fOB<9}# ze=tC+NRQ*4Gu2MiA(^4vCr-I7!EOy>=HzTY619Q>QfF{=Ru58r>@}a*PnePi3f)== z$$mu@7(i7VCN(Za)mIQ`W>r2Cl$7k?@kwy9_1d)~GRz$amBn&@#c^j@X9gf>U@%V@e zHu{8i&apc@!DaH1=Mt;g2Np^FBa@8p9BSXq9T}u4svui{GRp~WZ9t~)##rO3`bOm`I&hlj^0!^ZQvyz+*c6$>|+pmFqP_U`^L+g&KS z96*)S*s1fq8dY~MV(Ngw&`I^goK%cR|7FF-WbxpC_RZBI{BSe%!~sJMnZx`tr8cv;cFd);C6@joRM zjy#ESfruz51LSzJrs&HFCOWe_0V%mX880ZdjrUEWFWM8EoVAKnu98cm2s19r) zozNpQ1{%QNxRcl84Au}N1-3*CU&-Q?va;V4F)nJ-Ij@e^>Z!7 IGV1wdpwC`sZU6uP literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key new file mode 100644 index 0000000000..d595fc724a --- /dev/null +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIP6oIwSIapDICAggA +MBQGCCqGSIb3DQMHBAgsTKISyhpWuQSCBMjQoazTeTtrgdDa+phkGwSDgcgxSUHf +E8DmqX5hUNU4uX+hcqHbaRZIVGUs+GXw8iySarVbswbXakNVQCgp4HX8w46mhes/ +BlcJ0ALGf5jD4wluHNWZgEei3pMW7yJxXitoEoa9Hyshjeq//HLSNxmkWWTrrSAg +cUBLStsUHeSxXEXWpcRPin6LuZEGV0spb30BHi4vohIOYN6DDtxugbvwxzUChgDu +RyyhlA4F3ZjZW37BMTiZDyKSBODgj7nfPzzHfZnSC16ekiXYWbo7h3MihQmMkjOm +YLNBhOHRzZtXlmgFtY1yRfiREyk9zGcGYv14PB8sUOwotN8pktnwd2UgINaX+ccO +6/PHAoU/MiqJ0cpZH8SZlFalqGSsF+LI/bf/qs14YwXI4DeCTyvoOJdobU16Lg9W +Ole229Tg4eV96X82MbQ7cCx1QGWwAGR8spmrls5b1OAGbEXBFWZXK666SQMpOE27 +1qVKiwg7PIdzyDwPGj4UoJbhg+9APRNfIh6ihxALmy1N5qprY/B4I60QJzACgXb7 +wixSFbpDBqztCI0BkS3K4CgZnnrf7OTbOdZKVIcESen9P3xn3dfn1+7unZzGRm8M +nHQzTrlCW2z77AX8HGvP7AjETxG2JQxefER1+AyZFTbWp/zkv5ApYy/u/24MXRH3 +lYVBxaX2iZ/R9TRCDkr13VhQMpSCCPY0M3yphbUWAmk2OjjqKccw6IMMG8Xb/4u0 +IwtFeFzk567WQ4NL3WlyFjjeTww6LjXaI6IYvFMHvRrOBJt0OYLtVa8vACYWF5PF +XpE+xYDYt0RE9+c6j83c5UOriuo7KEsZ1d0JmHy4cck+17GR1TlNiciKyoY7Gvf3 +/8vm/kziEWJVcstgFdsIC1eZmRSJwCSmK3yXs+bejnmWmxHEpUaSDotfFH+U9Te6 +TfBoQFfOZfLYxhYFOPTcvAgo3ru1wxxMyaADZ0e40hPKbpOJrM0fA+GSkTf+kKUF +oHwZi3SZ39SLYTR/GoOKgkARtS1NjQDDjwLUTnKq118Uzma7ZFAkAmwMCF0eyY0o +ZI7NItEFTGH9QGEZosF4n+R4iHpQj8bkZWSt92K+j9PxqNSVesAi/uluj11F42mt +yGhSdFVG5ogemvS/5Uad797V4QVg4mepAx61dr8s8utEJkx1x78XP2bHpV5JxH3t +8zndRtHC7HD235BVjfgkU4Fwq5GElTXbhrVVsgivrerJsgvQGxpMI2rL84geFt83 +/ceWgA40BxkifJgaDLxSeSgt+7d8jWuDBRE/pHpFPI3Ey/0TuO85/D18mSS4YFr+ +66mB5Fr5cNJHC/NvJCgCRPncN4At/UgXhl9e/r/j8ENYaw4jZmiMo8GncmE1J6jc +Ze3V9q//pAb1rQoI1X6Buvp+a9vyFMn1MJ8CO56rwWnv5MK8m9Nx9uLO4Ufstv7x +/fYWGCoHBHsueiASMzZ8bL0hJe2ytIJawKxngUtWfYEO4N5W8H3TqtY1KY3lRqAx +0gTmt0e6a8veJkUFG1JCjr27A0GUaVJZ2gXC8A+QeW5DveMfYLkje6pyg+Opw+qv +5gz4twbCOAFuG+wvraNvHE3HVuqdcdTGlpBaYOyblwlWBzEAVVvsKNtWyXQDlV9Q +0JA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..cd6c52074d5eae29860dcbbf18e92e03e34a0367 GIT binary patch literal 2458 zcmV;L31#*$f(e!|Kn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?542SI!M2_Uut z0tf&w6b1+?hDe6@4Fd-R2$z{*tqud(^#ps6Y+zT_ZHh0 zJF{%fK!Y{k2OssZcMO{`E5ZPs^4Wgk;;pb_Ato~x1VNTsy4>uP8P9S6OUsM~N$D2N zAg>fcHrsl4ibc{y8S4fpB)mYKNXoiQId(kx!I`-n{D@vDy^GJV1u5s{ItD&5^gEl!=_ z12Q%d-8}MY$n{G^Hkz2ZfRp)v#-q2O9Iw>_l;RJYu;=UhqZ@$DJrtFsuYyuRiw_o|MLxJZDmfm?TT1VY)jGlZ9fcEar{{85&eV&Pxj7}U&>{qL>C%FMFM^za?K$jzCh9@VDf&8C+kPa zf?ca)3sZ$uoJ$1(?0%1fozodY;s;axCRz4CTyN*dzH|o`gFOAck)POjcv^(18Dkj2T1267Q{vCp*OumCyzPEs91SWIq+E%y6; zoL%fV*XKjfY=3?>3jR-olDumyR2JV(i;eq7NFU7r>g_(x$?{vhB7Il(`G(-`Z|(;pNmnK1Dc4MNce-r!`5s_(EJACn!x zLR^_tPw}so@W^Oq;yuOl==%fcHK2zFa*A+-t1!=twQHa|KrjvpxZ~PKnM=Ngm+|7qp@U4evWi=%3bD;Z@OKb3IP+Ld0bBnamNit93eGnziCl{txhn%eU zjWJa$0JA}YkUyNZto4`=neK4-Vsp~5&IP|zaG(1t8&fmL79o|n`(Z_hLGJ@6Q;x>X zRiG<4!nMW0d=1@p@5?i1eX#MjP%q1G*+VAT530zd=i;)tlV(lmpweAI4D)FyWp=>8 zng?Abf!j`TLD*x|j1Jq(s-CBB)%Y84b}c43-cS*d_l$sbHiJQ@3C7Vj+zDgel_Z?2YtJWI!%KTM{)GeF--7S-&FrOdi}Zd-fc^NX|RU!JJ8&2;S6eZ$?7RH zFjWY9|L<<0sYU#S{&{!53YZ}4k4aQVv6=@M-TzUg=}TDckWX`w=Pb>VxK zT{37HxQ^G=4cW)sDV(uN;{|d=I$HO;&%jd?z&zr?pMkrqAo@NhuFzMQ{C7 zv|axP(HneN=t+BFNMI^z^6yqQU@-A|g55Ci)`>I1d-l^Gsi!x7&tb>K863Md5&EfF zOGGoq=@<<_`ay^etpqGO5KEyGc*=rZ|66?WXcU8qub@WVlcKNRFF&_YyF`+-e(W%0 z&sl_FB}KLbIF_3mB~!UM&AZ!R?$Jo_#nX&>u-bN>p+0?gp1Cvf#l0mt1X$^DGDko4 zVtBlm7{LYcO-A0`dWlYN?grt^E?*6ELOrIZ-if*g$ zs5G(0EO*yi%a|tFqqt6`?+$6;Hod%z9?(5zf}6%oImBqj3=MyH+JojNmcV4VTy z1?&oMpUT$V*YO+2M(L=i)Y{S z{}Yuz4klz{AWt$v-T^&oGn%#w8rNwI2aD(fHy(#geiw^5x9mtlvlqTRwUUabvHn!N zUmI+oZF*n;Z4|g3&gP=9L0mYK>>eJl%iaD*Cf7QP26(e7Jd5;BkXG~?x5#vRPd(uW zcXeXWGLIBW72+%D#gm+r@I-U`KhziusS%l|6jQZLkgeIi?~oH~cxgYLO$0S$nwrQ( zlYUbPQvMg5k6Nr|SVv%@#m)Ss+LX1-*pY5%@+vL}P!tWYZ`Hz~@Zq>@IvzjG9Negr4;S!a+*b&9R?D={$rKF7sL%C>9nTF(9X`j>TcvsM{zdSyN~uufOvhm+;u? zv4Q7vT|>=w5BjG%et2;QN~h?41LAGOe~+&YUlb8aw+@o@^$@dw_^5;!O~#+F3A;Wi zvbkWuDl&Nfq2_fMdc(mNE|Lv%N?MiA=^v;hgcbDd|6|<23Dx&-`>9rb509tb3U;&# z4ri>DqxoJzzuZFX<)igO2r){dS2?|wG#`Mvnb}oCNkQzz{)&9+cGCYn#{7Z@pVD;< z(A7T?*2HAN|C`h*Fqw;egP`(ZVBqQP$zL65&LNQU&4g?4T`i6u0kewj{ z0tf&w5e5Y-4g&%Q1PBhXLlt(=(;oza1jsmR4ec7?g-Z4LMT&5oZxxtF3cMi8TfT!12NNIEwb`i-&?x1)FZ3S!Al_o7YYR#3~^IDEGr6AClJP2MnYBayV5WIrC0iMQ!9vV&s;Vk5jv zhPrjXm9aZl&EiCFce!KcevO1FAOm&81AD)`CBm?86JmB16)~3 z3y&nL%}>%iyWA3!ehivNf{vy|%Ouj(kQPU2XPUTn2cJkPG#%b)$XI;Yc|;hiR^LU5 zy(>t6ddEG43m);SDgwQji4CH=wA%kyqwSIA^$>W7?-U>I=Mev!IFF$@Z{SNi>VIHw zTQed>;R{A#F#;=8VbnUBGQwTcF>QNAIVgc~4K2JL=TxhSrwEh_jagF-)>**KFptC7{Enc}C{rb-mMA_d2NBSv=dF+XCfo?& zjHiqEwJQUp#;afJ(5vh7W%rnGt5+{$?R6}K1iT~8uK4+KF_m$NO*x8RB=Ckkv&>Ny z=wPaNNBF)SBH+XHEdQ`*1BjUKx+taXCa{Gq4i`~triyr~>7YUD_t-TLJ^c~3f#$7< z`Qx-ghk@~AJ^Ed}`7TaS1&XDD4o_M2cKcZjhoGCQ(F8<05a;fJNVS9wY(9HBzK?gN z&CghKbcXGUxGnEl0;y(^xws@hg*AJ9pg-NX12Va z#pFv&qZLE3cg7{cuR>_?Y01EFOs zQNB@k*02;2Jgk*hEcBzAmqE3{p~55Y5)&5l&z-Zz>ur`9dX-e3wY(X{wL!3`_AEst z7Tz(&>^e?_p7t6s!OcjhOf8G-mAM{b=UI&EUzGdWsFY1VbAx>(QSguKb_tn`)3= zetB2G=lTJpW-);N9a3|?DNh>~91On~gM+YO8)W&q*Sr=g)2zbnLS4E3tw@kEIWg{I ziU5{@`}a&39t$qnaHrSJGDP#q?Vo}aUVF?@itLB!5J8EzuQ19b*)CtUs$Ocz$0Y<7 F_i1TAcCG*b literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key new file mode 100644 index 0000000000..ca7cff402c --- /dev/null +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIEDYe4aq4yfMCAggA +MBEGBSsOAwIHBAgp0IpjLtyryASCBMitqsiyjPiiJ6ci5kNUZdGr7xH5+81sTFxC +Zhbf56sBQnE48C8HY65UlxJGxHUClT6bgybYu6VMgcQGInOW4DjdV7u+vDfNhCii +uidpEDyfS3aQMLByHkUcMpZiGl5KDwf46fQvrvXlBSOzbc7fCPxam0x4Ix8M50qd +3vNA9Eh8X3ReRBtDLma3bUKU+Y6Kk0yyrvZE8H0+UFj71UaHPFUvmi3a+v7MUC7R +4HQScJGprzSVcZLz42/83bGqjgDAdD0ryi5U4akMBf1eMjGUjoy2wOjQtQf1Px+s +8e9Ub8JmGEU5t2h9i4oHj67nvw+8suF9q9zRYgqDXodCnRltpyuvZz8916FM+kG1 +RR2/9xKEKbEfpNDaBmTbVjnwyrOAULyVz1BSeMEh6Tfg8I/fSU9VPtKk0Wr+bS6Y +rd9GLkAEhiML1ZN3O8OnuB+e8UhJB/qZudqCFsD39IrCEp048yYMJrhPS5wHUI1D +rUJWw3J5ziwClSse0Y4ppTOvfLfA4yOFPgp8nB9aJcBZ8fhkGtz48yTHDoY5RQiQ +RTIpdYqsGXJXnDdJvGOHjsME+4C5dN1V2+3EPtu6j413Ctc6Z8D3K8/MYPhRrMYQ +40WpQbWqUjQToJcnLrrgn1F5oAP+mnmd+nVCkX0XEaoUhIm0VXOHN8ABuq2CGf8N +Hw0+MPSE9C/PxZsDhvKHdMOUm9SN7SFSyrUv/61NXNPhy2Z2RgOcuLJ4hw4969tg +T0TgdXgb5sgEUq7ln3D14RIabR3WBdMB2502IM+j5cDFK+lNR0RtdCiaXI45tBol ++V77k5BZ2fkdtKjAxoRKztIbIUpaX2kkXXBQkpQ1pGItskIBKCAbTy9AF9h4Zr9l +Kelod0A7Ekut9gVngxnlJPAtjqHl1oNqAjGMIPoG4WSvkun6/Bz5xSii7GOlXYQ9 +xnYfQfEV0qFNmLoSEAy6mzpeY69pxWzAfnsf8AZiqCy8gW2ggx78HikxW8opXDiY +KdKpUxc/LhAKln/QwEqLnTl81sqnviCGO2g0lsXE/+h9TXd3Q6sgFR1jjP2+zWAi +XUS4Lz3dE1W7bNWz3DrSzCnoRTWNAZYPjh1GP6R1SEkzzZtM/yLR/r808kcn9jaU ++EisB+kYdzIkOVe2pKAB5JGpjhjkZVN3uDkHbuEGpx5F2g6fAPbIY8cXOjcaipEu +mY9qO4/iVUv/ToILmvG/dXwO3o9vXHT3NFm5OKi+y4nMvniemui3FnwJC7O/3OPk +uy2Z//ODIoE070u3rSR441fIwS2rSyFmHQ1fKkHoYoq0yK6MSh0I6Y+xkAhNn5DR +ojDOP3N9H6Cu6V3+r0PXxsFHmyj2r7lxSS7imFuCtFYHWDbO4ie+W+tzebVHZxpZ +LWtsOypUyJBHLeg5TrnSnvnnnBh90SOi36CEyzkQHK6/wr64cUw2jS1N/DpxbDWt +hGAjmSYj+iNHA0BjhPQYfvKj8xOW7pHOWZWnFFztJ5JLEta2NShBF7RMdgos5MbW +PeX5r0tHAjGnJR0taH5ZJWs1uaJVtSjke720le3v/7e9lDkcgItgef48miGXzHUo +AG9DMQs7/Smv+9/6mXjKMV+34RLqzWEJbkcdGtKvPn2A5BkkRfXScYpjtGhVPhU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..d9561e489ae179da513d3ef483bd10bc29edfad5 GIT binary patch literal 2455 zcmV;I3262(f(er_Jq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?5KE_EFonT!Mi z0tf&w5e5Y-4g&%Q1PFsEIubxG9UlaO2~haH{sjP{;J*;DR@(^OJ#N?)+@C;=w-M!! z(tfHB1Uc&Kso=5B%_vPr!CP~C29^BPl3b2UC?88LWWPb-_gino=P)i7lyzTcPba89 z%Vw+-PZW0AY2{xO3wHzM5EUOspqTw4R9jcYd6qi{>5a(eal}@~*`je~>T<56bxzWg zK1SuwugZczo`dz+!D?)Zd`FMSl)=yn>SrtwDiY9_@1acheyR<3e?pz(^@p zl*W;a;ff>s3?X%G!O=Izm&8=^?O8o)+*Wgfcon@;L&|)-a!^G?fluS+<0Tr4f?!Z@ zRn(La%CCH0@&DJgEz;DLqk_mR7wG4801@@d;%rb|4i8#-UUJ^a{uegh5vQLNDx}Aq z8(@_}_II{KG3->ZQs=cx8j%KvSzlWD$vMs<2>xA)Eu?Jf-aQF@1M$-mh(^AjU@?20 z!LVb52yD*=8qePMj6Ys=`?1!y;2PlZ>Pop7`W z%E;8O0A`dzG|%$#pUDan(=}kQ>sR%Nk2PLl~WI9YHa$o>SmSWrFw5Um~ zwZ159WBqtP`bc(BsV9;unC|^PpbiNIS*$d0XKu4Wn8(~d9gzJs^>3JoLUfi}IE zz(NDI2w5&|0tUwA6YFRCEr%WK(#F=_6dy?V*%EwiKA?+>hnr}^m`&j-0_B@rhQ16g=G)Pc z55i1m=qH~e+Bzh&L0CjwD>xf@lPnMHn)iGuu5i!jnJQF<{Rc+QdED_RW*(`(Z?Dod z$2^*Ew?=pvGb~{LYX>0^`Jf8bP~AKdHBnlZ+~6Mzwjq zh0ziKNjO6UTB@@jB^e7jHPk(P{0N_S)csk~K7#xGuSTQu49{m9;n)I*j4%MV)aOc3 z6^@$JG0xWr5QgLuP-fq7{r$gnZaiVtpK&SsMT6O}pH^*`Sm}BQ4|wxqq>f5=hznqx z0lFpubVk7fBNFtzPZXeG(JeLkYn-B6-o>wBXR5EcA(;R@Dx!RE3616IY6W(te9U!N z*69e7aX{#Ix|0YuOUI`3B2XqF-Lal3xbPAtMQ2n-Iwv%nD(=TSjlJPIihw_&iOy9> z5;H73sh*1paIW>nmkX9X&70%Fwqd8r!b3p)lZE+Xm|t;rg4QwpjV=_o;()1cPZ3t9#78c5*kJ_9v|0nk>rQfi9-!uTr6YQ+G~M{Ba9;jfYNVhhBNkDwxBQd~ z;kU;7PuA&pbf%B;@m}H{`T`a6l|sQK!(_fwh2unvAyYyO0|Z&;#WH zV|duS(!EMjz`u~sIPup~sJKBh7ba2~RHvUnu%c&+Rg$0%4-&igP&s#!QJY*Gbxa6o zBLu(_$S;si0hW0Gv_A*17e zeH6GbdbqaA$326;A)IWGnymorEQp|1&apMCG0j6Y%3AT3D={_!y2BdAy?NV68u`!6 zSG?ah$fV|rHA%c@{!?$;BJ|+j^7^>~JG6e;v%j3aToNl?Hy0k;n@%3fX}Z)I@{2l+ z@Wk<{71=jI6gKactGgwC8i?<<)wMFN Date: Thu, 31 Aug 2017 17:02:01 +0300 Subject: [PATCH 0187/1059] Addres Andres' comment Update the document after Andres review comments --- CONTRIBUTING.md | 61 +++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 95219e5444..f7bf5f8dbf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,63 +1,64 @@ +Contributing +============ We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions: - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release. -### Contributor License Agreement ( CLA ) +Contributor License Agreement (CLA) +----------------------------------- - All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. - To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. -### Coding Standards +Coding Standards +---------------- - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission. - The code should be written in a clean and readable style. - The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs. -- The code should be secure, and will be reviewed in a security point of view as well. - -### Making a Contribution +- The code should be secure, and will be reviewed from a security point of view as well. +Making a Contribution +--------------------- 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. -2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. -3. Write a test which shows that the bug was fixed or that the feature works as expected. -4. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) -5. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. -6. mbed TLS is release with Apache license, and as such, all the added files should include the Apache license header. - -### Backports +1. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis. +1. Write a test which shows that the bug was fixed or that the feature works as expected. +1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) +1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. +1. mbed TLS is release with Apache license, and as such, all the added files should include the Apache license header. +Backports +--------- mbed TLS maintains some legacy branches, which are released as LTS versions. mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules: 1. If the contribution is a new feature or enhancement, no backporting is needed. -2. Bug fixes should be backported to the legacy branches containing these bugs. -3. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. +1. Bug fixes should be backported to the legacy branches containing these bugs. +1. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. It would be highly appreciated if a contribution would be backported to a legacy branch as well. At the moment, the legacy branches are: -1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3) -2. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) -3. [development](https://github.com/ARMmbed/mbedtls/tree/development) - -### Tests +1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3) +1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) +1. [development](https://github.com/ARMmbed/mbedtls/tree/development) +Tests +----- As mentioned, tests that show the correctness of the feature or bug fix should be added to the Pull Request, if no such tests exist. mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. Sample applications, if needed, should be modified as well. -### Continuous Integration Tests - +Continuous Integration Tests +---------------------------- Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible. -### Documentation - +Documentation +------------- mbed TLS should be well documented. If documentation is needed, speak out! 1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation. -2. Complex parts in the code should include comments. -3. If needed, a Readme file is advised -4. If a KB article should be added, write this as a comment in the PR description. -5. A Changelog entry should be added for this contribution. - - - \ No newline at end of file +1. Complex parts in the code should include comments. +1. If needed, a Readme file is advised. +1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description. +1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution. From 533751f98f0890576e30ff6f996abea4c5203338 Mon Sep 17 00:00:00 2001 From: VOLAT Matthieu 22923 Date: Fri, 1 Sep 2017 09:55:40 +0200 Subject: [PATCH 0188/1059] Use current source paths for config file creation command That way, the project integrate more nicely when used as a cmake sub-project. --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3e47224ea1..2883eff270 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -31,7 +31,7 @@ find_package(Perl) if(PERL_FOUND) # If NULL Entropy is configured, display an appropriate warning - execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY + execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY RESULT_VARIABLE result) if(${result} EQUAL 0) message(WARNING ${NULL_ENTROPY_WARNING}) From 0a47d127170a94c76932a9b1dcc4525fd8521435 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 3 Sep 2017 10:20:25 +0300 Subject: [PATCH 0189/1059] Rephrase the backport sectio Rephrase the backport sectoin, since development branch is not a legacy branch --- CONTRIBUTING.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f7bf5f8dbf..c1870547ba 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -34,12 +34,11 @@ mbed TLS maintains some legacy branches, which are released as LTS versions. mbe 1. Bug fixes should be backported to the legacy branches containing these bugs. 1. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch. -It would be highly appreciated if a contribution would be backported to a legacy branch as well. +It would be highly appreciated if a contribution would be backported to a legacy branch in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development). At the moment, the legacy branches are: 1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3) 1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1) -1. [development](https://github.com/ARMmbed/mbedtls/tree/development) Tests ----- From f28dc2f90053781f860c73f81556d76bedc08aae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 Sep 2017 13:07:52 +0100 Subject: [PATCH 0190/1059] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index e8d1da5c98..b45b98481d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ API Changes Found by James Cowgill. Bugfix + * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys. + Found independently by Florian in the mbed TLS forum and by Mishamax. + #878, #1019. * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) From 4f13195f3b86cbc78ae05600408152fb294b71da Mon Sep 17 00:00:00 2001 From: Gert van Dijk Date: Mon, 4 Sep 2017 14:17:10 +0200 Subject: [PATCH 0191/1059] Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040 --- tests/suites/test_suite_debug.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index e28d58d649..7f747d07b6 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -42,7 +42,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" Debug print mbedtls_mpi #1 From 9c6cb38ba8e0ab9d0774fdc6aa54d504e4616ea2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 10:08:01 +0100 Subject: [PATCH 0192/1059] Fix typo in pkparse.c --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 3368f5bb2c..6db9a5a9e0 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -859,7 +859,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( const mbedtls_pk_info_t *pk_info; /* - * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208) + * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) * * PrivateKeyInfo ::= SEQUENCE { * version Version, From d16f6126c7ed40f7f5bb063ad5319229347771af Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 09:23:50 +0100 Subject: [PATCH 0193/1059] Add RSA key generation commands to test Makefile This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future. --- tests/data_files/Makefile | 197 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 197 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f7826d4359..fa7e0b4e84 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -64,7 +64,204 @@ server2-sha256.crt: server2-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ all_final += server2-sha256.crt +################################################################ +#### Generate various RSA keys +################################################################ +### Password used for PKCS1-encoded encrypted RSA keys +keys_rsa_basic_pwd = testkey + +### Password used for PKCS8-encoded encrypted RSA keys +keys_rsa_pkcs8_pwd = PolarSSLTest + +### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which +### all other encrypted RSA keys are derived. +keyfile: + $(OPENSSL) genrsa -out $@ 1024 +keyfile_2048: + $(OPENSSL) genrsa -out $@ 2048 +keyfile_4096: + $(OPENSSL) genrsa -out $@ 4096 + +### +### PKCS1-encoded, encrypted RSA keys +### + +### 1024-bit +keyfile.des: keyfile + $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile.3des: keyfile + $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile.aes128: keyfile + $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile.aes192: keyfile + $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile.aes256: keyfile + $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keys_rsa_enc_basic_1024: keyfile.des keyfile.3des keyfile.aes128 keyfile.aes192 keyfile.aes256 + +# 2048-bit +keyfile_2048.des: keyfile_2048 + $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_2048.3des: keyfile_2048 + $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_2048.aes128: keyfile_2048 + $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_2048.aes192: keyfile_2048 + $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_2048.aes256: keyfile_2048 + $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keys_rsa_enc_basic_2048: keyfile_2048.des keyfile_2048.3des keyfile_2048.aes128 keyfile_2048.aes192 keyfile_2048.aes256 + +# 4096-bit +keyfile_4096.des: keyfile_4096 + $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_4096.3des: keyfile_4096 + $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_4096.aes128: keyfile_4096 + $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_4096.aes192: keyfile_4096 + $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_4096.aes256: keyfile_4096 + $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 keyfile_4096.aes192 keyfile_4096.aes256 + +### +### PKCS8-v1 encoded, encrypted RSA keys +### + +### 1024-bit +pkcs8_pbe_sha1_3des.der: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +pkcs8_pbe_sha1_3des.key: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des.key pkcs8_pbe_sha1_3des.der + +pkcs8_pbe_sha1_2des.der: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +pkcs8_pbe_sha1_2des.key: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des.key pkcs8_pbe_sha1_2des.der + +pkcs8_pbe_sha1_rc4_128.der: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +pkcs8_pbe_sha1_rc4_128.key: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128.key pkcs8_pbe_sha1_rc4_128.der + +keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 + +### 2048-bit +pkcs8_pbe_sha1_3des_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +pkcs8_pbe_sha1_3des_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +keys_rsa_enc_pkcs8_v1_2048_3des: pkcs8_pbe_sha1_3des_2048.key pkcs8_pbe_sha1_3des_2048.der + +pkcs8_pbe_sha1_2des_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +pkcs8_pbe_sha1_2des_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +keys_rsa_enc_pkcs8_v1_2048_2des: pkcs8_pbe_sha1_2des_2048.key pkcs8_pbe_sha1_2des_2048.der + +pkcs8_pbe_sha1_rc4_128_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +pkcs8_pbe_sha1_rc4_128_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +keys_rsa_enc_pkcs8_v1_2048_rc4_128: pkcs8_pbe_sha1_rc4_128_2048.key pkcs8_pbe_sha1_rc4_128_2048.der + +keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 + +### 4096-bit +pkcs8_pbe_sha1_3des_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +pkcs8_pbe_sha1_3des_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +keys_rsa_enc_pkcs8_v1_4096_3des: pkcs8_pbe_sha1_3des_4096.key pkcs8_pbe_sha1_3des_4096.der + +pkcs8_pbe_sha1_2des_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +pkcs8_pbe_sha1_2des_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +keys_rsa_enc_pkcs8_v1_4096_2des: pkcs8_pbe_sha1_2des_4096.key pkcs8_pbe_sha1_2des_4096.der + +pkcs8_pbe_sha1_rc4_128_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +pkcs8_pbe_sha1_rc4_128_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +keys_rsa_enc_pkcs8_v1_4096_rc4_128: pkcs8_pbe_sha1_rc4_128_4096.key pkcs8_pbe_sha1_rc4_128_4096.der + +keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 + +### +### PKCS8-v2 encoded, encrypted RSA keys +### + +### 1024-bit +pkcs8_pbes2_pbkdf2_3des.der: keyfile + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_3des.key: keyfile + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des.der pkcs8_pbes2_pbkdf2_3des.key + +pkcs8_pbes2_pbkdf2_des.der: keyfile + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_des.key: keyfile + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des.der pkcs8_pbes2_pbkdf2_des.key + +keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des + +### 2048-bit +pkcs8_pbes2_pbkdf2_3des_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_3des_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_2048_3des: pkcs8_pbes2_pbkdf2_3des_2048.der pkcs8_pbes2_pbkdf2_3des_2048.key + +pkcs8_pbes2_pbkdf2_des_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_des_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_2048_des: pkcs8_pbes2_pbkdf2_des_2048.der pkcs8_pbes2_pbkdf2_des_2048.key + +keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des + +### 4096-bit +pkcs8_pbes2_pbkdf2_3des_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_3des_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_4096_3des: pkcs8_pbes2_pbkdf2_3des_4096.der pkcs8_pbes2_pbkdf2_3des_4096.key + +pkcs8_pbes2_pbkdf2_des_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_des_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_4096_des: pkcs8_pbes2_pbkdf2_des_4096.der pkcs8_pbes2_pbkdf2_des_4096.key + +keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des + +### +### Rules to generate all RSA keys from a particular class +### + +### Generate basic unencrypted RSA keys +keys_rsa_unenc: keyfile keyfile_2048 keyfile_4096 + +### Generate PKCS1-encoded encrypted RSA keys +keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 + +### Generate PKCS8-v1 encrypted RSA keys +keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 + +### Generate PKCS8-v2 encrypted RSA keys +keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 + +### Generate all RSA keys +keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 + +all_final += keys_rsa_all ################################################################ #### Meta targets From 8fdfc98676e868bc2057afeb73da02abd869fec1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 10:08:14 +0100 Subject: [PATCH 0194/1059] Update keyfiles This commit replaces the previous keyfiles with those generated by the commands added in the previous commit. --- tests/data_files/keyfile | 26 ++--- tests/data_files/keyfile.3des | 28 ++--- tests/data_files/keyfile.aes128 | 28 ++--- tests/data_files/keyfile.aes192 | 28 ++--- tests/data_files/keyfile.aes256 | 28 ++--- tests/data_files/keyfile.des | 28 ++--- tests/data_files/keyfile_2048 | 50 ++++----- tests/data_files/keyfile_2048.3des | 52 ++++----- tests/data_files/keyfile_2048.aes128 | 52 ++++----- tests/data_files/keyfile_2048.aes192 | 52 ++++----- tests/data_files/keyfile_2048.aes256 | 52 ++++----- tests/data_files/keyfile_2048.des | 52 ++++----- tests/data_files/keyfile_4096 | 98 ++++++++--------- tests/data_files/keyfile_4096.3des | 100 ++++++++--------- tests/data_files/keyfile_4096.aes128 | 100 ++++++++--------- tests/data_files/keyfile_4096.aes192 | 100 ++++++++--------- tests/data_files/keyfile_4096.aes256 | 100 ++++++++--------- tests/data_files/keyfile_4096.des | 100 ++++++++--------- tests/data_files/pkcs8_pbe_sha1_2des.der | Bin 0 -> 678 bytes tests/data_files/pkcs8_pbe_sha1_2des.key | 42 +++---- tests/data_files/pkcs8_pbe_sha1_2des_2048.der | Bin 1262 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_2des_2048.key | 54 ++++----- tests/data_files/pkcs8_pbe_sha1_2des_4096.der | Bin 2422 -> 2414 bytes tests/data_files/pkcs8_pbe_sha1_2des_4096.key | 102 ++++++++--------- tests/data_files/pkcs8_pbe_sha1_3des.der | Bin 1262 -> 678 bytes tests/data_files/pkcs8_pbe_sha1_3des.key | 42 +++---- tests/data_files/pkcs8_pbe_sha1_3des_2048.der | Bin 1262 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_3des_2048.key | 54 ++++----- tests/data_files/pkcs8_pbe_sha1_3des_4096.der | Bin 2422 -> 2414 bytes tests/data_files/pkcs8_pbe_sha1_3des_4096.key | 102 ++++++++--------- tests/data_files/pkcs8_pbe_sha1_rc4_128.der | Bin 0 -> 675 bytes tests/data_files/pkcs8_pbe_sha1_rc4_128.key | 42 +++---- .../pkcs8_pbe_sha1_rc4_128_2048.der | Bin 1254 -> 1256 bytes .../pkcs8_pbe_sha1_rc4_128_2048.key | 54 ++++----- .../pkcs8_pbe_sha1_rc4_128_4096.der | Bin 2414 -> 2413 bytes .../pkcs8_pbe_sha1_rc4_128_4096.key | 102 ++++++++--------- tests/data_files/pkcs8_pbes2_pbkdf2_3des.der | Bin 1298 -> 714 bytes tests/data_files/pkcs8_pbes2_pbkdf2_3des.key | 43 +++----- .../pkcs8_pbes2_pbkdf2_3des_2048.der | Bin 1298 -> 1298 bytes .../pkcs8_pbes2_pbkdf2_3des_2048.key | 56 +++++----- .../pkcs8_pbes2_pbkdf2_3des_4096.der | Bin 2458 -> 2450 bytes .../pkcs8_pbes2_pbkdf2_3des_4096.key | 104 +++++++++--------- tests/data_files/pkcs8_pbes2_pbkdf2_des.der | Bin 0 -> 711 bytes tests/data_files/pkcs8_pbes2_pbkdf2_des.key | 42 +++---- .../pkcs8_pbes2_pbkdf2_des_2048.der | Bin 1295 -> 1295 bytes .../pkcs8_pbes2_pbkdf2_des_2048.key | 54 ++++----- .../pkcs8_pbes2_pbkdf2_des_4096.der | Bin 2455 -> 2447 bytes .../pkcs8_pbes2_pbkdf2_des_4096.key | 103 +++++++++-------- 48 files changed, 1004 insertions(+), 1066 deletions(-) create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des.der diff --git a/tests/data_files/keyfile b/tests/data_files/keyfile index f54d47aa73..771b10ad6c 100644 --- a/tests/data_files/keyfile +++ b/tests/data_files/keyfile @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDMYfnvWtC8Id5bPKae5yXSxQTt+Zpul6AnnZWfI2TtIarvjHBF -UtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL914/srnyf6sh9c8Zk04xEOpK1y -pvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUIyQjtQ8mbDOsiLLvh7wIDAQAB -AoGAefPIT8MPpAJNjIE/JrfkAMTgsSLrvCurO5gzDBbxhPE+7tsMrsDDpuix3HBo -iEg3ZbzV3obQwV7b0gcr34W4t0CMuJf5b5irHRG8JcZuncmofDy6z7S5Vs75O85z -fVzTIuVUyuHy1rM6rSBYKfsMLVyImUb4wtIXEMHPzdCL9LECQQD3ZfgGqudMWq8v -3BlKhsQ4fsR0vxzNlMZfoRrZzcvBT339Bp1UQ8aUo8xBtHiRwuW1NaPNgYKX6XQ6 -ppuWuTiJAkEA030i493KnFPLRwWypqF/s6ZNlVye+euFN5NF/IeJcvb/GUDRYv9O -pRozRS1jNx4ZB1K2xT7N9MwsPHD6j6K4twJBALdfHTfT9RzjGnae7SAQQ+CcFYFz -JiY6386B2yUVJLFj+j5RaMvMcKQ7xGnvGm7vxtNJrt/j3qg6oavXUfulzgECQQDP -CEVLhCd/+ZeZoz5MWPTGTRrOCKmoRqNW0FlG6PfpD1qSwh04KG44uflO0yu5HUGr -JZG+bcj4x5bWZFMkoUrpAkEAyEgQzesKFqcbt1cqv3pLXJYQBBw6leFXgHk11a7k -+AkexhrPYyq/4tXFO2TLk2hs7tpYgNDOqZCvEu7jtN3RuA== +MIICXwIBAAKBgQDvJKjZuDqQ2agQjrRv+p5X62dazZ6YVmDiwExrOOaK5Aw/FZ3Z +Ap1TA757ztYlgZNH/lHg5JLM/dSdkG6Q1I6cTC6hW79LHORjUWjkIoCsw3lPd4Mc +brIBdp3x0PwqgLGnEa/dwFX6hjakG4aorygTzI0OwKkBgKwJOivjRqLqMwIDAQAB +AoGBALoGZmKWcNhkt9vJZosFBU+XCtsTwB74cn1w4QE3Tf8UzoH0Ksm4wvDkpLRi +fSrH1O3X45FxvNBBU7cNtzRqZFOn7VMsZZGqBPQW0StBjsJH5dOIRGkAWXxOFZM+ +2nrQi9TANPA9bkYSziV3GFQJdGyDqa7OO5FEXY3g6ixCrNwBAkEA94vFPuqEWKyy +rW/jDqBF/1wTORJnsUjh7uhMjjMkeURVCZUifkvQdaX3t7s3LC/yxL/nx7fCEnLb +JzT0i1U/swJBAPdPbQGw2g0oafAX7T0frJKe+cSOjEMc2id3c6AeHvDgfSL90zWD +aGMZQkmnRbbo/oBtv/2HvKYhJT5pN726a4ECQQCmQsES9c44BJ3pcRmObEU3Mq9S +iLMOVoYwwOMSKvVXYXa//eNx8hervPH4/AwdaILkdIQHFruJSo048w9AOdyTAkEA +mVBPz2CHjOik5AaxN9dO8IZFaKjGI0TbqOPQdk6197XzXaHlMaOJLwYVpftgqIfA +XnWrM8zWElcx84Le32uWAQJBAN0X2SkMv/MWch+AA2EsY0ALljCmMCTNp6LaZr5h +kudMwxesdaCurkUPFIBm9PCsaXHTWWFD8pCCWUz0FPpg488= -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.3des b/tests/data_files/keyfile.3des index 638c19afc3..b2a99e28a3 100644 --- a/tests/data_files/keyfile.3des +++ b/tests/data_files/keyfile.3des @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,BE8274D6692AF2A7 +DEK-Info: DES-EDE3-CBC,AB136F328DDD2C0F -9ZXjoF55A9XgJpdaWmF/ZL1sJfbnE1M42N7HHRDwpq1/K+afC9poM0/AdCUbRL7w -uvQERievbAYpNeLdah1EftM6033e1oTxUMivdL4orDKcbb3qDpSQ0o0UbjavbT+d -aruilW8zVP4dz3mYMvGbkgoujgzdT+4wM0T1mTTuYcRKQsHlg7QDy2QrBILNuXA4 -Hmye4GlSXVUSON8vPXT12V4oeubEIZVlnkLTRFGRVA4qz5tby9GBymkeNCBu+LCw -JwJLTbQwMFqozHvioq/2YBaHDcySpTD4X5AwrCjifUNO9BnLWLAmt8dOWr0z+48E -P/yWr5xZl3DrKh9r9EGb9xbTxhum3yHV7bvXLoUH+t9gowmd4Lq3Qjjf8jQXle0P -zoCOVxwN1E1IMhleEUPV7L8mbt26b0JyvrSS5ByrXahGu9vGQyy7qqx9ZANkzgXF -3hPMDuzQXMJiUeG92VsMEdGdA1/8V5ro+ceB5c7Zca5MjMzvx2tihda7BUjj6dSE -cA8Vvksy/NX/nqHSt0aSgphvBmZP8dN6GMcZ+hT7p0fhCq4mSFEykQqueKXiFUfz -0xCUVZC6WzOoEkc8k7xiLWQDlsZZ13Z4yxU1IxJp7llZXpZ8GkwS+678/Nx8h54A -mv5ZlSFWWQrvN5JPQJka7aU2ITu1LUK6mXBu+DoSDOfQuqR4vQytkjOqHK185iHs -JQtBGkFFdElkWgubPX/S8/xxoT8MoQY/c+dr6iwcswyUnSJXh32KLPGNBoqWCCbY -jp/VYmeb117gNpEJKJhcNbrP7DoQrC3/D7JFXnOvTA/z6FOtUmz0rQ== +3GKW34v4i1BywDddKPMXBIfeM85tay5D8+LrADXsquyBUVqioeqG/Ygz4ZYkNZ9K +5aJUwCa0TOdn0eJkOLzZOUL87hECX15vrPGfUNeVBsh9ReFhCwqCpCc8dWLlnlBb +WyFd5HTqikL5D2/e/MYgyMhOaBkl4ESTEZ1o3G2h1bF24MDbTEVjwK0oZCyoMbKe +GeC/GN/D2lizQ3Yh/hYb0N+d1f0BUtZsUZsx8ml7JCm2zdJnMPviQaboeb++zbfO +nI70ZJ0yuiUcYd0u6uFAWMX+Gnf7tZlk6k/gS3Jjyuf9YyWq2YnFfxZiA3FsglqB +qygFM4IOGe6PF/pGuJe1daF6/AAR5Dn6S0T0sscgK+5GhOUwF2PhsDcbeVT66HSI +BGbuEg79ujmgursuPGUAxsvi6r3yC1D1z+OL1+xlh0sWmFNjmfop0MSkM2fRvNRt +89yVwDHKCxM/cz8dztQFuInszGOhDyJ2HATpmdEiT1h6Q8azP7NjnUCXV0OA3+Uv +idxumV9JpG7JtAqiXcptgHkADYMgxqYoww7mwoo+2lyjbASn79BYZmI+3tB9BuVk ++oczQchP3OouMBI7Y96s1xlsKlDSXZfRCUuGBx4aXinu6OUf72+t7ipM+1x2ynxn +2JYg15XoRV+kEpHvnLR9/cDTuhdlg2rzo5zWRDqabxDm77ALd5SXp6tEkSlIm10r +VsahTDGDVkbaqN5VUzLd30YNVa/G+s1HSuSGPNyIlSaG8+ckf8gyfdhDR8QpCWvM +1682JZ+jwoHWDWXIF0XBV9BMO014qR7VA9iPIzEF/K7dfKiTzxyyZA== -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes128 b/tests/data_files/keyfile.aes128 index dd7443f847..9f516e998c 100644 --- a/tests/data_files/keyfile.aes128 +++ b/tests/data_files/keyfile.aes128 @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,B5FA3F70C2AF79EB9D3DD2C40E7AE61A +DEK-Info: AES-128-CBC,F7A9614C20516E29ADB2DC9D079E3018 -iyfOvvyTPPR7on4XPFxu6CoCgTqh88ROlslM+RLJhwM/qGexbgDOzeI2CPf4XfzI -tyevKD/pqCaCMesYJh/HDQCILdW2tGbwzPajg72xkfCD6+1NHOGoDbdQN8ahGVmg -flAYU0iXDMvqs/jnucM7nlTGp8Istn7+zd9ARyrkQy+I8nvMh3chGKWzx/XtJR+z -Iv8p+n/o+fCHzGvtj+LWYeUc4d0OTIjnF6QPTtPOexX28z0gXRODT/indgifNXv3 -j45KO2NYOaVTaCuiWIHj7wWBokoL4bCMFcFTJbdJx5BgfLmDkTEmB/6DEXu6UOsQ -3lPzyJhIRxn7hNq2I47TzSAFvmcXwm84txpxtSwHTcl9LgsyIiEMmHv3lPPE1G94 -F5VrCzzFHyU7nFRdUC0mqLrCHcjDn5O4SQWfH7J/7G4OArU6lA4Z2NC03IPxEmsQ -66Fu8GdMbmtFORdlZQtOjLi3zZwN9+NwhiUrNNdVvGNJIjIcZ4FZRZysbt7++hfQ -/JOAKhVNC8dNROJUleEYIiqx23e5lze6wqcIosziq3tb6/SQ6fH533D8+PpcZKsC -IlWKAQzsNV+nJvt7CI1ppWc6CtV7TKn0scZm2oOC4339gdR5xzxXe9EJDsMBpcg9 -drIdBr+3UxeC6Lc/rWM7IjSQ2YULBra3toEF6UYevngXdUD2YafrpoY5rK9IH90G -Hjbf65IaHLTS0jA7lAvJsQEBuULQQoWENOjhp8v+UfkNM2ccyOuUk3xZJNeX19YP -1Z09UMEKbf6ucoRCc01SBl206OAsq1NZEaodszT+mDg990I/9ACVi3LEU6XB5ZVs +j5v8fB9pDuTc8t0D2iQpndreTtTNCS28H8NK6Pc3ad4I5ERNT8V93QTq5NGf7lHJ +PCjcO8GMPzKodDb70GEB81ObBcHygZutW3Byn9ENZoIQUXxaW3JVI7d8Yg07c5Aa +cKmrhUk8ncv2utbitfzEzTQsargP8Nbm4I8iroFGoOY5GKTBdMaImcmqyL8c64Cf +vU4boaK1+OWBjE6R2POFpZVQCeNZpcsWTO6vEX0Z2+PCnlctgmnO2DAUxSeRr8Ie +J2TDFi1+8z8aY6SNFcsymn37SeNXfi2u97VEE8oWG3snG07iOxCCjQB+dZ8t7f0D +qHcybxcuTffIeq4tPygwX4UgebqoVn/DIq4m2GV72CcNdgFE0mtsPlXXEMUFgIqy +glrxVkMpJbpKFP1gsbWx+ID3gchowkYSxnpJFDk7fPR4H/vGFGIBOk+6ATwUSuy6 +eRqMRQExweGx5lWZbGtt8fbwoEEDhnlxyy0iDgAhiORi4tZmramx/M9N6SLMb9sB +WmdzF3ln6VNw+mrjnpImJJZjQE7Nd+cdgkCzdFoTn7B+paOsrGeJx5RvfOdsL4Yl +Ls9DWvDfOydk/zxr4Sm9xPYX6oqZnhUFrJqvT8ION3IZNpE88YZw/1UFCH88p4/0 +dwNsE5LDkXkBase+bek3bEN0mH0oTIY4PxMiil3tpofUZYE4T/pugMLLWgSEdhkT +2V16w940MdQI8qrGaEzW09b73kqSLBGZOb5CEthftlCts1vAI9KA4CJ2cqcH7x2n +9aYJi9aCNty2PLeuf+MIsksiAQNoj3vhoXVJiBWQSCcAv6TS5b1FjbEWqxHbz6+w -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes192 b/tests/data_files/keyfile.aes192 index 96702d8e95..265570b371 100644 --- a/tests/data_files/keyfile.aes192 +++ b/tests/data_files/keyfile.aes192 @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,72F869F41B989D71730B2983448251B8 +DEK-Info: AES-192-CBC,9831127EF949CE8891358563737C8475 -R6ST6H9oUyFWBavUO++azbn9ga87lgeuqNMVVScOcXjguqQZdnuZq9AzwQQETEv+ -ZbVPL9w2isuXKoavaPxYyCXbZ+l6JRfWiXi6CmnfNhx4MgYpbH9BEqGbIVxA3fvu -zFutqi+Ru6QeERshDNke6HfFjJ91WkBjNjrXcfDmt0uRGqFSWd5DSEniyaPmxCYs -mpRwr9XESFiBkCHL+/iSkW0EZBjwHW0//RNsZKtuqVJGW/dZhDxerOGRl0a1oWkb -IvfED7afrXMlpHokMwtUduk2TBE1AoczZ6Dv7RZGipaBR4yb9kYgIkiqFk53lg5h -7b3WQt6TYECI7X3Q2rDgPQtUChVud0uUQYmQ5328HRE8zhlWxHGmTQMWVBW6X+FM -ikFLRUeYBeq0UJu20DmvklZV6iDxsULLu+Rb0b8NkT+V2feSXbrP976oCSUznvT6 -3e2EOH+KAqMy5JZhTsjM7HtkleMwYQ9v+Wnbnn1OsB9drYWUJuhQeXt6v8dkm/eD -9m6dZzivc/h1UThIuuZPo+6S7FoluIlt5uv2UcnYYdYOgKSd1Vm0wztGaJn3CSGw -JEbebucr+5ptOHxflV5Txgnfj63sJyVd/wy0T8sMRO2znk5uVLWxf855fNXev9M3 -gA3+MXC2eGaR9DYOxfakFRwL+Z30RlIktaqDK76BZRD4sWB6dIVw5JdCXpNMCuDH -dxlTKcP59uPAEB2VyhDvm5CN3T+bM2K6WDZFO95hKKfEk5ea/UB7DA2ucfovdayE -Hd46EUKC4/cdUFiSycgD01ztdda7hU7hFvOkHTK7O3G1yvEwH0+jxKNsudNfbbxc +A3uLv2ThHEmFGS7TOmSGiLonOVoA+XNEBTlWBQP+I5OnqwrHsMkTkapzbXRD7eSE +QYB86HPYN+WbJO4TWVnOoDcZtlcUCTfFtjvLst8QkhPbmx/xfmwErvlED2o14fej +BawhMCLeczK14m/Nbe46tTGTqasyjTl7eFvyQ4TokadkyFK3kDX2DvtrU5pHIRbm +flmJAjMC0kfioXzx7TrmrOOvY8pu8qCTkuiO6EeB6HMboy/W3amnsP9KmmBv1NHL +velzzuA37tICJdq+alspf6porlN19qH2DQL5h1lArP0qO5JNMcHQGp2r4b9KRGdo +3wMMbmKztoEUrvAfZcuJQgQ80aYWxpsYb91WT0hqRoX9q6HmyuELq+/dnfpwKZmo +YlZ3aKeUvGFOxdahvNr7ywJ+lMesCxiW0E44t+prM4pJvrQ56JbmXG21q8BDLOBr +nOt22DAOLXTOctBgVSDDPKuo1X+cp5F9epH7PPbE0u0XFXA+8VgeDUGXolXtwfGf +UjtvfPQdrbM8CduT/7TT1umamqYkmI1FkCQ/HMb3LeLXoZBqEBkj8EuVOZPLOIeW +/rVOk9TKxOSdF+bQ5aF6VXbJ+KcrbofCA6PgJMlsIkz3WMwQ9JHgTlyYC+7m+FfA +pXg4/GB6G9Nl/WDJD/xVapOQ3B8a6N0KYHW/yBbEA9jjlUTMBmFM4+ZZagITJnNP +6/yHsF1ut2E5Gv76/35zs+Gcgs+vk4rNRVTX54lPSFwHi99450R7Oj6hi4398lq7 +dKRDezJJt/ROSlzCjVzU53aBnR1rIELa1L9F+M15nhqSb/ynUzB8c9k7UGRUBDp0 -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes256 b/tests/data_files/keyfile.aes256 index 5df09cf470..6ec7f94bb5 100644 --- a/tests/data_files/keyfile.aes256 +++ b/tests/data_files/keyfile.aes256 @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,53572EEEE794948AC48CB0E077CE075A +DEK-Info: AES-256-CBC,858F24A86BA1DC0D1FB4EAFCD5DD9609 -p0YobpQmzHb3NgGlojpYoH+G5f1XX9snYv2GQe2tGTBQpoHh+ivHcOt85EZu9pC1 -1KRdALEwp7Cb4RYeQncV9Bfp5rItupS1TwfgKAlp7Plmb4vDcDVw+KL3PaYn52Bd -qq5USLxCvKcl91hZXzitttH072lEj2MzW2QpX2/1hCRPgMDu9PJlBX2S+GOaYP+9 -sTWTCc1yvHMW4XGEM4P4yfRg9EOTxU5gIYWUE2JqmEGd+9I0hK2YevAPLNKHxzpy -klCCBYqDplcVT5zEyCmdiBHIjzodlFuocZC8ncinVnsuJvpTeMQ+zOZ5rao8xm2j -uCnnVRh7yZktfsf5B/ZKBMGyPYRyKN4CCYhF0GzbehTvBirgDELq4LHyDdnnOTwU -YJiqo17x6S4FVNq6AubADVAbCOMFyfr+TFshI8spOwqfGFFDs8/WWL5OnBS85Pd1 -dgoqwzJAt55GyDUbGnp6hUFl9g96nvV3sE6Xe4xVE2Cpf1BtUl9Dt3UrrDrbS0dk -pKxl2FA2H0BVKtfNBHXvWkORi+v+XZl34rZZ37B8snYIN2aOqLuvyM4fd1EabkyG -ymMEUHJcrc5zl/7IECaHrCahqZIsLpLhGTd0MMGrkGSvRLiY5nQ4MN5tKI0fUw0S -5KIjOA6ZX5nvh4rYgQcgN7K6dXNA2hOj5256Vv0HVwXsVhQFmCGnuo+h8XxudRVH -RuIUaTUtl29a/2nPTzXB6MNZe7Wol8EkzuYEgyaizKr7nO0J1umg+lj7ipX/80Ji -3ADi0yL4F831LsdAiTY60Lu2e3WABleZsvuLMWSodb9WzJXknsnFEDLGOM+HGj8Q +7kccrTo2XAy79ZZsAhvkOfav9jShAUXiw4BpsII7s+wqvfsLPzJHfAJcKZSO4Rp6 +Wja5xdqAPhGO/kAMkfggB2g0mXnvDxc65Zz/NOcSNQhoJ65uGMmrzdMM1zY1NR7d +bufwqH3jDM669W/LhbKJ5csJIekKwmMjqBX36K+qCrTI6oooZ8ko0BuyW16vVxfK +pxG//gyfMgoiEvyW5k3Z+pgC4zeG579bi7ki8O2U4dtNJQ7i+6boWEfUmtNoRZij +6GFdqoW+vfXRHMcr0uHDoCzTp3MCuon/lI7uzeb3rH/tgMp52JomyLFJ+wG2ichA +ERGFNPzjX9UNEUP/R3Mn40cG3L0f9n5XJmp8N3xp07BWuOcUQMTkZrI4R8s6ZQaj +p6GFIOJ3XKrJg1uw+onV5mwwmaGJ7EVMPsaCsQ+weYyefYyymSqA/lHVg1pMFoWN +k1sSfmioROdyu/s/Ezw/yfwv0+2zNkpg5b4H6r4/gdm6LWIxF1wnMixENkhzPfLz +kwhS/53mVrReLgObYx/+w3VPC7PHGNG1TMVmTY5+5o7Dd979v/nWSUCeG4jttuit +6KjB77SQcBWvF7vVBZUmcS0Z0mkJ+F8OR4VSlALfUmKxfD35Q0oChZlyyDxt3xDk +sbJSlaiYOJyt+gBmIAzywug+1+nBcfD2CVw6Jh0Kp+6m4Ut+p8/8GBjWXn0w4nNF ++rH1Y19HVdWrPMdOrUhVpYdiyebVIRW9w5ml+USAOeFfIfZMha3wtGWVXEmH7NOp +wZGlTdZXZ5j7VXIBYtGDfTkuITtZFCFXIS4sdYaXNUw0golWc/BAVsOkz2cVEI+W -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.des b/tests/data_files/keyfile.des index f232305592..ecd5f0b561 100644 --- a/tests/data_files/keyfile.des +++ b/tests/data_files/keyfile.des @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,F87FE1C0FB9B3E77 +DEK-Info: DES-CBC,A32BD7692C82A0E9 -1NbOyRx5kBWeXy93eCXyidDpR3pbfgGWIIgXVCVE4/ZXgEt14A23YndZeI5OSxvG -JWhqZ+VuiRsxeKAjo+xf4bnKLArvbshhzUKCEVsCP1d2d1xfgjsnyr8tqNiJE0F6 -7Nimjcrpw/udCk2RBVyshN9kiPBbnA+XUdOHfEnbdkqDsS5DGjq7H1kBZuHhTQa8 -Xv6ta3kbI1BGiqKDhH2H9iJlZMwpVQuJs+HqcqNEhsPm0V4kp0S3PZMbYVKpEtDO -vh9CHprQy/nlHfq7ZAs9/2HN4/OT/5kw4JM9qQy7eo/6FX2yh39Lyz8u7PXLaVgM -pwOiFb+zvegYts5aCXyM1nBUu9NFPDQNDytjXOhbWL0hEr1RzgK67f5QYIxWgGCK -St4moIn7J5BifViNdp7j/RXCoCmda3Zv5PiRw83yScSlzgDdTNpm/70jp8pGSxEn -Ib768zYEcYeeKyPar210Nh9abySPpkFFaujN4do5wujboC0VPz73M6eTeZ6iOUgR -cX9WwkfRj6G6VQfM6xAZdOkQ2cj6M4YRze1RKLhqo0+gre76FLn8Kzf/Hjrp/0iy -0flr/6BwLxGV49vMUCesJ9oqE/frru9Y89cOwbgcHxKJ24Oz+64OUPyeSxDMElZ8 -lXiNk3aBEuLdBOKJ8B9kyKuxNqwDoqhCsrc77Gjio+q24w+G2+KAzBEup4S9cYgp -FiSvK8sizKINfE14f9HA60MJJzyEjTUuL7+ioL7xHGtIkdWbs/Qp7KxliH6qoIUv -VUsT6VS1nWLDyTyMbcjMx1odRsWrLwLqIsvNIcGGwe+P4sm4LivNnQ== +sOwd5YFqP90s5t2qqblAwEbDQNmC0HWsNgbV2Fd1gunftZarO/L32SIYEkdEUNk9 +uJuyoImiyiJN769s1pXUIW8QyPzl2Pk+lykB1XvaVvOzcEhqRAKeXmPBvAT5GXJf +kqARjcqVnZZv7pc6pWwQkrGigXFDx3Wy3U02rrBFWiZTqgraiA0EOMZ/CU9bDZBm +nx2inK2rw8G57JxEzn9uDyxVNJdf1xL0Ge1vNOJcnQWu0cNnIgMZCYPx6L7MubcL +BN6wnJkZgHCHfM2tfJTXVaRGGy/0VSICwgUm7UyU6MNa9KeuLDuiD8Cy9t68he+e +9XVfoz41D81+2Q6YKOsc+xws4WXnvMsXLzDr1lCxK0B6VP/G30Mav+DZ9HQQOE4a +CcPCM9ep2Fx77ihkXhbuurbUsqZq0b2httFJUJ7KXzwHKi8fzN86VlEnx/yMtVKD +Y7zEMo+HsOQGHSN35kJvZyrrve3kW8IZVJhr2si52KLKCwUdObHNsMbKbRsiHGy7 +ukwEnObbrgAzI1rme0Xkkz5ayRZT/fH5BVIYEBvlRGBPE2mreoMU0BP0cUXjZPio +KcYla15Ay2pa3RoaoVSicuxe4TmW9rY2oqMEkGqLwuGmWl6H/qnpakR5MX/edpky +qIo51fHolYpPqGlo0Q+3uomI/l+rILu+nl++9v63uENeP8YYPFfYFOww75i4Zi4T +P5ABY/dWZkEPU5Yah3pcOznbDZzkDhorWZtXTMNvolb88D3zUY6W0TDfA91w3tze +jz977r1ERLuXD7cHjtNK/6QsdnZGZx5pAIx7mIGBJN+5v/HV5tS8YA== -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048 b/tests/data_files/keyfile_2048 index 35f6ee8157..7babef484a 100644 --- a/tests/data_files/keyfile_2048 +++ b/tests/data_files/keyfile_2048 @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAieB9VRoWSXNwOBE/oR4/BhFEh8goR4jIysmjU2v6+WU5Xjtj -/G0EHK6OKpqUNF0mtBzeckZokzUOFt14VghYrUQKwYGb5Slc6ghXaQLeAkr0dfKx -JgTj6t5mMsqV3CrCFl/P6DAEyRg8paquPPYHczkwM8UZRB002IoYNXpLafM2XTnB -TKlskSWU/h2JzWrwwwZkMKyHAuIQ44x8vEtqSJDmX72qKJgsXJN54Yh1IPnMxXam -St4FtOhJHDHDQRB96tpzU9wGIcIFzuyOP7gUnisyobt9Xz0vc+vingOn1jKuQlyS -3fUpJHbGvwsTndLVsmbnlK9hvu1CAUb41PBoAQIDAQABAoIBAAjSPRKRzbU7VoWv -zNNhHQUlW64YR0N0Y+xdhD6VHQSRzl7SC+6dhvLS1DOzmiHTh+NkKXNEP/KTJWif -GNDgTdQgE1QYF8JMqC4tBHKqhUu+Qe+97EmTbIWdXwqG3Zmtfqdxz9p6IARBsbej -uOwbjZR4pzXYuWobOENWaoAZZ/PKS5yo6oMTgmn4navy2QJ2f7fduCF4YmMXRpnO -ORhAx1HCOgymPEhUzXaIiRsDzqY9nVxpz/S4UBw61JL4zQHTJpFe6EQokAFgsG6m -22cEvgdTn7cnf+pzh08XByXbD+WM9CYxe20GhtG62YY1zRTgK+9rxhiHobmNk7VU -YWQDEYUCgYEA/krm/p04dYRaRXcSOCdei57+R5toYYEH7g2DXaKLai171gUzc1k3 -z5TdXGSBBsAf59XBZ/5pXUgHzoOvd6d6aaVey7vkiaZQy9k0wbPK3qgFPhK1YbOc -UbMVEigtDLg0/5ZQ725mfXSp1oUsDbGEVTkeTakb8bTNr6qwtbzECP8CgYEAis17 -qAFQRWoFo6AqtAyG+xFC6C/ih5eboq2wibusXfloeb2dBd8ARpjSZ8H25+8m+Atq -fZRMzMfKRGRI59w/a10knRaafaVYFW27lMAuG8PcYeuRnM2MH1lFTsnWArBJKd7N -0FczGVMEufH9l+xaLLt76o3f3KTBScAk5tFSjv8CgYAa5qebJdy0KeU21graX+fT -k2VJA/q93d2N5GYSQMDI4bjpAjHYMQcDcbcdMBCqOybk6qsEKljRIm6Y/TtRyCje -Bj2KBf1+Rlbjyb2YBEIg3dt4HpiLlmmiBvTir9dcMhyBMVCsk5xKB050QDBR3oam -UV2QT6SCJGNiAwegojCG1wKBgDbLh9V7L0U35aICyNjrWR4kYlVnEfaVU0uVZev5 -usIeg7ALusFml6VHD0kGuYI2Vxv05cVNlkQBW0hEjsN5n0+zJZEeKz8O1wcemr7O -X2V2nLnLVWChhH+brlC8PVAyZ6+v1XA5/GIy89q0PXiMRc0C9phSCd4A7I1A3VCB -siXhAoGAJtiHq2Hy8Oh6JK+vEgXTyxYkqc8TRQn+sdg++9ObBv58XDGCwzvkK1J8 -NCLV1R5tOssownh9RkGbZ/qrhVxreUfSXa3tCuyF7bD0URULhCYCS7BNwVEHCUol -BwAbLAtcDnWZsVkpyCD/d8SUCovDyNLFMxacu3MuZCQuRRvnNqM= +MIIEpAIBAAKCAQEAuhHGZIwzdqq6yM3+ecmqj6DGpBZAYPHca2Dw3E0k/1/iLEXP +n4wSWWza88HneHU6wv/75Zuv+Z/K0ZeZ/OuG9vNIExUEfsZZkUM/cly9GFZrcDH4 +KXE7bxgiDP3zvSzKjPdk5aFZ6DJfK/iVmDCpjngEXsn0I3iadMWMtxokJipoGRlW +F+6b40DMQlX8VNJYU7269w84SmRRBAKLo5ZeNskI+BKpmqInZRfa9yGFOB/g448f +bE2NuV8E1wQzHbsdXV1HpIi+7hRmiYXsZVWIW2WHqy1TJxXWFo2sTOUW18CvNhac +zorRB9lZGT4uzIfJ0eKr1Z4uT/7rl6f/T5QRnQIDAQABAoIBACJtc4XbIxKL2G+b +HcCu/a4Bk3981oCZf60mjKpWY8gUl6aVbCsbIbIGICUF9awmFK9L6fG78r1/QWmy +YT2Y3qoGrYlKVECYtq3YAX9JhXthUhO6Sy5v0w1lK7e3rUeNaBTZGYQbbKU33MAo +CJXWOykvL6/SMif2Aq4kdzrRzWp6EVE73bSiicKCInJCDw+lQjtKWQQp0z0/pRRW +td3SLE0uIgjseRd6IQQugccdWcxqcIdA4u9IFEONI0VA0UGbckM0A59SC0EKL/tR +b6yUbOTkyXPAERVn9LqmBEIj1k3WyIkO+w/6q2hNTcTTTax8dnsTMfdG9OKnpL+4 +EnheMUkCgYEA5qftyM8sDgZsVLg57xfuX6BRiuJjtNwN0bMjkX+HD1FmqjniygYh +LvczUHDf1jwQKS6GQrMEWT03oojd5E/pOB+2RvCF5pPzCZrNNBVi7mSZVDMDgDpf +vIQRaH5VXVbjt7MSMTl2XonAsVtP0N9ivhFF1zbJ9X8UyM5FpO2VlssCgYEAzoOu +YdNqjWsVIgdq8HKiURrbhjSdggPU/dE7/aJZUrW0eAMrUBs2b5OxUzhJ2wdJq5h2 +N3VI9hYyeKzlnGbHuO9Sfxd0Pq2zus4t/tMs9xSy0UnwYfI4e49Ni/aWTVWE4Y8a +dVDPd5+Qe8ji9MCjcS685fbYWzx9CxzidGIQhDcCgYEAw2QMNajyW+srB9WMFjOC +lfU8PlerOQGUn0iOX+nVIq/FNXyV1qe8ool8Ka+EnnoBArHLwGLf0yzdnU0uEwNy +wD107sE/3OUF4+QD4xQe223SyZXxaEWK5ipGiOtEKy649tu2FIbl9A3jcxq0EW+6 +uOHu9PIPwWxm0fiS3LT6nGMCgYEAiOWZz5eKZry5gZlRNpuHJiSbqVdvoiRQKQFu +ty/L7pwtSfEv4SZo64YIYpZJvzwRhgLHOvQwrZEBXCWhABDSDLH5Ce7OTE5xej/7 +FZV/lTrPXxWYmBUthBr22PVZpWIveCaY73PmU/IeoTAF4yFgN0M4TWlY+wIaEifP +pj7rm/kCgYAORhWCosYykYqHKSC+pv0oCg68E4muam4GeHALm1tbPtQhn6C2Q9pu +4TVc/Pp47XZolwxsDPDvKlH6QsbFkQR5OJ/nhD3aVE1Giuv/gIZNk0d5aQMFjn3u +xChnA9dsOsZRDBglKZUMPG3Vz5IrVg0nTkpc1j8eRiiZa2W7gjx8jQ== -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.3des b/tests/data_files/keyfile_2048.3des index 1ac99fc4de..8b44ef6eb7 100644 --- a/tests/data_files/keyfile_2048.3des +++ b/tests/data_files/keyfile_2048.3des @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,769BBE561AFA55C5 +DEK-Info: DES-EDE3-CBC,1B629C0CEE2C13F3 -4nlR2uEny6CDJHEdEG8Y3CUh5Pn54k7lCgd9UvP3CAo5DmKn7nGG+1Hvjky+dLD3 -pDCLOKKNUYM7Dx+HWw4SSfQzYfq2NySnTvnkGITEQfoqIBjQ+O0jkgPS2MTaB+lh -Vs0DYz26OWna8OAjR2gxxXxruCLmY4psmqYd6DX3yIlFawDTwFSbbhZpEGtJ/i/m -aQ1aRZGEgCgpmVIEPigHJaDZYUP6pSev8FPilGm9QbGkJSK10HIrBrk3xLAQtZVB -SYs/k3G7ZUNFF8GbvmyYmnx7Pfzsx90RZsHjRxW7je/eY5v7hf9XRcEnefLQ61ux -lfBKW8S+yVZueC34RIupsYKd8K9/iaAwkpRaCyiVNKicBlgoKPYSr3xGk06DMTTU -vYUZ/Usa8Bvc29MP+qHb/D4D/fKZiHJABNEVecWCnCBdZbCgSlrjEKMVeYg3nTAx -VrkvcPenfafuIBLPb2zYUGlehNmd7sWWVqCBQO64Xlmwy6ALpYBwlBUwpU75jB4w -H7duzO1+UAAz0WssleNKKbUc3YLwpojU6/y11bJw51BFjquTfxbkoTuXvALLiPQY -yUmFze+2DYeCRhlz/rPePHh9JzHBnm94vo48uThNzvf6aAdrqgHs5dbstotKpqW8 -bhlhzKdYjIcWV2JXV9klX3l7GA4aoSSlJAmljyxjGYPM8G3Zl0S/v9nUFXm8/o+e -e8HTTKnCUUUGOyForwo2mzoeTiDT5R/L5divX7Ni+liqQXWAnQEsHi+98RfkdDtn -86lW1uqEVLRT7E98fHDdSLtIXRbgBMO76dExWvqwtPPDj2UlOK3x4i4S4AOf/iy1 -+cmoBjwUVDcj/AaBBd9IzbSu/YUKxFNwmi7KPOJ2ZfJncqixoNb2cUPrWg37m7hD -5dodU4a56lUn04phzuem4z4HmNJqPFIDGUfePEQvgbkU1n+38yW7pQeP2xhJEYhv -ZqnSa1HK/mE8dZOldPQtOwUr4FwTc4JQwNW6vRmx1eothOfoaWpMWFPMOfKqL20O -JMN66nIqB7f0AXf+b2kVgTH46di/ldnbG5kj94h4zRd05ZfYJQKFktMYpi5/D+gS -7uZU7kLMeg4Ox5m3Wy1SuvIEvrdUtAULhO9i6DKu1SAn+9HPML3//hAxVmocJa5T -IGSSaOjRGluhbXjjGGJjm4GKP6WWNinprkT9xi46bWOlmi7/r8MMkLQ12aIeIwnY -1ClnkD+8AVDqZait8qZyJ8zYBUaS/v5lCS3tsTmjWfECFOsuJf+asintIWBP9tfj -YJPRxqpQ7+Idgd5a5LfLjalC+nLP6MzYoYtG2/erUr/YAYbr8Nmce9XH0m9f9Qhz -wGDRv/ydOJX+tK+ElPebeodDh7YGnOr/wrwTuuM/EQ4t/gFOYT+uFsrH4XvUAKU9 -TI1PewoS6+hDTzTB38KkYzfYPzVmRPHOegQWUf6QBYyWXg/2aL5am+S82ROCh+M2 -VZ0vHXs6b80gNBVm3wmCej51//biiBUZp/gundDksI4z3ucD6feQrbx6Qhlu6YTF -TW2LtoRtE+LdUkjEBZD2jwQKWIAXxY3/wMBeEo59mnBrbgRMfjYESQ== +TwNn7h27JVNdu/bms41vRpA3vrEtzTbWjdf+3pACwbYWJV4i6iSHoRxOLZLzqDx7 +27pz4aBASEH3sIuzcz8tuhh06rE0L4k69Pct2/sKiEKxx0g+fINBGpdRTdGnxMbU +EbIaOR92b06MvCxROoXx1EsrJ0BSPGW2VvJQ1LitBZrOFVWEKc3LLki09c30Laor +qGmU0LDGTC6gu+ykuEgeyl2IiSv6Jjq58UQPO+pSUrr1WdjS02LWjy7WT/I121Tv +4VepqJLgU+HmIBmrjBhdE4CFI+cM7ndlhboU4mKCrMxGbSYlJFARCdW/Kk8CiWGb +XKXBheyHZ0pxWZ6QcYFv7fvqQNqdvZZyEJBythPBklpz7omnveKYj287i+RbhndW +jeEJA7WEf04AlM1q3dyfWUrvpfeAygqSyaU+xp2c5TpYp34KYd2OGhvCYn9PqIKB +DlkdHnWEwP6IgPDKB9gqBz9ET6ZIdBJ5R0c7FIsR3IE39uRwkGaggQrcHRPzWVgZ +9GwkaH4i2R0c1hXlOCa0CaHqWjAbtiBxGlBeJdww+UZcaV4Q/mCCA5/fSKI+DqsE +Z+D1mC53Qe8TDj06XUiB42J8EjiBzBlm8O/v6HHoXuvR7ijLfaKeCuLTM5HRFyCC +6Fbax5JO1cyt/45DjrWvOnyKOZuzri/ctybeqmLxMneka/rXZsq6I/QqJzflq/PQ +aqrj4c3hfB30cjwkqRaQafPrlOWiU9bZSgLctzPTZycqfp1l9uwnlZm0jhJ10UNs +1crxnWFpwIfLtaR41iiHvZC4CT8WBRgWhUURStd/N7/BLN19kOP0hDH1Qu7Wdw9o +5mIqvlFKrakaNl4cJRrw6QKqP0HpEFcG5cuaj6fM1r7WyDJbZlHibOYYT3ZJ3XCd +GzI57blCRtm1UbffIr08fAOQg+1amJ/Q13RCb1OpA/3I+FCrT0n3zXT1fKwFWaXf +VaaFdPdAfUssJTcbgfjRUWklTFp9/6QE7m34BZwmgm2nNziTjJ+mthtqXN2nNtOx +tr6zFp+Ih4DnJfRQTf9ew5Jt+IceqEwQ7gp+BzidvxS3sCVFxIdN10E31DYj1tS4 +VIMUm6canmvRGMl85i7m3KB154MBdjPBkPnDBaBLkiyFlMdtc5YU08clNqSKkYM/ +kMaOfqtfI8AcfqllQRw/Zyolxd37FhI4rmrHjSQFNsJVcHQkXoRfy8M6rmrp9VnS +hUjPUBnH4grz5oXbZftkgxPI/q4ODhFI1XtqdzBgOvqPNc/zo+tFboad5mUMgeVN +jFvyupWlFRp6I1Bfqmd+LDiv/ufJcLyPEOAaUJ8TeU7T8QOMnkbU/K1u9nVzB+cf +YAwCewn+hrKiBk3c6bqGwObMa41rapV5bgnct7K7GJTikr8B+KGom40GyQtrYlK/ +qosSH5BiIyUkDKaQKZdC/ZZAAXKhvTkOMq3WrF3fs+LdDLcY73lG+LbksxmSKMS+ ++MyZ1/v3+QPSgbPu/9MNsdu+Is7WfkX5TGD55ct1JhEWWW+XJr6LLuLvd87WsESz +fmo4x1dh3tbiT7bYvsTcgcGURaw8lmP3+ohW5WS9Nu8m+7+aVYvRtsIRJ/82n2Fi -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes128 b/tests/data_files/keyfile_2048.aes128 index 847cb7fb13..bc6c6d44a9 100644 --- a/tests/data_files/keyfile_2048.aes128 +++ b/tests/data_files/keyfile_2048.aes128 @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,3ACD4E1226A197871FFE1D9EEC0BE0C7 +DEK-Info: AES-128-CBC,09F6885B998C878DA5DB6A603F90CEBF -yCMsLxfTSxyPdDUOtPAfcyMkUT6x3XsTPnRgBWGL3+tR1WviaRivMd0dHDH3gFS6 -NFaWZ4RLqVmj52D8VmHVGaZTup0Xeeoog4M3ooFerM8RMINZq1U0VW7o1BIMcWE+ -FIkjP5UP2+rhDTZbbU8YoGa0Q6cOYGRzu55c/x59S1QAz0M22MfpstNw1Gd+K5vH -jGmvdEkkPAYMh7t1kFMHt8Pt4hyBdBO9xeOJTfGLsWGQl6PZVLhOCH3pVHMSa3Z+ -7yu9CmUmFoiiKxzx4oavwlcPnzYUtnUoh1+Yvc3wzDwPiq4/rVtxMRGJ1GNO1nyP -sCTj/DKRzQY9ca06HRl6KQP4FLILbxLodOHWLj8sAEgIIdpAX1j2YBkvMR2usldD -RwEl6sBrldVz/kIK9BF6ThAFKIEHs6zNhPI0H1KC7AlsWFXxn+mHMwpg04Kw7Qdc -D+1x7EdiLMR8pcHxYYVhfgIJwnkS49wQ2ujn4vQijmWrXkB1n0soxTGHZiZr/J+i -8AzuS/RXwb0XzWD3wUivArIJSG5gF8u/ewfkSQcHrNFD2+O43dApEZQWx6EVPXBA -DDHO1HbvGvN8wvo9SlgN8cL9DlMRcmUp9Y7JYohCq02t8iPwAP11dMUjc6pA6a1G -He4/IB4H4E80Ldwz4L/KiP3LYwc6DoXz7C7XFrYHc/tvQ5Wl99Mk2shxhPmC8t0b -1hrNQFm00kL8ieGJMEi4hcSzG557CK5OKqigUWBb9hF1z/D2hRNt2rF8+6YmkmLq -HJgtyb7I5+u/lrCkiYjiJEJIwHVyaOswaMGX/VFNHXYxsCowslvRKhHGPIFfGzsv -H4LOjGEF7YDr+wb72WYmQ7aMIUTntmxoIlj90WRsZBSzs4WeiIE9zOkAUpq/E13I -fKbxvOSJoNnkQ97sWSq2KkdAa6Cni81c1aVPIBWsfxf0zHoffpHcLEKdGwvR/QOs -79KjkBypahLIqKLSv+/6nUv4cgHryrWV5SGBA2tDU9Kpd9oFIhhRFALnX7iHoY9v -zVIXa+I7LnL7J1vY2r1gybkud/dW5cj8ktBn2cPIKWja7OwdQ0r1XP3agHUng5F+ -fS4KKcqrIJc1u8jBKW2iCZ1blPL1dHnD882IaKbgAimmPPWY2M3V3NYY+U/HCgRn -dPflKeuBx8EVj5RnXJDb9hKyLUHZ7rwWkJl4ebPNKidCbdJTAge5BLQncbOwjytV -M8HdMtk5AzBZ7yPQ9UYrUpBJZZtV4fTY6Anlz5KtUAuQluAAcIMmdSQwL2nuimMt -Q65Ws5gvVx6CA7JVfCgLPt577z7EUNuGPTZ2MVOgsok9KDtkm30QZ7btB6H4eROY -H5qw2z6+m/LXhS7MdlLChbUJYQ3REmfHoiAPt+wiHVCvb+iTkMaWd41F3L9Ku9Kg -4XsNsu1I695Mxgoy0cokJrx75OAML8UMcc3JBSKiT2Tyqa5g4LVitqRzC+Bmywn+ -1LV0FLViAeOa9Znq4oh6YTPnq2obsYgDDWwXLd19T6zZMyIuyqFIKheCUjb8Tkcd -X0Yow6UfByeYxRsEcJ+kOGESjglGHCd1hVP5oaXfopmEHDV6s43o1LDNTO3lE1ft +hvmN7Ox4lz+aEmS3OztRTZEr0VuV5zpVHNy5RJGfyPodyY8ituvU7PsGbgESsd3n +7h0kwWnW8xYkIXGfRPUI/I6ji8JaDsEHAO42rP6FhqL/lF4KiBg3NnydOAO99j8i +MYY2vBsInyxe+VkbanwSAwbQIXoTfgHQf2KMs5HSQ5AHnuyZBC1mEbSiyVtlUU4A +o8HJRHEXQTV+jkfDY8JLK1gE3AhsLXaLrepU2L6ASpgXl4bWc5GpUtVFA7POuIQ+ +Y1V/7gfu6hSXNSY7iW3am9i1eN7fyLcrYTWty/FrnGDO9UBe9XBD6OE1J6ohgz5X +lL9cvSHRq604gmHe4MxN8UHLKVxCP3/xlB8lI/YsfBc3AyqqVjZq1f+fa63D2Xre +rl5xnil6O4mTMnN57RuKInewdTA9cRu0Ex+Ye6ZnA3KMCyXd+UxhayMTx/3XykMu +4QE04te+BN5wEjQ10TbH3s3yYgUjrDQ29Olq/YUFMo0AiZFw9eOlKCCfuD+BBRot +6s4xF6YrUd3bENdqS6QytziTJ4D6h6zUtWkdO9Z28E8hcc4CpPPBwjGMkmwCW2dm +EXkv260cMSPD9HCvG19EvSQoTuhfpO1bLxr1dJJCiU18GfeJOzq9w9mmYRtSluxQ +houae8e+lozcQ1yIIlj5qgHIB0mB9AGB62XIisLpdOeej50pzVkWZ8d8iHynFa5x +78HO2XDf0fAmocHYu/OLSE4FTXXKAidMfo4jHfsvjQbqE+5J89ZcBT1e5vFqUqye +K2iiZacRWrUUVpNMlONyxoX7h8kYyyxf/j4Q6/wIWS5OZGLttvEl3MCN9iNmF2r9 +voM1PopgX2j8GTE+FLRtebmbKZbv0wXGqaJoW6VBoWd7KrLgig1UeYagwnoiUJp4 +TgcJFJoC2Mzaeap2fSph+Zvuh4PMZnWn+k1Xccrn/DPrOSkvZZQErmwNpHh3qonz +hYN4IChtOgviXungpmVMHFWcxQg2zYu5AKO68PXHvYY8LUnS+4GXqGlkcFrY6eV1 +w/tlM0HuvqaLcOk710cVpc6vC0sMtKrf70nRKm0P0SIlxcnVJuk9PenpdrMUttAD +27ey//ZVeGSQ9MZfpDKcvXRmxWUv9VLESF3XeqnwKkLqtXRTs3GYX4xnbHkSjkvy +o2uFNqBedABVSthArwWBCYX10BISsbN4cM0fNoxDtSmr7gOt9bxwNeauATvbKWYx +MZ8c0My2PDz+dN2sTqUV3IyHOGrPxU2R0V9VlyhTqRf7J2E4KpXeso9nJGGMMIcP +f9luT9BGtmAWBS7t3XE0TMTmTuUFHxQC1Yh430yAIXQtHQNYtwEna2u/3R3LkEaJ +HTWWX4oGKbHG+cyiDqN7C2rQ09Rw7+iysqXYJqmpGq/DofmZaE/odDR2DRixW6Gg +8+5PkwTkuQOTFJJxUjK8qBCNIl2luh+2Zg+uXNceQYgAkv6sWwBq8kSdERfNz7t4 ++YwQAipTGiv5wpIYfisXsUZi+lSijfo7j0G55M07lZ7Zr0er9QIEsoYrpW1Z8QTl +/gUw7loYsrQYc0G0XfrmAxez/QSv6J09RPlFTUtIIRpJXcCahmQdDjed8vqSYgqd -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes192 b/tests/data_files/keyfile_2048.aes192 index 7df17ef8c0..cf38018916 100644 --- a/tests/data_files/keyfile_2048.aes192 +++ b/tests/data_files/keyfile_2048.aes192 @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,0FA7D4B72A5225AAD0A49DC257E29504 +DEK-Info: AES-192-CBC,C3122B70EC372C6C99AFF447A1D84E0D -j8E0QV2YwI9uwTQIW+nl+LP6Fe7uTQsalCqvSLGuEy6uBeyjFMwaW7Sovz0BuHIM -ZvuL/KEGJnWg259cK/dxV5PS9ATz7ak/2rkb/rCKxYbPoFjFb0PIPqPhwuD4KCvl -obeT1NQFMeE+yOQW1Fe0hCXwRtGjw8qQVMrfb5sPuvTLSvD31XuzBx8AhYWZWJ4T -ETnVqTYahGFJfwQclHxIRPDiflmPwK0mZKtNZRDk5EA7wUQ+jnB/vKbdrSYcDS7q -et8n13+KjGucYX9rBHRo44AksP4iy7IwmNLdV00zND3jr8lcg39zjZd+5Vgj6mtA -tPZrZ12TFJQ6R5mVwnNTousWvYEY+fCe3xa7hNMzYQ2royLj2Y4cL/r9yrqhwJTp -yqYBIDH7t5xEvwww27vNiMrpWBrJ81O83bsGJDwn1knOjyO48zyZWSvBbCEPmPQX -B26mVBa3Ihp7uWfySnFFTDBc/bo/PBbr7YcQmRtt70jl/h4w1aOyrY3GHNL5j+VP -RKbZHkFbdTcsGIMil8uoWNA9ysra7xGvd0UdqpEffXVmtTrQ8i18FiqW3RsJoD3q -gw6Mm59LNaQJYe4/K/yaVKSJjOZb+a34sQjWjEOFWfDx2Go6/xZiQYRZAu3BFG5E -rs8F0RWAI27KTyVi1Nyv1FB/FVjhhrZHFJ0Na9Pn+EwaQ3UHbgOnAYzrWrMpviF5 -NTGCCXNLezbUFsHoY+Aa4kDD6O9PCYu8QD4uxAA9lrdYzdSFYGMaODpxkbCOyiws -VHm7BdNpFtXDcNpe1pJqo2MwpubR4UJf0Sdb6Vny9wujhHK7mvG4yuPbgcE3JFgO -hwutCwfiuErcCVmDUz83g0cwb+kCaovHFOxLMcf83dIOHPLQ7RlipBRxNFAr/A0z -cE9gJn2mumxX8AznBq+CjXlDe3okJY+gLFPQRurLS7HLkx9HCC5hC1Rtz+ublt4P -MMd4IONQPNAyycgK3v3U2+tYXuDY+Ys61p5AuHtWXc1drGw5oJICW7XJo4qpuzdF -V1iArLM488o1dYUJsA1ZtzaahmjfBBKOSYWmuxkG1VbI66Gr03gvTEM5itrBYBSO -4LMO7v8q7Ee7PATOdfbSzepEWNK3FwxuPIssKLak2FYHQrHMj2n267gUxUqN0Vql -Htz3yqFC+2v9GYX8M0w880SPbIiya3YBoQiNsvvJiQPX7LOyfPeVHQcBAtNiFEqU -zpnHZmTNp8smBNDjnnDG/kvx0AZma3jKJGInRKAm1Hvq/OxcgY3MRFFFmqFHJymT -2/TaxY+uKTHuemDktqkagjNrSkfl/pUkVBM//kSToQipvPPCSY4IrxCEy3evokgD -l8t//cSxZ+gysNSb5BfUVn0OacdCMNX59N+6EZqlemRP12br7EGZI51TtRI9Yrf5 -wTHgAJYHUzdlZFXY7Le9rlAqP9NvAyHeco13usz61hft2VYbzsSLCpr9TNdrWAp5 -STiqgigEDSdadgVmdGPW7wtwo/sBSJqn4t0E3ft21hBnZTrJMtVOjaOZH1vAjbbg -GMAYWVm+kNQlcWZ/5m4d5JEBqAO44uf2DOJFKB6BSqMq4uLRMd2ad36D8yD20EoU +mO7xSSSHQcDBCmn1BCFOKUgXct81dzRa38bPymInB1HugA/j7uvCqW+2W7sU3vFc +Aa6M3eSP1vEI2CtDKhRta3zPDMUQk5eHk/+2CzUN+KO725Xk+e/6vqVzN9iVjidv +g20cdRX8GYUKXdokvPtqmUSmbBxVpdy453uFT3/lIo7C01jHmVu+vc+yM2Uf6mwx +lS/LQ0Z3odgb3S1j1iby8NETi3bud/Va6h9T+t7BGEL8l/tgIuSBvJtMdmxbjbSK +4phRVV6il7wE68idotsVj/FChvnjuXe5E9oskpjw+sBioesfLrX4C/zAE8QwBULH +DcmrBt7LHsjuNEHYDXglyWfTpifCo2D7mS8IxcYH76xasVxEenDYZIcQlcstFQtT +CAR7gmeGxzJOkmOsgXeqiwxSY+Bz6f1P7D+jzuUuOr211DVMhnN+TELPWX3bHbJb +RwFy0ZfKxKKS5V5s82sQLw4RsB5kE/Re8Zkq1ZVIW7QhECDlA0kT+lf2fYX6JpN1 +FgPsgrSWaL0ZRJkz/aZERxbjJeZthsHIqvo5UBccVkgo9fgl0FJTcu4lGz6FPNMS +BhknarG5RzKHjY9q9FRCNrv/KirahCslEspwF7yBTh3oUPJ+61t9tQyqG54vTzje +wcit20iWvgMo+efX0awDmDgEtATsvG/9BmNQE2KPfXYvtZcvNnlUMIEFEpbcG7Kd +nehGyCZE1OsRpVwlDjtBi4GsgbscIswCqMo6496cnEV7NhzpaHpmFsVGoAek7p69 +UEMidOmO0VxnOgAnVO2ldTMzJvkE93YwweSbKIqE6yQN2CTukZ4eOUS7F7ZYa0Nl +De9MgTUuiCQ+ZFucIuzNUMQlkMrqSmaKdDVtr00OBeJgwXnl/5lSRY5Tv0gHnyLv +UFQPPtMB0aD3xzCI3BrlyFSCB8qj0EiLiHTF+f1cZ9rfVHykoTezA27278bCGeqP +2Vso6ZcXLaLawwzGfl7YQBpf3rcy/Vs3x+3b6pVbJ0QVISHon/Wb0GWh4C7ZV/MF +r2k2KveOcL4yWCxeh9UU7VYPjb0B9D5y3XsGwUeQfnYqgpbMincB7vBXId2kS9nP +N2vAnZaI4V8f+GBHmTr2LU6MRI5WYWKFPpY32ysR/Uwa4MfjPefD8C6djzyyrkk6 +UWylB2/NO4JVpwM1NmV81U0yOS8gEwIo779sB72bkdZWItgkuld8GTRU3/aJez5O ++cK4+EOtMALAf+DmFAsI41CXcjjk6mDWp4tZ1GCst0WvRf9sZs4kDbQNMdTih7aN +p+B8fwGlvErmmPl9jHmnISV2QNlbovmpInKD/cERx1RjZrc2uGLTQMIZBgwhqnzY +xj4hv1O3s0lHw+FEJ/xYI4gAJa95gs4eFPAZr/TQ3U7N0MweFI6LMNDJFQpuh7AB +djCTIoVv8EuHXxp+MhqavzO3LGxlB8fFDhFLPGfUhRioCDxExs12MR3qFKqmiA+e +/KntWeHDWcjmJTfhazq3hldUJVy43J7dACCKJ+QXsvvsgW1YswXWQIW5D594hcrq +9AzXl5Qd8kvf+2q+AoT7yZfvQY2YhLI7n0p8sww6+pGUZQd+aEyBsJK/JiW1LqeB -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes256 b/tests/data_files/keyfile_2048.aes256 index c4528af54d..3cadb3b84f 100644 --- a/tests/data_files/keyfile_2048.aes256 +++ b/tests/data_files/keyfile_2048.aes256 @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,511900B2A1B48AA3743724F105949A8C +DEK-Info: AES-256-CBC,5C4224A75B008756921BA509FCC77A53 -1bvPjaxx3owwhwO2763Zv8MDBgVZfK2hF+5pujHKuw3YH/Qntpnml3nqkSV0gLAM -vqxc6u2HRZFp0PhEEgeFP5UWhLS0F+lTByVzHThe+e/ihgvzZUFyto0SqqBz7hui -9BIpTGiGMckW7+AwzE3PgBERus7vTYxlnkvXjyUGsDCgfiqsfyU8I7q1s+3Tk8D7 -dCCHjo78bQ7uQ20htuje3bZqC4/AySd2k9UcyQ8QhdqCIgV6NjrT6iEFdkcwBPoh -9ZcbK6KWxG4zoKOmVtwrMfjEDKKoE1pJw01qE5mOcUJ+iEiLmNrZxQkSytu5A67d -yy34rEXs7MI7woh/TVW+rXlQcWhMlRSmsU3VymT7ghbXJQxc6NBTkvolCpz/tYdQ -0qr0V8khTQXWj71knrVdwe/NSaKX5GHJHs7Fp+V2L20uDgTc64x6JlLB9zpa+PJp -1LslcakIUsC/MXNonm7xZi0m3YoVQzXvMxAVY5PwMYzEm01olpxCakZo6LY5EjUs -bZElTHPey4RckyZmHwAzDLH6wcVFYdjhMWS/cHmJm6/j8jIRnFMpICknRAJgvfRf -zIm+WPZ6dUF2twRbbCuC6s4NxoKWTNRmzSRaxVt9CjLxOvuO41wJZ2aa7j+krlS0 -4SZo6Faay2OATt0eHhPciA2JlGUUyocIbMIxw4Lw8esTz8LU4xQIOUdR7hO/biv2 -Fdceg9iNajXem3pUF1vrkpYEJKaaIzyW4STaquF66XymP9qFwsMA09bv68qpJhA4 -Tg2Oo+3mWXhPv7zOj9dgmRjDMN5A6UBOjIS+bBkqBvEYB3X4h/YFJvHiwZh5YQDS -y0fObDaAl1lAFRDlUQgj1RhdGFzb7EKGi76L1AJ0ifYKgo29UTGZZ6G6OoMH/dNC -UdXmKuv3/zBDaJMY6to34D9qnYZvqzyyFMJjDQ6U+SVmxr0+Mc7yKMRp/pNFKVH1 -1jXg9KgpyE5YSFkNy5jNDMOkKpYE5AxCtw0ZL6YqElWIYESBEp8bwiK8TLiihZIM -cNehQUEeIXtlbp+jdJdF7Fv6NlQqi4LYW+z1ismkRGqRMFpatCWDZgTE3N/WtenZ -fNgG81hdHtGjGu8u4ZaWiGICZeEHLDHHnnJInPv0vubHfq6QpZXCf6wglgWcCAOo -iSC+wPkMxSvYv2NPrXSKObwgTidtFxP6Rif3Tw1K0NbQMXwiwlFlYJzSoScWFXVc -Y0jwHQYetW0d3s8pdRlfiMuH9WcuyBKTPdRp2qJbDvMPhIkyCfxlon1Y6HudM/LH -TgtDvoocD+Hz4eAGjtlSPALEKFAw9jk7PTh5n5Xi8PQOD9BtmVfKrGodCEVvsuWS -2D4fIBJrRn1gx2S/myv9NHdY27RhM+aE0ec+hUyIUbtX8nCtwYiD3aM+1pLqpbBt -uanVuLMGzxibRDHXgw9gaPMZU/9Abl6jKP73kSSybCUsLQaqlmiaXWrt6Kb7Lz9Q -GKECXwTRYRWKm3Pr8aLiP0sNCx0mpYbrNB91QGYzMxIKyqTh9ccMmYbWCgpW9xr1 -0ycuyY2KZO1iZZZvX7aBC0HiXpmoeBVIwCEx5VnQRa+53kmPrvgmAD4UxOZLH/wg +nw3Mep+219ueQNBL7RhkmesgREtMPl3yohuuqHupVs6uPaYWAheiV5rcm+EZiLlO +ddAv1DSTCLjB8Xuo0Y5DjNTr33C+2WGrq3yrCKq0xSMkHMmA84fclskk/YYHkFKe +oRNng+Zv+S87IflFUw4M8GRi2a6A9vUj9699rvXTlNkzj2iOPJqckBX/qRnSwa3F +5lCe0A/PgZ4spbp+FgYnKv3VKFjkNR/eE34K/F+H02CVyzUKZsWnrmMIkoLn9Z9J +Z9EagIWMNgGVWpMEbnnG0vgv361ZTGkAqW8o0WRY/Ptr5MWVdyaLogopGF8HPbMT +CIztgQ+IpOwpTREeIK12UqEi7sPISsFHdeayTFwKZEjKPOXHe3tqze7riGAvNONI +wUe1JNAjSH9wyRSvnOjafUG96KWOeNwHB3EpZeZ3Rf9KPsLklXo4Bdh2rqpsiIrD +WpKjVtzdTh5Nd2ce2RYGjqmwKQLVpf91RHEyyHOBHCMsQ8NzaH1YA13RXQTg5sXQ +PHn57cQv2Z2RgBCEFgNTvYu0F8HHq7b6phb4CBenBOGpGMFD5QzWO0yTLDsZI01h +oVZbBALfhBboe0NauJyR86GRtZYdq66mfrp4En8ugzB4ifm5K0TLSmAox9pxKgKy ++93XfEMZ8Z8VpOprOIQEqMVRE901fVzrRrf2QjoGhdWoopAxofDIo/C5JvhkxSB/ +pfm3G0wqjsEZhA0sDbCuAGVpUQmrgEc0Wlm96fOtb3e7Ya0x0vdIHDvtxvrYrSjp +iTdhYq0DRzMOBnppVqdQWZRSrNJh0rcRMO0VMYLc7FBUdW4siX7M8WpwPM9yNnET +2hOOPv8eZdm9zq2A3rrrd0OU/BRtT7aFAW3ZdE4isKL/4Ky3KKYyOHnM4g+GeA/L +RHWlvnLAIo3JoetFwB1VnH2y6PTBkND27vFn3YUrkYerIk9Bp5uNfhfhieDaXNy6 +hnUnit0Q4VrobXSLvNt6Hm+cAWlYa2d2EQ1pyUl1RMrvj8l2ad3NFVNdBEN680v2 +yvP+OBTkhDe5XvVskpUbXMyhWoY5lOJWMsDdXg48vffJmwM+eSsmEzocFPmjElYt +39NRsBJ4p1AbdpqS6HiV6ErjUh6qKANnsNwZEF98pGTR3XfsoZWlgqlKTZH+5OuL +N+o7218DxiTcFuy8/tx9zsoZHymQFxWLUVeWQNKoZEf12nVusvHlLKSppeHHG6ab +3AxZ2NICNmELYnT0LxeeQL88b+IAMGEkp1gKY5UE7b71/hu4YaIKV9YUPe48fcnn +tY8gioAQOfhX2yywBQrRopgkw/H7ehh+dC8J56gDQg74aY092dgTQbPcvG6RMZnh +n5B9GpJSrr8xwRczfIvm/aLoL/fQAu1EmfW3IAcTZ9sfsMSg7OGNmgSp8OqvZIlI +2qxn1Lgo7Px0bKsw6aBBbrB3J6Mi8NWumj6ToX9wNFr2i3qldKKOQ9pGiqgewqYi +3lH5Cx7BDwLQOyTo+JMfi9pcUCfXDd8N6t6eD1sAU4FFo/9hVtX36MNKn/nC0Vzc +GxufVFCtKOFvqwkegRDh0izD4VrXiE4+URxis+ux56x0G9l/3c4ACYxB9Wrwi3Vv -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.des b/tests/data_files/keyfile_2048.des index 048fe79739..98b3766242 100644 --- a/tests/data_files/keyfile_2048.des +++ b/tests/data_files/keyfile_2048.des @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,4796A5CA4097FA2D +DEK-Info: DES-CBC,21F054678F8CF188 -Od7a7T2LoN2Hf00FTfCe+ZMu28YxdKLYKE5WF8YFC9FxwcO3mYPo7ROHZNG3sxvC -Er0NpOKSOg4Ni4QQKLCfiTljV07dK6Cy/fi20a74x73Vs/AC241uNlDBr6/R2Aht -nQqQxi15mjvofHPFtfG2wxhAMVd1j+hYKjrV67+X7x2GHxthRZu0vy0wC4HJSZWT -1SigoP6Lh6lbuaGdE2qvgqycD8NYLPEvYEyVr9FnnXg2W8wtSA2x8XqpHc1szwjO -XCSS2NFkkwMU7sVEzhz8wufbiG7aTFgQ4BNY6CN2u4sbfpWVH06vITPjVXeSdqbh -qD6jXSJbUyk7uBcRV8XUxuiOzzLQX7ijn9Hid2pX+TQhkKNYUZv1L8MrffYln2+L -txRYlOn0zl9T84amHwbwvRDjbrO0Kby3kbquGsL6EpHcq5HSSrPzqGjJeYOF5Ym5 -/xO52cz1YGU340eEJ1K1liW17pym6hy8hiD3xO/H0d2CLktp1aPKMX/HBkn4i7dG -8JmPySxMCBn3/vTps+4+tL8M63cNOOF0eb5RwhgX3hRk/bne1zvLLsZokGR4Z0Kj -Ru14fX2OZSpzzSthrcFWVygo3jlDzNzQfmf7s8s9XXH3lKQp1yNIYORqIyyNWGab -CRWoBNCpMcQqD3vCoi+NxbbA/tBc/TQTi5S3a1KNALqg+O+GoSM10qXFSyI55Nlx -EOmsNpS2T18E5eFjiQwuj5j6/qzMUDqFrt8P+QKAFDedJK0VCohIbALF7tiN0QR0 -EUfx2D5emuO+oMF1pa0XXy1EiG137dscOYxkcLemAkb49kv7dH4rAmU/pBW8GpwN -q3EVxN/0kCrS9UGU2w0FJxQy8nmkM2spnkUI0vMbDH1YWFi3hZE3oNs9VdIImXYo -IZ4nvkFJ3DRZxtV69CJGPwvypKG7v/BoHJNsupGBnsDhIN7gePKz7LOV+ucCg+yL -ZC+s6iN8CdvEBzmZvE0IdcGZEPKvTlbm94+uOVm7Vs5akbdbcHjUi7eeiOyYgC22 -0ACV2bKFcKbD6aDV+963luMfJxyLi/G8qUmjD4PRHxwg2C10NHmgD0fqA8V9urqZ -OY7KY5UZ+PQKN5YyJUKWEFLT+uMoH/q7ChwwSZbxUhaN+QTskr4eVIP8n9XWGyNo -VHlLx3tBjrFnkLwnlaTtXxcGGBQt7x+et8Imlgut9f7/w/2GKYSVtxuvLWNjfkWl -0+QIntSyRDHI3eVss+KXSYLyp4UafktHdSi0mIx+Ia3dpPt1ZPLo1IB7xebGCBx+ -9pPVhzfAIVx4B8KME8hcsR+WDUB46KoBpzMQCrmDfU1jdr1YmEXUZFk6m5aiGXsA -hm+VFGxx8m/eZUexvOo7JJ0A4zpQahUuaCpqmYQ9eulUCG59T6t/4mZoHrRfrVvs -qDfHQOgCqHwACgPn4qcn8uLym3L5TqY0o7yjhRHsCPUg8nN3Kox7Wv6xEDfLLFuM -vvNsqWvqyrPPUPV8FQKFZd4DquElvJg/YL0elZ4WvrxKs7qv7+iEGUNQQe+nRxJW -O9hCWxvg0Sbq5+i4P8qmBS64auGeTqM2NouuXBBv82dPZgx9ZFzBDw== +dEvko+lzz29yp8Y2vCjX4YJjBk4c+2XGn8M5DZeMnL7/X/3EdRtMwoJnHcJMoxbN +Jy3Of6J1bYM61UQ1Bwr3vjFvOMrnHcPWHi7W0Imje8oS0aKV8UlJermDWEKULjPi +j7k2N1XnAzPmdrt1TjRwi2+T2KtFK9qAJ1Sjcjva+HecKMeVHXPO7upK04GyN2aH +30dmzhG9P+/kek2vaZ/8PrV5A4fBoN86vt3zRtxk5cV4XbLkjL21gSicSl+OMcqG +lI+6acn3jeal+y/zl1skowmIHjV8JQvRkDXFlyDncnvy7iJa2CHk2VPfRRAJACXN +3r6ZfDvIjI7eTl3blPUZ90GhopvVyPr5SuT/I4sXR349tn/PmuSPM5Erw/8zdQDW +GSVI7S0FP9WNZq76ioyQyc+ZarKatOiuq+F9LyBU6Yjv35f9+efZ+e9tDqtyaHkU +cWMbVC+oAnSrohQR8XxLWiL8Hu77E9y/0tDP2GTmrKYVTnIe7/mSN8C4gi58lhFy +vMLda2yi8VncSb7oPUl3MAKNq8w1y105JqHD+nWLQxc70kMwaW8/UQPgawpUbLCs +7cr9LhQmqmjiHxioMtg3wgzfSP+iewQhtigWxfVQyXwnPVpzyqAroHmIA9aM36Mu +TodpMeM8B6hiv0g88qKBjwRhCo/XSEyowZbMx4R5GWvHXJ6bIeh39xV/FXB+tj24 +5HsK82ZKC1gfdmy73/PFjdX3jpeAZ80BqZEaE7q1RD9HJPmArdBY3qF1wYA8leBF +IDgx8LqlxzQld/ZEFzTLZBK3fdlnKx3p9b2QmyBxz3ULsPHChQyvP1Jc9jULRQbF +GUMPOCgtIfbtcH/DwsXh8Y252/tn5SI6u5pDkPtr+KIeJAv/AUzI7mqeIAw3pDpJ +KehaOsXkrt202nQ5jt8zwSJxL6ZMxJFSPIjRqsBIXvsiMd0a7vsBkmYnDyKB2bGJ +LQ7ik9z6OdemGygYUTTjh0GuRf66VWtvOt6cSJPobRMLFSttW7qJBrcVRRWyT/ZT +PyrIsoGvgahbSLE9EPlqDbFHoAWGK+gmXjypBBcJNkCU4EzUNYylCFPqAcz3+klq +Kaq4OK02qAoYk8dHwAHgljO2UlJBDibwT+Kxg9jiAhBIMBoJLGubLjUEpAeevi0p +Ct632gh0lpxhIp/pBKTBYDaZQiNB2zW8gvK7CS5WJiP0J2OustmQvBLjW+vVmeqj +9125snRxKCCkx3xZyv4IOVF0l5Go7NCGi6P3hD5EsYQyBB3sQJtOIue0tr1vBL9/ ++eiZ2T1NTfSFUmHGsvEq9ikqL+tequRkX770l36+58w4080x+VM/8BNcFgZ5FP1m +/tUo8Bq+bCu2Of/JBllHNXrHXVsUJs/vSvAcibuAzHTTHoC1AainO/M9OKy5GxLB +KaTjliduSDvhUgW8g1lI1ipN3r+ddA1LuhsBIUBPuD1TvzXTgh9FhxbFNlRPQB2b +Sw1OU1lXtu6ExKH+Qwk0/rYXQ3Qv0118MoB9X/uGAzEcaZAIrwdh8XGeTMIKk+Y6 +e5VgSSbtOFiaVe/PcbX4ADucy1Ai1iEMP97YgmiG2z3zW6gPTeuO55TllV9jN+1V -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096 b/tests/data_files/keyfile_4096 index 4999077aea..d9d3cf4975 100644 --- a/tests/data_files/keyfile_4096 +++ b/tests/data_files/keyfile_4096 @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEAkfkL9r8wEbm5rrsc9TwDi0lUaf6MPgYt+31JveSBl3EAX2HB -DlQLXSYHtFpj1p8Qi6peXf4U20+o6+MefB35J9eN75cpl4F0UY1zoXT3juF3T4f7 -/lGiHLevqxvEt2acK9/9YQYBV5iydDiPWUpOCTgMSsU1j9YklcSC7U+oVgTWXVla -80P53fw9yPHknM6uVXzgeI2A3/FaF4WF5n2eEZTLMRfxT2C73ySgZN5kWgaMjJvP -x/q5QJ+cLH9m/Z/xm8fDSWHrB125iAnLYOFNLkYIpLg/Tc62gZLzFyQQj96lIkqj -p+hoLrf0oRTKwkicOiIug0OP+CLrX4AxxZ1eHF9DMFgMMS3ymQvLl732DMyyJfyV -tXgeb8AKBuPAg9GNbDfZktJ9Azna5FjOeqngu/5Svfemd2gSLVLwiDGjm19euhG9 -01k85Haos2NjfvQZv8R6H6df6lGkch4tFMbeSaP0OEIukJU3agGRq4r9CrdbtoKh -7s+cewsbQf7xIkRGdovV389MotB3CO8wzamrJ1DRcmuFIhe64r0DhUZ8IUv8UAHc -ZmZ/uZ+EZeQOdz04LmcBV1WUqllU0jLTmKUk3X4dJ9E1/VDFbGmvstshdVOtDAHD -xI7hRLYtDYPYqpvIEuRQHTvDqtKzeVP5wU6Fqrsq8nvP0m8Vs72mmWA7JgECAwEA -AQKCAgEAgrsvEc9sd5OETo7ZgnA7JFWKOlt0sl/Kcr9keaLaxQy5LrNXuUNf4g6b -O9TwMVjH8q2kUj2p5DhVqtz/gl09tYcBYSBaaYvQ5vDuLB2bUOVwe1PoRX5K17lS -pMX7yd0l5M14GZrNPOxOdnPpPiij9vGxYI16SNWacl9Kesqqkk9GxNev8spgT4UG -uJ6bBiy8SWfLiWwBjY6UBxjYMPMzy78cs10kCtkxqMketPfPnCjdW1h4IDvWCaBo -uBlp3Z+PPNsNdP0zBqfT75gGA0AEZXrnZs50M3T8UtOOzpzIEHFwJ2P9afVkyOKL -PnBmntV0xUOzsG+j0rFDZ4ZiDP/BNfd3d3G3wDSYuUcg2XZe5VvdGOFkUAa4zk/z -6DI9nB6aEfq06GA9emaroTxNEED36dhnr82rV5bqS3RaI0sdPDOG7UGsxGItsdft -7L7/rzfMgI5wOyhNdOgeF4rdGtzADaRXMC1JblON1n/G9tbRJIVeELWPwSb62aQJ -rVYNafJjUWejpWMVd8NSBeC2s/cmhhNnF3ZUjHRh4fRx4jfTcPuuYi8ccwULDp9m -lbryYyclm1eUHmi8Lh1A2j0yZf1OTAaEQPQ62HBdlOnM+mgSPYI0w3oW68BOp5qQ -AuHmOfeCFql+exzruexKhzFxFmYadORkedVmh7KhE4EO4Ls6A/kCggEBAPXMNYgG -EfsWdp/IlnUg9Jf73VzPcG3feOg917sbzqKfgTY/VRtyhiJh4NLebXTZE1v0j3sr -rGQXtRXkvvgKtkDZmMB24aINf78RlxKUFFAHHQzpH1eNdxscOaYwc49R1SNZvyyh -+vzJHT6l5Y++gnsKzfdyFSZjF6pWSuupYMqHp+jXnrIvT6Ew0md0SM8I1Lt4vWG6 -PpJzhVWJ+EZSkzs1oApL7mAq5nIaxRc9VGRzFMi3p9VKJWcgLIyCTQcRd8uTsiYh -X4Qp2s4z8l5WSxLoHxzMMrSBc+j6yIC/rBcbdsfXQuaDG4RSB5UdbHd1suE1rDvG -3iRKyztVGpug7RMCggEBAJgIHwjwCPhthBipMm84v+o9clGk7GPofsp1d1V9gQs0 -/f5IqCsERCVcI+4il2inM+Gl6WAFAbwv2GrwzEgIJ15gstgaWdTnnmfGIDGG5A++ -nLPhvHyNUDek8pU5ZZX0uM2pHfNkCmLcZS3p2gCMTW4j9RSgtT9FpntVpGyRWn1/ -4Px0Lc5bke+c/HuXVnJ8TS8dOEgMzn5eVx8/UgqvGo5/bZXsNdOWjkVRUgFfrn+m -er7+VaO/lMFKWAoA7FyAjb37B4blxRVTAySCDtE7QFsNE4+HvSiMxoL2qpOpm696 -kp9Hw8TIkYEc5BA2S2e09pvnaYk61mbBfsz2DzcS5xsCggEBAOfCbs8c+iNIIP20 -ArnaIwaTQzvZlGblCXnhpeIU7BdGUm019id1KqiMpZHujEJa0/gmdotquJeACwzj -rHTwlLw879y5uzIzjDo6ebnYyfZTXr7nqNfC2YVEbc8XbD68qD02yB1rdd6YOuzx -O6z3sswVefNRLEQPtyazSt09zbfphRb1B/t2xJx2Dk3hxS0BZKSHyfm1xH4OUrA+ -8UxNW+m+PHK4+cDPco4wU5oAB+zW3cgL80IXMYE1QwwRaFO70rqvPpDZctiJJni7 -XlI5B3yCRaO/nie4z/PjUt6i277F9I+llr0G7hErz154aeeRoOLc2tNaRebuZwZA -zl/jsuUCggEAQ4r4HsRld9lP4pTo7zjLKon6DAO1cf2Mtu3RAo4rkosMfLhS3imb -DO4OmHGNytTd29YWBK60wqKPB5PLbgURWICldBTg7BGq8ne3Pcmr8MLCY7haQQuX -I+GIVHuXgjOjFtuXjtZXNuyrluZaD/xFOjWHYI61d1K+T/UQg5tgFHmHvyDuaMuN -3mJkWZQ2t845jEDzDC+EXegT1LIRBOYeakh6qyyyDTrKIkmqoSmdIOEZj1j3OzSW -Jfmde3RFjiMe1dR815WlJYAn2UReyN4GDW2VzyKDC0zftLdZuRiVLjTKhzEe7IIf -ArmPKRS2E3D2TvVUkb8uGaDFcNGwmMsxGQKCAQEAvALBprORw97j7qcPnMIO5/sD -jx+oglAWI4EkeOzvB7r5TiJrirPkjoBOk9W97WNUQ3vOYSuKJ1wJhMM8n3gVwdjP -LXcfeP2p+TSeARCQ3r54+OqSuwElOsyhT1GzZ+GvyRD9kOOBpU3zVCfsyGz8X2Tf -U5W70nCUrFgaZa6uwmUsOrnxmusN429PUHwsj8QbfrobaZI7n/bH+J6zG9wc54OQ -s2XMK1XOXkS1WYEf6PHsXux8ogYhBT/W52JQ05Wl7AJz/Kc5U1/NBGiQfN6PbA5s -9wYPwUpKPn/iisfFAyxPUZGdpXQVI0wdFN/834Nf4te6INzSsCRMqYX+QGuSTw== +MIIJKQIBAAKCAgEAt3PBJGlHt6w57Vr0TIEI0G27iIJLe1tl1ATc4+K43/RlH3fE +a4OE2TxPBKQ6Mcy5b4MkB+EnI5V3JqrkoJR+B709+utMzv+vLVZHR5CZR9eGsgp9 +jC39qX1GcoWhVF9TjNzrsvFNmdVuwGfnxanvVbUunyR/CyF41DzHpUAPirH9a4Z7 +dH5lAWrBpPxsvCVTObdsTgEiQBsOKPFXE5i0x67zYCkAuO0OAW9dD0b0B3tjJVhk +5iHV0eNBFcvx+6El2RK5zM4UcL9LD6epmV+nwBVfxMSrniuu0cjvi075thDRR2GY +vYMmM8PXCvVVrsejvzUNEu1ANXjwn+uYrdqag+4vmdoDDHGfR2objA9Lr0XQuyul +JqzPT0zZYbY6Vb2TWWhc0jvdwXU767nTw/4z9jHSPkyF20x2tOv3tpEcMTxFn8G7 +ZjPAWMqf/OmJm3j3vVAkmjKzsC3wdJkEWz31HwAdfX/QCrMs2mP+ISRxfCZi9RiP +btc27/nm9FhQrns5wyfUlK4ZzqOEuHCgoAd1eyBR1ejPg8ppm0aUBRcqw5xVUWN5 +pRSlbZdOMugYi7lp9tOaUEvv8O2lSXtGbSQaquZ3cFz1B3pgoebqxkV9gnJnI6La +eCYWB6C0RkosfEFqBTIb+IWosrN8/a83iHacVSEosmq9TGDXUHiUJVhldDECAwEA +AQKCAgEAsy2B9ZhGjeTPZz6w4ZAeFcU3p2rrYn6whFaDkKi+vS6tHgESfZglRzAa +VYQ5uq4kaAAETxXf7mdryv6a8yRVvCVfxhXQHVWpuXRNhl5696pQStDoMuQwnzxW +dECEhC3fIvQb2djJXHkUBST3QR5rPqEJ+jHhS/PTWihLLuHUzDhwNndRWUSiTrIA +lK5fXZxvHy5BwCZnV4mVWPPvgpph566+0qr5o6UVSt2EXQmGC1C+U5l0Yzmk5604 +wptBq+2HU+9wPdMCL+UG4TF2+vBsnbXCpiMZJBGyXAAPx1bJmsPuQ/PVBTR1OZYM +EQ3yNBWVn4mnTVcgoZmQHAI2S4f55T2ckwYTMqQGwGiRIVK/x5Z/cXDEmevmpqLb +8U9atXX+WSmu2B08T+DPPT8SvYAkAdHPXltVrGIyZs8a+R8L6YoRboVjKys8AItA +wvOzzf1qJJ3irXwBVEiSwqDhwmHFKbX42njfsBS1tpCARgNBrwZdhWj+z+g61sli +kikLrenGCc0AURtO+2SIuxUVhmJiazsBYuZfC49eQ77ATLwc0YliPbni16NnwRn9 +eBFo+FG4wc6eAIpIipO/nSIUNUTd6kHZKsL+eHLx2lKD8J02GbifcGkaY3IVNfPJ +2WGmlHy6vh/o9KM1o6jyrwSNRNgOQTi2j5/TeOKmxZE24OIZ9AECggEBAOd5c5xw +NV7vO/3Qmr8T8dagPiyIqjCt15420OsFo+Fd6laU/i3jDVG5fGp+b0I67IBlNIji +FpycORAajQZkUAgd9bRCm37SZ9yi0f9k94MK6sCLzAoDaQ5gHPSPRoUc7YGM+AFC +Ls+vyXcrQLb2Hxwt9H+TIo/cw67rSZThy1zIsLf7Aganq0pTG7+yMhcq/quUoJkv +ssBiftip4butkCk8aHhWRNkicKx+h8D5fRjpmDC3JEFTlleHKhUCTZ29Y5CdGR8e +c52w3GyJbiuWTv0Tc3Kp3OvHu6Mui+iZHpEUwmbm+kBewBwCSm148ViW3P4LZZjt +CYC4gyvXu9ftORECggEBAMrjvV3Gkrwah74IqE0eKJvFM4b0MZ1UzSSM30/z+T8I +t1qiF07KnmTET/IPWP58AGY1fHSanGG5/ScRrFRQjKxK0w0KiOpZMn+VwD/aziQk +LoW+yTBhUCFZ9DxBjlIoivjMlx3fYun35dfMtzAf66xjNDo7QKT1aKBngADtnZR4 +sEObu+3bxldD/qcO+HIC8FoqLwBAvmJqJ7YmsNJWFqc99q8Qt3taJPGp8jv0M283 +gs0W7WTjaUuBKus9bkjE7hH8XXKsSlkO1ufl6TGj+9kdW0mPB4dpQq8MJHJTP1gk +VEKsCVUPsHKcl0/u4ZSRAqfYubaIjLIIa6rEe4LXiSECggEAK5okHe7BDu3vlgMK +cz3Vi0FKFOd1b4//kqzus6avVQ90yfRs4MXpR2CyP/krCgXBcPofaD12Vu/Si+cE +c5THwo+qLddyJPSLXfNJrVseiI+w4q4ytBwqWOvf6G1oskBduM6OFOabnMGXKJx8 +Jzq7Z3p8mN9lXkYOkk99386cmRCwwSdGHWzOBkUbcAOoDdcqe7WWfuSOPlEPZc6y +V8D869eWMjzF4UTshoGbHs2gM+YkpeCJssiFBF3Qnn59kl4PeDkvdz4sNyMOkl9c +4lcA8AkO8SVwGPXZsYZeEmVtbZTEfc+6ig+PDneb/30NsUtRu4T4EVNtO9MF2mdb +2fO0kQKCAQBd09xrVb3eR9amx5Itt9jH0Pb3Xk7jl6gXUx6i9w05XWqN+5AT3BhM +OY1PQFHDvszgd7PKqQXRHBY6zy2HAIlN1Hyt90VCO2XjIvn5jdLvW9w39fdM7HQG +OHd+tkJ/NEiwrszj/77avM4Kcp31H4359xbcJzLKFsQACl1kEH9jfjzlx0utwImF +KejGkWHMOBe3WvLJhyeEk9sxncsAOtfXGAzRAUYZQaL8L7/agiCXOnC/L+8xTQoQ +5PdYOtyZwpjmsHL26T6o2PgB3o1ta4y4556j8gVlVgSEt3TTejQ9Ku/ctXrLX6oW +FtzTFoI0FqvHu66G/7cxTjuciakk5VCBAoIBAQDe9ZvhmCpCaRmFOULVGqb711Qj +cyM/ns+5qaNx4WuOJW6tspCeKy3ngUFHWnkfutKQTnD1TmYe/HISkiIa4w10ejSG +AjX4JQsWQbYJcUaUrFgUm5oCPM9pmWQwJnjmt1lHEggx+DqyD6kgPrUlSzmJHUTS +8KSaMCBXdkcHZDmy1N1QNIUGzmTv8QaJzb2+wFhf0A8vuDnqG/2/MlBUJwJE0fGe +v/1EABZzkJgjnNmtIDi8GuEbbVFms0iyIaWc1bUwiKbSs3KIWu3BYYeBu+5a8wfA +A4LkwhigbAn2hAwHwKjngT18EMf+A6EpElXI4lpQaauYTlerNfR+nDw9SgJP -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.3des b/tests/data_files/keyfile_4096.3des index d608730f80..6097b42a7c 100644 --- a/tests/data_files/keyfile_4096.3des +++ b/tests/data_files/keyfile_4096.3des @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,C49557C4D4A4968E +DEK-Info: DES-EDE3-CBC,2204E2DEE853E8F8 -qlXFWXp6OLjn/F8uMYgmMhV5UpDsFidTPbRpXs2Jlj289804AWCqfPr8AKCNVjoU -KuzdyuHnIUh7/Z0HfwnSncod9FD/vOUrg0j1mX3nQrM1IppNRClU8DnBIMi35ZQY -ObT5dyuTIxfxmAFMMrPMpoJs0Jfq1Wuqer4Z3OdU5sL9wTxvGl7aMVlrjN7NJiaH -j2LD3/z73dl3Whcrib6Z0ZI+GwFZHhgNHsx2c7DdlNPXAlW2fdLiwUHd4Li5sbAE -B6lV2qmvgO634KmpXka7AWAMMLEHGNArN1SIi+Ll9pcec+tJclysnFvgSAnjtt2n -eaqBWXneaJrKH3MM7fpeYKM6lCxsZaxWBxOCSM9XvFgi9QO587FrjZcak3JkxVpo -nISJlgYTMEmUpbmqfG3xHQa9uLd2HVIHw8FZkH25p3Uu86Tf5uuMSn91kU9+uvl3 -xq3JOAG+KqRl4AI1BhCuJeWv0cgRw7eNMj2He3qZ0+rFnqSpvgKB9gVVsSjAMl5c -g0WDcmiaTlF9e9or5HJCSOoGc5kkTHD412CNDHolYXGSiUOeWXvt1VFJJ4aJ0Lmo -WWgCcWllUuSabs8RCzEuuBAVEitJjUcUcG6FizXo+T92Mrw98PLFhut/UbOOYIIY -AbTL0ponOUMHCdkgPTOTXyEbL/Um6dAzCixf/WL2bJ4RcVML7yk7dVuwdgdnru9j -zxOoatuFkjvbGOG+7I8y+Qqv5qUAR235VwDiXVMyNJhFIk21Z5Qyo563R1t0kEI7 -SkuSNM+3mlx6TAgX6R0L0LwH+mS0PwFPeh3TA4hOtkEExexhsH8ks7lkJ7V1JEgQ -js+2r/ePzXpdNwrhUotUbbWz1khj9gGQ+9OV3vByJ2UFTgEgTqAwGwSrGJfQerdS -uAlbsEDSMCiP7zb3cGdXQLY7ztBJTksWPj9OJEy+LY2qD9Kc8/4ftrUZnumChvfw -9HClkFAN7CpkWUl/31KPGFayjU2wuhXI3Duo23+GOMLnaJ/uH3lc0bEWVQpJEc8g -NwpIZEHWSBARsOzmuP0xZs2URvHUpFxkQaoLBk3k2q3pqEBj3q0ApqAE0rb7jIFI -1n0FCLmPBMQob4BWgbhr5ow41dbtZaxjtkbIOp0129Xmwf+i1V2huwJM6AUPDWiM -eMPya1/uAX9x9d4mRSe44GBulSTYwf7eDZCB9dgABI2F4HbjePD/qFYQEoshAhpe -YXuL5EDwIgRzkS36tTcUuRzewcoSz8D/SUrsjfxzK+JEExqBSJm6rmS32hW8XmQb -Li9bT648+FAIu0wId9veTPkwVgIFUz7QKjUOd1WHIbU6OkWpuKE6woQ7BoQy6tRa -pdOAIhBfmEGL/qV6agqNcqgF6qxf+2R8sp/58EFjXgeY1nY7ZINGLqfWP158ZswX -P7JfkJ7kg3UNBG/mbM07hFALKTaGHjjQtY1xRz9FWA2fPzxbfv5hIwb/EQ2CchwV -zEVhpl3khkepiE4tGY4FEYmhOoh+5wJ03Ay4vkVRo7OnJaHMFOjQVo7Jwi8jtu89 -lKf5kSnvdbhhDVo0Gb5rbyAOQprCFdhj4Ko8MzBH+NCtPRXv8Jk2N5Zc32Q3+7Io -0lUH8SunlYu2ykOmTo/IRCqVDiv4gvCeUNrjthsr0yVgfkYZw9ud+BTaX96O2uXC -cjnSws5XrgeetKS5VV8Ogo/X4dTeSlau9UlN28R+hKmTU78Ncrs+lAQo2hSYQKMF -AL2MS1f4y32SVXeZrLgU2Meg9vF27eIQRaD7UR27GU+pwCL5IoOyNeUYz4Ci9UUA -YmNR/kuVQWk5E0qBVELTX/fOCCBoFbtak2ufWTu95WXPendiYQ7R3pmX0ZiVf7CU -0+QkwBqIT1kFDKsidTqfFYTkM8vX0GrI1AGv+xqzMualIAI5Kx+NNJuwzoZu0cZp -Vgk59ve6idtMJSql5IvdI6zFKmSZ8lSbLnoQnUv2Uc0s3vZrj5C0UO7hRVMT1FHa -avZEKzGWDfRAvbMPnsT0iuACJF9thU5rm2uzdr2ln/9U6BmrJgJeqD0txP+ikToy -MeIK6ZnV+fUejCy/qWqrNSji1mnLcU0vSV4HzlHAa/gYyAAHOOlV1fosgewmpm8p -I7SxZ5C7s5mBmLc7Ueam0i72nCGRsxK9+w0VHj9JcfH8oFKnjb9dyAOcLnXvYE5q -zURrLXmAfPaZbIx2z6d97gtkupOICzr45cLVCgAiU2rkQQr0TicIzG3GSpX4J6pG -8vMfBTH5AJ2M6B4Ni/QXc8U28NcTCMjbDKQ9lDO2MCCSMzdbU9PW07Rtym1ph+Tl -o1EV/67kxtrOUV1YTnt7WWty8NFUEMDi/TdTBERQyz0YhRHdDzo8dk/s7b+eIvJc -qdft8UM+ElZ02Pe2Fb/0sEJGO4yL8PQEhCwar7b/QIlM6PDXVgd6tLh13WajoGUU -C5OGC7WIYgzL09pOW9vPqV/LCBQUEQ/StRNrXS9TGuXHFmkmS/VeWOY3FdugI4mY -B4/Ws+3b9xZ7eXa7h/B/2AazjKqjZ2U84yRnbmyK56bMDSB03Y4HtpDApx4bLCad -UE5nObIUx8pUc55A71HYfmPqmK1bRsThsEZkjKsAEGaiflhkFLu8nVlphvFkGE3P -GerttzRweOHdEtnxkVdr2GHqzedj9X/gwzKWBPl5Ngm1lFR+q7mS9u90bAbfFpTk -oiQc00QnmAmMFanMs4ncb/6DQZ57LLprPaH+rstIIKW7BbhlmjoyWHrgn7kVn93L -ip67aX3xgE5HBxVmfUvAd6CxAoSGQBmurYk5lVe71ePLB2a+Op8LhJ8S03u9nZG6 -6w99tFdMgpBUgSsFsbxAZZ/ltn7LxvLLcP4yQFoIQhlK/NRY+RQHEgVbvBDVmRCA -WcRfGz+AGMqGpeIAah8X2qBpNcHVpGQ3pS6GNmbT3GdJrdWvnXpmniOCz2wdv5S0 -M9MMlNdCK/UyoM+nF6fJngMINQNECVtOyevBo7ukADf+oisMj/V+Xl0egU0rsAzG -F5JZbKlYEpwbJAdTesRKiD7GDVK/h/2nEtr0RrzgXdhE7I9ZLWbfo8AZrD97wIN3 -bcCjpsxhqy/RqMpft1ZXMtqhCD3RBYzLdd6E4c+BlgR8XiN8puKGj9MnmWjujl8j +pzJieIpy4v5DtIf+CVzXVtlCPjgbxIoq3Ci2qhreHyAK0H9MP6x6Vzt5vVYwolSS +5ZxkaIyY0NlCbO/ZBW16MEjYtNrLhOL+ih/BLSAnfNmW5g7UEJ35ZA8VNY6ElT/E +iadQPNj6NvAgtLfFC9elacidA/6nfTNmALxhWINolLc1kQa3CBsTRnpCbYyaHluz +/xo7Dgjaoj61YU4UyiOYtxHtYkQOXhdiKpXdLHHltxKxJ0fYmbBJ8OKGv596MIQq +8hKpYrcj8binwafQSYjj6KNEFL/PlkDii3G/wuLrFwgkDlNUNkUxSe96e6JUVBNn +uEgC9gg6BEAa42psaEFaq29Z1R0qkMNfnx16T/425zxdtcBebhdj8pIaQjxMlVhM +Qe9P/fypX3B9rS6dkRloK9AqGuRBeZBZJUUA6qgGagoBXsqGQc4FhFqrKdqBeB4p +IQJbWa++aH/bdP4HNrcLoA1lB2WvjtvPmdTdto8fICulbTDBDgsU96MUyquIkT4T +6p0yeXEVc4oKYYmHb+1/FncwawYz2KjloM1bX0f/PKtsrpk9kLDSj+cVxyRvi7+R +39NoFuEa7NPB8VKJCgurVL6lQKIiitBos2loUn0/NMBaSMJc0XrVvFG05hxGL23c +1tFhRr1lktE+TycAL59GKGJBh4Kuwjnu/eA9hkyJxDfJt5l85yIXmaqdjNtmyZ2w +2b0Lq0f3yX6NGc8zGhgIy8ZrknnRnPDtHSck14Uy0TJoooFbWFJ/PLpBrJxHx9yi +ApWbpC2vdtIVlPaYdlEAimuzQhEvwjSIqwiVc087PbCaCBEWbUizcdde3PGAw6U6 +I/m1FGHD4DqImDXSGB9iix1cjbf+4lsSHJNuB5iejSqu7FDkC5V2YZzZaHDFKLgW +hwpV4JKxZgnA09dIRQw5oNNI/LjcViA/R24rChIp3papG5CO8vD190CMTbDSDJPQ +NRwBQz5LCpIQaUU4I67sdyqhFQ0lvl0asTmBZzUOAjWyMEpOocQEy/W0vAUu+OEa +amImjcP4H9UBYfrXkLEuuUYofr3RwZMX9KIEQNF+0VvAfeJt3IDOV17zjm0kN1Ql +bjN4/iJAms1ljrjBev751DluzttX9t4Bsf7VKsmlGp5yM8YpzjFndh6/pjbks8iF +W2pGpdStiXJ27xq1aa4YrBk6zH0UDRL3yq9k7CUAwwT//qlKcgU/U1OU82gLkl+g +Jxy/93KgpM1H7g1FD7WM01LswEwPMWtMMA3IogL5L0mya8wEth15DxWKAkOgub4A +8YG6WnroG9aEovgHl5b/6laTryhbe4vMw8onGscsLK+9FbSPDiVAJfQisGnJYZie +PEOJw8iISTVXPCqbjHwIi7I1Kp6Yih4PLfUxmc4+Eq9FoB1pzxG3xEfcXinsJIuF +d3vH9uwUTv5mKO4IJxjc3Tg6nTMjrDfJHrRYeA40r+30abeWc6X3KhEQsk9nuj9N +PJmTY7dRkzxRsmpA9inJkunwhHF5FQdj2IqiQJNbapqE62MGlVofSKO8P2uF7UNh +8+C0k4ZSHTnS9+b55RDRvfduWosJbililNh6B12yqEfDMXayn812h0JNWv7lglVu ++EiCrCqnAWYhbqLPtIXHv2lowx+gulxyIrPlK4D6LCYy9iL3Qqh2bERfccPS5EaK +eU+Sj0KN2KeXv3X0DTKI1iieWOjk8dv5G+wml5cUNDHeBdKbsGuWWaG9F4l9Em7c +V8cLN84RcsyRKJCRL1kOpejD/eTWzuT3CmoWqFsqxsJGu2wXmrrXfBuTLIsC7liM +jtnF+BZZSebX4ST05USOHbKojx+yXhIOnO9oabm+ylnbOUrXXe3ufIA1P+z8GMJP +KSrRIeaRMfkiotW72wa+ofmRl98vSwzHdeP950ACf26OVe3Z7PWYI9nSmGR4lqrf +vxMAbLBvLbpq0CXQgDhpw1YX4UvvVLGndlcxVey6btFuy5Lmwoci+cgpkGBoDsau +oemfgVOMNoFSjoFO96kaKbrMLHmniEWdXX1FlHw2PTjv4YeniblvywFz3KqtxKzW +xOnWF7BwBTTm299ojTotOOl/iGMeMFXyGAc/lm7SLtpdHxYlr/3906Jee4ubhch4 +EEsNxqsvo4vBOl1tmspazPHVeECeL1Io664PTdTACQnENd67dHa0ytLS8SdW8w+r +7UrjK41PRhAhEBJUVnTKOE7QA9CPVMT74Qx51AQbW1uqlxuoFyO3w1Ra+B51eVjj +zjzN4x9M9m1TQzmpGBf5j8inIctdSAmhCpEB7qxyJVmHOoIUn48u3i47uWmQVwmB +W58f9J1TYAmUTvaSC+Mcmvbpo0ELhCRKVMQjuFT45ukrG3jeohiecPU9ga1VcWPc +uQdaijy+oNHDfJstQloWn8TU2Uaf2LvdSc2tuex/qdEt7eBXDpSzEl2gRlfrBFcz +/8jQqhsdmp0aFv5GkOtO0M7C6GAA9IMwYUDJBthITvUQa3feKKZNMWp61LUdbS+j +CwExwV8nX6YonV6QSq6nPL4+cmu70PthGuqgWSihuSYYbVi9UQWBiWET4PpFFpcc +5AVuyZrFhCYggeRGmukNTDhYUdThC9Ar35e5vFHWvZBbY+6Y9onhTiszAW9uESIf +ZBtmpRyZmbUYeuQgX2PwtD+ELBXMikyVt2mzuLKjeVocqaHsaZHiCuj24OsgdWji +IDr7DNNiLn06KFduCeQY+qWqyaj+Zo+m6Ez9h5BlINgDoNteEOIn0EshqsYgnmld +rYDfPHIxPFdRWaEI718VX5OLUdOXrPuW1joXZX3wiWstOBhqeAcKLbxlDd6FKyRN +xOXnKYOUXTJ69+FnPvUDpvoSIyFwOBqzQj27FhFIKNwjgdqLWiGeWNa5lhRf/XF8 +saaVma+d4alTp5KDMa1FdysEjbmWSZ+2WAF0NIx73qq9gpoHxFxLJ9K0dsYIfMx7 +SlckNm7qyFXsplSVieEC+xrQoU6E2Qz+o0bI/XSnPBN2ZvYaCrcgqe3SXDVNGXVC +HWmv85z1IBGP/DtcE3upNZyAR+Ty5PH+QhdzSPk5bxAp4dwqax+MD/cH7wB4CQ3j +Qm0WkWw5n9NkGQ+j6q5SH/eJsk060+irhPNKsT3ZefENM0K3JrMMFOZea6vRiT5e -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes128 b/tests/data_files/keyfile_4096.aes128 index 09530538d0..0a7be9112c 100644 --- a/tests/data_files/keyfile_4096.aes128 +++ b/tests/data_files/keyfile_4096.aes128 @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,6B62153E2407E123D027E7EA4D1DF26E +DEK-Info: AES-128-CBC,04DD86A29AB89C3160EF3A295444C3C8 -Cp66825tjpbBQ5Qcq+y7kWlmn6qskut5oYCipmNnE+0qgSPAeIuaCAHf5U/N/IFg -zUn4EZnD03zkB0Bq1ei+8abHnyTSkMANDO0TcSnHMVeBr/TNTtwB6QjlwDv+zLUF -EEaFoKFcoxE52tjDqS1S9IGq+lv+p9hEIi5fNOLkxh+AMsabQqUklAg8rn5aN3Kn -gzCfNnX4nZJMf8JJWXOFn+kJCh2HD0NXmKhKj4Psxn8xftkUHlKJsjdUbCQhwD3x -lxj9CSYrePDehxsBIBDuanY8WoUOQ77Iv7Y3YBKlmvNDESeQLuRYRSpCSl5hIMlI -7/2yMkx+Pl1Ep7CM2FGC8qrdZb8x64G5GtxIWP8EHqAgV5jAbCwuViBf1xcZ1UMn -DMswwO3miy1ggWkBGJhazzKPrJ7dqEAwHLqxaNfNAjdTdihDd8DpRnrmwprFjIQX -KPwVuMit4h9Xcl8M1cKijtnjOBtfk/BVOkP9cGbU+kCl6TBl1NqhDecpAu1R6r68 -q0ROxGvDjABCwHfZA2TbHVGsn/aBqLwn6mauWX9c8Z4JmOLf7nir17FOe0PUJNGT -EdCTpErScYaJLYbz9mnK8L75S9hgt3gED5UG2hH1YJjKDf20KqxEWskiHdAj5Ael -0qX4rG7+sui/go5QAATS2YMiRco+M/Bq8nCURYvvOqUL9X8Q6/kgsGofSoR1CGE8 -HcS2ubr5jjCakmN82pYj1YOVWbvzyJ+/bc8qXOsdCRJJTB+IvimCf2dKKkc+um/g -pYWYtauJxAAc+gGlCAZa9NB6mz8/cDcj7p6mDZ89K4T2zgD3PbfLEnQoJFqbHvvA -mCJkQBkLkSxuMHWmylPdVkChZvpZN4grqeQNQMnatejp0lqFnv6ZehJmJm5LnKJj -vuuijQNfhv0Vdsr+FxbnV/MmpKctf8aes+2YE3u6k2TBzbhbFmvD9QzNGk1KgagY -s79CRyj8UhavfE88/LpdU0RkJbl3ffbstGDXkOx5UpHphasch53YWCyN+y7KUiEJ -tHU87mSbtyy0MAZr2RcZP4AKf1pdTRquO1o4S1PvExkKkdzCbTXD9Rcj34WbGirG -fgMf5uba690hBZdafIlJr0Ol40QBZbPSdk9zJwFWKpGwBZb9J6QkVR8fVH61+lpj -bWs5SoNKJ9t2Jw7WaX025WuKzORAwUYU3CLs/r6XptA5daN9VeILnFda1Aj+MKga -HLihqFYgrXOqgzdGuGpMKD0oKP5tu/KzkXqkdUr7xA9xchnx+gwmEYYMIH5Wl1TV -3sCLP0tbqlVXa3Uy3iLPf/rrL6nXY487Q2jS401F1JHuegOLtp03uDzkr4mTaw4K -78gbYUySkfFnKb11s8/ZtafZmKNKCeVRkmo+rglZ7CQ82atxIDy5uST5a1BgW2XT -1SRDNTCoopuP7iaX2ktuLARCVWk0BySWWfnDhKLBhdqxbPrarp0drAT59/IgUFyx -MFRUrploUmZ4TvMJ9QSeC1WEgEn70PDMAEZ8oaQu0DOX5CYA4QQVVlm5Si0Lys8R -Kky5YnzRG49yYnxqfmEkUPWVanIzcSLvqaXEcsNKSLLAvs5uhlLQNuTHOGkaERzx -Z1VQwKAPkLLtFRHnXMvEBlfuoLrGclC7MZukPrEC2QPz4IOgS5lIsmyKsVPcD9Jd -89B+4nAA/RlXik/m9bfKp2LVmzl5xQ9mbEN0sSZBXjrGh9cmwWY3SV0qPuUtjv1d -YSwQ9JI1AdwoyurbsgeGyIpP+o8lfEDUPJORcLeLjTCfJb113mz3b+S47ETZRhIj -eXxNebSwpSQyKejpOt8yKNLuyOel3bgxb3J7bFofOw42FwLd7T5PNRPt+kTlLthX -CbO3960CENB1aYd+TbSfMeHteuxI6uPyfiVGa5wpBh00zKl1zhNII7tLA1a9Pul1 -em8Jn4MHtH1oO1+Hw3gMn0HzfIWOTxi+IxmpHU8PLFkCV7UJYwdk2Wb4NmyXE3+c -fp5NDiQR9fnFWBW3rqZ4ubIr126bkdTSYqjCAUClszegqm6oY6SUjfQzuwJaZpLR -tDouKHiHLG76Qxz8codVcy3Jc8fClJPXyj8A5qMp7sCZVDiv7yramalFfF+wQCCi -H1nQk9mVd7BGbH3VU11PCkm4isilwlS7TJPGInCAi4PVI+HaEHBhKUrl2Z2at7UR -07GpPjV+6iLLio0FglaRzGBf/Q1Hps6rJ0Pe0jSp9CH7xKsaUG1MbiwgzSmu7IBt -to6gYlLbj+YRdgxoGJyrgPixxfNgxEkcNstGo8RbLZZpDL2T+4W64hlP6PcY4dpV -VJddVfKV08J+DBYOkFy5nFV6ay6d49uRbCyRT+KsqoH0rpMivJGbTBl33TAQDHko -oZdg5mlFiHg5SHLzPYGmH5FqPqAPZxHVc9JWHMbNQreKd6+UXDg+JSblTtWfgSy6 -O13/NoJ01DFy2WvrbSgrqThFAaRWkixQPpXLFCXCvFhGsw6ukla9mKc70oRp4zIb -h4/JBm1tW/MGbIDjGY/zcZeM1XEZLh2aGHiOeUNC/wbd57pFRr58Be7SUg9J4RAM -RJN/GkCDCUsOIyQzFDn0rCphN7gYsb6dZkCp6w3U/f6MTAETSkc/xn1K93WvV2iq -PbuUY/O7Dq6zavzhXhhEjPSST6x16JwaeVdXYjeIZptIoo9fFcxDVFGHcaOI+dPY -9QcQlL/uocYdZ9+bjBPnY2l8sObjr7JoizfKO54qECrgKZj3D8HRsDZHtmzIAFW7 -tK+FrP3c7FT8yUalaxgxoWEL3XtHynC1jawJzoaDNnrjr8Xq6UDK3Bsbd/6wGBaS -h3WInxkUMTxQ2l6ccGBYuYrk1d7bZgZgbw6qI43BhjGXo/AZr+Rg+HiCobIKjgpl -nwxxgt4BuoHU5+hOtXGTXa9r2IDYP0nzLt9pWKrlO4MvDRyijQVppGz4EuuO3QCJ -+Dt7wOO6B+VnncidbUMLtCtADXy2dYXP4UWwGbC8VzoQyiJg9VU63a/NwaOf167b -n8vFDcd8ErAQVm+wJzuFDymGBK8WkGGK98RB4/r4WtoUDbOJRx+ELu/dRzHtK4+x -rc8IUhgZnZlpFRDVCZZFkwQQdviVGkrGCprtzJo0owLl4BKIy28rTu4VUoBOmH8w +Ki+maRW6CfjCEUAf9gX8bbOj/x1wHiYmRAj3x0J3NewGLeE4Et/nTwrzB7TGxCuj +foKa76U0GQGZe/8Z5Vx6GYVs4ChxVxa6nYWrC589Hil5GS/ycXyeW3dD+TRSDEGO +sBROGmdh9+EooNu62ohi3ttvBcreIz+sENprX6o6x9+bJzxUPiccEBIUcJHA4noF +NilSaT99A+m5j8/yBg5UIcYKgIwcn2Fmzg9g9GbPDY7zM/EkmEJUo8FaYYScuciW +6dyTpswA8ixR7drSJASXCLXpHbO3cK3gZJ1yUCEq2Ymn0pZyomonaSdN8sURvt1V +DeZJzoW7zc44L63B2+XKRjNtv84EtHa6UOOq5Y/0MhRGiPRJPAe4SruSB/Zf5N24 +jrQasz0+UYSl6sIvonmQje4G+jxyQDpGI6IZNK1tHunpMmjognhGV2CROrGkX/U8 +n6fhpITz3KYVtSyVapeyX8uk1wNEFlBIf6UTtt3hSN3js2RI7WnQ8Qpn6FJ8DXy7 +fMjPGhO3Tmx3aR2hL1ulv1B19DMmBabMiow6TW1BFT3YQvHpO4A/hp9eK3wd44me +dKrj39oYoB/yuEIp+UZ7dJaQtz5ZFwJGrFmmyow4wRJ7a6Bdkq+moN5VdK6AL+y6 +TFQashQT1KSQgqdiXX9wCvFMLe7PIsCR7i/tIr18fzbV4ejYKtece1vMBajyg4cX +RCVKSYO9zGTuxsBQX+mTPT/Wv+CA6H6CLssasdHrfxiJFP7jYLbkDUYtxgBhIWU1 +s7SygJETP01b37YuRhGPPYs4nMhv3QH9T6P+nx82nOPE2V83mxGF/g6Ht96qCn95 +1l2aPGrpw6zAd7ZmbRWPcNaDsxgkeFkpeGGCULybcP5yupRVm/lEQ1+YZ6JWUw6y +Yi3JYUuPDSvzEIxqSCLK+M4lWsTvjG5XLhl3e0nbjf5PIEeQcpU5O0aWHGMJbVwF +fRrcaCzuws5xZrdeSMDEOVN2IZspX5OEYruePtvF3RLHIFONcwIE5RZailYmdC3l +6+T3elpIndnb2OmbQsCV7fMXcoEcDn6UeGHtP2gtyg3zUKu1gd8gAt3XJRSAC4iB +vguPWHU9s84I263KiB6PyqtKrlCsXJ1AG5HCuBCejiganE3UwLbhs7JNAjiMAzFD +yvnXz5h66IQyG11LkPFBZEedm/9LPyM7yJtILKRRYZKnHEhO5wOqaVkp+d3BJU+8 +kqjreiCLqoxnncFWLre87AWGrlr4dLHqGnixbUyaT1ep7L2wogRzGcfkY4n4ERxT +VCXw1KrhAOCZ5KBA38byKwvSJBZSNrAK488lnTpm6/zU37VwrhXmdbJx2dS3DtYu +54wk6RIkfYKXK3NNz9auG5WpucUarApvX/56B1nGMvO2zuJr4C9b3IXFGl68jl9H +x1D27Rb4V/dMYW6XIhJ2DCZcWuHu1DkaugBW4kmRgbfyFk0JKpB1rQMXKsIPaAVs +uV02aOD+tCZ5Kd/l/cXISpaDIFXHO99hAv5euQck30hczI3y7LdUj4u945RxEgC1 +dA/VzSsQ88hbDavULg4t2Kk+jwdqm7aojbFTgjr3K7wJvocyJxDzgCrW6yZCZksY +C3z1hjzZldeFORDrgxptpeHfuwYHK9FFfDL1ItySWmETJK8YFo7rP3f1HvS31QbW +vFgseAteA9kn/EAskSR7tulrj2FAyF4CzXHAW1VsBbzmIMPx+HLuFON4TwVBibfC +udwwu4XNtK3yNqz7uPUHbUxYZ3E2CbJfBs698YauieNPZNboKLl3N2ITmpxlAcLN +2wNfh1v6UODeqepRXsn0NmYY4RZm7/90mnfcoe4zJ8+rRdCbNWLrXthra6ouqGsa +7qKH9xcsxp+y75/2S5sJ14TnXFFD72A5AdowSMH3poYSRgQT+SiBpTIOhl4/Lsz/ +jTHieMNE5htL3l+wjtkq+cGsZsDpV1GQhgB/0U0ps27jH+Q49KxB4TT71XLZJ/lj +gsDk9aVktLI/fZVzgzHWTXLXXPwbyKcKd6idJyOlekbddK7ESd4z0FXLNOVgkZr1 +JPFL6I5K3Cnx5TPt80shUH4noNHu1U/LdrAlwJ58CRZm0AQ5H+an1nhgis5lAOSp +iW4XQZ5SQgiCDNWSBer5qyXdJxA1j6BFNN3d8bm6OWCxTz3fYw6sqNe/gWtpnyi5 +WpUeNrkxIHiZSNyjfLjjJ19+Pxqrliz7vYVKw3YQ8u1R+8H6hDThB2d6yUOFc2Vh +XD3kl79zWYBUJRLOoi3mev3zTj4NK0NCXYQnM18+CmZcQPVPpyjC5dnukGjqJWdq +CBMt4gPhd+6oQXJJ7T4xkEo0g7N7x+Ha0dhPP5tyoX6aglAWLGbk4ZpT+87km4TB +4revhoSNcIWWwDqj34Mgh+9cH22fTLWqhmCNrUl0rTMgnZSQO8Z4gGSDRQxHFyzT +p0+vXucoTQ7Jci6VCqLUCfTLdNyTRgUubEBU/cTWgKZU0rutq3AB1G6++dEFZTtH +Ul04D+T/+G6Cc6R5s+Y1UzLVVpWtpwmxlnoyLXH1H3ROeyfJyMrweLGMxIL8VWKs +FM03tnwQFt60m0oL6qxFPbtu9NnGcLqc0uuQdif4IW9FMDp7aIIrABfX/YZQ7F83 +HySehJ7aJYKAyDhbOj3l3p3Er+DytaTH4kuV+6D6c2gMoE2aVqnSy6in3ky4xN8i +K+3BBuKuRRda8Z5EQWTEyiWj+2fglLehhVP3DTMDHw0pOf/jieTdXD1eHJmMeLYw +w8jLNcFGGhK2if/eBLKWBfJBc/Ernwbi/e99PN40TtxsBDYuInnP/SmWQCfys+1Y +mCtb9IIMiqReKwl0L97Mune6hImw2/LyJvqIpZR2veN1DK7vvdIBGU/KHhkUTjZJ +30Xdw64MBcM/s95qwzYn2qrmOZz7+si428Hxx5uXfkM9ylwFyvgwTqo0/xmh8Av0 +wmQYWJbP+bMSyXuHm1GVmSFfJo4aCA31JTEV2Azhap5+EAxQkWQcIY2sFRHqG6uX +xx3/2EMmtHpOPlbw3A3Pgvs1z0P0un7mxxTLBggfsnWeyWmB2sPquzk/37bXys39 +0S9AeBocaPsStJ5sPCUWGuQHAe/bhI6AwerxEKLGo/cBOo7G8+km8VK+WMx44QXr -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes192 b/tests/data_files/keyfile_4096.aes192 index 203d57a652..f57762f26a 100644 --- a/tests/data_files/keyfile_4096.aes192 +++ b/tests/data_files/keyfile_4096.aes192 @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,8AD7089E60B2EF8FE869EC60E0F3B161 +DEK-Info: AES-192-CBC,FD96F730C10A4F9DC895B3C06D91C5A2 -F0RA2bY0ofjsvKaTHKhWzLvrDBPB/mZY7R5bfOU9Mk/OKtFxWo09uzQgTLsbG5Z3 -7esNgfAmB0Awm5np3OAfxb9dqprhSOoSSzBzd2TPy9AE3U6NwNPmv2DC+r312+M/ -QwGStdM4k8qAoi5c+GF6S8gqwZzTxInFd6AnoTvUJOZEmctMgGXz4xpW9ys7W2rR -ThumSKL6++oXPFjOsvBbVzMxscRIS/yEWnZvkxyzGpoN6+ewcXQYwbmIZpn2yYCm -M6liobqp5QweJZVANYPHWa6i+Xa8BsYAy311BQ8kVLiitoH8ok2tyrX4zkFqtX/J -MND3G17tOs2sDEtVfJHzxDau0G1zsbL6iQuwSg8fBDmk797iiT+7YYI7M5QhfmSd -oqrRoje8knwCbBZWfDb0mdHv0D1Z4dNqVcoO+YbndUf6mKLDvOCcnSZivSB2tcFZ -K4BoJJa6vGeWhIZ5i98WIfa/G1k7TNDEl/WJIcegTJMkT1YIeOtzodgnihKhAhUS -wyKmpmTvUNvaro5jFXJ1IYTpveyi6TpT2SM9/W/qJ07ih1ZqWynD7A4cEf1Q080v -hRxccwsVNkzQfA3DBigvrwmcm5xxNx4A/YrcqWbHIaudvQpsinTQTnE8A9c4SWti -SzfTLxkgxio8DADk+gTmh/kFx7AEaK0Wjyx3irLki+BmqcwzY0lYa9JECUktw9+F -jmakvBLHylkuFmnQzYhG2Km1+o83YkPpa7tXxQbuhw1YdLN0+PZRhZVz17FxZlv3 -824STsOCs4hhnOD4bqFaVgnj35SRa22K6BjkdSGHV2ZndLmKNbABg+qQmttS+rPV -WbgroCF54qM4ZciMlLBxlvIxJI8pIXkTwSRdBqMUFN/QNGFzWNFyYyIXKTz+T8ns -8LWy/Udvx6WQMAWHHEhzp+GbBOWnY2a+C0gENq80HK6n7d0tKWzRYy0dhUpki50A -yu1G2HvpDUboZQtlzBwXi9PXUZH7T9UPrymYchJrdW22Wz8oN4hyp6KQdrVSJ8YA -QpURkWaJfnWAdp+cQrRKl1x5mpDGShcRg6+hbpd7NGks1vNIFALb6/lTWmYQCZiR -ZjtGHubdUJIVqQovfJXL1fpOheR5k/N4UsqCc9Aal7cbcpIqGuWdDNL4caeI1SF0 -u3oYwK/58CBZQI09e+nQT4UHZb1+L9jr2EAgN45PU2XZ//Mz/+1/5MEZvMP0/lGq -ppUqwRRhBnDaueOrXmoh4XGTSYia3wsd8Zr5ElgvuYBjiUe49MwixI1UA8mmx6WG -JdgD3DE6W4soft3NuGYhQi3JzqlrqCux0KakYYORdrrdwXLszJf3euG1oqpmYhho -fIwH95eRygWBh+/kgN5CcVx50d0WZB4lteSEHQj8CZdlkEHwBGStVo7FtKRHQ2Uq -6eLB6VjxbpX2GxaS422xs/xGOoY7rnblB/9CKjdHYJ7xt/HPgOpkJxQv/6gcQqO/ -lIwxEj91hS7Hye+HCjGgK0XMG9so3ijT4UwLUvlVuePgdu3nwlAdVEXXBpRodsPA -fyZyYQbU4Rl0SVfwiZAZQ64rSvgjbHzb6vcu/hIzsSyuFLSk9CwFdPFqsLR+WRTH -JniyFGR/x4MM5OqStUbbNyFTIJgSN5KKgQ4Xd3BcK97hDX8cPhyaNxQ9y8HQSjqz -qfnq4t7VoNCIPqBdQ1en40Q76nYtq/9+1ENXZEJAgoiyZfKZm2Zw8HPYqLluhzzr -D7H+fmBAwngY8be1J3nphNM/m/oSzU3qbiKun2vORCkCPIrg5Hp9JQ1Ns4bQLVKn -7mAjgHCaB9kVzpNVokoMX8xlj5aaslke6y1NyA0T5RPb6oaD+KGmvQP6kZ2kP9z+ -uuKLwBkUFKlo+sqm4bV5DPg6bOJ8+xwd/yDv4NbY8qNWxKFXHmsgDjZZ/tOh/BP6 -RWXjFdSYD/R64wiXkJEylpBlEMvgCVPjm/+nHuNaLW0gV610kSd/jZhYkjzEYICH -O4qOTs014X53NjvnHBFwCoQSKmL0GqKIXnvJbpn6aOnN6UMsFxAbZyjytM/1C3w1 -lXbqTRI+dgA5Q5uxAa0QpA2HL2CqHuYfpLOsbT7dd+5wpaqffcUF3YyFyl4eCh5z -70CpqR3DOn47FbapjWGCbkYtIuLBo0TqlHWnX9k1XBsYdNSli7llyeAiY3w2k3Ho -HlXjaY1tuUjdmuJzB0MZ1G0ZUoW5mM9sVx1euab++rxDAMwR+qiOji+k3U6Qz2pM -d3waK8bSAmweFdfRZpeXh10ai4WVEJai30BXoiVEmnMTVTUp7pIjGX+q+x45wW1w -uoFPcjaTKLlNYNyBhPYOFtSymxJlHLvKnHaCp/DTCHHB/4knrX9We3mnSN2L6JuY -LNjbhtLFl646jYUsXanpLJHMQtgA30W4ddDMG8fUxKa4VcskrewBxbXb6+zS/Mql -EhYsdcTirrC4M7cknFI83z3wenvLdwSJicl4KRaCrJo33ayOCvU4qO9Whr2m3GZo -lxf6pcD082DhN+vw7oCQ9KvTEMDP1Hb+7Or1yD7aQrY2ZLv4kNicVMwAaaDHsuHj -fk9n05irX/1+fph2foJ5JJHP3Noh7rAIGH4qSIQY/w6MJ2IygEeS+JJt9z5q5GTI -VbwZ7XlFNZO83hG8XqcdXlOIl03utxhXYXu5bWqdWOfPdNyHDaF091jexC9ZfMGP -jc/Wv0Ig6lIGAgBhhBYIXV6E3i//+T3MJgvVIXgV6YmvZwOSWUw03JrHX4Fx6v0z -dP+LFD/xlwwBWgj9UN61Okzup0u5TE9vMy0P9mOkxlPzyo1bDnzqZYH+Eth7ZpF4 -04rodTycoTF63sFeX2LDzAgbtD1VdbLY9P9SlEEN3S3ZvjQOVnChaUXi4dU8riUj -GIw7VjIzlPdlq8WPvqueYVZK/t1OitNUHo6qUscFm2HMstR6dtpC2B/3wzr/3ECs -ChNTAcBibelDLRSFVgVTmHQK5e7cRVNK/uesIU75aICbNXjTMdLLZz1uOrHhpQUY -CcQOmOhM5Vc9I3EbglbQzVJkOACXV9w2Ak0EEXyFEiXmIuVRnSaiG13PqvpZWrdU -LVqnzUcsICEDZWQNbYVz3D9lV6Ox/hTsMv0lKDfrTepI2AXeTJ68uy4os/RG080c +QDAO7lDXzLmdM6VPdNkh6tQpnIACwT0f8rLd2RW7HlJEjdyd0e6Eamqxaluxc0wc +zWP/uchPuvWvJ+OAZjX/+Bj+SKWnnbG5kiK0NnavDFU5BhdlCwOE0RxMpAXQtf1o +5YNxSlY0u+k970/KQq1QJGR2osEdy7yA1GaXN3DNsDFOODFniATl0jctIDEg9lAN +fBCKJmI4xy2u//3FXN9FF6QkN9+Cryec0HtkwMVoEFv8If+AIGVKqjJLtQnuAq8q +VKiswT/Lc809zO6xf2wZr7KXzAbm9w8nYBBm3NaViNuBQZH9NMxw1Wss32SI1co8 +BHu7XZlBNCumjvJPewgdwkd8pggMJGw3r8oADPSKd7VmfxG3FwUpXL/JmJFs0DOO +A8aJE0yJrYHVPIJOMBgJM5ZC7iNHNyzSa09jzt7gctUV0zBW5xUVqU0ldiZvt00h +XCtIaz5wZdxt1S0hnqi13Z71rrJuzJg9/lpB4rGlhKqNiWNlvgdpw32FBpicowxo +LLd8Ly6nECj1wAL7TrEeS1j2J4wT+/PSQFGCJoxKQZWMfrqDFLGXaPiZJNiEtJxU +ISJGUV47WqUEmwUCZVE86zj5JUVaSrdcbcc6FPlkIIced9otJJFzeG0Ypg/J8f5f +Myr2bHHkDfIwigGurY7WK4vnWuj3tf5V6lVYrMaetPW9UZbxQOV7v1/vZiiYQj4a +FfLGKvlas03/IA8q+Egqi8I2wPXTl2Rtzv2bj91tsnxZ5Svm2+8UXiMKE9pKfP+C +twpNUr8LFBPvSUnMf7tWNo63pUiqfW81y846HtkWo6idwflkRc+jHRU9l64Nrq8i +YrkN+CPypW7IJhagzvniBXe//wfU3Cc4X7oNE5Ml6zbnVc6UTf8Ab1HiOnJ3xVF0 +xZsN40UE7s0+i4BgqcTAmNZUUzcNj8LEfGs7TwlhzpTZSGp9CfX9j73I1nqekJm4 +J5ENS0QlSh/UMGcE0vpqdfSWrgdIvVw5ArA9DSBg2yoR2twnUuH+D64SawGyPRqU ++pk3ZUAKBRadnreUH1wNS1p8WdBRCJDg2gE4ZcKGi7qBGtt+jZfj712FFgm60WyQ +kAZe3rsAeJuAmJVkFDmaBR2mA7Fdkzg5idlavjuTmV4nHKcBltNbOMKlrzgRkca6 +GmzR9ICeiHWp1Jr3bjqWejvb0qrEsBAkMHTmBKp9SNDeoiFahKwBzxk4NSNJPG+D +XlXIZF6gTfgwTWf7KbvAfonSqAHtdBiZSDOSbloSVyBmTseF8SQHL1eVvWAfBQaG +qwFdhjHKRQdJZbj7hrfUL57GVivuR4xOkPFopsRJOVi79jhTstnVbXbwrQBP79Gv +/ABHXlEz5ZmRTeCjCCXGXY91JZGCSksDSPVb++J2Ox4B1pfT69G0exdHYM2kKO6i +jtrmcM2t/o3+4NH9GapBcHRYPA/SFu4sVLvnuWi+xrKJCUjxfsStyEIMoYPJVeld +hv4Ra3uYqzw+bcVTfZ79cUDHqXwt28xkro82VPesCZhE/YpPYP3gxiKRV37EGedf +iczeQgWD3+90LhHsynOmR/i3J582/koEbjCBM4lKwBYjsRpYzM1NHiJ39BAx4CKx +0JRHbW/OfClnvG/6cg9RVm5hHV9JQCWgkzHGAQw09zP1PaVIS71nlPJhHzEBl2zw +yWFTksRP9Bhuh5BSItZLeZu79m6l5Dx3OYP9H5Dkyz7p8TLYoC7cg5UqIpWBgaM5 +ZSJA+TMwHQlijS/FthvR4yxAVvoK4vwmbsdkkorWpZxV/oQyjyVAl4onRiaDOR7N +/c4VG5iW7qoRukNOkHriFhPiWcF5cTLJDWYiLnxvOGY4qT5QZmQ2gc/QdKD5V5vR +34rV2m/iEmKc+a7SN5n3FsQ9Sst779Dyc+Tbne6YmaWqwWsJfQmUnhxU0RerKoIN +XMtFTx2M0NP26Atz3bYC65trqoqgTx7vnnnh9BxACggCcJYNrk7pCqr/ucitTQl+ +fzPmuKV8fIKd7RggwUnhjzZxYasEBIqusS3g8GYK6pfeMWViWOsh5k3w7/M3ewGF +KxtQ39cn7HlsuCamL0UchKjE/iV3W9Tm2s7TSNiDPDGYYfyQIcohqN4OtNBoOMwA +fuxSecUpLP8W02f9k2l8OQP0wXivP0BT58eLPT4edwdKFC6R0rihkDIUdHXmZJ87 +PgQxPyse4WnL8pEiQ6dfjwYzRKtZaJDpjxNYJYIdqW9Cc4K6WHsgVKPnS/I2S+Md +T99RyjWgMCJ/qwY8JhyMENYrla1m+utW9Hxhi4P59y8QKX/SPj4gdLZftF7hjkoW +CoPp5K7oWKNdxGOOzM57e2ssBUgot4jHGurcMSaIpqW5J1qsodlbJ87Yajd6MTuO +fAT/KXir2m0q1sIiLtPT3o6App+LPmbu8lOpHNFezhUI5YbznexDfaStY3hb0jyf +Vp1aUM1YrGbxNU1bL2wwYH90GD/2yjFK+BlitQpQwkhL2nOuCuzlvxq7cSOkvt3D +AnrP31zytlVMQbrjyufa3CG3mH7skYwssWSwbv1WfY45LdSWoT8msgLhb1jPVswa ++kICBKFzX3k8+NmdwEgEJT/8gUG90jlcmQO8+r3L9F9cjvUD4NHFHyLswK8CHYKi +auZaHf4eU/Il9I26pOba7TyvkFY7m/BtvyytP+uHG44X1jUSZuqf9FT2+PCiFqi2 +L6cKQ7MIi3A88BPoHVJrrmEr1AbeYWdZB5ydBq4fZYPtD1zgxmSGAPzWfRj5l6wa +3DzFFaRBPaq0z0fclCGED43qo4tDGZJLcnAnlZEfJckwITeyis06mwWZmBelokP2 +9eB7Z5ho36y1nKCuHw9i2DrSGMqi4WjG0/TsdfkXuOMZHDwYm9Rf6QTiAdlSvcR7 +GDrHbx2HPetA353OQ4QM4fgJ9GmaWt5SC4UtVs9IszvP774d94OWGSz35keHhDKk +JD6P4DcLwQxJbMrCH4U5UqtoZYaKumjpap4AxuDbt2daXHDa6ylJtplOiAHA3FGj +UXzBw53fX9WQ3E9cuaKJVVs8JPvNEQG74om5ykxkZcJOvF3IwuRCMcWWkC7BsTNl +yDIZ3HrQgq85243A9Y4N5IF1m00zNrZJEaNTqoM8wfeYgHBCYRz7rtCGpAmJDzZ+ -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes256 b/tests/data_files/keyfile_4096.aes256 index 062986035a..2659f17edc 100644 --- a/tests/data_files/keyfile_4096.aes256 +++ b/tests/data_files/keyfile_4096.aes256 @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,B3D9724EA29BBCF46A5040D3B872750B +DEK-Info: AES-256-CBC,57D8E4C458F2FF1E5EED4FE0E81F987B -DgCxMRNHyW13QuP0pGqEhke/+HP0/3HEKVZ0DLRAKhVYpKF1sHrPYD02dI6+6916 -b4Ny+LG0qEY7Lsv0NOAZq9alCMqKntUuXvRM5FeBDl4o0WKbR9y5i4c2LCutHIjx -AtYAP9gkvwfPolz8sM6GdWO2DLZLp3W/pQOrDKXdtU1wD9xcv/V0yfakSWMw2VPc -o8Lv1VkukXeP0aV5ZauaMYg6ZRebVIXtryt5BdXeR4IpZx/nbwrajalhcswYxGv6 -J+p2R67kbxED6XseD5darr9zZHV6I+m9vesetvnxFWYLR/j5nmGzuSi+8EAieuuC -vl+YaehTumHRsWWqQmr+4DBTh9dI5gxkP589Esy3Gim95oV/YxvTpWNOLEkbxTPr -Rq1tythoitFQ8sSNtpH9x56wC6mtOj4NOxyPIOb0+keYmzGFuLOhT6/TtJjMLYKj -1P+74kaYBAhlI7CVbnXiwyNR8nZxvaonXuixJvfJnERK6OyhfUoU7HaUjBrVCv3S -hEE4CqIkdlYjBl4UOcehKd8fPf79OSmFk58bUYZ1Bv2rf8SbLB0WUovnfL9Kdiat -uSW10c/ImG1y8NEF0uG6el71KpZX/fwZn+Ek7NJdc+fQxAfJniWIdAxalv5C1FBj -J6Rx1VWfSOUH+qbUkI3lkPmqAKK9SuIbh6B5tf43XYlWijeJUbMkH5CRHaS944Cj -2rcW23oWNmltKtXbfmjSRZiCN+nhQeRFEUuiUSMB5Qv3k0hPNLwVphSpDUFvclLc -UIzuDJCdYViTTgAGzVsM1Ob1zjBmtGc/gHZMOCHqXPZr7TFBhicXhAXzF40TX4ml -qBc3/Qn/2pM3yKM7+W8GgSN/kyU7E1R1bL2QhiXIXdhB0La9yhZKB702z7zVXa8k -QxJxiaS56cskCkIzb+/iW8JK2BW7A2q4gj45FDV7ITGsFT3rT0qF2pvxjfzClwwH -czxv/M25q3syT+P2H0b0EyJznkU5kpqBwL3dxLejybTQWMxEDElCF7YZS4LhRg7N -8sfIW8k13ko6/Jmkyb9zzsKTfoRMi2rAJQPaFbAqLHDiQJmo1HB4Wr3iYvHVnazl -WADVY1eSB6nMbGwZxNZDRU6Ul96nW5CoRUJCq2Y7ctN7wjomqKGZhhsp2fx1a2hQ -vrsYooqCM1EEVp+F2y9mJsuCl43EFPV7YJlGHbPUNF2s2hpBi0sWwWIWLMSnflh4 -eB+Jopij9C4plAPVF5LdcWxzDaZU//URaGoWeCPbAzLdKCXezVEGaQgm8PIcmLZU -XL09+4kIhptqw8GCjbjwArrceRhXrTuDsajv+uTfEthK5j7V963tWYF4DLYOtt9o -ecqQuCrVeeusnI7iSpiIwod1mYxNb7UoXui7yb9QcJemlBr/Ez3BfyAy9yQSXjGW -cM9ArsTG+n+IsPxNROQ/W2V7HJKfmVRjBcBgJnfl8sj3jxosLGxFtfnP8slzVAVi -KHaYSOOjR7KSiW91/7yvTMxXRuVGtARYalN+HrMssszpFFSCS1ubgYO+dKWmKGLl -VtgPiAwj7jghGvYUBg1EXoihi5j1HYIU5mPBEIuT9YVokHgg5eT+Wm5BG5SkVNIt -2Y8Z0zWXgnO0iDIHyxCNAajQXbQnBnx01QY3/PVowksQG/KhSFa/PLiGgxwNC+z0 -bTZiEbtHBe5O7kfoIvazYmuSOgyCfPkukEszxAivwcmZ7uIWwHlC74oXILvzJVuH -lvLXBEtnsfDEwjEnMevssUhnFgJ8hihwODF71L+2VBwjDqRkndjAVYBhON34Vg/R -0LGhtUSYMFfOfk0yrltNxD5iaMMIeds1Jktkn6Xz70rFy0Ykt59iTjrza6bDhGgY -h4ZSG9jO4Xknb/meoOacYb/3xX1pA9JQbb3G/R7haC5l9wmtMGFy2G3NPqtAtwKZ -2gDBrqu9MOp7a2Mxm3brQXE/rhlJB0AjyyioyOsGZKV/okY8bhGyGhx/1bgrDcob -LCP6XykjvFGOAU2RWAYkbvl4CKW9Bo1x1XrF9+QpPAXUg4lCLW6Fwoom3QVo/oIr -sZstrV4d7ajfbU8KeKz3+sG6O5xO49NXNtptYml7zMUFXsVsFbnVwLOqcTbtg68A -ICLYa0iFRTSgidqd7coY3yee5xwf8LkPGVnoUrtog6GWE4lLLamKF3+mPrtB+KAH -BWy42+yLrV07IDLVcAQdSNhKT1ppXxIE+ZnWQgPu3GJOmWxiRbygD9N7HbiaByDA -QAFVtsPdqQX05LVGoWE/EZsOQbxoXm8WQ2GxTUZQyMWFTOmRuxKa3tIwQOCPlQlX -xOdGIof2a7aAXIUAl91f+64uU09WXxt9UgPgV3WYLrsV0xHPLqMISYGkOJ13CpJi -TalaKQpm03W7nymKPST7QV5c21xZ1Q5DW5r/zOBF0+WbMJaHrqoZANvg2dzKUKWx -lbmCmclpWnTXl5LhIupCW8S2ft0Gpcypzj91du4LJoyTGi6mpqtGT/ZyrB3TpjYp -MtreLfl5R91IKBj7rW7/qUNRfBAsbhic6L/JXLNDIpqWBlk6vyU/dOwnt8GNa/xV -SELIaZZyofmRabnMISWPj48LoqqVUpWO+LhHDtqOo4f9Kp7cRfMJ1cVzMAL2fg18 -dQ7Gu4Kfv/CSQvl7YUZEMGFAAI264Nn8vnbhzsv+a5RDB4MYZQwCHUIIAczx+iEg -7PX/83vn/oZO/bmtJ+g2KDp1oBg3fab/rBOGsFucF3Pe+kBTZy23PpL1oX6xxqA3 -D0gN79PTLiOSV432aIIuCIm0LexCxAUW3c9CES9faNA2W0uyprVDPF+ML4sx8b1z -GRdVnsUcdJQzfG+JqJKeNb6lVVjOJIaG2/jtBvAzL3d0sNX2oSPJk0ruITRCsPfx -ZrPwjhZIZA/CjQ5PhzmLeL7P0Ker9E8HGI6UUdX5/Gh4DsfCwRfqP4hsc0TkjBum -bwFa5y9Bag/sTNzEOHVjWm5A1YhYGK8zl+NB109HYmAh5pryqWLwckREIB2uL7Bl -c8n8Z3wGeaC6Y6KEnrZlAdQyoTeBG2qQtW8iS4T17VF0JbCm8Crp9CbpkodksXZ2 -WyV//WE3Qgur3e+EYmZLyR3FwPym/zGTChoPFdsR+g8nDEJDSxJtmM/e0xMcJIJN +3thXhfEmF8+g8k4jTlpQ/xPGCBqofqx3PIYwUT/I8vKen90oF01fRyc1kJhTH0Es +NtzvSHFobm2THHZis1W9zmHIOupkTNpGgaMtiZPcgPIAOFiDH+jP9JRA30MhDs5b +qAgZzZ7sZy/pqVRD+Zf1AYEtmOi9toD+DFrDMffQ3tf6/DTMqAXR4S013c19i+hT +lDwr5pgeWYvtojoQh3uA60OtCmqWdR1h5Khkc/FfTK1TOLKNf7TPfQRSDlPjlBg1 +2vcMkhn/ETdB0a/poKAynRW8ZLJHXcWuIEYDXMhBEfDD/JhLqNAbpQ6V38X9UJmC +vOrsmAiXKtzY4Uw9DEBGOp8OgpickVybmpLDHWpJZzJ4BPoSQuhSqhfXT8c1xJDT +19l0+ysR6h+fy+fiiYoHz99M1SuW7Du99fDkzXzPtGR8HRoeGY09OMPd7AzvFp09 +5BBKXNXEmNeeqOiQcVgdWVhZx/9AhT41pNScWg2vJ4jrdAIFEy05tYU9H/e6138B +2VZVXy+cj7bRQiVXWy3T9ax3gC0Su/5sJbdfJBtC7kqx2FVhCcty4r9PhO5HlYNC +6T36JKoSsCz+ggmWntyxyi46iAxkdERzpFRnVHeDvT/dvUYQ6FOQs+LoYavPRAqE +/OTU3rzbzL0bMQtk9ovd6zgOHTUDrBOx2c1ahkaoefvF+7WhwluQ1L68bgYZITp/ +d3Cd3TEdL8cT+jhu7MaAvlp99IurByrtjAnZnLJ23AqGty/4o3bAfiCOSQZTjxif +K9+fCR+RjStAGuz0GtAjFXKsYp0L+nyL7ZIuqJCnRT1a+sqkX0xpf+jubQTnJE9t +lESqcDHFHcM11r9I4ktNM2HZHzGSjtBsuDEKwIo6NplAc1OU0UJ+Hytco826cZuO +ta0/9WmTAtE7xSY7kutK8MU1jpE3QA0xKS6gGyLeYY8vu1dMVU9rk0DHv6ZPfUQ1 +BB4lPHvSNflm+KjrOIAzY2b3ETKskJJtrBQ9Y/FPoMp3znIuas6MZupKNTbUXMzy +HUyoWL25kSt4F7TY8/PHlVWwdSXN9L+ql0or8WMa/QKUqGytENsYNh9Jl26ZFThW +uz0sWmAbZL4E9Vxz84W7Mzc3U1fMRmMwcSxixwxvENfapxVvbC31yrCTuK3D3mML +XXQSPELUqiHTvjO2m2ya78pE1roXCGCElEyZ/YF4MWSb08ovD7SgMI8vvGq8mrGz +sQgAG1yQnGI4NgLQKpoqYoHpTVXhjXpd61RLxgNbGiJdaV8yWp/WAtwiM7V4+BQD +KhboOnjyVcp79MiACv9QD0uuqI4PYmQJa1Y3swsiGPDRxxYYbzE40oPeUwC8ihYZ +yItNScHYEn49iF0jPYm1BtxH8IPGMk0o2w6s7Fz3MQAdvgrHrudFIPYh7wn7cRfJ +Wgha1pDmc72qorPOpzzSQwCAnAd9CrfYs69+V3DBA41X/GscziduUFfIe2AkNOjW +I296Zc+uJJ6Y2RdsZCUSLRjqbKqu5RQZa839uPfsUT0vmRI42k6qndFHMEbDzZy1 +2fntlBtggN2QO0khyoU5CiWKxhCS0vkXdcYqfyrk84xefWEWJItmLgIiJgbCsl5u +Tejsj6V6oJUWbQyZEnjFsKrDsobwQBO9x848COUseTb4cBP6jkyh5xItyxfxm9e7 +Gx4h0yfgZSBsVynofZMvMecZezQynjDOTm0FKUOiQglG4Z/R/ozbsfoiHVOzovH3 +cX+XT74TGjqBIoMYvShXpA8SVA/YvGL5HIPw9Gdh7FD70R+92Z2J1PHAiAPLLS5V +0X8dGPWSb27EGd6iDqZ3REN8fqWw00Wrss5cXTdLIW8eLRVTdTJb7Pu23yEnp4Er +sR3erVaThvaDG8S9dI8jr91zmHRT/BPXB8kbSRwDu35rskrCiWZG8koa4DiS9Ik6 +ssKA13CuW7gx/KNq7ambCryRf/X8ACspggtDUn9fCcF3yFrWkoGlGN2zrnhZOhtD +U6Y8HQf4PP2H1Gai8PoMe/NUK+/iOEHHZgv5UTXRTU1MM9sNPiFKv37zgmMOnSng +EXpUTs+R0WYi5/Zqa/gFzb00yDYf/FRrdMdVntSg2iQoEXOBwYj8mm3R8m6TjX8i +o9dFBVSQmBVTYrAHeNtubl+KDfWLyCSVr8nDXEg3TzUpIAEfaXJaIOjkMRdRJL8x +FPkKAe18iWf5g3AjRFdUWiF6K2h8/h8WFKN7GZc9P0m4eyR+k4ym43+Px9HOnzNJ +hVeIiW7GQ+KfsbIfC88kEwvzt4+AKXil1dzzADIi/tH+APXuugSgrE2k3d6ZtnkR +4fO20OaIDEENUaE63mtctB1wTCBmDZtjBffIKbXinpO92+GFsU45jHKhQpquaxMT +Ipy9Enev8oEn+iCxksZMvkYltN4dJ2FajoKTPjLHR7Kqn3NS9BqrXpguLovlB2Pk +MZpZ2QnLdA134kMsu2wApJQkr2jAjDujfp2bGddEhaLJY+opCto6KZ/qd/OSCbfv +Nw33F3JE1ZWnU4eeR7tcvo8J3y2Gnb7IIJK71Hyc+94IC9SrerewhC4Yiy0Hzfw6 +XG0iJD15eILOLt8sqMJujAkhSxHTOq+/0DVrVT0KD848VZ+Nu+lTSHp2/PiRz1Fy +WAOzz8FdrK+4BiLyvXet+APd5af8gOvb3PkWeMlh5PGsG2JS75BwiwNcwodbgPvR +LSzS0uB8SGgQhb3OU0uJGHna7GSlFYalk8QDiYec6iFcJ9OGpcCtplyyJaRYczsL +5ZKDi1830GzBS7X54v6GvTvUr83Z7FpW81hDXFy4hSbON4Vk9///9D9NjH0r4VE4 +2riSBlrVSY+vuBhmbsGnbMDRNB1tWWNDVVRJQPaZdanXc7m5Gdf9cjTxQrOvyMyz +jdLYLlSFVCo41C2JclmrcQWSu+5eBa27v6oKbOYqazASBtvlsPJZW9tngNJGvwq/ +Jq5U2v2XAzxulJd8hihb7uCLEf2rHQT70RPV7125JhI/6y0nEGqJX4WpuqTdAbx0 +VLwTgzvI8OVWFbGCPFWnMsJsFNFPYqlDRxy1idqfy0T6gk7vwtmcfLtTVQxptyoS +MF1RIXifjmMNBrWLmka3wUeJMSlB1i+MafihGQdwapQbZRh8Zx1P1+eH1sQo9C0p -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.des b/tests/data_files/keyfile_4096.des index 59d67719fe..fe98803d8c 100644 --- a/tests/data_files/keyfile_4096.des +++ b/tests/data_files/keyfile_4096.des @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,2E1F86610218C7B3 +DEK-Info: DES-CBC,D6688446CC64F13B -+MJCE88fZkQQVdfI30MO09vUhc7VYoC5g0/idfl9dpNVV2mqy/M2lmH1NeTiGB3V -DY6zf05uSMj+IQBduchbmhlbRmDH41di917QJaysH0D/GbG57tHJW+Qet9dD4FPv -YuTnYvy1nyceFJ8n23kuVQoRIBKKRc9GOe06BEpUQGd/dPEuCyy/Am7jK4IZBWup -QcurBNyzsCqSiIYobIrymnUb62yS0eWabcD5L1ATxc90jL23HTivUfXHHD6D5ENO -n/ARuBvasopR7ZQPExokOjTD7e9mHJ5vnfK5JHd4VYLAs+IEYfTfMhOPheEIHas7 -ODOBtn4cLuNupP0m3BNKHbTg8t3iEu6/in0BcHkPyVCeDX/19Ga2T8inDAT7wC/U -OdYo71PTmRLrb9Ak8msGgsR1mzziBcz7ZNjQCoU+MuNJ82zFMQuw7A/TB7zRFoyR -qyP55Gu8yTM8K13wBvnvH7o9ttJNB3lwqo88po5foN8Tu8Q4T8M+2CEmxgYhZS7d -8LY1B3xmtpyyfuXXI/ten4s/aZ6vO1hnTCFq5sgwHH69JnvYxMAqPmEj1s6K6x/0 -OFzL0RPRXFPAKoJgd8gtSj7PEZ0MmrQxkmVFRU6EdO9waRxNDTN9aCqrTratrSJp -jUHLb72Xw98XEoVmTKWRTEodB4zuV+OjlGu6op7GhqroQPSQmwkVKg3wXIRJhDHg -61yj8m6Ph8qDUOn6WqixbBmyshyETIO4dDP7k2dsaRnduLtkicbeFIU8Q5sfkiVg -mDB67gGKJMGWNWthtwjVLtgE1y7Cpgj+tEWwZQkgnPKi9lT9dJodgysXMLIgaDS1 -XUUk0Ynt29jqAAvOUoikpQzf8DZqmYDpkhKnf8M2ATxsybrNnnb7/2W2kQe9wNsP -fq/z0iK/LM6sf+7y5sIifYlP80XRHJ/3K9T7sDZkK03xp0ok2+dZxAILjkuHGkJt -ANLTXuwgslPKusNgZNMVlpk0wJQCET2pRQNKUOjnRjo1T94gt5eBHUqX8qIlEHEn -9ANHy5AdKkI3Ay4G7qqAigz2+c2yXeF/8+HBHKX0F70VOiYvmKouufuntJ6FP9FN -i0QBIRKT/MgslD/WrAAjhjoTwoSLhnz50iQiim/UaIc7LkgqMypSsi29UQcNfQKg -4p0jPTJ11YE54IawbXVt5IEihhSNJBwuJEIa7ENDp8MAQXTe/9CXaj6rRNeqKLp7 -Oz1D6zHe7lYxFMSXi3jWsmqq48r7Kxc/hnn/WjHupGXjrszoTlc9/Vu+Q64wr9iV -bWq8nsz3IXCjJISOblO7CLVvuv5O46U0mADmxlftcjfbnTYuylixmZMtIncC8vgf -4GTi6bMub6hCuV0UWtMrjSNnIgatNdVoxq3kjKxwPjF1Vd27Pu6wnJgbDdMRhx87 -tJdcuPE8xDpAPW8U+zGyhhuvdbWTCXzlR64uJFpCS3TnGqQ3vE3uYsg4Bnpbw4So -A6dTvhw5Q/4+DDzpNXZkHY21zNtaDHs3Mbbr1ma+RrFlIU0PwgjjryogdGP9REoK -5XN5hvITGhzf0Hj3YwkWzU78Fmv87FQC7mtA9ag2Bfjc93axeOqKP7Gzel/iX4DR -dRZyUQ9E1Jthl+XgfRR7iQoZYI81plJjIj9xr0P2jG8ShjzKBdldsYD+sKQF8jfD -4obHk+gw9STV2u6EjFC26WfD4Ux11IL4sMRUXyVQng4DWameIiYHWesiR1ryIX5U -QGdEfUpTRiO+HTuLgOxc6eh801cvfbR7CU6WM4p0EBHbWcDnHRZHO3cM18W7JtO2 -J9g/F5ZInU2iji8v86fFtr1e8l1Mly7Njo7VTYJgqCT5G5bQ6C44y1ttwvSW9486 -T2AqshbmFIIhExA/inRzWPbPyQydj51TH0llWP1ZgQbBYjVX+Q8Nd2AdcJd/L5dq -/bfHbl3U2bTqZ1iT2HvS1wcwEOa+zlQgecmWg5VhEE5RGlhfLZNFYa08bYBIX4Yg -QOa+iHbwT5YOnPf9V1wGL+wZryzTXIT35lGa4GtqcZYvUz++gzlzv+LJnscTZJDx -zYSmeRI0jgjeJv6gIDRJiz9TBAr8Yug6ZGXLFGy8oTdhY80MQAlcS7UA21jQe2eN -tW5PW67ezVaoK5TnSIcMp3v8fsb8xNr9iK8sAvVaSLbtKQaj+8oOCnPfpjhgYYOy -VhPVRg6b2ZWNuFL+kSn+fEdaenWv5jNk/lfHnRuINjkjAXPiY2oBNLsoQPs/5/zA -aAIgO7507k2RI0Lhfeof+9XgJXbZBjTpvnxLWs8I1vY2SsycCXo6I6PwhFEYzTkX -hiWrHwPG6XqfVQspptIvCT2NmxDE73/ODuJgGrLx2Ok/gDOch85x6EyhTBklp83i -PBY6/vnoHj/evPwZl/wlSm8rTsLZhEj77teLiSul4sEpAttjEpjszBm0PBWR/RW8 -DyIQHjt2tZ6+9riPqXP0OBTyIluMuGR8XzGDhGI9lH6ndQFnl+rOfKt8j70cuDTp -wUHDHWwXm96yy2DxdIx2uMu19NI+FpHpGWaQgxW/AIUymtw+2NS+ihj5rsJ7xMF9 -EPIfUr3SUqnIqJ6lJNAN+hHFQgv/N1zhzNtkd4kftrzwWGdQHuVdu6CNnDzOUFKT -TWaq2BFkV76kl1L0DWFMefDPVXpD8vSqb99MGmdtlsqT6Czl98Q4+RPqk3QVFUJz -/2ClpgJriqeTJnZt25jjKUYEAATPjdBTDoaFFinkJo7802SRpOjaUGaR6ICatmdl -2pgTPHYGjz+YxucUbRQfeYj/gXRb7srOI/MlkCUinppTzJESCcVbnurWNsBJo+yD -2YgKoMZk0ARmYHw+sJ44fUmTU3/g9z+xHx97bqZCkqa+vNBeT7VmqRTrlHEzFnJI -UeqlyKtBq7P0z80OENkViVgnvzVakn9cd/4R/rQfy7jysGqLbXIt88fvFmcjLHdQ -+tcIjb68uxFo1W9KDVvj7iHrQpOaA9fKb42/AD5B1ditj4BvnbW+kma7IRGeG2FM -csj9KdGZNcwi+/X8lV9eoRN5U6F4NaGRI47P2wrICFY3WpYjvvM2bc2TNiwGOJmj -WA+fa9+a/l1UUjthsfMtLROPUJ6XBxLAAE0HWFmhx9Us3+Wm4pNu948ljecr21d5 +fE4BXR367Zorqu39EfKNXmZtCI6KflkwdYEkhIng1S67XwAawKYAnWIVAYWma1EZ +aVAa8/9B9B1C66hx21lFeBSFiGOZcjoB+Mf2rZyxdKOkiS0zHTIS5RAydP4Wysox +MLGRPaUVcc+5ZLjtqJBQVCQ1+CcqGjomqJo1VkTlWTw3P25WlFwHGGU86aIoKf3J +5PnEwes6cLXhetB3UXVcI3NhFCGzWSF29qQ2lmxNxXYv9z49kuJ/xPqYsJ0noa6x +eWep5pqJswyV0EaJCNHgsRB9RPOEL6QKHSEh7J7tRiImDVu+gAr3ewUC0pikmwWF +fcCcaMGr+kuQTgdX6plwaxxSmS4bQDmHDJuFeRkN/cXaAwk0/PZbfBbR7rO/waeO +HgcKXnvPFHDxkvhav0LCXbQp1RYN1O3U6KaMHP9MrXjmih2Alse+V7ZA5iNq7nCL +d/RIzOJEqPZFa1K1WohoPmcwX2X/aRLWabnCzx5VRrrptpWKZkHH22niX6mU3zqh +vfrdZ4o0NOmbKTTezqgU4WPX4rVzbzaxcrt/u+ukqubgg42v+KJIS5qiroASt/vL +nvdyQDmtOMBhuypTTXCu/uQRAN5N3dVWH3T0rioCFOPTaHZIU4+VBDSBFVrZiTCn +aS67ukj+U4sYffReO5IVanh3cZSW5P3FEUOgogmcq4Uv69G8MjGmbRCX2qtophxr +dQbXE5OqXopEgZlUu4YZeqHbIlfpKmN11/jOcnRMpo/Rm8fammL5gYda1uXbmjDg +8xQVdJ1kBWnWIYkdvoxfPwQ3XQeKxXJKvftu/HP2IKKlEvvP26wGadfD6q8N7dwz +l+ZpEHpbi+Idi8m77daKyEAMvYTCo69EfhkxsxNXlcn4MfJ4+JRRyAUTWZMc13gW +skRBsXi1AtszINDT6W18MrCXvfJlgxKl2zGFi5J922kI5NUG1kstqNWDqwiXK4IY +YKOa1HiP0Wk8CeZWceASL/hvgNGvp6uNkii+Vd8CP04JVLC37pvEtdxo7BI1HS+h +I4lR10LbNxyNaTq8QD/uFyziYq1HBkkWNzwNLPTVw+V06mqyioAByX5Uhmd+X/K2 +1Z3vmKtidC3CjhYhLDjwaT1xbPwh3BFRrKrnK0mkICHFrnTQKTw1UfR+Lf5mE97G +4DZYcaCwB91UhuYKnbeoSYt2ZzZV+/jKQZC+h8OevhggNP+n1bjxU8AZOBFt+UT+ +JRKlqEE3jn3u4b0v++j6dRqjACgH9EKZ3yUDcfWa51n1p+VPIQ0jXmjBKn25v+ks +p86J0Gs/Y5u+DuouYuJ1h4UJRY3iuYKWaY1KX17CK3lHlh6mPDi3tu6uFgLu+mvD +oud3LjanxqDPHAlGpZikaN9KHGdrG7AefaNMZc9TGdgehJ18e3pP3IKJ53o32n9q +NzqNs7q/zD4/rFKThpT6N27Zr3GgTqx1HkD11RiKsUCz7tSaWwVfFjJyrw6X7ua/ +UoDQaf8i93lEpPutubjQ1Z+QgfIX2wAz9nPRzxUnW8cyw90ghPiG/KulXLXgI4hd +J+67FnYU15xxQ7qBEw5SOk20iAjpAJBjqphUEsmrjKmg1Ffwb1dUEUVq7cBv3A6n +LBcR5BhEInerwLklPCFwZzNe8IhVQ4FOc5uWGHV+P0qsaN5A6UyaEe5pZjRBaM6Y +CRtRpblR29rP+a+CC578NSjY975T38lSN/lMQN7bnaTUkxZIl49ihuTv7R1wS9d1 +aksi/NVtoZzHVpciN6J4Or8JTqip7uebh3FE/cbaGf0b6H5DMOGOv5TEJpE7HlY/ +xoKC9oAHxomG8wuE2O9DNlol9v0W0MOTNInXX6D/g7A/DcmxzfuVKQOPKLQMUMKT +mCFgIBGPUUhAmwzh9ZTwq7cjLs4uxd3cJJSE2+TC4Er9AZdz8EMIlsan6JvfXW1v +DpUd7Ww0cCI1PlJWyrTmx0q/peBE5gqv9oUH/EwEBHrRv1JyhwpcY6gVN+EcP9QB +q+sIK7p7m3ioyub9D2jZyiDp8ZhhmiJsu1Q4LbfjZ8OHIdut57oCtJ2kxyQ8u6NC +DIbSB2wklzju9EVKkwjsq0OObOA21IaAk1eOGRX1AWo1jsdzUTUf56IJD2+z0vfg +ElKWS9oaoFqgYKX7bShk1u2kYR3cP2IDYGCMH2VoNVEsi5o1OP/LLGarF6uqSOHx +eZAJ6uq8LJYsU7+pRXu8T40gchtq8r7anx8Su48+qfky8+Y+GVUfGrZbuNxa6Qyx +ga7NysGzhFeFYHxUGFDxOW0OcUFkCawOtxO7VqqxceEnwQm5XmUVED0qQsrQmUXL +3dJOgWYLfmIJw/I3JRSgNAM6Q+DVRe0owFW2Qe7cZoJDsaRznsGj5d91kg84A4Np +Wod5Idn03QYQCKociIbW/2Sqf9wcpKnz9rHxYEW5ukoHCDtSM/4FeytOj3WB2KGB +q2lB4tTLcVIEI9dGSXrKb6Z15cKtkWAk3QDXJKF4t2bOgPb03QX8syMyrllqjFyV +3Jwzkx5qO1Xg99R0Ts/okvayLCFq9IsJ54453otPW/j9rlWefc3YL3x6TMRqd0hd +r93cUEM5dNP4IVqfsqfMaOhaULENQVUgUSoZUHB6dyElMbwGDYdiD7AqqG1YultV +K8rnkmKjbOzl04k7d2mhIF91pEa+TcHzJZDJpxZ08Im6C+iXWy8iTPr2hBaI6fiH +VvS77aubeTQapKJMieKYcC3XKCfp6S8A16YdIILKiKCRnXIGqlL9/8pqV5uKfv1K +m+I7f41Qa8XSuopKsK2FZyycODk5/LWbQi4t1t65i2NykOFsRok2y0AZ3xhLVSa+ ++/vViIHaqVHFINQ2ehgjqV4yDR4acCdtBoIS8+Fy0q5zGQ/KgHnq6qVxGxoFTR5a +h/6jOq+xiDevppRmgaVoeBixJtnfkPS6SFNbrw9vDzrQpJldnpCz/W+ImU0fl/J5 +VG9f9CFOptSCd6hxm6k4SyIL/L+i0KvfmP8OVLI9qIY/BhN4kH/Dj8/RgemsnZbV +g3T20lgnqsAEnfINdkULeH88zopFN04/0dT4NMO1au4gyWYIVgW5LX3gJLaGQrAh +7wpowgliu2u+6VvOaOBOrCFz1sc4tdiiAa0ElbwnyXPmXJY7Lx4/94u/6Z8aHqIg -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.der b/tests/data_files/pkcs8_pbe_sha1_2des.der new file mode 100644 index 0000000000000000000000000000000000000000..0fc0d2b90481b5c0e62ea75ef8ebc8c184d22094 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2zQaM(xgl$qXGg500e>pfMt9ju7L}T zmtneRcm;EU!J9NXPvMcIQ{<}blnRJ3sG5O?Yj7%Y`z6a5Uo)-FDsNFul8H0sG2wf( z)7)`b_LE?zf$pbdbs;a*2G-$B*H3>8h!LQeA`@7m>`Zhpdh5OZNIG|-*A`qkiSdp7 zDKt0cFbB|L4w-{d?mC@H*B=py?buqmc_u%074g& zavsY`#N1e{ES)s(AOiNENlY`2rl*oxCi6I~i8ygmc9n2+o;3Wh8vb)cCajBP>pMjd zV!>`R7Eeeo$t?X8KJf8Flk32^)ot%h_opLhcRZcV%4f>eNwo^dLldl|+9)Q5Jo)8R zT2Vn58w(E}&~FKA8ECTDNsGr1_9ds1lYzAF#QRX}tWSuj$9^Gs@Vb!NAuRb0d1$!a z$XaI(<44JTA;dT_0O-!fMNO94qMW$xJpzhG6ev@BdX#)(bcLApXH%JTw%1@HbD+or zkk?iXL%ZG)XNfjjEp@ojtRmKEh|y^1umk#{&UyKyP_`;0^7l->y<#BM)SkLUwu90G ztJ8J#f-!*9ZIy4^#I_+D1blg7E8@r~_7YgoK{nnVN?rOQ555#bVS9Aq%l+K1Xa_R~ z49q_zx2=yAT&Hq--iK*am8oi~Ra#+#u!j8|(gbjIBL9SR?UP6CEXRRtguaDV3^fo^ M97$(nDZz9e{}~oYE&u=k literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.key b/tests/data_files/pkcs8_pbe_sha1_2des.key index 4ae7aec798..e0489332fc 100644 --- a/tests/data_files/pkcs8_pbe_sha1_2des.key +++ b/tests/data_files/pkcs8_pbe_sha1_2des.key @@ -1,29 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEEMA4ECJUO+jJnTjpKAgIIAASCBMi9QFFLgKGYOSDR -0zyRMc87RkrvSlyRi8BibyKvTNEDq77jTr6ZEuOF1OeZ9fvdZwJeI4GkTeKkWqTw -XDjWATXHbgTX82I3T8R2iBnv6Za9uaFDtDH5gbUYSrSNzMaoyS90hc9PTJ2+TG/Y -xUe99kSvzbhAatVQE+0TWpgH+8oACRvGelnHWofw4/CKJXJctUO8l6LdhLht1kwd -YXNX0xjxpY/eLGlsUaiDBdb0D9WFjdi4fcZ46IHspqTfBUhYbpDj8IQT1vjH6yjm -cPNPstEeyfFnirvgFuHg9LXTH0cf0mJgLzgiclgRVEOel87Lei5icEFI4hDAzWna -s3YiTijc926mD5AqQ55QXPN9v6b/uAV1QyKenoYzIWC3Y4phTTeApCyV44f9oMMD -wzcYWMZoHzEIiZj/iiCF1uOSamIjunCmpiBXTI7OGXbxXvSSJ3aU9nJHqVT88/ke -nj//EzWVYAjMdNYl0bOsWoIONl3eEEnLaUrOYOTVMxGac6yy/oIKR7GP0R26N4V2 -c434y0aQpn6opT+JYa83N1RwES2/NxwrHs4pcx2WShbTjg1Cw1XMHk8nQYNnM4oJ -kXWyns/k1Bay/SXgpl2NRsoWzxCR7BavB2mRcyMz3djbOYscuT4QwpB/Wf6kr6pN -gszegRtwLmVBehwvGJwL2SEx2CDHvJNhvoD7vbNiWeTFo1wW1wF4aE7p/Ee7gSRX -z14OC8NSbuYV660ntNQ9LB+Z7NDT2d6JTjSnhQHxxLBwy3OnM2/vu0eCd/5+MGjN -C4svgFsAH9qnT1VQTzmpwGBJAbD29CVvUUeBF3+up+Mr+IQU9OWWEtUZ2Fm29gs4 -j4azYJUI4+RLw75yNLVgxS5r4Cc4cKGB/P7qVqdH2CmjrEk0jxyTFT/PE3Df1cz9 -F8eEprdml2ktrlQ3gCD9fw0kXBsp5vwecpQDS3r2v980vnMxb5Cm7kMTMFb4/hMY -z1yaDkarkSHQk3qFYtO5DkEUXhF6fwATyqOgJYwcy/9ynzItqgbsCIYMjpXF7Yww -FNa/GQlqIbYRCd4KT64Ahus7I00vVS3b3glcC+KlDkwCJJ0M+glzHrJs3L+PiJMi -gm+YT/5FuSqJZ/JI5QP7VMovqSLEw6y6QQHSBCOxh/CGhAL/BZ9A9afvPTRiI9OF -fyxAaf8KH1YPI3uKIuDcms0d0gJqQoDmLafdfggd6dwuLF3iQpDORgx80oPbjfl1 -FEbU8M5DqiH+eOxgEvIL0AhMnPa4mv1brVdlxS3CyojnqxPfecXyEXrhEYJWJdsF -aYKR5bU1bY990aN6T3EDRblmHs25Fc328xS2ZJkHNxcJDruwi4EFpQVT+fukOz00 -hOW2BEMFJLRflE+372LNIgSRVNI536YhF8r4r7O1jrw9McX3hzbJGAtcsXqyIO/k -hxC3x5ViqgZbDYgHz/CJJfP2RC8spp2RbZ/uDJu2YI8z8s9OXvcYv0EQmBAJxdt/ -lyfkzEr/n8oRtDIkrq7lR3rjMUz7AbCfNJpqrEBFol9+qH8+jnmowL8LWBlh0v/A -pc3qWIulXOR1pbwXyAELo8wGhnJWL4WmY252S3i0Jn8Gf2kXewMRJsixStairjWD -1m0wWUVGSm5CO8Rfon8= +MIICojAcBgoqhkiG9w0BDAEEMA4ECDJys7xIpJvWAgIIAASCAoBGe62XG03s7twB +Y3Snr5eshEg5kWSshUlP0VRX8Aer46fHK8cZwWJeADjOHREFzN5zLoQGdQWWAyAU +wuc1v8HNq7kv9/oAsq1dDCcZ0mCVNI4q1udtgItK42YD0SgxVcnGXdgldIcAgonG +BRkimrdKnQjvIfYvI7Jx5E8s+5zo2UbjhXfsnzB1AFL4D4aCVotOz1GBhqFeP09W +O5LCjUfQ4Tt/fk5oc34GZqUcguFnul2Ho1XzbY2DY+i24VG27sUf9A6OkLle5iIJ +zfZfqonJxunLSukJSryw7+b+LXCKYnNVgCAkkLjKrLsQ0xQy2tyndpLGZ4n2q28D +p6vXaVi2VJ5FusjzLDC5IIvWVB3f000E8YJDFf94OAKD0+zxhI1D/aU/K8lKbVjO +yboZrc7KYBav0Qq4ROJOkbv6qJLIdvfMns1Mn0F214fp9DqylSLMgNcR173gYVuT +bcd5Oi474xHHMX6zg8v33s3DEsQRzO6l8WwUKJswCdYMlOZBWHQ4TxRrHn5LglE6 +3xsdMf01FlKTPjGaoO3DZ6JivHnzqUuOLfHU4ioWC9cxCOySBh8cCk0tEPzgkzjs +siwLcpb721jmGSEjD5A75sCN4yruplNLgNUkkrY9PjjJO7MyqENpGk1qbNUSEkZ6 +jUQdxeaS0CPCDMtCQ/mYZAZ1obkpMQy4BSiJlWdf8wqiVo9LGjU1E81wPYpjkJgK +5i60QFSYJKMf/JzMDnz2IoyeUzre9vpRhah314PsnoEjPKUvpze6i9AoZjya0ONp +QOAIH5Dyz+NAq06L/hBwN4SDH1d1Ik5PkTc8mMRb83rCzFPFBaYTMSaTFoxMsuXS +SYtieZvn -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.der b/tests/data_files/pkcs8_pbe_sha1_2des_2048.der index 935d9fa7014a4c4a97fa0a31f66f62f4f957dc60..cf13703ec61624d88cc0d4b0d91f537ccc1b3579 100644 GIT binary patch delta 1256 zcmVL8k%&2ml0v1jzmBg%TNpxk6VE1`vcvw>@ozCRE+R z%nEt=RP&fLc+@Uu1bw$rKk1H0>yE2`9yNs@A-So4A_D?IXsR^0yt3AxY0b{>3`T=K zP;t$+(UC!h(xq)hb-2H{Ev?no4mJjz>|b@5Md5PL{`_|6I)749e6lk>bIybnMD}-- z``NM=&5?@Tqkm=B;EE!m7jns!|i#BqQBkVg&Ly(k!2jEg&*?ztM#+`j#^X$9ZaHOhfz(ws8|ECCkG zPqf11Vl~2?V}H%}68K$?!Ke4hTLg=6zad(4uiVz(&k4BzM-80~*a0aieJukJkA$xH zbmITRGs& zy|+PiW?}`rE7v7CTO+`yfXk1HJ2#dI;ADK$fGNk(et-X^Qc$v3haaiBU#kF(9|v1* z-_!$)4{I)EM#nb1k)h%JXK0d!rrep8ZFei~Bibg`;V`;N%8)n*srrU!&7yuPe6LLE zCh>H>#rkB$xyQnqf_86~m(-Ee`Kw#^x%!kMjBeB*hoTsIAT5FyHXMfqDnXVoa*xn) z{oPep#edV`CE3sQ-$Q~@R0?3j1=t-^uZg~FGM%A!BFcMZE(mT<){O)xD;5IC)&h&; zEvWkEVON-?ZO!j3JIengm#1ZK^3g4so4<{P4d#gnH0;O`GG_cuGO8LLtMCFsI4qd) zBYkcMtl&Ag(H|3`!qnZ#HAWnTS4+vXppD-;fBPTFugoBE}8_lp=m>Zup9 z6n_O(JtS4@@%St17D})Ao~u+?Hmh3ET$!Ev6w68D>_B!^DA;SRVg!&bAJMFE)M1y< zN=VN;W(&S={D;Y~NJnb_qAe?Kal@?%>UQzUt!KDLv+s?=#t^I{k+jy)I7Q10#(wyz zaSpN@+tsWF48jlG!OfC>4n$<5`OuWrRHrCJqW&l zd1qSO$|}DCa6G8+QvsR3oWnyC-bK+qE<1Cj2W;|;ITx*8VkMSjs6j*0iSyh5jelxx zSU=QOlWCtyXzI0Xnuqloo-6B#=B}0itoUqyv~s%kVG&k8Z|H7*G(d~lKY5>A@>MwW!x;etZ-j;!&4^kJ|G1-RlWlSZxHrVc1Ay{BV~TVl{Oil^+{r5qW}<lVA{hsC82;NI85V6!2u~}`u1f9foQUw-7bA4*bdXCI?yul+~P0^d71p>We z%?}|E1nGakfUGS3>E<)V_x#w1w%ypWlDiv==|iHg6epnoT*@>n~&`*;=VwmEY)5Aa7H*N`cu6N%$!emPjUWKqFRrsnfaI$OJ& zQm3NqjW==S{$l6F`BIx`VQr@dk>jk%x8t7A1qvGAAWUZM-#+@EDa(`)VrBT9?#|j6 zsO2&q!-Fq=N}$WIJ#5Y-jVvq$AOLs((EG>U;P*6c*ng|~j@&CpV#k7?Gf3%iGADdK z`FZd~$i}2SzaR9hhGZ(EIyxtkN!E{-3wd1sLE;6xvYP%Hvnk6adCCo9Po|q-Fp` zp7GB5XDhFxg2z9YgURpVr*-G~BGv?j>IR3#$xDJ_+JSYTR=;GVASltb-~$W^xcWsd zUj$7Fcy+r`5$oERi|DHQVX({Jb|>OXRAArRWq&tV)C!wOxhOJownvMdb+{jX7>t`h}M7q7XfP(GNh#|27mcO&AG-_CmIXEtb~OGX0&{JYzVU-AS9YcT1_Of!B9F8KUanJ!xuMr zS2@6BELYW1@GN9##t*3bpKNt&2*iRtzDm=S z`U8R)pup~GL-cIM9P1PAop_p2!Y|6X;TXVx-=br12j`1lAlj$oVhV{BRIqt(>VI05 zg^+X+hG8sD{slzMXCyN$uQ+g5HgW}mFi0T*?h34aLFLSk2~>Y;CJEd(c^B?r4Zj_G z-2#64MMHuIq!n4TKIzl?)JO9C84CdT>jQa?N4pv6<%ZHB5f7C_KsHg5(8C|F9&cm5 zXK}nRh#tB~3fhLI5tE=uZfP8)gkgXDjmI`ufd>8K1gvJXLl^j5eD4=n<6uz2q#g#X zhP!8YB`v%fE%D}TzorEKD6WO?J{FC<6W3OZN7w0+8^}0B@JE$Ob)gW?;Mfdn%4!g( SfbDP7A{{uUK`fvLnvNS?+HO_= diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key index e05f22cdc8..49ab9d13bd 100644 --- a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key +++ b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key @@ -1,29 +1,29 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEEMA4ECC0AvA+c58vLAgIIAASCBMh9ku9CbE1W63cd -HGEVS7iodjHFNt2Vsjh8B7GSQ5lyAy3wozXJYYvgtw/N4EZ8Jdmdklj+ck+s48Tr -3giAn8huTBx4HAU70AR5T0Wjbgks+bTnRyHPxs0uZkwgQIlMFfFh/ZnhayXsyxRP -03kTimiJ1m3Kwch495it9eBmZmEAiHRlBwspAfT3UXjpVd/8qECbuYNn/uyme2et -BatTFTK3vKsV3msEl5/bmzc45Qga7n0bNqoNi22tI2jaqrH1ybxueoD0E+52RQXD -ViZdEQXS7YhtLYj02Rlbmlp72Y9tww9MF+uXO1xWtSJsthNQFN9g46mLlXAOPUf2 -xWiDIrcCsh72d7sEhKRF4AXQEpDb34XziB0046yUSi1zilRswStINEIL2F/ssqme -SMmEyphL2k8iwarQsYmUnoS4bDcWcKXkMmY2j2eZs0YMIgc4sRSnzKmwRGqvLXrF -NQNcJqJCnJgrhTTxrKlrC3ptbjtQpazv4hblqjdOtUOc5yXgm4jPZVsf82NZlH1i -HzUa4UT/Ne30diLxy8UAWZkPFup4Gn+bXFONEWywiYqvvpunkCXMCX9/6tpCn2s/ -K8m3+HE+eZW2RX239NYCwpFKazlQKySw4tc4CiN0LDO8rkxCyaSODej8hVqEj3TK -YviNS847cULC0dz3UrWkBv/YBY1MzvEty9yx7TNRc9c/X/NwSUH3YFWIhATBdufp -moTh8j0aRTC3jy2Steconay3qbdLP5zK2riGEqP9fbrNr9R1gfGNJQ9J+Yg5rYJF -fuxJ8bmgh9mtmqgdYkhe9vaLgBmMcLjTFo9GNHLKrpHMHfboim7avQskg9leLX0k -GAkY3vRvJqbC2M9rUVtSxNYbvbA4n1VJ9gSoLhVIXz0UpPi2YV6f3c0H7mpWQ1ZY -fBxgUVy9hoV7q3FwbcgoUU/BGxQ19BTrSAinnRn2n4UkbnYeYnjv89SB0yBFZfQB -u6VVXmHALMqCoc4H8EEfyk+5R4eLKm5Ww1rar6DmK3TIhANvcsrOpftZ8AoNj10h -CzDvzhMODRwPNM994D6zo6GJh7UGF5ksZvtFreZSHCmW5YtGgiikvKWYYrwQTLyq -HR+ytVmJhSoIpQsHMG961hZ/Qd8Tdg7/feDo+DaDidASbg3+4pZGOHCcmtrBSuup -gRncAbxFy3C0684xbHYENbq75ikegx7VXrlYC4sDYKtw/Qu+z7cOsEKzJ4WbXqMn -Bez5QaKKBBODEuCVOu5gfYoxcWNnUBBxmGF2LFlBU8SzHooZN/rBzIXv2I420dUo -XxyB/7dyyZuN3+/FDDwDcWhnS6oKtuhBW2/AwlnLmexICSIkRLzko8HqvdTav8ow -xShAP4plrwIPNlxirRtesWaDVIEcv1GxdKe+sOJOFEiAFGf+5xECeK79vq+A3Fuc -/ih4wKFYAXK2T5dBTrg3aHs8I4qg7l2Le2i0/ODFUAjMD2/wbSBnPlJj8brdabQe -lMmiz2iLK/HN0JGSq2CMBuF4zgPMbG2Tji1qSuKN4iSE3IJET+iGsH4zQ8SBETIK -bbKUkNL0BhFL9R1uSOPRBnI8wu58aDLEJ+KphlHpIouBohz+b82SfFPbrUQ9zIkG -PiknJ5EvALgdG+nOQqI= +MIIE6jAcBgoqhkiG9w0BDAEEMA4ECA89psSqndTZAgIIAASCBMgl69v6yJiZx5nv +sqKgaDdqe03S7YQK81v90fxRjkVE7Que6V2n3DpVDSB7xONi8prK/TlHC2gR/1Nr +DA25wB7kNgpjT1D2S+o1j6Wwv1DMWWH+7+eAvJuTt9y2lmqSLKenW9hT500tYsom +FzG9m+h14Aj5ELbilOJWci8ENLiS5y2cT7G6iin+udnN+9E/K1mIBfxmVTm96mma +P+71CkGQU7vCwyK1loXh8ZaNNyuWaMG6qLkTFEGEWCfR737I02jFQzme7PLMi8s9 +bNWFTNSBMA9CL2II6tHVHsp3BLKd1s1F1gj1/D7zyV+MqyCzgnogweRFlCKqy2xL +0fx/KzArjCIHNlgxm+6o4EJuMSBXQfDyqPgDNzpYg5t/Pob7PbnJ2AfJ4k8zk6ml +QRe9OmWhrdCNJmBzz18SmDInlLq0/IGXQj+c+sIcghtZowu+t+VcxTvhE4FKsKpy +lErsymCwSgpDMf+rp1U07HM48VaqiGthV3JsJpuXkA9CQAntbxviUTxXbiw4RyIp +mGqWdL0956b5z2m7ypyIabBXjGrc3GVaBtD+9QWSl4eRNqt8rQRKBN1aWf+KflQn +HRsnkynT3ZgQv2odn7RwGwm9iz4iNHcBlU1G+1OCPZJ6uTMi4DjVgI8MTxLD9JoO +QbNy0ZTYhkgu9Bwr9effrr0Uu2GN9jgh/IvtCwH/iYJC3dg+f5V4MGqBQTScKvOj +/H7gtpsdoSdlXAeUDRbMD1CHwK/xDSlO+xiLkfnW11WZhPyAcuZg0kFtkDdt3K9X +lh5YSyL/cqGt0WbCDLNzvOuRlRD3N7aV6J8IktM6aZ3WO56YeWQzsCEh88xuXt+E +TGJOO8SPFu1rITvbjIxJIwxjbwJY9cUXJXZrqjEzjq+tkcoF4/x8PNM/wJdxDz5u +tbVg4lJ8BDYwfkxQL3LQbjDIwvyx5OH76gCzvILJBrO8FhcqbnHzlX41S29sWRmj +JQ26H26SKmXks3Ty3XCla8khw8BYGXRvPnE37teffVsVZlAg9aYlXLKRadtp0duz +WWQ7ZKT9YpXsvGmkESrWFyb8hFUqwRkiTT134fYy6ySAuYRoK3av2Y/WYJqj44j9 +eY0z0gY7uPOH0Kmb5gQYJz0hj5IOVeC2MVe3vlIuugaOFzaevQzKy6ypJcb++75V +cHlZcVuVr2Cu/z0QuoloSoxI7K01sreTOHuN2UgN0MSQAr2O6qpT2lpWtiKjTKGY +N/di4Fhe5Fg8axUM7R63Q058LfJw2kDfWUiL2zwWqB3NoBMCZWqX7NhofekL4a1e +2ecGR1m/HS5+UFmC60MsNlr9Uv3SCd2MAgUAKzCZ8MkorjSNhOE32PX8+5+jtT8Q +B6vcZbyO8IR20pxSFrJILSSR4jA1cfwKPstKnjR5LXq2U24gZ4gauR89oJetAzE6 +pcesXaxD5Q+p3FQIrUTlijDH+cTesamY8SVHATgJBJYIN3p7P5r/JoDBy2c53gfK +7fNWEbj1hT8x4d1APvfTZI8qELtkd620CsURtsuzMO4jh4798zlvlkvIbJPWPHYo +RNvdUxQXR5xMonks8VIznmPzcTLGxsFNNH16/ZiJeZqVFp7CqjNY2/nLszp4CzJd +/hOagJdV7sfSJ4eosX4= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.der b/tests/data_files/pkcs8_pbe_sha1_2des_4096.der index a73a21201b58fcf5b91df5fe87f8363b409edddd..38cecb0cbb3b241a4f066dfde1b2a112bdb07517 100644 GIT binary patch literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R1TYQ+2!d%{!t%}7S^@$H00e>wNP|}2Pk(7+ z?Da781K!?*xM0$O`!UK>tnrP}&f@pES(Wnhj8UTb6Z{_EMid0Hdr=wVNTZITx>m%N za|}N5P>I$pJWk|{%2t5J1ooNFi_V@x1mOM696`X`?i6l;__B!I|3^E`8y#2o((r(d zhv5i$`m>wL%)aCwrf+(^)a%;Aq-;3==4RbW4x5;(yP3@E6GBP}xNWCPEnzN0?3AF8 z^-y`{c!f%HDA+uhWT+ZGS@lz@g4ZL04PUQr1px8s8 zsI+8ebbz5=s|~jVV~;fMf58AkhxzgtTH=_A8f=DH>>5s~i|%0km8z08oxVBu4b7bd zFx{#KfI@p`J-Xt%VffOi9Uj9wjWfmDs;l7?AureyQ{*-ZQErnZlK8WsYJ;uFh{$-3 z&62!JW724ReYmU*en%pYN0+PdW!{g0a`Mig7f5Dzcxl1R3UF^%r|wc++d$;?*2pO( z6tZODiy)04D?J|AI&rNl4U1FPP%#{};wZxCZR6PdpbDHOBGSlCrNaGZ2B;E$Q4>%; zm(AsqoC4pAk3t#%LQD4;s=Tkj6BiC4s`ZS%<4r`!#&n?Hx62Nl$6-cbTyn*15!!;8 zpi0t&&lDWObNtrp_2X8YzLp8!Nq>I=>bKH4bjvroYxw#5ECGR?H9>>v`8{jLplw;> zBU_1cRA?pKVlhJT?8htiVN;X0a!9yuYFTK2UkMA3xLPNLQE-hjwzg{y1nl>R1j(y} zyvq9a0W;k%$%>|zQ9Yef`SNa&g;3hdvspYJWSyFR15A+~WJLu*5#9Jh=o=koR9$OP zXHx7g_#dc_3H8&iDPB~Zx7Ye-tN7`klqpcfZItcH=!081@r;llB7GO;iaun=KubE8 z7DW{yUP75VN3bS+)&*w?thUF=tPfy_o{Zdmh)^yeo zXn(ZX6f-v5jz{ghiMV29u9LvJ0|Xk8@pWId9U{J<;06pBzg>ZamXqMiA(z+P_+)^g zId3U*9wFDApzD<({UbCWPgZDV7=~H!5_{8=0^7Z$cL^ZW-_g6ann#BAxfaG<3w=Os zsIj&8L=$7lM}BG<>AqiTBB$LZ(_on;8kvvC64pGKQEv*{ALUB0fbB#Ggx`TsZfW(F zt1H4<8jad!ez)?@Tew_KH)vvhSXq0*&|MoM(QvM46WEX&PBWR=p+nNQ)=Y*IG!=)R z$(AQ~k?b-Z<0s1vq}W;b#xr)ee~}EG$lUXZi`Ghved`+Z+y$uho3PHUXEq@~7wFQVE+5R?e1VF?|Ccc6puDSh|v7n(^RQCz($v_|)vZ@D%S-(u2C; zvpTf5-} zjH)!h8wHd4O3MWmuJwj~AmLh`HGD=Fk&?G{kcMBb<<-ax&g1NxyMSS`n>cSDu*Yo$ zs%Lfs1G_u`TD5k5vR25 zsLO5M<%tOffW}Z)6m$8>GSh^Z)@g=JK`Qd=XO&-Grr;#N(Jp?nTd&wiuQE2Bc4~0<&d3 zhPeyKiTK!pnI4}X9@kgx7iqD)ztx@Wi0O4zVYmM-U*>(YbcV6T8^DlE-cJVd4alN% zE#=4u4d}y|DJd&uB7w*u$V_{o4|$tRAJQ6{AltF203By90K~)&wj@rQ{Zf#m7z$SN zj#(aQBD($NK|bTx&B-gKg}l{jTQsS^JQvT~hMd|W>^jLp>R6rWm;%Qpm!%&3ggBk- z$|8&QB13!<+_k8?6tlk4sT43%cVI{S>O^}M&+iDO+NpAIFHzl{7)$ZtuV z-F;k<#!-t7dCh5TnfWx=sH|26ZL=l@Au0Bvq0W)FKy3_bNhEjoo$yy4}Eije3rQJiu zMgfoP4hU%U@aCpHmI=r gsf*IEcYk2GJi5@Y6F_H-NpZeq{E2MD`cF{Jx#yP3)Bpeg literal 2422 zcmV-+35oVFf(ddk90m$1hDe6@4FL=R1TYQ+2%)y?zFwE_CjtTp00e>wP^rqkV*(^Zgx7jn0tF> z|B|o|4@_;u2zGgpk^(!?7hyHg&K0Zu)(#r5R zAYj2rDyw2@fUAoGOy)*BuLOmc#MURCg0 zWM9xyjBD%y0ahWdhgvnG6JK$IAtPrzoC`U4M*VCZzyLQYi9iBhdwMq;U$VS=!EqXa zpaS3FSiL3YAtp5Ml()(G;sBE)ptu9pYGLE@>PyY_bvFQ5dI4=5mTyhBF7IN7i}-lb z0=olq;Vfl6NARb)S>lcylBW>EEn?6=PMtRFh(Rdqb3&rfKvP6n6w5c)x>VvdCMA}9|lOJ)L zJa^=~I}1;c`C(nRV(Tn64{f;(&}&PwRpaai)))iOJd|if$)fYEa<|u}BcE zwiOZ8Zq(xt`?6<@>0&$!L?)ip?==`V4fk|rfi;t!agc(>cv!i3o8=1EpAyHNT!S|w zs(tVurmGwP2_x!0A?{rQQjuKPZMKtn=EPCCiUP$|<#bVPW)7wZ zT4GnLS4ZkX>@KSY2{CtcPa}j_Zs-eS;dgb2aMa98YZkSdkc>=~@v5bUL#0Y*6tpjfP(tsIV;nMgFOORUY1WDH(u-Ic-A7oMoJjv#83F;*{QPrL%)MI> zt~ay)8ychT*-c+0m-W{GSQXcL2s{a|mS~(4ynhfad1@F)ry+v`&IC*tc zg`kvMcb(raN)hI=yYVDvhbj0?>Da9q{RFhNU;NfExW5Ef?p4!d?0CmOZ}&h#szJ!) zWZ;o_;*^s-O}zZ6Taf05)b8wzH+V6))W@3m70^kctBi@jcI^!HG}EB9gM`Tw0D&5- z>$+!}H2fR%XdZIFJacj5r^Igp!wy!H8o?K0=-!Xx{J0nVCRM=hy$ENc&@)xbx*(0k zLi5ms4ScGCcMG_1uiAxFG4TgnzKVdK%4-Q0pk;F9O)9gt%G9SB!wle0YcopR>%Ui8 z$Gr>$Z?MbJ7aeJyR3w%=if`5z2C17UgkZSJ3@A|8JOh92D!oq8;?Mst+t`bY7w0=7 z5Z>B_V?9MY9F=0uZyi-Uihj$nU-G-qH(Y*yGxKBiAOmBRCyOX|9CuS(@SMx>p>!N) zZ=8;vJ?H3Y;t{jilh$ssrXd8_>FM?q=Qj8RAwqXFTKNv_{OC1e_Z^}P!z4(FyheE2 zuP1U=X@3#8t2DvRX_Q65XT{3pthg)YUa;&>Y_8H%QZt(qTECE}O&Xx42s-QUYDu`( zTQYB?X5ETbA*=;)->NYLNp()JhG*q+e*C(K-Pr=Wt>kkXNo0*bWnu3I0+NDTtdo3!T-xc7dw#ktc)84Y3buC+Ig;d8msT0zhOb z(Op0Hdd^dzD!wIp&s$XKkS1LGPD&jKw&*Ca@Dx!FdWuxg5q>dpc;!w^4xo0U&6y!; zmhBV)eXjB4#d`7EWGquERdj6NNZ2Q#qB}*IW11;?!2sZUX<&>k^MRj2M`t{qzS@Rv z32TB7{6ik-GYAMe68fn?Kh3KSt%ahIWUg1tZ@g;qq8WjDQlOEHfL~YZ1q4a1Z-x^A z|1lF6(^-J%>n0T}czf7_!YBN!@Gp2#? zH!xr@Jc`eQ1*)s8XbEhZsMQU7cY1yCcM`c+@N#`Uvt@d#v6A{Mu{n1E6_oJHNi1T6 z-2j9q=_C$IEo%DG{mGZ03%dQYkUwWB({N8Y_E(>p%5TAZs}wvukzSq`nh0=zJ`Ynb zUMUuNf*v5>^;@a_sbdOAIKCsaaAJLz?YtmDgCk8~WOyA*q+JY+|L-3_rIBw6tD@d(YYlspYT{p60#-Yc=Z2TuJ3;Y@k%>VzXk zU?6f+I7+0pi05JZn}ggrhr{Vid|^C*^hWNThO5ee1TAG|piDrIPuVryT)KLkO_(MJ z>_)N9T)!f%pI4S&za@U;qTYv|24GdE;O=v%K7v<{Gv{DSm^X6Nc<_Huu!(b#Z5>|@4i+9rd~qinmH6#iYs41w*ei2&jK zQO)nU1|<3&0G-ffS>{cLXEAAe@Q}E zG~jOPptjtrJ4Y)DF6Tf diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key index 2ca214a247..f3f7fe35ef 100644 --- a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key +++ b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJcjAcBgoqhkiG9w0BDAEEMA4ECIpgp+ssMIzDAgIIAASCCVBDJHT4FOJ+26Sd -3kuSYQDyknBs7j+ylhQNFD9E8Du9RM+TVKQbt1FuJ6cjAwRhiZrx3zfyAhPvMWBA -v0sJuO0F7aNibKWc3iMNaL9d0bm8vPrTL5Lz6fhCbejgFJG3DecVMYRLCLjchUFZ -BS1acSyRN+7v+f/T11i6+PfOVdPga4innQOvYkr8AocduLbrlWJCWtnaVIh8e90S -VfTJgqKYYG2ez31SR+V+pzWJSHI7bQZraZ/YpIE7eeMrfJlHW7eDtc0jK4TTlP8r -YFt5TNl8nGnM/NE7RYcJfTVnddmFGGaHshYA5RK8L+A7rjmEv8wS6l/CJxRooex7 -zKvRwQLQsBgUsYzffpJz/fI2lPQrNDrAtNdK+haz4SiSLdK2GVNHoS/HkCH6wN7F -caaKkVxj4aldmDtI7zpOWBl/GlSZ7d2/0BwjQeAaaduA47WZ7u0ljgykeBJd1eI/ -t1dWeFvHnO3iOvQ1E1hagCWFufrA79Dkxc2sADwxofR3gZiVa8jDue+sHu1HA0P8 -ekhy/Jf/aKH0fSD1oddCHz+aUHFedwZmZdSdEY1y4fO8VJod6Uwqu6iVPsvJ4qLE -W9sArxJ0nTz7uELk84ij6Yz0ZRWlTb6PM2KRnj3TMne0ff6BmTBpfOjOjxKOdVzQ -HA8YNHZ5ZfJLQR3my2mt1CUGT5Tw5+0/7bsIveSgV1+LKC6llpZRstJt0c8CmUl8 -Yg+YvLFUDN8bHQD8OAa92gmmZvWbqr55vz+NV6/F5CfvhnghwWelaQ7NOE/3rGyd -K5RRJTjtYGZfjuCXt3Ve0m6mWS4XqE0jszIAiC0xxGCaYIoQww5tFxj9MBwA1nVK -o6HjdcDLuqry9qdzvwemw9vDRF9NPd995g0AFO6CwAG+gyOiWbO0usd195CG+Taq -kOiT/THcHtk8Gq5tFWxcJ0zkuIoEX4LTJ1EOsCbcY4cien7G6jZ7BTakZqAB6JBl -4fnh7BXPPuBcrqrDiKyBoHNW1J6cB+J0zakKT+F47R6cu31DNgzq9BbCExu9l1JN -7Rb+K07Na8pQgLNbaGOSOATYczhcqWIPKt3qUllEBTCalTLK0ho8foO9ctqZsJ5+ -MM2/gYO/WsnSJ/JbqHnqg9Ng5xG71iahs5r+2R+9hwuzVHNo8Oe0JnT0eoElQNQx -Xk1iNrOb+/0xzMTCTYoAT/i7SdlpLnDAMvPNaF0KfYJoPxKwmhMSD1J0C8PJKx3J -CLhvBpJbdyY2utAv81DqEYAskzfxlka8h+i0gjVNoCT/a9keEPhu/dn4SmAiPHYa -h0l9aKXnUSm8JgHCohwhUlKPpUyRo4GBsBJSoXvNtYS2jzHKofbAyjWoQ8UFarCL -HVYeLLUmROTSDux39ULkmL7rL1mVkIecRBYqYV7Fl9+t7hF2Tz64D3OdQ74D7wct -BmRhBAJczFFcic64n1CdYNSxVdto9qa9wVnyKjFEeQAw7pfxU/3Hxen0hkZG51y9 -U4WSVLohunyuHWqpcopV91Rr5P8N5b33FVgl8HF44vcnn+KTmIwzzZ1qSgoHN63+ -kOAv5HU/aY12/ZCNCiyMs1EY3t7mTE19CNR6gIuXoD6MsBKiAm+XaCpSUnTbPv04 -m1bPS30nqTWpcZMSHaGoWx7cuSijmBX80imC9n2VsDE0O3P/I7WcM6OGwv7pQx7u -/aJkbk8wDjJcc10DYlmLdcBr093lBc0lKfuKEDLPJGo+eJt5JxWi7rGKNgLoaa/V -lRHWr1sJGhLXPZl4Y+CJM4TdMerZwHPFIndgZChs8OLHpgQsr2SCkPy+cjF10Q9u -QQEuh5DiOexB/auRiE0c7SHlLYWVeADlf1ImIW6fX5SAjyjWWjT8KP3cHq3mdSX8 -y6rxL9myDGHp7I/z5x7ZvqM/4RWTUhL4bKFnX9goiLJ0Tcpo5NdRR1nKLeTZrTiF -z5O0Zt6r0rYPXCqesecSwHhDVPpDhS1UDGNiUSk1QVNCdorvgU5B9X3ugC/nUVRx -b8DPbE+5i+GWms0RjPBlKy3M0TVhOUltFnyPwiADs3CRZ/l8HrokYLOpSiJJ5RuT -I7aVPeubvPgm4efW0h7o0r5NwMAth1L0ABZRlKeShyx5Bqz7g7umvTRH80VTB36j -wvWPM93SOAbccq4A5rBNtZkH+vJe8KshJEQezBdr3PtxCspKmBjHEXvppx2WDMBh -RdJXlCowoAgwzs4+dp8GhABYdEvJ+xCTYmcDX3wM296iWpV+wfgDCV3/mpGDpa2u -gOtZl0+kPAbjbj9fOkunQlyEGMy3HUfhxXsKcK4n94aY9rCYuTOohimuSdLFqEX/ -s77SA+e+q5Mnfw2axLlNKa8WzpT0W6M2Kw+pFf7uk6qXVYtypUJyvPDDoh64zpDM -G81Wr98g9iDTbAvzslAoO+z11g382Jdt+UPq9BDQtUgHwIhUGubcgs0N7Cu8m4JM -mVFu2JyKeBigekzyVvceKnvV8k7VUHu7hPt/zSnUinLKXGC5UGfVJSBwA9VyOA0v -O/6SNcFsnx0vDb+g2hqTX773/avq/LIoHlw/b3oKtNOnw0SAjocJJW444Yh/FnES -nGKUX/9bHEiAcWglqXEnRfQWQChHYjvGN8fMWgDMOGh46PvBf1v/HQtdBfacEFZ2 -98Eh0rUWvjp9YfjaiCI90XLBLb9iavUeDNg5ks77KBllqrZlKJJxZXVBXbrosVe/ -O/Rf3Izluo8Sc3J3QftDOe1huQA92b5vQcH386esZs7E6gtILUMIML24h9VfTTvQ -31Y2auKpN5uFl0QVVlnY0JQ5G0fue7XNHLyrKif2VOExDYzcBwLP/IFmDgRi2dAV -gBm8WASp1eCZSDYGf6aTWA0ouHG7WfV4kPI2njIUWk7enbsUbbqdfvWGE+taweFX -A7XFbpeCAVwZpP5C3iK7aPV6Zf7ctvrS1/qutfKIQEiBAO4FaAlxVSvLjVdIZlAx -3ZD0pYH//GJwjvzAmRUN/laSRj7GVePfIkJdpSzeU3RtFb8ekChbamQIx7ZbMNgU -r28PfKxO1xwLswMY95XgFJjl7cgDNxyCgrqiAihSc0kIeD3HCaXq1l4SqpBRIyBs -qacV1cWIVfLQP9nvDFuS/sVMFBhzSXSmjAnJQ6IHTvcQUSbADf2X3PkQTFTlnSUe -LF6ihYqh9JYWVY1SHkFU1hxgKgz9Gg== +MIIJajAcBgoqhkiG9w0BDAEEMA4ECPxYSkeFhfn5AgIIAASCCUj5M4r1OJopnVtB +kyYUjmtJv3x6ricsKg6xfG8RsdP29gkrnRcFUvqA/QsZsrHAFlymyvdu68245/1f +Gwine+PDLBmIOmfhJJ32K6Ag2BTBqnld5mXaV3ykXcgD9oyxTPDU2CJguRncTFtY +CYT5bQvWG+dd41mblHt3cs63CaUePimzjIX9n90tPzAZcHFErYvgDzVdgZ1WQf45 +JwZelQ6JiMFCO6Kd2TMUM3ctcA8uFxoxlBCSw2C5pxnCYOskh5FJ0uFJ2TSP6kOP +USErm4radP2ERKNucsbzD3nL72Gl1nvVFr1UVEyvCLHfez7+If8X4/Ix/VaqgEJm +2b2znEK/UKnZk0jPrFG9NJ9dEgIyha3Y5NX28rfEeHLaH0A9CJLBGdKdrH0FIiA3 +GiO9ayiA1W3g5ujkGu2awPFvCMk0J5CffXumMs9BAmBMllJpVBJsf96l5lI2Q3BY +9+xDGxNf0yYV/mi6pKufIsU9GHt7MhQv0IUA7l9WmjP1jWUkh3rFeDtXow626UGS +qSHmZa7HRxiXuEmDX83AAdMhJpm4o67vmmhVnCALIdYSjEJ0lcCz+qK6XgSRpwvJ ++qmAF+W1ObkWI74d+w0XbHPLvlY7v14ZMB+8eCC9ANIyABqOgdhmmrD20mKphYXZ +ZgPOg99e77ijM4bRfWKL8NdFwRv83YUoi1HvZN9iltMaCbWsT3y3OnZmuFuYCPLj +oeQQ3r5bvuSThlTXWgbuH3YkYI/CW1Gnrevgbu0h0SuO7wxVWg62ZOAPbU3cYBkF +5/PACrRdwOaI7HViz+IPbzzsIArYGe81E/JXXqXfGkwfTqXzsa3resZqivlTVHtr +Rk2g8q253SEbL9zy4nNtoSFWgMmrGdbeL4iczQR2aKmwRKyL6DwylrCijwPEONjO +yik9P1b86jmGCZhh6VFugqXSyNDSUXxiAGW0w0uFhL8cr9n+WWfb2j/Zimsyv+wo +EbP5zMbYAK9gFQ1sOEKC9Isbvsgl1uSfaIxwYx63LuvrIxMCy7w7t6v3YHwQ8Gcf +fNf/VBjR+F764nqSo5XgXv1MX7ctWOQzj/Km5ix8cPuPszWGOvHxAHj6IJljSG51 +arq6NKrA33Y4bm6XxhU9BBSZL90CTU4lguqhznSl+I0VS02lqt4m5uce6ikyHFgq +Tv8hoJlW6E6CqvBJZWFrItoNIwBIJeGtKsrlyKyRvYhCdlDTteQmPNtFvvEjIkKp +AKofFUmiPTjMJ3ZBxydVnxUmdkIwGjZKUU0I+D80ENAHDLpYjKkgRC66/kGjqKei +pEzrTBXZ63B2qKitfShltE/d/Q5LpZXThQWYziktXsfxzaZdkKzb/Yvo9GnA4ix5 +jUDQBIIsKmtH0t/yZar31CGRqOaraq7UOYLN6+tXqTcW1e+uGzY/phQip8PQiSb1 +nbY5xekZcnxN7T+TYJ4FNCOQzsocskOYPpdXy/40h6aHvJ5A/PZM/6MbATRo10Vr +6bqlmPAcy9OZtlu8HEEkctVpER7P6wlvNGzzFIg9ASZhLqEFH5bKcjZtoWG3bJLH +va6U7pH1mt4Lyn3V1t7ZHkXLyBUbnE+Z5OxPown7QNT44/DG/91/SOy4Ugl+nAuD +1qH3QAs8aGMJM40LOH6Cw0ZOOio4S8TNrmzMFEVtEtpnGuLK0Gj5+fjm7q5ZEE3Y +cdkHFnIyTE62VuyPWFVkFlZKVmCRrVH9spfkPRjZMBRaGHqk38V34T6IXaO5u6fT +4jYqYN7dLcQ3xmGG7tDDkqFMAYWweYhUNPZtAYacQwptgBPPn5/iaUirx6T/OsSx +YoWIhtPsQoKn2lWosxlGFmoCyKlMvl7WuyMys2uavh5tPHw9wzzDcOH4MKxtDKgE +5/c+GE/DoAiLxPoZFx+qLNI3kAtq2FMJLbY2r9cQf/VXWnGHZD0b8UmHhXYR6UvF +FYpo1OF73zfx8+zJFRbwI1iSeEYHaGRXp8xEPWvB61wvojbGoZJhp5V1rPtO4hI7 +hwIU64WMn7WSPEcUN+Y3eUMZFipMSp9UQ02g2R8hvD9LJ44f995DuOEwT7w59NPP +MEBXL7hs/LIoSmKAgpvV8QUvbehMMh7/FWq1DUW+Ixf9uinwlxoIKFh/vaw7Hl1w +/YJWZvlw2PGGle9B5lQSGz3qyfxNdE9jP8V4Egl7xPar9B7vhANTCivpxpk18tYX +JiIFVizxfglZyaEHqvuymTfU6K3MkF8+34l09ZqyI26JxtptwwfEjyO12CJS618C +L183TGh/j0xDpahCu0j2bCHU/HjPIVtJ7M2EVyV1jXtDggK/MLAQAxM9nW8cPcFs +i357JmYQdSylL55umrj+l4FDYCGAk1HgHN8c3QseR0mLP7rleKC8YcE0OkA1I+2Z +kYxLuq1XQx5mSTA/BDtwmLunZjBSxThD6/LO8pThK4s4m1d1hNqCJBTseQeJX2Am +fF5oCO/+pu0qIif7qPXEdPZn5ZeT6Qonlf7oSGCY3Ov3GNZuzclyr2qYyARTvFfP +HX8nUZO3vWfAm2i7fKYVwKc9mqavpdx/LI5qEbIhZN0QzynZA1WjDmG8+jsL/2tG +J+DCKOIfhD4YyCVN1yPv8rCLDQELqdx/n533S7fDXH7L/NfTJe63M2o3Fv4eiDqP +jqOhr/fHx8apCwNC4q68zWoFAthCflCqSp3MFGhvwekcO8hXh4KTE4RCk2G0i6CL +oJUTDYULCUb7xUix5scX6SMF4YBUqINV/nffziE9SfaadSYp9krgNwvcJYG02tnz +O81Y4rWCK5JlIyx6t9r1vKoxm/tu1sXZgbU/J+e1sth3O50Ege6WP9Ec7Vj/MYIC +d8TD1Kd8sm1m4DZPpqUG0OxFvSEZqVfmBSwVsLDB2wr9D1nCfn9WMTj2lSvkhObt +I88hpO4EJ/kjH06TejhgRnuqJbpULpCr8YG4QQRCQxuMw301yohhU+D91aI/N+j5 +oHVx8kQX88vqSpzsrq8PokyxCqztjIInEPuu3FSmzAxd9vyMvAOWZzUn146N3nvy +PHrsZOiNUIoOuLAWVwm3QQupyt88dfqX/RGqbajFJdoVDt0ULwQSiBWYUQPouBmL +hAfrm+jtdorAFDG9WjAUEdsWQSvOk9ccZeNB97BLxmSPZbTXm006tarrUPNV2ycG +1Qs6LGLS17QGzDwCa3Q= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.der b/tests/data_files/pkcs8_pbe_sha1_3des.der index f2ce0290e61200ed7b6056ca6dc74d0cd2223cae..7b36c36a18da5312cbad74d501e5e6b4a5147f6b 100644 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2zUpjnz~bvpaKF200e>pfaKLah#+)f z+{WahJb2oQln4AUNerQ{lty6Eq(?oXC<6kAxSxSc*mw@VRFRZ+SNPrWTilA}4?s$~ z93Dt0AQuBKA}#`Mz*ShV?`Ft_J9OV1@6jPM2UuVh2+1~Cb3{c4D`2qL#7p9ON{T6f?Mmp&<`OXaZ|a3{(egNFX?3^27bDig`V~7 zckc*-eZ(u=YUj15DMp|qtMsTp-$}}0y%#lEq2ZX|O)jMA09M}`feQo~ucj>mVbWiw zNXd+jPa{*tO3}uAc7LmOL`6n%`E>ua=*+xyRjwak_Dck_FunNBCzyyq_yg(xKZv@V zhsG${b)#JT0c=n;n^aJ$%%jSozf7jXRAZg>Sn%(%v z#gMX2f9m%nnC{wOCfR zd8hs)CI-5C7P;NlzjLLJ_)8_JB=bRF@bDA`FaW=${LkaDos9ttjt_P5`EG#)RceMx z`F;>MAsS7=Wq;EzB_ZG`>b2RgB4qdlkq9$AKhvXv_KDp-RnlPu-fwb)BxiBr6 zNW`rb7D`vJospnq5w>GPvrk*Ndtba+CJ(82uYMh_Yj(^USqnW3=0A9k5SgD$t$mye MR|PByR9$n&uP6IOkpKVy literal 1262 zcmVr$Ol*ibawGg zen~7`U;#En6>sf>)343^;$$m$07tsW~JP}Ye*E!A(aC9Vr`-5S%wc^9IS&OEk=JVowdU(u!NU{gp@rwVRDG++ij zJO0@Ty4L`JS$N%C{BCDw7$B~TFbmHahy3jkXjSLQ2)j|5Da`OzAwjBxQ0UY5T^ylv z(okG3irfr^_4Zg$)>e1++U9Dz%nAGg@TFt=KQBm4sO6PXJCvd=f}d7{`le_EVjq;n z@d1?r*Ix?3m}%;N&U;b&?cR%@Z1*b>=xZ(l0Ug}BM#!x<>Z@LFqK0Obgkk|T@}G`3 z3U`|AgX4E|GZZ``qF=KxIn5$erisgm$HEq$`fD8Y&o@k*F^|LmIgLR;w9w4%GC)jd zQ|U=X4JnYv%5^a3Fw=)_zuqSce5g`r=S36NpKZrz3Sh5Vd+{7lWlbl&mT&oI!TLWta6zm=p&ExgJU?d-sc*UJVJ} zj+-|XBb`WB$R4siNF1Rc0vRn@GPl+Bmv1<( zt9(4cZ^I<;aI`g7LRt%WedT3YuGrr6aLQQv!F75J@6Yit&ZG)9p-t$OZot$8s2GOl zK&=%{h{>>DLu2%%WCb8``3a_g6WvM zQx(9raRuWuOzh{V%u0D_L?Od1e_Do{1g>pKBL48Z2+-F{Q`Lb|2=Ux6d?y@ZFF)KF z_=4xIiSiUzb`wm=o-+B4(^!IM&3<|gH?s_JyAoZehDk~pR`DW-qBeNnNfrB%pm@T> z(Q=F@mQJx0%GsFX)Lox*+~NVv81IQPqgU+xTSzvI$*hooidoMD(Yy$9xA;BuW#_?S4YXAyBusdqer^ARm2REh!@P zg=vMf$}J1HPT3f7tdFwJnZ(dyJ=}eC&(3}^bAQBZ!-H}+NUj3~VB1t4)yY7}L7!B# zvQ2%>wopn}AAuA~c)41|uR`~bxHE2JT~iDxkoN2*+Pk?)plnlJ6qZSK0+v``QM0p~D>{ z6=gF|U^9yjn4`a?3eY_Oz8I-4q2JD}c*9`QVR-Lc;L9x=*}Avjk((@F@r+!Fji8YybcN diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.key b/tests/data_files/pkcs8_pbe_sha1_3des.key index f9c11ade0b..07b47f74c3 100644 --- a/tests/data_files/pkcs8_pbe_sha1_3des.key +++ b/tests/data_files/pkcs8_pbe_sha1_3des.key @@ -1,29 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEDMA4ECGhNuQogiktrAgIIAASCBMhfcb+Jt0YOgGni -IWnwmmtYT6Nvina/j3FCGzcHCDyUQDqh1rPUtZnmUdM3fyEGlUJdX9wmHh3gUkWx -JE00QMzYDQsUbGrt8H3rCQ+aXegCicXAyBgDh0YUhO7bWmgJNSvZOduIeCJ81mnb -xtl3CGgaYVOWspr458crtvn1Hlhq0EGs54EUHWBE89PHNxokGHqkFQcdp7QHO9Zm -ZvjTn+kR0K5KQbeQwMf3LcboueDV71ueUZsHlTSZ5Qs7WZORRzMBoo2SWV+Mh7U/ -yAQv4i6CMauVifVqTMbLtfdTyZCts3N57sGstyqIruE1Jwg8m3i+cV/QIh9Fcgo8 -R+snSlbOZMzCpUIvcuVkEMBP8+89/BtIabXL8SoTsD6v/f/YJfcw9qpOH+AoA3JG -UZT+0VxfIk0JUkX8QvM2qMQYY9efX+Dq+N0ODS1vsdP43pKxowOQlQUPKOsqoDch -IXW9qDD3uV+clg5L6BqDbX1O98oegcg6L24ZK1yKVzotiTj/eaZVpzTtrNYzWB0+ -qO9FTwLqOmIRcduKKu5zctC7QlpFY3U2ikbkYpPsam/9GSXVe0LuMRLleiMPQUdU -ZJlkZr221OGq5TVhyJ6zEwud26wExB16tLU26ZvEFwExoUPboH/UQwX8L9vd8BKp -a32u35n5MOn+54Rfa4qfpU+uLB056CCKL8PwVLN9Xzeg+gJLfWqwEalPmSsylakO -7+suOGaUKy1a/uszD97dKk3Abwfoyb0qvbdF131GR04NYIzkQl72CBlxuWqVUt9o -pmwsUDAzwoJWi0sKy0dTm3KZHLJ+3OMIydod3beS9uS6Yro6NJBN5EPw3PoByBF5 -DUkOfW6tV0dlHyXOuwU+JzBd4iwJgO53GVPAap8a/eOGgNCiw72gYM4lcHnwShL0 -/v969VqntPXb7YF1hMs6ef3zTmLEB4xaXcARynnNkZnpQppxSPeHeXU+KxZCjkLE -brzHFnUMr8UJOyra3C/iXfi/OKJcBIURc3oY29Q45GBcV0s/W3n8TVF4qEqtbv3c -NbEmgcdzLGA28XiuyUH+pLxK3qP54jlqhd22q5qoN/gz4MKG+hJMMcO00Hj7+4Fb -fnxxGE5far3zjHLaxfnRKIfseU9DrQVh6gTg8ibe0kdoUXrptIb51eRcukE7s/yc -01Play8GYik4x+kcNAmQT29EslB/3RcrWH3tZExJjjDaC+Ty2atCMmlLGxt7VHOa -C3k0QHYSE/TULBldB64S1vVFrZgzLFTlXKGm38mOGCG3t/lQQDTo3IAp0YE+atM3 -VG6ON3SSU0QRP1aEkZY8t9rf3+/J8Nl8oF4kF9ISzLNhlR/KJlNkmDvG/ic0skJK -KYezuuYH8/eEr9ZFfBsb9mRsFCM9iBZl/XqebCCC5/kfXzL/Hpp4f0L7DH4C0f6L -LbMCFhvsCNGh+1pdIjN9hbAkv/r2NN8+MaY2xFk0ukLfKgpLp0EfpkkcM0EZcvFn -j1JpB7rshCLj4PzM77fLh99H4cffL2qyzXqFF2Y7iW28bW/RQFxYwpyEnowrcRH/ -11Qi525SdKWRkb9QlTJqFI6wsWe5kmYO/kDqGUpGPGK8+XTRTFjTci7NPLqN+s0w -Z4/b5SMVucBKq9sUm6g= +MIICojAcBgoqhkiG9w0BDAEDMA4ECNw/X4edWXVbAgIIAASCAoBDmCn+YmkXDXuo +6tdZqaPmpj9cCeBl4FOaID62I/6Xfh5if2Vyb3NVqyK2c4pYVc1yQpFOKK5dJuN+ +EyKz1L3Ey+IwHfXGHz/VjWrxuZGvrxy1ssM72v3Ev9zQKO/+LT+hKfkAxrD6jjCA +heiKJqFaDeV3vkBJIN/L+wyG2pfUzYu1ZJTa0s3BSquiS4MF7L33nuTQ6+VEvVBH +OfufPVD2eqCAYtc4FJz5329kOf54ul7shdsIp0EII7bjmGSwbwG235Wk4jOkIkMg +EKV1UgeMXQ2yMFwOH+02xVFj9iHlMq9gVkWVxzAEv92FNqysageyvwV+LiBQu3rz +hahAqoI7uL1aIRmOyNs1xlSN46Ztr9/giE6NZ3lMoivnSncxXbyUsrwp2EepEjLq +3szsV04DOBAF1CxBlg0AI/PXGDe5pyFrlWj0aaU5YgQR+v2DT8BPheZASbk8Mo3d +WP+GKahSJRBUI2C28rV/aQWsforW7Ml6Sj/iqWBQbkNEow6FICeusFY7gxYjJdPq +QsM5Ncu9kxXPJCwfwPuguh9BbIUJdFl6J1lW97RF5M+XvfXm3naBu2PVQbPDAwde +G4DpEIP3ckOrnJrNL9Ewjk6upuaTO/SzL5EDrK8jygpmkPe5YpLRmwmpr3lLlanV +Nmqv0HC/6Mxjh0E87/wyAD68/Sv4CYFvWBE9WD3mFc1ZHadJmu++W3q0X1SOJpOJ +z+Tz20bYdbwo9glyeyh9rHqTukpAtyLpJ4RnWw0BqO4CTH33AJas82VxHKOWGuhy +QXKiPBronsVP8omv0+HRPk/O8fkff90NZ7wivihuZYYqewBVzJOtSwDFBp+pTf/b +kL4GqBE3 -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_2048.der b/tests/data_files/pkcs8_pbe_sha1_3des_2048.der index 582bcf324bc2c53bf677a06a49c6a487c1be0d3a..1cd196cfffb390c555c5d531ef6ab81af95c2c47 100644 GIT binary patch delta 1256 zcmV`rli-jI_?4j2ml0v1jwFuw^2T`@U?9Zhkj11keXs%WkTr- z$mhB3(ay4?P{@orsdgFv8DtFtZ0o zoDL3>>L)Cl>5RkM=n5{T?gJZ8G%{4rPXtP{4%QmRKQb$%%73~Y5H;{0Ybtu@nLRxt zCqJ*uZ%k>qF)rIG!o!3UZ8-UZk}&CcIfK!D7X=4CC-CdCNhsBkl@#j+%mShs~zXcoZ!RI>nsitmet1c8m;BTF61 z%==j8fW_TCWPdkd$srkYIGk<;*p0J8ln5Yk25)#|IL?80xd@nOH8fh<#^qO*^G((? zOcq|a3|#@MZY;#TpiBfQx#of@<;GTFzk)>Lbw>i+>M|*@YM|q{3z{Njr!*vOO{E z3H4Z{8$d~eK3AsG)!zgmc&rp=?Z12fq?P z0m4R^WE($1c{`}^cP4aIuvH>{0|?nqIB#e*TxyN<2)lVJ!#6mP@KkRC*L64)Ku`P1 z;ZVum5q~@t(n?q;e(l_-0qc>i-WRt67-yee5*4dU8uYR(DsNll^=<@4_AdkVhQXpY zcDj}4Ora{z5Nhf!s-a8kF>3UXIJkg>-=A-zQ5~dmmq7^_RX2ewGq&S=7y}=lzo!-B zn%PC*(aY=XTgJo`!7XQ)uv^7+XEmvAhS@g7&wss37X7;jT`RvBPEX8@i_82*UT@qQ zCqBQ1UFE!hGytCgkT~e6nnr|4rknjnaB}9~?+hg$$#FuQC?yq16ME4$gCvp`#}1Fk z`o*?4mWLig)~!&+Emlef$5g~Le+C)f*O_!mqQ6R~DP%W}XW0u3%|}Kx?DPx7IiH1Y$-~%?&smO*L7|@_$7B zR;McQM}L=yi{zdwTI1NTFu-}|c%_AsXOQwdc+@f&at~@Y(@a^DBNx&`iC2P*1(@GE z!8I+zR4N|pu{yoJkO1DCHZCu-9%(U+j^13b006Z+J9!|<9q8%LBq=I-S5JE+XFVg$ zi~s=%O<+ZN4g~OS+1Y{h8+kD^K4Eg{g_+VT5$TGHI2GfJ$j};#vZ5m|nN;A)NEr`c z;$twmYS^kC1-?@bv{hZ3fCTq+o!rx;VgcSTkS(B&QX>cgX2v}#y;fcT}4aDzbB`GFs&Ux&y-SRNbitPnBtd19nY4U#|G4{PM) z9dS1_@M*>Qgn5gE`RddRZVD^|!hI*a*=*~looQPKd$H+ITYn@@RSPP_+YFOuSO+VS zKF%WAi8hq3#~ z2)-asY+6>wI>>@=x`HFnm&AiTZmgK=a;)z*N@uZsI({u1^SBe@&HEU?E!tu_@sh?{({#dG=I$5H3P(W6;O(%^fyGW9Enr*Y)qzDT%TOQT5ha8*rr zpT9q3kY6{b<_(ICZYZlCNkLIfea1`B9O4VeM<5~90DFEF?gu1#+I|o3@;sEZp}+Vs z4{)6@t$#7;HT>%kMpMG&&+MASyV4sTvvWc0dZCy&Z3}nHLt8F%r=0$rZ}eCc>vU2S z5@X{Db>)sCy$R)WK{8FmFY4wc3>t%GK_}vut_Alse!X4zxN@b!(+CqUyz)J$}V^x~mqtXdxwkzu#UOlorJAd?4&TV>R@yXNgD~>0`>d>Nv>B8tP zr={0q@p{}~6xb}{!9DS?1rV3&wXA&du;R|(g^5R72cp;QnPCZ~SbAzV9h^t|-V6@T zvgms}`Xw}{djn@{DT0%|W9FMhv;}yL_1w z(0>qhp(F9b4$JzZeJU3I1y(*l1_Dn!IHz#YT`Sb28;|CtY=>s?`Vz3>_yPSLV4J+G z>J8;)7+eFiwsmJ>J8)(we%|><_MJA(xgwh`8^9PGYB+jVG~o=}YIc{WEV!M}ak&{a zf*`MG+RYyEVy5y^fN!f5uWul$oM(i66MtA9Qu8cMYo;wxfVkNYgaKsol`EJkZX?%- zn!`lvhB|=#XhlyPgyKx2NHfRS*wz$5a<*LKAaf9lY zt~UaJ6~htmrBf~;lQrZ875bF4i+P&4uUo4O3P{c}4EBEDjAY$8#@*}GVrC1OiTdV# zPAD1CGw!+2B{F<|Sds&KDnvvfqCw; zQgLvF30B3qtgiEq+2MtT58NxLh+%rU&M2;nck@&H2)RYI$U5{RrB3ce_{I)#Lj+S& z#-fWgm}fs?7wNJZW^GTkDb)U~xT=V7TFJ3VB zK@X}+ipwrqaNK4d2=Q8>r|9?L$Y$M>NH3Kt0pUc&qsx)W1o{%Q*m9h!)9pNS2BgoF zxkRgz+AdER={n|Kpve39UDr)CgYa1oRN55)#z!y6rF*uN>+B(+Gh87Q?LLmH$dkR( zGH;ibs;iW9=6MRhr^(2`)_2r2QSk;H4ozR(;G3JIlLBy!FRg#_^W!9uwzc8k;Ywa8 zK?%6{dZwlcAyx*{WZbEC3u&>goi?q~`7!J9uXg}@vXJ315t_x4VTC9o>kC1THMNi5 zM~o=k1C!|^gV$v((uSo@oJ{r^aywDQNbcS++{e8=-vd%xUyWg+g&dWekX9Rijx7&p6H} zpLSpW;|jR5_(GZM_RGt#ssQt@QkrCy$w)AX2QJ5sOsD zf&4x?keb=H;9T86aOaCd3-#Dpj=8_T)u!z!uYmpI&6+4pdH(YXB$YY?*-kiZ>cap zx|qZ`M(hN(qHLqX3QCmLZsV%O?*oq?+W?5dU$H`E!r}4Y&gdMQ55Q_!nm^5j;;;dO zd}MWeW8Ks^u|g9Fm11y4gI514hr7&gbM(#_qB8YzU?zIzQDYK2jkt`Du401QB+uNh zjFkjFCpt+?)E2e{nLeIfkr&G*XZv|))&%cr&joQ3+402Dg0?_UdLMV?W{Yh%W&?D( z=KLO(l(}h`IXox6L^0Ubhr=Or*p^2`lJuMI*zMSJ`fAEiJ|5e~{EpQttO%>4&)gOglfRJOf@1XLhMqtO^#sP5+0o~}0K~e4D)uEgWa%4lSXyZ5s(c zsLeeZ$)Sk^SlGL19+t+GpeHP;Ka~QpajnuURANl0LuzQoa%HsBX4VJqwy$xJ5Pslb zoRC>;Z2EKq3`2DTYn?7}R$jj0zhrj}O31CZPHpnrMP{K5^s`ZwkQR)z?$EK6fd9&h z5B;ShLBBnvMk$B1ESFeQsr>=&3av)cR%wL3hX5Z1>$c>92Pt;g9Ob=nCPwv=%dQ^ejxgm6|dME-; zL41p96Bo9kHBee99AL;sV1```&Oq^tkocRlXI}Q~5oP>^?K8kIJqaAMLrvKXS2wW} zG%n#-C*g;u>;GX+lL8R&v+qPT(h*%Q7~Yr7`1M`saU@H zdr@)pYwhdC#!B=H8Nwc#j&nqL;_+{P*n@ZI<93r?ASz8L>Ba{N(xZXeWZ09b{?5&; zcSEL^nE#vop%F`FI*g0E#5cZb0k82bc*ga$?lZUUuY+`{zd)m zM7KJlv;d*@567cC+s;8GahwG_EQ8&wo|la>#9Yca0~lqy-+1FFTS%`Uj$MXQqg0zo zgS1w)`6EOf{C4HOJiugU)hnvg$^Cvau%KTJn+MocfgE{n@Ya;>2BsqeSz~ zdFi7nAl#x19olee$pIq*!=J}va7K~juK8pMnQn3JJ-=3uHYBddClUe}^MZLTe-LC_ ztW16_3J2YZpK`jlg8B)q=OWXY%nRO90p1W~m9BN?c zHr)YxM<6GK3>Lf#A}xVemGx^Iec!pf$OD_Eea=p{ASD4$G+{`j7g+M%g{&qxRCH4{ gJiKI;Cx_ZO)m~%j27CHCN+2dofaLDCp0R72yF4zsFaQ7m literal 2422 zcmV-+35oVFf(ddk90m$1hDe6@4FL=R127H*2qge9tRl7kd;$Up00e>wPy!COLlv)DfT9VWR9b!g<2#4Ik>qQ*)!0s6lh;Vd>h|nm8Zw4XUc0vN#e&`C*40eTJ&1EvI~K-jYKs01%b2 z&yNyR0SX2V1hHPDDiPC9Otqq1u{i%{kD384~0D@Cmdhi6qMZ30Dur$+y+WwS7n9KFe ztl-zenBe8jH*{SFU)9thPurxO@3)L?O4eyPj@xG#2hvLeQHR?*I|OFZP| zsX0vy{=72z^2~L!Tsp&>wJ_6`9^U06i+v*jS0hL zJYsSYk#97KZbT52;D)b=Xc5&SKrIXB65^&!k%K@-D&Tp+*_xW824}I^-NG zx}Y{m16~$IrOWQBndW55F66D2c$B!95{eSkb(tgCGVab6)o&AkWBWyjK3=g70lsA~ zioVAomd72e7GvX5RsJ=WTL8M)GrQwv)g+GEE3xE?TR(luG)rD-t9I``ZUZwNzpwEK zMhCa=dI#3?U>9WMy)Ba@=n5SC*lC{)LSu-9`M1Ww&_TiQ$18vzue;U0&i+Zpa7ieB zKefD(LjJsRWhyYpwqiV&g;Rj2`Yee^S&d5(0kPlRxg=K<)xExjYknbmDs;**gBqh$ z&Wy88UR=@#1!O<6o**Qkg@#`U5Eo@%JW+__DLUAS8C;!G`7e^@KYY){CC^HLb4-P<=~wsN*K!1lNrTk>HXMuk1Pi#V&?2O!%!ocWk`Ax_(={T_`*i?%L$oJmWjE%at9xo#XG1aJBDDAxUB* zjY9#aqNr9grwIyGQ z1#ZUtE$T^6MwK{8`gL}sV{a=kiZf6oFTDMEWS1WK^@)?$*xE*%DhY+FGY`NWArIE7 zVWIuJzB`K{hnYM_2AAc`%RuF~6MRixKrc}_11x1+T^#%y&NjF0OLq`Uk<-7`clnb6 zW&oI2E_Gwoj7c$CtWZGKLUOoX0ZyWM1RZ+cE}(U8%sY64{!rC|C&n3n+E!2It^OHMy0yq1*k-1nzGJR%MDPgqcf zduI&yx46D;O4ystNZe_Z{$c*`U~`%5`oS_;BYLD0QKkuT-WW&*X4@2154UY|*7hdk zA60p+tBHc~zC4XN`H_2R~>CL3o<#keW{pRL$`#hmW1xK9_pD)V9GZ_v6)moco6ZtDxvUq zQ-Qh6Y|}R{2Uo+aZvRR{6FgpO&>beu$xgX>EjtodpBd#s0~F)T&84}&C;jQMw6L>a z0)B?yE~>r?(Q1IJciRK)_!X=@5*NQI6XSlne=5!hSaqk!h9~SDsTh_&gU7()c~hnb z`kIMt<-TvsS@u@0kfkbaPF~9%F4{P!y#}bHGCKPZ@PdLuOlPr|V)>tPx5;Qb(Phrc zqi61G7VRF{E3&-qUW;8&zG&d62{A0lxb002!6%X~DBwt{byRrs>JbFN=%|}4+y%#D zE9N{3n1jisQP2htAvB)CO$-{<)Cl0Pidl?~#iz@3FwEZj#^b|+xB0KH!W?cq(S>%* zjDRTn{b9PH@`u#M%}N)K8r3g@4Ljy`RkC9U1lZ!RP01*>d?3iaLs76JkY00e>peVtNbKLdYh zwYZjeWMHk`ZI!o$6FqsMnW-XUG;!EeA7eT{Efx73vQgQj+@>=g?H?LypF_NAkP625 zSZ7AViY&dQ%Pu|Ar|m(y_QiZLRtPxQrdC`CYKsL;tU>*ne~BP~2U$Y9N&&3kITa2{ z{=!>8jE#GieHhITZj&LGDobTS2Ioz;+GI7V9d`sZYVTJUDjw^rR#0A=dt|wHX}=v{ zIaVX8?HcB7T^{>f1TUjP3iW`cxtoz1PuS38xFmQA*zC;Q`HT;I*o)MhrXeov_g&YP z4-h?5YZ&`n)|hQoJU0Qy5(Cbw9lI}_)6@%Pa!wES<&0dtf~;garoqfXLu=|Ztl;ZX zsTA*ze;@O=q@7pztS6SXy>>;mm6GV|(eQjgD7b9`6UOW-vZZm#fMJ^EX#L!4S%R%xB!>|C4u^Kbhmc?NU=ojabnzQ8~KM$t;S!&RTR&bk+_^2KMS(@>J04x?8|+DNFPR zV9AGFWj6*!$pK$aQczgDyga;!=#d4+NV?M;Ck_d$ADY>~{UMW2a2yR+tjvt)rQAu&9Z3vEoYcHKHk=xdO&4Z1f1OUe!XIJHN1@34oRs2E3(YdIJ;Ny1(iL6wDi+hSm+IC!?YsZF?WhSO?~ Jsc~{h*tt33K*s<8 literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key index d475ef4814..c8fbd7e335 100644 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key @@ -1,29 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE4zAcBgoqhkiG9w0BDAEBMA4ECCLhzdwnOXIZAgIIAASCBMG8Wgfn++CFRl37 -FdQZ90pI+u37yj8v0kFd3rDaDMurEftf10gWwTbm8R8J0eK1edIAHQabkgsF83gD -yrxKFp1zhHI1t65gPKHcirhx0t9XuClxAOzEme//iMaw/yf/IKYo9NRqyvA6BKHW -2h3J4+JSGLSaCsRUyzhoL6xOzF+VX8zE8PI11TcqfJe7TGs/9G0Pv2XxFpfrG7pz -nz5mkAYdckYHcu7+CQGJ09ZUkblV3MYKEEbq5xXEo4Kku/n1YNrh6BEWMLo5XgOU -YIAkzhSfnbTt6QrxM+90b4qwk5amrC4w1jUu73ZzaBQs7fhx01pR2y3zTPBD2Dpk -G3iLprgEFqsoGCCOqqqEiEF/xDREZEPW0es2RruQ9Tn14LbgTj5XVFI/wBcvp9uZ -pjS5chC0/CRbGcRi47A9vx9bjgwiGCDpxx0/Kn68uFCaCeGOAQ687XxAn1UHmBD3 -esjjb7S16ld9rSKV0oXWugUZKFdoq87AHY8Njhin++biuAEfySu3iH5ajzZV9dEj -6JHVwotuL2diVu7NU8mIsfr1kCJoUxIAbWFvoglWNmTtaIBkc5ch+kUTsz9rDtSp -lL9fT+wzjN7Q7lyRfIhNOheg2xF9huwF6mqnSlDfvwvEJ8NsQI9+CeooI2c1Zc0a -Bh/vDvCzov8TE+1Ma8CnrbaM/aSZ0FIq6PcpWSBLXSDXbLwabEEOLoXQXogOZsc5 -0sz71l5c8jJPlzXxFYYW8CNuxTsUP+hN2oWvbmL5YLq8P+1tw68jcdbqhTqoqrW1 -pGEXd2iMRUfCTDuCM6Bn4iIN80qUqqBAuoTC+zCVHnI7+ygmovhf/ykfVzNaDSIW -BkDsmZoH6bq3F9HpvOWggh0yK/l1b1E4PDQ6hq7qWNyJMyjYBJEbEdd9O3GW2qev -3ARhb0yGulxYH/h3yp2mIfxL+UTfRMcUZD2SobL+phLR/9TMUi6IaHnBAF85snAb -rbtAKCp9myFLwG1BujaQ18fKQFgcMjbJY3gLIz+3AC72irLSdgGti2drjP2hDGKp -RITAEydZXIwf67JMKkvyuknVWMf9ri9tMOZEvohnU3bW4g9vkv89CUtCLWF8iejM -fKIP5hjHOcKRLvvACFbgjYCPt8iPCcQckYe+FZI5T7zYsyQQ47fygS1f7MWZblPJ -UKAm8jxWUyySvEzIMHkoZaHtC72OS/L3iCjJ7mkKSZKeCDAzSEJeeQcOl0klVCQ8 -0P+mXq5wtGakW9MKLhmsOjUIsyN2f3gCO0nESYhWD+3EKFLSW7ZsHbDmwqSDh6bn -blFvlQd7cpfYFtlmbxZFcv/l2ijQWPHi93G/0VIhFHxI6LegKt00bIL5iwyF3NpW -dNzuE69hweTSKvOPqRsRnWyGv9dVLIaQPwUS+eEfsGGNzM9rbty0j5Bw6KY/uDgt -blTfN3yZBcyEsdPwyiVLdi65zMzN8g4VVQBHFhXWPa2N4gJQVq+6q9hQkgFFU7y3 -f8MX4BrKq8ifwWxsjL2FawcAoDcHUdCZjt/HZ+9/rL3iQvKeHbDbqu4kxlrE1FJn -0LHIB21qZIo+6r3fdNMUFkuDRBT9eEh3Wxlg8G35FYCIiOuIwB2ED/Hdnqtnemxj -kjRXU176HQ== +MIICnzAcBgoqhkiG9w0BDAEBMA4ECHQhpmYrGd0CAgIIAASCAn2hV4Jz28YdWGFK +0gLJr9d41Dgsa4BgBAD+dVf1D8prnkR5I9VoPMY8Fl2EZFVIgBCfKTehR2d5jMjg +EszFKDnSh6Oc1Rk2Xfp8zOy5lFBXbr7sGfHPFTBaN6lnFwRlxsDOdXHNpMVJkqnt +sli1A4Myjhf+y7G7jz7t5cavMxSkVf9NiNQ+4YwdzJTDuFOHPvHfTk+4x/QMw2Gw +IjKPyWZVYXk9biEad81eWO0waV6+wexmB6adIo7FkNFC7Mu3Yjxg+2DRnEnKRuuT +X0+Lt7vzHSUV5+yYwLQhQSGQvuci6U9zin8hcJ7tkJEQ3kJzQu9yL5ozRI/kAXRW +LhS4A6wGaQFSNYf4LzUxkqb/VvNnQ/EBT+BXKv/N83ja4KX6iD4X93uKlUGifsi6 +8/z3mI4e6FhO2XM5PdNE1iCdJtkw5vQZYPACVdX5LIpY+202hl/+qrzJkW09OZfE +TbNJRq89AvpB+Z1RVpIdvnFLuNZCk7GJyfpQCDWmK2msL0XTohlf5jUB49SwchKQ +NJ1NQM4K1JDz/yI+N39CCB7MyUEoA2bwRIpNRFDpNC/rE8ruqtPs5mhDfHqYCEUv +DfU1Aix0oQpFKICNlxqXgmszlzthTGUvNzT7zPsePfhReIBfiOG3hmqNzmq5N7bV +hhBzpqKIS59htjKZ1EDGCr7RdYdO/wzy1LCVyXyWZ1QCYPyyK2C04fGrDAxnOOqM +vpPoQPswK5WbfEbVqj1z9Y6MjcYdtr92x1ZDhTbM7BAdeBEhjzfMvrKPVuZO4+rZ +aC6TidEeAneJablTGz/uIGDFz1Nmtjb76cgUZHW0IRsFTNXVAPDRcxz3P1F5hujb +uWK+ -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der index 97319e9f13ca21f0766d2989ff236efcc51f3927..760187edeff89353b6a15652f8fa1a56b4d6db24 100644 GIT binary patch literal 1256 zcmVr!n}}iz_}bu z4p~?S_bQrByk$#0Zwt@P>2VRLYF_F57ziGZCbYol^Uw3LXX1-Bge)ZJ`7xO+3`w#v zFkta}y)Mi5$hcLyAcbulQfHn{rzp(~7h{6$;2S|bmt?VP%pBG{1MNyT`#G(*o?;M0 z7n&zzZcfF$K9tqPp(15n4ViR53#C|>S>&iDJo)!#BqKton@N)5-t?%DeN0_1Dqec4rSqTzV`Uzuab}TyO>}z~e#T}hH zS}RbaWEvG;#`2asOxKbVGrZdsG(a9Zl$`ULyr!ZWQ9=GP1NS5UvL3{K!;~l@tHhNg zm@AJ)nAfaQ_mTv+*$RnHFHt9ZJ%nTJ1w%1qW1fWh@}JG5pAZ=zW0j1pgMO5Pw=NoK zGCT|e!)*aL@TU1+#{`ou7MBXr?+=4+exD4APOVa9ic{@xSfTtZ}~C(TV?X=az&zoKsR>j zaEp8Xwb`=lvdYO4`i0Il`erlg%4ZUS%AYxqlGjNek1wbdI<{p_hHP*KDMXYzbOV*s z@i(x@$(PVr58FzJsn*gO9?QN*_9Mq2JEK+~;#=beT49$I_(JQDS6FVr315_GM@raH zNj+=V6+|^{^ft5_b+lxDeca7JgI3SBpeap|+!+`o2-mEFlfa%`Z1d9IQTBtAZqoiR z)tzZ$UcfiBo^qzrH1xW3??%5rNQUgh#m1LmOb@$zSm%(!nofXf+bNH)YBE&WVMwFr z)#SElkeVHUTDU#-2$pvvsQj#dRS)qGza&7%>u|m-I$fU~;7JpX2Z-VGhz7f>U;xom zlndF55?B%XGVl+(W<7vLE-RE-wt0cD8^G^uWqJa)=^fp3m2T12r8_Z@ekplev9+2R z6u|KHX!_p9m#{0L{{{hu=~!+#bg0xOp!-cK;m@u3@i-l0U+%LKKNer6BH8GJ?Z?GfJkM`D|(@2nZngI zPteiAxydZfoPiR+mOf&l5JJ#;qYYDB8fPPN{}28%LIK=XKL^6y70pLLM$3}1ox?=0 zmFJkBUs$j3DP}rQjh`|U_0p1xc_vP`BTZCR? S#tWaa9S`kWp%Ax>aCSXj&s;J9 literal 1254 zcmVrz`Bi#)9@hD zX&bO7vI>-GCKK=Q%hI2YkA-aSTCH9GSs!B&V1FR{)LN{A2!MT_ru=UAH%2|gX}Q%^ zM#7F!`I5=3p{v!Q$1h9`iA7?epN3KrU^SNu59$M4rMzVQgXc-ncQzY2*E8EJSNJRtbPyA zzMy^hV3Bjsiv}ekM0=auQyw+zL{VMZAE{#ht%@?4T%LxG$xg%@A^;PF^;lt07>u#9 zBGO0b9W0bW&XLtanO|F(YW!{km8S22+(y|oQ1^#axFPaA=mYQ)F~yp58bNt$hUZkK z_u6Qx4FX#l;OUN@p7I>BTVYAv_Edm_YB<_rzy+JWx>tT6DJO{OkaL-L8xUx|CX%16 ze{bL$r0+T-Z57L=&@^PI2}1qLI}sjwBr>s>8?@gAdAv|2yT+U7%S5GIF=n3KMV?Fb zjf-Cd{GmS% z8Ki_wzWRgTnZ6y*_%BiYJmEQ#2Z#gCg#U#C> z)8v?65EYJ4LbHkTwIMTUfO9nG!aP6llrpNli-;!fJ~UgKQNKD z;jGAoNyLt+z=>eFO`wG(`&p|CW)}0NX)mg5F%oKQRrW#Un@ngbuYtT@ol^ns46_S5 zt2wH$%Q#;4Biy3+=&{Wq!(qPn==t@R)H_0URh{bdjZQgWFq(mMWsJ7EBvI~1-qyVo zI3k*4%?Z;W#rOm##fZyL8g-0vZz8k90;C<^41`{2ehmWfq#)3}R1 z?B`o4rAL*p_G?r2y|-(wtQaC;WFx@p+}WR0e#Oit)pgMDO5?><)u?eE*K0w2`pqmYW~7Oh`+)7R2mjf_9pT&FcO?>x&QzG diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key index 21ad4166c3..f3be991e9c 100644 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key @@ -1,29 +1,29 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE4jAcBgoqhkiG9w0BDAEBMA4ECLhM7LCVyIdRAgIIAASCBMC1LBF5f+s/Y4/l -ttdYBasNsmSdbAHr7uKFELCvdAZJrcBNjMfO/lyS+KeH4N7hG9CX+qJ5ydK5yKog -rcjUdVixRfP0HwhUyqVDwe8L7gwzf0VDq2ObUkM6a55Gw0rcTWfz86kM0PSBgNlc -Z1pAdMhjXMYBwSo3eH+yVbcyemWP1KyYFD4xan/RMdZJNrTIOaG/9ccFrQXsnXpH -C42JC8cqufj3WEvRzbuNYsdlAqD7aEvSPDsHIe1SAXUUmyFBvkJtRo5xatqQ0lBo -VDxpgx38EP6mUQ2pE4gPY+YFbn/PTajNrBv9IlDO42yPC90QAxo4OVd2NF1hH/Hx -zoIuEKvOefr8wZjZhwosFt2MvPWr0B1tNPNdIyyihp+ZdZn8yQxWDdBgiwGAdhdz -Misp9XphHmnRl2rpsWtThnZ9o+00UovchtQ+wFEZO59Xp8b4eM9acEk0Ktqkohg8 -4qQSYoAQkSZbPAqVB9nYTMhqolY7X9vL1/O7AsWACGlQzQUBZyUJBeT+UB5dlNNI -ncdBQa/HmZXoF+SKmikchJnBJ3wBAcHBddw4Yw48adYvuhB9XQn3cl2YHyZENyzB -b9jlQ5TcqiFzuZnPPwvOAOst05lYt3s08ewuPHCCb2tGiaLmIakQ9lvx8C/W67b5 -nH+E2verRjsRR2/Yj+aJBdvTuTSSKcCnEFey5wOVF0iWx5AuPdSEFf82LTeF2Dlw -bWiAaGIJFKUcotGUHnUB3Dp8s4rLPVgEoy2wyYJzYK1NyFD736Yn0vbi5l0WuAEp -HBTxrL28TxH6LDkSlb840bV5zPFVpKHH7Jb+jkya7iW1SGFU5bIHZrEJCa2rRiR9 -RUXvSJ7WuzaZmJa3OIsgsC8PB07zcoHdwERuVLYMoBZcMkI+/ThM4hEg/KMJ8BI7 -9A6VZ411tkTx+Vh7Qm2/t3OECeG28fogoDq5IR/qOMA8XstYGt3aJrUbMh47Znr5 -HtYmu0xFsmBGMTwZGnI0CPCyiMIwL0X3u41xP89x7+2VSAnSf9pzQWAJ2wYFWy/O -6VrBGfK5AqLK0Him+qfPqNT2663LjzSKy9MxCqte8BpVhJS1Lq6NS0FfvLnfBwSJ -TVrB2ERnKwgrxk2wIOAmzvsyLTpkM3OX1+rEEkjDTzcP1bDN4DseEzDgsXQythML -quS1cDEJvtMglw5ha3dnAawRnhHSTw8U4I750ZJhcgisryCP7NDecQp4gdXKOcI8 -f3Kpew6Iw9g2uBGzySebxJ4EPLygLYzn4n5Qm1BxMx0Rtxigmz7kNVx2LSma6v6g -ldBdUM/1wsk/wsfchNPKjzn/15sxdqE/i6CGO4BRZLY+f8TCh7T557AHVa+h/Tf2 -k0/pSyA5FSlfHaqAG7ythmvlGTgpe/ypeYsKsZzslmFEM9jYkfWbnD88sYgmZwhK -Bbg5p67BTPad6fRzp+M2JSGTz4zID2/78zttGF9+760OOqbazTN82SVdt2Hc5kPj -aHCFl5ZeFpaCuMojv/RbNdsHAryYpgaEwK91lh1Da6MPrq7Pc8J0df2Ns095kx5S -XinqwOUvRMCD8310j9fISt9mBiH2BG+69pz0CTMWL3Gje78oKEVaFfaFa/r4SjXD -01/LrZRT +MIIE5DAcBgoqhkiG9w0BDAEBMA4ECANod10o/6XyAgIIAASCBMIhYRF0ehbnMC+T +q8Mh/0vGvpn2rn6L++Vam+jle/aTKct49cIfHemIcWpmewwbtyAcY7b01hpbKL3D +T60jbR6Jsf1AFkk9SliC/zS9sOlshwoNrb306ZEU3NA19zw0ezvnCZNReY50ABbr +X6zV1zfJKsKZ+jvA7EQyAUQgVAeN6L5XpPwYxb6+CJfuM0iuolavZLVUFrIobQQE +aI7TUnXngQARK047nCU3t4dfSnL5NmVf7uHbhffEwjvBYaHhDSECSotOCkDydzdt +LJdtasuApmvX/c4qey/f9yIuMhDKPiIjqEVqqAriLVMs3pD9g/qxpqyrcfwQ93pZ +ARj48cvyS0AZTeYsc3DQ0a7rOe+JnPzzIaEAeeQUW2cffa1/h71e5PoniB/imcTt +QpYNCk2xqxJ7jLlCtfzwso1ZNeXxlLqK3jfpsMmBjAzuPdhYZFegbFyCTl+hK1DW +CYTTo/vL+VJOcJ8o+v2vQTMA9vJYNwfwEyUN0CxXZL8IsEONSJpIg4OobgNH00aY +yXVkSar+HHOBv0XvyfruiupNsvb0fS+U9lyLq7R8fnuApjzCas0gBgP4X1DWFmm8 +uRkdxFTdAnyo5BEDKb4SzYS0c0wxPNTKU/KLI17DPZC3+UDZEyqug18QMXl5kZce +Kl3ofBYuVEbcQDPhzwRJ69iJ+DJZ5Jy0mpp3FYdhVBty3g+fzEqQm3DSFYiXSWz+ +W+NlmiJAZ00kk0Wwi/nfKfXpdoQ1gcUOHdcEnYEEKF5wcBJs6uLuVQALPS1tAU/B +S04PLALo/AR28D/MdAjxkV90mCKWQahks8M4IVqXeuECE9AuXd8yJ3geF1STeN7S +f9xkdyB9n5So9zwaaNBauMq6F6Or8bPdAYN3CnQuoodqFFzRiEwGrqGZX5ht5n9U +ROMmkBiqGfPcQ+LISvKnzFrf0n4/+Tcn1Q6H2vpHDwaXAh4/nnQL334lG7NVsDzk +j2alocZInPZBpb7ehL0OJlWOVzkxUs2n412Qdew61/hhed1T2u8XPT1GZTgzv3fp +1HdBNxSv/B5m6ZIM9Qc74Ibe52XtIBrOTD9jETrCIxVEi52ClFTQuVZ7PwHq21WZ +FfmJ3c5FxNPN6VmM++F9IeStSRTtohtds531jORKsiXiX27CYru9zaX3DzZksWFk +e9PVbccTcw4wYOJtiYA9kIu1qNVHDs4+0xCNvZeS+92deI+TKqP98Sk1+k90TtFo +ARwkOnCgFVhQhpumT/CmX/s6gtFq2MSpwely6kxV6n9rsVm+Eqm4GNkI0tBLwQOv +OwZQ8zTGyZ9wqcVfU0Oij2/475C8EoRmnkTE0JhcCcdei1CUPmUwiQTAhcXiqvii +f+W21AysbugJ1lww2bBuEvG9HOaunIYq3kCFJbrmY/NZaEOLuZXKbh4cvtGUjFlr +BrBEc3+rmjZXXKcNL8PVLs+ENvBsgKUOcf0lj4DGI0ZDgPKgcMyLGbDDsNPtUKUc +A9gKH1pMlIiS5gKXp+O81eOihSExTrxxnDPqE32hqMXEeS5rVoDHIBEGzLE1CTbR +9tVNuUQHtv+5V79ie5hNweqOIcHFxM3FuwbOSDGVW54e8awj6YFQpY1pIt0n0rYw +t0oJTQDl0KU= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der index 496d602aebc1a479aa2860457774cd4a920fd837..8b538fdd54007c7185a26a29304e749b51eb8a7d 100644 GIT binary patch literal 2413 zcmV-z36l0Of(dCb90m$1hDe6@4FL=R0Wb~(2%syRM82?XeF6dq00e>wN7m2eFZ!${ zjfk|Ov53+6gmseahAGjU`L+PR<;&I9UyXcBm5pNzy5G$S8#x|VYHfmkA>I?aZ5vM1 zVZGsHe~v7M0?P^_D>t`EC|+ucuF*l|J56h~;H}p8K8_c^x`_9P!To%8(Th-91A4vi z2}ZMa#rReGFg3Z_9&+iA8S&R@v^rXt-E|u5@eHJTE8JtOfpv&{wim7(6=*72xa_(g zDoE?~Sw*xb`(ZKQ*RQ)7qr>T!$HaF=<{d z!P-nN%v~HkglRTJ)PB#q#TyB@F^VBNGwE8I5kbzCE6M$An3+43om=Ic1>Gn0_)W4b z&j>29@x5$q$}xvVn+?}_E%`0l?A#Ju*PGw8mKJo#Cgl zb?@C*xyo>OloQ^`=d58%G&oL}x6_;&Y^r@7r<4pzZi+wojoZ8M#LIhZ#$^Xf(a`N2 zkHwl1k^|B|N>1ik^gi6zTF8kxklJYRClc-9%+#aEB zs182<_X2#A@IGIV5a*f$MUVyv;9~NjOcElK2Y)I=y^}4y;lC%UDdY;aM6647#^a(8j_0NNiQz$Ur}t~hJ~R^_mPDeD{ddlCwU@sV0%1P8cWuD zDdmh@Vg+<(AN;8V1tGJkhG1j#2j-P#F+kR*Z%TeheO7GjYJrl+Y25eXnktG0x=>!o zIlkOZ$@C%V{O@FYWW-<2Hdf!Qng7X7OUGsu_%rp+LTda7`uY~j!6@qlt1Aw6*_Z<0 zym%GJ94J;*Fm?^BU}%(Af{G@&Y73!4+h!*!U>;HL*bnZ!6IW^nqKF!Mju7g*%$46e z-suXG?;}B6eFq~0oep>B!o9taij;;P)n8&ue~K%Z+6{aAs@T4~QF7nF3-QP2{q!nd zcqJ!DI!7=)iS8*EfiTh`f^aPuFR0B;Vxy?wKNp;NdQP`dmZ4&9lC!F{B?`3j6-3{a za(XR~v7JxJ<&D5%O*fKyEI12|g>_rY%lu%nOtm!2FT>@hVL?jt>55R3JgRDPW@gas zE`>zygzkV<1VX+O$rCC^rZYjI1Ys?&D|^3TiCrtFo@)0f3O_z4>kMsuEhs)>{bl+_ z*O@Z%?T6_8qSrV*Ap{xlM{Twu^YYZ0h3AIRqEAE3O1h@(H7z{p)#)LS{_=P7+0o|7 zxY8RgflkOQiXyhp#m`JACm2Ok9lLH;eB*Eo63TacXeik^eed;(Vp|&2JB#s^wnz+UEa;RM{;wIX%|ebi!4g^6pk)Ooydq)g??zWM~ey-GqgmS-%( z*Yr*<(BC;VSfqEK#KGh{n2zNy@WarueE)^e0x`S2qI2SU9%8~UWcs8>gsgJ+-{7M} z>RQ%n#o+tQliq8gc?m{cUv|^?n8y$d?R802lkzhGX+v?$8PWW{0b0dx)JFZV`wb%@ z+-)U-@$n>34@*ohYsv2-E5EekvK8m?fpM6$s48ie!E7btsyGE?4s%WWDnIFygy%VH z;8vQd;9c3L+UEz}qDK>Ich6l9eP@kOVYaR!NjfqPqTUH4q`qKbskf{ z2_|X#!!KEk7g@vRjak(c3qtGXwrq4)SN@+6ntd@RSX{$70nUvI0PkWl6qy7kdLHk?=?cC_Kt-e4}f(4xV zEi!9T^Bp5Ev1@qU7@>skVw7)@-Q#932w9~JZPwNh@*WzJhx+d=Z7gI(b+uj=q~p-5 ztj4E&CfM#%*x=tzV+Z2zj2gH(|Z=WkZlq zxJ=HyDM;rWlT8CGk=~A&xp-@g^cu?-a<++Y%pRT*N5T&S)9xk#ouI zPcJ|Z-t$`L-nM~XkOc+flY-G-$X(f$Ubb${hd;ptARPl2Fvj#BQ1A*IotAxNH}BWs zN0WWv4n_n6)X2l>oJo~3ES-Yrr0zP88S#d8R1kp@R+V2UabD@GjeX`87jET4tJ8#ppTZ(s6kMO$<; z@7U?VWYv`Dibg}M8RLcY_U`G{Z=-Kn#=yTn?p`h&zYnyFbVilJegqUB~Pw*m*VEVP#X*_ecS;)L?8I fY)6BFMwNKTh*ngTgF z81c8uS3%57HW6slfS`~>Hl`bouo)So+(rq7E5TVJLIQcj`*%NQ3e1Tmhb0wz)ri~J z7khNK!hG!UPRPFjqgRuSNc|}M6qzSW6Y`J{$g8ZjI%eFLX~mKZilN3VX@v-`FZb}Z z)WDufq&3Wz$P9DJu4saPqQQOlw9sl?<(Qk%BBq}8!>>pe0k{?|wC8p5YHP|rr-_mZ zH7q2z8yUlb9%{LOS%_tVY#dhdLW%3(bW$;EXb>s_`?vV`cJg1u;2l{gtsrgb{& zO-9iCK5?ByuO7(K+IOHA;s-RWsNr;!8OWo1zrE{k4Yc&cD|c{BnAp&MN_LU{*i6b! z+Rv2BiTA)m0XF>vCNv33Ayl1i*ffCuugmG=uYNi14w*SP5fxZ|a|Zv_4|ou$I`+li zNh%@3!E0D^=)oQ&%jJ@iFZH8rElKfzNQyIPHS(rb6ETa2KrC?59-{AP-hsLgiD`si zrBu(adlFwhcVSNsMh;;Y7&!_(Jc1`wbo6xO`0v>Y)-B_t_@C(*f?7l%X6Myrw!H7E zoi`%KK9i1T5FLU6t8iY7PT+||y($ZK@~7GXq}5x7%D>xsx0!yCjS}8ta6oNG@bcbBSv0qqo#kqBM zvkWuEgbe^Mc)a8_7i+oK02c}yT3qCnVaN(GQja=i1rSB6yX&H?cXqlPpYXh@&E`^! zFbCrs+y+evhWRE)A`#abagd{s>{Y0`f|Qxija=6s*RnUZy5o7+j)>$Mo)I3PK~M+X z4Rh#8E2F$3fFrC5D`1|QHw8Po?j~STMfz=m{bLF8VJirHVfyy<+OcoHWPe-<-BMJL z{+OXrHQ9v^I>Os9>8#&Di$aNrMyirhj-)Wkxv32S;pjiSExR+POCZEE>vEyGq+Ryj z?2?K*&u>)Fdp_e~koP=TmYb6Z5Mvia!GRM{B^?8b<|K>8NGRks&WpCNmU!UiNJqao zH6N`fQ)++I&mY|kPt72WU#58#$Z;pes6v?Q~&G&jtKAOz;8U(k})c`=$tAK z4mSdV6WzDsr{&CI&3EI%PuuvU{z8`Df2T5!klq0u(8xG2?IE*rZN6!0$tr{;D=Ig2 z#@mgei#cYLhjArO;asWu^oa+X zWCUHr%+aRM=hc*NxeKZn=eOGT*c8ZXSgLByHOQ~CPKoi9yBGhX|1`X!Y_|<8BNZaC zN!vmNaXKy;H33+uYo-YM4Jif7+U+q1N;bDKXCnPm=i5tGsr4_6p+S%2@BA1(^30@N zPL_l~n?v{%*)ncd4pr(L7P{pu5V~H*)&G?`+f{0%RkW31yWdzM`DA{~V@0sA%Md}< zzQt*NO4mW$HBa(Ow9EG=@m+)tUfw+Xoj|<5h?Iawdp#t$TR{=Aw$Qf_1GQmL9a8jM z&&;czK7V+1cZmKANq{xrpcVV=_&%>E+kc)II6{eb6ZS_)=s+cR8|Qq!qPY&xUd0JO zUkMdi=P1Wp3Gayo$Dh6Z3A&Iy4t-R*)OS+GeK$2LBI-%lG%FR-&*>mB7$oF*Rdh;@~cH!S+o zBPXv`d2jy&*3yb4gtKF!a=%8X#3=8&6f7P6<`6aqFxx=2mKN-YPNNXl4e;*vWjjETvl zI*!jgs)ogFXtXL}W<&vqM0_z2cMB$}L|M1)SJtK3Z1_q51|Jwc}?8&S;Z z;t%VYQ5;ffHIXrGmC4mDTVasj7pPta62n2(u|9rIE#B68nVI_NE~79JhAT99nSama&>(*2kls;$ z^l}(4*HH6VHp9n`f|Qrp+(h?>mi;HC2J3W zCdMd#4$*lcI{%C9b)emYZ!s@Z>giL#5v&eUo0}Afkq8T`0IGYV0p?*v3l*|$#i0v@ z+qyC=G^?lCRFZ(9u`G2hr#qTB1)`BhioOKf`1d0=3gsOWDv*%&PLg&N!JYQvfom`= z{EO;g*}RmMC@lH`4w#@F-R!ykcAu(kO1DhuhzBK(5Szq%ti$Va9OILJ%9xrU_68aG z6XO4syUry92F)j(>x~B|E>!BUlJ3D*A>UYWm+l!}y-w*0o&T(WXyCaa gVrO8do{%DRas6zCD?Hc(qtG=eQ1%Bc@VSV4XQ2SJ6951J diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key index 92e0e15618..1591f8cf80 100644 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJajAcBgoqhkiG9w0BDAEBMA4ECHvTDAvIXz7AAgIIAASCCUjmBX8AmQpI9qj9 -Eo6lmEmiUx+lObs/dCZP7u5PPftqIRtvg3O+170z+r7uYglA8RqbYFg/JmK0CT+S -/A10tdB60Oz5hDC6KramdtnyeeH0H/KR+GkBaWQdY/7MLmC2YAtQV8toKVbuFfoX -StBmlMTPiEtANXoJqD2l+wpIDSD/TPNRmiMTh74oU466Stxah85wUbbSoi5QlqUm -td/cTP3A7BumyUl/PYWHx26TO+dvdvg6bCT/IJyVZt3Xp5pjQCIH/HOr6i1+IUtF -JSPcfRVfvmWD46RjhOHTTWFUPx8gUDoMkabOD2iivmSiAYJNY8wZtqIO19EAjsxG -RuleRANfaNIFjkz8mU1QQzct98GDX7+OKCWBLSDzzNQFWvMZ8p1UIh7PcIdEpEdF -gSqHjLmDYk4IVNtBHg2hChjrZ+F/4chSMykehuyDwsn1BhUtRST/Atml6XoryBnE -2imMAvq6Guu8BOUfOYJHU+FBojKox2K9tadY/DvFRXNMOw7TSVY+v/t9ZGlwTrX0 -6e3dSKBjQHN7P1a9TinOgY7nwGMowYaEv+xyJ89h8a4H04SG+N4WqbHf2+B5KpNN -gwMlps+hT6V2/9LfJpJCb0GpB73Mxkc+RAFZVOUZlEtSyMbOgoRjF0S0IRSvP1/3 -auHEr1z62LTXsh+kAIvOOH+2zN91S5wn3xjFLepI6jq5QYk0jfyIRDcLzX5dpPSf -Q0QJmG4Pzx7ScAUfYh30Ga9FjQSWQjGbeHwTQ2V0QbqweNfdLEaYm7mSzNAtuaGD -y34Bta2mIQ3eWo6c/ipdViLzsCh5wBUuMXA+bWGHTPbyYae7jalnK6k6sfCe7teC -fC+im8v2tiO/eTl+82/NquFKyRfTHWCFC2AbgAJNqV0BxBeHAKYVNCYRXXhPD0Ag -0D7afVUFrsnL0DvLEdQ93YRV4Ykrcw8wl/bnGTRqfmAaiXkdP+gScxlWJH97r4Sq -sYN5S+M9653ETiZlQLsELtVf9LNbGja5qK2kdr6CdYts4fQS2sxjwADGjdaP4ANR -RwVvRsIX1uxfFI6kSwnOf6NxIkSz58i925e2w6bSv0/IDp+Ofu0fyGLECzVLNhoj -79tzEA3dXZr7jRzf00itVYcaPxzMJMROZWgdWvKPVJAPrSEiCCvmTfC+LMAHSHqB -6ajEO6Vkft60cfC7qRgpjKquaVkwPqSr9Wu75WTVG+cqEulZ+nJqFVUhFM6CqPyW -ER5d3M793S7dinii8E4BiqgFtnw3DtAt4WJh8cj5R64SxoddIyXmGQY8gPunjzF3 -62frHXLeuRx18AYRCyBL0emL+AEmPiUdEM3ltKv/YA+GEZcmCI11ZXLASkvb2HEp -MjiPH4OACqN50fb82qXurRCxNLteocd+BUO2ESyQDhFjHhH4zgWmBmSnMTUYCTm2 -KP19HV53QlMv4rwNLU1ASle5F6dUgnYTYpdQ/0UslKCSyesrfWOCscXvYYrVCqSm -6QN3/FoUcWwGLWX51LsaBfxIzrf2hIjHbmXlYwujcWMtrSPillPZP+w381xSTPVv -S/HEn8BKifMD2zLxF4w2MLHYO562lVGpkxdGlrufPUfKZrZ7AB6BDUBbj36GIFfN -s7vpIcboXmaycv2FhmUlvmhyYBudB+g4pfVSUdQyqg+dQQqyrrisZXyaIQKl+RIv -1RKb1rij6I5Ay1TCPuWRMhBK9yAEkQ0quC7Xd/1O/vVKpMSWkj5fMKNHA2XZfaUA -NJCkap0bQyEEi5qG5HGDTD5+NVRfj4v6U0fzBsuya35hHdSsjPHbzMic7IvUesDb -QwjQLxIpibWd2g2QHwY2eLCjLf9Sgo7rnOH/4lbFVWPiB46yrYACatnSRZu95nZT -C3MDgYKqxzjkcl+qohpRODnR8iDosl0GgeOAn/7de/RRVhjRs7RtYg+94fJCOOkr -LGgL8kdB/k1cVzn42z9+A6sVtKuduo5tTOAheEN59+440wO2P0CAy86kjrOCEsxc -tcm6FLxJrtQfUG/jp3uqoWpe7WjyD2P9YilJO85QrFzfFX2VLhssQlr+cThnyc82 -iRJp/idj6dpda1A75sg14sfk7tiEs1mo1gn5LQV+/9JQjEp6hJag3JJuUqJsNoVG -45P0Pbv/LAZ84h9E8TMfLauSZ+r5AY8heiWHahg+MiCOPdsp7TbhYF3fichCB/0/ -7dHuxP0Mu/4725kLDxFfkn/M5jtRnT0jXlzcZoVramqWPhagkvSjcpJy/csLjWJN -VisGc6GbTUe2XvEeUQb8/Fx6MS477PZsLEHu/gtkH2jBMnbXhRtbBjVPsRQjG0mc -g24itQD7FE3ZCwrB0m6kv2hrQfYDrK2F46oK83DwqnNlRHjMIgmIekBIwAz5AmzH -2tnMw8F2ISZE+PaQ110RuBCTrCKG0sQPfF/7RIbeaq/aHjvmBTDxYZS2Co5Un8RM -pxENTFdtTB+yXs8iUoeFXRrNcdXQXvME7PymTP9768le3JjtOIwq6f4dnRdlvUEq -SnwPWChWK26c9/1G7Zml+m5Ya++Ya5RZThvDBPCMIOlu7k04IkNOBFV83AsVT5lo -vkLlcLz8OPv/OpWCc1FcxsmXQHD3fKFI+mSM/JMyGA+VKcXedjXJwuRAVz2ZgHk1 -n3LZAfVF9IEZPgt1qFuHsc2j2YUwf4T330R9dNc5N2LzwyxLp1Q0Qer57UCI9IQR -K3k6PszIYyHLISqniGdiokjiXidiAeDCB0Kll2sK/GFmezEefQrte3nlLaV+Wh7Q -qo0pwTxkW96OzDIVj4sHqheb5y8Rifhf6E8NSBlrswgWCOC0DfNnbDn50GxlpCpy -8axIY9JbPNpNlcG9Iik0bIHRHRYF6h1M54QsKXQwX12DGRYVfm/Y37l3IMYSXp4o -sj/EpBwht3mMh8BYFz7Z9pcSGRpzUCu0Eos9v2vchwkcQJuWLztmLy8LCnWU3mB1 -ACZ00ce3SuBfbPp79ZMXVZIjz6r6fUX1nFrVh9s01Q29VFb5oatb+Mk8PHflebvi -i/z0Ku2K5tcyl8wzIVUwHyr9DlzSXRHePT9CI0JmWnVOy/jiB0LVWN7mlEuEjmsk -fh9h/67/JvVfpU3opyBu9mR5D0y3NSWUdvGkaFJ/my1I/jPDclQ02TgUIcuJyQGo -V8gMphCDNGFehLwnptI= +MIIJaTAcBgoqhkiG9w0BDAEBMA4ECC23dQvmIVYFAgIIAASCCUd7yonOxMs1L12X +N4v+TfBMtNhB7J/61yj7oI6SuBAzM0/H8jMA5bPRTCvDuLcIwN/3J8FoivUK7esN +HwzKN3z6n0sbtqm4pOK5MC0fYCt5iLYbibgAoLWlqJ+yFcr6pfjJ3SO5/KYuHI3F +WpfO3HqhSnxe9W4kV5qouxb4P0/+mGmBfJ0luR6OGsFlgpmUbOpA24o8Ul1UaIEY +p503Urm/GAzeAY36RYghHGKiA67CkwPCJJcAF+kIRhiFkGthZDvycl0PvJfRCeLD +IBfLxVgW46/Uj93iXo10aIasPtEGIcsZQ8fw8yDQ6Rq+Ca7V9vUKwOphSf9j1xTY +pzVku9JOdncrMNduj7BYYYQlbrpMkQskIE78UxazeBew24AkyPLYKaNuvyFUt30B +mIWzMTkXGxDdqyst6hhVPynouclr2lXRCfqi3yHMBjphpL2n+6/BOEN3eY0h2xdI +R9+KEBUFSauuGn02+XUqXRuB5U7HV21xLx4Uktwd+83jngzynOfsciu8L1MpyDFt +EjQ810h/w5wg1YzlFXEH5+B7RAdEpHIZsjc0u87rn9u5QuDMgmo1XbTN7vOAyw3e +0+EEO0kJyoQzEGR50yBe2hxZL3QJJkyd3Gg89DfEqniEv3AMiKtpcUC1Ycgz3nhc +1OjzHrWWz+iGA2dZXYMpEZ2Mb5atbrp2E0oEsAGzCFMRVSAxC4EQWRMEVmd+R/Wp +ZhOWT8KPTtmisualtraPVEg2oLWb1vEVt7Dpxk5p5sFtdKoxbtZ1VjYwS2Rr7NRU +adCD/FCcwp+a3drDCWsUfYnos3oEvwVJT539Q6ZLbQpQnfBhSpPkaPvdOO1/jNYM +F6MkLJzIxIXeX0nzpLpAUITbxKkGmYYW5za7zNaU6h5reQgXjcwMRkvlQ6KLOl9M +Z3m48xvtmPBNZrMba940JUNx/H+FYw5+A7Cx3jLhO1P9GpScFzt8Mxk2tGGSiv9o +wtumcWRqXK3H6jVlarWzXcqkyOV+vyfIwMKPDOd2olZg1RvskvsGSdXX0fgYnCgd +vL66InHFCzh3ZkQRonkqSb6m4nUaRMmJ6cY7IneDgUAdyEInpS37Vucjchw6NW+V +XlRywmoku5gyGv9oErnj1Ab9W5apVaGEizQl3hhoMFtv1qRB9Par7azKFUMTXBx4 +DHRzPIzkuHlrhgq4b16WD6QlXQHyuPZdBOMFYd8bciNuknZFxFazZlycuW1VzCca +HYpp17p3lxuMmE/8P240qcEzIM1aQF2eUpoI5kySnOytmiae4yA8HCxmVg74exbJ +VoQy9zGLo823EDcEwcxE0vP59GsNYdbs4h9CWDxfwXSaNCMt1q8yRkvMLO3T7EVq +AG56XXewemK3rVNROg14nLnhIw/U4E9ZMn+SbKBf1QudnNk9F4PG9eeQHZfdP7Qu +j3tCeSkPXOk0hpYvglVw/JlZJoMoRUbv1St+kDCx+JQsTcYJjm3Qk0MGmAc9JSaA +CedQa5TZHS2wId2cLGRs1i2HGQkDp+TLBm2Rug/T0I7LI1Jz9o6Ov71TL/3sctYi +lxgbvCPvNAGJVAnISDj/0VUAiN5t31ym1cEsJ2qfITS1t57ZlWPcRoxu0Zc0H0lq +M+mnvDoHn490AdF7iGCV+1xSQJOYggtAD8Tkzoiwfn/tZDA6GF2hUYqEggAoxum+ +Mr1I61em5A5UABtOyrooVhSb43zxzZrcORTGuvlO4+xOO9OvJv82xyYr57zScUx6 +myPRPEBhpDFUUPwsWJseksawUpg+QmLb5L3sOJjec0vTBixOdgZOrN1en4FJPjfD +i04uZx4ecbaYfPEVUKjPDl3M1qdgW/OSguMi4T9zFZrmg5PgjCyZsGSUEt8RxY8Y +KV91LhM2xf9TFtZFunnl1ji42ojtMdwBuO8XyhkXGNUTOExCX2gtfIfnQDkKdsUQ +cBcknKtjIS6plFdMyQkSbSU2hBNnB11a0MMWbL2TOgi6iSHTdOTuP3JjVOcxEfNI +f+zEUkRT1Vhht90Spm7T0wTRYobnjc2/y4EgeWH8ljoCfZnZJd8WOph2O+wXEp6b +ddgjLyEhZV6NX+7R34pojJxGYCA1u9MX61xX885nZcUuWah9eFlzOXDQCqwQkcUB +Gzcwg51zlMC9YmR1QciNgzq25ZVzIPNm7qrTPORpEGRitAd0D/FGzumNYpE3Bj5J +YvStKju3VlwVfy/wet5ZF9nM4foFjLGIwI47wTjGtIfUA8tCL1awLH3F0ajfHQgG +V9k9S27DQ7/EMuK+O1x4AsU+bpRsE2aq/at6TgoQV39qYDvslFWsSlhk5ktsZSgg +LM7/hzcPzGbtxbQn1tkQFFkaoJZ3ZUXqcO/rlLrNrBo5U4Z2mFFR3p1g7aiM3X3f +iqZYYkOfk+h13EZAf1F0WgEu/CCODRdPMwfuArHHOs/nod8F5MAtLj3bEMIWBlvN +TsIL3LrwC+01rEh78PHzd9Io2AzJsG9k+tgeO4AQkKjP2lb6O+d/IPOEI292v62F +xHymfEyvBzVAVLw5U2OfJqCZmu7IFtJM/O0JXR3dhmt4F9s36yIWiYKKctZeJNDl +8gM4rt66kS2HtbQ5r7pXcocpC/1F/sLPO6/t+QnyPNunjX2xkoHbJxU5ln+LtmlF +Bw1R70zVEmyj9sz93I1fSSzoZ7PdyTaFcZdllLQf6peIKi6l+RRdURYrtc3H7Cnr +cXN6CULlFy4F5q60Bcbq1LLHA/GYU6WgD4WuYi+MY78JQWDyDm0WPCX2NJtvk3Ve +3ReTJokrFBHB3+JOKSS1Dpb2jlll3fmjuCA+c5p6OHZOq0r+hri3/Kx0uO/HD1HR +fdqOMgmYCQtWN8WZBef2adGON2TtpqYByck0n+DL0TO74ep+B3sKNn1Lji9vTUm8 +72uxKMJiUKtfq2lfBESZlpmHO7D+Al2QIhyDkJwFmvJM1+vprTgrUQQajgxwobC/ +pYYfJyFAtsAhYPqzWyQmZdxyt/XLlbcz3ETmHp+3bnVVcvUiLgvKLEnBIZB5j2ai +mKjMmaPCPdcpo3r2GCgSC1lbODicbF/AxmAp1PQ3XYBBIm5zxqfki6eg0DemSBcn +kd6dFQpZf53jCwzbpbL4ABBq9+twFiI0rwPwNZIqzqItJOH1bwXbIZYBdcYlbE0h +VEr3ANKx3AmSsoHvhQ== -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der index 75c573443b45403476840b15f8f4e54128963415..420a29614d14ee8732ce48fe5f5fa3e31fadab23 100644 GIT binary patch delta 696 zcmV;p0!RIl3d#ipFoFWckpv)rTodH*NLB&z0s;sCFcby|Duzgg_YDIF1PDF2uMjR9 zI`Ra90)Qa4pK>jX9nDrjZYHa$&JN*FNY*}bkDC5;QY6K>fF+)68E}O&-{rp4OZV6x zUi>M)2~p)O!SJ(2-%9vAonG$L3(DLY_@IdB?g`wOj%bn-y*$!xJrCP|dEtZ-6%E=7 z7Su|@A3{5uKCD}e_QiW3Q;%Q2F=CFz>-DX&E*(w}*@!B)WyyIoAVX~#Yto?f(nkPeNv_7&$)1G|l3c=N&0pf(1O`owykX#N# zhpYqqeNow|C>;CB8kO9C;#%!cLj+Al1Pp@B<&DeqC}aBfVxkZ>QSgl<@V(OI<6r_E z^MrW|4CJ!cYCwjchP9HC#=*8@h|qBf78#CY^=cD=k(<{^qFq9`2z&A_%lkr(L$k?E z%}%RWaGR2|vLFBfPW{pLChd5*BXcr47L2t>X6srpXA^thGAQ+bNuW}K!Kl<;x&463 zH`+_>auj5G;xwcGR^;x%P4l=WfQXueaJ8$|hpWa=`-2XN3qARL9?Th&O?ytNN@qzX znN9uTp=g#Z@1UluI9<-4EM=)W%f+z_5+f9OiYtal4wvWglpH(}81%grOyR1m^wNNkFU=8ts56nR{u zO@R9D-I^X4lC4QEMQxorI$}=Ut#eSi@o;k%-iJqsdxbr>=5Rr)_0T~{nruIxIxCqL zxict*ZhQOg4&|y}fws;*5?^0dPm6}1ksconHf_L+2%rEf9LN7uKTBDZs+Cx-tA`T} ef>Alyeah~)VKph6kGaNUeS`h7hi=MPu1qs<+)?)c delta 1284 zcmV+f1^fES1(FH`FoFdRkpv)r|Dq`#@R}=s0s;sCFcby|Duzgg_YDIF1PISmlH+{) zk+%eb1jw5uPw@cE z1@ci4L7XswHdF@UmAFWumpkT=o|GA+Q_a|Ip24}#Y4LWzP&f><5+=?6aZq)U*aC`r z6iE@FkL#K&YW0HyX9r%Ib3hS)y`+_cOkKtOo5OYk;zm8ro5qpn4@DcrV4FfkOJ6Lw zx^j{*>_IN;hn9flMKHmC#yUy~4FD6)F=BSrH|#TFv>~1D6M1qk%wL|Q0FOZ6wNhYs z>EZru8?OKidA~Bv2w_68(qwnT5M?lt!RTITe_sHB&$vc%+I9w~L|(TIpVG5|+5Z8P zRt^K*v3~*n;+pA5aQX(O)%HBUuk(BQ>Je841A73?J~UzrAjI5%{xo9olII_kE7+cm zcz>7?9WXn|w7v;U)Yb{$IVa@Cm{2oJtFW(-KC?pCg+mQLdej;ziDV#&U>k{*&EiE7 zjw=xwinLw?wwAJ}V?=AsBJ)QzlIT>au>*Ew^U1>1vo`GC*F)M+kxAzbiuR5g!FFpM zU2%wdRdBw+4WzMudWj5mq+6u}`+!326Uf$t`Zy(J>+ce^-`W^P<8-1_=~ayD>=<|Q z%iZj_-&?OAT1N=wk#MZ*iTD0AFyQt0DysYQ9!x@>qP`3qda^D-HaUN^= zj(;VJxlqQ9Yla=eJ*@5&xrOeSq1SS`jj=H9XO&En}5;h6=4_>gE;TsF41aeXKC1=fy|wk z3b_p3hcOnuo}0$H5b{&fMf&r)t)^)*mjuu1q~rI0qTTRdF$2%HFIMMJCm67@d{k-O z_a$+7=HH4C{TW7d6}04=OD68u!6QP z_NRt_3Q`zk>Z0Zsb(EtkmN<_@?A*E~@MRr}xjzu*^Dh>lez58l{lq=F(#S@WXjs{9 zie+`Tjch0^7AF#V?6qPi*hA~Yt1=0~APRL?e%97e+747?1o(d{d5THq=eS3mnh^WV z`Pb%r8;7x|a^&tzUc@9?|)$%tnF diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key index a303daac30..f5d8ed6ee6 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key @@ -1,30 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI4W7G1sVqHJMCAggA -MBQGCCqGSIb3DQMHBAjXOQ/kHb9EVASCBMg68SwrdD/DLeKcPtCkE36wHvrK6wi7 -CjwFv2U/gIfNCUNXBZPI4G7voL1XOLJ8h0WWqlEraHo7zYWI5Ky98SI6wOpDGDzo -URvavOVT3Ry/QfLtt0GZvELmJb6qO2AcL1qIDULx4xXqb3rI29xR/xVaCkB8CGSe -JxU+1TbJJG0UdVDm28dhO8J4qgBpj9N6M/e8K1TIu8ty6IkFPFumTN9zMV9VXRIo -Ajr1RDIiFXCZ4ayEnja2RIZwi89rn/iC/QzfsqQFr5axw58wz+0/EfD/i79gKoOX -jKBEwWN44LsxJW/ucy3pm7xRurwZvOQZIeZcecVVecAaHmCRFfq+VpSnU5iDZEDL -0GU+CKXW+zDnuIfUc/lx7LWjFyqR12OviS2CdrkaTKSVBAEYCFQdGPCp51WoZMnE -uaKkLp0y58e5J0mHx4kmk2saAacdO/YolHjkh5zNe1Z+sORwPEo4ruZY/+wem/TG -KFQsVjH/jAsyQFsyXaOrQ4QyOwxw52Vz6b7vrffaTdnKlyvJTvebEbhNiNmt2Ni+ -wac/1VcedkMpUrNmpJyal6lzWrVQmW1Q9qBinxHeGnNHk2QWTGZCQCClxDTfPoE1 -HC85cD4h91eBV4fiQm/ML/WmaGAQGUiTlX5vESJG1pKYXGqv1cr1pj+MTjqfjApl -KOj93yAvx4ss42onWe9DPOBojSMuIzEVZOeq7mt7QeNpN9unjsDVrvq/fmsvIBb0 -t5HFVX4JlZoF2sfrwP0jEkyHxlk0pZZc5rbwtVI601MolDzjTNBcYbUB0IUlIj9f -mM35IAFWZtrXXv3k5ZRFQU2jB7DFP9zHWsai7quhhduvt498rNxiWu7YlAQfhaU/ -wVK+3Fca7AGrlQ8YmzV0uOwoTMvKbLNwiiIG6QsgWRhmOIwHdNlRvhaZl6ybRLty -ppMaqlOgDu88/8SMCce8yBderXW/0QxCZjQ3gEDufqxjC2IelOfEbChMLIs6p+9B -qaPtji3TxOscQZMD9g4jYXUawHSq55B/MegD5sfvTl3ql+qsQnleXDUz2gJ+MBlH -Qp6HZMs2woAbvFyxAXSUeKAOZrnW1TmRNmj6SwtE9aPmMwSYxZtTukesl+CpzEqi -BdBZia3Yxu9Z5694Cg1eXoPIir6u6svZA5OIpEIUDIUPnMmG9pjxQ1xK40vyjdMZ -+9uAVdGX118nuwZ6Al4bfrPOOmwII2X1xmfFGG3rbVHVD9dIGJ1HGWPZio4F/eai -kfSYHr0410JRAOvd9G4vrH6rq/zE5QcLCmXyH5W9vF3RJDAK4ArcaLF5RPY8slEJ -NcZ7XTcKUc/Tg6VCMo3agozuzrxKCX5x6rvn0COYgdU3ozTO72dJlFQY2KpJP0n2 -RWWjdl2r7XYVRoQJd5XaZ3/mgJ7FtL42Rh6+vjEJLezWgUTo3B4Z0WG8WIp4wfAw -d4qbAa4lVWtP++HZvIqOPaL+nZgFS22ygtoIVyYDj7lcqH9cdMsaMrZFAxisVQK2 -z2DnysfLg4dkdDuJjFUI07QUPwqjfRVKC8Mec45j9zrpuzu82zQ8Fub7ldtECsby -oq0smBG1vd+ozMPnr3yvU7X7jaaM4toW+dG3OQxnUO2GyB/BAEamOB4CWWbKSfy1 -tfM= +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI10unvSnMKS4CAggA +MBQGCCqGSIb3DQMHBAi/YThgINTMtASCAoBsHdTnbfIzYHiLDUfMA9NESRL7/xww +em6vTiJMGhJxIxNykVuzuxeglZPEj487sbFAsHTQrD/2VAm2lXmkoD83EQOP4uYr +xYRVvsdYGXtBCCxFKEyn5iU7YZs5xY4v8u9nfn/Zq95mT69V2CJFre6JYfnqDlR2 +bIcqJhD6r5gF4GhOvdGj1Q9ykC45ZEAci3Vxr6Eu+3Z4fokRwb4FUhUojt4rjqwf +HdwsMU6gMElop6EzymHL5FQKkN5Dy+uFEjx1BqLamglBgfZrZ+HnU0zlEQ++GGVW +NPn4XpqR6ZH1sLcBOzdg09Xzw2qnJrN795S1nAlnhQmFv+0TpBW+vDnTjCO4og+f +hmdRq7pV25swctIX8bkKibywZiSDmm5u6LXOpOvcKOGe3b1WBq1ipenhz5IAMDjE +/Gma6DSmWpceAeJWjLZWknuOTqJWpIN9IrJNmLF1GuU3Gq217hhAd456vZSnyGi4 +MtpqdhtxgO28xpzgQ6ojOsYtGjWRa1ML26G5KK17YnVCHGo38FCAgkxmDRxFvTOc +BbxsFOjfi3SUb4rwOI1MjddsLSomd3gYb6eaXEmAzCxeuMg8eSDWA9Af7XBS+hch +dM5H+6jpdpAwEr4vI25v9Rc/OA3tOZSgedr1dDeJWhEouL6a9JjjOGLknkbvelJf +2SJD+fodD82eM3g52ZVHhkh936gWKntE98gwTejONgK0l9q3FnBplUU2b7WNwWg0 +3lnihHVcHe/TJ+oRlbKttRnwQ6Ys9kXBzxAi3555V5VRKwWka76FhtihXKwcIK5d +Ej+DW19j2JHD1v9Y/YWUcLgz5d3XA8Jsjb+8BSzk/hYwNLY0fit1ep26 -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der index 9a1eb403186a69fe60d074baa6e69c9c499abc63..b9da065a6ecd6d259f505c69d60099c80c9ad07f 100644 GIT binary patch delta 1278 zcmVx(sd!z1cC&} zr=-0fHsgy3zMn|?Yb~rG)m62OwpwG^Mj1Rt2GKa~voaKbzn*Xfw1Vkw+XNEtc9O2c zAncA6BB6~Tz9IQL=*~`0>ZHqd^{lkNBxR75RXCErx&{m0Hh*SD!OhqBy+UmIm(T?8 zJeG4n(ccv#YP)1R)(bA+ZqF#l{#vV+U z*M9GsIa{B7qPJa!au}`S3-iRI#egDbjLNMm67r7##Tid^q5nuvoA=-)b|FldE1PA5 zx=GdnifwPTpUu}-b?;yNcfRbK8}l6CBf-BiKAL<(zJHTa@hc-uk)aWhC}4Dk#*GK+ z^6ad?vCEiWZ>{ozR6P$uz-X90eiLH6XGDA#UBdPv_BDSy0>t8eC|Zu3GK}++2O+c* zE30UFdrs2gTb7dG!R=Sk@X+UQS&biQCUb^RI_H9=(_gf1aW^nZJ1P$8g|f(2>-2cn zwsefZWPh9s^_IhKaAJQ9qcdqpOm$Y(_$NkCTsqRZ+eW3GdE(DZ46pAP;>vn-fEidn zIzdw)M?{2@_Y9?h3Q1(cwu5I0 zdRdL^?$e`u(^Fq#-BP>Fl1CiS%bo?wSAVPn2WLu+RFn`RB~8>k^Z^j&T>a>|;E$t0 z-@nS~^uTYo+$PzwYoQK+#$L;{;xFVJt`;G+no!4hGPdtmg@#eP_UgkezXjUWc)=e$ zbZ+3X+&MXa0!M!U@q$Va2o-a%G<3=HuV zioQ`YM~H$(F-GIdGbld1aa1aop1-!4=0%OYK$OkucBAfXHO*YweU(lqZIE<-f5MxQ8cBcr|7@B7m oC!Z^{xe%%(@aoqR;Wi+M=ZxYh_@G8%%Zk76PSNo~_i`e`H=luh8UO$Q delta 1278 zcmVm7?sBK;ax z?IS;5DNda9`0&`&tfAsArYg6JW%3ik<}@cA+* zGAL0Y{ZAJ5eq;e~SAausAs^Ek-i_A912cXYs|Z$X+p6Y04+S=gh`#ht zj~*fSYm@&OzI!v&n;f8`NsSl~A^NZqrBq>f_7gx0;=HCB*FhHwFkK>&))lSqQnW5Y#PPr|?ZVhAR zr2Cl$7k?@ zkwy9_1d)~GRz$amBn&@#c^j@X9gf>U@%V@eHu{8i&apc@!DaH1=Mt;g2Np^FBa@8p z9Di!x%^ew}DXJh_fHKPk$%EGn$Kp*vlStifRc|Tk_e4re1~Xi?NQ_EN)!~uc-gEGs zp)rTJUvbme<;=IFD9W^d1cz(OnzsftdEi2%cq+cf6rl`!gau%LB$pjPjy`#BlZ=Vu z6fqVYCQw%He|0EL?#g6@XDZ~$%A9d71%F)(j|u}z-9Cnb8CmRcm}jm#JQ=0P&OJbu$0@_c^SZq9hME-%H<_Su^k??&{xI8JD7qX#mDJd&^Sv5XcQ0bcw{1A^LNcw6{x>p>TW-1XMoBCWWc4{=ypq#|_y(+S5 zly|bwmz7OeoR`O_xQ08rhG4sRS<%3I-C_0dKP458Jc)9Fh$tun)ozNpQ1{%QNxRcl84Au}N1-3*C zU&-Q?va;V4F)nJ-Ij@e^>Z!7GV1wdpbRu-)Bpeg diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key index d595fc724a..113ff43c94 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key @@ -1,30 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIP6oIwSIapDICAggA -MBQGCCqGSIb3DQMHBAgsTKISyhpWuQSCBMjQoazTeTtrgdDa+phkGwSDgcgxSUHf -E8DmqX5hUNU4uX+hcqHbaRZIVGUs+GXw8iySarVbswbXakNVQCgp4HX8w46mhes/ -BlcJ0ALGf5jD4wluHNWZgEei3pMW7yJxXitoEoa9Hyshjeq//HLSNxmkWWTrrSAg -cUBLStsUHeSxXEXWpcRPin6LuZEGV0spb30BHi4vohIOYN6DDtxugbvwxzUChgDu -RyyhlA4F3ZjZW37BMTiZDyKSBODgj7nfPzzHfZnSC16ekiXYWbo7h3MihQmMkjOm -YLNBhOHRzZtXlmgFtY1yRfiREyk9zGcGYv14PB8sUOwotN8pktnwd2UgINaX+ccO -6/PHAoU/MiqJ0cpZH8SZlFalqGSsF+LI/bf/qs14YwXI4DeCTyvoOJdobU16Lg9W -Ole229Tg4eV96X82MbQ7cCx1QGWwAGR8spmrls5b1OAGbEXBFWZXK666SQMpOE27 -1qVKiwg7PIdzyDwPGj4UoJbhg+9APRNfIh6ihxALmy1N5qprY/B4I60QJzACgXb7 -wixSFbpDBqztCI0BkS3K4CgZnnrf7OTbOdZKVIcESen9P3xn3dfn1+7unZzGRm8M -nHQzTrlCW2z77AX8HGvP7AjETxG2JQxefER1+AyZFTbWp/zkv5ApYy/u/24MXRH3 -lYVBxaX2iZ/R9TRCDkr13VhQMpSCCPY0M3yphbUWAmk2OjjqKccw6IMMG8Xb/4u0 -IwtFeFzk567WQ4NL3WlyFjjeTww6LjXaI6IYvFMHvRrOBJt0OYLtVa8vACYWF5PF -XpE+xYDYt0RE9+c6j83c5UOriuo7KEsZ1d0JmHy4cck+17GR1TlNiciKyoY7Gvf3 -/8vm/kziEWJVcstgFdsIC1eZmRSJwCSmK3yXs+bejnmWmxHEpUaSDotfFH+U9Te6 -TfBoQFfOZfLYxhYFOPTcvAgo3ru1wxxMyaADZ0e40hPKbpOJrM0fA+GSkTf+kKUF -oHwZi3SZ39SLYTR/GoOKgkARtS1NjQDDjwLUTnKq118Uzma7ZFAkAmwMCF0eyY0o -ZI7NItEFTGH9QGEZosF4n+R4iHpQj8bkZWSt92K+j9PxqNSVesAi/uluj11F42mt -yGhSdFVG5ogemvS/5Uad797V4QVg4mepAx61dr8s8utEJkx1x78XP2bHpV5JxH3t -8zndRtHC7HD235BVjfgkU4Fwq5GElTXbhrVVsgivrerJsgvQGxpMI2rL84geFt83 -/ceWgA40BxkifJgaDLxSeSgt+7d8jWuDBRE/pHpFPI3Ey/0TuO85/D18mSS4YFr+ -66mB5Fr5cNJHC/NvJCgCRPncN4At/UgXhl9e/r/j8ENYaw4jZmiMo8GncmE1J6jc -Ze3V9q//pAb1rQoI1X6Buvp+a9vyFMn1MJ8CO56rwWnv5MK8m9Nx9uLO4Ufstv7x -/fYWGCoHBHsueiASMzZ8bL0hJe2ytIJawKxngUtWfYEO4N5W8H3TqtY1KY3lRqAx -0gTmt0e6a8veJkUFG1JCjr27A0GUaVJZ2gXC8A+QeW5DveMfYLkje6pyg+Opw+qv -5gz4twbCOAFuG+wvraNvHE3HVuqdcdTGlpBaYOyblwlWBzEAVVvsKNtWyXQDlV9Q -0JA= +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI/AHrzeKeap4CAggA +MBQGCCqGSIb3DQMHBAh7ILIFfzuMngSCBMgo7osY2jE3UGsryC0M1mpOLcr88oSp +OjyCBLdVgX6t7jz+EAWM18tcStBEVYpJfhKaMxyvn+qoif30K7BnTSHHL+J4q16Q +VuAnoTpCq/13SDidX2062BsjSYlsgAe/933hq9vUXstlq69FoRDbVgE9NFQib44G +TkJDsMJLfOXdJdLNcnzAEvZAEbvzhuuqeYPNm5PN9msIlo/kf+tX++rtZATArbhF +KYBunm/wEsNKrL4YrdqErj2SDGob8h0V4YFAIYjCHjn5z4kkOlfc8qwgCLZnn4hG +TaJhn4x8A/ahaYeWJKaDf1s5xe9iyp4VOwFBIXVTvDqR05ysc8uKFr+MkMSQuq/w +85ztpSBmOxT7I96O/bCYiQOfHsDdqx9cM2lUbYHk7wl0qF/r22TlO5tR7LEjfkDQ +qYbbe7Dcux5574PPHt8TcKmmXRA/Tm4DuqcHH4DIl7FS5T19Ger1O61YWnPNIEH1 +bvR32y2MjAe67tMzatWM9cUVOLvBrfUhLE409sK2xip4ef4Zfn4UvbxSqQ0c0lg/ +tfy4HR+UiO1lYfqG2e43GtDajXDVWjLlouWAN+oO74kZ2UYVK0bOisdklls3idjs +3Ot6NWyIR5XgyWxxpmYt8Ikqy7L2bUEYahW9+bgY2EAjcoJKdqaS/oWlWqe+wpYH +WpRn+K5Uq+EzXiRfO2HhsyDwEaHQEih6Tc/5ycNJ+CDXy3fOX+cjOZ3C8D/BAJGd +xw00XdBJbnlGEfWFI06r/Dt9tuDOpmOUxdQAk9ZZYNEb2l4jHjSh5pW/V/okOxpT +byy0QQMESnHInMiDpmTAMyhGPqZHy9XXz9BLPr9+WYgJFSbEKIPJYss3vd9V0P2j +DdnCS1eiLYR9jGmOOSrx7GDYqL1TW4KgpN7Nlk7H51R4YHVL34GGToboKdQL4/wb +870Uw8OnEqG/rOiNX8kyJmH9PgyMjrSZNXpb6hjfIyL86BbburI1svne5fku69Dq +DT04cLekL3RwtsyQgWk98C/3amIak1EZGXmAhkPUwGDQ8lxARfdnuJGNYUbF0asz +kvGJ0mXQyGJV9CdSI01gKsv7/qAxTl9ndHBCaP+aPuMRNlAPJuF9LHsLpcbaq/hI +OCPclBU1nEW7RtC6+tSKxmzOKEp0mtM0PPdLJ96QVijv18Dkit77e+rco8VrUUnf +LPdvv26SZViHg3sOyfECS/Oxl6mnkIJvXI1pQVdkWXQu8VtX2aNxTv9+0TtXz4W4 +acAn6kB2BshqLA3m2qZFKFFD4oriO/GcgWEm9K7sogVZ30fDSbxeXI+WEDLXiAuK +fgqgada+nq6S7/6sim37BwIvrnbSLA4s3qwgesPQ3zocH5DTR3r4eCqWFjAXVIOt +r6y7OoZzYAD7hHaFk4Xj/1xYbtFwciQBmXEtRfxRrhlsv/ESDVcN9ynKkUCP4tSN +mk8R4c7Bm8cgysAdFRwYczP2al+jxaV8K6vBV/9xOzVujzhJf9lxcx441mKhENSU +RT2YYgaD4xb1i963nAZ4aK6PEpJAxQPvc0OP/YjBhxF4g2eGEQ4wQ8vBffB/iECl +8E+fAXwGCk7I6XHGqeI3MnI2bCSC/TQIPv2EmHLOFEeHsw0hKp6BmnsouUklijVm +0LI= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der index cd6c52074d5eae29860dcbbf18e92e03e34a0367..565b4a7b1bc6cd52cb48579e8d406913b68f73d6 100644 GIT binary patch delta 2446 zcmV;9332wC6Ot1IFoFq=kpv)rMQbKdH4A-70s;sCFcby|Duzgg_YDIF1PED2Q=u;F zxN-!72}r|~DWQjS_*c}TC_A#Cr}{8DNAqrnoi~QHA+I#1Dp8(UR^T>g%o)!s@SjIi zGvZin<+bMFiykK4@_m`E;R_q<@0icUQy!+|p4XlQS~^OOZPT#~_qry3wUKH@E@sT} zRDVu}rUA--@FWzm#V(kw&izcT)(Z4v;*eV-WAw+bvoh6hjk`#pwk--gn7DmXhE*Eg zX#x~WAyVNOhbvrYPpJ%lBJdvUQ=+@82U6R8F$A5sHVO}J%4O z8h^~-e1Tbl`yO2AC@-7mX)pZ~C4*Gzr#2?pGV)I8_uT;gtXcln2eHhdvAXn?5?#mD zc)^kb*^oHZFHpNA3O+<7hLZFmq^HsN6y`!|)<8v&7fUxxbktLS#*2V>#VM$MW7G0T zU|3hYA=xes@t(hU2&umc0|$Zj8EzExW#263{B#4y7f$!g0F|K()Mo&vyi@&7V5tuF z^>JTLe^l1bERryhJ*=y64NxpICF=`r8fCrh(h|K6LKRQ=z%ri)xIW=kc}0{|3Jyh< z+_gVK95P}gGFhX4qWkTDw;OUzP__JCb08xmiUqnpn+`CyFUPIBC+F~XZ1TBHHYKZ9 zaU=wQ(T$*KLw3ensgYcd8)-0V953$^a|P!b@{k3Rv}-?+VvrzdLmanusf`>mBZ8YZ zvbp&>$J?UdV9YgoJ%W_nrbCCQ5PmRy!R+r-Fx`GCZM)rnU843uyLrBR3qDqHlN)=l zCDLtx$j_^9(3-`dAlbEL*qZFMHbr4~i;;8sLUg z%4#7|5Ee-y5f_kCW2%Uv+KC@xM5VSNoTc@U7&V>8q$G0oJw!2A_x**8qiZ?>QVdM( z?`-TF8y}MCKmS6E;ql1W#1QL!5}}o@6-?`+AR)3tz8)B8wc0f;2Penl7C$Yh~+V3h=frG^TJT z|6ns3q$(ARJ1K8D6P;sLRc(hOhw;H6L^P%Uvzd$3RF>jh5??3-pm=X7BrP}ZVYq4I z2Ucv<4{7&&k7lpWSfXOZM(JDdFX5b>i))D>-uM8zUe-wa$N{vrDS&!FetLVC0kjE! zBZaY&c9V?=5ceA4+UuZtW4Tv`fX~dmShL`ApztqAtK(#iRLSsZ(s0_3KnEc+dz(%H zScRqFp!YJ?2qCl!q+8u-FJlSNJh7*bU^|G&p;Vahm6+~`poYF{o;-~G2%DQKW`@(b z`>rc7H?yLk`~twaAWuFit;@L$@C3 zE-!-nKRiy$5`3f2z7kJ;^#5($a2b;tkdzPJyu6~Pu!IommFS!oZ>mc7pSxavEdRWr z)YYiwj_tF~Kw$3ebn%gGhv`8NPje*xvnUpO3pBl^b%tAhfxGQd_xA{OdjW4jn(TZ{nJA`B5k%j3;9n8zM z*ff*P2xu^cXA1M0D1PtOs|WKTn*;2h+nEg81`4GRy#Z!M->_P_;sr_?s{M|CD92+o z?$4}Dxh%w@EmQ`Tsx9KaD$zRSoUL4+4UxyaIm504{}7TT&88;3uT{B!xD)7=qP4V% z9>ui$I)+#I=2CHNq~pZ0dajjwBXR>?c>h@L(g?X) ziX9{V?Ma-R{*&=c_j}&Bhg}|c*2@T$VJ(bSgaSr79Tz3AL?3r#?VpCyr~@2F_mFmGfJ7C6Vn1alUsd@L&9P37 zo5qYawqPJpb#&ohV3A|Z`sA;zjmmRMK``)OBzR^j8xI=%_PQQavE;qo?HZM{b~WKU z(;m$bM!V%oqq$XFClWqj^b1FAK?=ICdK$y_tkYd>iB(13^h1Sz=RjYG4eVgSV>xar zr$OAE6!i?;h;s5y{I;&R8VG8WE-a$-m2P)L#K0y{J?}w2MJP%DN;``Xwr&4d&a3iW zW#PAUc3@rdW0uZsxj5{ho8P&cD^DV_Fhyiy`|A+N=yqpcdi-$eEK+4xettzf*G}DBTh{^5G9v{jv3!@?Yce z%F?T)R+!THH!ye!C9N5By)!jCczJAQ_U(7QkA4}A&P$YklGRO^EWnLcy7BD^VhA-7 z33HxJL9K_ss|EhQ--*@jr7Qdsd58QM)+$mD-Dp%`9o(EO`0d#JTq_gTA! z8+_)+)JUSU2=n+a delta 2454 zcmV;H32F9{6PgnQFoFq|kpv)rKLcRU1}G%FK%Gd+ zx=cBCJo&+yxg7k6UManc;gNci@hOb3J7A-ZRO=JbIfZPC@z>4zS(xF}J5LV_9k&&$`-Q7ejPMzQbGBy$2Jo0MD^-DxHnwYtOllg$g zqqm?Ouhj#T;t!j!=j;2VctYE?E4bR!3Oh`@e{e`WZ8I`X&z8yRt8BDA6qTf}f>J?? z4;GkVoj1c;FQ12mR~oG& z5AMX%!e{^#4aoUxdqt5cImn(SXws?|0Cx^5j1CQEM}k46K!n?+A&gZrOL@$Y2_-~X zM@2t{(PrV3_?IKEHtn{eon(A)k<8g z1W)$PlV8eZq(m1QL`4FAB67_kA-+J;CSdY@izn+x$%0+0V+&J-RGdo%0qlN{gPqeE zLgEKg{U%xVKwNL<$i8$37K1`{DR)wGE9TjeJ9U}gOt7GTpLhUAg~E9j<1I@LW!g@z z-d*)1WaE&<$%_VZ5puE5wBfJ-IsHyj9Ya`5Zip@R`+b~U>^RrwL(pu0el`mJPlS@Z zYb;b2-%g8-`$tG0%>e4{KF;H&;V0w{npGlk1>4p@*k^5*^^ z;0HOuKY-JJ80*i|9~3E>F!2=)LeU4_;AD%c@30*olO4c9T$xl)@voNf$Y^KcJ;n3r z`vd4Tpoa%?ig1LhFwcv%YoI$oFb)d1m+|7qp@U4ev zWi=%3bD;Z@OKb3IP+Ld0bBnamNit93eGnziCl{txhn%eUjWJa$0JA}YkUyNZto4`= zneK4-Vsp~5&IP|zaG(1t8&fmL79o|n`(Z_hLGJ@6Q;x>XRiG<4!nMW0d=1@p@5?i1 zeX#L=w@@$3Z`ng8*$=A7r03$Yxszs1=%CVFK@9V0C}noQz?uhLCV|^daY5K))Qk?> z%&MNJZ`Jr4Z+0yvIo?nak@t*%bvA=RrwPW!xqdb3tp|O(iaJe$ z5=U|L&oNB!Sl?9tIePuM^xkbte`&CW@;lIf+-~6vYIVu#DKjut2z&qUZlS3~{DuB` zcfSglAnT7wR7bIz2TPG*Ec}of8N7o~kp2;lAx>?j1*;)s=LD6uEoU^iTx~!JF~Kyx z05h0C&>i3}oe)or_|1_)o504!`;@-vcrseK8S-hNLUwiGdzM`?Xc@SU*VPT#$J{A@ zoUuyd1#(0>TKBupz*7^zJmSHhfxE0B%>nwY9sSp zYxeu9Ju(bpu^wvj4Uo@k>{pS|xtB??6fSak;exsuoe9vj`dKOQH>L{QIK z7igMM&`2rqh4Ct;poMIyh!-0I5%^Yr`nd5`hd01}Vy!`LgB*a9SDw{Hm4*~{i6*%u ziv|B{tIzIuf2G#G&SeZ0o@NhuFzMQ{C7v|axP(HneN=t+BF zNMI^z^6yqQU@-A|g55Ci)`>I1d-l^Gsi!x7&tb>K863Md5&EfFOGGoq=@<=vK>9(5 z4y^<%IuJ{t6L`vkUH@Br@@N!;iLanW-IJoP-!DJ6QM*Kvw0`U`WY1ZIVI@Vj1UQzP z8zob@InBGU3^2NO+IRsegaWY3g^w*1bKy4^;9oe*VA%Or%PmQL>esD4bJACZb~tMI5avBoTS*IUb& zCfTF7PNnY-Y2Y@!yo?^uJ!XQN#!WfIZ@@)j8!yrTrs@UB3ER@>j;0$FWWz>-NJ=wC zg)eP3?jDL%qNn{G&B*vIL0$GuZ-wFff;sC)A5BK5o!p%|GjL#?0p|sO>5!asBKp$Qs4ot3m{5l$D^%Jo#W-P40kYpP89#yYtb2lbx*vwM>jPgv3_}nTqu)^XW#Sx6O}&>CS+qE zPclN@0X=FnnzjoX*J%uY2aD(fHy(#geiw^5x9mtlvlqTRwUUabvHn!NUmI+oZF*n; zZ4|g3&gP=9L0mYK>>eJl%iaD*Cf7QP26(e7Jd5;BkXG~?x5#vRPd(uWcXeXWGLIBW z72+%D#gm+r@I-U`KhziusS%l|6jQZLkgeIi?~oH~cxgYLO$0T6WSW}DMU#G02~z$S zoR3`mHqQ%YprP`FW%-E4`X!0s92v8Iauy57Eq443jY&sr4%^cjaxiqWEp@g3G z1HwT{*3Ge>L+Lz(6fW~x8YmVP9x))Ntd7ND*r?kmC0SEwBd@>n9hdOf>al_6b6rEt zb`SceI(~R@2TG@Z=zas@ZNz_%uMS@n5lXiXlJxZuvw--hgcwc6pRftLJ}I)fV8ALe zc>ba0br^cX!51!)4RcCbmCxxPs3e3H^zHv++`$Re_i+2ER(=nUr``&7vj0;OXtjUma=WLc)bAE)B^b{?&-4TO;6=nx;2^w|bRKH=@pf=eXIF?fFw&>utA U%$jY3ha)Np!3TYDXN;1nIa^b-uK)l5 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key index 1270639243..44e7683f15 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key @@ -1,54 +1,54 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIN3IptPsW6XECAggA -MBQGCCqGSIb3DQMHBAiSdikmQa65/ASCCVDEqdceATlCGC0EOz0EKW3M9DRZngbQ -NbbfBhEdZOHDlsjLv8I2r4KeD42cgrV4OPvCxPXKe/iv7XaTQ1yg3LjM8W2vS3pi -fUV8C5ZaWQFn7bJMRjR+7ddS8GLP9CxGWRkM3vCtmq2zqPpTuBIG8deZroTcGXc/ -iJutQCJilzd2ryVyU/2LWC8Bun1r/lStU6vJooauqk5SgP+9DxD+mi1yeIMa322O -Uk9PMYwkAySoYFUnt4G6RdDfBtoLRmaqFRueMrHHL4gw6fCLzizDW2+kx1tHkdSy -zIcH6ALZhKlDlexGTkkd5IWRdd9dQj5JLM++Yng4Mc3koy4AyzrCxwXiV1hz0w/C -47Q7GEUZbabvQVah706s3Gh+R3hyWQMnoV799UA1C6ZWX84hIWA2n0VCaaENGe0+ -eVpM1Q7eSsINBCLs1zS5oqUf0c5yd3JA2nlheZTmF8QXG382+vaWmAeCnPotKeiD -bKJyHPY3UlM7h81bJt1LowGhw56iZSX/tNdlyNHDFwKOB7bwJzgL75K4c06C4ati -5xJpwJF29uXYVaGvAryMbpf2E+FrmJZI8ORkWmXFPmwfyDVRo8SbNkPsLUIFkIDc -ZQ6rN2HmXKUGrJHlZh9DmbcCVO5SYf5IA8vsKfEvQTmUdVFTycF1zdo/ObMtyx8L -1cXo27KTyk9WuJnvh4QQpy6xw71yx/fRlDWBvfTVe7eVy/MorrBvhlSkWw1A1ZDx -Ef1aORbsbAaJCpgjfXZ5rFYKIPbIcXEw8xhNMnyrTC9u19Ki6nDsYj8wGysBiYwF -6x2xgjLRHExdkW8a+VuXmrcPXbJibZrCsG6awdNmTh8x0vCfIiCYqjF4qutp1MW9 -aydAsXpgT4x34Go9KcISv0sy53bh35QnngTuf9+tsxhO4ubJt7oNRq/RbvsQg27t -zcMzJkAIOabImsNaVmjJAhPpXEZGcvBQBi4Qn0L5F/uL8/0IPubOZC3WjLyin5BU -u61tNiF3rPGTdtcMmzE8Uw/gOJW8ircF6L5hLqN2V5cgZKGn0Y0w7dp+wpTzYt7s -mX/YJEXWo1+8dQ/u05dlU0+K2h/czlhV6y6mjdHFuuoUHgKJw0Z2u69uksRemv44 -JMh0A0OriwUFgwvW5N8PEWXBO+Qk/rAvt1gkmlYwY2m4CorBOUzuaJ7vQ/OP+0El -iSIXrNzNDbzIxqqFoRTKFTXmMuXLZ7eJGZz4zDyWpL16wSCTosMSaF37oUvWRgq+ -TVGy8BrTp/GZl70oE31Zat66a/cnZDyBhG6ZBcRSH3OOvnOyO83owU+hG0iq5yIi -5x6RK3u5wMV7ud/uWxi3D4Q4cUrzI6f5w2U5aGD+md5UA1YBh6qBE3drx4v9nz7O -YbbMdf5WU1TekJ4nBwjyttdYeWAaSV+HTTWZN55gWwLBskJR84vRhwaa6OokkcEW -zTKrUGDfu3upGiILWuP72hZUCryKud7Ioav9P76c20LfQ7tyVXT/j4atWbkeVDmq -iUO9XgE2pnP0cQKjaeXPZ7ywmooLWJ0SE7W/OLQ3jUQGcl6krNQM4zLN9rU35c5g -PT2u18npX1BytVx3sS0qvuBGtxUQlKheifOnSq6RtAkVwkAopNaWGpfK7MuKspcT -JNwqfXqtQGogHx9ygX1QlW7W11EcLfyM9YrnhBJ0f3nXZWQs+yDirsdPjff3Sggp -Qw6WX7YZtuPK1AH8lF6oNhrqsth1JEULvLj+gKMWrucN5lFvWigQoWziHBjdV8mN -oTUHAZt9n4G2l4j9hPoExchioOlTGal8Cv2gzwOtFHxeBTL0HjzBce8WicnRM930 -xaSrctLk9tJBN43MabwG8cUtndPggazZs4UVaayc0wQxRTKpg9dVxMPTdFvYjpZl -GMQk26TwFFYo5S8sz/x+OGODnrBLQZkOtDaq608dTYBdqO3z73z1oTzY2ujZICUa -JwOrpVks7K0IcKLPAk0TAQpMc6EoJ5vCYtM/7jlgRaXCgEtBdEX2vnPnJMA36fMd -uXV/aMp2/EFd/qzXCBQ8kYNQT9LHtONwKo4mEHz618NJx/p3XNAGooVyy91TPGFO -dQnk+6MjJ4Ni1ISY3GJzM4tM63Cb3cEKD7r07WmrXo9yneXdds9wKjrutgtBQdN4 -GswkOMUpT4F+tnGOZSuJqYDIdfwS49IFtwxVSlDDYgDlb/PrbSlJm7T9ZePlh+to -d8PCH2SjWkCahgstrnwaNpsE/NbHjl6S7enBhZ8TGe8SQE5dnYQXIiC7vtEJpfYf -NMVv/ucNGV8Qf+Vyikx5WFgzAg0dcJarFjOZ3kfO/CafHJyelCfsUCBnKg7mG9Sd -uzkN5MGDmKsOdBnMNq+CpkGzAm3aiDpruQABS6j5C0JLdneg9hwkgU8EGYCmKrql -bX1Ily1X3LLrbUV3dt4PVkA/E88gsTtgFMLoLlQhgsAtjNQdM0/ueN4eAjNebOjz -EXw3nf3KbtRHX2Jh+ffCua3aPD1PwbEBPaYKC4H5ovMdoFcUz3goQULK84Zf4gMF -tGzeZ+X/TqPiI4ku8YjOZYnw1D2NyACyfn+tp2eh8bHiJsljKJd0bglsdgXz1vOU -emYoj90+rZ4Mq/DKoj74fPf8yBYBApAazNs+VPRqpQeBKwWfIbBJwveSAqgwHVLO -8AZN6WOdxu1F9iaSmS0qvUrxzmuKuc9Q4jTzN2/HocovRiBuWatyoV5Mj8bLbkld -Qrv5PsBjKHrPV61O2IS0CdDkXVDR+13+DsMzXtX4Hd1ZEy9CYTQk2WXJChWFhELB -WviRCuIW+i+ln52f78HZLtf1ChiWCc+H4b3xQoMgdSfPtJDYi4UD9gHPAIkxs1yg -xYaXIygd45tJGQCSuj6vs7uoA4Ol7yAN3CGdKUY4KfXc9AZk2I3UZ84efMirLped -Z7Vp628o98q1yveU3Dh8c+GSuEw9fbzys8szUmqwXRjzHBAAkrf6z0q2CyVGuoob -8V2L0UFF21oK5M/CRVWfqq7O4B20d6iT4jUu7tTLdMH0WPHJnvwceWYG5cYYXsAa -iBpZV7XFDyyxPa535fVxAAAaG+Pj7mv5zAiCVM6KqBHFUhXIop/oUq/sc8SjlMZ1 -3z4XSGW7vi5cRO3aHn+a7jy4mkcDUK32VeLZRA4QhAKlG9dc5VpS1NR6VgMuSr91 -fpRidHHOSWLOQQ== +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQDyAdjE5pE4CAggA +MBQGCCqGSIb3DQMHBAibdWQrC4JIOgSCCUiPoKxTPRfRt9TEaoe1x7+t5hfcqrKp +TZ7NRUDVSBVDqS1Y5Yvg3Ms8VuSf9AoAFxg16zuV+G55Y6Y4aIIU6Wnui6lBk0OG +CEaH5hgRtxZ47Rb8U+0x+34VsC1Ayz5uRp4d00ejlmzKXRKXKzVLMjxzfjFUAQHs +YpnRVD6bJWLQJjML+Yp56lQx6z0LSprdUfmMtxNFs69urmvm1B7dOk4hUMwhUHIK +DQTZDqig1DD7cvCpMxPxB75NJQP/mD05PM/NILiVu9kGQOXwtPvqzklyta0AydOJ +12xFydDKHUuBVDVoV31yEknXqLxClKSEMpPAnDEWtSMMgNQqV5fUP2sOtKldbKFn +LHHYZ2iuOplWS0qBMRKYwOv9MH79yAkMyRlgHt22B/O8m/IO1HPPY7DTvqZ6KkfQ +wT0odkZlZP+AiJoxdCeM92Wl+dsynm1Z7JbVVA9xLC+poGYh5u+oyeAuMCO7nNde +l5ztg/klkikBL/mM0NvF9jRtl+EMJkSAW9cm4A5b83WKkMSuPbKNvI4L79cQKpL7 +sF413/d0Q5lYIkzYZS/gPq8C2AzY6YFMw5yqZtoMdodZz85dbQEu1hWzKTUa2YxV +a3ULf058wKuRbBVCBnCl6SFmtewhQV+SlhBHj+ZXmwwelMe2gIbEJmDrkK9hD2Yq +/R8jqYgmo0Rv89MzFb2AYjaCIFito6/C/he8ysnkP92z4mNQwp6hwH2kkM4mJhP8 +IB2h/oHaKs3D5AjFsdkhLKQUmh3CMVL7FZBzKu8JJEE9qv9xX8OOO/FDDHVLktj0 +ueQW1bV5s+cFBkZC8p7/fisLOe7kwSPZ68xK9uqLSeZNh9aikTscGBMC2Wo02EEp +ALvTrqGVeRW1yM26ShZgNacgoV8McdUGjSt+l0N+a4cZP/uV1J74+khdCFy4l91q +fywuN/toCEX0babPygJ8SUAspRT6v9Mdumt2Vq2XrK5/pwuWlU7sHTuZm57c+ND7 +u9W5YmHceKBNocX++t2advaaND7WP3jk02ozkhf7OvtE8oIsX+RKTkIrKfxXSbao +iYgV2KGHUh1+tsnLnGmaXqv6mBP7phOr5T6aUh2hQOX7nyWekhl1jpG7H3pwhQ/S +CH83ozDqunHYw8sTLm4hj2WyMaqhdDCmaiJUXqLdR9uj1javVHICxOKtbuW0SyId +3tlki39OcrmIwGpCyD2w2gck0EZag+cXMfOTB5z18aDE8z6zl5kYe3QtHOG3jRJt +kFqt0ck4aAv8NNRvdi4LSu1khyubsN/1UeaGENEYqLPDbwv+ZgtfK86TQbjqIHlA +PjysGhXQC4sBSLztCw0r00tORxnsBpe/XEAZYYxwkUHSr54gRxP1gVx2QdVklZaj +DOQ8UGWdUbFdkM+NxVu1G22dMLzJ/SR4iYm9iC2SUwwgrwgnCcr20vTMRk9iygWQ +rhWYkSLuePRyaemyKeNcb0+si/COQQhFlaMpQJZX3IEqIrv4DQdODQHh3Cqa5qpo +maU/rUmdYEdzCQAnDdNQpVbDvrTEAgHCOHBsAtkye6G82DyTc1VVf6RkyO0YhwoE +gZZ+MJ2TV2e2V0M1WtMEH8VvbVMpQI7PahH4Qs5bg2OE8qqab+2EmwztyeqGXNT3 +rByfq3iyVtcS0YDVrtZ1ZxmG+ioKgaF4G1J/ECI4k7KG1zv+009mVJ9W5eJBl7yS +3tq35F9ldSxjLxVQ2ObrX3WYExp9Qr2rWvb1nCwhTQUsmA0Bhjlv9uBdhoC6NOr+ +rKXEnFHAUwFyNbCoVRZyiYhBck2GW7YSxlWtwuR0jqI+bSSLZymbkj84Kq16GRV3 +gs3cgM9coYLN8WNQiOamPOiCl92ctgm3kGVLNQdKMxNOE2I6C7fWt65hlrp6IxmJ +xflnLSzO9igtxTCvcycs6BADbZ3WKd0HsuqXCCy2V0rb4hinpRnWBcUJyMfcVb/4 +0JSJS3/mP+6Yn/rU6VTW4MC1p3xAaSMFYcO5JOkDvk5YOsiPtnw5KZqgtRPOxJAm +R9SAPyWxjPaH0YdNPuafzqiZ/cf0W9lgU9F+eSFivds6puorTHRFb4YgOjZVRfOa +t7ApQCDmonR5VJsV9H6v1oGiy7VVjAbmLWAujXuJOj6iwBj5MDLkfq2yoqpxJBkD +SvesC2PP4B/otRDJDM3Pytkrxqbf7luF9b2r7/G5zgwAj/ppMkSZTggzq54P2NE+ +1cNPUQAeBMXsFwmS5ZeRQ/6AoTcaVIvTC0gL9IRBdl+ZaDtXBPAIF2HQwsSqJLdb +ZkIJzR6P5CdeGwpQL9zbW293ZBvn7twPrgS7hMDqcpsEHxewbMRgmVHLKWo16Iq0 +LCKd1fKtQBrCbVMv6QQBKU2YaJ6HgUTHDmTsGbvqPf5xff4FStBNm/n8zAmvb5LW +o21onYzR0tDBv8uH1sWi3exocJVw380s3m7Pwmjn32JJ9XLOWyE4LixJ4XBrdhZm +dXgTxux33GCMLk6Vc0s5X6MlixGe5HT2v/euqK0shBvz/xLSNAvpFL21L0auwJpW +L6GsahzwUToDFHBe53Z+EW5q7KJZGB5PiuI1puic3SzArsff18w11oy63izKU4LY +6heyJcUhxJrcgD892akFPgjKTJwM3XfouMiwnMhrNn8MVhhqwAOVGn8Z6cFM1AKa ++OM1vUU61bse52eB5SubjxSgJn4dVMK7LBSyeiouHzRhYpXfZF0Ksn6sDgSJO+C0 +YS8yOfEMP9lwoFeWAzJhunYYC0p+sGR95lpcOPXDHEnBXSZ+fyi4FuLce+d6KBf0 +mxHoUPiRyJNycy4/k3jgIEmCZJas/gYzKL7wHp0ptukUnWxwHB4hD9C6SFJCsuB7 +JLkUFlGTXEaIm0rKhdXU0bD5+ocXfpGRBut7yIM4hQslhGNNI0HVEFTsqrYSzCQ3 +Oi12n3l27fFU6J6fBp9JvElPdMiHCm/iIxJpCSyASlbbdTEhcDefEgkdz4UXhwMt +Zv4mj2Srhtdh4jgKzYRdp6BNkQihOfNkv+yncoRvtWrHVGIZZy2F4i2Lps75KMHV +/kha/O39+6lvNEAQCA9sur65oSNlES2abaLvdhfTQ6Kk1AhB+IaiBup5IvHPkpne +f2e7BNEE2AzFeVMpsEMGZ/Xuad3XS77uQEljKmYJ8oMb/z47Q2JeusdsO+WKVvzT +By8= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des.der new file mode 100644 index 0000000000000000000000000000000000000000..c4f1f30e7df8e42cab879e7056c345669426e805 GIT binary patch literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?66%&!C_t|H9> z0tf&w5e5Y-4g&%Q1PCU_oMhX!jMxN%0)RgNcsDyo_hQUCJ=D>U#W~PvwZ#m>t=^d* z5bajfIEW!B19Q z-Ft`f1Quw zQ>xld4G!<=#qQLZ8y~lD8^f6*?omg36;f^%04qz3r`q4kzYANLDXu?P*kv@t3Zepb zE1#+HgFrw#{QET41baIiYn-a_b{Dp|8Tjx*lTIzoSD= zS$pDF8e$mclY5?j*q~AV<0p4jH?3tQYFah;Vg7slb}l%Ba>+WVd!o2DdamWa%`qB3 zaV#?Hay^nLMprPBT^66v-mVQ>6-6OY@-bwRt9UtX`e8;jnhyF|?mHpKTvCZG^+BcA za>$+uOI&GX+ty8_W33|c>|V~8aRSdLb;=yCM|fk4H&w_dht3S%L`#Ef0lkOvu$fgo zDOStkV7s;&5buy~vTP_X^vr4Ks8`g&EOR#0xW{kmo&p%Z^2UW=gRK#gP+(5s>&_V@ z=KbyV>h3|bv$d5pHsIiEgf+V4VG|%T#9>(wPGo+p(|tjd}E?TZsZp1r0%+kLhZ zZI>tEUN^ZM1oY0oijBzTnk-mu8Z1M_N4_HOlcN_TvKBNX&ygH@(L>U}lw+iQeU4*K tfp*=OV`*4oTz6~5Ut(jbC0(5(N4>Ng$NS;ZTgJO+QUWA@C-Y91pr*AcO5gwh literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des.key index f3a2d0c60a..2e1de1a57f 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des.key @@ -1,29 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIE+lx5z79hVACAggA -MBEGBSsOAwIHBAjrWP2/SiR7cwSCBMgUgnI4/ZG3jidt8TZShsbKzxQ9bt9D1URm -8FBTFMk8JRowaXZyM2fx1/vEUlvKHIwpytOYO42py0lDf2qdn8iIe+8V2GLpyGcL -ifWGbDt/ctEo2jVgWT01q2PfUEirwTPTUaDR5KBjfMjGM5V5c58fnTQztAFaXFmI -VNkiQCC6AKCbmlblEcjFGBlRGgV8sOWCW+JaR5iJNdT6PhVJzJiQrfR819fGSISj -0N0Wqpj3VA8V9BeATZAjvofBCwRABDNsDqRhjgx7ZEVz8C6pNK7Ck6ZXEjXaWc12 -ZvkzjLuufZ5B7klvgLzfxEtvZbQJmrQddDXZP9ICykP6D8W87EqEgk8yoxeFioOm -0/edj7AVZ3rxbxpUUHJUiYDLNXaZTksfYhL0ZsB3cEL8VofUa1K+66N/0TismNDR -4KSIjuRausXf1WJ1oh5B18zvnl2jkzCpwISf58d7UeOny3/ZR38B71EuaXO4r21e -BrG6fi9VewuUg1DHSYLIJErVcfNnVXHuT0EzPTjr0vdTUguzDUv4/YFcpEDk5jnQ -xJshBegjbt5W5gY3GTVRlyWqGKyOska3e2u4Cf7tZtP0kyy38JHLkQQXgj6dxseT -lCIipBDJX3gU7yJHMiX/OpLcJuEMakRrpWLrB0vezX9oW0weE/dFzZeiYyo2K/DI -TIFiL6FDuLUqpcYjeB1M+wbqs0f5ndXThVYi2/j73z0dwCI1WwKZH/WOdTrjYKxi -0oiLz7pHHaPoMRymWCKTwQhYnqiOXZIpfeOFcUY4JKDzgyKdvU7XLPnbt4yxOlJD -yAzX0i+bJjYjuG45XHTS8too0GFG2h6VFvOYAQsiq1qOnxVqVUvYphZBSz7D8Vql -lHXWp954AhpfUQK4mLJq/exjUIGIZb/QxbNWNv7mTMkBQxGJ6B/1Vjkv9KC04KLe -/JMnEZD+Sw5n+5j8qS6f7YOfVJ+Hqm04M1S8cc7JD4qMufLW/RvuKyBLb3sCn0Ue -D+uiTedxoJR8nm6yI0uZ4d9RpRreca0PPt0o+DhbrDWyqH19kafN7I6SrDSbBNUO -wiGBbgN4Ur9rPbzapATA/X95y+Q3CFLe/wcMLcLHJ3tnRCUo17Fx+APmrAsyBiYd -9ulUq5WcZaw3pEDpTqN+0832UOyjIwpLyVDLU5jgW04vbW41o2SW7fCa7/QxT94p -4PEAYi2MltPYQKRO7EOh+iUOHEsc8UDb6x4i75BcKhuLwZ7nmrwzg8ZO+TWMuzYb -McJ11aZ42hN9U5H65FQzaZhAAcOqxTffQXIdARGlfvr3lTRnO/RQbxyObEqGeMHP -XlDzvIMdB6b0RG4EBfpDFUpWf3Mhx4AG3bGHPjUXXhNICCMDdI49d0lNJ3nkF0nv -JsehmIOY2U6fQBEnZhn5D0rjU+nUlHvgKQKhs9yIym/K+KVUznJW4ygwFiKXysVq -QGqfn7hbBonYqLkGL99O9JyKgz/RhEMC0dKtgu6ELYJJVWnkJGTIMkp5a8ID48qW -RmFJX+v5ryvM9ePSUbLizOUddsXycJpGsu+Am5H20cTPXkwxYtNcu49eLrGoXf7E -/mD/zDqFryMK3oUBHnBJf0k/mMnzwfgHNveXApOSbflvRx39652Wugd7CxcOrIA= +MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIBW39lScgIG0CAggA +MBEGBSsOAwIHBAgew0DQx3CQ0wSCAoBj1gYWHNgnbi55zQDcpAwMgh2xHNRTqkKU +AF5K4K2BEy67eXGtXNEmBqo4ftuUCmEJ54XEoIK+6zCKhv9uwc8G7JHxMRMDajkv +W/WfUUzSmS0yoXn0DkhXZnR7FifFDwrZ1E721eRP8eL45qc5ij6Xlr3NwA3Pf92Z +8zbszNSMaw2P6kgk6ZiMZr5vNOS55w7vM1OMfP7FJjNRNENue01Ed3WZ8N+Imd4N +16Nfi0VYVaFcnOoWRt4/aUWHd0cZyJNVsGDYcoE6pEmi3oO/FqS1EaPoibUxldqH +lUc8UW6PGtgAzs+J7Nf1Dgd9ilkPoTvHeMAfc0yWlq4vkwtdYhSwWaC9EjkHy5+c +K8cxYKBrKrseh/tjB+WasrzQjov7+d14MqK6DvqYtUq/y0HCVzw5UGWA+hlkk2km +zByJKHKqrthZeHz3aE7KQyE9G0AUukGN/J6f9EnUeS8ROZVKAB7laQKaY3p6gH7g +tNenTQ8Ng3KJvCBiZ3QZUWxlEzZ7b+DTG4NO+ua+7pD0CfovNtWE8spmNQNRGUL1 +SHkJqRjSTnFWrLLzbz9qph3G/qlOQb1/mzEqcmso2scoeiybv5WE2Zgkkiajr16W +RBz3mYwOmoKJnLrMkwUJtk1PGrJz3d1VAnt/ill6LdOdiq65HC4cKqY36+x7vRYB +A/75UvP1wCadtx1ukFVTLylJG7T9gDZgEkQlaCPkTxthK7FqTYS1dqyy+Q6aNwGn +f3ZS9f3azDK33Ho0V38rYAjdg07ghN1bayKXfmAKz3z7KYIn3gZqRwWMvc9IwvTN +0bBpNCe/6du89S5EWDAGmLZ98oBvAZ56hKcNNmTJewUxHbjQlnJV -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der index b72a4ac3258b615e24c543bc7a3ee97212969c47..e60bbf22ffad3f80fba576e2762d93ce905e1f79 100644 GIT binary patch delta 1275 zcmV&gNG2mmk<1_dh)0|EyG2uK#|H1l6Y)C7VA$Q{w3 z_j#J@bfv(5-8u=~n!-V8Ye_6WG!KV^zl&bP>zXHIikWzG3J6jQllF0DePZZjxR;Qr zZ#{0E_@-&TX}$M_+s=q7z9PJ=^vf;@_2lb683{Ujm4#U*V1N9pJ7*$5{;*IPBziLW z#!1X9Y^z!-UnqzqBDy#WY25+pZQTqlkFA5!9M_X+m183=z9Z#pM?pEJtTq_kfcz z6t0TGqE5y85r4LxlX!^IK-5nf=#*Dog7qxj;ycXqKJ>0ryTp zSr6O_G(6ermdl%|Y!Gj%-MgMpUZkx|uyB?KHJ z5>~T(%`cCQT1W~tx4`Q7z>x*HfwnO<@H})Houcgb2C-&px|XQ*mwQd3Mk%mLfqQ;T zoudcc*10qV|L1v^u%6KA6`>LnvwF^C zPX~FOKYtdN>2~Plv}lorE_49oOYem=jaXDUSQasr8PZm*_f|i>JnU_)#Td*~$ZCqi zYF0b#OKR&GP@-RTn^yGL-yR8X?u={3gQnSoHLM7q@9hWHmy{aC?(yrfkwQ)dAlmz; z@WKu*i|%Tmb%M>uv)7FR!I!{%^~iDOS7Qt?OMe@XH|*aF>GnG-N}e%W-MxPlr~?5( z>Us4%2U(z0!|-=8A>a@e9)MRQSJ-cpigJ|4ZN#5-+ezU4u~4?0{=exI2i3rkT)T{_ z9w2NPov_N;wvZ103P}%c9{Rv{1214ha6dbq{P zSAWXEi5U7>Vwwm3N=^C$$@b3h4UTEOBp5XG zY|Nh7`ot;F-qo(*O5bDyT2Z{BO_jGr8(dsAdnZnV$9ryYx}`$+VW@k1a@Ck?rGM-k z!AC$~1UM5;vT;>sm()%s#i(iA>`^!8&o!UZPx1iPe(Z|#m&ROO+j)^FV%(p-R#ki{ zyE+vA#zhHY?pI31d!n3p;z#Q_7gtNY-U3otV9``F73h}sw>6dA(M_!v;f2mUM(;c! zTV5AkVa4X6Ggmr>X=rq_9E2x(Q*_1}q`;`=$yC1l8Tm2H5i_7Gp;yB%h#)MEU>z*H z^rxL>&JQbR=A-!F!AER)JuKp3t`#tHVts&>!r9g8lsmeWOWsP*JzXLUXdfuQ@_&R} lzp5^@9lTQHTw=mvebmF0JgJG%6GH~*A5I+aqgtg*kybFNY{&or delta 1275 zcmV3Ch`!qSo66zAFMY3iT#I*{Bd>{1YZ*a!Y;r|(n^uh$+!HAhk{TAn}2SeS!Al_o7YYR#3~^I zDEGr6AClJP2MnYBayV5WVFAnPKmeaGqQtY1Y#q+OoqC3zm>5&SIy!?Z+E$4=Hr6%H&MMKd?rPX zhw9h`jV}x_D;VyhMEP4W8yOylOaok5N(+x9tIbc+JiFWylYR`EM}m%~Mav}8)sPlP zX=j?ab_btGDl{G5X~>Rfc!=*5AMWQ6|C>0Ep*e5hOFQa+U~gM9B1Pc~Mqx1mD^y|BI+`-VUDGjbdqp`Y zfpHBjydLLNwT)JCeEDS=GYm|5@P&q`Pf}}T$hS8vvD5*PgDUWW=uwM;qANAADT1w# z&akE3Fn>ydgs?t_)|SMGvzGxeS;Rpg*L9@b6PZUWxOgDpk{a3--rtBcS&x6#S-{OO zkHgsfj-b&fQzfRBC_X9&5zwXQt&jUA+z8=}r;GTtD+8p)t6%HTtLyV+_n2?1S1)7j zbu5Ggyd%!8`1x`%m2rtpIf`E-@P<9J%uyBSV1KH3NBF)SBH+XHEdQ`*1BjUKx+taX zCa{Gq4i`~triyr~>7YUD_t-TLJ^c~3f#$7<`Qx-ghk@~AJ^Ed}`7TaS1&XDD4o_M2 zcKcZjhoGCQ(F8<05a;fJNVS9wY(9HBzK?gN&CghKbcXGUxGnEl0;y(^xws@hg*AJ< zNq;rLlQzut-5bn@cUqcS+$Of==~PK9tgT4ct{~GcyuUDc)3!qRrZP z%GqB(fMg2~Xg)0_TH^ogVQB)choR_9n|`LLRmc8)DQHH>D+Ki%LInz{@qX3B-jqSf zE&hpThWfX4?hneKoA#)FCF7dbbn^Hyr0G7OH88`L$PIf^Yv%DUp%uB3FsUlByR_ce}%N8m?>V219j=L~X zlc~+ODn=`b_g{FxcSsiAOn}~BeQ)d2bc_NU=Wyq;Nt+()&9}DiVNsM6tN;*=nD^;4 zX6)nrXy(Mt;K`SIiVeC1LmMvZ(R808uKb_tn`)3=etB2G=lTJpW-);N9a3|?DNh>~ z91On~gM+YO8)W&q*Sr=g)2zbnLS4E3tw@kEIWg{IiU5{@`}a&39t$qnaHrSJGDP#q l?Vo}aUVF?@itLB!5J8EzuQ19b*)CtUs$Ocz$0Y<7_i6pab`$^r diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key index ca7cff402c..8484bb87e7 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key @@ -1,29 +1,29 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIEDYe4aq4yfMCAggA -MBEGBSsOAwIHBAgp0IpjLtyryASCBMitqsiyjPiiJ6ci5kNUZdGr7xH5+81sTFxC -Zhbf56sBQnE48C8HY65UlxJGxHUClT6bgybYu6VMgcQGInOW4DjdV7u+vDfNhCii -uidpEDyfS3aQMLByHkUcMpZiGl5KDwf46fQvrvXlBSOzbc7fCPxam0x4Ix8M50qd -3vNA9Eh8X3ReRBtDLma3bUKU+Y6Kk0yyrvZE8H0+UFj71UaHPFUvmi3a+v7MUC7R -4HQScJGprzSVcZLz42/83bGqjgDAdD0ryi5U4akMBf1eMjGUjoy2wOjQtQf1Px+s -8e9Ub8JmGEU5t2h9i4oHj67nvw+8suF9q9zRYgqDXodCnRltpyuvZz8916FM+kG1 -RR2/9xKEKbEfpNDaBmTbVjnwyrOAULyVz1BSeMEh6Tfg8I/fSU9VPtKk0Wr+bS6Y -rd9GLkAEhiML1ZN3O8OnuB+e8UhJB/qZudqCFsD39IrCEp048yYMJrhPS5wHUI1D -rUJWw3J5ziwClSse0Y4ppTOvfLfA4yOFPgp8nB9aJcBZ8fhkGtz48yTHDoY5RQiQ -RTIpdYqsGXJXnDdJvGOHjsME+4C5dN1V2+3EPtu6j413Ctc6Z8D3K8/MYPhRrMYQ -40WpQbWqUjQToJcnLrrgn1F5oAP+mnmd+nVCkX0XEaoUhIm0VXOHN8ABuq2CGf8N -Hw0+MPSE9C/PxZsDhvKHdMOUm9SN7SFSyrUv/61NXNPhy2Z2RgOcuLJ4hw4969tg -T0TgdXgb5sgEUq7ln3D14RIabR3WBdMB2502IM+j5cDFK+lNR0RtdCiaXI45tBol -+V77k5BZ2fkdtKjAxoRKztIbIUpaX2kkXXBQkpQ1pGItskIBKCAbTy9AF9h4Zr9l -Kelod0A7Ekut9gVngxnlJPAtjqHl1oNqAjGMIPoG4WSvkun6/Bz5xSii7GOlXYQ9 -xnYfQfEV0qFNmLoSEAy6mzpeY69pxWzAfnsf8AZiqCy8gW2ggx78HikxW8opXDiY -KdKpUxc/LhAKln/QwEqLnTl81sqnviCGO2g0lsXE/+h9TXd3Q6sgFR1jjP2+zWAi -XUS4Lz3dE1W7bNWz3DrSzCnoRTWNAZYPjh1GP6R1SEkzzZtM/yLR/r808kcn9jaU -+EisB+kYdzIkOVe2pKAB5JGpjhjkZVN3uDkHbuEGpx5F2g6fAPbIY8cXOjcaipEu -mY9qO4/iVUv/ToILmvG/dXwO3o9vXHT3NFm5OKi+y4nMvniemui3FnwJC7O/3OPk -uy2Z//ODIoE070u3rSR441fIwS2rSyFmHQ1fKkHoYoq0yK6MSh0I6Y+xkAhNn5DR -ojDOP3N9H6Cu6V3+r0PXxsFHmyj2r7lxSS7imFuCtFYHWDbO4ie+W+tzebVHZxpZ -LWtsOypUyJBHLeg5TrnSnvnnnBh90SOi36CEyzkQHK6/wr64cUw2jS1N/DpxbDWt -hGAjmSYj+iNHA0BjhPQYfvKj8xOW7pHOWZWnFFztJ5JLEta2NShBF7RMdgos5MbW -PeX5r0tHAjGnJR0taH5ZJWs1uaJVtSjke720le3v/7e9lDkcgItgef48miGXzHUo -AG9DMQs7/Smv+9/6mXjKMV+34RLqzWEJbkcdGtKvPn2A5BkkRfXScYpjtGhVPhU= +MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIWTSfU+sYEeACAggA +MBEGBSsOAwIHBAi4q06qZgfBEgSCBMhk5oT3l/Fyqd1xXEAdeTHxq/NiSgH/E49f +cVsJpXYK+BYuYKvCTBC/X2U3ZHRwY3LDf8dMYoJKZXdoKGdXXqF1jmy+YrI7vPBz +x7clJH/fmBXE5ALVHmyxozBGA6hMrHKAaUNt4Bu4s/pFemf2bXeAti59mHSWYxzt +TQ3EayuwhPhjrKElBcE94QlOnM/8sM0I6ZWZprEM6Z+PYMeIwW5xbzs4GgBuC2PV +IcsoS1OEaCQBlFF43UjQPv0Z1kfw4fEKuxVOKRH5qXaLIKr3JQpi/dic3bT6o8jT +++cwjG4MyG0WehTEvp0AgbvJVmszHwgsRhQuWVvq6XJ7ZGJDsuhmIepNO/SmILBI +BaATz6nbPuMW3Oahpc1zUcoiZqx66HSo9Oyynxgzru7gfE0TaAVtlLX3HftfnU2z +5pDsMMoFZKUc/yhF/5wbkDnhTqFdrj4ocqNFHy4MeIqd++/5X/WPN1Gtja7LeGqm +0R3JYzQwL/y+yEsO+6KdtAwx542NzzbhYZ99mUHbmDDxbUZDB2YoaPvu90/sy3Mt +jb3au+3y3vRV+pIvzkKuEc0geqY9zUEiNld59Wf3rbj5HrRh0a8fob/wblG5g2P6 +a+76czk5QTHEoNaGL+bf/swjYKVa/qW6Eo83Gc0ClO2cBRdHzPHGKsrxobIT04S3 +HiABCrRcMZ3+JCILbMUa8hqJWS/UiW4Blwwqe1g1Zc/VaLTiHMwdo4i3+8ZpYgGk +ZTTgVfRd8GFqxe9JK1wrLPClUCS2RBhkGO6yHNB/C7MQ6ciC27KumkdxpQUx88Su +nQJ57Cv3mNhPyzh+n6rlEUx4XOqbqcGXsODhapM1cJUGMfH0AeYq21fXbltpugyO +5g7ov8qqpV/iNuKiKZHAg8t7FvaG572i85W/CsugkYTiT6XoUzYMA8nyiA6BOGSk +uDl7hDzYnwqBVMB4vopYOx5o7YAG0kAL+FOxiv2gfpbmKHvz0LOC8vRqzNAi1N3l +8Ib5eWtXGDEzaOMajua51K0b4JrQtK8ph1MJJFm5Mu9F3Jk9D2ySd70aQ7IYW/ud +loWnnRnX/mETe3gmgADEi385BrLBD0veQL0im5OiSkhE98yilIFgtFGolq5++e4q +VAdatHWNnexY4XdVjW+y/T/wfzakWFGBG1K9LQHCStzrz34L02tSS3A3sJbP+1mx +k6rV6CJlVOmKfrPUw74RuMq4yAWJPFgn9GPdjrL8cvRmYiPFbVCtPR0w+yd+EOyc +llGwqxz04yDoOoY6In6++HatoFFocgIHq3iVhE0zfXE5CU1zFdDZfqWjJTgYCoig +nt6GjLwV7mdAjcVtu01w4dtPyK/9bbh5VNzmG2TfKFdVKvQFUvvEUO8hQpcU32jH +gTuOsYVFGAUAT8mbBxAtXFgHPQTNDx4BcIpbqzI3/O8ZjW1PUQOumG6NAD5GnrWY +yPIRrcUfyinYuD1S4yc8H/XSvm7Cvx4AuUlIEhw08c4EmCm4KxVDlMMkxz9eO0TA +ruxB88WazH1ytFCpntZYFC4doT+XzhoV7Xjbn2FxT0KTv+oBdER6CMcrAexBIoNy +SUvRiTPxKhkWRKCbrwrET8p6RnI2y3ZMe4LRVn6MrS9ktZsRSMqy6R5B+xhHbHw= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der index d9561e489ae179da513d3ef483bd10bc29edfad5..22e157f35eeb33fec781b80ff72970dc311f13c0 100644 GIT binary patch delta 2442 zcmV;533c|D6OR)FFoFq-kpv)r_KJXPVMCOk0s;sCFcAg?D-Ht!2LuQej&jZTec4n5 zf(c0WPn%HdwQQ?|4DavGrh26yDBkV@kqavFd-Z&({DUm>y3(dyo_S9ayD7}!IPgQ( zWShrFPViIn6RMx+6(yq`sf`9nbRteFGPGV(&%o3s6AZ!wmWiqvDHz*-G~Sqp3dLmB zVRCvHZ~P4iU^!i(#+X-u8C8x?7F><-ghnLEEJI{ht&2@^geKP0chg4hRZ?qJBp!RAF>^7y5fZtb6FI&}Mbk50!&)NqEc<*e^CX3bmv? zitUblb5ZD_Qw#+}`ePD*Pgq-`(#XnH4AylqYxo>31a2{`83niNHd;fqTV>+b0L2x$ zL#KkvnMYhTp+W%Abxa%`G*&i1Woc}2E510=3l}pC^ zwA3gD2N^&Wg9(_!H={yWw@%rgrNnM$OS4d=LOWUAPI|@SG|I8NaY6dEhmXuzMK7G> zwE*4}ph@0!VfCplj|SN`NOEG(yKhgrXnRB4c9wFxe{S|Azbs=0$#RIi;sPZ{3JIK3 zO9Yu2nGUnBnKu7_V6ui13pjGHhr8To#M1O$7y2OdK_sE^t?;g+%#plWruQ{eIAxkQ zn*2<@DaeL$NdP+1%<}+K6KhSl?|PyEe%5m@6I3 z;}KYT34*G}(Xe*?(KQd*dN}y-_x6tpP_kZJuhxZF&&`uhOhEH`_yzIYA8OFF% zg%Df(O39COwOYEnIha6E)WztmMWdI~pXsh{C(83_ptVCm!990P-VnUcbnTXGszC~d zagyf`Vy8*0DxSll2ozTLeKH;fLk>rN%r`V?nHbD;wxBDChdt%;)s0)a+CaNjTpyn% z1jnX-VD}UVlxytUcf40;IxfEcdDZGv5={F{O_a*-mMIJc8ZZcjqnr5|1tY;HdAC2XDA_mHh+HtJX@O=d+h%gT$EPjy%^gf-QPy5 zW?lyyETM8M;qt@u)4Pp=ED#qA7Y<&fBZW>!ahk~2iZrMiOz{&@bzY6si#E19ebI<{ zl)53`GF7|~xOv8A=r>1YhJp@q6IFqje3|YZN0ZBl71!u6L}Y}r)QCTV#WL}X$KS<& zK%ay=w@?J81oaH+04=pE5gmI}?T21%@h@YH;muMqF=RMH`A;bgmUY86eo1Z95eDF% z@{_hgDa}|tE$Ik5^@VhXWhPUfc4gV?gT0w&)@YOzlrFj0H zx{r0;9Dp{VH|Q>~7~7x5G1(PZ_qae)YPuYR_V*bjX?MenmOo0bOjR$aT$F#$sz{l- z?;K4t0X@C|>?&-dfs>#5NJ6vuSI;nXR53EbU$J)Xwx+;#X)vKN-1uk}LoLS+&s0vp5OA;-5}gUDL!?faK* zU9w;d7Jxm}C`S)uJI{Lbeg%#~7qu>WJ~7lRnR8`HgedlYd-n5x6zoeIDpKFM_=(m{ zBnjYyi$&>(V;?`4cr|ARu>GVs&&!c4FyFh=kYv{8c++Rmn~`%BTA8QQ`O_HD^F?gV z`(dxaoia>Q*%647^<{p*x5r4WGDm11S0H`62JLzih2>1X#>Wm zzUqphj4QkjweWmnPLC|AIv;v$*NQoCoHE^>QwIXbxg`XBAm?l193|>nNuQ{d-tQL0 z1=n|Adg`#xD5lITGs+R_#DbuUFP&UQe$gR2M8DWlNuw6Ac%Wf9#A~7*|5GYLM#XKI zpX-#y(P>+%#f3WKpZ*MU#ALP-PeBbn}mg2!T IVE0Ln73F24=Kufz delta 2451 zcmV;E32gR{6PFVNFoFq_kpv)rPcC&G9GQ#+0s;sCFcAg?D-Ht!2LuR%DLN8BE*&2P zf(cOgzWxOOqTs&}u~yp%-92vD72KadjkgiykJ5gs4+J^t>#5+e&dn%IN5NZjdj^&K z)skF}ODG>pEo8qz;rCl_#OE+B7L;{gXHO@nKg(vU6HgR&+G*uq6bpBM1LY7EA4i~= z{UTIbSH*djI|k{E$memyR>#?*ac1gruB3HN(vv<*-N?smXNp@BWMVy0u+~(1YVw-p zp3(if80$JzDl3P{XhDm@VOyTxRwB`PLNA%)$u$?Q|Eu$Ql-T4Gx=YUblVrf~^h>!9 zyq@r%kW$2lLi|#3>ZBBZ-~xQ(E-kn%dTCe}T)j0VRi`;{;Oqv`TP28MNFC?{53b#P zPbH~Bs5au^F|8>ih^e6pKxSUpaJ7=DIS2P_uiqUR0IIIh4f6xgTUmu6@dlF zb@fCli~dE$cOB9tr`~BW9^vz%lRLmRsq<2;@VU@pslU>LpoAWOuwugZczo`dz+!D? z)Zd`FMSl)=yn>SrtwDiY9_@1acheyR<3e?pz(^@pl*W;a;ff>s3?X%G!O=Izm&8=^ z?O8o)+*Wgfcon@;L&|)-a!^G?fluS+<0Tr4f?!Z@Rn(La%CCH0@&DJgEz;DLqk_mR z7wG4801@@d;%rcVT@DXgdR}tg$^I8M-Vvvt6e^_0of}}4LiTsIL^14Cuu|u>OB#^| zhgn}*`N=uXA_)FniY=sU>fSvGeFO2+5{O2=pI|Y2ox!kUga~ZU1{%-a_l!SYb^Ec_ zx8NG!@#;#zf>JI(Cj9oz*a+!msEom$ndG}f3hOzkQOd}F)UN<$ltMJm^75a_3M-a* zhl{;dLON}WQo`CCay-yrr|L>VkASloosx_Bf6>!{bhn`ENU*x2!50DW5a$mCDi&9X zS5-(>^!OKt?9s`j>L^EP&B#1>KM=W}4>DHvIw<9bjt4l&GLo*Mly5{{AV0*6!O7+> zEB^eyYIU4{*YfLO+=s6`Yx?m7^vvwCyK|$({!2e)yH+Lbw!UM{O`;VU;s&$V%y|@w5Um~wZ159WBqtP`bctWTM8wnaOKXvSN7`w4BDa_ zTO?)C*kg`pOQ3=rYSwm`wt02i%_KJ`#jpvWNl&W*a5}Tq5o@x^^#eGj^Ms8)*Glc0 zZT~c;?j{t;i6co%$hex?-X(Yw6vaSN=f@R)|Lfomx(vHlNI?kHBs$4%y(_3A*fQK` z!bUK#2~7+l-@BcZKGevLtz@od8QIg0FYUgAxBChWBjbTKy_mp41GWh26Q>&Em2l~ zy;8`fcpbk=k*tUOvtAk~{;rXNzpj{q^CknaJ1T)vwnkzD2Zd=VpNc$4-`X`;Hxj=s zhaK$F#@5~xA4vGw5`1nxpo@!#n`pwAP2nm6<(piFz6>tr+tHB^!c1rAC!ZtQIwZ3} zSVUYaI2(DBED!9O_k1a?aL?$ODpZDl{Rc+QdED_RW*(`(Z?Dod$2^*Ew?=pvGb~{L zYX>0^`Jf8bP~AK>{+Jqq=K-7iXJ187myDh1C2qekj*?2IgM8esLUaN01AU<}*iRZbI3J^^vAx zpD;c|sd=l^;vX0j$PJlnGa{@}enfoqJ=73wx9Z9{my?VtW=6GnzJ<{e07*DQ1X`-I zA0-(JIW^QheEbNXchvn^(msNJ`~9y*qw@^UXB*+z0*H(-0JqfVN>LS#n$$7Q*9Z`X zl(*|48hZI@W-dI%4A^JAorN_U70V4MNECINIt!2%-^ z^u13MpkdK1HTi3tqFdg@uVH7Zuel+a06i+Ad~XSj;@m}H{`T`a6l|sQK!(_fwh2unvAyYyO0}y5zqtW0%LgCywbf& zQoz5E&p7edQmD8=GZ!XO8dRsBK(L}`i&c`K4i6H$_fR=^l2Myn9Cb_xXd?u`638!* zP63vAIPRRMIhv&^R%^~VlF-*!^Tb6KQ@`>Yt7$h_UpoZ+JeV1WYayfKe|;3VFnYMQ z%Evu}zagA#keaQ30PHM?pjOVYHLEerLp91;@s=wwHUYZB8pgeO+ejMu&&*f6-#5sl z=8H8+yl4JXZ`&gD;NSB4xdJ=1e%Z6XoW5KVD_u7i9^0Ev9?NOE)EV-NI*ste@u?Nr zH$fCO@0P2(C4U--@3z&oGOp!G#7>Y3LY7Vrn?OvJ0MAURSMM7)2Q686VWR|3z zHsYR7MR6b6Zi_B0fNs!WlVKIdQHILoa-&*{6`!e#a4U~{7Bu~hEhC8%3l(S=@GH>p Rn&rI=wm#ACt{o7yw!;7b diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key index 079fe6c64b..37a17d95e5 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key @@ -1,54 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJkzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIobaoQ/A8YEkCAggA -MBEGBSsOAwIHBAhUPSpMYSSWAQSCCVAXo8r2SGAy4/4jdEBHXy84rAFScWCoqHWc -eJuWACopakL4h4G5JOIWphhPJ9JIWIWlq8r+KcUwOqIuaREb4wseR9oIEWW7aHyP -0zKKHEnRPdU9kfEHTcV4TFR0yEWTSp9I65GViT1ZlHxEUIjhsY9PVhhBoHVXz+YJ -oXQzKfuqh3xeGCGp8k1hfVZp0SXQZGVqmupp7kIyEsiTGwey8ASoTQOjOzGBuGzm -nzrhxvOa+fcz+WRi4M+N+SZNDT1BMlVPOsLEFgPyLxfZKWjgTYQJTipbxWuVAv/s -DyOt/m8riB8fJQbMpXndcVWe0oavXvQTdsrTkccWHGkbrlKKSZIkGYDZgzJHP3lF -klH34TMOdx23auahcpF6C9MiyuNYmGr11VVoy9vIhz0o84R7biruaA4Js0t2tdzo -kE+e0rff6HDP8YKaQmaqmJdmKYkGlNSNhur/rBYDfsTqUqG1p+B9RdTaE/vNDHXj -d3lyHC2h+UdPWX7UZ2FUhCaW/Sot8lXXRngy683s7vk2YabB3qEEBHUyrH34/cvN -+mrf0h5w5K0JoBj9T/gXeih1X+wrnEanhnYzOnCEgAfFGZhrZdUcIApT6XdCcz6o -u5vaX6uyH7HG7E27Jt7AMxbceg7RLhpX8/KQ50Q4neoRrJjG38xRwnbl2G3Lz/yZ -+2+1jV2UZZ/mSrdmjPoqtDsuDY4KftUniHKupmvTNQOENYOZADYAXyTBPl/JLX4C -Ry8JgyrfZuci1SQYUv7nFBkLy9rTaVruXyOojsTa/vtG2wY/qBbRabNbNuljBPWj -1dyYXTnx6y6FAXdOJ79Wqnf3jwLUMIsQPYBBLEG9YOthIQM/vFBXhmm2e1J0ujt4 -NKsTOxd/nA998kVH2K3JXVWsXh0OoyzXZnfDBXD1gi5UsvmGJnxOk2MAYKZbZF9k -5uAxNBAGxcjmc1rYFDfawfjzMi7JHc/9fyNT3Y6f/xIXvXIsqbTA/8GLP4n155qx -5+TVUYmv2K81u8+07i97mDKSwrvmfjVW/AWjhXaIUohdXekJnu+8CcaYYH+IGzx8 -DCWtjKc/N2PMYfz+XlQiHaFd2CMHQLcYr0vpVRSJkiWHcQ+3CEbiOtoGLPSthfGi -SeXKQKdTn/vfI1Z4h7/QWbyBNV+MLKRJZRbcWSm3wrhThTrjyZoxsO8ubcvQlX6m -QkwjadXHCppiGWULSHTgGtoO8LF8ocBpzexKFm/axiPELsUkCbaCCMkuVLF8SxCF -eqp87H3kQe1ZN4pnNrI0TWWl24036ssW2+hVVlXBNRdea2FOjBRESHAbzycbv3xR -UL2I1Cy1IeNqTDSUn+uKpTakUNHhNLE5mBMkLEkKOJRHR1fT1+9AZUXDQhFQxRsQ -AYIgHxYr0iVlngAs8hYfK6sMFQVIgri0rZIAFkjp+0q/S1ujL1TwUJbF5SKc51yr -rFNvbSfV32JJGdqWQ2nPSCVKG5eD5XZZfkbeDkX+5lKzL4X+fjnYQ4Lx1rlkaYPT -TZtixGPS9877AoD6TQ2mkPyst+0Y9nkyuC1GkhvmHj/1q4+2rXu+eJTKlNz+rDH0 -i4fLymluGrNmZQAsGuNLAD1UCEB6B2r6HmJjL7GoCmhT6W5n0fp73ZtSRAmb0e9N -xXt5xFWCxEveHL6OTjLCgH2HW4mzp30S3CcRsbs0pa7DLFCIpbnb++EYZUd3I2j/ -7kqJfv7P/0bVFevpEH/nWhRiZcrsvGOU6fynVWbpGpNq7Z7jwRsmDGtYy2Ry2QWb -MRDoh5k2Ybn86D7C930KgkStt7QLVB31PMfCkwdeu59rjX2T28raH3G7CISrinEv -aN/YsbeGB7CoMbbJYtu0StWzle2TiU6fxTdaOM0m6WTzGVJpp1xGuRGHVlU2eIA/ -j2+ijZLKM8K04GxEnJEhdRlB8jJP0MvVfJF2P6fEiffzaKzHwHEgSOFy3vXuZnfA -XTSM+swPgG8x3Yof5Rcb+ESfgxYCLsucR38psOcIGyDgy/yRlBgtCtP+goFeGiQ0 -jomlPDuwz46JX1y4yenqVN0ALjuSm2itEWDN8ywteoCosNZY2WRlrY1M5UcaiM30 -Ke/4CNlyw4jO2nV3ocD9Qr5EkTB6n+6XVs7e7HVYHo+oXOOXzAoEcGNYtuGoDOir -ll13tD4ON31r9uWQ6xGARaMqKjdx3bcNNjzoH23YWdweUyXK5E1VDHvr6/2an2eG -c7vGCwfB0gcrCEY0mxgmJdvSEROokA4KdQeIadQ0A2oHVYa/V91Z9Gimg+1sU7Bn -vrjfO5KtGTd4UjX8h782SE82mZl6gekdZbGhB/ZJCstyuhndF6qH+bqS22quVa60 -duG+pwJDeQpGGx15PCsKBzBP/HShgIf+qWUDteFnmwe+9UYFJdFB/OxIRiguYWZv -xZVKL3V2orktiwYJoP0grTfyZcNP61lUiKIuZVpydNT/DsIzCZQEnh/BLGVXrD/2 -AN5d81PiVA0v1bIHXsAOmdUOO3JUR41SCPezoYPGzSATmkDOjrzDa96QD3EaPkyV -p1MhPHDmK6miCEiUGFlUDGWmpF11eZtJH0a8qy4Rn8hUMCNpzhIyqv+7mMSngH18 -GxrWc1AA6K0A4+PvDZtHTKWUGQOE4sQdh14boUe1z11Zo3s79qQhcJODZFTGygNN -w/E69o2aLu+gray3znK44S2dDVwuJbi4Xy+GPWCbRfcArg4KG5J6O0JyRS5tRdNz -+0n19pmh/1nOp0miBPzrLix+RsVkmjzgzXlwGtoU7ZaOuk69hoWh/LqxtICHadSP -p503j9AgEBIXCUF6C+FAviaItKvaLxk9DzNOO8Wf1HhVs9WfWLVk+rXNZIV1RmE0 -Nh2/2+hbTdDYpZxz1PVWGxPp5lCfPIH5a5qQ+3up3LxDhRCSPy39LDTis+rNUwmz -7EdCCZOlUiU9pK6p4W7nSP/umGA96/Ki1w7zPDBEQiMiwpqdO+X4bKuA8yXaJ/6Y -1H1pkLcxqQ3J5OdaROhMbFo1jr9Qagt/4jeLLDF91Uiy7EXvtv3FtXXSqTbxZdju -8drZOzUFktvyoo6hrK35yNPaQvtzBMUufCdC/ZXlq3i01nkyiesQw+FCKgzCcfRv -qqoo38Y2Ad4DtiPV2Mhg9CzW+9B+LyL2hQ2PvFc9b0ETkzY4XOQgzMcWBaSORLOQ -R6KAae9ygQ== +MIIJizA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIn0fSErzBMncCAggA +MBEGBSsOAwIHBAjURz9xO7NuugSCCUhHm1keaRDkjToYahCjveDzt0G2e8p/0mvw +SXO/F9Pb3qcAKNozzpVSHua/ViCrzWjs5fjwIY/vlxfPfI4JukcQG0vfR89ScXMu +j/xQCTAyOW3xO8hUIybNO3Xtvr9VEsXlp6waWWk9VFjDr8Cr+ZoKx/LiDKqEORV8 +e+eDo1wVOmww14kJxnCQ9pxBc7y4QKRx2tuJIQ8EPzyn5ZKAcvVLZzirnkAjyWJi +hb0V16tR+6CYM9E+akaTWsjUBQuxqA89JT1Yh0IaA2pPDt2OA+1DFa6/p9GfGnAx +DAyQBkyt/vjusykKibJzSOVybre1tpIDdjR7ld4w0v0BZRFvNDuHSL22pFfSdqGD +IPnwJ/QcyhG4S+CcvMls8qGpSGuel4lGH3PNWHg7eife2KKb9NRAXan/c6SJlhEr +kJF0vi+cWRaOPWWCEms6st+X2LeYwn8R3G4h9mWHryRAUe898LmPcGNg5e0j/xJk +UG+GtnZFfJHOEtDHMmBKIOWvEieEaJOakjkIVS4wWDddDBPbpkNmVF7Ea/Sz6azb +lRSuObR2YSevWwvfpE0c5J/4QAPxlhmx8uQY/p/+USBo+7GY9H3htsKrZDseqZe3 +dpi0jVGsaKjqZDFMg/GZmSk+wVnF2U2skKy/VM9hgIsNmw1GLqJ9uEbaFaWmxqiB +ylYPJKkKnyWBv5AW73AOZXElJZCXTsRaO1j8OMrxG82z5rXmNIJp/FxAO3qjg0Ev +o0Tz4nqVAm7lVpdrM9lwT7D0+zNKo8YCPZkBPo4PUWmkgVdKEsCKUUXT+jl5Y4PQ +fsXgyLw8lwzwaM2NuphHErJs0cbRH6Kd0cr2TNzMMDbX2lhN9G1FoMh2Uk7KcOXw +/oGoP2oAXd97UxUVTx6J8WGB8+dDKHZDf8jki9LLsNjVaF/iom62J6L/wcxc7GZY +QJLoQJVgTfA01o/FSxuTjuTORA88NrfZdNoA8zZhEHY7TvVDMIZrz4klVPt1BS+g +5IvwDriG/ePO46XtkA6ZGjKNRXVBubPuJMa73ARdcWPcUaOPaOvvR3EuTHl7oCyi +79XAscPuCR9RvBc/JKZF0IB/b0ut4STCmzU1KGAufCR9QasazIzaTN/+MjnNREZo +3DsOsXtBvSs2zOOPdj4AEW+8bRuikQ7UApaajLm2K8LmeySZoAkeSka++XrUbg1m +55yHWcREW0j/Z3YCDnNGHCHPYhiSXQpWW+eLlwQ79VHKSMvunwyu67j/eCadfQ6p +QbNaQG5N3Q3IFG26AaAGlyM+7AuDS958wIyyLl7n4a6Nf3wJILHleZ2MlkxyFv38 +wHJgXmfoVpwhjnJegvzNJpYTauZ6nhsdo8CmuC8t4CwNFYfDORQj34IzUNHhqaEt +PzAdKSD6+E2nSNA4ri9MJ7HfXJ0AqJKNPCAByBhcZYsiuAwMAQWdCxgQ0Vkov6qo +28ZOemMk87mNa1m85mtCwrR69uBdoy/CR87bbjOmt9l2QatqILZ5dAT7WnM5CRDy +9gt4Rzr46EDVdkZiMCM1KgbaMKqfFQeaIk9bXBwjs2YTbfzHps8tACAEHruaddbf +XwAIJBEWMPyCbOsstvOrEFGm5lkQUoKqi1rRPHm7wlhvx8Aj+Y2VEmUGXdeve7J7 +NzrFgvC0yOnYOtYIgTpXjMfM98ZG2kic7jqdES2BdclNfiinxJkh0ZgpFhfTMe34 +GV60u/HfMxfssayyrTTjWrQ8zOvN8zjNjJ/cTllHZDOV9NAdQrNGTTfUh8LuPq8w +AR6xjbIcy0GM5EEoMIFCjXfJLw8N2xzhxjQb34lbPmxyaJaBudfB4SIXTtZYHSKt +b+NJ8NMQgxWbmimijZmpaorS46K6eiBXubgNG9q/IE1OdDWoNM1Yt7XH4G4VKPXH +z+zdE86uWxY6vO+jloLC5PnfzgACHmsKpUvAFWOW45I5etpOZY3KAG/aRg94eW4+ +vOFp4Z0bF6IPQ9hmFR1AN6XsZ2rIAQCiDiTkMsWXy7NHqrg8QANzE0njGUd0w+k7 +KOaK2rXjGq8WADGumwwy0Y9IUDYLQKBDLOatOQM77tHBtJkc+wewNCH+SqPQAeUs +pbcYo6aAIaQVWd5a4AAt+rlZYNaAgLBzUqC5MiEI1SPUlyoypTpnsQUoWx2b4VTn +2H2zt2MZrh34K+Q7tKnJATDY+8azqiH+FAS8+O5SL0zWX5S0GO4CNVD1rf00f14y +HNKlItpshutoa/aG5bmkyUKOgcu5SmARcqbvU1+0B1LO4TM6g2JSeI1eiFl57pkA +RmqqC337UfW+huIsxiMHTVxV2WiFd7jxdy22kNJZwP1/HwWsHXYEwKh3UeNJIqZI +3kwyWyK4j1hp7XuvDald3qVnGoVwMwyOsBxpKlqNO/3RstZw3SaeCXh0qUGLxY72 +Fwb9zaGY+Luxx5OGhslcsa9Lc3oV0yCQGGbJIewwgvBduzK+xPlDqEWnaklpDiYN +u8Py3vAvOpOFURgupoP3NiRv4wcm8MK73a5X58EF5Dpo83oq3C3pELkh5EAGqNrP +rdDxzWHOIH45dB4s2g6/rDMJNKZ98CnkHIAKSWkXwfbNtI0dgPRflp6ZE5k8zNtP +uquYi91fQft1KQNkS2LqNrVixWOq7QJZRNKPB8VTiTl1sIhmn1kb6//lHvo69s0j +WZ+H3MjtVh9z2Q3aSuVQfQl4jL7gUKF8fwxicbDF1uf9rJiDtN7ThA4p/g7T0FEh +3TFCVS874wh7n+FL/JvuQ6Cko844NMAecPx9PMgFmG4VnrsFxgzDzZvXH9m9lmER +fFlzFIsTV3tMYT5YNe7Nc8j/VplG4HII75Ot4EDcEIdyN4GodbiwOhOUnPHE837P +yI49T8sQFDjp/UBPYYLgmREvBIxOxhB7GsPx07Wy7LpYxEmNSoeNCuP/36eTciCV +krz2zKazQzv2ysHe7VzwHkw1hZj9FmyRuMVTGkldnfrySNqDGoj38SKTdEZcte7w +R7bH9Nge/N4ZJ8oskfIxfQ0xHRKJAsBF5KPvRzAzDFYRN4jy7v83IiLoOMr5zbDs +/R/zm1XytGuzCl1tWA+YjmtpTwj30baltzMcJBiYKgoZ7A1YflOM6mgaVduc9KcV +/lU+th8QUgavU16sYUGj8ZJ/3OozJubMqyiVR8csQ4vnGe8YcC7e1CmLnSjKygA= -----END ENCRYPTED PRIVATE KEY----- From 7d108257a45d3e65bf62b2f9e1afe93403948dd5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 10:33:28 +0100 Subject: [PATCH 0195/1059] Add further tests for new RSA keys For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present. --- tests/suites/test_suite_pkparse.data | 84 ++++++++++++++++++---------- 1 file changed, 54 insertions(+), 30 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index c0c688b696..f293122637 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -158,123 +158,147 @@ Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_4096.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #29 (PKCS#8 encrypted SHA1-RC4-128) +Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.der":"PolarSSLTest":0 + +Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_2048.der":"PolarSSLTest":0 + +Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_4096.der":"PolarSSLTest":0 + +Parse RSA Key #32 (PKCS#8 encrypted SHA1-RC4-128) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0 -Parse RSA Key #29.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) +Parse RSA Key #32.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #29.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) +Parse RSA Key #32.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #30 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit) +Parse RSA Key #33 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_2048.key":"PolarSSLTest":0 -Parse RSA Key #30.1 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, wrong PW) +Parse RSA Key #33.1 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, wrong PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_2048.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #30.2 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, no PW) +Parse RSA Key #33.2 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, no PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_2048.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #31 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit) +Parse RSA Key #34 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.key":"PolarSSLTest":0 -Parse RSA Key #31.1 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, wrong PW) +Parse RSA Key #34.1 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, wrong PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #31.2 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, no PW) +Parse RSA Key #34.2 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, no PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #32 (PKCS#8 encrypted v2 PBDFK2 3DES) +Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.der":"PolarSSLTest":0 + +Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_2048.der":"PolarSSLTest":0 + +Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.der":"PolarSSLTest":0 + +Parse RSA Key #38 (PKCS#8 encrypted v2 PBDFK2 3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTest":0 -Parse RSA Key #32.1 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) +Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #32.2 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) +Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #33 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit) +Parse RSA Key #39 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.key":"PolarSSLTest":0 -Parse RSA Key #33.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, wrong PW) +Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #33.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, no PW) +Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #34 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit) +Parse RSA Key #40 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.key":"PolarSSLTest":0 -Parse RSA Key #34.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, wrong PW) +Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #34.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, no PW) +Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #35 (PKCS#8 encrypted v2 PBDFK2 3DES DER) +Parse RSA Key #41 (PKCS#8 encrypted v2 PBDFK2 3DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTest":0 -Parse RSA Key #35.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) +Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #35.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) +Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #36 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit) +Parse RSA Key #42 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.der":"PolarSSLTest":0 -Parse RSA Key #36.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, wrong PW) +Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #36.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, no PW) +Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #37 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit) +Parse RSA Key #43 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.der":"PolarSSLTest":0 -Parse RSA Key #37.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, wrong PW) +Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #37.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, no PW) +Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #38 (PKCS#8 encrypted v2 PBDFK2 DES) +Parse RSA Key #44 (PKCS#8 encrypted v2 PBDFK2 DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 -Parse RSA Key #39 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) +Parse RSA Key #45 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.key":"PolarSSLTest":0 -Parse RSA Key #40 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit) +Parse RSA Key #46 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"PolarSSLTest":0 From 55b1a0af0c999b3a357dcbef21aca51859124326 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 10:43:20 +0100 Subject: [PATCH 0196/1059] Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for PKCS8-v2-3DES encrypted RSA keys. --- tests/suites/test_suite_pkparse.data | 60 ++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index f293122637..838930a8e8 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -294,14 +294,74 @@ Parse RSA Key #44 (PKCS#8 encrypted v2 PBDFK2 DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 +Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBDFK2 DES, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBDFK2 DES, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + Parse RSA Key #45 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.key":"PolarSSLTest":0 +Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + Parse RSA Key #46 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"PolarSSLTest":0 +Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #47 (PKCS#8 encrypted v2 PBDFK2 DES DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"PolarSSLTest":0 + +Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #48 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.der":"PolarSSLTest":0 + +Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #49 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.der":"PolarSSLTest":0 + +Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0 From 7268ca95008bf1a881fee881223978449c828b6e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 5 Sep 2017 14:29:20 +0300 Subject: [PATCH 0197/1059] remove redundant include Remove redunadnat include for platform.h which was acciddently pushed, for debugging purposes --- library/ecdsa.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index d95dcae22f..8804ca62f7 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -37,7 +37,6 @@ #include "mbedtls/asn1write.h" #include -#include "mbedtls/platform.h" #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #include "mbedtls/hmac_drbg.h" #endif From 25d124dc740ed2f06882ec0801e52f9695a2b363 Mon Sep 17 00:00:00 2001 From: Gert van Dijk Date: Tue, 5 Sep 2017 14:25:52 +0200 Subject: [PATCH 0198/1059] Tests: depends-pkalgs.pl - disable less options Rather than disabling SSL & Key exchanges as a whole, only disable those options required by reverse dependencies. GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040 See also discussion in PR #1074. https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303 --- tests/scripts/depends-pkalgs.pl | 34 +++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 234c3e3f87..3ab1615237 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -32,22 +32,29 @@ use strict; my $config_h = 'include/mbedtls/config.h'; -# as many SSL options depend on specific algs -# and SSL is not in the test suites anyways, -# disable it to avoid dependcies issues -my $ssl_sed = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; -my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p'; -my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` ); - # Some algorithms can't be disabled on their own as others depend on them, so # we list those reverse-dependencies here to keep check_config.h happy. my %algs = ( - 'MBEDTLS_ECDSA_C' => [], - 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'], + 'MBEDTLS_ECDSA_C' => ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], + 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', + 'MBEDTLS_ECDH_C', + 'MBEDTLS_ECJPAKE_C', + 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], 'MBEDTLS_X509_RSASSA_PSS_SUPPORT' => [], 'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], - 'MBEDTLS_PKCS1_V15' => [], - 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], + 'MBEDTLS_PKCS1_V15' => ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'], + 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT', + 'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'], ); system( "cp $config_h $config_h.bak" ) and die; @@ -72,11 +79,6 @@ while( my ($alg, $extras) = each %algs ) { and abort "Failed to disable $opt\n"; } - for my $opt (@ssl) { - system( "scripts/config.pl unset $opt" ) - and abort "Failed to disable $opt\n"; - } - system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) and abort "Failed to build lib: $alg\n"; system( "cd tests && make" ) and abort "Failed to build tests: $alg\n"; From 31162e44239cb1f70b220a96163400e5775ec1d2 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 5 Sep 2017 15:34:35 +0300 Subject: [PATCH 0199/1059] Set PEM buffer to zero before freeing it Set PEM buffer to zero before freeing it, to avoid private keys being leaked to memory after releasing it. --- ChangeLog | 6 ++++++ library/pem.c | 1 + 2 files changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..9dcd1a0dab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Set PEM buffer to zero before freeing it, to avoid decoded private keys + being leaked to memory after release. + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/library/pem.c b/library/pem.c index 8dd86a4ac9..4c2337393c 100644 --- a/library/pem.c +++ b/library/pem.c @@ -387,6 +387,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free( mbedtls_pem_context *ctx ) { + memset( ctx->buf, 0, ctx->buflen ); mbedtls_free( ctx->buf ); mbedtls_free( ctx->info ); From 9d84b4c102e2b5f1a5b2ed8d86c70c5047c919b8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 5 Sep 2017 17:17:31 +0300 Subject: [PATCH 0200/1059] update after Andres comments Update after Andres coments: 1. zeroize the buffer in `mbedtls_pem_read_buffer()` before freeing it 2. use `mbedtls_zeroize()` instead of `memset()` --- library/pem.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/library/pem.c b/library/pem.c index 4c2337393c..f7051ecd27 100644 --- a/library/pem.c +++ b/library/pem.c @@ -331,7 +331,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) { + mbedtls_zeroize( buf, len ); mbedtls_free( buf ); + buf = NULL; return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); } @@ -341,7 +343,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) if( pwd == NULL ) { + mbedtls_zeroize( buf, len ); mbedtls_free( buf ); + buf = NULL; return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } @@ -369,7 +373,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { + mbedtls_zeroize( buf, len ); mbedtls_free( buf ); + buf = NULL; return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); } #else @@ -387,7 +393,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free( mbedtls_pem_context *ctx ) { - memset( ctx->buf, 0, ctx->buflen ); + if( ctx->buf ) + mbedtls_zeroize( ctx->buf, ctx->buflen ); mbedtls_free( ctx->buf ); mbedtls_free( ctx->info ); From 65112b15e6129cc24ac5861f6802b6e38a121468 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 6 Sep 2017 17:09:41 +0300 Subject: [PATCH 0201/1059] Adress Hannos's comments Remove zeroizing buffer, as it was done already in PR #369 Check that buffer is not null by `!= NULL` statement --- library/pem.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/library/pem.c b/library/pem.c index f7051ecd27..2f20b1e443 100644 --- a/library/pem.c +++ b/library/pem.c @@ -331,9 +331,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) { - mbedtls_zeroize( buf, len ); mbedtls_free( buf ); - buf = NULL; return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); } @@ -343,9 +341,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) if( pwd == NULL ) { - mbedtls_zeroize( buf, len ); mbedtls_free( buf ); - buf = NULL; return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } @@ -373,9 +369,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { - mbedtls_zeroize( buf, len ); mbedtls_free( buf ); - buf = NULL; return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); } #else @@ -393,7 +387,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free( mbedtls_pem_context *ctx ) { - if( ctx->buf ) + if( ctx->buf != NULL ) mbedtls_zeroize( ctx->buf, ctx->buflen ); mbedtls_free( ctx->buf ); mbedtls_free( ctx->info ); From bc18eb3b928e861d0b71f7792cafbf2ad4c38972 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 6 Sep 2017 17:49:10 +0300 Subject: [PATCH 0202/1059] Fix compilation error with Mingw32 Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use `_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by Thomas Glanzmann and Nick Wilson on issue #355 --- ChangeLog | 7 +++++++ library/debug.c | 2 +- library/platform.c | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..f8dcae521c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use `_TRUNCATE` + only if `__MINGW32__` not defined. Fix suggested by Thomas Glanzmann and + Nick Wilson on issue #355 + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/library/debug.c b/library/debug.c index f9229b3606..db3924ac54 100644 --- a/library/debug.c +++ b/library/debug.c @@ -91,7 +91,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, va_start( argp, format ); #if defined(_WIN32) -#if defined(_TRUNCATE) +#if defined(_TRUNCATE) && !defined(__MINGW32__) ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp ); #else ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp ); diff --git a/library/platform.c b/library/platform.c index af3b2f15ec..68506f544f 100644 --- a/library/platform.c +++ b/library/platform.c @@ -74,7 +74,7 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ) return( -1 ); va_start( argp, fmt ); -#if defined(_TRUNCATE) +#if defined(_TRUNCATE) && !defined(__MINGW32__) ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp ); #else ret = _vsnprintf( s, n, fmt, argp ); From 936f72c641c0953cc288d01de30a2dd811b5f8ac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 10:56:10 +0100 Subject: [PATCH 0203/1059] Disable MBEDTLS_RSA_FORCE_BLINDING by default This commit disables the new MBEDTLS_RSA_FORCE_BLINDING option by default to preserve backwards compatibility. Further, it deprecates disabling to prepare for a future release in which blinding will be unconditionally enforced. --- include/mbedtls/config.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d54f0c3824..741ce416ae 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -980,6 +980,11 @@ * Comment this macro to allow RSA private key operations * without blinding. * + * \deprecated Disabling this option is deprecated and only + * disabled by default for backwards compatibility. + * Future versions of Mbed TLS will remove this + * option and enforce blinding unconditionally. + * * \warning Disabling this can be a security risk! * Blinding RSA private key operations is a way * to prevent statistical timing attacks as in @@ -998,7 +1003,7 @@ * private key operations, see the documentation * of \c mbedtls_rsa_private. */ -#define MBEDTLS_RSA_FORCE_BLINDING +//#define MBEDTLS_RSA_FORCE_BLINDING /** * \def MBEDTLS_RSA_NO_CRT From 6ac972d815107812be6df8ab591e475208709720 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 10:57:48 +0100 Subject: [PATCH 0204/1059] Style correction in test_suite_pk.function --- tests/suites/test_suite_pk.function | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 33453ac6f8..a6372c52a7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -43,8 +43,9 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) { - return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode, olen, - input, output, output_max_len ) ); + return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, + rnd_std_rand, NULL, mode, olen, + input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, @@ -107,7 +108,8 @@ void mbedtls_pk_check_pair( char *pub_file, char *prv_file, int ret ) if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA ) { TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ), - mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 ); + mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, + mbedtls_rsa_key_len_func ) == 0 ); TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret ); } #endif From a988a2702ab402e119502f9759347b12d91c0ee4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 11:32:04 +0100 Subject: [PATCH 0205/1059] Emit deprecation warning if MBEDTLS_RSA_FORCE_BLINDING is not set --- library/rsa.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 680df0d8e5..88257aa578 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -66,6 +66,13 @@ #define mbedtls_free free #endif +#if !defined(MBEDTLS_RSA_FORCE_BLINDING) && \ + defined(MBEDTLS_DEPRECATED_WARNING) +#warning Not enforcing blinding checks for RSA private key operations\ + is deprecated. Please uncomment MBEDTLS_RSA_FORCE_BLINDING\ + in config.h to enforce blinding checks. +#endif + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; From 2aa80a706faeb97be578d5fbaf87f341ecd53bf1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 15:28:45 +0100 Subject: [PATCH 0206/1059] Remove unnecessary cast --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 6db9a5a9e0..3fd45cde09 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -949,7 +949,7 @@ static int pk_parse_key_pkcs8_encrypted_der( mbedtls_md_type_t md_alg; #endif - p = (unsigned char *) key; + p = key; end = p + keylen; if( pwdlen == 0 ) From b8d165714803a7aa9e5471e6cd68bc3c447d8039 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 15:29:01 +0100 Subject: [PATCH 0207/1059] Mention in-place decryption in pk_parse_key_pkcs8_encrypted_der Also fixes a typo. --- library/pkparse.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 3fd45cde09..e28ddbe0c2 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -968,6 +968,8 @@ static int pk_parse_key_pkcs8_encrypted_der( * EncryptedData ::= OCTET STRING * * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo + * + * To save space, the decryption happens in-place on the given key buffer. */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) @@ -986,7 +988,7 @@ static int pk_parse_key_pkcs8_encrypted_der( buf = p; /* - * Decrypt EncryptedData with appropriate PDE + * Decrypt EncryptedData with appropriate PBE */ #if defined(MBEDTLS_PKCS12_C) if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) From c8063c58f054c4c60bb9d6745e696c7f3a41ff83 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 15:30:12 +0100 Subject: [PATCH 0208/1059] Correct Makefile in tests/data_files The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the .PHONY section. --- tests/data_files/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index fa7e0b4e84..f14c5e7c69 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -22,7 +22,7 @@ OPENSSL ?= openssl default: all_final all_intermediate := # temporary files -all_final := # files used by tests +all_final := # files or targets used by tests @@ -270,7 +270,7 @@ all_final += keys_rsa_all all_final: $(all_final) all: $(all_intermediate) $(all_final) -.PHONY: default all_final all +.PHONY: default all_final all keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 keys_rsa_all keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 # These files should not be committed to the repository. list_intermediate: From 5a4f172522feb265dd0568d9d5d6a330db96daf0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 15:36:53 +0100 Subject: [PATCH 0209/1059] Add suffix for 1024-bit RSA key files Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original 1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename. --- tests/data_files/Makefile | 46 +++++++------- tests/data_files/keyfile | 15 ----- tests/data_files/keyfile.3des | 18 ------ tests/data_files/keyfile.aes128 | 18 ------ tests/data_files/keyfile.aes192 | 18 ------ tests/data_files/keyfile.aes256 | 18 ------ tests/data_files/keyfile.des | 18 ------ tests/data_files/keyfile_1024 | 15 +++++ tests/data_files/keyfile_1024.3des | 18 ++++++ tests/data_files/keyfile_1024.aes128 | 18 ++++++ tests/data_files/keyfile_1024.aes192 | 18 ++++++ tests/data_files/keyfile_1024.aes256 | 18 ++++++ tests/data_files/keyfile_1024.des | 18 ++++++ tests/data_files/pkcs8_pbe_sha1_2des.der | Bin 678 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_2des.key | 17 ----- tests/data_files/pkcs8_pbe_sha1_2des_1024.der | Bin 0 -> 678 bytes tests/data_files/pkcs8_pbe_sha1_2des_1024.key | 17 +++++ tests/data_files/pkcs8_pbe_sha1_3des.der | Bin 678 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_3des.key | 17 ----- tests/data_files/pkcs8_pbe_sha1_3des_1024.der | Bin 0 -> 678 bytes tests/data_files/pkcs8_pbe_sha1_3des_1024.key | 17 +++++ tests/data_files/pkcs8_pbe_sha1_rc4_128.der | Bin 675 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_rc4_128.key | 17 ----- .../pkcs8_pbe_sha1_rc4_128_1024.der | Bin 0 -> 673 bytes .../pkcs8_pbe_sha1_rc4_128_1024.key | 17 +++++ tests/data_files/pkcs8_pbes2_pbkdf2_3des.der | Bin 714 -> 0 bytes tests/data_files/pkcs8_pbes2_pbkdf2_3des.key | 17 ----- .../pkcs8_pbes2_pbkdf2_3des_1024.der | Bin 0 -> 714 bytes .../pkcs8_pbes2_pbkdf2_3des_1024.key | 17 +++++ tests/data_files/pkcs8_pbes2_pbkdf2_des.der | Bin 711 -> 0 bytes tests/data_files/pkcs8_pbes2_pbkdf2_des.key | 17 ----- .../pkcs8_pbes2_pbkdf2_des_1024.der | Bin 0 -> 711 bytes .../pkcs8_pbes2_pbkdf2_des_1024.key | 17 +++++ tests/suites/test_suite_pkparse.data | 58 +++++++++--------- 34 files changed, 242 insertions(+), 242 deletions(-) delete mode 100644 tests/data_files/keyfile delete mode 100644 tests/data_files/keyfile.3des delete mode 100644 tests/data_files/keyfile.aes128 delete mode 100644 tests/data_files/keyfile.aes192 delete mode 100644 tests/data_files/keyfile.aes256 delete mode 100644 tests/data_files/keyfile.des create mode 100644 tests/data_files/keyfile_1024 create mode 100644 tests/data_files/keyfile_1024.3des create mode 100644 tests/data_files/keyfile_1024.aes128 create mode 100644 tests/data_files/keyfile_1024.aes192 create mode 100644 tests/data_files/keyfile_1024.aes256 create mode 100644 tests/data_files/keyfile_1024.des delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_1024.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_1024.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f14c5e7c69..630173fe54 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -76,7 +76,7 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which ### all other encrypted RSA keys are derived. -keyfile: +keyfile_1024: $(OPENSSL) genrsa -out $@ 1024 keyfile_2048: $(OPENSSL) genrsa -out $@ 2048 @@ -88,17 +88,17 @@ keyfile_4096: ### ### 1024-bit -keyfile.des: keyfile +keyfile_1024.des: keyfile_1024 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keyfile.3des: keyfile +keyfile_1024.3des: keyfile_1024 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keyfile.aes128: keyfile +keyfile_1024.aes128: keyfile_1024 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keyfile.aes192: keyfile +keyfile_1024.aes192: keyfile_1024 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keyfile.aes256: keyfile +keyfile_1024.aes256: keyfile_1024 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keys_rsa_enc_basic_1024: keyfile.des keyfile.3des keyfile.aes128 keyfile.aes192 keyfile.aes256 +keys_rsa_enc_basic_1024: keyfile_1024.des keyfile_1024.3des keyfile_1024.aes128 keyfile_1024.aes192 keyfile_1024.aes256 # 2048-bit keyfile_2048.des: keyfile_2048 @@ -131,23 +131,23 @@ keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 ### ### 1024-bit -pkcs8_pbe_sha1_3des.der: keyfile +pkcs8_pbe_sha1_3des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -pkcs8_pbe_sha1_3des.key: keyfile +pkcs8_pbe_sha1_3des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des.key pkcs8_pbe_sha1_3des.der +keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des_1024.key pkcs8_pbe_sha1_3des_1024.der -pkcs8_pbe_sha1_2des.der: keyfile +pkcs8_pbe_sha1_2des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -pkcs8_pbe_sha1_2des.key: keyfile +pkcs8_pbe_sha1_2des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des.key pkcs8_pbe_sha1_2des.der +keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des_1024.key pkcs8_pbe_sha1_2des_1024.der -pkcs8_pbe_sha1_rc4_128.der: keyfile +pkcs8_pbe_sha1_rc4_128_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -pkcs8_pbe_sha1_rc4_128.key: keyfile +pkcs8_pbe_sha1_rc4_128_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128.key pkcs8_pbe_sha1_rc4_128.der +keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128_1024.key pkcs8_pbe_sha1_rc4_128_1024.der keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 @@ -198,17 +198,17 @@ keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v ### ### 1024-bit -pkcs8_pbes2_pbkdf2_3des.der: keyfile +pkcs8_pbes2_pbkdf2_3des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -pkcs8_pbes2_pbkdf2_3des.key: keyfile +pkcs8_pbes2_pbkdf2_3des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des.der pkcs8_pbes2_pbkdf2_3des.key +keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des_1024.der pkcs8_pbes2_pbkdf2_3des_1024.key -pkcs8_pbes2_pbkdf2_des.der: keyfile +pkcs8_pbes2_pbkdf2_des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -pkcs8_pbes2_pbkdf2_des.key: keyfile +pkcs8_pbes2_pbkdf2_des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des.der pkcs8_pbes2_pbkdf2_des.key +keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des_1024.der pkcs8_pbes2_pbkdf2_des_1024.key keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des @@ -247,7 +247,7 @@ keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v ### ### Generate basic unencrypted RSA keys -keys_rsa_unenc: keyfile keyfile_2048 keyfile_4096 +keys_rsa_unenc: keyfile_1024 keyfile_2048 keyfile_4096 ### Generate PKCS1-encoded encrypted RSA keys keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 diff --git a/tests/data_files/keyfile b/tests/data_files/keyfile deleted file mode 100644 index 771b10ad6c..0000000000 --- a/tests/data_files/keyfile +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXwIBAAKBgQDvJKjZuDqQ2agQjrRv+p5X62dazZ6YVmDiwExrOOaK5Aw/FZ3Z -Ap1TA757ztYlgZNH/lHg5JLM/dSdkG6Q1I6cTC6hW79LHORjUWjkIoCsw3lPd4Mc -brIBdp3x0PwqgLGnEa/dwFX6hjakG4aorygTzI0OwKkBgKwJOivjRqLqMwIDAQAB -AoGBALoGZmKWcNhkt9vJZosFBU+XCtsTwB74cn1w4QE3Tf8UzoH0Ksm4wvDkpLRi -fSrH1O3X45FxvNBBU7cNtzRqZFOn7VMsZZGqBPQW0StBjsJH5dOIRGkAWXxOFZM+ -2nrQi9TANPA9bkYSziV3GFQJdGyDqa7OO5FEXY3g6ixCrNwBAkEA94vFPuqEWKyy -rW/jDqBF/1wTORJnsUjh7uhMjjMkeURVCZUifkvQdaX3t7s3LC/yxL/nx7fCEnLb -JzT0i1U/swJBAPdPbQGw2g0oafAX7T0frJKe+cSOjEMc2id3c6AeHvDgfSL90zWD -aGMZQkmnRbbo/oBtv/2HvKYhJT5pN726a4ECQQCmQsES9c44BJ3pcRmObEU3Mq9S -iLMOVoYwwOMSKvVXYXa//eNx8hervPH4/AwdaILkdIQHFruJSo048w9AOdyTAkEA -mVBPz2CHjOik5AaxN9dO8IZFaKjGI0TbqOPQdk6197XzXaHlMaOJLwYVpftgqIfA -XnWrM8zWElcx84Le32uWAQJBAN0X2SkMv/MWch+AA2EsY0ALljCmMCTNp6LaZr5h -kudMwxesdaCurkUPFIBm9PCsaXHTWWFD8pCCWUz0FPpg488= ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.3des b/tests/data_files/keyfile.3des deleted file mode 100644 index b2a99e28a3..0000000000 --- a/tests/data_files/keyfile.3des +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,AB136F328DDD2C0F - -3GKW34v4i1BywDddKPMXBIfeM85tay5D8+LrADXsquyBUVqioeqG/Ygz4ZYkNZ9K -5aJUwCa0TOdn0eJkOLzZOUL87hECX15vrPGfUNeVBsh9ReFhCwqCpCc8dWLlnlBb -WyFd5HTqikL5D2/e/MYgyMhOaBkl4ESTEZ1o3G2h1bF24MDbTEVjwK0oZCyoMbKe -GeC/GN/D2lizQ3Yh/hYb0N+d1f0BUtZsUZsx8ml7JCm2zdJnMPviQaboeb++zbfO -nI70ZJ0yuiUcYd0u6uFAWMX+Gnf7tZlk6k/gS3Jjyuf9YyWq2YnFfxZiA3FsglqB -qygFM4IOGe6PF/pGuJe1daF6/AAR5Dn6S0T0sscgK+5GhOUwF2PhsDcbeVT66HSI -BGbuEg79ujmgursuPGUAxsvi6r3yC1D1z+OL1+xlh0sWmFNjmfop0MSkM2fRvNRt -89yVwDHKCxM/cz8dztQFuInszGOhDyJ2HATpmdEiT1h6Q8azP7NjnUCXV0OA3+Uv -idxumV9JpG7JtAqiXcptgHkADYMgxqYoww7mwoo+2lyjbASn79BYZmI+3tB9BuVk -+oczQchP3OouMBI7Y96s1xlsKlDSXZfRCUuGBx4aXinu6OUf72+t7ipM+1x2ynxn -2JYg15XoRV+kEpHvnLR9/cDTuhdlg2rzo5zWRDqabxDm77ALd5SXp6tEkSlIm10r -VsahTDGDVkbaqN5VUzLd30YNVa/G+s1HSuSGPNyIlSaG8+ckf8gyfdhDR8QpCWvM -1682JZ+jwoHWDWXIF0XBV9BMO014qR7VA9iPIzEF/K7dfKiTzxyyZA== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes128 b/tests/data_files/keyfile.aes128 deleted file mode 100644 index 9f516e998c..0000000000 --- a/tests/data_files/keyfile.aes128 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,F7A9614C20516E29ADB2DC9D079E3018 - -j5v8fB9pDuTc8t0D2iQpndreTtTNCS28H8NK6Pc3ad4I5ERNT8V93QTq5NGf7lHJ -PCjcO8GMPzKodDb70GEB81ObBcHygZutW3Byn9ENZoIQUXxaW3JVI7d8Yg07c5Aa -cKmrhUk8ncv2utbitfzEzTQsargP8Nbm4I8iroFGoOY5GKTBdMaImcmqyL8c64Cf -vU4boaK1+OWBjE6R2POFpZVQCeNZpcsWTO6vEX0Z2+PCnlctgmnO2DAUxSeRr8Ie -J2TDFi1+8z8aY6SNFcsymn37SeNXfi2u97VEE8oWG3snG07iOxCCjQB+dZ8t7f0D -qHcybxcuTffIeq4tPygwX4UgebqoVn/DIq4m2GV72CcNdgFE0mtsPlXXEMUFgIqy -glrxVkMpJbpKFP1gsbWx+ID3gchowkYSxnpJFDk7fPR4H/vGFGIBOk+6ATwUSuy6 -eRqMRQExweGx5lWZbGtt8fbwoEEDhnlxyy0iDgAhiORi4tZmramx/M9N6SLMb9sB -WmdzF3ln6VNw+mrjnpImJJZjQE7Nd+cdgkCzdFoTn7B+paOsrGeJx5RvfOdsL4Yl -Ls9DWvDfOydk/zxr4Sm9xPYX6oqZnhUFrJqvT8ION3IZNpE88YZw/1UFCH88p4/0 -dwNsE5LDkXkBase+bek3bEN0mH0oTIY4PxMiil3tpofUZYE4T/pugMLLWgSEdhkT -2V16w940MdQI8qrGaEzW09b73kqSLBGZOb5CEthftlCts1vAI9KA4CJ2cqcH7x2n -9aYJi9aCNty2PLeuf+MIsksiAQNoj3vhoXVJiBWQSCcAv6TS5b1FjbEWqxHbz6+w ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes192 b/tests/data_files/keyfile.aes192 deleted file mode 100644 index 265570b371..0000000000 --- a/tests/data_files/keyfile.aes192 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,9831127EF949CE8891358563737C8475 - -A3uLv2ThHEmFGS7TOmSGiLonOVoA+XNEBTlWBQP+I5OnqwrHsMkTkapzbXRD7eSE -QYB86HPYN+WbJO4TWVnOoDcZtlcUCTfFtjvLst8QkhPbmx/xfmwErvlED2o14fej -BawhMCLeczK14m/Nbe46tTGTqasyjTl7eFvyQ4TokadkyFK3kDX2DvtrU5pHIRbm -flmJAjMC0kfioXzx7TrmrOOvY8pu8qCTkuiO6EeB6HMboy/W3amnsP9KmmBv1NHL -velzzuA37tICJdq+alspf6porlN19qH2DQL5h1lArP0qO5JNMcHQGp2r4b9KRGdo -3wMMbmKztoEUrvAfZcuJQgQ80aYWxpsYb91WT0hqRoX9q6HmyuELq+/dnfpwKZmo -YlZ3aKeUvGFOxdahvNr7ywJ+lMesCxiW0E44t+prM4pJvrQ56JbmXG21q8BDLOBr -nOt22DAOLXTOctBgVSDDPKuo1X+cp5F9epH7PPbE0u0XFXA+8VgeDUGXolXtwfGf -UjtvfPQdrbM8CduT/7TT1umamqYkmI1FkCQ/HMb3LeLXoZBqEBkj8EuVOZPLOIeW -/rVOk9TKxOSdF+bQ5aF6VXbJ+KcrbofCA6PgJMlsIkz3WMwQ9JHgTlyYC+7m+FfA -pXg4/GB6G9Nl/WDJD/xVapOQ3B8a6N0KYHW/yBbEA9jjlUTMBmFM4+ZZagITJnNP -6/yHsF1ut2E5Gv76/35zs+Gcgs+vk4rNRVTX54lPSFwHi99450R7Oj6hi4398lq7 -dKRDezJJt/ROSlzCjVzU53aBnR1rIELa1L9F+M15nhqSb/ynUzB8c9k7UGRUBDp0 ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes256 b/tests/data_files/keyfile.aes256 deleted file mode 100644 index 6ec7f94bb5..0000000000 --- a/tests/data_files/keyfile.aes256 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,858F24A86BA1DC0D1FB4EAFCD5DD9609 - -7kccrTo2XAy79ZZsAhvkOfav9jShAUXiw4BpsII7s+wqvfsLPzJHfAJcKZSO4Rp6 -Wja5xdqAPhGO/kAMkfggB2g0mXnvDxc65Zz/NOcSNQhoJ65uGMmrzdMM1zY1NR7d -bufwqH3jDM669W/LhbKJ5csJIekKwmMjqBX36K+qCrTI6oooZ8ko0BuyW16vVxfK -pxG//gyfMgoiEvyW5k3Z+pgC4zeG579bi7ki8O2U4dtNJQ7i+6boWEfUmtNoRZij -6GFdqoW+vfXRHMcr0uHDoCzTp3MCuon/lI7uzeb3rH/tgMp52JomyLFJ+wG2ichA -ERGFNPzjX9UNEUP/R3Mn40cG3L0f9n5XJmp8N3xp07BWuOcUQMTkZrI4R8s6ZQaj -p6GFIOJ3XKrJg1uw+onV5mwwmaGJ7EVMPsaCsQ+weYyefYyymSqA/lHVg1pMFoWN -k1sSfmioROdyu/s/Ezw/yfwv0+2zNkpg5b4H6r4/gdm6LWIxF1wnMixENkhzPfLz -kwhS/53mVrReLgObYx/+w3VPC7PHGNG1TMVmTY5+5o7Dd979v/nWSUCeG4jttuit -6KjB77SQcBWvF7vVBZUmcS0Z0mkJ+F8OR4VSlALfUmKxfD35Q0oChZlyyDxt3xDk -sbJSlaiYOJyt+gBmIAzywug+1+nBcfD2CVw6Jh0Kp+6m4Ut+p8/8GBjWXn0w4nNF -+rH1Y19HVdWrPMdOrUhVpYdiyebVIRW9w5ml+USAOeFfIfZMha3wtGWVXEmH7NOp -wZGlTdZXZ5j7VXIBYtGDfTkuITtZFCFXIS4sdYaXNUw0golWc/BAVsOkz2cVEI+W ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.des b/tests/data_files/keyfile.des deleted file mode 100644 index ecd5f0b561..0000000000 --- a/tests/data_files/keyfile.des +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,A32BD7692C82A0E9 - -sOwd5YFqP90s5t2qqblAwEbDQNmC0HWsNgbV2Fd1gunftZarO/L32SIYEkdEUNk9 -uJuyoImiyiJN769s1pXUIW8QyPzl2Pk+lykB1XvaVvOzcEhqRAKeXmPBvAT5GXJf -kqARjcqVnZZv7pc6pWwQkrGigXFDx3Wy3U02rrBFWiZTqgraiA0EOMZ/CU9bDZBm -nx2inK2rw8G57JxEzn9uDyxVNJdf1xL0Ge1vNOJcnQWu0cNnIgMZCYPx6L7MubcL -BN6wnJkZgHCHfM2tfJTXVaRGGy/0VSICwgUm7UyU6MNa9KeuLDuiD8Cy9t68he+e -9XVfoz41D81+2Q6YKOsc+xws4WXnvMsXLzDr1lCxK0B6VP/G30Mav+DZ9HQQOE4a -CcPCM9ep2Fx77ihkXhbuurbUsqZq0b2httFJUJ7KXzwHKi8fzN86VlEnx/yMtVKD -Y7zEMo+HsOQGHSN35kJvZyrrve3kW8IZVJhr2si52KLKCwUdObHNsMbKbRsiHGy7 -ukwEnObbrgAzI1rme0Xkkz5ayRZT/fH5BVIYEBvlRGBPE2mreoMU0BP0cUXjZPio -KcYla15Ay2pa3RoaoVSicuxe4TmW9rY2oqMEkGqLwuGmWl6H/qnpakR5MX/edpky -qIo51fHolYpPqGlo0Q+3uomI/l+rILu+nl++9v63uENeP8YYPFfYFOww75i4Zi4T -P5ABY/dWZkEPU5Yah3pcOznbDZzkDhorWZtXTMNvolb88D3zUY6W0TDfA91w3tze -jz977r1ERLuXD7cHjtNK/6QsdnZGZx5pAIx7mIGBJN+5v/HV5tS8YA== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024 b/tests/data_files/keyfile_1024 new file mode 100644 index 0000000000..ebbd61c5f1 --- /dev/null +++ b/tests/data_files/keyfile_1024 @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCsDcv6br0DRSxBvOuNhnubmZI8bsiNbtXBAajfiJYZpbsuaQuU +aiDBNT2RrEu4j6WPhwEOuu67N7KVkqPILEC2nzRSklzy1SqVq1x7TUNsZkM23Qh2 +XI0DsfWKAOnz50lVfVFVaLeO2Nx/NJ9r9rGYmAaQjDrqW0YiWgIsmIoiwQIDAQAB +AoGBAJU/epwJB6kYjiWQTfz8lakKdJI7v3kAlifQ2r7daudgnpjJwqPB1BwFpR0C +isTUxtdUUxSGD6UT0bRx+eUgjhjwPl1YqtgqNteZqFg5KADDagZEvbelGsoVF2JR +RtglJqBxm2dnXNP4tEYi0h1pdaXM/V8rrj0EXQZxd0oxiAvJAkEA3I+62w5/ihGr +A5M4RkzQ3cOU9oFshUsPpQxQFoyuOut0ha6AhXaLyvuDE7FWgU0zL3IIPEbxsVq9 +D9P7wVLlpwJBAMey0v+5XiIUKYZvxvXsMmFDooS6zdjeJpfxBOuXy/kfafV7+Xee +zhdTQE8vO7pGhqpWf1HGYQiMCOugQVqyEVcCQFuOmo12fkENRoVMZq7gElAMcVjG +rwrB9vOXoeNKcMTqmssnfhho9mzDbU0Ob49rQZUva/XBqXDq7tKUN8yvob8CQQCg +pAJFweiuQ0fQJDSJeTJhuZWPbfHO5Y1oJnLNzbNAOHv1BIB+MFoau1Z9HELQqpED +j0cmEg3WYUd/u8821Q1LAkB5YQyPIPcQTZCok6WhC9xD9NXsDo4Ah6YpOhtD9fcQ +82ZcIaYkZbikTfzyZA4gsHhnVaUHx+DJkPicUSVZ+mKY +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.3des b/tests/data_files/keyfile_1024.3des new file mode 100644 index 0000000000..41448c17bb --- /dev/null +++ b/tests/data_files/keyfile_1024.3des @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,FC303F7A77742B90 + +uTNEmtVgwQVIKnwtTcIal/TOZpwo9bbdVdG8PYGJavk4lfcvBbNyBs/2fRKi4RU3 +lbraw0jiF1XAfT1KDW+XDRJyNXEDQCk1cckvNtLsiytby/znqFg8G7u0phZ7JtOu +gsPUa49Bscu5whTtePfNAguA4LGA0Njmd3regcc54ygC6x4qBLkHtlTqAHQPoRgd +V4baIIY7u7PnE+BG7KObAQRUNhCOkEJ452/3nvnT2LTm0umaNuxcXA6HHSiIVPKr +/cFqpL70XRGS93xBXOBW8+SO9ekr7q11Zq7RA7y7Md0WuzBcA5hBALMPYizsErZn +mhwrJRphxLCFIx8ruSnV2kASgB/RqTJcQq0TfvTrxOaAxFcpvRcRjzUwYoU4fSbq +uJYjrNnfzgOFry/oMt1c9HaA5QDD7S5cCfwZt9w177FwKT7HAiYoPGM6SrS+MFjX +Tf44G7wvhJJ3Afce8ID8x1r7RreENTp4tU6fw3GqFYXAQmk3+PN0GfizRxSWcCrC +2rqeGi/bwuRu+QPEOO2M4oKUxxVZDCbPKjGN5P6AljeF+eTL1YAIOMb2sHTWT+Pj +WOAFxT/if0Ue2mIUIVbPUmymLwNBP3ztU/iF/YqKmZHeoeBt7Em34M6RlY93GEU0 +W5YwEmuGbJ761mORvcjskdXH/RLQ3Zlx6oOjXDy3ZxpzVI/zXk9K0xYO+ise6auA +kMOERq6qXuOgdxa93cWeeJ0dgV5TiWNAQ6krAGV5fGZGt4HOeJUks9VAMpjWzcKw +ONpWMc8mJCMJaklZ7mwZ29ZOTsCY9IeSwoZWS/ybStD6f2Hr2cEHqg== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes128 b/tests/data_files/keyfile_1024.aes128 new file mode 100644 index 0000000000..8df642da2d --- /dev/null +++ b/tests/data_files/keyfile_1024.aes128 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,14AAB792276B5CBD7BBAE51C3E070E54 + +FsqYOUb6GINEBjW391wJkgXp/Kn1Rcl57h87u0ImHvnlHwlV2DlbQLGsdxtPne5L +0sNyVBeQ4o2zkcobcMkmsrscmVxyztgD0cvlwG8kDgTwH4059/oC67vfXBHmnSTB +RBuXNcneDZTQksN45TQ+B8TDfbGY7l7wsob27K3g5MW95HaLOKBkG25HgWiREe2c +lHEDymCK6+VDnaUy9YgVsjIOpm+FuS1LkHRXC8vuxf9tlzd1/7MAIquuTbaMsIUF +reD3mWIEiiN9N+y2cwTwGjxoP1ZS7X1knFIlPX+JjG2NLWQclflMCLbiNu+NaRqV +rIUAXjag/GY96xNjyKDxfEJ+RqF7e6oUFU61fUXwmO0k+/Pir/I/M++9WwMOmFpc +UIJpQitaEYGAarz1FoZ5JJDFl2AeYxI8vywwc16efcJYHk8yg11KEfGv7Hje33br +q3+zreLqqKs+ovkENWKgfLjBpLA82pghyunXH0wVGbrNYCzHVBtTZYcJveBTGq1P +4SGkjBGtoSb2ShMM4zxoMFKtk76IzUnlrBpG2n+WxdUNPZDcQrew11TX+R7uk50C +Bk3jXWMKdf3rDYfgka1O8a6OPlImwwAF/NBx9snMKfu3qiUt7IawY3rzdmcBh95X +P2e2IJR9jMrS/kTPc/gZo8hbCSnViBx7csnR9giq5x6kUVM8A1eIOANK2b7VbJxw +PenaoqluxBiy2CnTraxj1AqGWA5qzlzjGYnUS7HUjfLnt/YurpvkQhySSpvUJ6VR +IZWwTftE/XHfsepqfMnyAdkmd4DoUTTlQyUQ0nP07crDLMbiaoee9hLFNcWdwua/ +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes192 b/tests/data_files/keyfile_1024.aes192 new file mode 100644 index 0000000000..45b67d44d7 --- /dev/null +++ b/tests/data_files/keyfile_1024.aes192 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,B2012D182BC0571FC85B23C073DEC75F + +vnSFZy59JLA8GLUUpBvDRFm6XmbgcKbQJ3bFM6yA4DJrJn5JjfHcsTjRcWUkcOGm +OkSXXGmBJk5k20KI38ZXQX6+j/W8nnfFnu0eMCgo/+CtrKdeIzvBzcdmukEHZp9x +K4L5as8xsL0xf1vPXCyY4AyNyJOvsTkFi4P6ih44z7neGQM8sMhCz5BVSK0bzWZg +/vnvEit39faqL6t28B+OZPil1GCRHbi0PX6ns85xpQw1QNeEwlZ9XmltP1KHWeJ7 +jWPK2Dced/ZihN1AW2OPIHZ8xddP+yJJPdI4HKU2VXIcEDFZxLkSOWfdbb0W4jqp +z2iKJ/tJzQ4X4F3Z4zcx3pXWye0HFNMu7b8r6sR9iQj+voYEnOtJEloI2Cm0sRRw +r5ZVLt4iyQm5xTCSU2GMD/yNImiB1Dwv/+1k45xHcUMgTYiTwgTuFQIwilwl5QUY +R161tjGjmUQXYzC9fn9Zr2vfJRkLlh+ygW7ennycgfHzkva5slaOCSAstEC0aj2j +l26VFvzXu9qLoI3bQzfkRi0VU+0qLtI9cVMobwbEwvERwgjb6doyCeIB7R29P9j5 +MmkHYBF6qaXU/ICOnesd/XtBlb2aNNsYZJLOmwSCVZgT+JYUM35lHulhQWy0V6DB +4qFkQs5fRH+apIjAsb7Fk8/yjrjwKQNJmkUu+Um//5hiPcRYxyp046BokNTZFda1 +v8jKkKX2eAhji3x8PS+z1XYpfUJ3uAysSoTPe1YiwbXizZFWhh/Pan1rIOHwdKmy +da3957PnwjmANKUT0EveEe9ASrGgdN5rUpeeXGENbtmS3iX3g3MMepF6Kyb/k2dI +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes256 b/tests/data_files/keyfile_1024.aes256 new file mode 100644 index 0000000000..2daaa96b55 --- /dev/null +++ b/tests/data_files/keyfile_1024.aes256 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,490781FEB3C4375838778AD3D95EDF2A + +ECaTWvExEGV7cT05z1iGIre2LLgVaP8mqfxKQdaNnrAYaZDV9hrVVIvSICl3IMMb +9PVbCrWK5cgMDSqFtPS7y/ZpYN31alFVT/hgX+Gk7pEJp16qZv/arsiXFdGxaWmp +4br+oNiq5QbzDPwoBNKiWUGUk23K/TyxAg3aspDaz8e6EGE/zmhW2qKIXG2t2oxi +Gowb74mXFzZ1jYUfMpQw32nIybG5+lIwpSTY3DWjl1AKhlSvXgnTTNmS3XZwJmKw +FSXXlDZs9OM7n3GiLoA3rmeaqGRblArklykmh9K3uXRXFjGGWOduxybSFndIdYwM +HdV+Syb3eJ9wF15nk53DeDFfU8gaZ2GNUjt4B3nCOBT+iFhEFKguvo9bQ52EUU/p +mzZw/X3b8ui2YL131CI6BWdPZ2MoV2v5i9ZdCj+q9s+3BIGU1EgnU+o38LqYyekF +wdyc+PHMhq4FqzyJYPju4JQ711B4eKKXIVjHx71v2zt1ccB5a2yK6LLv87cZ8d1a +0ubOv84aUGPkA1mBvZHogsxejthraHFL77Fk8JgGfdTwOELpvK1JCOZbm8H19yBO +dxYNQnj64eWm2fgKrcHvIr8wR44RgB0cwucVjQ8LTgcrCDt7NGG6Z/3Vxeu6oVDa +ZDzbI+MvzIJwxNqQyjlYMoK7jJn+FJ+eihv0h5keoY7qKCFwzrE6eQFSZPBM8/KE +B90kVdpooUVkEqvcBSOADVrC696YB2F6pNuEUULiefJpcFsX5a2eGHw8Z1sPc7Pv +9YTRvvu646gX0JCZRMStSIMOtu8qveH0HtyFD9RTpV3DGpzAZmli1uOVW02bfp5y +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.des b/tests/data_files/keyfile_1024.des new file mode 100644 index 0000000000..368fc323a6 --- /dev/null +++ b/tests/data_files/keyfile_1024.des @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,4DE281E021845C67 + +U+/JQ6yKL9vbyfrxM+v06U4aC+2E1QM4zHLtjMxz2wGqlm20H7mYDRaMOzW/RcTm +56Pcj7vplKwPdbgDohRVzvXa7vzV2Cr0/Y8aCdLEyRYJrtHJBk3+gjBD4uoDXhhD +Ht7IA9WfiddMbD6ZKaQgBAJTh+JG6XqE1mmGsCsUB3JarLY333u6M8VDhhvYFNx5 +Gw/c2hPixExnOmrGy5rXnIY3kzTB5xWYVPVrWy5+oIsSVtk6+5NiUOV273aY/t4t +EcsbbHwFKWchg7loEDoFhQzinhjMupTjLhjAP6nb6m1tGqoPDux5oiRBgdmeUTx5 ++8rgjPiaPezrALaG5MLnvR3w4rKCP/2sYzvc8bPvx+kC8T30Cf78J3kCUl6Mbgto +bBiGB3OrXkIebonWSZK3M/MQ07Gi0KYC61ZR0LLesXNpoK4oODFIvEZhXBKYIr6a +3fhOOjNPYD5hY49iw7OFR9kZ2dR0JSQ7YUVMvnS0cm1/rxPEFxZtqgwQVlhK3dHS +m4PvGD5JJJ7051/+H1ri/g0/Y9WE/KQMV9i270TLD891ND3mpJEErA1xeulzBbxo +/1NJaVA8dgrgHiCdEYjzJQLiFif8MU+kE9ZPa7jUON0jQz4aAs7cTA3o5SV26D2R +fyySVFCAk4dZmb5yGNhstN8dRP/DGs5t1Gwrlfd6jT6+hqxNEEmBH02L+jncfLL3 +xk74SVqKMFUE56hQhTeiyC3E1l03LrdNFmPwkD5/evMRK8K39esFxRnT5iOmt6AQ +AiG0zvb7lvkbk8hUnZA8gdTRqUxsSwMjOsF0MzZodaE31bu+DxHn3g== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.der b/tests/data_files/pkcs8_pbe_sha1_2des.der deleted file mode 100644 index 0fc0d2b90481b5c0e62ea75ef8ebc8c184d22094..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2zQaM(xgl$qXGg500e>pfMt9ju7L}T zmtneRcm;EU!J9NXPvMcIQ{<}blnRJ3sG5O?Yj7%Y`z6a5Uo)-FDsNFul8H0sG2wf( z)7)`b_LE?zf$pbdbs;a*2G-$B*H3>8h!LQeA`@7m>`Zhpdh5OZNIG|-*A`qkiSdp7 zDKt0cFbB|L4w-{d?mC@H*B=py?buqmc_u%074g& zavsY`#N1e{ES)s(AOiNENlY`2rl*oxCi6I~i8ygmc9n2+o;3Wh8vb)cCajBP>pMjd zV!>`R7Eeeo$t?X8KJf8Flk32^)ot%h_opLhcRZcV%4f>eNwo^dLldl|+9)Q5Jo)8R zT2Vn58w(E}&~FKA8ECTDNsGr1_9ds1lYzAF#QRX}tWSuj$9^Gs@Vb!NAuRb0d1$!a z$XaI(<44JTA;dT_0O-!fMNO94qMW$xJpzhG6ev@BdX#)(bcLApXH%JTw%1@HbD+or zkk?iXL%ZG)XNfjjEp@ojtRmKEh|y^1umk#{&UyKyP_`;0^7l->y<#BM)SkLUwu90G ztJ8J#f-!*9ZIy4^#I_+D1blg7E8@r~_7YgoK{nnVN?rOQ555#bVS9Aq%l+K1Xa_R~ z49q_zx2=yAT&Hq--iK*am8oi~Ra#+#u!j8|(gbjIBL9SR?UP6CEXRRtguaDV3^fo^ M97$(nDZz9e{}~oYE&u=k diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.key b/tests/data_files/pkcs8_pbe_sha1_2des.key deleted file mode 100644 index e0489332fc..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_2des.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICojAcBgoqhkiG9w0BDAEEMA4ECDJys7xIpJvWAgIIAASCAoBGe62XG03s7twB -Y3Snr5eshEg5kWSshUlP0VRX8Aer46fHK8cZwWJeADjOHREFzN5zLoQGdQWWAyAU -wuc1v8HNq7kv9/oAsq1dDCcZ0mCVNI4q1udtgItK42YD0SgxVcnGXdgldIcAgonG -BRkimrdKnQjvIfYvI7Jx5E8s+5zo2UbjhXfsnzB1AFL4D4aCVotOz1GBhqFeP09W -O5LCjUfQ4Tt/fk5oc34GZqUcguFnul2Ho1XzbY2DY+i24VG27sUf9A6OkLle5iIJ -zfZfqonJxunLSukJSryw7+b+LXCKYnNVgCAkkLjKrLsQ0xQy2tyndpLGZ4n2q28D -p6vXaVi2VJ5FusjzLDC5IIvWVB3f000E8YJDFf94OAKD0+zxhI1D/aU/K8lKbVjO -yboZrc7KYBav0Qq4ROJOkbv6qJLIdvfMns1Mn0F214fp9DqylSLMgNcR173gYVuT -bcd5Oi474xHHMX6zg8v33s3DEsQRzO6l8WwUKJswCdYMlOZBWHQ4TxRrHn5LglE6 -3xsdMf01FlKTPjGaoO3DZ6JivHnzqUuOLfHU4ioWC9cxCOySBh8cCk0tEPzgkzjs -siwLcpb721jmGSEjD5A75sCN4yruplNLgNUkkrY9PjjJO7MyqENpGk1qbNUSEkZ6 -jUQdxeaS0CPCDMtCQ/mYZAZ1obkpMQy4BSiJlWdf8wqiVo9LGjU1E81wPYpjkJgK -5i60QFSYJKMf/JzMDnz2IoyeUzre9vpRhah314PsnoEjPKUvpze6i9AoZjya0ONp -QOAIH5Dyz+NAq06L/hBwN4SDH1d1Ik5PkTc8mMRb83rCzFPFBaYTMSaTFoxMsuXS -SYtieZvn ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_1024.der b/tests/data_files/pkcs8_pbe_sha1_2des_1024.der new file mode 100644 index 0000000000000000000000000000000000000000..d0156e991fa695236fb155b39567ba961b883ded GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2qHP*GJ5k()B*ws00e>pfOMx}A=XGM z?X^&}Gs9GHBfhQrQPnTXSX&*&lf!oXgOxXh$gi(cY zN++mU>OHpAU7UFrTPn;Wep@S&?UFfkr4nX~mv#tiA)H|^N zS92fsQdA+=T+VSwPONavPdqJaTrHo7YYq2>JaE>Nbkm@9hT~aSg2gCUXm8D@srNYx zB!9yAWA4STK{;uYW;sJt*_3mYR+Tq1bKWu{lkW~&p3fcqy%{G|Mx*YS9CX4t!Zyl-X1L)bM&~N(_JR)f z%~1du2;h>6!{Cd|bCDa;xbU9kzsS9s{)c0@+iDWI6+01EcOtWeEUDIXaOlE(Vr(=% zHwUgn+mYcWA${5M*v#m7_(8pHmQ<#bhrCrE2}o7>xm*WV)ylXaJve2)f=aN~q}AZ- MHlmZFXyd~eQlLdh?EnA( literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_1024.key b/tests/data_files/pkcs8_pbe_sha1_2des_1024.key new file mode 100644 index 0000000000..e9cc9233e3 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_2des_1024.key @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEEMA4ECE/PEGdD1W7AAgIIAASCAoBApn+7s1iR59tk +qRMzsN2aGKS1IoYtJzUWEFhwAeMUzEPFhXkdCvd470VrkQsCXc2Q+7zqBT3uxb5s +oU75OJKamxiruNd8e52sQ2nNOF7gl/g821zy1b7vVhu/++pxgcrcjOIeL8OFf/xA +MSGvA0UfguIMYuy3fbKJTSltpyNR+mIH6PeVj+k8f5VFNKg5hsFcetTYURduybfi +DoqRTIcPKQVnP0gknw+Vacu1OgcKtQUa0823++OvAqF3J18Shu2dDob46mvXSJzL +n1ArkY+E7RV6hDCZ4vRYQU0sogDb8vwOvOPQBJ20f0EE0mY0Q+MCW5I/yiDR8KQf +Z4WG+cpmIpsbRnCwA07kAkO+QiibRYKK4fBIor/D8Y2Gi+xBXENHYIUimaH7O/kf +V1FotY0SvgD929T30gbk2Y3H2PWH1f7ckWzfUllQ8nlj0Ap1w14pwP1+CP0HzSqV +5uVWj4Vj06+vdAuUuzVhOTmyYWd+HdIec5chG323rovRO7yhTokiVu4v90umVMOj +gcnTIKJpJaqjQyFUpHbHonDKA2DpUhbMmBuL5OA83Dm9YRouAEpW/btjnrhFdWFw +DG7OrPzynb0jMyl/R62KRaouN0L59M+MBennECwpvXx8iXkWwA41uZH3fJx0GRIB +5eZtT0u6edJgVkfWHA1YReio7y4rFx5M56BndICDeH4Hy9LFIFSBgDqMzY4Tn4wc +qdTLQS0XptnJFJwfgH7YlNpBspxWvubCotp9PKxqFmx4B2KAKNvg4yCpyTpLcseH +/c8pgJkMFM9IxHSY/ujm74J9FyGj5Qq8qeu6PGY7SkjKxJFWZYERXtubUdSPEx5A +ZIRxGSK0 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.der b/tests/data_files/pkcs8_pbe_sha1_3des.der deleted file mode 100644 index 7b36c36a18da5312cbad74d501e5e6b4a5147f6b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2zUpjnz~bvpaKF200e>pfaKLah#+)f z+{WahJb2oQln4AUNerQ{lty6Eq(?oXC<6kAxSxSc*mw@VRFRZ+SNPrWTilA}4?s$~ z93Dt0AQuBKA}#`Mz*ShV?`Ft_J9OV1@6jPM2UuVh2+1~Cb3{c4D`2qL#7p9ON{T6f?Mmp&<`OXaZ|a3{(egNFX?3^27bDig`V~7 zckc*-eZ(u=YUj15DMp|qtMsTp-$}}0y%#lEq2ZX|O)jMA09M}`feQo~ucj>mVbWiw zNXd+jPa{*tO3}uAc7LmOL`6n%`E>ua=*+xyRjwak_Dck_FunNBCzyyq_yg(xKZv@V zhsG${b)#JT0c=n;n^aJ$%%jSozf7jXRAZg>Sn%(%v z#gMX2f9m%nnC{wOCfR zd8hs)CI-5C7P;NlzjLLJ_)8_JB=bRF@bDA`FaW=${LkaDos9ttjt_P5`EG#)RceMx z`F;>MAsS7=Wq;EzB_ZG`>b2RgB4qdlkq9$AKhvXv_KDp-RnlPu-fwb)BxiBr6 zNW`rb7D`vJospnq5w>GPvrk*Ndtba+CJ(82uYMh_Yj(^USqnW3=0A9k5SgD$t$mye MR|PByR9$n&uP6IOkpKVy diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.key b/tests/data_files/pkcs8_pbe_sha1_3des.key deleted file mode 100644 index 07b47f74c3..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_3des.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICojAcBgoqhkiG9w0BDAEDMA4ECNw/X4edWXVbAgIIAASCAoBDmCn+YmkXDXuo -6tdZqaPmpj9cCeBl4FOaID62I/6Xfh5if2Vyb3NVqyK2c4pYVc1yQpFOKK5dJuN+ -EyKz1L3Ey+IwHfXGHz/VjWrxuZGvrxy1ssM72v3Ev9zQKO/+LT+hKfkAxrD6jjCA -heiKJqFaDeV3vkBJIN/L+wyG2pfUzYu1ZJTa0s3BSquiS4MF7L33nuTQ6+VEvVBH -OfufPVD2eqCAYtc4FJz5329kOf54ul7shdsIp0EII7bjmGSwbwG235Wk4jOkIkMg -EKV1UgeMXQ2yMFwOH+02xVFj9iHlMq9gVkWVxzAEv92FNqysageyvwV+LiBQu3rz -hahAqoI7uL1aIRmOyNs1xlSN46Ztr9/giE6NZ3lMoivnSncxXbyUsrwp2EepEjLq -3szsV04DOBAF1CxBlg0AI/PXGDe5pyFrlWj0aaU5YgQR+v2DT8BPheZASbk8Mo3d -WP+GKahSJRBUI2C28rV/aQWsforW7Ml6Sj/iqWBQbkNEow6FICeusFY7gxYjJdPq -QsM5Ncu9kxXPJCwfwPuguh9BbIUJdFl6J1lW97RF5M+XvfXm3naBu2PVQbPDAwde -G4DpEIP3ckOrnJrNL9Ewjk6upuaTO/SzL5EDrK8jygpmkPe5YpLRmwmpr3lLlanV -Nmqv0HC/6Mxjh0E87/wyAD68/Sv4CYFvWBE9WD3mFc1ZHadJmu++W3q0X1SOJpOJ -z+Tz20bYdbwo9glyeyh9rHqTukpAtyLpJ4RnWw0BqO4CTH33AJas82VxHKOWGuhy -QXKiPBronsVP8omv0+HRPk/O8fkff90NZ7wivihuZYYqewBVzJOtSwDFBp+pTf/b -kL4GqBE3 ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_1024.der b/tests/data_files/pkcs8_pbe_sha1_3des_1024.der new file mode 100644 index 0000000000000000000000000000000000000000..82ff7265ae96b547873e61cb0a6b53f008582691 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2)-{PRevHgR00AB00e>pfbWj9T~1S& zQZEPFCVeAZ`5lUjJWv;o4i~MKV~4IX+4!`+!U3A&6-rgCLQ%~Km8Bv3;FD*6y4SOY zXY>c&f4iW`0s)fLEi2pzDj!KJ!*?CQ!In29U^Rx)s?I^}2Hk*41^TLpdl5Rj+_J;` z=MVNGf&qK^@cML#7!T0zIg-6S$&ez#dx5aGYg_xiUeK51U?IkzAGR39{37U2KL(lD zy(yf|2yxt%k5k9Oog>*LyQQHqpze*k(&(|kf=5(WowQT7u5;2x zN*#Kg&`N|lDrtFeI@sr=>+$Ddw~vAxN?O@)|79~L-uHzJwipQ&Fs>|OZUIh}Lhxb} zh?>s)k_~v{jbfBG2nuGVlawXWa8}wXeN&Y5O4A+S{DCZwZ{O#%DI6A5YJye&=~k84fLpureip}-OChuyvd+2<^!p!yo8 zvadkDzsRf0TcPO2?2?GmSviaLs76JkY00e>peVtNbKLdYh zwYZjeWMHk`ZI!o$6FqsMnW-XUG;!EeA7eT{Efx73vQgQj+@>=g?H?LypF_NAkP625 zSZ7AViY&dQ%Pu|Ar|m(y_QiZLRtPxQrdC`CYKsL;tU>*ne~BP~2U$Y9N&&3kITa2{ z{=!>8jE#GieHhITZj&LGDobTS2Ioz;+GI7V9d`sZYVTJUDjw^rR#0A=dt|wHX}=v{ zIaVX8?HcB7T^{>f1TUjP3iW`cxtoz1PuS38xFmQA*zC;Q`HT;I*o)MhrXeov_g&YP z4-h?5YZ&`n)|hQoJU0Qy5(Cbw9lI}_)6@%Pa!wES<&0dtf~;garoqfXLu=|Ztl;ZX zsTA*ze;@O=q@7pztS6SXy>>;mm6GV|(eQjgD7b9`6UOW-vZZm#fMJ^EX#L!4S%R%xB!>|C4u^Kbhmc?NU=ojabnzQ8~KM$t;S!&RTR&bk+_^2KMS(@>J04x?8|+DNFPR zV9AGFWj6*!$pK$aQczgDyga;!=#d4+NV?M;Ck_d$ADY>~{UMW2a2yR+tjvt)rQAu&9Z3vEoYcHKHk=xdO&4Z1f1OUe!XIJHN1@34oRs2E3(YdIJ;Ny1(iL6wDi+hSm+IC!?YsZF?WhSO?~ Jsc~{h*tt33K*s<8 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key deleted file mode 100644 index c8fbd7e335..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICnzAcBgoqhkiG9w0BDAEBMA4ECHQhpmYrGd0CAgIIAASCAn2hV4Jz28YdWGFK -0gLJr9d41Dgsa4BgBAD+dVf1D8prnkR5I9VoPMY8Fl2EZFVIgBCfKTehR2d5jMjg -EszFKDnSh6Oc1Rk2Xfp8zOy5lFBXbr7sGfHPFTBaN6lnFwRlxsDOdXHNpMVJkqnt -sli1A4Myjhf+y7G7jz7t5cavMxSkVf9NiNQ+4YwdzJTDuFOHPvHfTk+4x/QMw2Gw -IjKPyWZVYXk9biEad81eWO0waV6+wexmB6adIo7FkNFC7Mu3Yjxg+2DRnEnKRuuT -X0+Lt7vzHSUV5+yYwLQhQSGQvuci6U9zin8hcJ7tkJEQ3kJzQu9yL5ozRI/kAXRW -LhS4A6wGaQFSNYf4LzUxkqb/VvNnQ/EBT+BXKv/N83ja4KX6iD4X93uKlUGifsi6 -8/z3mI4e6FhO2XM5PdNE1iCdJtkw5vQZYPACVdX5LIpY+202hl/+qrzJkW09OZfE -TbNJRq89AvpB+Z1RVpIdvnFLuNZCk7GJyfpQCDWmK2msL0XTohlf5jUB49SwchKQ -NJ1NQM4K1JDz/yI+N39CCB7MyUEoA2bwRIpNRFDpNC/rE8ruqtPs5mhDfHqYCEUv -DfU1Aix0oQpFKICNlxqXgmszlzthTGUvNzT7zPsePfhReIBfiOG3hmqNzmq5N7bV -hhBzpqKIS59htjKZ1EDGCr7RdYdO/wzy1LCVyXyWZ1QCYPyyK2C04fGrDAxnOOqM -vpPoQPswK5WbfEbVqj1z9Y6MjcYdtr92x1ZDhTbM7BAdeBEhjzfMvrKPVuZO4+rZ -aC6TidEeAneJablTGz/uIGDFz1Nmtjb76cgUZHW0IRsFTNXVAPDRcxz3P1F5hujb -uWK+ ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der new file mode 100644 index 0000000000000000000000000000000000000000..39d6572a5e856558765459eb5b6d3b870840a9d4 GIT binary patch literal 673 zcmV;S0$%+vf&!f|90m$1hDe6@4FL=R0Wb~(2v6}0^P>&g#R38d00e>pd#5||zcQV+ zs(Zj&E}a$uxtTaZjY1y4)b~I#U%&&9T--*nV^xsVh_=OtCq8(NMJ*FMayn;=IN_5L zokGTkLys5i(E!YVIjq$|3cPbvD`4~`qj({qM&qJibFcv&qEq@bm zJ5xPB?T#}SE)C+BkB;pOAvJ!y%U5`HHo=*+r6g!WF4Kp~}8*KD6!6eQ>D z`L3XV|C8}e+mZ9gL|d9l1>23nZ_Wl$^ix{Sunj4EIigl9%nM(2;j_6qHR(!mmaqlo z-ne~W{ha*!K(0rzRtBF=j`KCHqZ+y6+kjovxXT5PIo}32pnd``AyYGG^~c;iK`6r8 zqvNK&aAhqX8VhZ~i}S|`%2^l@OkG8^OpGtA4&_dn-{m#9ll?J?DX3}eQlN+evlL-M ziP`H`*q+I7bc_v8ML>;h=(9465?)QjbI0}pbjdf3?;CSrp(u@3G#d==1f`>H>Zh9? zpeMx&$BBENnat9>pw%7B_S9CQ07ZVCE-2k)TLLR7!XlXoW#t4-jHiOrT|P&fI_#V0 H#7@qniJ3rs literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key new file mode 100644 index 0000000000..94a4df4ba5 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICnTAcBgoqhkiG9w0BDAEBMA4ECNbmP7UF8CbfAgIIAASCAnuA63P9lQDRpOUH +RTWs/TL/H7tTBxLZpCiewFAadKpCre1TBDObhwYuWB41lgLUF1BXMv9ljbNF0MiC +Gnau2x+nzAtc9RsoaRTazz0y0OxYRoSXyDgLajyyAKo64aF+2gKofPjb9M6rgkXM +3kGBbH/sQ9KFoXnW8B/gNgxI34Uwfxn1SqCF+K1qW2ZVkW2kyMrUSAvTrBpgLCjN +/YGxt/JvmceDxSzIPLzegPaA9fCpzNldDn64P7csNGc4fbp+CJ76hJKtFqlMCtSw +7o8XtaQOALPbzh5hNaHycDpwbu7R6IJP4k3fgPBzB+ZmLa8kO5lnPDgTIRyTgDh+ +J55hnPdoNqekcVSAziA7NOy+MG/cz+eElZ6bkrNSRfmhmhc6GDi8hfzHObS1DJSc +BqAYSu471EI328kSVkQ6zZQUKBJbpGe/PK/CpvXxjp+8fYMfv2hCqAgQj560oR27 +YFAEZ16cZZL2o+JmffSIvZBuY/M/shYHOwukz6iGatcpgQQgl8k/3tAQ80nzP7SP +q4XXCY3HP9AL1YrMQohyuO2Y+i9uO1yak9gFaVM3i49d6iNs/Ujw/oI982ZHlCBF +Ls6sP6FnbWXxlI1UAkKGuMyh3rfcEa0qbkNqD6RErtlefKVtYwcJOeUT5axR2ahj +Nhe3VHMky0Aq9dgsCMDxI8Usca2v3xrPt9utGhvG89PmgG0YaMmPBADVwfA+L3Sy +n/z4GumLLG/mC/3ZwGzLN4TsIVhQcOthLXf07e6qsSodLMjCIEmSrcNiU9c7hCl/ +s42+lywTdTw9G4gxLmiwxNdPlWd/W7o4c9YpukXlIXrTguTJkTyXX2kaCY+SvNsp +9g== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der deleted file mode 100644 index 420a29614d14ee8732ce48fe5f5fa3e31fadab23..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 714 zcmV;*0yX_Gf&#`cKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?5X6XftnRsr$? z0tf&w6b1+?hDe6@4Fd-R2tBy35H1@!@&tkcfFQP?axIJ<%~nBfCabE>4&hKp);@BN zn*MZBB*nRaC7x^YTst+Fm1 zP7mY1YMm`)q*_cGv|Fcc{s`^xr$hCU@KwgJ?uqf*Gs?WO!i9rJ{F3k>A4*J?n9pN6%PlE%TdV~Egk2^JZSWc6wj zfsvcnNupgsxCndlF3bBujzhD_P0dcLSa6$?v$7xn0Z#qV_9pFkxFd5iI~I(!NM`F= zF=rEd-!drmNuW}K!Kl<;x&463H`+_>auj5G;xwcGR^;x%P4l=WfQXueaJ8$|hpWa= z`-2XN3qARL9?Th&O?ytNN@qzXnN9uTp=g#Z@1UluI9<-4EM=)W%f+z_5+f9OiJ8Ik95Qod0eASfcoy;njRREtw}FMZJjzgVou$yb5OeRaB~*khewEe zg*~_Ca6zl}&_PL>Y(JkmE14F#Gbn{_d;9JV<*HwSw$45hUtd;Fi-w<(9v=-hZNQ8O wpa2}l|5QIqS(K`kSgxyw6Agk&LNQU&4g?67mzy4?FbgaK z0tf&w6b1+?hDe6@4Fd-R2o03VaOt2`D+Gc9fVIUQ8hM(XeFOWPZ5);oASzYIwrhlBa zu$XT_UM{=AT0P{G!}H^P>RquV)n5U$vcc_;hyv8wCcInJ(}%6s7G>eSW9vcoA$`K{ zKd#i}#wQiAeQEVddH!!PRQi~O+ZFU^^uWGy~mEF?m`bpI6@2jAF_R&ENP z<{f}g{fBQPNqa_+K3m&w2|LYFKBy!@JVah*Y$O*2Uogu0auiNnp*!miUU)q~ZhCsrx zXA*?+*o?BJfc6I)%07LOBnVR*#Bsrp4EwIDxW^uW$ii!Tw*Ls-iZ-5!sS&^7s?q&? wb$_N_PqZAj43-?a122>&HhOajNh$EQx2zdFra&965+kSb-np@jm`cStCP=(l8UO$Q literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key new file mode 100644 index 0000000000..5e43a56d13 --- /dev/null +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIH84hnyJLdCQCAggA +MBQGCCqGSIb3DQMHBAiOq5X43zb6zQSCAoCbPjReKG+eKwVvc/0YBcNz62jtO2vd +KizRjLbGyQoQ80zEeeSZSkyFsSc026vI3w1TWq6f0+R2YovRyyetyb766fC6CPey +0xvP4MTBlWMrB+O235A/tLOV0C0iEHyh3a6YV67KLRh2fa8Y44RysdQj8MP557LZ +ckc5JZM06U9Hh0iLWdO/BdXg3jw4gZ59r0V3gcyZhy4m+AsTEswCeHpu+wXYBkQ5 +Kw2HhK7GPd1uiuJvOh5aVwgA/RZZsHnu13LiWAOtbPrkvM/HzHop8bGFJ46uv0mu +Yd6tgPxYlSR0ymMBFFarZXiA9+uoR5tAznpMFv5FOzcaquNkWFgZCW+2iIjWPsqi +t+AlQVlzZDjr3/+rETrANGVPdOKrGtBd0F2rXlo3x/JjbB1TYNF1xeUDgJGkkcxm +djvy7Hp49npauDcWTofMaquQGapHX0COPUNbKAzwAfTqGiwG87CuCGmer5dWeaAK +9qtwdCyPCyA5wncVBjVatYQqAWDMERYuGm4X5K51s/QMCA0xCgTGeHiRDJa/EXOv +6IobgRIcD0FXTtp4FB7Qc68yUN9PHh1OKtAHyvvURkYb5EwY/nibL7+P8pDXjiYe +EMzAtw1SOCnOCfFwXuCASXnsLh7k5d+GpfL4b139gYgzy1RRCOkJkoTvCjN1XgLX +fUnTa/GKtxJatQOfBKZG/k5QT5tpP2FdaHR1S5G+B+SAa4F4LQsOAx6nwpRr4wez +A1+HjDrfDGZytuaEwXpMmJBFeEPylccVGtD2S7BqNYuM3Lev0pwjKvMgQEvMZ0qC +EbiT3CssZm8Qretil8jdB/mkcyTvqcP4jna0+QkZaCwq6QS1N/wXPpQq +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des.der deleted file mode 100644 index c4f1f30e7df8e42cab879e7056c345669426e805..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?66%&!C_t|H9> z0tf&w5e5Y-4g&%Q1PCU_oMhX!jMxN%0)RgNcsDyo_hQUCJ=D>U#W~PvwZ#m>t=^d* z5bajfIEW!B19Q z-Ft`f1Quw zQ>xld4G!<=#qQLZ8y~lD8^f6*?omg36;f^%04qz3r`q4kzYANLDXu?P*kv@t3Zepb zE1#+HgFrw#{QET41baIiYn-a_b{Dp|8Tjx*lTIzoSD= zS$pDF8e$mclY5?j*q~AV<0p4jH?3tQYFah;Vg7slb}l%Ba>+WVd!o2DdamWa%`qB3 zaV#?Hay^nLMprPBT^66v-mVQ>6-6OY@-bwRt9UtX`e8;jnhyF|?mHpKTvCZG^+BcA za>$+uOI&GX+ty8_W33|c>|V~8aRSdLb;=yCM|fk4H&w_dht3S%L`#Ef0lkOvu$fgo zDOStkV7s;&5buy~vTP_X^vr4Ks8`g&EOR#0xW{kmo&p%Z^2UW=gRK#gP+(5s>&_V@ z=KbyV>h3|bv$d5pHsIiEgf+V4VG|%T#9>(wPGo+p(|tjd}E?TZsZp1r0%+kLhZ zZI>tEUN^ZM1oY0oijBzTnk-mu8Z1M_N4_HOlcN_TvKBNX&ygH@(L>U}lw+iQeU4*K tfp*=OV`*4oTz6~5Ut(jbC0(5(N4>Ng$NS;ZTgJO+QUWA@C-Y91pr*AcO5gwh diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des.key deleted file mode 100644 index 2e1de1a57f..0000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIBW39lScgIG0CAggA -MBEGBSsOAwIHBAgew0DQx3CQ0wSCAoBj1gYWHNgnbi55zQDcpAwMgh2xHNRTqkKU -AF5K4K2BEy67eXGtXNEmBqo4ftuUCmEJ54XEoIK+6zCKhv9uwc8G7JHxMRMDajkv -W/WfUUzSmS0yoXn0DkhXZnR7FifFDwrZ1E721eRP8eL45qc5ij6Xlr3NwA3Pf92Z -8zbszNSMaw2P6kgk6ZiMZr5vNOS55w7vM1OMfP7FJjNRNENue01Ed3WZ8N+Imd4N -16Nfi0VYVaFcnOoWRt4/aUWHd0cZyJNVsGDYcoE6pEmi3oO/FqS1EaPoibUxldqH -lUc8UW6PGtgAzs+J7Nf1Dgd9ilkPoTvHeMAfc0yWlq4vkwtdYhSwWaC9EjkHy5+c -K8cxYKBrKrseh/tjB+WasrzQjov7+d14MqK6DvqYtUq/y0HCVzw5UGWA+hlkk2km -zByJKHKqrthZeHz3aE7KQyE9G0AUukGN/J6f9EnUeS8ROZVKAB7laQKaY3p6gH7g -tNenTQ8Ng3KJvCBiZ3QZUWxlEzZ7b+DTG4NO+ua+7pD0CfovNtWE8spmNQNRGUL1 -SHkJqRjSTnFWrLLzbz9qph3G/qlOQb1/mzEqcmso2scoeiybv5WE2Zgkkiajr16W -RBz3mYwOmoKJnLrMkwUJtk1PGrJz3d1VAnt/ill6LdOdiq65HC4cKqY36+x7vRYB -A/75UvP1wCadtx1ukFVTLylJG7T9gDZgEkQlaCPkTxthK7FqTYS1dqyy+Q6aNwGn -f3ZS9f3azDK33Ho0V38rYAjdg07ghN1bayKXfmAKz3z7KYIn3gZqRwWMvc9IwvTN -0bBpNCe/6du89S5EWDAGmLZ98oBvAZ56hKcNNmTJewUxHbjQlnJV ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der new file mode 100644 index 0000000000000000000000000000000000000000..02a26fe43c36a6061765a55880d342891034cb42 GIT binary patch literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?6?Q0o=^KEA60 z0tf&w5e5Y-4g&%Q1PBdGg#Fw^-uMK90)Tb4Vh~8GCHjTt+qq7J!?5`nf9$eqIM1O~ zc%T6yVs)k$V`e z2)M9nTE7H#R5+5buItaML)i8EmG(IdP^C>J&XWt&D9DivNOlB5QnlUAmLj<0GKj49 zt(P)ozrCn>I9{+&!YK@~K0R&}fAA^s4<6BRkC5vmm>&E*A)DO#u$96`6JM#JqJMjb zV`V??kfdhB%9F0)j*KzLSQgF%n%5?c6PPg)Zto1H8H$r{6`NlXnQh)4!Ok^>JF^f* z=4=;5P?3*s2vpuene=V%`a#iB3SoWzHFzl%7RndFRr)W-T=P6gE-jZDT}kQwO|=`? zTS9d5;RDzfR7f$Nsz7--RSfAbCSOQ35;IBa;l=C5`EF;LRb5U5UEJK~DBBzQ)~IlW zxAKj5KP>pZd^8c*Oe}07n=H zPxdr?h23S$JjYgx+!-Ve_M}t~w$PG-DaW&f0Ho0fv>J^|t8hX!rB81j%2$Up>1SJcMEST~V@Bb(Lcm*#f!z3*th^QmPcXhvhkr|Va( zIzTy^A+w?aV1>(mhR);>o#qH@4u^-_H|!b1T$D#2{TB`Ugb<7QQhW4AOzSoqy)!Cm zP|3yn+K82(7Z-Yvb}KAEB3Zoj5vP8woDlBOgFDVsNHLqqs+N@~OgD{$i_))ImOo-L t=BPTU$-DCG9nRrtdTMQ{Dla8~@{nDahgN5?i|K30@5Yn{3zpfQF}0@?Q9b|w literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key new file mode 100644 index 0000000000..9ea8a463fd --- /dev/null +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIw+0X32U89PgCAggA +MBEGBSsOAwIHBAg0VpB6xQJjVQSCAoCi3hEr5Di1Db4Xfvdavg8wCqQ7rHCBCdsb +YeUo+WLcUKFPyuJO4Zh2Fu1vqnDRnaTNG5c9SVkJpXACqL3gvoY12gg5UHQNyfO1 +iQWvzvSpg/vOlWsxraP5SiK7C18RKGbj77BTCtlVvraL1RUaWe/ssrATR/4nFpLr +qmzXLz7GCydDRT0QUQs1TIy+tYIuI2rxgg7QQdHT2c40djaUCN5RaEe7i10ZitIp +Aj4LXGBkCJ8PBoPrG+Cw62+piuCzg33VIHq5AngZ/CLFNV6+70ZXlrWmJb3eukAj +RiQiWeRTAFgxtaMjsXC40VREeZplB/avnNUNWdeBe3GJBtwqBWh4plKXr2m+IloT +uastY+ndPgvDBCjq4reticn4SkIbjaCGhugtO8CmAUunzmU18z8AEB9AY+yGITnb +8lAickxhPo/4w7IIX9NCfZpwiJ2AfJnKFNk9JMQ5PpjTo8IM/lOW7WrO9sf/9JzU +Kfn19Gv/TtaYxiFtYwVJLM8UWl9EbVwobSOeVsIqCYOVfRA68qdms9/uztDNeiy2 +Kb11+l2Nb7BhUNnzYSkrPGftjQEy2dvABDk2IV4G/GvFsTviir55KSI/2qitradV +CZPiKKOLw7sy48VCLpiARnqC7e9TZI/HSQnMp9nGKD5O5jM0qb4nTto4Tj3dHNYA +TPeeuDxEThZ1pb4SwhrTvULrNogp9V5R5d9qFf/4hhkfMBBaJn1rlc82KMWq8THi +LdnVv9U2txkpmybtKySBrbEVhNfH6V7Xgu53kopg/Um9FwL+rarKC0bli83QmKyn +M5K981CM1/PlCj7Js4/pNMXbT221GXZaeX5qX5aEhOtcF4YI6xMx +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 838930a8e8..46a7ebcd4c 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -12,23 +12,23 @@ pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PAS Parse RSA Key #4 (DES Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.des":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.des":"testkey":0 Parse RSA Key #5 (3DES Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.3des":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.3des":"testkey":0 Parse RSA Key #6 (AES-128 Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.aes128":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.aes128":"testkey":0 Parse RSA Key #7 (AES-192 Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.aes192":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.aes192":"testkey":0 Parse RSA Key #8 (AES-256 Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.aes256":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.aes256":"testkey":0 Parse RSA Key #9 (2048-bit, DES Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC @@ -76,15 +76,15 @@ pk_parse_keyfile_rsa:"data_files/format_gen.key":"":0 Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_1024.key":"PolarSSLTest":0 Parse RSA Key #20.1 (PKCS#8 encrypted SHA1-3DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_1024.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #20.2 (PKCS#8 encrypted SHA1-3DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #21 (PKCS#8 encrypted SHA1-3DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -112,7 +112,7 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_4096.key":"":MBEDTLS_ERR_PK Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_1024.der":"PolarSSLTest":0 Parse RSA Key #24 (PKCS#8 encrypted SHA1-3DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -124,15 +124,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_4096.der":"PolarSSLTest":0 Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_1024.key":"PolarSSLTest":0 Parse RSA Key #26.1 (PKCS#8 encrypted SHA1-2DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_1024.key":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #26.2 (PKCS#8 encrypted SHA1-2DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #27 (PKCS#8 encrypted SHA1-2DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -160,7 +160,7 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_4096.key":"":MBEDTLS_ERR_PK Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_1024.der":"PolarSSLTest":0 Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -172,15 +172,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_4096.der":"PolarSSLTest":0 Parse RSA Key #32 (PKCS#8 encrypted SHA1-RC4-128) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_1024.key":"PolarSSLTest":0 Parse RSA Key #32.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_1024.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #32.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #33 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C @@ -208,7 +208,7 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.key":"":MBEDTLS_ERR Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_1024.der":"PolarSSLTest":0 Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -220,15 +220,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.der":"PolarSSLTest" Parse RSA Key #38 (PKCS#8 encrypted v2 PBDFK2 3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.key":"PolarSSLTest":0 Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #39 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC @@ -256,15 +256,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.key":"":MBEDTLS_ER Parse RSA Key #41 (PKCS#8 encrypted v2 PBDFK2 3DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.der":"PolarSSLTest":0 Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #42 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC @@ -292,15 +292,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.der":"":MBEDTLS_ER Parse RSA Key #44 (PKCS#8 encrypted v2 PBDFK2 DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.key":"PolarSSLTest":0 Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBDFK2 DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBDFK2 DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #45 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC @@ -328,15 +328,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"":MBEDTLS_ERR Parse RSA Key #47 (PKCS#8 encrypted v2 PBDFK2 DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.der":"PolarSSLTest":0 Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #48 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC From 66a0f83d58312bf711d7c4debad437bb44223b45 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 8 Sep 2017 12:39:21 +0100 Subject: [PATCH 0210/1059] Remove unreachable branches in pkparse.c --- library/pkparse.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index e28ddbe0c2..a7d2c8bbb1 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1080,12 +1080,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ret == 0 ) { - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - { - mbedtls_pem_free( &pem ); - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - } - + pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), pem.buf, pem.buflen ) ) != 0 ) @@ -1115,11 +1110,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, key, pwd, pwdlen, &len ); if( ret == 0 ) { - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) - { - mbedtls_pem_free( &pem ); - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - } + pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), From 9be1926b699847f74cc68871f09207e05c7acc49 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 8 Sep 2017 12:39:44 +0100 Subject: [PATCH 0211/1059] Correct parsing checks in `mbedtls_pk_parse_key` Two code-paths in `mbedtls_pk_parse_key` returned success on a failure in `mbedtls_pk_setup`. --- library/pkparse.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index a7d2c8bbb1..a06d952a9e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1222,29 +1222,35 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, mbedtls_pk_free( pk ); #if defined(MBEDTLS_RSA_C) - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) + ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), + key, keylen ) ) != 0 ) + { + mbedtls_pk_free( pk ); + } + else { return( 0 ); } - mbedtls_pk_free( pk ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 ) + ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), + key, keylen ) ) != 0 ) + { + mbedtls_pk_free( pk ); + } + else { return( 0 ); } - mbedtls_pk_free( pk ); #endif /* MBEDTLS_ECP_C */ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); From b2231fc31a8e7840734b5fd6d9b64d30635ac3d4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 10 Sep 2017 17:32:05 +0300 Subject: [PATCH 0212/1059] Address review comments Addres review comments done by Hanno --- CONTRIBUTING.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c1870547ba..3c6dc74c81 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,12 +7,12 @@ We gratefully accept bug reports and contributions from the community. There are Contributor License Agreement (CLA) ----------------------------------- -- All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. -- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. +- All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright. +- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given. Coding Standards ---------------- -- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission. +- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections. - The code should be written in a clean and readable style. - The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs. - The code should be secure, and will be reviewed from a security point of view as well. @@ -20,15 +20,15 @@ Coding Standards Making a Contribution --------------------- 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. -1. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis. +1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis. 1. Write a test which shows that the bug was fixed or that the feature works as expected. -1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) +1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :) 1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. -1. mbed TLS is release with Apache license, and as such, all the added files should include the Apache license header. +1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header. Backports --------- -mbed TLS maintains some legacy branches, which are released as LTS versions. mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules: +Mbed TLS maintains some legacy branches, which are released as LTS versions. Mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules: 1. If the contribution is a new feature or enhancement, no backporting is needed. 1. Bug fixes should be backported to the legacy branches containing these bugs. @@ -42,8 +42,8 @@ At the moment, the legacy branches are: Tests ----- -As mentioned, tests that show the correctness of the feature or bug fix should be added to the Pull Request, if no such tests exist. -mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. +As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist. +Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. Sample applications, if needed, should be modified as well. @@ -54,7 +54,7 @@ It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtl Documentation ------------- -mbed TLS should be well documented. If documentation is needed, speak out! +Mbed TLS should be well documented. If documentation is needed, speak out! 1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation. 1. Complex parts in the code should include comments. From 6c13d37961288dbd5b3e8627ec5cf1b367635f4c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 12:49:22 +0100 Subject: [PATCH 0213/1059] Extend cert_write example program by multiple cmd line options This commit adds the following command line options to programs/x509/cert_write: - version (val 1, 2, 3): Set the certificate's version (v1, v2, v3) - authority_identifier (val 0, 1): Enable or disable the addition of the authority identifier extension. - subject_identifier (val 0, 1): Enable or disable the addition of the subject identifier extension. - basic_constraints (val 0, 1): Enable or disable the addition of the basic constraints extension. - md (val MD5, SHA1, SHA256, SHA512): Set the hash function used when creating the CRT. --- programs/x509/cert_write.c | 161 +++++++++++++++++++++++++++++-------- 1 file changed, 127 insertions(+), 34 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 66e5f1dabb..45fd059b08 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -51,6 +51,7 @@ int main( void ) #include "mbedtls/x509_csr.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" +#include "mbedtls/md.h" #include "mbedtls/error.h" #include @@ -83,6 +84,11 @@ int main( void ) #define DFL_MAX_PATHLEN -1 #define DFL_KEY_USAGE 0 #define DFL_NS_CERT_TYPE 0 +#define DFL_VERSION 3 +#define DFL_AUTH_IDENT 1 +#define DFL_SUBJ_IDENT 1 +#define DFL_CONSTRAINTS 1 +#define DFL_DIGEST MBEDTLS_MD_SHA256 #define USAGE \ "\n usage: cert_write param=<>...\n" \ @@ -109,6 +115,20 @@ int main( void ) " not_after=%%s default: 20301231235959\n"\ " is_ca=%%d default: 0 (disabled)\n" \ " max_pathlen=%%d default: -1 (none)\n" \ + " md=%%s default: SHA256\n" \ + " Supported values:\n" \ + " MD5, SHA1, SHA256, SHA512\n"\ + " version=%%d default: 3\n" \ + " Possible values: 1, 2, 3\n"\ + " subject_identifier default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " authority_identifier default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " basic_constraints default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ " key_usage=%%s default: (empty)\n" \ " Comma-separated-list of values:\n" \ " digital_signature\n" \ @@ -118,6 +138,7 @@ int main( void ) " key_agreement\n" \ " key_cert_sign\n" \ " crl_sign\n" \ + " (Considered for v3 only)\n"\ " ns_cert_type=%%s default: (empty)\n" \ " Comma-separated-list of values:\n" \ " ssl_client\n" \ @@ -149,6 +170,11 @@ struct options int selfsign; /* selfsign the certificate */ int is_ca; /* is a CA certificate */ int max_pathlen; /* maximum CA path length */ + int authority_identifier; /* add authority identifier id to CRT */ + int subject_identifier; /* add subject identifier id to CRT */ + int basic_constraints; /* add basic constraints ext to CRT */ + int version; /* CRT version */ + mbedtls_md_type_t md; /* Hash used for signing */ unsigned char key_usage; /* key usage flags */ unsigned char ns_cert_type; /* NS cert type */ } opt; @@ -207,7 +233,6 @@ int main( int argc, char *argv[] ) * Set to sane values */ mbedtls_x509write_crt_init( &crt ); - mbedtls_x509write_crt_set_md_alg( &crt, MBEDTLS_MD_SHA256 ); mbedtls_pk_init( &loaded_issuer_key ); mbedtls_pk_init( &loaded_subject_key ); mbedtls_mpi_init( &serial ); @@ -243,6 +268,11 @@ int main( int argc, char *argv[] ) opt.max_pathlen = DFL_MAX_PATHLEN; opt.key_usage = DFL_KEY_USAGE; opt.ns_cert_type = DFL_NS_CERT_TYPE; + opt.version = DFL_VERSION; + opt.md = DFL_DIGEST; + opt.subject_identifier = DFL_SUBJ_IDENT; + opt.authority_identifier = DFL_AUTH_IDENT; + opt.basic_constraints = DFL_CONSTRAINTS; for( i = 1; i < argc; i++ ) { @@ -286,6 +316,52 @@ int main( int argc, char *argv[] ) { opt.serial = q; } + else if( strcmp( p, "authority_identifier" ) == 0 ) + { + opt.authority_identifier = atoi( q ); + if( opt.authority_identifier != 0 && + opt.authority_identifier != 1 ) + { + goto usage; + } + } + else if( strcmp( p, "subject_identifier" ) == 0 ) + { + opt.subject_identifier = atoi( q ); + if( opt.subject_identifier != 0 && + opt.subject_identifier != 1 ) + { + goto usage; + } + } + else if( strcmp( p, "basic_constraints" ) == 0 ) + { + opt.basic_constraints = atoi( q ); + if( opt.basic_constraints != 0 && + opt.basic_constraints != 1 ) + { + goto usage; + } + } + else if( strcmp( p, "md" ) == 0 ) + { + if( strcmp( q, "SHA1" ) == 0 ) + opt.md = MBEDTLS_MD_SHA1; + else if( strcmp( q, "SHA256" ) == 0 ) + opt.md = MBEDTLS_MD_SHA256; + else if( strcmp( q, "SHA512" ) == 0 ) + opt.md = MBEDTLS_MD_SHA512; + else if( strcmp( q, "MD5" ) == 0 ) + opt.md = MBEDTLS_MD_MD5; + else + goto usage; + } + else if( strcmp( p, "version" ) == 0 ) + { + opt.version = atoi( q ); + if( opt.version < 1 || opt.version > 3 ) + goto usage; + } else if( strcmp( p, "selfsign" ) == 0 ) { opt.selfsign = atoi( q ); @@ -540,6 +616,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting certificate values ..." ); fflush( stdout ); + mbedtls_x509write_crt_set_version( &crt, opt.version - 1 ); + mbedtls_x509write_crt_set_md_alg( &crt, opt.md ); + ret = mbedtls_x509write_crt_set_serial( &crt, &serial ); if( ret != 0 ) { @@ -558,49 +637,63 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); - mbedtls_printf( " . Adding the Basic Constraints extension ..." ); - fflush( stdout ); - - ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca, - opt.max_pathlen ); - if( ret != 0 ) + if( opt.version == 3 && opt.basic_constraints ) { - mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf ); - goto exit; - } + mbedtls_printf( " . Adding the Basic Constraints extension ..." ); + fflush( stdout ); - mbedtls_printf( " ok\n" ); + ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca, + opt.max_pathlen ); + if( ret != 0 ) + { + mbedtls_strerror( ret, buf, 1024 ); + mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints " + "returned -0x%02x - %s\n\n", -ret, buf ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + } #if defined(MBEDTLS_SHA1_C) - mbedtls_printf( " . Adding the Subject Key Identifier ..." ); - fflush( stdout ); - - ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt ); - if( ret != 0 ) + if( opt.version == 3 && opt.subject_identifier ) { - mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf ); - goto exit; + mbedtls_printf( " . Adding the Subject Key Identifier ..." ); + fflush( stdout ); + + ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt ); + if( ret != 0 ) + { + mbedtls_strerror( ret, buf, 1024 ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject" + "_key_identifier returned -0x%02x - %s\n\n", + -ret, buf ); + goto exit; + } + + mbedtls_printf( " ok\n" ); } - mbedtls_printf( " ok\n" ); - - mbedtls_printf( " . Adding the Authority Key Identifier ..." ); - fflush( stdout ); - - ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt ); - if( ret != 0 ) + if( opt.version == 3 && opt.authority_identifier ) { - mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf ); - goto exit; - } + mbedtls_printf( " . Adding the Authority Key Identifier ..." ); + fflush( stdout ); - mbedtls_printf( " ok\n" ); + ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt ); + if( ret != 0 ) + { + mbedtls_strerror( ret, buf, 1024 ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_" + "key_identifier returned -0x%02x - %s\n\n", + -ret, buf ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + } #endif /* MBEDTLS_SHA1_C */ - if( opt.key_usage ) + if( opt.version == 3 && opt.key_usage ) { mbedtls_printf( " . Adding the Key Usage extension ..." ); fflush( stdout ); @@ -616,7 +709,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); } - if( opt.ns_cert_type ) + if( opt.version == 3 && opt.ns_cert_type ) { mbedtls_printf( " . Adding the NS Cert Type extension ..." ); fflush( stdout ); From 418a62242b57248846d9136de89e34ac84a38cad Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 14 Sep 2017 07:51:28 +0100 Subject: [PATCH 0214/1059] Extend tests/data_files/Makefile to include CRT's for CRT write test --- tests/data_files/Makefile | 74 ++++++++++++++++++- .../server1.cert_type.crt.openssl.v3_ext | 5 ++ .../data_files/server1.cert_type_noauthid.crt | 20 +++++ tests/data_files/server1.crt.openssl.v3_ext | 4 + tests/data_files/server1.csr | 16 ++++ .../server1.key_usage.crt.openssl.v3_ext | 5 ++ .../data_files/server1.key_usage_noauthid.crt | 20 +++++ tests/data_files/server1.noauthid.crt | 19 +++++ tests/data_files/server1_csr.opensslconf | 10 +++ tests/data_files/test-ca.server1.opensslconf | 18 +++++ tests/suites/test_suite_x509write.data | 24 +++++- tests/suites/test_suite_x509write.function | 63 ++++++++++++++-- 12 files changed, 265 insertions(+), 13 deletions(-) create mode 100644 tests/data_files/server1.cert_type.crt.openssl.v3_ext create mode 100644 tests/data_files/server1.cert_type_noauthid.crt create mode 100644 tests/data_files/server1.crt.openssl.v3_ext create mode 100644 tests/data_files/server1.csr create mode 100644 tests/data_files/server1.key_usage.crt.openssl.v3_ext create mode 100644 tests/data_files/server1.key_usage_noauthid.crt create mode 100644 tests/data_files/server1.noauthid.crt create mode 100644 tests/data_files/server1_csr.opensslconf create mode 100644 tests/data_files/test-ca.server1.opensslconf diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f7826d4359..f906545744 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -12,6 +12,7 @@ ## Tools OPENSSL ?= openssl +MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write ## Build the generated test data. Note that since the final outputs ## are committed to the repository, this target should do nothing on a @@ -30,6 +31,7 @@ all_final := # files used by tests #### Generate certificates from existing keys ################################################################ +test_ca_crt = test-ca.crt test_ca_key_file_rsa = test-ca.key test_ca_pwd_rsa = PolarSSLTest test_ca_config_file = test-ca.opensslconf @@ -64,7 +66,77 @@ server2-sha256.crt: server2-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ all_final += server2-sha256.crt +### Generate certificates for CRT write check tests +### The test files use the Mbed TLS generated certificates server1*.crt, +### but for comparison with OpenSSL also rules for OpenSSL-generated +### certificates server1*.crt.openssl are offered. +### +### Known differences: +### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension +### as unused bits, while Mbed TLS doesn't. +test_ca_server1_db = test-ca.server1.db +test_ca_server1_serial = test-ca.server1.serial +test_ca_server1_config_file = test-ca.server1.opensslconf + +server1.csr: server1.key server1_csr.opensslconf + $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new +all_final += server1.csr + +server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ +server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ +server1.der: server1.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server1.crt server1.noauthid.crt server1.der + +server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ +server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ +server1.key_usage.der: server1.key_usage.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der + +server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ +server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ +server1.cert_type.der: server1.cert_type.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der + +server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@ +server1.v1.der: server1.v1.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server1.v1.crt server1.v1.der + +# OpenSSL-generated certificates for comparison +# Also provide certificates to DER format to allow +# direct binary comparison using e.g. dumpasn1 +server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) + echo "01" > $(test_ca_server1_serial) + rm -f $(test_ca_server1_db) + touch $(test_ca_server1_db) + $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@ +server1.der.openssl: server1.crt.openssl + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +server1.key_usage.der.openssl: server1.key_usage.crt.openssl + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +server1.cert_type.der.openssl: server1.cert_type.crt.openssl + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ + +server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) + echo "01" > $(test_ca_server1_serial) + rm -f $(test_ca_server1_db) + touch $(test_ca_server1_db) + $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@ +server1.v1.der.openssl: server1.v1.crt.openssl + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ + +server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl ################################################################ #### Meta targets @@ -73,7 +145,7 @@ all_final += server2-sha256.crt all_final: $(all_final) all: $(all_intermediate) $(all_final) -.PHONY: default all_final all +.PHONY: default all_final all server1_all # These files should not be committed to the repository. list_intermediate: diff --git a/tests/data_files/server1.cert_type.crt.openssl.v3_ext b/tests/data_files/server1.cert_type.crt.openssl.v3_ext new file mode 100644 index 0000000000..bd225ff74b --- /dev/null +++ b/tests/data_files/server1.cert_type.crt.openssl.v3_ext @@ -0,0 +1,5 @@ +[v3_ext] +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +nsCertType=server diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt new file mode 100644 index 0000000000..ed8b80baaf --- /dev/null +++ b/tests/data_files/server1.cert_type_noauthid.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR +BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz +mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9 +FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy +prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv +9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS +HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x +jz0b2l4= +-----END CERTIFICATE----- diff --git a/tests/data_files/server1.crt.openssl.v3_ext b/tests/data_files/server1.crt.openssl.v3_ext new file mode 100644 index 0000000000..239d56ac20 --- /dev/null +++ b/tests/data_files/server1.crt.openssl.v3_ext @@ -0,0 +1,4 @@ +[v3_ext] +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid diff --git a/tests/data_files/server1.csr b/tests/data_files/server1.csr new file mode 100644 index 0000000000..804c4a5510 --- /dev/null +++ b/tests/data_files/server1.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA +A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb ++OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr +eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19 +3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm +TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF +ox+ATHKxQ/XpRQP+2OTb9sw1kM59 +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.key_usage.crt.openssl.v3_ext b/tests/data_files/server1.key_usage.crt.openssl.v3_ext new file mode 100644 index 0000000000..e255027ee4 --- /dev/null +++ b/tests/data_files/server1.key_usage.crt.openssl.v3_ext @@ -0,0 +1,5 @@ +[v3_ext] +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +keyUsage=critical, digitalSignature, nonRepudiation, keyEncipherment diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt new file mode 100644 index 0000000000..d66e515352 --- /dev/null +++ b/tests/data_files/server1.key_usage_noauthid.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO +BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43 +shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+ +3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg +q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o +37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ +VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF +JTo= +-----END CERTIFICATE----- diff --git a/tests/data_files/server1.noauthid.crt b/tests/data_files/server1.noauthid.crt new file mode 100644 index 0000000000..99c004f623 --- /dev/null +++ b/tests/data_files/server1.noauthid.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN +BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5 +UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH +5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d +avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm +q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs +1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg== +-----END CERTIFICATE----- diff --git a/tests/data_files/server1_csr.opensslconf b/tests/data_files/server1_csr.opensslconf new file mode 100644 index 0000000000..6e7075ea68 --- /dev/null +++ b/tests/data_files/server1_csr.opensslconf @@ -0,0 +1,10 @@ +[ req ] +distinguished_name = req_distinguished_name +prompt = no +# Restrict to non-UTF8 PrintableStrings. +string_mask = nombstr + +[ req_distinguished_name ] +C = NL +O = PolarSSL +CN = PolarSSL Server 1 diff --git a/tests/data_files/test-ca.server1.opensslconf b/tests/data_files/test-ca.server1.opensslconf new file mode 100644 index 0000000000..4a5072eae9 --- /dev/null +++ b/tests/data_files/test-ca.server1.opensslconf @@ -0,0 +1,18 @@ + [ ca ] + default_ca = test-ca + + [ test-ca ] + certificate = test-ca.crt + private_key = test-ca.key + serial = test-ca.server1.serial + default_md = sha1 + default_startdate = 110212144406Z + default_enddate = 210212144406Z + new_certs_dir = ./ + database = ./test-ca.server1.db + policy = policy_match + + [policy_match] + countryName = supplied + organizationName = supplied + commonName = supplied diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index d4d2a98ce8..5b54d85885 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -44,19 +44,35 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS Certificate write check Server1 SHA1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:-1:"data_files/server1.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0 Certificate write check Server1 SHA1, key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0 Certificate write check Server1 SHA1, ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0 Certificate write check Server1 SHA1, version 1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0 + +Certificate write check Server1 SHA1, RSA_ALT +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1 + +Certificate write check Server1 SHA1, RSA_ALT, key_usage +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1 + +Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1 + +Certificate write check Server1 SHA1, RSA_ALT, version 1 +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1 X509 String to Names #1 mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0 diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 89be31f9ab..0b6e602203 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -3,6 +3,30 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" +#include "mbedtls/rsa.h" + +#if defined(MBEDTLS_RSA_C) +int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, + const unsigned char *input, unsigned char *output, + size_t output_max_len ) +{ + return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen, + input, output, output_max_len ) ); +} +int mbedtls_rsa_sign_func( void *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + const unsigned char *hash, unsigned char *sig ) +{ + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, + md_alg, hashlen, hash, sig ) ); +} +size_t mbedtls_rsa_key_len_func( void *ctx ) +{ + return( ((const mbedtls_rsa_context *) ctx)->len ); +} +#endif /* MBEDTLS_RSA_C */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -75,10 +99,12 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, char *subject_name, char *issuer_key_file, char *issuer_pwd, char *issuer_name, char *serial_str, char *not_before, char *not_after, - int md_type, int key_usage, int cert_type, int ver, - char *cert_check_file ) + int md_type, int key_usage, int cert_type, int auth_ident, + int ver, char *cert_check_file, int rsa_alt ) { - mbedtls_pk_context subject_key, issuer_key; + mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; + mbedtls_pk_context *key = &issuer_key; + mbedtls_x509write_cert crt; unsigned char buf[4096]; unsigned char check_buf[5000]; @@ -91,18 +117,36 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); mbedtls_mpi_init( &serial ); + mbedtls_pk_init( &subject_key ); - mbedtls_pk_init( &issuer_key ); + mbedtls_pk_init( &issuer_key ); + mbedtls_pk_init( &issuer_key_alt ); + + mbedtls_x509write_crt_init( &crt ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file, subject_pwd ) == 0 ); + TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, issuer_pwd ) == 0 ); + + /* For RSA PK contexts, create a copy as an alternative RSA context. */ + if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA ) + { + TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt, + mbedtls_pk_rsa( issuer_key ), + mbedtls_rsa_decrypt_func, + mbedtls_rsa_sign_func, + mbedtls_rsa_key_len_func ) == 0 ); + + key = &issuer_key_alt; + } + TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 ); - mbedtls_x509write_crt_init( &crt ); if( ver != -1 ) mbedtls_x509write_crt_set_version( &crt, ver ); + TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before, not_after ) == 0 ); @@ -110,13 +154,15 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 ); mbedtls_x509write_crt_set_subject_key( &crt, &subject_key ); - mbedtls_x509write_crt_set_issuer_key( &crt, &issuer_key ); + + mbedtls_x509write_crt_set_issuer_key( &crt, key ); if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 ) { TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 ); - TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 ); + if( auth_ident ) + TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 ); if( key_usage != 0 ) TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 ); if( cert_type != 0 ) @@ -151,8 +197,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, exit: mbedtls_x509write_crt_free( &crt ); - mbedtls_pk_free( &issuer_key ); + mbedtls_pk_free( &issuer_key_alt ); mbedtls_pk_free( &subject_key ); + mbedtls_pk_free( &issuer_key ); mbedtls_mpi_free( &serial ); } /* END_CASE */ From fc7714480207fa19b3b7e4161e89dd6028e50b52 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 08:45:48 +0100 Subject: [PATCH 0215/1059] Fix extraction of signature-type from PK context instance --- library/x509write_crt.c | 10 ++++++++-- library/x509write_csr.c | 21 ++++++++++++++------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4d674abcf8..0e5827e85e 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -313,9 +313,15 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, c = tmp_buf + sizeof( tmp_buf ); /* Signature algorithm needed in TBS, and later for actual signature */ - pk_alg = mbedtls_pk_get_type( ctx->issuer_key ); - if( pk_alg == MBEDTLS_PK_ECKEY ) + + /* There's no direct way of extracting a signature algorithm + * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ + if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) ) + pk_alg = MBEDTLS_PK_RSA; + else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) ) pk_alg = MBEDTLS_PK_ECDSA; + else + pk_alg = MBEDTLS_PK_NONE; if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8fd856b2a2..fd22c28902 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -194,14 +194,21 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s */ mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); - pk_alg = mbedtls_pk_get_type( ctx->key ); - if( pk_alg == MBEDTLS_PK_ECKEY ) - pk_alg = MBEDTLS_PK_ECDSA; - if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 || - ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) + f_rng, p_rng ) ) != 0 ) + { + return( ret ); + } + + if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) ) + pk_alg = MBEDTLS_PK_RSA; + else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) ) + pk_alg = MBEDTLS_PK_ECDSA; + else + pk_alg = MBEDTLS_PK_NONE; + + if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } From d7f3520360d37080dc3a44ec4b7c0a370aea8a3b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 12:00:15 +0100 Subject: [PATCH 0216/1059] Don't add extensions for X.509 non-v3 certificates This commit removes extension-writing code for X.509 non-v3 certificates from mbedtls_x509write_crt_der. Previously, even if no extensions were present an empty sequence would have been added. --- library/x509write_crt.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 0e5827e85e..c970b6ff06 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -332,13 +332,18 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, /* * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); + + /* Only for v3 */ + if( ctx->version == 2 ) + { + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); + } /* * SubjectPublicKeyInfo From 476986547b5658657749017be6b0754220f66130 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 11:59:26 +0100 Subject: [PATCH 0217/1059] Omit version from X.509 v1 certificates The version field in an X.509 certificate is optional and defaults to v1, so it may be omitted in this case. --- library/x509write_crt.c | 19 ++++++++++++------- tests/data_files/server1.v1.crt | 32 ++++++++++++++++---------------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index c970b6ff06..8e4bc35b49 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -395,16 +395,21 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ - sub_len = 0; - MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); - len += sub_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + + /* Can be omitted for v1 */ + if( ctx->version > 0 ) + { + sub_len = 0; + MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); + len += sub_len; + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_SEQUENCE ) ); /* * Make signature diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt index 0a4b2a5cc7..b13be43516 100644 --- a/tests/data_files/server1.v1.crt +++ b/tests/data_files/server1.v1.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ -uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD -d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf -CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr -lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w -bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB -owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK -b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd -Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/ -9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u -6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m -OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A== +MIIC6zCCAdMCAQEwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCTkwxETAPBgNV +BAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx +MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoT +CFBvbGFyU1NMMRowGAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb +7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJ +BEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8Yw +fhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5B +Xhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1Y +ieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAATANBgkq +hkiG9w0BAQUFAAOCAQEAPMRfR9ql7b06b5DdNyJhD96lBzuVSUOW2MgVHT2Vs7NB +tk5L1htpA5N4uaIeyt6YM0xU0nHdHUKaywNcDiXcnzvRoctGWiWdpcEvdA0rYRF5 +T4MGPpjEuLJcG3aTU8mV8wUEbrY6IEnSpC1G9iasjhkwAF7pb/Ic8+/riwmPD/Fh +zBrRfBCgi5VXbX9IvY+yQHRVRal8y+n4eh9/hFxBKDbvuidFropGzcuparEwCIRi +U7L/7aZ3A5wsQp9GPDliSjpeYCf5tok/bvjG4xU041pGQ7yVNpu2mEIoqDz9v+Ay +IKqsWradEnFG/1ov78a2RB+2+iIPE4iCDtmKUkgPjQ== -----END CERTIFICATE----- From 81535d00115cbe3d8474c85cdaf71ec1e61cd267 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 15:39:59 +0100 Subject: [PATCH 0218/1059] Minor style and typo corrections --- library/x509write_crt.c | 14 +- library/x509write_csr.c | 4 +- programs/x509/cert_write.c | 161 ++++++++++++--------- tests/data_files/Makefile | 2 +- tests/suites/test_suite_x509write.function | 16 +- 5 files changed, 107 insertions(+), 90 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 8e4bc35b49..0611cc8472 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -51,7 +51,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) { - memset( ctx, 0, sizeof(mbedtls_x509write_cert) ); + memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); mbedtls_mpi_init( &ctx->serial ); ctx->version = MBEDTLS_X509_CRT_VERSION_3; @@ -65,7 +65,7 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) mbedtls_asn1_free_named_data_list( &ctx->issuer ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_cert) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); } void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ) @@ -193,14 +193,14 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * { int ret; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ - unsigned char *c = buf + sizeof(buf); + unsigned char *c = buf + sizeof( buf ); size_t len = 0; memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); - mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); - c = buf + sizeof(buf) - 20; + mbedtls_sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); + c = buf + sizeof( buf ) - 20; len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); @@ -212,7 +212,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), - 0, buf + sizeof(buf) - len, len ); + 0, buf + sizeof( buf ) - len, len ); } #endif /* MBEDTLS_SHA1_C */ @@ -324,7 +324,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, pk_alg = MBEDTLS_PK_NONE; if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) + &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index fd22c28902..da40eb5c17 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -50,7 +50,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { - memset( ctx, 0, sizeof(mbedtls_x509write_csr) ); + memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); } void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) @@ -58,7 +58,7 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) mbedtls_asn1_free_named_data_list( &ctx->subject ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_csr) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); } void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 45fd059b08..6504dcd625 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -60,9 +60,9 @@ int main( void ) #if defined(MBEDTLS_X509_CSR_PARSE_C) #define USAGE_CSR \ - " request_file=%%s default: (empty)\n" \ - " If request_file is specified, subject_key,\n" \ - " subject_pwd and subject_name are ignored!\n" + " request_file=%%s default: (empty)\n" \ + " If request_file is specified, subject_key,\n" \ + " subject_pwd and subject_name are ignored!\n" #else #define USAGE_CSR "" #endif /* MBEDTLS_X509_CSR_PARSE_C */ @@ -94,60 +94,60 @@ int main( void ) "\n usage: cert_write param=<>...\n" \ "\n acceptable parameters:\n" \ USAGE_CSR \ - " subject_key=%%s default: subject.key\n" \ - " subject_pwd=%%s default: (empty)\n" \ - " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ + " subject_key=%%s default: subject.key\n" \ + " subject_pwd=%%s default: (empty)\n" \ + " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ "\n" \ - " issuer_crt=%%s default: (empty)\n" \ - " If issuer_crt is specified, issuer_name is\n" \ - " ignored!\n" \ - " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \ + " issuer_crt=%%s default: (empty)\n" \ + " If issuer_crt is specified, issuer_name is\n" \ + " ignored!\n" \ + " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \ "\n" \ - " selfsign=%%d default: 0 (false)\n" \ - " If selfsign is enabled, issuer_name and\n" \ - " issuer_key are required (issuer_crt and\n" \ - " subject_* are ignored\n" \ - " issuer_key=%%s default: ca.key\n" \ - " issuer_pwd=%%s default: (empty)\n" \ - " output_file=%%s default: cert.crt\n" \ - " serial=%%s default: 1\n" \ - " not_before=%%s default: 20010101000000\n"\ - " not_after=%%s default: 20301231235959\n"\ - " is_ca=%%d default: 0 (disabled)\n" \ - " max_pathlen=%%d default: -1 (none)\n" \ - " md=%%s default: SHA256\n" \ - " Supported values:\n" \ - " MD5, SHA1, SHA256, SHA512\n"\ - " version=%%d default: 3\n" \ - " Possible values: 1, 2, 3\n"\ - " subject_identifier default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n"\ - " authority_identifier default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n"\ - " basic_constraints default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n"\ - " key_usage=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " digital_signature\n" \ - " non_repudiation\n" \ - " key_encipherment\n" \ - " data_encipherment\n" \ - " key_agreement\n" \ - " key_cert_sign\n" \ - " crl_sign\n" \ - " (Considered for v3 only)\n"\ - " ns_cert_type=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " ssl_client\n" \ - " ssl_server\n" \ - " email\n" \ - " object_signing\n" \ - " ssl_ca\n" \ - " email_ca\n" \ - " object_signing_ca\n" \ + " selfsign=%%d default: 0 (false)\n" \ + " If selfsign is enabled, issuer_name and\n" \ + " issuer_key are required (issuer_crt and\n" \ + " subject_* are ignored\n" \ + " issuer_key=%%s default: ca.key\n" \ + " issuer_pwd=%%s default: (empty)\n" \ + " output_file=%%s default: cert.crt\n" \ + " serial=%%s default: 1\n" \ + " not_before=%%s default: 20010101000000\n"\ + " not_after=%%s default: 20301231235959\n"\ + " is_ca=%%d default: 0 (disabled)\n" \ + " max_pathlen=%%d default: -1 (none)\n" \ + " md=%%s default: SHA256\n" \ + " Supported values:\n" \ + " MD5, SHA1, SHA256, SHA512\n"\ + " version=%%d default: 3\n" \ + " Possible values: 1, 2, 3\n"\ + " subject_identifier=%%s default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " authority_identifier=%%s default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " basic_constraints=%%d default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " key_usage=%%s default: (empty)\n" \ + " Comma-separated-list of values:\n" \ + " digital_signature\n" \ + " non_repudiation\n" \ + " key_encipherment\n" \ + " data_encipherment\n" \ + " key_agreement\n" \ + " key_cert_sign\n" \ + " crl_sign\n" \ + " (Considered for v3 only)\n"\ + " ns_cert_type=%%s default: (empty)\n" \ + " Comma-separated-list of values:\n" \ + " ssl_client\n" \ + " ssl_server\n" \ + " email\n" \ + " object_signing\n" \ + " ssl_ca\n" \ + " email_ca\n" \ + " object_signing_ca\n" \ "\n" /* @@ -189,7 +189,8 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file, size_t len = 0; memset( output_buf, 0, 4096 ); - if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, f_rng, p_rng ) ) < 0 ) + if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, + f_rng, p_rng ) ) < 0 ) return( ret ); len = strlen( (char *) output_buf ); @@ -452,7 +453,8 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", + ret, buf ); goto exit; } @@ -466,7 +468,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_mpi_read_string " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -485,7 +488,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -494,7 +498,8 @@ int main( int argc, char *argv[] ) if( ret < 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -517,7 +522,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -526,7 +532,8 @@ int main( int argc, char *argv[] ) if( ret < 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -550,7 +557,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -565,7 +573,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " + "returned -x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -579,7 +588,8 @@ int main( int argc, char *argv[] ) mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E, &mbedtls_pk_rsa( *issuer_key )->E ) != 0 ) { - mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" ); + mbedtls_printf( " failed\n ! issuer_key does not match " + "issuer certificate\n\n" ); ret = -1; goto exit; } @@ -602,14 +612,16 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -623,7 +635,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -631,7 +644,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -702,7 +716,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -718,7 +733,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -735,7 +751,8 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! write_certificate -0x%02x - %s\n\n", + -ret, buf ); goto exit; } diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f906545744..3bd2c35914 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -114,7 +114,7 @@ server1.v1.der: server1.v1.crt all_final += server1.v1.crt server1.v1.der # OpenSSL-generated certificates for comparison -# Also provide certificates to DER format to allow +# Also provide certificates in DER format to allow # direct binary comparison using e.g. dumpasn1 server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) echo "01" > $(test_ca_server1_serial) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 0b6e602203..ca76e861d4 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -63,7 +63,7 @@ void x509_csr_check( char *key_file, char *cert_req_check_file, if( cert_type != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); - ret = mbedtls_x509write_csr_pem( &req, buf, sizeof(buf), + ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); @@ -149,7 +149,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before, - not_after ) == 0 ); + not_after ) == 0 ); mbedtls_x509write_crt_set_md_alg( &crt, md_type ); TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 ); @@ -169,30 +169,30 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 ); } - ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof(buf), - rnd_pseudo_rand, &rnd_info ); + ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ), + rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); f = fopen( cert_check_file, "r" ); TEST_ASSERT( f != NULL ); - olen = fread( check_buf, 1, sizeof(check_buf), f ); + olen = fread( check_buf, 1, sizeof( check_buf ), f ); fclose( f ); - TEST_ASSERT( olen < sizeof(check_buf) ); + TEST_ASSERT( olen < sizeof( check_buf ) ); TEST_ASSERT( olen >= pem_len - 1 ); TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ), - rnd_pseudo_rand, &rnd_info ); + rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: From 45037ceac5b8c17f279f4e5e2e737abbc187b5d6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:03:34 +0100 Subject: [PATCH 0219/1059] Add check for presence of relevant parameters in mbedtls_rsa_private If CRT is used, check for the presence N, P, Q, D, E, DP, DQ and QP. If CRT is not used, check for N, P, Q, D, E only. --- library/rsa.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 903a57ca36..3dde6edbf4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1202,14 +1202,28 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi *DQ = &ctx->DQ; #endif - /* Make sure we have private key info, prevent possible misuse */ - if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL ) + /* Sanity-check that all relevant fields are at least set, + * but don't perform a full keycheck. */ + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) + { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#if !defined(MBEDTLS_RSA_NO_CRT) + if( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); - if( f_rng != NULL ) { #if defined(MBEDTLS_RSA_NO_CRT) From d4a872ee678ece252f052087564eb69c62871782 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 08:09:33 +0100 Subject: [PATCH 0220/1059] Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG This commit renames the test-only flag MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG to make it more transparent that it's an internal flag, and also to content the testscript tests/scripts/check-names.pl which previously complained about the macro occurring in a comment in `entropy.c` without being defined in a library file. --- library/entropy.c | 2 +- tests/suites/helpers.function | 2 +- tests/suites/test_suite_entropy.function | 6 +++--- tests/suites/test_suite_rsa.function | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index 10449b8d0a..7c09156761 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -83,7 +83,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_havege_init( &ctx->havege_data ); #endif - /* Reminder: Update MBEDTLS_ENTROPY_HAVE_STRONG in the test files + /* Reminder: Update ENTROPY_HAVE_STRONG in the test files * when adding more strong entropy sources here. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 39cd3c7687..d367467892 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -113,7 +113,7 @@ static int test_errors = 0; defined(MBEDTLS_HAVEGE_C) || \ defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ defined(ENTROPY_NV_SEED) ) ) -#define MBEDTLS_ENTROPY_HAVE_STRONG +#define ENTROPY_HAVE_STRONG #endif diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 7983c767ee..2bab796d1c 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -163,7 +163,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG */ void entropy_func_len( int len, int ret ) { mbedtls_entropy_context ctx; @@ -224,7 +224,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG */ void entropy_threshold( int threshold, int chunk_size, int result ) { mbedtls_entropy_context ctx; @@ -377,7 +377,7 @@ void entropy_nv_seed( char *read_seed_str ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */ +/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */ void entropy_selftest( int result ) { TEST_ASSERT( mbedtls_entropy_self_test( 1 ) == result ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f41b14cc3f..270e2d989b 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -659,7 +659,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) { mbedtls_rsa_context ctx; From 2fad94b1931dfb3a86f257bda10a1edc1e3d364d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 15:11:59 +0100 Subject: [PATCH 0221/1059] Dont send alert on invalid DTLS record type Do not send fatal alerts when receiving a record with an invalid header while running DTLS as this is not compliant behaviour. --- library/ssl_tls.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065b..7dd55bf4be 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3493,8 +3493,13 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } From 06fc6650f455669e8daf27af0e393717cbef8397 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 15:19:26 +0100 Subject: [PATCH 0222/1059] Add ChangeLog entry --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..802e30c242 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x released xxxx-xx-xx + +Bugfix + * Fix ssl_parse_record_header() to not send a fatal alert message upon + receiving an invalid record when running DTLS as this is not compliant + behaviour. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From f569f701c225770688041c114f81dd3f09be5404 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 09:25:10 +0100 Subject: [PATCH 0223/1059] Fix ChangeLog entry --- ChangeLog | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 802e30c242..e199682eab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,9 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x released xxxx-xx-xx Bugfix - * Fix ssl_parse_record_header() to not send a fatal alert message upon - receiving an invalid record when running DTLS as this is not compliant - behaviour. + * Fix ssl_parse_record_header() to silently discard invalid DTLS records + as recommended in RFC 6347 Section 4.1.2.7. = mbed TLS 2.6.0 branch released 2017-08-10 From 01692531c6c624524aa9736c2b174a84c4873ef7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 09:26:46 +0100 Subject: [PATCH 0224/1059] Document code silently discarding invalid records --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7dd55bf4be..b388156dfc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3495,6 +3495,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); #if defined(MBEDTLS_SSL_PROTO_DTLS) + /* Silently ignore invalid DTLS records as recommended by RFC 6347 + * Section 4.1.2.7 */ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) #endif /* MBEDTLS_SSL_PROTO_DTLS */ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, From a8434e8f95290b0429c3ce77a7764ed7dc985143 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 10:54:39 +0100 Subject: [PATCH 0225/1059] Add compile-time checks for size of record content and payload --- include/mbedtls/ssl_internal.h | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 756360b181..916817a222 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -24,6 +24,7 @@ #define MBEDTLS_SSL_INTERNAL_H #include "ssl.h" +#include "cipher.h" #if defined(MBEDTLS_MD5_C) #include "md5.h" @@ -138,13 +139,31 @@ #define MBEDTLS_SSL_PADDING_ADD 0 #endif -#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ - + MBEDTLS_SSL_COMPRESSION_ADD \ - + 29 /* counter + header + IV */ \ - + MBEDTLS_SSL_MAC_ADD \ - + MBEDTLS_SSL_PADDING_ADD \ +#define MBEDTLS_SSL_PAYLOAD_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ + + MBEDTLS_SSL_COMPRESSION_ADD \ + + MBEDTLS_MAX_IV_LENGTH \ + + MBEDTLS_SSL_MAC_ADD \ + + MBEDTLS_SSL_PADDING_ADD \ ) +/* + * Check that we obey the standard's message size bounds + */ + +#if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384 +#error Bad configuration - record content too large. +#endif + +#if MBEDTLS_SSL_PAYLOAD_LEN > 16384 + 2048 +#error Bad configuration - protected record payload too large. +#endif + +#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_PAYLOAD_LEN \ + + 5 /* TLS record header */ \ + + 8 /* Additional DTLS fields */ \ + ) + + /* * TLS extension flags (for extensions with outgoing ServerHello content * that need it (e.g. for RENEGOTIATION_INFO the server already knows because From d33f1ca34c39cd42e11f5d0997603a291a4d08df Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 10:55:31 +0100 Subject: [PATCH 0226/1059] Add run-time check for record content size in ssl_encrypt_buf --- library/ssl_tls.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b388156dfc..970a043e44 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1268,6 +1268,13 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", ssl->out_msg, ssl->out_msglen ); + if( ssl->out_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content too large, maximum %d", + MBEDTLS_SSL_MAX_CONTENT_LEN ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + /* * Add MAC before if needed */ From 9648f8b59cbea751921f5da49c5bcb8cad823b64 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 10:55:54 +0100 Subject: [PATCH 0227/1059] Add run-time check for handshake message size in ssl_write_record --- library/ssl_tls.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 970a043e44..d2ca101577 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2742,6 +2742,15 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { /* Make room for the additional DTLS fields */ + if( MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->out_msglen < 8 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: " + "size %u, maximum %u", + (unsigned) ( ssl->in_hslen - 4 ), + (unsigned) ( MBEDTLS_SSL_MAX_CONTENT_LEN - 12 ) ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 ); ssl->out_msglen += 8; len += 8; From 714785dcc217a769ce5e46f3dcb915291ed944c7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 28 Aug 2017 13:55:55 +0300 Subject: [PATCH 0228/1059] Write correct number of ciphersuites in log Change location of log, to fit the correct number of used ciphersuites --- ChangeLog | 7 ++++++- library/ssl_cli.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..000084b775 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,9 @@ -mbed TLS ChangeLog (Sorted per branch, date) +mbed TLS ChangeLog (Sorted per branch, date) + += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Log correct number of ciphersuites used in Client Hello message. Fix for #918. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe1..9babb695c9 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -891,6 +891,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, got %d ciphersuites", n)); + /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ @@ -917,8 +919,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *q++ = (unsigned char)( n >> 7 ); *q++ = (unsigned char)( n << 1 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) ); - #if defined(MBEDTLS_ZLIB_SUPPORT) offer_compress = 1; #else From 147d1429481135cc989fea47dabbca905717e978 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 5 Sep 2017 16:09:53 +0300 Subject: [PATCH 0229/1059] Add log and fix stle issues Address Andres comments of PR --- library/ssl_cli.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9babb695c9..8a48f7b000 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -891,7 +891,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, got %d ciphersuites", n)); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -900,6 +900,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) #endif { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; From 81e96dd54afa16e2be9a91c5465be6cc4a420071 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 11:07:25 +0100 Subject: [PATCH 0230/1059] Adapt ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index e199682eab..1e3614b9b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. + * Add size-checks for record and handshake message content, securing + fragile yet non-exploitable code-paths. = mbed TLS 2.6.0 branch released 2017-08-10 From 4a2fb4c6be50134cbf6198ed6cc904f7d71af77b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 10 Sep 2017 17:03:50 +0300 Subject: [PATCH 0231/1059] Addres review comments Resolves comments raised in the review --- library/ssl_cli.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8a48f7b000..36086e9d98 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -891,7 +891,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -900,7 +900,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) #endif { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; From 5175ac6e133ad9569959bd18001337a46c946c15 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:36:25 +0100 Subject: [PATCH 0232/1059] Add tests for disabled MFL-extension to all.sh This commit adds a build with default config except MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related tests in ssl-opt.sh. --- tests/scripts/all.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9c5bbfa4a..258141dffa 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -413,6 +413,16 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib +msg "build: default config except MFL extension (ASan build)" # ~ 30s +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: ssl-opt.sh, MFL-related tests" +tests/ssl-opt.sh -f "Max fragment length" + msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -628,4 +638,3 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup - From e4ad3e880309a6d52dc7e8733ee002b6bff4aacc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:05:46 +0100 Subject: [PATCH 0233/1059] Allow requests of size larger than 16384 in ssl_client2 --- programs/ssl/ssl_client2.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5032a9f3d5..8e2feb1a11 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -63,6 +63,9 @@ int main( void ) #include #include +#define MAX_REQUEST_SIZE 20000 +#define MAX_REQUEST_SIZE_STR "20000" + #define DFL_SERVER_NAME "localhost" #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" @@ -242,8 +245,8 @@ int main( void ) " server_addr=%%s default: given by name\n" \ " server_port=%%d default: 4433\n" \ " request_page=%%s default: \".\"\n" \ - " request_size=%%d default: about 34 (basic request)\n" \ - " (minimum: 0, max: 16384)\n" \ + " request_size=%%d default: about 34 (basic request)\n" \ + " (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \ " debug_level=%%d default: 0 (disabled)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ " options: 1 (non-blocking), 2 (added delays)\n" \ @@ -437,7 +440,9 @@ int main( int argc, char *argv[] ) { int ret = 0, len, tail_len, i, written, frags, retry_left; mbedtls_net_context server_fd; - unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1]; + + unsigned char buf[MAX_REQUEST_SIZE + 1]; + #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; @@ -602,7 +607,8 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "request_size" ) == 0 ) { opt.request_size = atoi( q ); - if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + if( opt.request_size < 0 || + opt.request_size > MAX_REQUEST_SIZE ) goto usage; } else if( strcmp( p, "ca_file" ) == 0 ) @@ -1494,8 +1500,8 @@ send_request: mbedtls_printf( " > Write to server:" ); fflush( stdout ); - len = mbedtls_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST, - opt.request_page ); + len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST, + opt.request_page ); tail_len = (int) strlen( GET_REQUEST_END ); /* Add padding to GET request to reach opt.request_size in length */ @@ -1506,7 +1512,7 @@ send_request: len += opt.request_size - len - tail_len; } - strncpy( (char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1 ); + strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 ); len += tail_len; /* Truncate if request size is smaller than the "natural" size */ @@ -1550,6 +1556,12 @@ send_request: frags = 1; written = ret; + + if( written < len ) + { + mbedtls_printf( " warning\n ! request didn't fit into single datagram and " + "was truncated to size %u", (unsigned) written ); + } } buf[written] = '\0'; From 4aed27e469172a05ae38a98e6492aabbc4898923 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:00:34 +0100 Subject: [PATCH 0234/1059] Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH The tests for the maximum fragment length extension were lacking a dependency on MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config. --- tests/ssl-opt.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc63486..2ea8f95037 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1293,6 +1293,7 @@ run_test "Session resume using cache: openssl server" \ # Tests for Max Fragment Length extension run_test "Max fragment length: not used, reference" \ +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ @@ -1303,6 +1304,7 @@ run_test "Max fragment length: not used, reference" \ -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -1314,6 +1316,7 @@ run_test "Max fragment length: used by client" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3" \ @@ -1325,6 +1328,7 @@ run_test "Max fragment length: used by server" \ -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_gnutls run_test "Max fragment length: gnutls server" \ "$G_SRV" \ @@ -1334,6 +1338,7 @@ run_test "Max fragment length: gnutls server" \ -c "client hello, adding max_fragment_length extension" \ -c "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ @@ -1347,6 +1352,7 @@ run_test "Max fragment length: client, message just fits" \ -c "2048 bytes written in 1 fragments" \ -s "2048 bytes read" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ @@ -1361,6 +1367,7 @@ run_test "Max fragment length: client, larger message" \ -s "2048 bytes read" \ -s "297 bytes read" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ From c526696c05a7a98b21f8b1aafae268393608e2a2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:01:50 +0100 Subject: [PATCH 0235/1059] Add tests for messages beyond 16384 bytes to ssl-opt.sh This commit adds four tests to ssl-opt.sh testing the library's behavior when `mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled. --- tests/ssl-opt.sh | 50 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ea8f95037..9d476b4108 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1292,8 +1292,8 @@ run_test "Session resume using cache: openssl server" \ # Tests for Max Fragment Length extension -run_test "Max fragment length: not used, reference" \ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ @@ -1304,6 +1304,54 @@ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: enabled, default, larger message" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3 request_size=20000" \ + 0 \ + -c "Maximum fragment length is 16384" \ + -s "Maximum fragment length is 16384" \ + -C "client hello, adding max_fragment_length extension" \ + -S "found max fragment length extension" \ + -S "server hello, max_fragment_length extension" \ + -C "found max_fragment_length extension" \ + -c "20000 bytes written in 2 fragments" \ + -s "16384 bytes read" \ + -s "3616 bytes read" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length, DTLS: enabled, default, larger message" \ + "$P_SRV debug_level=3 dtls=1" \ + "$P_CLI debug_level=3 dtls=1 request_size=20000" \ + 1 \ + -c "Maximum fragment length is 16384" \ + -s "Maximum fragment length is 16384" \ + -C "client hello, adding max_fragment_length extension" \ + -S "found max fragment length extension" \ + -S "server hello, max_fragment_length extension" \ + -C "found max_fragment_length extension" \ + -c "fragment larger than.*maximum " + +requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: disabled, larger message" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3 request_size=20000" \ + 0 \ + -C "Maximum fragment length is 16384" \ + -S "Maximum fragment length is 16384" \ + -c "20000 bytes written in 2 fragments" \ + -s "16384 bytes read" \ + -s "3616 bytes read" + +requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length DTLS: disabled, larger message" \ + "$P_SRV debug_level=3 dtls=1" \ + "$P_CLI debug_level=3 dtls=1 request_size=20000" \ + 1 \ + -C "Maximum fragment length is 16384" \ + -S "Maximum fragment length is 16384" \ + -c "fragment larger than.*maximum " + requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ From 09930d1f019ded3138087bc1e95d5917c3624629 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:04:19 +0100 Subject: [PATCH 0236/1059] Add expected number of fragments to 16384-byte packet tests --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9d476b4108..50b7d1536f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3382,6 +3382,7 @@ run_test "Large packet SSLv3 BlockCipher" \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 @@ -3390,6 +3391,7 @@ run_test "Large packet SSLv3 StreamCipher" \ "$P_CLI request_size=16384 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.0 BlockCipher" \ @@ -3397,6 +3399,7 @@ run_test "Large packet TLS 1.0 BlockCipher" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ @@ -3405,6 +3408,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ @@ -3413,6 +3417,7 @@ run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 BlockCipher" \ @@ -3420,6 +3425,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 StreamCipher" \ @@ -3427,6 +3433,7 @@ run_test "Large packet TLS 1.1 StreamCipher" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ @@ -3435,6 +3442,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ @@ -3443,6 +3451,7 @@ run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 BlockCipher" \ @@ -3450,6 +3459,7 @@ run_test "Large packet TLS 1.2 BlockCipher" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ @@ -3457,6 +3467,7 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ @@ -3465,6 +3476,7 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 StreamCipher" \ @@ -3472,6 +3484,7 @@ run_test "Large packet TLS 1.2 StreamCipher" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ @@ -3480,6 +3493,7 @@ run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 AEAD" \ @@ -3487,6 +3501,7 @@ run_test "Large packet TLS 1.2 AEAD" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 AEAD shorter tag" \ @@ -3494,6 +3509,7 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" # Tests for DTLS HelloVerifyRequest From 2b187c4d5f02e7ff76015c6d1fc9e9c874ee9353 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 14:58:11 +0100 Subject: [PATCH 0237/1059] Correct typo --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065b..228f97def3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7100,7 +7100,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, * * With non-blocking I/O, ssl_write_real() may return WANT_WRITE, * then the caller will call us again with the same arguments, so - * remember wether we already did the split or not. + * remember whether we already did the split or not. */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) static int ssl_write_split( mbedtls_ssl_context *ssl, From 0b7b83fd91dfa45c446b41f0dfa3b897b5bc4e16 Mon Sep 17 00:00:00 2001 From: Florin Date: Sat, 22 Jul 2017 09:01:44 +0200 Subject: [PATCH 0238/1059] Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes Signed-off-by: Florin --- library/ssl_tls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 228f97def3..b6e0eaa825 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7054,7 +7054,9 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, int ret; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) size_t max_len = mbedtls_ssl_get_max_frag_len( ssl ); - +#else + size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ if( len > max_len ) { #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -7069,7 +7071,6 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, #endif len = max_len; } -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ if( ssl->out_left != 0 ) { From 930025da6da15d9989a31a93d47c7e84181e370c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 16:07:19 +0100 Subject: [PATCH 0239/1059] Adapt ChangeLog --- ChangeLog | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..1154075e04 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,17 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fix a potential heap buffer overflow in mbedtls_ssl_write. When the (by + default enabled) maximum fragment length extension is disabled in the + config and the application data buffer passed to mbedtls_ssl_write + is larger than the internal message buffer (16384 bytes by default), the + latter overflows. The exploitability of this issue depends on whether the + application layer can be forced into sending such large packets. The issue + was independently reported by Tim Nordell via e-mail and by Florin Petriuc + and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From 4b151fabb7b65a774f5fb5cbcb061314e54564c9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 20 Sep 2017 13:46:37 +0100 Subject: [PATCH 0240/1059] DHM: Add negative tests for parameter checking A bug in the dhm_check_range() function makes it pass even when the parameters are not in the range. This commit adds tests for signalling this problem as well as a couple of other negative tests. --- tests/suites/test_suite_dhm.data | 18 +++++++++++++++--- tests/suites/test_suite_dhm.function | 7 +++++-- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data index f2cdeffa50..e351ebdd41 100644 --- a/tests/suites/test_suite_dhm.data +++ b/tests/suites/test_suite_dhm.data @@ -1,11 +1,23 @@ Diffie-Hellman full exchange #1 -dhm_do_dhm:10:"23":10:"5" +dhm_do_dhm:10:"23":10:"5":0 Diffie-Hellman full exchange #2 -dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622" +dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622":0 Diffie-Hellman full exchange #3 -dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271" +dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271":0 + +Diffie-Hellman trivial subgroup #1 +dhm_do_dhm:10:"23":10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA + +Diffie-Hellman trivial subgroup #2 +dhm_do_dhm:10:"23":10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA + +Diffie-Hellman small modulus +dhm_do_dhm:10:"3":10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + +Diffie-Hellman zero modulus +dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA Diffie-Hallman load parameters from file dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128 diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index b9b8e1956b..4fd8fff237 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -9,7 +9,7 @@ /* BEGIN_CASE */ void dhm_do_dhm( int radix_P, char *input_P, - int radix_G, char *input_G ) + int radix_G, char *input_G, int result ) { mbedtls_dhm_context ctx_srv; mbedtls_dhm_context ctx_cli; @@ -44,7 +44,10 @@ void dhm_do_dhm( int radix_P, char *input_P, /* * First key exchange */ - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == result ); + if ( result != 0 ) + goto exit; + ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); From aa325d7b7f5656edfb2b61cbab2189fd01818975 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 20 Sep 2017 15:33:24 +0100 Subject: [PATCH 0241/1059] DHM: Fix dhm_check_range() always returning 0 Although the variable ret was initialised to an error, the MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being 0 whenewer the bignum computation was successfull and stayed 0 independently of the actual check. --- ChangeLog | 6 +++++- library/dhm.c | 11 +++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e199682eab..ce0e831734 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fix dhm_check_range() failing to detect trivial subgroups and essentially + always returning 0. Reported by prashantkspatil. Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records diff --git a/library/dhm.c b/library/dhm.c index bec52a11df..620610dabd 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -93,6 +93,9 @@ static int dhm_read_bignum( mbedtls_mpi *X, * * Parameter should be: 2 <= public_param <= P - 2 * + * This means that we need to return an error if + * public_param < 2 or public param > P-2 + * * For more information on the attack, see: * http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643 @@ -100,17 +103,17 @@ static int dhm_read_bignum( mbedtls_mpi *X, static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P ) { mbedtls_mpi L, U; - int ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA; + int ret = 0; mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) ); - if( mbedtls_mpi_cmp_mpi( param, &L ) >= 0 && - mbedtls_mpi_cmp_mpi( param, &U ) <= 0 ) + if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 || + mbedtls_mpi_cmp_mpi( param, &U ) > 0 ) { - ret = 0; + ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA; } cleanup: From b174c84a3b5aa3353e02a565a9cfe36cc6795384 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 20 Sep 2017 16:26:04 +0100 Subject: [PATCH 0242/1059] Refine dhm_check_range() fix Changelog entry --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ce0e831734..3da4a84d76 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix dhm_check_range() failing to detect trivial subgroups and essentially - always returning 0. Reported by prashantkspatil. + * Fix dhm_check_range() failing to detect trivial subgroups and potentially + leaking 1 bit of the private key. Reported by prashantkspatil. Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records From 1ad1c6d4e18b32118863a63a42f4a6d70084e6ca Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 21 Sep 2017 09:02:11 +0100 Subject: [PATCH 0243/1059] Fix typo --- library/dhm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/dhm.c b/library/dhm.c index 620610dabd..71b4f85d73 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -94,7 +94,7 @@ static int dhm_read_bignum( mbedtls_mpi *X, * Parameter should be: 2 <= public_param <= P - 2 * * This means that we need to return an error if - * public_param < 2 or public param > P-2 + * public_param < 2 or public_param > P-2 * * For more information on the attack, see: * http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf From e1b1d0af8ea5049e062f83e0411a5f22e35a81f1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 15:35:16 +0100 Subject: [PATCH 0244/1059] Fix senseless comment --- programs/x509/cert_write.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 6504dcd625..bc38be280d 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -170,8 +170,8 @@ struct options int selfsign; /* selfsign the certificate */ int is_ca; /* is a CA certificate */ int max_pathlen; /* maximum CA path length */ - int authority_identifier; /* add authority identifier id to CRT */ - int subject_identifier; /* add subject identifier id to CRT */ + int authority_identifier; /* add authority identifier to CRT */ + int subject_identifier; /* add subject identifier to CRT */ int basic_constraints; /* add basic constraints ext to CRT */ int version; /* CRT version */ mbedtls_md_type_t md; /* Hash used for signing */ From 38eff437910eb3a46912478f4993d50870222b19 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 15:38:20 +0100 Subject: [PATCH 0245/1059] Use X509 CRT version macros in cert_write program --- programs/x509/cert_write.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index bc38be280d..59afb61e62 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -269,7 +269,7 @@ int main( int argc, char *argv[] ) opt.max_pathlen = DFL_MAX_PATHLEN; opt.key_usage = DFL_KEY_USAGE; opt.ns_cert_type = DFL_NS_CERT_TYPE; - opt.version = DFL_VERSION; + opt.version = DFL_VERSION - 1; opt.md = DFL_DIGEST; opt.subject_identifier = DFL_SUBJ_IDENT; opt.authority_identifier = DFL_AUTH_IDENT; @@ -362,6 +362,7 @@ int main( int argc, char *argv[] ) opt.version = atoi( q ); if( opt.version < 1 || opt.version > 3 ) goto usage; + opt.version--; } else if( strcmp( p, "selfsign" ) == 0 ) { @@ -628,7 +629,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting certificate values ..." ); fflush( stdout ); - mbedtls_x509write_crt_set_version( &crt, opt.version - 1 ); + mbedtls_x509write_crt_set_version( &crt, opt.version ); mbedtls_x509write_crt_set_md_alg( &crt, opt.md ); ret = mbedtls_x509write_crt_set_serial( &crt, &serial ); @@ -651,7 +652,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); - if( opt.version == 3 && opt.basic_constraints ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.basic_constraints != 0 ) { mbedtls_printf( " . Adding the Basic Constraints extension ..." ); fflush( stdout ); @@ -670,7 +672,8 @@ int main( int argc, char *argv[] ) } #if defined(MBEDTLS_SHA1_C) - if( opt.version == 3 && opt.subject_identifier ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.subject_identifier != 0 ) { mbedtls_printf( " . Adding the Subject Key Identifier ..." ); fflush( stdout ); @@ -688,7 +691,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); } - if( opt.version == 3 && opt.authority_identifier ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.authority_identifier != 0 ) { mbedtls_printf( " . Adding the Authority Key Identifier ..." ); fflush( stdout ); @@ -707,7 +711,8 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SHA1_C */ - if( opt.version == 3 && opt.key_usage ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.key_usage != 0 ) { mbedtls_printf( " . Adding the Key Usage extension ..." ); fflush( stdout ); @@ -724,7 +729,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); } - if( opt.version == 3 && opt.ns_cert_type ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.ns_cert_type != 0 ) { mbedtls_printf( " . Adding the NS Cert Type extension ..." ); fflush( stdout ); From 7f3652ddf1d9598236c5551ec4e74a1c926a8eac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 15:39:02 +0100 Subject: [PATCH 0246/1059] Fix error code printing in cert_write Error codes can consume up to two bytes, but only one was printed so far. --- programs/x509/cert_write.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 59afb61e62..d04739389e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -470,7 +470,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_string " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -490,7 +490,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -500,7 +500,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -524,7 +524,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -534,7 +534,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -559,7 +559,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -614,7 +614,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -622,7 +622,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -637,7 +637,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -646,7 +646,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -664,7 +664,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -683,7 +683,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject" - "_key_identifier returned -0x%02x - %s\n\n", + "_key_identifier returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -702,7 +702,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_" - "key_identifier returned -0x%02x - %s\n\n", + "key_identifier returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -722,7 +722,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -740,7 +740,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -757,7 +757,7 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! write_certificate -0x%02x - %s\n\n", + mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n", -ret, buf ); goto exit; } From a20e33ad59193567c4bdedf2b483adcc597d9517 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 15:40:01 +0100 Subject: [PATCH 0247/1059] Use X509 CRT version macros for version checks in x509write_crt_der --- library/x509write_crt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 0611cc8472..e8d5cbdbfd 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -334,7 +334,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, */ /* Only for v3 */ - if( ctx->version == 2 ) + if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 ) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); @@ -397,7 +397,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, */ /* Can be omitted for v1 */ - if( ctx->version > 0 ) + if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 ) { sub_len = 0; MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); From d8a6f7cfbe2b506e5c571022bbe620b7a30f6796 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 16:05:43 +0100 Subject: [PATCH 0248/1059] Clarify code-paths in x509write_csr and x509write_crt --- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e8d5cbdbfd..0af23d7fac 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -321,7 +321,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) ) pk_alg = MBEDTLS_PK_ECDSA; else - pk_alg = MBEDTLS_PK_NONE; + return( MBEDTLS_ERR_X509_INVALID_ALG ); if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index da40eb5c17..e80053828f 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -205,7 +205,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) ) pk_alg = MBEDTLS_PK_ECDSA; else - pk_alg = MBEDTLS_PK_NONE; + return( MBEDTLS_ERR_X509_INVALID_ALG ); if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) From 6428f8d78e620c9c4853dd64b14d75b9ce941972 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 16:58:50 +0100 Subject: [PATCH 0249/1059] Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384 Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its default value of 16384 to succeed. While ideally such a dependency should not exist, as a short-term remedy this commit adds a small check that will at least lead to graceful exit if that assumption is violated. --- tests/ssl-opt.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 50b7d1536f..4865043b28 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1292,6 +1292,21 @@ run_test "Session resume using cache: openssl server" \ # Tests for Max Fragment Length extension +MAX_CONTENT_LEN_EXPECT='16384' +MAX_CONTENT_LEN_CONFIG=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN) + +if [ -n "$MAX_CONTENT_LEN_CONFIG" ] && [ "$MAX_CONTENT_LEN_CONFIG" -ne "$MAX_CONTENT_LEN_EXPECT" ]; then + printf "The ${CONFIG_H} file contains a value for the configuration of\n" + printf "MBEDTLS_SSL_MAX_CONTENT_LEN that is different from the script’s\n" + printf "test value of ${MAX_CONTENT_LEN_EXPECT}. \n" + printf "\n" + printf "The tests assume this value and if it changes, the tests in this\n" + printf "script should also be adjusted.\n" + printf "\n" + + exit 1 +fi + requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ From 152633093112a78ffbb8158eec4d8944c0d7dc25 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 21 Sep 2017 12:53:48 +0100 Subject: [PATCH 0250/1059] Allow alternate implementation of GCM Provide the ability to use an alternative implementation of GCM in place of the library-provided implementation. --- ChangeLog | 6 ++++++ include/mbedtls/config.h | 1 + include/mbedtls/gcm.h | 15 +++++++++++++++ library/gcm.c | 4 ++++ library/version_features.c | 3 +++ 5 files changed, 29 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..d3833085b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Features + * Add support for alternative implementations of GCM, selected by the + configuration flag MBEDTLS_GCM_ALT in config.h + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c7196402..94bf0d1209 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -267,6 +267,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_GCM_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 1b77aaedd4..8f3b565757 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -33,6 +33,8 @@ #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ +#if !defined(MBEDTLS_GCM_ALT) + #ifdef __cplusplus extern "C" { #endif @@ -206,6 +208,18 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); +#ifdef __cplusplus +} +#endif + +#else /* !MBEDTLS_GCM_ALT */ +#include "gcm_alt.h" +#endif /* !MBEDTLS_GCM_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Checkup routine * @@ -217,4 +231,5 @@ int mbedtls_gcm_self_test( int verbose ); } #endif + #endif /* gcm.h */ diff --git a/library/gcm.c b/library/gcm.c index fccb092bdd..2b49fa66c7 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -54,6 +54,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#if !defined(MBEDTLS_GCM_ALT) + /* * 32-bit integer manipulation macros (big endian) */ @@ -508,6 +510,8 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); } +#endif /* !MBEDTLS_GCM_ALT */ + #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /* * AES-GCM test vectors from: diff --git a/library/version_features.c b/library/version_features.c index 5cbe8aca37..50afe1e244 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -99,6 +99,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_GCM_ALT) + "MBEDTLS_GCM_ALT", +#endif /* MBEDTLS_GCM_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ From 2981a0a7402ea331b6eb74599de64d0c825c9e73 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 24 Sep 2017 15:41:09 +0300 Subject: [PATCH 0251/1059] Address Andres PR comments Address Andres' comments in the PR --- ChangeLog | 5 +++-- library/ecdsa.c | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e9be97bd43..94eba42089 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,8 +38,9 @@ Changes by Jean-Philippe Aumasson. * Add support for alternative implementation for ECDSA, controlled by new configuration flag MBEDTLS_ECDSA_ALT in config.h. - Alternative Ecdsa is supported for implementation of `mbedtls_ecdsa_sign` - and `mbedtls_ecdsa_verify`. + The following functions from the ECDSA module can be replaced + with an alternative implementation: + mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey(). = mbed TLS 2.5.0 branch released 2017-05-17 diff --git a/library/ecdsa.c b/library/ecdsa.c index 8804ca62f7..804884bcaf 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -37,9 +37,11 @@ #include "mbedtls/asn1write.h" #include + #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #include "mbedtls/hmac_drbg.h" #endif + /* * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 @@ -314,6 +316,7 @@ static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, return( 0 ); } + /* * Compute and write signature */ From 8b766218a845551f7006a6982750eb3723915633 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 24 Sep 2017 15:44:56 +0300 Subject: [PATCH 0252/1059] Update ChangeLog Update ChangeLog according to Andres seggestion --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a2a2a366b7..23698c2339 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,8 +38,9 @@ Changes by Jean-Philippe Aumasson. * Add support for alternative implementation for ECDH, controlled by new configuration flag MBEDTLS_ECDH_ALT in config.h. - Alternative Ecdh is supported for implementation of `mbedtls_ecdh_gen_public` - and `mbedtls_ecdh_compute_shared`. + The following functions from the ECDH module can be replaced + with an alternative implementation: + mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). = mbed TLS 2.5.0 branch released 2017-05-17 From 2f73c9342fd9d31728c0bf4fb34266fdcc489a88 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 26 Sep 2017 15:06:56 +0300 Subject: [PATCH 0253/1059] Fix Changelog notation Remove backticks, since ChangeLog is not in MarkDown --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f8dcae521c..4eb52fb8fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use `_TRUNCATE` - only if `__MINGW32__` not defined. Fix suggested by Thomas Glanzmann and + * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE + only if __MINGW32__ not defined. Fix suggested by Thomas Glanzmann and Nick Wilson on issue #355 = mbed TLS 2.6.0 branch released 2017-08-10 From cc5662811729486ba5f063e97e312f664bb7377c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 26 Sep 2017 16:21:19 +0100 Subject: [PATCH 0254/1059] Don't use all_final as a target in tests/data_files/Makefile The `neat` target in that Makefile assumes all_final to be a concatenation of file names. --- tests/data_files/Makefile | 57 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 630173fe54..3405c7f38c 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -22,7 +22,7 @@ OPENSSL ?= openssl default: all_final all_intermediate := # temporary files -all_final := # files or targets used by tests +all_final := # files used by tests @@ -78,10 +78,13 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### all other encrypted RSA keys are derived. keyfile_1024: $(OPENSSL) genrsa -out $@ 1024 +all_final += keyfile_1024 keyfile_2048: $(OPENSSL) genrsa -out $@ 2048 +all_final += keyfile_2048 keyfile_4096: $(OPENSSL) genrsa -out $@ 4096 +all_final += keyfile_4096 ### ### PKCS1-encoded, encrypted RSA keys @@ -90,40 +93,55 @@ keyfile_4096: ### 1024-bit keyfile_1024.des: keyfile_1024 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.des keyfile_1024.3des: keyfile_1024 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.3des keyfile_1024.aes128: keyfile_1024 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.aes128 keyfile_1024.aes192: keyfile_1024 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.aes192 keyfile_1024.aes256: keyfile_1024 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.aes256 keys_rsa_enc_basic_1024: keyfile_1024.des keyfile_1024.3des keyfile_1024.aes128 keyfile_1024.aes192 keyfile_1024.aes256 # 2048-bit keyfile_2048.des: keyfile_2048 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.des keyfile_2048.3des: keyfile_2048 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.3des keyfile_2048.aes128: keyfile_2048 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.aes128 keyfile_2048.aes192: keyfile_2048 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.aes192 keyfile_2048.aes256: keyfile_2048 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.aes256 keys_rsa_enc_basic_2048: keyfile_2048.des keyfile_2048.3des keyfile_2048.aes128 keyfile_2048.aes192 keyfile_2048.aes256 # 4096-bit keyfile_4096.des: keyfile_4096 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.des keyfile_4096.3des: keyfile_4096 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.3des keyfile_4096.aes128: keyfile_4096 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.aes128 keyfile_4096.aes192: keyfile_4096 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.aes192 keyfile_4096.aes256: keyfile_4096 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.aes256 keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 keyfile_4096.aes192 keyfile_4096.aes256 ### @@ -133,20 +151,26 @@ keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 ### 1024-bit pkcs8_pbe_sha1_3des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_1024.der pkcs8_pbe_sha1_3des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_1024.key keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des_1024.key pkcs8_pbe_sha1_3des_1024.der pkcs8_pbe_sha1_2des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_1024.der pkcs8_pbe_sha1_2des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_1024.key keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des_1024.key pkcs8_pbe_sha1_2des_1024.der pkcs8_pbe_sha1_rc4_128_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_1024.der pkcs8_pbe_sha1_rc4_128_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_1024.key keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128_1024.key pkcs8_pbe_sha1_rc4_128_1024.der keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 @@ -154,20 +178,26 @@ keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v ### 2048-bit pkcs8_pbe_sha1_3des_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_2048.der pkcs8_pbe_sha1_3des_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_2048.key keys_rsa_enc_pkcs8_v1_2048_3des: pkcs8_pbe_sha1_3des_2048.key pkcs8_pbe_sha1_3des_2048.der pkcs8_pbe_sha1_2des_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_2048.der pkcs8_pbe_sha1_2des_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_2048.key keys_rsa_enc_pkcs8_v1_2048_2des: pkcs8_pbe_sha1_2des_2048.key pkcs8_pbe_sha1_2des_2048.der pkcs8_pbe_sha1_rc4_128_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_2048.der pkcs8_pbe_sha1_rc4_128_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_2048.key keys_rsa_enc_pkcs8_v1_2048_rc4_128: pkcs8_pbe_sha1_rc4_128_2048.key pkcs8_pbe_sha1_rc4_128_2048.der keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 @@ -175,20 +205,26 @@ keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v ### 4096-bit pkcs8_pbe_sha1_3des_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_4096.der pkcs8_pbe_sha1_3des_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_4096.key keys_rsa_enc_pkcs8_v1_4096_3des: pkcs8_pbe_sha1_3des_4096.key pkcs8_pbe_sha1_3des_4096.der pkcs8_pbe_sha1_2des_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_4096.der pkcs8_pbe_sha1_2des_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_4096.key keys_rsa_enc_pkcs8_v1_4096_2des: pkcs8_pbe_sha1_2des_4096.key pkcs8_pbe_sha1_2des_4096.der pkcs8_pbe_sha1_rc4_128_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_4096.der pkcs8_pbe_sha1_rc4_128_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_4096.key keys_rsa_enc_pkcs8_v1_4096_rc4_128: pkcs8_pbe_sha1_rc4_128_4096.key pkcs8_pbe_sha1_rc4_128_4096.der keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 @@ -200,14 +236,18 @@ keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v ### 1024-bit pkcs8_pbes2_pbkdf2_3des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_1024.der pkcs8_pbes2_pbkdf2_3des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_1024.key keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des_1024.der pkcs8_pbes2_pbkdf2_3des_1024.key pkcs8_pbes2_pbkdf2_des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_1024.der pkcs8_pbes2_pbkdf2_des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_1024.key keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des_1024.der pkcs8_pbes2_pbkdf2_des_1024.key keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des @@ -215,14 +255,18 @@ keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v ### 2048-bit pkcs8_pbes2_pbkdf2_3des_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_2048.der pkcs8_pbes2_pbkdf2_3des_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_2048.key keys_rsa_enc_pkcs8_v2_2048_3des: pkcs8_pbes2_pbkdf2_3des_2048.der pkcs8_pbes2_pbkdf2_3des_2048.key pkcs8_pbes2_pbkdf2_des_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_2048.der pkcs8_pbes2_pbkdf2_des_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_2048.key keys_rsa_enc_pkcs8_v2_2048_des: pkcs8_pbes2_pbkdf2_des_2048.der pkcs8_pbes2_pbkdf2_des_2048.key keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des @@ -230,14 +274,18 @@ keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v ### 4096-bit pkcs8_pbes2_pbkdf2_3des_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_4096.der pkcs8_pbes2_pbkdf2_3des_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_4096.key keys_rsa_enc_pkcs8_v2_4096_3des: pkcs8_pbes2_pbkdf2_3des_4096.der pkcs8_pbes2_pbkdf2_3des_4096.key pkcs8_pbes2_pbkdf2_des_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_4096.der pkcs8_pbes2_pbkdf2_des_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_4096.key keys_rsa_enc_pkcs8_v2_4096_des: pkcs8_pbes2_pbkdf2_des_4096.der pkcs8_pbes2_pbkdf2_des_4096.key keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des @@ -261,8 +309,6 @@ keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 key ### Generate all RSA keys keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 -all_final += keys_rsa_all - ################################################################ #### Meta targets ################################################################ @@ -270,7 +316,10 @@ all_final += keys_rsa_all all_final: $(all_final) all: $(all_intermediate) $(all_final) -.PHONY: default all_final all keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 keys_rsa_all keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 +.PHONY: default all_final all keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 keys_rsa_all \ + keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 keys_rsa_enc_pkcs8_v1_1024 \ + keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_1024 \ + keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 # These files should not be committed to the repository. list_intermediate: From 0e6dc84f3ec1e67a93dc3221ccd605da79589da4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 11:48:02 +0100 Subject: [PATCH 0255/1059] Deprecate Diffie-Hellman groups from RFC 5114 Also, change the way the standardized Diffie-Hellman groups are provided from macro-based string-literals to global variables. --- include/mbedtls/dhm.h | 127 +++++++++++++++--------------------------- library/dhm.c | 97 ++++++++++++++++++++++++++++++++ 2 files changed, 142 insertions(+), 82 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index d7ab1522ec..f3ee14f650 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -38,6 +38,14 @@ #define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */ +#if ! defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +#endif + /** * RFC 3526 defines a number of standardized Diffie-Hellman groups * for IKE. @@ -51,93 +59,48 @@ * RFC 3526 4. 3072-bit MODP Group * RFC 3526 5. 4096-bit MODP Group * RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup + * The constants with suffix "_p" denote the chosen prime moduli, while + * the constants with suffix "_g" denote the chosen generator + * of the associated prime field. + * + * All constants are represented as null-terminated strings containing the + * hexadecimal presentation of the respective numbers. + * + * \warning The origin of the primes in RFC 5114 is not documented and + * their use therefore constitutes a security risk! + * + * \deprecated The primes from RFC 5114 are superseded by the primes + * from RFC 3526 and RFC 7919 and should no longer be used. + * They will be removed in the next major revision. */ -#define MBEDTLS_DHM_RFC3526_MODP_2048_P \ - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ - "15728E5A8AACAA68FFFFFFFFFFFFFFFF" -#define MBEDTLS_DHM_RFC3526_MODP_2048_G "02" +const char *mbedtls_dhm_rfc3526_modp_2048_p; +const char *mbedtls_dhm_rfc3526_modp_2048_g; +const char *mbedtls_dhm_rfc3526_modp_3072_p; +const char *mbedtls_dhm_rfc3526_modp_3072_g; +const char *mbedtls_dhm_rfc3526_modp_4096_p; +const char *mbedtls_dhm_rfc3526_modp_4096_g; -#define MBEDTLS_DHM_RFC3526_MODP_3072_P \ - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \ - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \ - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \ - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \ - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ - "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" -#define MBEDTLS_DHM_RFC3526_MODP_3072_G "02" +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +MBEDTLS_DEPRECATED const char *mbedtls_dhm_rfc5114_modp_2048_p; +MBEDTLS_DEPRECATED const char *mbedtls_dhm_rfc5114_modp_2048_g; +#endif -#define MBEDTLS_DHM_RFC3526_MODP_4096_P \ - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \ - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \ - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \ - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \ - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ - "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \ - "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \ - "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \ - "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \ - "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \ - "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \ - "FFFFFFFFFFFFFFFF" - -#define MBEDTLS_DHM_RFC3526_MODP_4096_G "02" - -#define MBEDTLS_DHM_RFC5114_MODP_2048_P \ - "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \ - "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \ - "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \ - "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \ - "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \ - "B3BF8A317091883681286130BC8985DB1602E714415D9330" \ - "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \ - "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \ - "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \ - "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \ - "CF9DE5384E71B81C0AC4DFFE0C10E64F" - -#define MBEDTLS_DHM_RFC5114_MODP_2048_G \ - "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\ - "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\ - "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\ - "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\ - "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\ - "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\ - "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\ - "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\ - "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\ - "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\ - "81BC087F2A7065B384B890D3191F2BFA" +/** + * \deprecated These macros are superseded by direct access to the corresponding + * global variables and will be removed in the next major revision. + */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_DHM_RFC5114_MODP_2048_P mbedtls_dhm_rfc5114_modp_2048_p +#define MBEDTLS_DHM_RFC5114_MODP_2048_G mbedtls_dhm_rfc5114_modp_2048_g +#define MBEDTLS_DHM_RFC3526_MODP_2048_P mbedtls_dhm_rfc3526_modp_2048_p +#define MBEDTLS_DHM_RFC3526_MODP_2048_G mbedtls_dhm_rfc3526_modp_2048_g +#define MBEDTLS_DHM_RFC3526_MODP_3072_P mbedtls_dhm_rfc3526_modp_3072_p +#define MBEDTLS_DHM_RFC3526_MODP_3072_G mbedtls_dhm_rfc3526_modp_3072_g +#define MBEDTLS_DHM_RFC3526_MODP_4096_P mbedtls_dhm_rfc3526_modp_4096_p +#define MBEDTLS_DHM_RFC3526_MODP_4096_G mbedtls_dhm_rfc3526_modp_4096_g +#endif #ifdef __cplusplus extern "C" { diff --git a/library/dhm.c b/library/dhm.c index bec52a11df..9da33c901b 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -57,6 +57,103 @@ #define mbedtls_free free #endif +/* + * Diffie-Hellman groups from RFC 5114 + * + * \warning The origin of the primes in RFC 5114 is not documented and + * their use therefore constitutes a security risk! + * + * \deprecated The primes from RFC 5114 are superseded by the primes + * from RFC 3526 and RFC 7919 and should no longer be used. + * They will be removed in the next major version. + */ + +const char * mbedtls_dhm_rfc5114_modp_2048_p = + "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" + "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" + "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" + "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" + "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" + "B3BF8A317091883681286130BC8985DB1602E714415D9330" + "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" + "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" + "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" + "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" + "CF9DE5384E71B81C0AC4DFFE0C10E64F"; +const char * mbedtls_dhm_rfc5114_modp_2048_g = + "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" + "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" + "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" + "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" + "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" + "F180EB34118E98D119529A45D6F834566E3025E316A330EF" + "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" + "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" + "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" + "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" + "81BC087F2A7065B384B890D3191F2BFA"; + +/* + * Diffie-Hellman groups from RFC 3526 + */ + +const char * mbedtls_dhm_rfc3526_modp_2048_p = + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AACAA68FFFFFFFFFFFFFFFF"; +const char * mbedtls_dhm_rfc3526_modp_2048_g = "02"; + +const char * mbedtls_dhm_rfc3526_modp_3072_p = + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" + "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"; +const char * mbedtls_dhm_rfc3526_modp_3072_g = "02"; + +const char * mbedtls_dhm_rfc3526_modp_4096_p = + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" + "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" + "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" + "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" + "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" + "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" + "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" + "FFFFFFFFFFFFFFFF"; +const char * mbedtls_dhm_rfc3526_modp_4096_g = "02"; /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; From b2bad800e4df444eacd8230d56cc6fb0f32eea82 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 11:49:31 +0100 Subject: [PATCH 0256/1059] Introduce Diffie-Hellman parameters from RFC 7919 --- include/mbedtls/dhm.h | 29 +++++++-- library/dhm.c | 146 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 168 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index f3ee14f650..c26b5a2d6b 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -47,18 +47,23 @@ #endif /** - * RFC 3526 defines a number of standardized Diffie-Hellman groups - * for IKE. - * RFC 5114 defines a number of standardized Diffie-Hellman groups - * that can be used. - * - * Some are included here for convenience. + * RFC 3526, RFC 5114 and RFC 7919 standardize a number of + * Diffie-Hellman groups, some of which are included here + * for use within the SSL/TLS module and the user's convenience + * when configuring the Diffie-Hellman parameters by hand + * through \c mbedtls_ssl_conf_dh_param. * * Included are: + * RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup * RFC 3526 3. 2048-bit MODP Group * RFC 3526 4. 3072-bit MODP Group * RFC 3526 5. 4096-bit MODP Group - * RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup + * RFC 7919 A.1 ffdhe2048 + * RFC 7919 A.2 ffdhe3072 + * RFC 7919 A.3 ffdhe4096 + * RFC 7919 A.4 ffdhe6144 + * RFC 7919 A.5 ffdhe8192 + * * The constants with suffix "_p" denote the chosen prime moduli, while * the constants with suffix "_g" denote the chosen generator * of the associated prime field. @@ -81,6 +86,16 @@ const char *mbedtls_dhm_rfc3526_modp_3072_g; const char *mbedtls_dhm_rfc3526_modp_4096_p; const char *mbedtls_dhm_rfc3526_modp_4096_g; +const char *mbedtls_dhm_rfc7919_ffdhe2048_p; +const char *mbedtls_dhm_rfc7919_ffdhe2048_g; +const char *mbedtls_dhm_rfc7919_ffdhe3072_p; +const char *mbedtls_dhm_rfc7919_ffdhe3072_g; +const char *mbedtls_dhm_rfc7919_ffdhe4096_p; +const char *mbedtls_dhm_rfc7919_ffdhe4096_g; +const char *mbedtls_dhm_rfc7919_ffdhe6144_p; +const char *mbedtls_dhm_rfc7919_ffdhe6144_g; +const char *mbedtls_dhm_rfc7919_ffdhe8192_p; +const char *mbedtls_dhm_rfc7919_ffdhe8192_g; #if !defined(MBEDTLS_DEPRECATED_REMOVED) MBEDTLS_DEPRECATED const char *mbedtls_dhm_rfc5114_modp_2048_p; diff --git a/library/dhm.c b/library/dhm.c index 9da33c901b..e98148dcdd 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -154,6 +154,152 @@ const char * mbedtls_dhm_rfc3526_modp_4096_p = "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF"; const char * mbedtls_dhm_rfc3526_modp_4096_g = "02"; + +/* + * Diffie-Hellman groups from RFC 7919 + */ + +const char * mbedtls_dhm_rfc7919_ffdhe2048_p = + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B423861285C97FFFFFFFFFFFFFFFF"; +const char * mbedtls_dhm_rfc7919_ffdhe2048_g = "02"; + +const char * mbedtls_dhm_rfc7919_ffdhe3072_p = + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" + "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF"; +const char * mbedtls_dhm_rfc7919_ffdhe3072_g = "02"; + +const char * mbedtls_dhm_rfc7919_ffdhe4096_p = + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + "A907600A918130C46DC778F971AD0038092999A333CB8B7A" + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A" + "FFFFFFFFFFFFFFFF"; +const char * mbedtls_dhm_rfc7919_ffdhe4096_g = "02"; + +const char * mbedtls_dhm_rfc7919_ffdhe6144_p = + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + "A907600A918130C46DC778F971AD0038092999A333CB8B7A" + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" + "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" + "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" + "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" + "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" + "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" + "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" + "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" + "D72B03746AE77F5E62292C311562A846505DC82DB854338A" + "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" + "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" + "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF"; +const char * mbedtls_dhm_rfc7919_ffdhe6144_g = "02"; + +const char * mbedtls_dhm_rfc7919_ffdhe8192_p = + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + "A907600A918130C46DC778F971AD0038092999A333CB8B7A" + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" + "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" + "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" + "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" + "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" + "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" + "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" + "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" + "D72B03746AE77F5E62292C311562A846505DC82DB854338A" + "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" + "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" + "A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C838" + "1E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E" + "0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665" + "CB2C0F1CC01BD70229388839D2AF05E454504AC78B758282" + "2846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022" + "BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C" + "51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9" + "D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA457" + "1EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30" + "FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D" + "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C" + "D68C8BB7C5C6424CFFFFFFFF" + "FFFFFFFF"; +const char * mbedtls_dhm_rfc7919_ffdhe8192_g = "02"; + + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; From 8c8b0ab8779255ee98e22d885f286b1b890830f0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 11:49:49 +0100 Subject: [PATCH 0257/1059] Change default Diffie-Hellman parameters from RFC 5114 to RFC 7919 The origin of the primes in RFC 5114 is undocumented and their use therefore constitutes a security risk. --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b388156dfc..1ef50c244e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7538,8 +7538,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, if( endpoint == MBEDTLS_SSL_IS_SERVER ) { if( ( ret = mbedtls_ssl_conf_dh_param( conf, - MBEDTLS_DHM_RFC5114_MODP_2048_P, - MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 ) + mbedtls_dhm_rfc7919_ffdhe2048_p, + mbedtls_dhm_rfc7919_ffdhe2048_g ) ) != 0 ) { return( ret ); } From b1d4d1fa6e59fa8207466cd26203012b5f5b6ff7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 12:42:59 +0100 Subject: [PATCH 0258/1059] Add description of how the primes from RFC 3526/7919 were generated --- include/mbedtls/dhm.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index c26b5a2d6b..57c8acb6c1 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -77,6 +77,22 @@ * \deprecated The primes from RFC 5114 are superseded by the primes * from RFC 3526 and RFC 7919 and should no longer be used. * They will be removed in the next major revision. + * + * The primes from RFC 3526 and RFC 7919 have been generating by the following + * trust-worthy procedure: + * - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number + * the first and last 64 bits are all 1, and the remaining N - 128 bits of + * which are 0x7ff...ff. + * - Add the smallest multiple of the first N - 129 bits of the binary expansion + * of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string + * such that the resulting integer is a safe-prime. + * - The result is the respective RFC 3526 / 7919 prime, and the corresponding + * generator is always chosen to be 2 (which is a square for these prime, + * hence the corresponding subgroup has order (p-1)/2 and avoids leaking a + * bit in the private exponent). + * + * The above description can be validated using the + * the program programs/util/rfc_3526_7919_verify. */ const char *mbedtls_dhm_rfc3526_modp_2048_p; From 4c72b000cb19e037622576b7f4de8957d70eced7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 16:06:22 +0100 Subject: [PATCH 0259/1059] Add const-qualifiers to prime constants --- include/mbedtls/dhm.h | 36 ++++++++++++++++++------------------ library/dhm.c | 36 ++++++++++++++++++------------------ 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 57c8acb6c1..a9185ec085 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -95,27 +95,27 @@ * the program programs/util/rfc_3526_7919_verify. */ -const char *mbedtls_dhm_rfc3526_modp_2048_p; -const char *mbedtls_dhm_rfc3526_modp_2048_g; -const char *mbedtls_dhm_rfc3526_modp_3072_p; -const char *mbedtls_dhm_rfc3526_modp_3072_g; -const char *mbedtls_dhm_rfc3526_modp_4096_p; -const char *mbedtls_dhm_rfc3526_modp_4096_g; +const char * const mbedtls_dhm_rfc3526_modp_2048_p; +const char * const mbedtls_dhm_rfc3526_modp_2048_g; +const char * const mbedtls_dhm_rfc3526_modp_3072_p; +const char * const mbedtls_dhm_rfc3526_modp_3072_g; +const char * const mbedtls_dhm_rfc3526_modp_4096_p; +const char * const mbedtls_dhm_rfc3526_modp_4096_g; -const char *mbedtls_dhm_rfc7919_ffdhe2048_p; -const char *mbedtls_dhm_rfc7919_ffdhe2048_g; -const char *mbedtls_dhm_rfc7919_ffdhe3072_p; -const char *mbedtls_dhm_rfc7919_ffdhe3072_g; -const char *mbedtls_dhm_rfc7919_ffdhe4096_p; -const char *mbedtls_dhm_rfc7919_ffdhe4096_g; -const char *mbedtls_dhm_rfc7919_ffdhe6144_p; -const char *mbedtls_dhm_rfc7919_ffdhe6144_g; -const char *mbedtls_dhm_rfc7919_ffdhe8192_p; -const char *mbedtls_dhm_rfc7919_ffdhe8192_g; +const char * const mbedtls_dhm_rfc7919_ffdhe2048_p; +const char * const mbedtls_dhm_rfc7919_ffdhe2048_g; +const char * const mbedtls_dhm_rfc7919_ffdhe3072_p; +const char * const mbedtls_dhm_rfc7919_ffdhe3072_g; +const char * const mbedtls_dhm_rfc7919_ffdhe4096_p; +const char * const mbedtls_dhm_rfc7919_ffdhe4096_g; +const char * const mbedtls_dhm_rfc7919_ffdhe6144_p; +const char * const mbedtls_dhm_rfc7919_ffdhe6144_g; +const char * const mbedtls_dhm_rfc7919_ffdhe8192_p; +const char * const mbedtls_dhm_rfc7919_ffdhe8192_g; #if !defined(MBEDTLS_DEPRECATED_REMOVED) -MBEDTLS_DEPRECATED const char *mbedtls_dhm_rfc5114_modp_2048_p; -MBEDTLS_DEPRECATED const char *mbedtls_dhm_rfc5114_modp_2048_g; +MBEDTLS_DEPRECATED const char * const mbedtls_dhm_rfc5114_modp_2048_p; +MBEDTLS_DEPRECATED const char * const mbedtls_dhm_rfc5114_modp_2048_g; #endif /** diff --git a/library/dhm.c b/library/dhm.c index e98148dcdd..dbfb6538ea 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -68,7 +68,7 @@ * They will be removed in the next major version. */ -const char * mbedtls_dhm_rfc5114_modp_2048_p = +const char * const mbedtls_dhm_rfc5114_modp_2048_p = "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" @@ -80,7 +80,7 @@ const char * mbedtls_dhm_rfc5114_modp_2048_p = "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" "CF9DE5384E71B81C0AC4DFFE0C10E64F"; -const char * mbedtls_dhm_rfc5114_modp_2048_g = +const char * const mbedtls_dhm_rfc5114_modp_2048_g = "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" @@ -97,7 +97,7 @@ const char * mbedtls_dhm_rfc5114_modp_2048_g = * Diffie-Hellman groups from RFC 3526 */ -const char * mbedtls_dhm_rfc3526_modp_2048_p = +const char * const mbedtls_dhm_rfc3526_modp_2048_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" @@ -109,9 +109,9 @@ const char * mbedtls_dhm_rfc3526_modp_2048_p = "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" "15728E5A8AACAA68FFFFFFFFFFFFFFFF"; -const char * mbedtls_dhm_rfc3526_modp_2048_g = "02"; +const char * const mbedtls_dhm_rfc3526_modp_2048_g = "02"; -const char * mbedtls_dhm_rfc3526_modp_3072_p = +const char * const mbedtls_dhm_rfc3526_modp_3072_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" @@ -128,9 +128,9 @@ const char * mbedtls_dhm_rfc3526_modp_3072_p = "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"; -const char * mbedtls_dhm_rfc3526_modp_3072_g = "02"; +const char * const mbedtls_dhm_rfc3526_modp_3072_g = "02"; -const char * mbedtls_dhm_rfc3526_modp_4096_p = +const char * const mbedtls_dhm_rfc3526_modp_4096_p = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" @@ -153,13 +153,13 @@ const char * mbedtls_dhm_rfc3526_modp_4096_p = "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF"; -const char * mbedtls_dhm_rfc3526_modp_4096_g = "02"; +const char * const mbedtls_dhm_rfc3526_modp_4096_g = "02"; /* * Diffie-Hellman groups from RFC 7919 */ -const char * mbedtls_dhm_rfc7919_ffdhe2048_p = +const char * const mbedtls_dhm_rfc7919_ffdhe2048_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" @@ -171,9 +171,9 @@ const char * mbedtls_dhm_rfc7919_ffdhe2048_p = "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" "886B423861285C97FFFFFFFFFFFFFFFF"; -const char * mbedtls_dhm_rfc7919_ffdhe2048_g = "02"; +const char * const mbedtls_dhm_rfc7919_ffdhe2048_g = "02"; -const char * mbedtls_dhm_rfc7919_ffdhe3072_p = +const char * const mbedtls_dhm_rfc7919_ffdhe3072_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" @@ -190,9 +190,9 @@ const char * mbedtls_dhm_rfc7919_ffdhe3072_p = "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF"; -const char * mbedtls_dhm_rfc7919_ffdhe3072_g = "02"; +const char * const mbedtls_dhm_rfc7919_ffdhe3072_g = "02"; -const char * mbedtls_dhm_rfc7919_ffdhe4096_p = +const char * const mbedtls_dhm_rfc7919_ffdhe4096_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" @@ -215,9 +215,9 @@ const char * mbedtls_dhm_rfc7919_ffdhe4096_p = "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A" "FFFFFFFFFFFFFFFF"; -const char * mbedtls_dhm_rfc7919_ffdhe4096_g = "02"; +const char * const mbedtls_dhm_rfc7919_ffdhe4096_g = "02"; -const char * mbedtls_dhm_rfc7919_ffdhe6144_p = +const char * const mbedtls_dhm_rfc7919_ffdhe6144_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" @@ -250,9 +250,9 @@ const char * mbedtls_dhm_rfc7919_ffdhe6144_p = "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF"; -const char * mbedtls_dhm_rfc7919_ffdhe6144_g = "02"; +const char * const mbedtls_dhm_rfc7919_ffdhe6144_g = "02"; -const char * mbedtls_dhm_rfc7919_ffdhe8192_p = +const char * const mbedtls_dhm_rfc7919_ffdhe8192_p = "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" @@ -297,7 +297,7 @@ const char * mbedtls_dhm_rfc7919_ffdhe8192_p = "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C" "D68C8BB7C5C6424CFFFFFFFF" "FFFFFFFF"; -const char * mbedtls_dhm_rfc7919_ffdhe8192_g = "02"; +const char * const mbedtls_dhm_rfc7919_ffdhe8192_g = "02"; /* Implementation that should never be optimized out by the compiler */ From 8d1dd1b5b9ffd1e615d1dea6524c8ea53a13216a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 11:02:24 +0100 Subject: [PATCH 0260/1059] Fix bug in mbedtls_mpi_exp_mod Calling `mbedtls_mpi_exp_mod` with a freshly initialized exponent MPI `N`, i.e. `N.p == NULL`, would lead to a null-pointer dereference. --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 8b9082cdcb..e9ac565052 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1614,7 +1614,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; int neg; - if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) + if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); if( mbedtls_mpi_cmp_int( E, 0 ) < 0 ) From 2c9f027e32f3fc83ccb3d24d132a77a711bd141b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 11:04:13 +0100 Subject: [PATCH 0261/1059] Don't require P,Q if CRT is not used Previously, verification used P,Q regardless of whether CRT was used in the computation, but this has changed in the meantime. --- library/rsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 88257aa578..11ba2019ab 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -448,15 +448,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, /* Sanity-check that all relevant fields are at least set, * but don't perform a full keycheck. */ if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } #if !defined(MBEDTLS_RSA_NO_CRT) - if( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || + if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 ) { From 13be9901147efcb4c8cf6e52e2caecdb8957f601 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 17:17:30 +0100 Subject: [PATCH 0262/1059] Correct expectation in DHM test in ssl-opt.sh The previous test expected a DHM group generator of size 2048 bits, while with the change to RFC 7919, the base is 2, so has bit-size 2. --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc63486..de20588852 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2903,7 +2903,7 @@ run_test "DHM parameters: reference" \ debug_level=3" \ 0 \ -c "value of 'DHM: P ' (2048 bits)" \ - -c "value of 'DHM: G ' (2048 bits)" + -c "value of 'DHM: G ' (2 bits)" run_test "DHM parameters: other parameters" \ "$P_SRV dhm_file=data_files/dhparams.pem" \ From e71ad12cd5d87d15d6862d603ffb34961992c99d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 10:32:25 +0100 Subject: [PATCH 0263/1059] Minor code-improvements in dhm.c --- library/dhm.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index dbfb6538ea..a29b02992e 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -430,10 +430,13 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, /* * export P, G, GX */ -#define DHM_MPI_EXPORT(X,n) \ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, p + 2, n ) ); \ - *p++ = (unsigned char)( n >> 8 ); \ - *p++ = (unsigned char)( n ); p += n; +#define DHM_MPI_EXPORT(X,n) \ + do { \ + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, p + 2, n ) ); \ + *p++ = (unsigned char)( n >> 8 ); \ + *p++ = (unsigned char)( n ); \ + p += n; \ + } while( 0 ) n1 = mbedtls_mpi_size( &ctx->P ); n2 = mbedtls_mpi_size( &ctx->G ); @@ -444,7 +447,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, DHM_MPI_EXPORT( &ctx->G , n2 ); DHM_MPI_EXPORT( &ctx->GX, n3 ); - *olen = p - output; + *olen = p - output; ctx->len = n1; @@ -643,10 +646,11 @@ cleanup: */ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) { - mbedtls_mpi_free( &ctx->pX); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi ); - mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY ); - mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G ); - mbedtls_mpi_free( &ctx->P ); + mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf ); + mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP ); + mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY ); + mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); + mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P ); mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); } From e764324d96645efe68d6ac76bb46e17dfcd1d533 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 10:33:11 +0100 Subject: [PATCH 0264/1059] Improve documentation in dhm.h --- include/mbedtls/dhm.h | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index a9185ec085..43c49402f6 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -167,7 +167,8 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); * \brief Parse the ServerKeyExchange parameters * * \param ctx DHM context - * \param p &(start of input buffer) + * \param p &(start of input buffer), will be increased + * by the amount of data read. * \param end end of buffer * * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code @@ -186,6 +187,11 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * \param f_rng RNG function * \param p_rng RNG parameter * + * \note The destination buffer must be large enough to hold + * the modulus, the generator, and the public key, each + * wrapped with a 2-byte length field. It is the responsibility + * of the caller to ensure that enough space is available. + * * \note This function assumes that ctx->P and ctx->G * have already been properly set (for example * using mbedtls_mpi_read_string or mbedtls_mpi_read_binary). @@ -215,10 +221,16 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, * \param ctx DHM context * \param x_size private value size in bytes * \param output destination buffer - * \param olen must be at least equal to the size of P, ctx->len + * \param olen size of the destination buffer; + * must be at least equal to the size of P, ctx->len * \param f_rng RNG function * \param p_rng RNG parameter * + * \note The destination buffer will always be fully written + * so as to contain a big-endian presentation of G^X mod P. + * If it is larger than ctx->len, it will accordingly be + * padded with zero-bytes in the beginning. + * * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code */ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, @@ -231,7 +243,8 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, * * \param ctx DHM context * \param output destination buffer - * \param output_size size of the destination buffer + * \param output_size size of the destination buffer, must be at + * at least the size of ctx->len * \param olen on exit, holds the actual number of bytes written * \param f_rng RNG function, for blinding purposes * \param p_rng RNG parameter From a2f6b72cbb83302cdec09da68a492f0702f76b70 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 10:33:29 +0100 Subject: [PATCH 0265/1059] Add warnings regarding the use of DHM in general --- include/mbedtls/config.h | 21 +++++++++++++++++++++ include/mbedtls/dhm.h | 23 +++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c7196402..b490e33d77 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -618,6 +618,13 @@ * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA + * + * \warning The possibility for the use of custom groups + * in the use of DHM in TLS constitutes a security + * risk. If possible, it is recommended to use + * EC-based key exchanges instead. See the documentation + * at the top of dhm.h for more information. + * */ #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -717,6 +724,13 @@ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + * + * \warning The possibility for the use of custom groups + * in the use of DHM in TLS constitutes a security + * risk. If possible, it is recommended to use + * EC-based key exchanges instead. See the documentation + * at the top of dhm.h for more information. + * */ #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED @@ -1835,6 +1849,13 @@ * * This module is used by the following key exchanges: * DHE-RSA, DHE-PSK + * + * \warning The possibility for the use of custom groups + * in the use of DHM in TLS constitutes a security + * risk. If possible, it is recommended to use + * EC-based key exchanges instead. See the documentation + * at the top of dhm.h for more information. + * */ #define MBEDTLS_DHM_C diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 43c49402f6..542592d855 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -19,6 +19,29 @@ * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) + * + * \warning The security of the DHM key exchange relies on the proper choice + * of prime modulus - optimally, it should be a safe prime. The usage + * of non-safe primes both decreases the difficulty of the underlying + * discrete logarithm problem and can lead to small subgroup attacks + * leaking private exponent bits when invalid public keys are used + * and not detected. This is especially relevant if the same DHM parameters + * are reused for multiple key exchanges as in static DHM, while the + * criticality of small-subgroup attacks is lower for ephemeral DHM. + * + * For performance reasons, the code does neither perform primality + * nor safe primality tests, nor the expensive checks for invalid + * subgroups. + * + * The possibility for the use of custom, non-safe primes in DHM + * is a deficiency in the TLS protocol that has been adressed only + * recently through the addition of the named group extension from + * RFC 7919, which however is not yet implemented in Mbed TLS. + * + * If possible, we recommend to use elliptic curve based key + * exchanges instead of DHM-based ones, because the former only + * accepts standardized groups. + * */ #ifndef MBEDTLS_DHM_H #define MBEDTLS_DHM_H From 7c0f17d1155d8a3e0fd52f831ecc84ce11673f2e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 11:49:46 +0100 Subject: [PATCH 0266/1059] Add `MBEDTLS_RSA_NO_CRT` to options unaffected by `config.pl full` The effect of `config.pl full` on 'negative' options such as `NO_PLATFORM_ENTROPY` is usually inverted, but `MBEDTLS_RSA_NO_CRT` was not included in the list of such options. This commit adds it. --- scripts/config.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 2757f17fe3..e2760b15cf 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -17,7 +17,7 @@ # # Full usage description provided below. # -# Things that shouldn't be enabled with "full". +# The following options are disabled instead of enabled with "full". # # MBEDTLS_TEST_NULL_ENTROPY # MBEDTLS_DEPRECATED_REMOVED @@ -30,6 +30,7 @@ # MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_REMOVE_ARC4_CIPHERSUITES # MBEDTLS_SSL_HW_RECORD_ACCEL +# MBEDTLS_RSA_NO_CRT # MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 # MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION # - this could be enabled if the respective tests were adapted @@ -85,6 +86,7 @@ MBEDTLS_ECP_DP_M383_ENABLED MBEDTLS_ECP_DP_M511_ENABLED MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_PLATFORM_ENTROPY +MBEDTLS_RSA_NO_CRT MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 From d5ba5effaa30addc721f27f65b15a97af3f33248 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 12:53:51 +0100 Subject: [PATCH 0267/1059] Add ASan build-and-test run for MBEDTLS_RSA_NO_CRT in all.sh --- tests/scripts/all.sh | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2cc..5fe9191cc1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -326,6 +326,22 @@ OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min tests/ssl-opt.sh +msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_RSA_NO_CRT +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s +make test + +msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s +tests/ssl-opt.sh -f RSA + +msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min +tests/compat.sh -t RSA + msg "build: cmake, full config, clang, C99" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -572,4 +588,3 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup - From a6f55394137487b7298ab929202d70b5f210c7c2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 12:56:28 +0100 Subject: [PATCH 0268/1059] Adapt version_features.c to new config options --- library/version_features.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3e..f7fa041c42 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -345,9 +345,18 @@ static const char *features[] = { #if defined(MBEDTLS_PKCS1_V21) "MBEDTLS_PKCS1_V21", #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_RSA_FORCE_BLINDING) + "MBEDTLS_RSA_FORCE_BLINDING", +#endif /* MBEDTLS_RSA_FORCE_BLINDING */ #if defined(MBEDTLS_RSA_NO_CRT) "MBEDTLS_RSA_NO_CRT", #endif /* MBEDTLS_RSA_NO_CRT */ +#if defined(MBEDTLS_RSA_FORCE_CRT_VERIFICATION) + "MBEDTLS_RSA_FORCE_CRT_VERIFICATION", +#endif /* MBEDTLS_RSA_FORCE_CRT_VERIFICATION */ +#if defined(MBEDTLS_RSA_FORCE_VERIFICATION) + "MBEDTLS_RSA_FORCE_VERIFICATION", +#endif /* MBEDTLS_RSA_FORCE_VERIFICATION */ #if defined(MBEDTLS_SELF_TEST) "MBEDTLS_SELF_TEST", #endif /* MBEDTLS_SELF_TEST */ From 041a6b030f2c3628d34abb8360efc3988a18484e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 14:52:26 +0100 Subject: [PATCH 0269/1059] Adapt ChangeLog --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..4436237ae2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Correct extraction of signature-type from PK instance in X.509 CRT and CSR + writing routines that prevented these functions to work with alternative + RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From 2cca6f3290b5fc22517a9a684a3542fef5be44ac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:46:40 +0100 Subject: [PATCH 0270/1059] Always deduce N from P, Q in mbedtls_rsa_complete Previously, a parameter set of (-, P, Q, -, E) was completed, but (-, P, Q, D, E) wasn't - this is odd. --- library/rsa.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 3dde6edbf4..4ee9308bde 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -623,18 +623,35 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * (2) D and potentially N missing. * */ - const int complete = have_N && have_P && have_Q && have_D && have_E; - const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E; - const int d_missing = have_P && have_Q && !have_D && have_E; - const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E; - const int is_priv = complete || pq_missing || d_missing; + const int n_missing = have_P && have_Q && have_D && have_E; + const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E; + const int d_missing = have_P && have_Q && !have_D && have_E; + const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E; + + /* These three alternatives are mutually exclusive */ + const int is_priv = n_missing || pq_missing || d_missing; if( !is_priv && !is_pub ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); /* - * Step 1: Deduce and verify all core parameters. + * Step 1: Deduce N if P, Q are provided. + */ + + if( !have_N && have_P && have_Q ) + { + if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, + &ctx->Q ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + ctx->len = mbedtls_mpi_size( &ctx->N ); + } + + /* + * Step 2: Deduce and verify all remaining core parameters. */ if( pq_missing ) @@ -660,13 +677,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, } #endif /* MBEDTLS_GENPRIME */ - /* Compute N if missing. */ - if( !have_N && - ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); - } - /* Deduce private exponent. This includes double-checking of the result, * so together with the primality test above all core parameters are * guaranteed to be sane if this call succeeds. */ @@ -680,7 +690,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, /* In the remaining case of a public key, there's nothing to check for. */ /* - * Step 2: Deduce all additional parameters specific + * Step 3: Deduce all additional parameters specific * to our current RSA implementaiton. */ From 54cfc585cd9efc0b260c17317925f81e3a9ada6d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:31:22 +0100 Subject: [PATCH 0271/1059] Add test cases for mbedtls_rsa_import[_raw] where N is missing --- tests/suites/test_suite_rsa.data | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 8b1d1d59a6..05e29678f6 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -433,6 +433,12 @@ mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Import (N,P,Q,D,E), successive mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 +RSA Import (-,P,Q,D,E) +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Import (-,P,Q,D,E), successive +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 + RSA Import (N,-,-,D,E) mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 @@ -445,6 +451,12 @@ mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Import (N,P,Q,-,E), successive mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 +RSA Import (-,P,Q,-,E) +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:0 + +RSA Import (-,P,Q,-,E), successive +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 + RSA Import (N,-,Q,-,E) mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA @@ -463,6 +475,12 @@ mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Import Raw (N,P,Q,D,E), successive mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 +RSA Import Raw (-,P,Q,D,E) +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 + +RSA Import Raw (-,P,Q,D,E), successive +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 + RSA Import Raw (N,-,-,D,E) mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 @@ -475,6 +493,12 @@ mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Import Raw (N,P,Q,-,E), successive mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 +RSA Import Raw (-,P,Q,-,E) +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:0 + +RSA Import Raw (-,P,Q,-,E), successive +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 + RSA Import Raw (N,-,Q,-,E) mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA From 2f8f06aa25e9d5ee4fc9fe217543c872b39e4d05 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:47:26 +0100 Subject: [PATCH 0272/1059] Don't always recompute context length in mbedtls_rsa_get_len This commit changes the implementation of `mbedtls_rsa_get_len` to return `ctx->len` instead of always re-computing the modulus' byte-size via `mbedtls_mpi_size`. --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 4ee9308bde..862301190a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -923,7 +923,7 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) { - return( mbedtls_mpi_size( &ctx->N ) ); + return( ctx->len ); } From ba1ba11a984703cd0fa8ec061254ac6147f8a93d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:48:23 +0100 Subject: [PATCH 0273/1059] Check that length is properly set in `mbedtls_rsa_check_pubkey` --- library/rsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 862301190a..ae4382b182 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1028,6 +1028,9 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) if( !ctx->N.p || !ctx->E.p ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if( ( ctx->N.p[0] & 1 ) == 0 || ( ctx->E.p[0] & 1 ) == 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); From 5063cd2ccab39001d6d6a1c4deeee93d35e6ede3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:49:12 +0100 Subject: [PATCH 0274/1059] Deprecate direct manipulation of structure fields in RSA context --- include/mbedtls/rsa.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 48b0145ebc..df14ae8473 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -237,7 +237,13 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, #if !defined(MBEDTLS_RSA_ALT) /** - * \brief RSA context structure + * \brief RSA context structure + * + * \note Direct manipulation of the members of this structure + * is deprecated and will no longer be supported starting + * from the next major release. All manipulation should instead + * be done through the public interface functions. + * */ typedef struct { From 4d6e83406ca8c8c1b17af7d89c1753cfcad070ea Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:50:18 +0100 Subject: [PATCH 0275/1059] Improve readability of test for `mbedtls_rsa_import` --- tests/suites/test_suite_rsa.function | 36 ++++++++++++++++------------ 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 5f493c3a0a..160b916b8a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -852,6 +852,12 @@ void mbedtls_rsa_import( int radix_N, char *input_N, mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "test_suite_rsa"; + const int have_N = ( strlen( input_N ) > 0 ); + const int have_P = ( strlen( input_P ) > 0 ); + const int have_Q = ( strlen( input_Q ) > 0 ); + const int have_D = ( strlen( input_D ) > 0 ); + const int have_E = ( strlen( input_E ) > 0 ); + mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); @@ -864,29 +870,29 @@ void mbedtls_rsa_import( int radix_N, char *input_N, mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); - if( strlen( input_N ) ) + if( have_N ) TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - if( strlen( input_P ) ) + if( have_P ) TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - if( strlen( input_Q ) ) + if( have_Q ) TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - if( strlen( input_D ) ) + if( have_D ) TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); - if( strlen( input_E ) ) + if( have_E ) TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); if( !successive ) { TEST_ASSERT( mbedtls_rsa_import( &ctx, - strlen( input_N ) ? &N : NULL, - strlen( input_P ) ? &P : NULL, - strlen( input_Q ) ? &Q : NULL, - strlen( input_D ) ? &D : NULL, - strlen( input_E ) ? &E : NULL ) == 0 ); + have_N ? &N : NULL, + have_P ? &P : NULL, + have_Q ? &Q : NULL, + have_D ? &D : NULL, + have_E ? &E : NULL ) == 0 ); } else { @@ -894,27 +900,27 @@ void mbedtls_rsa_import( int radix_N, char *input_N, * This should make no functional difference. */ TEST_ASSERT( mbedtls_rsa_import( &ctx, - strlen( input_N ) ? &N : NULL, + have_N ? &N : NULL, NULL, NULL, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, NULL, - strlen( input_P ) ? &P : NULL, + have_P ? &P : NULL, NULL, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, NULL, NULL, - strlen( input_Q ) ? &Q : NULL, + have_Q ? &Q : NULL, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, NULL, NULL, NULL, - strlen( input_D ) ? &D : NULL, + have_D ? &D : NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, NULL, NULL, NULL, NULL, - strlen( input_E ) ? &E : NULL ) == 0 ); + have_E ? &E : NULL ) == 0 ); } TEST_ASSERT( mbedtls_rsa_complete( &ctx, From e1582a832b848b71aebe0ff0e0fa531cdc96b43e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:51:05 +0100 Subject: [PATCH 0276/1059] Add expectation when testing RSA key import/export This commit adds a flag to the RSA import/export tests indicating whether it is expected that a full RSA keypair can be set up from the provided parameters. Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are expanded to perform key checks and an example encryption-decryption. --- tests/suites/test_suite_rsa.data | 84 ++++++++++++------------- tests/suites/test_suite_rsa.function | 94 ++++++++++++++++++++++++++-- 2 files changed, 131 insertions(+), 47 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 05e29678f6..ace4d397a3 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -428,130 +428,130 @@ RSA Deduce Moduli, corrupted mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Import (N,P,Q,D,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 RSA Import (N,P,Q,D,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 RSA Import (-,P,Q,D,E) -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 RSA Import (-,P,Q,D,E), successive -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 RSA Import (N,-,-,D,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 RSA Import (N,-,-,D,E), succesive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 RSA Import (N,P,Q,-,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0 RSA Import (N,P,Q,-,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0 RSA Import (-,P,Q,-,E) -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0 RSA Import (-,P,Q,-,E), successive -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0 RSA Import (N,-,Q,-,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,Q,-,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,-,-,E), complete public key -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0:0 RSA Import (N,-,-,-,E), complete public key, successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0:0 RSA Import Raw (N,P,Q,D,E), complete private key -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 RSA Import Raw (N,P,Q,D,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 RSA Import Raw (-,P,Q,D,E) -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 RSA Import Raw (-,P,Q,D,E), successive -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 RSA Import Raw (N,-,-,D,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 RSA Import Raw (N,-,-,D,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 RSA Import Raw (N,P,Q,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0 RSA Import Raw (N,P,Q,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0 RSA Import Raw (-,P,Q,-,E) -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0 RSA Import Raw (-,P,Q,-,E), successive -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0 RSA Import Raw (N,-,Q,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import Raw (N,-,Q,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import Raw (N,-,-,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0:0 RSA Import Raw (N,-,-,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0:0 RSA Export (N,P,Q,D,E) -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 RSA Export (N,P,Q,D,E), successive -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1 RSA Export (N,-,-,D,E) -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 RSA Export (N,-,-,D,E), succesive -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1 RSA Export (N,P,Q,-,E) -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 RSA Export (N,P,Q,-,E), successive -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1 RSA Export (N,-,-,-,E) -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0 RSA Export Raw (N,P,Q,D,E) -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 RSA Export Raw (N,P,Q,D,E), successive -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1 RSA Export Raw (N,-,-,D,E) -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 RSA Export Raw (N,-,-,D,E), succesive -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1 RSA Export Raw (N,P,Q,-,E) -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 RSA Export Raw (N,P,Q,-,E), successive -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1 RSA Export Raw (N,-,-,-,E) -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0 RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 160b916b8a..062b971538 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -843,11 +843,17 @@ void mbedtls_rsa_import( int radix_N, char *input_N, int radix_D, char *input_D, int radix_E, char *input_E, int successive, + int is_priv, int result ) { mbedtls_mpi N, P, Q, D, E; mbedtls_rsa_context ctx; + /* Buffers used for encryption-decryption test */ + unsigned char *buf_orig = NULL; + unsigned char *buf_enc = NULL; + unsigned char *buf_dec = NULL; + mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "test_suite_rsa"; @@ -927,8 +933,47 @@ void mbedtls_rsa_import( int radix_N, char *input_N, mbedtls_ctr_drbg_random, &ctr_drbg ) == result ); + /* On expected success, perform some public and private + * key operations to check if the key is working properly. */ + if( result == 0 ) + { + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + /* Did we expect a full private key to be setup? */ + if( is_priv ) + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) + goto exit; + + TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, + buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); + + /* Make sure the number we're generating is smaller than the modulus */ + buf_orig[0] = 0x00; + + TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); + + if( is_priv ) + { + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, + &ctr_drbg, buf_enc, + buf_dec ) == 0 ); + + TEST_ASSERT( memcmp( buf_orig, buf_dec, + mbedtls_rsa_get_len( &ctx ) ) == 0 ); + } + } + exit: + mbedtls_free( buf_orig ); + mbedtls_free( buf_enc ); + mbedtls_free( buf_dec ); + mbedtls_rsa_free( &ctx ); mbedtls_ctr_drbg_free( &ctr_drbg ); @@ -946,6 +991,7 @@ void mbedtls_rsa_export( int radix_N, char *input_N, int radix_Q, char *input_Q, int radix_D, char *input_D, int radix_E, char *input_E, + int is_priv, int successive ) { /* Original MPI's with which we set up the RSA context */ @@ -960,8 +1006,6 @@ void mbedtls_rsa_export( int radix_N, char *input_N, const int have_D = ( strlen( input_D ) > 0 ); const int have_E = ( strlen( input_E ) > 0 ); - const int is_priv = have_P || have_Q || have_D; - mbedtls_rsa_context ctx; mbedtls_rsa_init( &ctx, 0, 0 ); @@ -1132,7 +1176,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ void mbedtls_rsa_export_raw( char *input_N, char *input_P, char *input_Q, char *input_D, - char *input_E, int successive ) + char *input_E, int is_priv, + int successive ) { /* Original raw buffers with which we set up the RSA context */ unsigned char bufN[1000]; @@ -1160,8 +1205,6 @@ void mbedtls_rsa_export_raw( char *input_N, char *input_P, const int have_D = ( strlen( input_D ) > 0 ); const int have_E = ( strlen( input_E ) > 0 ); - const int is_priv = have_P || have_Q || have_D; - mbedtls_rsa_context ctx; mbedtls_rsa_init( &ctx, 0, 0 ); @@ -1265,6 +1308,7 @@ void mbedtls_rsa_import_raw( char *input_N, char *input_P, char *input_Q, char *input_D, char *input_E, int successive, + int is_priv, int result ) { unsigned char bufN[1000]; @@ -1273,6 +1317,11 @@ void mbedtls_rsa_import_raw( char *input_N, unsigned char bufD[1000]; unsigned char bufE[1000]; + /* Buffers used for encryption-decryption test */ + unsigned char *buf_orig = NULL; + unsigned char *buf_enc = NULL; + unsigned char *buf_dec = NULL; + size_t lenN = 0; size_t lenP = 0; size_t lenQ = 0; @@ -1351,6 +1400,41 @@ void mbedtls_rsa_import_raw( char *input_N, mbedtls_ctr_drbg_random, &ctr_drbg ) == result ); + /* On expected success, perform some public and private + * key operations to check if the key is working properly. */ + if( result == 0 ) + { + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + /* Did we expect a full private key to be setup? */ + if( is_priv ) + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) + goto exit; + + TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, + buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); + + /* Make sure the number we're generating is smaller than the modulus */ + buf_orig[0] = 0x00; + + TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); + + if( is_priv ) + { + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, + &ctr_drbg, buf_enc, + buf_dec ) == 0 ); + + TEST_ASSERT( memcmp( buf_orig, buf_dec, + mbedtls_rsa_get_len( &ctx ) ) == 0 ); + } + } + exit: mbedtls_rsa_free( &ctx ); From bead71752e51ec9d1bb2d84b0a0cc958cce15606 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 12:41:06 +0100 Subject: [PATCH 0277/1059] Correct typo in rsa.c --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index ae4382b182..d438247d53 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -139,7 +139,7 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, * several calculations are done in place and temporarily change * the values of D and E. * - * Specifically, D is replaced the largest odd divisor of DE - 1 + * Specifically, D is replaced by the largest odd divisor of DE - 1 * throughout the calculations. */ From 91c194dabba673ec4afe93a77a1958d2059384dd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 12:50:12 +0100 Subject: [PATCH 0278/1059] Add and document an RSA-specific error code for unsupported exports E.g., a private key on an external chip might not be exportable to RAM. --- include/mbedtls/rsa.h | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df14ae8473..705d16384a 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -48,6 +48,7 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ +#define MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED -0x4500 /**< The requested parameter export is not possible/allowed. */ /* * RSA constants @@ -446,6 +447,21 @@ int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, * \param E MPI to hold the public exponent, or NULL * * \return 0 if successful, non-zero error code otherwise. + * In particular, if exporting the requested parameters + * cannot be done because of a lack of functionality + * or because of security policies, the error code + * MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * In this case, the RSA context stays intact and can + * be continued to be used. + * + * \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * would be the following: Firstly, it might be that an + * alternative RSA implementation is in use which stores + * the key externally, and which either cannot or should not + * export it into RAM. Alternatively, an implementation + * (regardless of SW or HW) might not support deducing e.g. + * P, Q from N, D, E if the former are not part of the + * implementation. * */ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, @@ -475,6 +491,24 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * pointed to by N, P, Q, D, E are fully written, with * additional unused space filled leading by 0-bytes. * + * \return 0 if successful, non-zero error code otherwise. + * In particular, if exporting the requested parameters + * cannot be done because of a lack of functionality + * or because of security policies, the error code + * MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * In this case, the RSA context stays intact and can + * be continued to be used. + * + * \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * would be the following: Firstly, it might be that an + * alternative RSA implementation is in use which stores + * the key externally, and which either cannot or should not + * export it into RAM. Alternatively, an implementation + * (regardless of SW or HW) might not support deducing e.g. + * P, Q from N, D, E if the former are not part of the + * implementation. + * + * */ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, From ed20361321ae4a55d122b1ae6e66915e8f40097e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 13:34:25 +0100 Subject: [PATCH 0279/1059] Increase readability of Doxygen output Multiple lists were not properly recognized as such. --- include/mbedtls/rsa.h | 95 +++++++++++++++++++++++-------------------- 1 file changed, 52 insertions(+), 43 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 705d16384a..aaf0f3c663 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -94,7 +94,8 @@ extern "C" { * \param P Pointer to MPI holding first prime factor of N on success * \param Q Pointer to MPI holding second prime factor of N on success * - * \return - 0 if successful. In this case, P and Q constitute a + * \return + * - 0 if successful. In this case, P and Q constitute a * factorization of N, and it is guaranteed that D and E * are indeed modular inverses modulo P-1 and modulo Q-1. * The values of N, D and E are unchanged. It is checked @@ -128,7 +129,8 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, * * \note This function does not check whether P and Q are primes. * - * \return - 0 if successful. In this case, D is set to a simultaneous + * \return + * - 0 if successful. In this case, D is set to a simultaneous * modular inverse of E modulo both P-1 and Q-1. * - A non-zero error code otherwise. In this case, the values * of P, Q, E are undefined. @@ -181,12 +183,13 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * \param f_rng PRNG to be used for randomization, or NULL * \param p_rng PRNG context for f_rng, or NULL * - * \return - 0 if the following conditions are satisfied: - * - N = PQ if N,P,Q != NULL - * - D and E are modular inverses modulo P-1 and Q-1 - * if D,E,P,Q != NULL - * - P prime if f_rng, P != NULL - * - Q prime if f_rng, Q != NULL + * \return + * - 0 if the following conditions are satisfied: + * - N = PQ if N,P,Q != NULL + * - D and E are modular inverses modulo P-1 and Q-1 + * if D,E,P,Q != NULL + * - P prime if f_rng, P != NULL + * - Q prime if f_rng, Q != NULL * - A non-zero error code otherwise. * * \note The function can be used with a restricted set of arguments @@ -213,12 +216,13 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * \param DQ MPI to check for D modulo P-1 * \param QP MPI to check for the modular inverse of Q modulo P. * - * \return - 0 if the following conditions are satisfied: - * - D = DP mod P-1 if P, D, DP != NULL - * - Q = DQ mod P-1 if P, D, DQ != NULL - * - QP = Q^-1 mod P if P, Q, QP != NULL - * - MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, - * potentially including MBEDTLS_ERR_MPI_XXX if some + * \return + * - 0 if the following conditions are satisfied: + * - D = DP mod P-1 if P, D, DP != NULL + * - Q = DQ mod P-1 if P, D, DQ != NULL + * - QP = Q^-1 mod P if P, Q, QP != NULL + * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, + * potentially including \c MBEDTLS_ERR_MPI_XXX if some * MPI calculations failed. * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient * data was provided to check DP, DQ or QP. @@ -386,18 +390,19 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * \param f_rng RNG function, * \param p_rng RNG parameter * - * To setup an RSA public key, precisely N and E - * must have been imported. + * \note + * - To setup an RSA public key, precisely N and E + * must have been imported. * - * To setup an RSA private key, enough information must be - * present for the other parameters to be efficiently derivable. + * - To setup an RSA private key, enough information must be + * present for the other parameters to be efficiently derivable. * - * The default implementation supports the following: - * (a) Derive P, Q from N, D, E - * (b) Derive N, D from P, Q, E. + * The default implementation supports the following: + * - Derive P, Q from N, D, E + * - Derive N, D from P, Q, E. * - * Alternative implementations need not support these - * and may return MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. + * - Alternative implementations need not support these + * and may return \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. * * \note The PRNG is used for probabilistic algorithms * like the derivation of P, Q from N, D, E, as @@ -446,15 +451,19 @@ int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, * \param D MPI to hold the private exponent, or NULL * \param E MPI to hold the public exponent, or NULL * - * \return 0 if successful, non-zero error code otherwise. - * In particular, if exporting the requested parameters - * cannot be done because of a lack of functionality - * or because of security policies, the error code - * MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. - * In this case, the RSA context stays intact and can - * be continued to be used. + * \return + * - 0 if successful. In this case, the non-NULL buffers + * pointed to by N, P, Q, D, E are fully written, with + * additional unused space filled leading by 0-bytes. + * - Non-zero return code otherwise. In particular, if + * exporting the requested parameters + * cannot be done because of a lack of functionality + * or because of security policies, the error code + * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * In this case, the RSA context stays intact and can + * be continued to be used. * - * \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED * would be the following: Firstly, it might be that an * alternative RSA implementation is in use which stores * the key externally, and which either cannot or should not @@ -487,19 +496,19 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * \note The length fields are ignored if the corresponding * buffer pointers are NULL. * - * \return 0 if successful. In this case, the non-NULL buffers - * pointed to by N, P, Q, D, E are fully written, with - * additional unused space filled leading by 0-bytes. + * \return + * - 0 if successful. In this case, the non-NULL buffers + * pointed to by N, P, Q, D, E are fully written, with + * additional unused space filled leading by 0-bytes. + * - Non-zero return code otherwise. In particular, if + * exporting the requested parameters + * cannot be done because of a lack of functionality + * or because of security policies, the error code + * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * In this case, the RSA context stays intact and can + * be continued to be used. * - * \return 0 if successful, non-zero error code otherwise. - * In particular, if exporting the requested parameters - * cannot be done because of a lack of functionality - * or because of security policies, the error code - * MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. - * In this case, the RSA context stays intact and can - * be continued to be used. - * - * \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED * would be the following: Firstly, it might be that an * alternative RSA implementation is in use which stores * the key externally, and which either cannot or should not From 4b2f691691ebd72f82fd34ae1216a676e9e766aa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 13:34:55 +0100 Subject: [PATCH 0280/1059] Doxygen: Use typewriter font for variables in rsa.h documentation --- include/mbedtls/rsa.h | 211 +++++++++++++++++++++--------------------- 1 file changed, 108 insertions(+), 103 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index aaf0f3c663..b272b76a5c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -224,7 +224,7 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, * potentially including \c MBEDTLS_ERR_MPI_XXX if some * MPI calculations failed. - * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient + * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient * data was provided to check DP, DQ or QP. * * \note The function can be used with a restricted set of arguments @@ -278,8 +278,8 @@ typedef struct mbedtls_mpi Vi; /*!< cached blinding value */ mbedtls_mpi Vf; /*!< cached un-blinding value */ - int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ + int padding; /*!< \c MBEDTLS_RSA_PKCS_V15 for 1.5 padding and + \c MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ int hash_id; /*!< Hash identifier of mbedtls_md_type_t as specified in the mbedtls_md.h header file for the EME-OAEP and EMSA-PSS @@ -299,15 +299,15 @@ mbedtls_rsa_context; /** * \brief Initialize an RSA context * - * Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP + * Note: Set padding to \c MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP * encryption scheme and the RSASSA-PSS signature scheme. * * \param ctx RSA context to be initialized - * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 - * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier + * \param padding \c MBEDTLS_RSA_PKCS_V15 or \c MBEDTLS_RSA_PKCS_V21 + * \param hash_id \c MBEDTLS_RSA_PKCS_V21 hash identifier * * \note The hash_id parameter is actually ignored - * when using MBEDTLS_RSA_PKCS_V15 padding. + * when using \c MBEDTLS_RSA_PKCS_V15 padding. * * \note Choice of padding mode is strictly enforced for private key * operations, since there might be security concerns in @@ -318,7 +318,7 @@ mbedtls_rsa_context; * \note The chosen hash is always used for OEAP encryption. * For PSS signatures, it's always used for making signatures, * but can be overriden (and always is, if set to - * MBEDTLS_MD_NONE) for verifying them. + * \c MBEDTLS_MD_NONE) for verifying them. */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, @@ -411,7 +411,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * \return - 0 if successful. In this case, all imported core * parameters are guaranteed to be sane, the RSA context * has been fully setup and is ready for use. - * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted + * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, @@ -549,8 +549,8 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, * See \c mbedtls_rsa_init() for details. * * \param ctx RSA context to be set - * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 - * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier + * \param padding \c MBEDTLS_RSA_PKCS_V15 or \c MBEDTLS_RSA_PKCS_V21 + * \param hash_id \c MBEDTLS_RSA_PKCS_V21 hash identifier */ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); @@ -577,7 +577,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * \note mbedtls_rsa_init() must be called beforehand to setup * the RSA context. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -589,7 +589,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * * \param ctx RSA context to be checked * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); @@ -599,7 +599,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * * \param ctx RSA context to be checked * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); @@ -610,7 +610,7 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * \param pub RSA context holding the public key * \param prv RSA context holding the private key * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); @@ -621,7 +621,7 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rs * \param input input buffer * \param output output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note This function does NOT take care of message * padding. Also, be sure to set input[0] = 0 or ensure that @@ -643,7 +643,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \param input input buffer * \param output output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). @@ -661,14 +661,14 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * * \param ctx RSA context * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding - * and MBEDTLS_RSA_PRIVATE) + * and \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param ilen contains the plaintext length * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -684,14 +684,14 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) * * \param ctx RSA context - * \param f_rng RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Needed for padding and \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param ilen contains the plaintext length * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -708,16 +708,16 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * * \param ctx RSA context * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding - * and MBEDTLS_RSA_PRIVATE) + * and \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param label buffer holding the custom label to use * \param label_len contains the label length * \param ilen contains the plaintext length * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -737,25 +737,25 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * the message padding * * \param ctx RSA context - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param olen will contain the plaintext length * \param input buffer holding the encrypted data * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be - * as large as the size ctx->len of ctx->N (eg. 128 bytes + * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold * the decryption of the particular ciphertext provided, - * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -769,25 +769,25 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) * * \param ctx RSA context - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param olen will contain the plaintext length * \param input buffer holding the encrypted data * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be - * as large as the size ctx->len of ctx->N (eg. 128 bytes + * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold * the decryption of the particular ciphertext provided, - * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -801,9 +801,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) * * \param ctx RSA context - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param label buffer holding the custom label to use * \param label_len contains the label length * \param olen will contain the plaintext length @@ -811,17 +811,17 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be - * as large as the size ctx->len of ctx->N (eg. 128 bytes + * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold * the decryption of the particular ciphertext provided, - * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -840,22 +840,24 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * * \param ctx RSA context * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for - * MBEDTLS_RSA_PRIVATE) + * \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for + * signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * * \return 0 if the signing operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * * \note In case of PKCS#1 v2.1 encoding, see comments on - * \note \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id. + * \note \c mbedtls_rsa_rsassa_pss_sign() for details on + * \c md_alg and \c hash_id. */ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -870,19 +872,20 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) * * \param ctx RSA context - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE + * for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * * \return 0 if the signing operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -898,22 +901,23 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * * \param ctx RSA context * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for - * MBEDTLS_RSA_PRIVATE) + * \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE + * for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * * \return 0 if the signing operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * - * \note The hash_id in the RSA context is the one used for the - * encoding. md_alg in the function call is the type of hash + * \note The \c hash_id in the RSA context is the one used for the + * encoding. \c md_alg in the function call is the type of hash * that is encoded. According to RFC 3447 it is advised to * keep both hashes the same. */ @@ -932,19 +936,19 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * the message digest * * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * * \return 0 if the verify operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * * \note In case of PKCS#1 v2.1 encoding, see comments on * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id. @@ -962,19 +966,20 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) * * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE + * for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * * \return 0 if the verify operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -990,25 +995,25 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * (This is the "simple" version.) * * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * * \return 0 if the verify operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * - * \note The hash_id in the RSA context is the one used for the - * verification. md_alg in the function call is the type of + * \note The \c hash_id in the RSA context is the one used for the + * verification. \c md_alg in the function call is the type of * hash that is verified. According to RFC 3447 it is advised to - * keep both hashes the same. If hash_id in the RSA context is - * unset, the md_alg from the function call is used. + * keep both hashes the same. If \c hash_id in the RSA context is + * unset, the \c md_alg from the function call is used. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1024,24 +1029,24 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * (This is the version with "full" options.) * * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param mgf1_hash_id message digest used for mask generation * \param expected_salt_len Length of the salt used in padding, use - * MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length + * \c MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length * \param sig buffer holding the ciphertext * * \return 0 if the verify operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * - * \note The hash_id in the RSA context is ignored. + * \note The \c hash_id in the RSA context is ignored. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1061,7 +1066,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, * \param src Source context * * \return 0 on success, - * MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure + * \c MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure */ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); From 26182edd0cd5a09f2435b1123e384e8a22fac52d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 15:45:12 +0200 Subject: [PATCH 0281/1059] Allow comments in test data files --- ChangeLog | 5 +++++ tests/scripts/generate_code.pl | 21 +++++++++++++++++++++ tests/suites/main_test.function | 19 ++++++++++++------- tests/suites/test_suite_md.data | 1 + tests/suites/test_suite_mdx.data | 1 + tests/suites/test_suite_rsa.data | 3 +++ tests/suites/test_suite_shax.data | 1 + 7 files changed, 44 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..2bbc4c333b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Features + * Allow comments in test data files. + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 84e949dfad..a486319469 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -49,6 +49,27 @@ # file name is used to replace the symbol 'TESTCASE_FILENAME' in the main # code file above. # +# A test data file consists of a sequence of paragraphs separated by +# a single empty line. Line breaks may be in Unix (LF) or Windows (CRLF) +# format. Lines starting with the character '#' are ignored +# (the parser behaves as if they were not present). +# +# Each paragraph describes one test case and must consist of: (1) one +# line which is the test case name; (2) an optional line starting with +# the 11-character prefix "depends_on:"; (3) a line containing the test +# function to execute and its parameters. +# +# A depends_on: line consists of a list of compile-time options +# separated by the character ':', with no whitespace. The test case +# is executed only if this compilation option is enabled in config.h. +# +# The last line of each paragraph contains a test function name and +# a list of parameters separated by the character ':'. Running the +# test case calls this function with the specified parameters. Each +# parameter may either be an integer written in decimal or hexadecimal, +# or a string surrounded by double quotes which may not contain the +# ':' character. +# use strict; diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index a7bb41de35..551f239d23 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -140,14 +140,19 @@ int get_line( FILE *f, char *buf, size_t len ) { char *ret; - ret = fgets( buf, len, f ); - if( ret == NULL ) - return( -1 ); + buf[0] = '#'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) - buf[strlen(buf) - 1] = '\0'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) - buf[strlen(buf) - 1] = '\0'; + while( buf[0] == '#' ) + { + ret = fgets( buf, len, f ); + if( ret == NULL ) + return( -1 ); + + if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) + buf[strlen(buf) - 1] = '\0'; + if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) + buf[strlen(buf) - 1] = '\0'; + } return( 0 ); } diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 71d1f6dde5..abd8e55d94 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -1,3 +1,4 @@ +# Tests of the generic message digest interface MD process mbedtls_md_process: diff --git a/tests/suites/test_suite_mdx.data b/tests/suites/test_suite_mdx.data index 2d403b4108..3d063a4770 100644 --- a/tests/suites/test_suite_mdx.data +++ b/tests/suites/test_suite_mdx.data @@ -1,3 +1,4 @@ +# Test MD2, MD4, MD5 and RIPEMD160 mbedtls_md2 Test vector RFC1319 #1 md2_text:"":"8350e5a3e24c153df2275c9f80692773" diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5013ac8b00..fc7d93588d 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,5 +1,6 @@ RSA PKCS1 Verify v1.5 CAVS #1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 +# Good padding but wrong hash mbedtls_rsa_pkcs1_verify:"d6248c3e96b1a7e5fea978870fcc4c9786b4e5156e16b7faef4557d667f730b8bc4c784ef00c624df5309513c3a5de8ca94c2152e0459618666d3148092562ebc256ffca45b27fd2d63c68bd5e0a0aefbe496e9e63838a361b1db6fc272464f191490bf9c029643c49d2d9cd08833b8a70b4b3431f56fb1eb55ccd39e77a9c92":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #2 @@ -24,6 +25,7 @@ mbedtls_rsa_pkcs1_verify:"44637d3b8de525fd589237bc81229c8966d3af24540850c2403633 RSA PKCS1 Verify v1.5 CAVS #7 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 +# Bad padding after performing the public key operation mbedtls_rsa_pkcs1_verify:"d03f12276f6ba7545b8fce719471bd253791878809694e8754f3b389f26c9253a758ed28b4c62535a8d5702d7a778731d5759ff2b3b39b192db680e791632918b6093c0e8ca25c2bf756a07fde4144a37f769fe4054455a45cb8cefe4462e7a9a45ce71f2189b4fef01b47aee8585d44dc9d6fa627a3e5f08801871731f234cd":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_INVALID_PADDING RSA PKCS1 Verify v1.5 CAVS #8 @@ -365,6 +367,7 @@ RSA Generate Key - 2048 bit key mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key +# mbedtls_rsa_gen_key only supports even-sized keys mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Encrypt Bad RNG diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index ea2a18380d..ee8074dc08 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -1,3 +1,4 @@ +# Test the operation of SHA-1 and SHA-2 SHA-1 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA1_C mbedtls_sha1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709" From 2fdffe0da0bf74cb94682730fe2db6b0ba8472fa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 15:19:28 +0100 Subject: [PATCH 0282/1059] Check exactly for the RSA context fields required in rsa_private Previously, the code was also checking for the presence of D for RSA-CRT, which is not needed in this case. --- library/rsa.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 11ba2019ab..d866c7aa3c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -447,14 +447,19 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, /* Sanity-check that all relevant fields are at least set, * but don't perform a full keycheck. */ +#if defined(MBEDTLS_RSA_NO_CRT) if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } -#if !defined(MBEDTLS_RSA_NO_CRT) - if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || +#else /* ! MBEDTLS_RSA_NO_CRT */ + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || @@ -462,7 +467,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } -#endif /* MBEDTLS_RSA_NO_CRT */ +#endif /* ! MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) From 56bae95e1d3528d4c562293c915c74ea8762505c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 15:33:10 +0100 Subject: [PATCH 0283/1059] Improve style and documentation, fix typo --- include/mbedtls/rsa.h | 4 +--- library/rsa.c | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index b272b76a5c..14cdef8d5c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -180,7 +180,7 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * \param Q Second prime factor of N * \param D RSA private exponent * \param E RSA public exponent - * \param f_rng PRNG to be used for randomization, or NULL + * \param f_rng PRNG to be used for primality check, or NULL * \param p_rng PRNG context for f_rng, or NULL * * \return @@ -324,7 +324,6 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, int hash_id); - /** * \brief Import a set of core parameters into an RSA context * @@ -374,7 +373,6 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * * \return 0 if successful, non-zero error code on failure. */ - int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, unsigned char *P, size_t P_len, diff --git a/library/rsa.c b/library/rsa.c index d438247d53..bb456df496 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -152,7 +152,7 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, uint16_t order; /* Order of 2 in DE - 1 */ mbedtls_mpi K; /* Temporary used for two purposes: - * - During factorization attempts, stores a andom integer + * - During factorization attempts, stores a random integer * in the range of [0,..,N] * - During verification, holding intermediate results. */ From 5b7ee07ff6a29f70c8a26b2f4641d9d0759f2667 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 18:00:25 +0200 Subject: [PATCH 0284/1059] Cleaned up get_line for test data files Look, ma, a use for do...while! Also removed 1-3 calls to strlen. --- tests/suites/main_test.function | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 551f239d23..20add3c776 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -136,23 +136,31 @@ DISPATCH_FUNCTION "TESTCASE_FILENAME" +/** Retrieve one input line into buf, which must have room for len + * bytes. The trailing line break (if any) is stripped from the result. + * Lines beginning with the character '#' are skipped. Lines that are + * more than len-1 bytes long including the trailing line break are + * truncated; note that the following bytes remain in the input stream. + * + * \return 0 on success, -1 on error or end of file + */ int get_line( FILE *f, char *buf, size_t len ) { char *ret; - buf[0] = '#'; - - while( buf[0] == '#' ) + do { ret = fgets( buf, len, f ); if( ret == NULL ) return( -1 ); - - if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) - buf[strlen(buf) - 1] = '\0'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) - buf[strlen(buf) - 1] = '\0'; } + while( buf[0] == '#' ); + + ret = buf + strlen( buf ); + if( ret-- > buf && *ret == '\n' ) + *ret = '\0'; + if( ret-- > buf && *ret == '\r' ) + *ret = '\0'; return( 0 ); } From f04111f5c5feb1452c363fe1e8bb0d973e179bdd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 19:18:42 +0100 Subject: [PATCH 0285/1059] Fix typo --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index a06d952a9e..56ba3a7b1a 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -956,7 +956,7 @@ static int pk_parse_key_pkcs8_encrypted_der( return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); /* - * This function parses the EncryptedPrivatKeyInfo object (PKCS#8) + * This function parses the EncryptedPrivateKeyInfo object (PKCS#8) * * EncryptedPrivateKeyInfo ::= SEQUENCE { * encryptionAlgorithm EncryptionAlgorithmIdentifier, From b4274210a4b5d454f6005f1e6d8225cccf5e760d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 19:18:51 +0100 Subject: [PATCH 0286/1059] Improve documentation in pkparse.c State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for zeroizing and freeing the provided key buffer. --- library/pkparse.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 56ba3a7b1a..968c83fa08 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -844,6 +844,16 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, /* * Parse an unencrypted PKCS#8 encoded private key + * + * Notes: + * + * - This function does not own the key buffer. It is the + * responsibility of the caller to take care of zeroizing + * and freeing it after use. + * + * - The function is responsible for freeing the provided + * PK context on failure. + * */ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_pk_context *pk, @@ -932,6 +942,12 @@ static int pk_parse_key_pkcs8_unencrypted_der( /* * Parse an encrypted PKCS#8 encoded private key + * + * To save space, the decryption happens in-place on the given key buffer. + * Also, while this function may modify the keybuffer, it doesn't own it, + * and instead it is the responsibility of the caller to zeroize and properly + * free it after use. + * */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( @@ -969,7 +985,6 @@ static int pk_parse_key_pkcs8_encrypted_der( * * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo * - * To save space, the decryption happens in-place on the given key buffer. */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) From 08a36dde806a3dbd92f690bfff5e6300c3d1e7ed Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 20:05:23 +0100 Subject: [PATCH 0287/1059] Unify naming schemes for RSA keys --- tests/data_files/Makefile | 230 +++++++++--------- tests/data_files/keyfile_1024 | 15 -- tests/data_files/keyfile_1024.3des | 18 -- tests/data_files/keyfile_1024.aes128 | 18 -- tests/data_files/keyfile_1024.aes192 | 18 -- tests/data_files/keyfile_1024.aes256 | 18 -- tests/data_files/keyfile_1024.des | 18 -- tests/data_files/keyfile_2048 | 27 -- tests/data_files/keyfile_2048.3des | 30 --- tests/data_files/keyfile_2048.aes128 | 30 --- tests/data_files/keyfile_2048.aes192 | 30 --- tests/data_files/keyfile_2048.aes256 | 30 --- tests/data_files/keyfile_2048.des | 30 --- tests/data_files/keyfile_4096 | 51 ---- tests/data_files/keyfile_4096.3des | 54 ---- tests/data_files/keyfile_4096.aes128 | 54 ---- tests/data_files/keyfile_4096.aes192 | 54 ---- tests/data_files/keyfile_4096.aes256 | 54 ---- tests/data_files/keyfile_4096.des | 54 ---- tests/data_files/pkcs8_pbe_sha1_2des_1024.der | Bin 678 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_2des_1024.key | 17 -- tests/data_files/pkcs8_pbe_sha1_2des_2048.der | Bin 1262 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_2des_2048.key | 29 --- tests/data_files/pkcs8_pbe_sha1_2des_4096.der | Bin 2414 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_2des_4096.key | 53 ---- tests/data_files/pkcs8_pbe_sha1_3des_1024.der | Bin 678 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_3des_1024.key | 17 -- tests/data_files/pkcs8_pbe_sha1_3des_2048.der | Bin 1262 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_3des_2048.key | 29 --- tests/data_files/pkcs8_pbe_sha1_3des_4096.der | Bin 2414 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_3des_4096.key | 53 ---- .../pkcs8_pbe_sha1_rc4_128_1024.der | Bin 673 -> 0 bytes .../pkcs8_pbe_sha1_rc4_128_1024.key | 17 -- .../pkcs8_pbe_sha1_rc4_128_2048.der | Bin 1256 -> 0 bytes .../pkcs8_pbe_sha1_rc4_128_2048.key | 29 --- .../pkcs8_pbe_sha1_rc4_128_4096.der | Bin 2413 -> 0 bytes .../pkcs8_pbe_sha1_rc4_128_4096.key | 53 ---- .../pkcs8_pbes2_pbkdf2_3des_1024.der | Bin 714 -> 0 bytes .../pkcs8_pbes2_pbkdf2_3des_1024.key | 17 -- .../pkcs8_pbes2_pbkdf2_3des_2048.der | Bin 1298 -> 0 bytes .../pkcs8_pbes2_pbkdf2_3des_2048.key | 30 --- .../pkcs8_pbes2_pbkdf2_3des_4096.der | Bin 2450 -> 0 bytes .../pkcs8_pbes2_pbkdf2_3des_4096.key | 54 ---- .../pkcs8_pbes2_pbkdf2_des_1024.der | Bin 711 -> 0 bytes .../pkcs8_pbes2_pbkdf2_des_1024.key | 17 -- .../pkcs8_pbes2_pbkdf2_des_2048.der | Bin 1295 -> 0 bytes .../pkcs8_pbes2_pbkdf2_des_2048.key | 29 --- .../pkcs8_pbes2_pbkdf2_des_4096.der | Bin 2447 -> 0 bytes .../pkcs8_pbes2_pbkdf2_des_4096.key | 53 ---- tests/data_files/rsa_pkcs1_1024_3des.pem | 18 ++ tests/data_files/rsa_pkcs1_1024_aes128.pem | 18 ++ tests/data_files/rsa_pkcs1_1024_aes192.pem | 18 ++ tests/data_files/rsa_pkcs1_1024_aes256.pem | 18 ++ tests/data_files/rsa_pkcs1_1024_clear.pem | 15 ++ tests/data_files/rsa_pkcs1_1024_des.pem | 18 ++ tests/data_files/rsa_pkcs1_2048_3des.pem | 30 +++ tests/data_files/rsa_pkcs1_2048_aes128.pem | 30 +++ tests/data_files/rsa_pkcs1_2048_aes192.pem | 30 +++ tests/data_files/rsa_pkcs1_2048_aes256.pem | 30 +++ tests/data_files/rsa_pkcs1_2048_clear.pem | 27 ++ tests/data_files/rsa_pkcs1_2048_des.pem | 30 +++ tests/data_files/rsa_pkcs1_4096_3des.pem | 54 ++++ tests/data_files/rsa_pkcs1_4096_aes128.pem | 54 ++++ tests/data_files/rsa_pkcs1_4096_aes192.pem | 54 ++++ tests/data_files/rsa_pkcs1_4096_aes256.pem | 54 ++++ tests/data_files/rsa_pkcs1_4096_clear.pem | 51 ++++ tests/data_files/rsa_pkcs1_4096_des.pem | 54 ++++ .../rsa_pkcs8_pbe_sha1_1024_2des.der | Bin 0 -> 678 bytes .../rsa_pkcs8_pbe_sha1_1024_2des.pem | 17 ++ .../rsa_pkcs8_pbe_sha1_1024_3des.der | Bin 0 -> 678 bytes .../rsa_pkcs8_pbe_sha1_1024_3des.pem | 17 ++ .../rsa_pkcs8_pbe_sha1_1024_rc4_128.der | Bin 0 -> 674 bytes .../rsa_pkcs8_pbe_sha1_1024_rc4_128.pem | 17 ++ .../rsa_pkcs8_pbe_sha1_2048_2des.der | Bin 0 -> 1262 bytes .../rsa_pkcs8_pbe_sha1_2048_2des.pem | 29 +++ .../rsa_pkcs8_pbe_sha1_2048_3des.der | Bin 0 -> 1262 bytes .../rsa_pkcs8_pbe_sha1_2048_3des.pem | 29 +++ .../rsa_pkcs8_pbe_sha1_2048_rc4_128.der | Bin 0 -> 1256 bytes .../rsa_pkcs8_pbe_sha1_2048_rc4_128.pem | 29 +++ .../rsa_pkcs8_pbe_sha1_4096_2des.der | Bin 0 -> 2414 bytes .../rsa_pkcs8_pbe_sha1_4096_2des.pem | 53 ++++ .../rsa_pkcs8_pbe_sha1_4096_3des.der | Bin 0 -> 2414 bytes .../rsa_pkcs8_pbe_sha1_4096_3des.pem | 53 ++++ .../rsa_pkcs8_pbe_sha1_4096_rc4_128.der | Bin 0 -> 2412 bytes .../rsa_pkcs8_pbe_sha1_4096_rc4_128.pem | 53 ++++ .../rsa_pkcs8_pbes2_pbkdf2_1024_3des.der | Bin 0 -> 714 bytes .../rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem | 17 ++ .../rsa_pkcs8_pbes2_pbkdf2_1024_des.der | Bin 0 -> 711 bytes .../rsa_pkcs8_pbes2_pbkdf2_1024_des.pem | 17 ++ .../rsa_pkcs8_pbes2_pbkdf2_2048_3des.der | Bin 0 -> 1298 bytes .../rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem | 30 +++ .../rsa_pkcs8_pbes2_pbkdf2_2048_des.der | Bin 0 -> 1295 bytes .../rsa_pkcs8_pbes2_pbkdf2_2048_des.pem | 29 +++ .../rsa_pkcs8_pbes2_pbkdf2_4096_3des.der | Bin 0 -> 2450 bytes .../rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem | 54 ++++ .../rsa_pkcs8_pbes2_pbkdf2_4096_des.der | Bin 0 -> 2447 bytes .../rsa_pkcs8_pbes2_pbkdf2_4096_des.pem | 53 ++++ tests/suites/test_suite_pkparse.data | 174 ++++++------- 98 files changed, 1302 insertions(+), 1302 deletions(-) delete mode 100644 tests/data_files/keyfile_1024 delete mode 100644 tests/data_files/keyfile_1024.3des delete mode 100644 tests/data_files/keyfile_1024.aes128 delete mode 100644 tests/data_files/keyfile_1024.aes192 delete mode 100644 tests/data_files/keyfile_1024.aes256 delete mode 100644 tests/data_files/keyfile_1024.des delete mode 100644 tests/data_files/keyfile_2048 delete mode 100644 tests/data_files/keyfile_2048.3des delete mode 100644 tests/data_files/keyfile_2048.aes128 delete mode 100644 tests/data_files/keyfile_2048.aes192 delete mode 100644 tests/data_files/keyfile_2048.aes256 delete mode 100644 tests/data_files/keyfile_2048.des delete mode 100644 tests/data_files/keyfile_4096 delete mode 100644 tests/data_files/keyfile_4096.3des delete mode 100644 tests/data_files/keyfile_4096.aes128 delete mode 100644 tests/data_files/keyfile_4096.aes192 delete mode 100644 tests/data_files/keyfile_4096.aes256 delete mode 100644 tests/data_files/keyfile_4096.des delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_1024.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_2048.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_2048.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_4096.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_4096.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_1024.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_2048.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_2048.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_4096.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_4096.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key create mode 100644 tests/data_files/rsa_pkcs1_1024_3des.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_aes128.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_aes192.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_aes256.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_des.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_3des.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_aes128.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_aes192.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_aes256.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_des.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_3des.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_aes128.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_aes192.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_aes256.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3405c7f38c..e963f493fb 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -76,156 +76,156 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which ### all other encrypted RSA keys are derived. -keyfile_1024: +rsa_pkcs1_1024_clear.pem: $(OPENSSL) genrsa -out $@ 1024 -all_final += keyfile_1024 -keyfile_2048: +all_final += rsa_pkcs1_1024_clear.pem +rsa_pkcs1_2048_clear.pem: $(OPENSSL) genrsa -out $@ 2048 -all_final += keyfile_2048 -keyfile_4096: +all_final += rsa_pkcs1_2048_clear.pem +rsa_pkcs1_4096_clear.pem: $(OPENSSL) genrsa -out $@ 4096 -all_final += keyfile_4096 +all_final += rsa_pkcs1_4096_clear.pem ### ### PKCS1-encoded, encrypted RSA keys ### ### 1024-bit -keyfile_1024.des: keyfile_1024 +rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.des -keyfile_1024.3des: keyfile_1024 +all_final += rsa_pkcs1_1024_des.pem +rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.3des -keyfile_1024.aes128: keyfile_1024 +all_final += rsa_pkcs1_1024_3des.pem +rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.aes128 -keyfile_1024.aes192: keyfile_1024 +all_final += rsa_pkcs1_1024_aes128.pem +rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.aes192 -keyfile_1024.aes256: keyfile_1024 +all_final += rsa_pkcs1_1024_aes192.pem +rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.aes256 -keys_rsa_enc_basic_1024: keyfile_1024.des keyfile_1024.3des keyfile_1024.aes128 keyfile_1024.aes192 keyfile_1024.aes256 +all_final += rsa_pkcs1_1024_aes256.pem +keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem # 2048-bit -keyfile_2048.des: keyfile_2048 +rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.des -keyfile_2048.3des: keyfile_2048 +all_final += rsa_pkcs1_2048_des.pem +rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.3des -keyfile_2048.aes128: keyfile_2048 +all_final += rsa_pkcs1_2048_3des.pem +rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.aes128 -keyfile_2048.aes192: keyfile_2048 +all_final += rsa_pkcs1_2048_aes128.pem +rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.aes192 -keyfile_2048.aes256: keyfile_2048 +all_final += rsa_pkcs1_2048_aes192.pem +rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.aes256 -keys_rsa_enc_basic_2048: keyfile_2048.des keyfile_2048.3des keyfile_2048.aes128 keyfile_2048.aes192 keyfile_2048.aes256 +all_final += rsa_pkcs1_2048_aes256.pem +keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem # 4096-bit -keyfile_4096.des: keyfile_4096 +rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.des -keyfile_4096.3des: keyfile_4096 +all_final += rsa_pkcs1_4096_des.pem +rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.3des -keyfile_4096.aes128: keyfile_4096 +all_final += rsa_pkcs1_4096_3des.pem +rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.aes128 -keyfile_4096.aes192: keyfile_4096 +all_final += rsa_pkcs1_4096_aes128.pem +rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.aes192 -keyfile_4096.aes256: keyfile_4096 +all_final += rsa_pkcs1_4096_aes192.pem +rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.aes256 -keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 keyfile_4096.aes192 keyfile_4096.aes256 +all_final += rsa_pkcs1_4096_aes256.pem +keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem ### ### PKCS8-v1 encoded, encrypted RSA keys ### ### 1024-bit -pkcs8_pbe_sha1_3des_1024.der: keyfile_1024 +rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_1024.der -pkcs8_pbe_sha1_3des_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbe_sha1_1024_3des.der +rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_1024.key -keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des_1024.key pkcs8_pbe_sha1_3des_1024.der +all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem +keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der -pkcs8_pbe_sha1_2des_1024.der: keyfile_1024 +rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_1024.der -pkcs8_pbe_sha1_2des_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbe_sha1_1024_2des.der +rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_1024.key -keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des_1024.key pkcs8_pbe_sha1_2des_1024.der +all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem +keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der -pkcs8_pbe_sha1_rc4_128_1024.der: keyfile_1024 +rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_1024.der -pkcs8_pbe_sha1_rc4_128_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der +rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_1024.key -keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128_1024.key pkcs8_pbe_sha1_rc4_128_1024.der +all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem +keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 ### 2048-bit -pkcs8_pbe_sha1_3des_2048.der: keyfile_2048 +rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_2048.der -pkcs8_pbe_sha1_3des_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbe_sha1_2048_3des.der +rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_2048.key -keys_rsa_enc_pkcs8_v1_2048_3des: pkcs8_pbe_sha1_3des_2048.key pkcs8_pbe_sha1_3des_2048.der +all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem +keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der -pkcs8_pbe_sha1_2des_2048.der: keyfile_2048 +rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_2048.der -pkcs8_pbe_sha1_2des_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbe_sha1_2048_2des.der +rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_2048.key -keys_rsa_enc_pkcs8_v1_2048_2des: pkcs8_pbe_sha1_2des_2048.key pkcs8_pbe_sha1_2des_2048.der +all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem +keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der -pkcs8_pbe_sha1_rc4_128_2048.der: keyfile_2048 +rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_2048.der -pkcs8_pbe_sha1_rc4_128_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der +rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_2048.key -keys_rsa_enc_pkcs8_v1_2048_rc4_128: pkcs8_pbe_sha1_rc4_128_2048.key pkcs8_pbe_sha1_rc4_128_2048.der +all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem +keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 ### 4096-bit -pkcs8_pbe_sha1_3des_4096.der: keyfile_4096 +rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_4096.der -pkcs8_pbe_sha1_3des_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbe_sha1_4096_3des.der +rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_4096.key -keys_rsa_enc_pkcs8_v1_4096_3des: pkcs8_pbe_sha1_3des_4096.key pkcs8_pbe_sha1_3des_4096.der +all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem +keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der -pkcs8_pbe_sha1_2des_4096.der: keyfile_4096 +rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_4096.der -pkcs8_pbe_sha1_2des_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbe_sha1_4096_2des.der +rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_4096.key -keys_rsa_enc_pkcs8_v1_4096_2des: pkcs8_pbe_sha1_2des_4096.key pkcs8_pbe_sha1_2des_4096.der +all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem +keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der -pkcs8_pbe_sha1_rc4_128_4096.der: keyfile_4096 +rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_4096.der -pkcs8_pbe_sha1_rc4_128_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der +rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_4096.key -keys_rsa_enc_pkcs8_v1_4096_rc4_128: pkcs8_pbe_sha1_rc4_128_4096.key pkcs8_pbe_sha1_rc4_128_4096.der +all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem +keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 @@ -234,59 +234,59 @@ keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v ### ### 1024-bit -pkcs8_pbes2_pbkdf2_3des_1024.der: keyfile_1024 +rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_1024.der -pkcs8_pbes2_pbkdf2_3des_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der +rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_1024.key -keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des_1024.der pkcs8_pbes2_pbkdf2_3des_1024.key +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem +keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem -pkcs8_pbes2_pbkdf2_des_1024.der: keyfile_1024 +rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_1024.der -pkcs8_pbes2_pbkdf2_des_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der +rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_1024.key -keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des_1024.der pkcs8_pbes2_pbkdf2_des_1024.key +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem +keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des ### 2048-bit -pkcs8_pbes2_pbkdf2_3des_2048.der: keyfile_2048 +rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_2048.der -pkcs8_pbes2_pbkdf2_3des_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der +rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_2048.key -keys_rsa_enc_pkcs8_v2_2048_3des: pkcs8_pbes2_pbkdf2_3des_2048.der pkcs8_pbes2_pbkdf2_3des_2048.key +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem +keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem -pkcs8_pbes2_pbkdf2_des_2048.der: keyfile_2048 +rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_2048.der -pkcs8_pbes2_pbkdf2_des_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der +rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_2048.key -keys_rsa_enc_pkcs8_v2_2048_des: pkcs8_pbes2_pbkdf2_des_2048.der pkcs8_pbes2_pbkdf2_des_2048.key +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem +keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des ### 4096-bit -pkcs8_pbes2_pbkdf2_3des_4096.der: keyfile_4096 +rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_4096.der -pkcs8_pbes2_pbkdf2_3des_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der +rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_4096.key -keys_rsa_enc_pkcs8_v2_4096_3des: pkcs8_pbes2_pbkdf2_3des_4096.der pkcs8_pbes2_pbkdf2_3des_4096.key +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem +keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem -pkcs8_pbes2_pbkdf2_des_4096.der: keyfile_4096 +rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_4096.der -pkcs8_pbes2_pbkdf2_des_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der +rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_4096.key -keys_rsa_enc_pkcs8_v2_4096_des: pkcs8_pbes2_pbkdf2_des_4096.der pkcs8_pbes2_pbkdf2_des_4096.key +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem +keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des @@ -295,7 +295,7 @@ keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v ### ### Generate basic unencrypted RSA keys -keys_rsa_unenc: keyfile_1024 keyfile_2048 keyfile_4096 +keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem ### Generate PKCS1-encoded encrypted RSA keys keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 diff --git a/tests/data_files/keyfile_1024 b/tests/data_files/keyfile_1024 deleted file mode 100644 index ebbd61c5f1..0000000000 --- a/tests/data_files/keyfile_1024 +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCsDcv6br0DRSxBvOuNhnubmZI8bsiNbtXBAajfiJYZpbsuaQuU -aiDBNT2RrEu4j6WPhwEOuu67N7KVkqPILEC2nzRSklzy1SqVq1x7TUNsZkM23Qh2 -XI0DsfWKAOnz50lVfVFVaLeO2Nx/NJ9r9rGYmAaQjDrqW0YiWgIsmIoiwQIDAQAB -AoGBAJU/epwJB6kYjiWQTfz8lakKdJI7v3kAlifQ2r7daudgnpjJwqPB1BwFpR0C -isTUxtdUUxSGD6UT0bRx+eUgjhjwPl1YqtgqNteZqFg5KADDagZEvbelGsoVF2JR -RtglJqBxm2dnXNP4tEYi0h1pdaXM/V8rrj0EXQZxd0oxiAvJAkEA3I+62w5/ihGr -A5M4RkzQ3cOU9oFshUsPpQxQFoyuOut0ha6AhXaLyvuDE7FWgU0zL3IIPEbxsVq9 -D9P7wVLlpwJBAMey0v+5XiIUKYZvxvXsMmFDooS6zdjeJpfxBOuXy/kfafV7+Xee -zhdTQE8vO7pGhqpWf1HGYQiMCOugQVqyEVcCQFuOmo12fkENRoVMZq7gElAMcVjG -rwrB9vOXoeNKcMTqmssnfhho9mzDbU0Ob49rQZUva/XBqXDq7tKUN8yvob8CQQCg -pAJFweiuQ0fQJDSJeTJhuZWPbfHO5Y1oJnLNzbNAOHv1BIB+MFoau1Z9HELQqpED -j0cmEg3WYUd/u8821Q1LAkB5YQyPIPcQTZCok6WhC9xD9NXsDo4Ah6YpOhtD9fcQ -82ZcIaYkZbikTfzyZA4gsHhnVaUHx+DJkPicUSVZ+mKY ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.3des b/tests/data_files/keyfile_1024.3des deleted file mode 100644 index 41448c17bb..0000000000 --- a/tests/data_files/keyfile_1024.3des +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,FC303F7A77742B90 - -uTNEmtVgwQVIKnwtTcIal/TOZpwo9bbdVdG8PYGJavk4lfcvBbNyBs/2fRKi4RU3 -lbraw0jiF1XAfT1KDW+XDRJyNXEDQCk1cckvNtLsiytby/znqFg8G7u0phZ7JtOu -gsPUa49Bscu5whTtePfNAguA4LGA0Njmd3regcc54ygC6x4qBLkHtlTqAHQPoRgd -V4baIIY7u7PnE+BG7KObAQRUNhCOkEJ452/3nvnT2LTm0umaNuxcXA6HHSiIVPKr -/cFqpL70XRGS93xBXOBW8+SO9ekr7q11Zq7RA7y7Md0WuzBcA5hBALMPYizsErZn -mhwrJRphxLCFIx8ruSnV2kASgB/RqTJcQq0TfvTrxOaAxFcpvRcRjzUwYoU4fSbq -uJYjrNnfzgOFry/oMt1c9HaA5QDD7S5cCfwZt9w177FwKT7HAiYoPGM6SrS+MFjX -Tf44G7wvhJJ3Afce8ID8x1r7RreENTp4tU6fw3GqFYXAQmk3+PN0GfizRxSWcCrC -2rqeGi/bwuRu+QPEOO2M4oKUxxVZDCbPKjGN5P6AljeF+eTL1YAIOMb2sHTWT+Pj -WOAFxT/if0Ue2mIUIVbPUmymLwNBP3ztU/iF/YqKmZHeoeBt7Em34M6RlY93GEU0 -W5YwEmuGbJ761mORvcjskdXH/RLQ3Zlx6oOjXDy3ZxpzVI/zXk9K0xYO+ise6auA -kMOERq6qXuOgdxa93cWeeJ0dgV5TiWNAQ6krAGV5fGZGt4HOeJUks9VAMpjWzcKw -ONpWMc8mJCMJaklZ7mwZ29ZOTsCY9IeSwoZWS/ybStD6f2Hr2cEHqg== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes128 b/tests/data_files/keyfile_1024.aes128 deleted file mode 100644 index 8df642da2d..0000000000 --- a/tests/data_files/keyfile_1024.aes128 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,14AAB792276B5CBD7BBAE51C3E070E54 - -FsqYOUb6GINEBjW391wJkgXp/Kn1Rcl57h87u0ImHvnlHwlV2DlbQLGsdxtPne5L -0sNyVBeQ4o2zkcobcMkmsrscmVxyztgD0cvlwG8kDgTwH4059/oC67vfXBHmnSTB -RBuXNcneDZTQksN45TQ+B8TDfbGY7l7wsob27K3g5MW95HaLOKBkG25HgWiREe2c -lHEDymCK6+VDnaUy9YgVsjIOpm+FuS1LkHRXC8vuxf9tlzd1/7MAIquuTbaMsIUF -reD3mWIEiiN9N+y2cwTwGjxoP1ZS7X1knFIlPX+JjG2NLWQclflMCLbiNu+NaRqV -rIUAXjag/GY96xNjyKDxfEJ+RqF7e6oUFU61fUXwmO0k+/Pir/I/M++9WwMOmFpc -UIJpQitaEYGAarz1FoZ5JJDFl2AeYxI8vywwc16efcJYHk8yg11KEfGv7Hje33br -q3+zreLqqKs+ovkENWKgfLjBpLA82pghyunXH0wVGbrNYCzHVBtTZYcJveBTGq1P -4SGkjBGtoSb2ShMM4zxoMFKtk76IzUnlrBpG2n+WxdUNPZDcQrew11TX+R7uk50C -Bk3jXWMKdf3rDYfgka1O8a6OPlImwwAF/NBx9snMKfu3qiUt7IawY3rzdmcBh95X -P2e2IJR9jMrS/kTPc/gZo8hbCSnViBx7csnR9giq5x6kUVM8A1eIOANK2b7VbJxw -PenaoqluxBiy2CnTraxj1AqGWA5qzlzjGYnUS7HUjfLnt/YurpvkQhySSpvUJ6VR -IZWwTftE/XHfsepqfMnyAdkmd4DoUTTlQyUQ0nP07crDLMbiaoee9hLFNcWdwua/ ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes192 b/tests/data_files/keyfile_1024.aes192 deleted file mode 100644 index 45b67d44d7..0000000000 --- a/tests/data_files/keyfile_1024.aes192 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,B2012D182BC0571FC85B23C073DEC75F - -vnSFZy59JLA8GLUUpBvDRFm6XmbgcKbQJ3bFM6yA4DJrJn5JjfHcsTjRcWUkcOGm -OkSXXGmBJk5k20KI38ZXQX6+j/W8nnfFnu0eMCgo/+CtrKdeIzvBzcdmukEHZp9x -K4L5as8xsL0xf1vPXCyY4AyNyJOvsTkFi4P6ih44z7neGQM8sMhCz5BVSK0bzWZg -/vnvEit39faqL6t28B+OZPil1GCRHbi0PX6ns85xpQw1QNeEwlZ9XmltP1KHWeJ7 -jWPK2Dced/ZihN1AW2OPIHZ8xddP+yJJPdI4HKU2VXIcEDFZxLkSOWfdbb0W4jqp -z2iKJ/tJzQ4X4F3Z4zcx3pXWye0HFNMu7b8r6sR9iQj+voYEnOtJEloI2Cm0sRRw -r5ZVLt4iyQm5xTCSU2GMD/yNImiB1Dwv/+1k45xHcUMgTYiTwgTuFQIwilwl5QUY -R161tjGjmUQXYzC9fn9Zr2vfJRkLlh+ygW7ennycgfHzkva5slaOCSAstEC0aj2j -l26VFvzXu9qLoI3bQzfkRi0VU+0qLtI9cVMobwbEwvERwgjb6doyCeIB7R29P9j5 -MmkHYBF6qaXU/ICOnesd/XtBlb2aNNsYZJLOmwSCVZgT+JYUM35lHulhQWy0V6DB -4qFkQs5fRH+apIjAsb7Fk8/yjrjwKQNJmkUu+Um//5hiPcRYxyp046BokNTZFda1 -v8jKkKX2eAhji3x8PS+z1XYpfUJ3uAysSoTPe1YiwbXizZFWhh/Pan1rIOHwdKmy -da3957PnwjmANKUT0EveEe9ASrGgdN5rUpeeXGENbtmS3iX3g3MMepF6Kyb/k2dI ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes256 b/tests/data_files/keyfile_1024.aes256 deleted file mode 100644 index 2daaa96b55..0000000000 --- a/tests/data_files/keyfile_1024.aes256 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,490781FEB3C4375838778AD3D95EDF2A - -ECaTWvExEGV7cT05z1iGIre2LLgVaP8mqfxKQdaNnrAYaZDV9hrVVIvSICl3IMMb -9PVbCrWK5cgMDSqFtPS7y/ZpYN31alFVT/hgX+Gk7pEJp16qZv/arsiXFdGxaWmp -4br+oNiq5QbzDPwoBNKiWUGUk23K/TyxAg3aspDaz8e6EGE/zmhW2qKIXG2t2oxi -Gowb74mXFzZ1jYUfMpQw32nIybG5+lIwpSTY3DWjl1AKhlSvXgnTTNmS3XZwJmKw -FSXXlDZs9OM7n3GiLoA3rmeaqGRblArklykmh9K3uXRXFjGGWOduxybSFndIdYwM -HdV+Syb3eJ9wF15nk53DeDFfU8gaZ2GNUjt4B3nCOBT+iFhEFKguvo9bQ52EUU/p -mzZw/X3b8ui2YL131CI6BWdPZ2MoV2v5i9ZdCj+q9s+3BIGU1EgnU+o38LqYyekF -wdyc+PHMhq4FqzyJYPju4JQ711B4eKKXIVjHx71v2zt1ccB5a2yK6LLv87cZ8d1a -0ubOv84aUGPkA1mBvZHogsxejthraHFL77Fk8JgGfdTwOELpvK1JCOZbm8H19yBO -dxYNQnj64eWm2fgKrcHvIr8wR44RgB0cwucVjQ8LTgcrCDt7NGG6Z/3Vxeu6oVDa -ZDzbI+MvzIJwxNqQyjlYMoK7jJn+FJ+eihv0h5keoY7qKCFwzrE6eQFSZPBM8/KE -B90kVdpooUVkEqvcBSOADVrC696YB2F6pNuEUULiefJpcFsX5a2eGHw8Z1sPc7Pv -9YTRvvu646gX0JCZRMStSIMOtu8qveH0HtyFD9RTpV3DGpzAZmli1uOVW02bfp5y ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.des b/tests/data_files/keyfile_1024.des deleted file mode 100644 index 368fc323a6..0000000000 --- a/tests/data_files/keyfile_1024.des +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,4DE281E021845C67 - -U+/JQ6yKL9vbyfrxM+v06U4aC+2E1QM4zHLtjMxz2wGqlm20H7mYDRaMOzW/RcTm -56Pcj7vplKwPdbgDohRVzvXa7vzV2Cr0/Y8aCdLEyRYJrtHJBk3+gjBD4uoDXhhD -Ht7IA9WfiddMbD6ZKaQgBAJTh+JG6XqE1mmGsCsUB3JarLY333u6M8VDhhvYFNx5 -Gw/c2hPixExnOmrGy5rXnIY3kzTB5xWYVPVrWy5+oIsSVtk6+5NiUOV273aY/t4t -EcsbbHwFKWchg7loEDoFhQzinhjMupTjLhjAP6nb6m1tGqoPDux5oiRBgdmeUTx5 -+8rgjPiaPezrALaG5MLnvR3w4rKCP/2sYzvc8bPvx+kC8T30Cf78J3kCUl6Mbgto -bBiGB3OrXkIebonWSZK3M/MQ07Gi0KYC61ZR0LLesXNpoK4oODFIvEZhXBKYIr6a -3fhOOjNPYD5hY49iw7OFR9kZ2dR0JSQ7YUVMvnS0cm1/rxPEFxZtqgwQVlhK3dHS -m4PvGD5JJJ7051/+H1ri/g0/Y9WE/KQMV9i270TLD891ND3mpJEErA1xeulzBbxo -/1NJaVA8dgrgHiCdEYjzJQLiFif8MU+kE9ZPa7jUON0jQz4aAs7cTA3o5SV26D2R -fyySVFCAk4dZmb5yGNhstN8dRP/DGs5t1Gwrlfd6jT6+hqxNEEmBH02L+jncfLL3 -xk74SVqKMFUE56hQhTeiyC3E1l03LrdNFmPwkD5/evMRK8K39esFxRnT5iOmt6AQ -AiG0zvb7lvkbk8hUnZA8gdTRqUxsSwMjOsF0MzZodaE31bu+DxHn3g== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048 b/tests/data_files/keyfile_2048 deleted file mode 100644 index 7babef484a..0000000000 --- a/tests/data_files/keyfile_2048 +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuhHGZIwzdqq6yM3+ecmqj6DGpBZAYPHca2Dw3E0k/1/iLEXP -n4wSWWza88HneHU6wv/75Zuv+Z/K0ZeZ/OuG9vNIExUEfsZZkUM/cly9GFZrcDH4 -KXE7bxgiDP3zvSzKjPdk5aFZ6DJfK/iVmDCpjngEXsn0I3iadMWMtxokJipoGRlW -F+6b40DMQlX8VNJYU7269w84SmRRBAKLo5ZeNskI+BKpmqInZRfa9yGFOB/g448f -bE2NuV8E1wQzHbsdXV1HpIi+7hRmiYXsZVWIW2WHqy1TJxXWFo2sTOUW18CvNhac -zorRB9lZGT4uzIfJ0eKr1Z4uT/7rl6f/T5QRnQIDAQABAoIBACJtc4XbIxKL2G+b -HcCu/a4Bk3981oCZf60mjKpWY8gUl6aVbCsbIbIGICUF9awmFK9L6fG78r1/QWmy -YT2Y3qoGrYlKVECYtq3YAX9JhXthUhO6Sy5v0w1lK7e3rUeNaBTZGYQbbKU33MAo -CJXWOykvL6/SMif2Aq4kdzrRzWp6EVE73bSiicKCInJCDw+lQjtKWQQp0z0/pRRW -td3SLE0uIgjseRd6IQQugccdWcxqcIdA4u9IFEONI0VA0UGbckM0A59SC0EKL/tR -b6yUbOTkyXPAERVn9LqmBEIj1k3WyIkO+w/6q2hNTcTTTax8dnsTMfdG9OKnpL+4 -EnheMUkCgYEA5qftyM8sDgZsVLg57xfuX6BRiuJjtNwN0bMjkX+HD1FmqjniygYh -LvczUHDf1jwQKS6GQrMEWT03oojd5E/pOB+2RvCF5pPzCZrNNBVi7mSZVDMDgDpf -vIQRaH5VXVbjt7MSMTl2XonAsVtP0N9ivhFF1zbJ9X8UyM5FpO2VlssCgYEAzoOu -YdNqjWsVIgdq8HKiURrbhjSdggPU/dE7/aJZUrW0eAMrUBs2b5OxUzhJ2wdJq5h2 -N3VI9hYyeKzlnGbHuO9Sfxd0Pq2zus4t/tMs9xSy0UnwYfI4e49Ni/aWTVWE4Y8a -dVDPd5+Qe8ji9MCjcS685fbYWzx9CxzidGIQhDcCgYEAw2QMNajyW+srB9WMFjOC -lfU8PlerOQGUn0iOX+nVIq/FNXyV1qe8ool8Ka+EnnoBArHLwGLf0yzdnU0uEwNy -wD107sE/3OUF4+QD4xQe223SyZXxaEWK5ipGiOtEKy649tu2FIbl9A3jcxq0EW+6 -uOHu9PIPwWxm0fiS3LT6nGMCgYEAiOWZz5eKZry5gZlRNpuHJiSbqVdvoiRQKQFu -ty/L7pwtSfEv4SZo64YIYpZJvzwRhgLHOvQwrZEBXCWhABDSDLH5Ce7OTE5xej/7 -FZV/lTrPXxWYmBUthBr22PVZpWIveCaY73PmU/IeoTAF4yFgN0M4TWlY+wIaEifP -pj7rm/kCgYAORhWCosYykYqHKSC+pv0oCg68E4muam4GeHALm1tbPtQhn6C2Q9pu -4TVc/Pp47XZolwxsDPDvKlH6QsbFkQR5OJ/nhD3aVE1Giuv/gIZNk0d5aQMFjn3u -xChnA9dsOsZRDBglKZUMPG3Vz5IrVg0nTkpc1j8eRiiZa2W7gjx8jQ== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.3des b/tests/data_files/keyfile_2048.3des deleted file mode 100644 index 8b44ef6eb7..0000000000 --- a/tests/data_files/keyfile_2048.3des +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,1B629C0CEE2C13F3 - -TwNn7h27JVNdu/bms41vRpA3vrEtzTbWjdf+3pACwbYWJV4i6iSHoRxOLZLzqDx7 -27pz4aBASEH3sIuzcz8tuhh06rE0L4k69Pct2/sKiEKxx0g+fINBGpdRTdGnxMbU -EbIaOR92b06MvCxROoXx1EsrJ0BSPGW2VvJQ1LitBZrOFVWEKc3LLki09c30Laor -qGmU0LDGTC6gu+ykuEgeyl2IiSv6Jjq58UQPO+pSUrr1WdjS02LWjy7WT/I121Tv -4VepqJLgU+HmIBmrjBhdE4CFI+cM7ndlhboU4mKCrMxGbSYlJFARCdW/Kk8CiWGb -XKXBheyHZ0pxWZ6QcYFv7fvqQNqdvZZyEJBythPBklpz7omnveKYj287i+RbhndW -jeEJA7WEf04AlM1q3dyfWUrvpfeAygqSyaU+xp2c5TpYp34KYd2OGhvCYn9PqIKB -DlkdHnWEwP6IgPDKB9gqBz9ET6ZIdBJ5R0c7FIsR3IE39uRwkGaggQrcHRPzWVgZ -9GwkaH4i2R0c1hXlOCa0CaHqWjAbtiBxGlBeJdww+UZcaV4Q/mCCA5/fSKI+DqsE -Z+D1mC53Qe8TDj06XUiB42J8EjiBzBlm8O/v6HHoXuvR7ijLfaKeCuLTM5HRFyCC -6Fbax5JO1cyt/45DjrWvOnyKOZuzri/ctybeqmLxMneka/rXZsq6I/QqJzflq/PQ -aqrj4c3hfB30cjwkqRaQafPrlOWiU9bZSgLctzPTZycqfp1l9uwnlZm0jhJ10UNs -1crxnWFpwIfLtaR41iiHvZC4CT8WBRgWhUURStd/N7/BLN19kOP0hDH1Qu7Wdw9o -5mIqvlFKrakaNl4cJRrw6QKqP0HpEFcG5cuaj6fM1r7WyDJbZlHibOYYT3ZJ3XCd -GzI57blCRtm1UbffIr08fAOQg+1amJ/Q13RCb1OpA/3I+FCrT0n3zXT1fKwFWaXf -VaaFdPdAfUssJTcbgfjRUWklTFp9/6QE7m34BZwmgm2nNziTjJ+mthtqXN2nNtOx -tr6zFp+Ih4DnJfRQTf9ew5Jt+IceqEwQ7gp+BzidvxS3sCVFxIdN10E31DYj1tS4 -VIMUm6canmvRGMl85i7m3KB154MBdjPBkPnDBaBLkiyFlMdtc5YU08clNqSKkYM/ -kMaOfqtfI8AcfqllQRw/Zyolxd37FhI4rmrHjSQFNsJVcHQkXoRfy8M6rmrp9VnS -hUjPUBnH4grz5oXbZftkgxPI/q4ODhFI1XtqdzBgOvqPNc/zo+tFboad5mUMgeVN -jFvyupWlFRp6I1Bfqmd+LDiv/ufJcLyPEOAaUJ8TeU7T8QOMnkbU/K1u9nVzB+cf -YAwCewn+hrKiBk3c6bqGwObMa41rapV5bgnct7K7GJTikr8B+KGom40GyQtrYlK/ -qosSH5BiIyUkDKaQKZdC/ZZAAXKhvTkOMq3WrF3fs+LdDLcY73lG+LbksxmSKMS+ -+MyZ1/v3+QPSgbPu/9MNsdu+Is7WfkX5TGD55ct1JhEWWW+XJr6LLuLvd87WsESz -fmo4x1dh3tbiT7bYvsTcgcGURaw8lmP3+ohW5WS9Nu8m+7+aVYvRtsIRJ/82n2Fi ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes128 b/tests/data_files/keyfile_2048.aes128 deleted file mode 100644 index bc6c6d44a9..0000000000 --- a/tests/data_files/keyfile_2048.aes128 +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,09F6885B998C878DA5DB6A603F90CEBF - -hvmN7Ox4lz+aEmS3OztRTZEr0VuV5zpVHNy5RJGfyPodyY8ituvU7PsGbgESsd3n -7h0kwWnW8xYkIXGfRPUI/I6ji8JaDsEHAO42rP6FhqL/lF4KiBg3NnydOAO99j8i -MYY2vBsInyxe+VkbanwSAwbQIXoTfgHQf2KMs5HSQ5AHnuyZBC1mEbSiyVtlUU4A -o8HJRHEXQTV+jkfDY8JLK1gE3AhsLXaLrepU2L6ASpgXl4bWc5GpUtVFA7POuIQ+ -Y1V/7gfu6hSXNSY7iW3am9i1eN7fyLcrYTWty/FrnGDO9UBe9XBD6OE1J6ohgz5X -lL9cvSHRq604gmHe4MxN8UHLKVxCP3/xlB8lI/YsfBc3AyqqVjZq1f+fa63D2Xre -rl5xnil6O4mTMnN57RuKInewdTA9cRu0Ex+Ye6ZnA3KMCyXd+UxhayMTx/3XykMu -4QE04te+BN5wEjQ10TbH3s3yYgUjrDQ29Olq/YUFMo0AiZFw9eOlKCCfuD+BBRot -6s4xF6YrUd3bENdqS6QytziTJ4D6h6zUtWkdO9Z28E8hcc4CpPPBwjGMkmwCW2dm -EXkv260cMSPD9HCvG19EvSQoTuhfpO1bLxr1dJJCiU18GfeJOzq9w9mmYRtSluxQ -houae8e+lozcQ1yIIlj5qgHIB0mB9AGB62XIisLpdOeej50pzVkWZ8d8iHynFa5x -78HO2XDf0fAmocHYu/OLSE4FTXXKAidMfo4jHfsvjQbqE+5J89ZcBT1e5vFqUqye -K2iiZacRWrUUVpNMlONyxoX7h8kYyyxf/j4Q6/wIWS5OZGLttvEl3MCN9iNmF2r9 -voM1PopgX2j8GTE+FLRtebmbKZbv0wXGqaJoW6VBoWd7KrLgig1UeYagwnoiUJp4 -TgcJFJoC2Mzaeap2fSph+Zvuh4PMZnWn+k1Xccrn/DPrOSkvZZQErmwNpHh3qonz -hYN4IChtOgviXungpmVMHFWcxQg2zYu5AKO68PXHvYY8LUnS+4GXqGlkcFrY6eV1 -w/tlM0HuvqaLcOk710cVpc6vC0sMtKrf70nRKm0P0SIlxcnVJuk9PenpdrMUttAD -27ey//ZVeGSQ9MZfpDKcvXRmxWUv9VLESF3XeqnwKkLqtXRTs3GYX4xnbHkSjkvy -o2uFNqBedABVSthArwWBCYX10BISsbN4cM0fNoxDtSmr7gOt9bxwNeauATvbKWYx -MZ8c0My2PDz+dN2sTqUV3IyHOGrPxU2R0V9VlyhTqRf7J2E4KpXeso9nJGGMMIcP -f9luT9BGtmAWBS7t3XE0TMTmTuUFHxQC1Yh430yAIXQtHQNYtwEna2u/3R3LkEaJ -HTWWX4oGKbHG+cyiDqN7C2rQ09Rw7+iysqXYJqmpGq/DofmZaE/odDR2DRixW6Gg -8+5PkwTkuQOTFJJxUjK8qBCNIl2luh+2Zg+uXNceQYgAkv6sWwBq8kSdERfNz7t4 -+YwQAipTGiv5wpIYfisXsUZi+lSijfo7j0G55M07lZ7Zr0er9QIEsoYrpW1Z8QTl -/gUw7loYsrQYc0G0XfrmAxez/QSv6J09RPlFTUtIIRpJXcCahmQdDjed8vqSYgqd ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes192 b/tests/data_files/keyfile_2048.aes192 deleted file mode 100644 index cf38018916..0000000000 --- a/tests/data_files/keyfile_2048.aes192 +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,C3122B70EC372C6C99AFF447A1D84E0D - -mO7xSSSHQcDBCmn1BCFOKUgXct81dzRa38bPymInB1HugA/j7uvCqW+2W7sU3vFc -Aa6M3eSP1vEI2CtDKhRta3zPDMUQk5eHk/+2CzUN+KO725Xk+e/6vqVzN9iVjidv -g20cdRX8GYUKXdokvPtqmUSmbBxVpdy453uFT3/lIo7C01jHmVu+vc+yM2Uf6mwx -lS/LQ0Z3odgb3S1j1iby8NETi3bud/Va6h9T+t7BGEL8l/tgIuSBvJtMdmxbjbSK -4phRVV6il7wE68idotsVj/FChvnjuXe5E9oskpjw+sBioesfLrX4C/zAE8QwBULH -DcmrBt7LHsjuNEHYDXglyWfTpifCo2D7mS8IxcYH76xasVxEenDYZIcQlcstFQtT -CAR7gmeGxzJOkmOsgXeqiwxSY+Bz6f1P7D+jzuUuOr211DVMhnN+TELPWX3bHbJb -RwFy0ZfKxKKS5V5s82sQLw4RsB5kE/Re8Zkq1ZVIW7QhECDlA0kT+lf2fYX6JpN1 -FgPsgrSWaL0ZRJkz/aZERxbjJeZthsHIqvo5UBccVkgo9fgl0FJTcu4lGz6FPNMS -BhknarG5RzKHjY9q9FRCNrv/KirahCslEspwF7yBTh3oUPJ+61t9tQyqG54vTzje -wcit20iWvgMo+efX0awDmDgEtATsvG/9BmNQE2KPfXYvtZcvNnlUMIEFEpbcG7Kd -nehGyCZE1OsRpVwlDjtBi4GsgbscIswCqMo6496cnEV7NhzpaHpmFsVGoAek7p69 -UEMidOmO0VxnOgAnVO2ldTMzJvkE93YwweSbKIqE6yQN2CTukZ4eOUS7F7ZYa0Nl -De9MgTUuiCQ+ZFucIuzNUMQlkMrqSmaKdDVtr00OBeJgwXnl/5lSRY5Tv0gHnyLv -UFQPPtMB0aD3xzCI3BrlyFSCB8qj0EiLiHTF+f1cZ9rfVHykoTezA27278bCGeqP -2Vso6ZcXLaLawwzGfl7YQBpf3rcy/Vs3x+3b6pVbJ0QVISHon/Wb0GWh4C7ZV/MF -r2k2KveOcL4yWCxeh9UU7VYPjb0B9D5y3XsGwUeQfnYqgpbMincB7vBXId2kS9nP -N2vAnZaI4V8f+GBHmTr2LU6MRI5WYWKFPpY32ysR/Uwa4MfjPefD8C6djzyyrkk6 -UWylB2/NO4JVpwM1NmV81U0yOS8gEwIo779sB72bkdZWItgkuld8GTRU3/aJez5O -+cK4+EOtMALAf+DmFAsI41CXcjjk6mDWp4tZ1GCst0WvRf9sZs4kDbQNMdTih7aN -p+B8fwGlvErmmPl9jHmnISV2QNlbovmpInKD/cERx1RjZrc2uGLTQMIZBgwhqnzY -xj4hv1O3s0lHw+FEJ/xYI4gAJa95gs4eFPAZr/TQ3U7N0MweFI6LMNDJFQpuh7AB -djCTIoVv8EuHXxp+MhqavzO3LGxlB8fFDhFLPGfUhRioCDxExs12MR3qFKqmiA+e -/KntWeHDWcjmJTfhazq3hldUJVy43J7dACCKJ+QXsvvsgW1YswXWQIW5D594hcrq -9AzXl5Qd8kvf+2q+AoT7yZfvQY2YhLI7n0p8sww6+pGUZQd+aEyBsJK/JiW1LqeB ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes256 b/tests/data_files/keyfile_2048.aes256 deleted file mode 100644 index 3cadb3b84f..0000000000 --- a/tests/data_files/keyfile_2048.aes256 +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,5C4224A75B008756921BA509FCC77A53 - -nw3Mep+219ueQNBL7RhkmesgREtMPl3yohuuqHupVs6uPaYWAheiV5rcm+EZiLlO -ddAv1DSTCLjB8Xuo0Y5DjNTr33C+2WGrq3yrCKq0xSMkHMmA84fclskk/YYHkFKe -oRNng+Zv+S87IflFUw4M8GRi2a6A9vUj9699rvXTlNkzj2iOPJqckBX/qRnSwa3F -5lCe0A/PgZ4spbp+FgYnKv3VKFjkNR/eE34K/F+H02CVyzUKZsWnrmMIkoLn9Z9J -Z9EagIWMNgGVWpMEbnnG0vgv361ZTGkAqW8o0WRY/Ptr5MWVdyaLogopGF8HPbMT -CIztgQ+IpOwpTREeIK12UqEi7sPISsFHdeayTFwKZEjKPOXHe3tqze7riGAvNONI -wUe1JNAjSH9wyRSvnOjafUG96KWOeNwHB3EpZeZ3Rf9KPsLklXo4Bdh2rqpsiIrD -WpKjVtzdTh5Nd2ce2RYGjqmwKQLVpf91RHEyyHOBHCMsQ8NzaH1YA13RXQTg5sXQ -PHn57cQv2Z2RgBCEFgNTvYu0F8HHq7b6phb4CBenBOGpGMFD5QzWO0yTLDsZI01h -oVZbBALfhBboe0NauJyR86GRtZYdq66mfrp4En8ugzB4ifm5K0TLSmAox9pxKgKy -+93XfEMZ8Z8VpOprOIQEqMVRE901fVzrRrf2QjoGhdWoopAxofDIo/C5JvhkxSB/ -pfm3G0wqjsEZhA0sDbCuAGVpUQmrgEc0Wlm96fOtb3e7Ya0x0vdIHDvtxvrYrSjp -iTdhYq0DRzMOBnppVqdQWZRSrNJh0rcRMO0VMYLc7FBUdW4siX7M8WpwPM9yNnET -2hOOPv8eZdm9zq2A3rrrd0OU/BRtT7aFAW3ZdE4isKL/4Ky3KKYyOHnM4g+GeA/L -RHWlvnLAIo3JoetFwB1VnH2y6PTBkND27vFn3YUrkYerIk9Bp5uNfhfhieDaXNy6 -hnUnit0Q4VrobXSLvNt6Hm+cAWlYa2d2EQ1pyUl1RMrvj8l2ad3NFVNdBEN680v2 -yvP+OBTkhDe5XvVskpUbXMyhWoY5lOJWMsDdXg48vffJmwM+eSsmEzocFPmjElYt -39NRsBJ4p1AbdpqS6HiV6ErjUh6qKANnsNwZEF98pGTR3XfsoZWlgqlKTZH+5OuL -N+o7218DxiTcFuy8/tx9zsoZHymQFxWLUVeWQNKoZEf12nVusvHlLKSppeHHG6ab -3AxZ2NICNmELYnT0LxeeQL88b+IAMGEkp1gKY5UE7b71/hu4YaIKV9YUPe48fcnn -tY8gioAQOfhX2yywBQrRopgkw/H7ehh+dC8J56gDQg74aY092dgTQbPcvG6RMZnh -n5B9GpJSrr8xwRczfIvm/aLoL/fQAu1EmfW3IAcTZ9sfsMSg7OGNmgSp8OqvZIlI -2qxn1Lgo7Px0bKsw6aBBbrB3J6Mi8NWumj6ToX9wNFr2i3qldKKOQ9pGiqgewqYi -3lH5Cx7BDwLQOyTo+JMfi9pcUCfXDd8N6t6eD1sAU4FFo/9hVtX36MNKn/nC0Vzc -GxufVFCtKOFvqwkegRDh0izD4VrXiE4+URxis+ux56x0G9l/3c4ACYxB9Wrwi3Vv ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.des b/tests/data_files/keyfile_2048.des deleted file mode 100644 index 98b3766242..0000000000 --- a/tests/data_files/keyfile_2048.des +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,21F054678F8CF188 - -dEvko+lzz29yp8Y2vCjX4YJjBk4c+2XGn8M5DZeMnL7/X/3EdRtMwoJnHcJMoxbN -Jy3Of6J1bYM61UQ1Bwr3vjFvOMrnHcPWHi7W0Imje8oS0aKV8UlJermDWEKULjPi -j7k2N1XnAzPmdrt1TjRwi2+T2KtFK9qAJ1Sjcjva+HecKMeVHXPO7upK04GyN2aH -30dmzhG9P+/kek2vaZ/8PrV5A4fBoN86vt3zRtxk5cV4XbLkjL21gSicSl+OMcqG -lI+6acn3jeal+y/zl1skowmIHjV8JQvRkDXFlyDncnvy7iJa2CHk2VPfRRAJACXN -3r6ZfDvIjI7eTl3blPUZ90GhopvVyPr5SuT/I4sXR349tn/PmuSPM5Erw/8zdQDW -GSVI7S0FP9WNZq76ioyQyc+ZarKatOiuq+F9LyBU6Yjv35f9+efZ+e9tDqtyaHkU -cWMbVC+oAnSrohQR8XxLWiL8Hu77E9y/0tDP2GTmrKYVTnIe7/mSN8C4gi58lhFy -vMLda2yi8VncSb7oPUl3MAKNq8w1y105JqHD+nWLQxc70kMwaW8/UQPgawpUbLCs -7cr9LhQmqmjiHxioMtg3wgzfSP+iewQhtigWxfVQyXwnPVpzyqAroHmIA9aM36Mu -TodpMeM8B6hiv0g88qKBjwRhCo/XSEyowZbMx4R5GWvHXJ6bIeh39xV/FXB+tj24 -5HsK82ZKC1gfdmy73/PFjdX3jpeAZ80BqZEaE7q1RD9HJPmArdBY3qF1wYA8leBF -IDgx8LqlxzQld/ZEFzTLZBK3fdlnKx3p9b2QmyBxz3ULsPHChQyvP1Jc9jULRQbF -GUMPOCgtIfbtcH/DwsXh8Y252/tn5SI6u5pDkPtr+KIeJAv/AUzI7mqeIAw3pDpJ -KehaOsXkrt202nQ5jt8zwSJxL6ZMxJFSPIjRqsBIXvsiMd0a7vsBkmYnDyKB2bGJ -LQ7ik9z6OdemGygYUTTjh0GuRf66VWtvOt6cSJPobRMLFSttW7qJBrcVRRWyT/ZT -PyrIsoGvgahbSLE9EPlqDbFHoAWGK+gmXjypBBcJNkCU4EzUNYylCFPqAcz3+klq -Kaq4OK02qAoYk8dHwAHgljO2UlJBDibwT+Kxg9jiAhBIMBoJLGubLjUEpAeevi0p -Ct632gh0lpxhIp/pBKTBYDaZQiNB2zW8gvK7CS5WJiP0J2OustmQvBLjW+vVmeqj -9125snRxKCCkx3xZyv4IOVF0l5Go7NCGi6P3hD5EsYQyBB3sQJtOIue0tr1vBL9/ -+eiZ2T1NTfSFUmHGsvEq9ikqL+tequRkX770l36+58w4080x+VM/8BNcFgZ5FP1m -/tUo8Bq+bCu2Of/JBllHNXrHXVsUJs/vSvAcibuAzHTTHoC1AainO/M9OKy5GxLB -KaTjliduSDvhUgW8g1lI1ipN3r+ddA1LuhsBIUBPuD1TvzXTgh9FhxbFNlRPQB2b -Sw1OU1lXtu6ExKH+Qwk0/rYXQ3Qv0118MoB9X/uGAzEcaZAIrwdh8XGeTMIKk+Y6 -e5VgSSbtOFiaVe/PcbX4ADucy1Ai1iEMP97YgmiG2z3zW6gPTeuO55TllV9jN+1V ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096 b/tests/data_files/keyfile_4096 deleted file mode 100644 index d9d3cf4975..0000000000 --- a/tests/data_files/keyfile_4096 +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAt3PBJGlHt6w57Vr0TIEI0G27iIJLe1tl1ATc4+K43/RlH3fE -a4OE2TxPBKQ6Mcy5b4MkB+EnI5V3JqrkoJR+B709+utMzv+vLVZHR5CZR9eGsgp9 -jC39qX1GcoWhVF9TjNzrsvFNmdVuwGfnxanvVbUunyR/CyF41DzHpUAPirH9a4Z7 -dH5lAWrBpPxsvCVTObdsTgEiQBsOKPFXE5i0x67zYCkAuO0OAW9dD0b0B3tjJVhk -5iHV0eNBFcvx+6El2RK5zM4UcL9LD6epmV+nwBVfxMSrniuu0cjvi075thDRR2GY -vYMmM8PXCvVVrsejvzUNEu1ANXjwn+uYrdqag+4vmdoDDHGfR2objA9Lr0XQuyul -JqzPT0zZYbY6Vb2TWWhc0jvdwXU767nTw/4z9jHSPkyF20x2tOv3tpEcMTxFn8G7 -ZjPAWMqf/OmJm3j3vVAkmjKzsC3wdJkEWz31HwAdfX/QCrMs2mP+ISRxfCZi9RiP -btc27/nm9FhQrns5wyfUlK4ZzqOEuHCgoAd1eyBR1ejPg8ppm0aUBRcqw5xVUWN5 -pRSlbZdOMugYi7lp9tOaUEvv8O2lSXtGbSQaquZ3cFz1B3pgoebqxkV9gnJnI6La -eCYWB6C0RkosfEFqBTIb+IWosrN8/a83iHacVSEosmq9TGDXUHiUJVhldDECAwEA -AQKCAgEAsy2B9ZhGjeTPZz6w4ZAeFcU3p2rrYn6whFaDkKi+vS6tHgESfZglRzAa -VYQ5uq4kaAAETxXf7mdryv6a8yRVvCVfxhXQHVWpuXRNhl5696pQStDoMuQwnzxW -dECEhC3fIvQb2djJXHkUBST3QR5rPqEJ+jHhS/PTWihLLuHUzDhwNndRWUSiTrIA -lK5fXZxvHy5BwCZnV4mVWPPvgpph566+0qr5o6UVSt2EXQmGC1C+U5l0Yzmk5604 -wptBq+2HU+9wPdMCL+UG4TF2+vBsnbXCpiMZJBGyXAAPx1bJmsPuQ/PVBTR1OZYM -EQ3yNBWVn4mnTVcgoZmQHAI2S4f55T2ckwYTMqQGwGiRIVK/x5Z/cXDEmevmpqLb -8U9atXX+WSmu2B08T+DPPT8SvYAkAdHPXltVrGIyZs8a+R8L6YoRboVjKys8AItA -wvOzzf1qJJ3irXwBVEiSwqDhwmHFKbX42njfsBS1tpCARgNBrwZdhWj+z+g61sli -kikLrenGCc0AURtO+2SIuxUVhmJiazsBYuZfC49eQ77ATLwc0YliPbni16NnwRn9 -eBFo+FG4wc6eAIpIipO/nSIUNUTd6kHZKsL+eHLx2lKD8J02GbifcGkaY3IVNfPJ -2WGmlHy6vh/o9KM1o6jyrwSNRNgOQTi2j5/TeOKmxZE24OIZ9AECggEBAOd5c5xw -NV7vO/3Qmr8T8dagPiyIqjCt15420OsFo+Fd6laU/i3jDVG5fGp+b0I67IBlNIji -FpycORAajQZkUAgd9bRCm37SZ9yi0f9k94MK6sCLzAoDaQ5gHPSPRoUc7YGM+AFC -Ls+vyXcrQLb2Hxwt9H+TIo/cw67rSZThy1zIsLf7Aganq0pTG7+yMhcq/quUoJkv -ssBiftip4butkCk8aHhWRNkicKx+h8D5fRjpmDC3JEFTlleHKhUCTZ29Y5CdGR8e -c52w3GyJbiuWTv0Tc3Kp3OvHu6Mui+iZHpEUwmbm+kBewBwCSm148ViW3P4LZZjt -CYC4gyvXu9ftORECggEBAMrjvV3Gkrwah74IqE0eKJvFM4b0MZ1UzSSM30/z+T8I -t1qiF07KnmTET/IPWP58AGY1fHSanGG5/ScRrFRQjKxK0w0KiOpZMn+VwD/aziQk -LoW+yTBhUCFZ9DxBjlIoivjMlx3fYun35dfMtzAf66xjNDo7QKT1aKBngADtnZR4 -sEObu+3bxldD/qcO+HIC8FoqLwBAvmJqJ7YmsNJWFqc99q8Qt3taJPGp8jv0M283 -gs0W7WTjaUuBKus9bkjE7hH8XXKsSlkO1ufl6TGj+9kdW0mPB4dpQq8MJHJTP1gk -VEKsCVUPsHKcl0/u4ZSRAqfYubaIjLIIa6rEe4LXiSECggEAK5okHe7BDu3vlgMK -cz3Vi0FKFOd1b4//kqzus6avVQ90yfRs4MXpR2CyP/krCgXBcPofaD12Vu/Si+cE -c5THwo+qLddyJPSLXfNJrVseiI+w4q4ytBwqWOvf6G1oskBduM6OFOabnMGXKJx8 -Jzq7Z3p8mN9lXkYOkk99386cmRCwwSdGHWzOBkUbcAOoDdcqe7WWfuSOPlEPZc6y -V8D869eWMjzF4UTshoGbHs2gM+YkpeCJssiFBF3Qnn59kl4PeDkvdz4sNyMOkl9c -4lcA8AkO8SVwGPXZsYZeEmVtbZTEfc+6ig+PDneb/30NsUtRu4T4EVNtO9MF2mdb -2fO0kQKCAQBd09xrVb3eR9amx5Itt9jH0Pb3Xk7jl6gXUx6i9w05XWqN+5AT3BhM -OY1PQFHDvszgd7PKqQXRHBY6zy2HAIlN1Hyt90VCO2XjIvn5jdLvW9w39fdM7HQG -OHd+tkJ/NEiwrszj/77avM4Kcp31H4359xbcJzLKFsQACl1kEH9jfjzlx0utwImF -KejGkWHMOBe3WvLJhyeEk9sxncsAOtfXGAzRAUYZQaL8L7/agiCXOnC/L+8xTQoQ -5PdYOtyZwpjmsHL26T6o2PgB3o1ta4y4556j8gVlVgSEt3TTejQ9Ku/ctXrLX6oW -FtzTFoI0FqvHu66G/7cxTjuciakk5VCBAoIBAQDe9ZvhmCpCaRmFOULVGqb711Qj -cyM/ns+5qaNx4WuOJW6tspCeKy3ngUFHWnkfutKQTnD1TmYe/HISkiIa4w10ejSG -AjX4JQsWQbYJcUaUrFgUm5oCPM9pmWQwJnjmt1lHEggx+DqyD6kgPrUlSzmJHUTS -8KSaMCBXdkcHZDmy1N1QNIUGzmTv8QaJzb2+wFhf0A8vuDnqG/2/MlBUJwJE0fGe -v/1EABZzkJgjnNmtIDi8GuEbbVFms0iyIaWc1bUwiKbSs3KIWu3BYYeBu+5a8wfA -A4LkwhigbAn2hAwHwKjngT18EMf+A6EpElXI4lpQaauYTlerNfR+nDw9SgJP ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.3des b/tests/data_files/keyfile_4096.3des deleted file mode 100644 index 6097b42a7c..0000000000 --- a/tests/data_files/keyfile_4096.3des +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,2204E2DEE853E8F8 - -pzJieIpy4v5DtIf+CVzXVtlCPjgbxIoq3Ci2qhreHyAK0H9MP6x6Vzt5vVYwolSS -5ZxkaIyY0NlCbO/ZBW16MEjYtNrLhOL+ih/BLSAnfNmW5g7UEJ35ZA8VNY6ElT/E -iadQPNj6NvAgtLfFC9elacidA/6nfTNmALxhWINolLc1kQa3CBsTRnpCbYyaHluz -/xo7Dgjaoj61YU4UyiOYtxHtYkQOXhdiKpXdLHHltxKxJ0fYmbBJ8OKGv596MIQq -8hKpYrcj8binwafQSYjj6KNEFL/PlkDii3G/wuLrFwgkDlNUNkUxSe96e6JUVBNn -uEgC9gg6BEAa42psaEFaq29Z1R0qkMNfnx16T/425zxdtcBebhdj8pIaQjxMlVhM -Qe9P/fypX3B9rS6dkRloK9AqGuRBeZBZJUUA6qgGagoBXsqGQc4FhFqrKdqBeB4p -IQJbWa++aH/bdP4HNrcLoA1lB2WvjtvPmdTdto8fICulbTDBDgsU96MUyquIkT4T -6p0yeXEVc4oKYYmHb+1/FncwawYz2KjloM1bX0f/PKtsrpk9kLDSj+cVxyRvi7+R -39NoFuEa7NPB8VKJCgurVL6lQKIiitBos2loUn0/NMBaSMJc0XrVvFG05hxGL23c -1tFhRr1lktE+TycAL59GKGJBh4Kuwjnu/eA9hkyJxDfJt5l85yIXmaqdjNtmyZ2w -2b0Lq0f3yX6NGc8zGhgIy8ZrknnRnPDtHSck14Uy0TJoooFbWFJ/PLpBrJxHx9yi -ApWbpC2vdtIVlPaYdlEAimuzQhEvwjSIqwiVc087PbCaCBEWbUizcdde3PGAw6U6 -I/m1FGHD4DqImDXSGB9iix1cjbf+4lsSHJNuB5iejSqu7FDkC5V2YZzZaHDFKLgW -hwpV4JKxZgnA09dIRQw5oNNI/LjcViA/R24rChIp3papG5CO8vD190CMTbDSDJPQ -NRwBQz5LCpIQaUU4I67sdyqhFQ0lvl0asTmBZzUOAjWyMEpOocQEy/W0vAUu+OEa -amImjcP4H9UBYfrXkLEuuUYofr3RwZMX9KIEQNF+0VvAfeJt3IDOV17zjm0kN1Ql -bjN4/iJAms1ljrjBev751DluzttX9t4Bsf7VKsmlGp5yM8YpzjFndh6/pjbks8iF -W2pGpdStiXJ27xq1aa4YrBk6zH0UDRL3yq9k7CUAwwT//qlKcgU/U1OU82gLkl+g -Jxy/93KgpM1H7g1FD7WM01LswEwPMWtMMA3IogL5L0mya8wEth15DxWKAkOgub4A -8YG6WnroG9aEovgHl5b/6laTryhbe4vMw8onGscsLK+9FbSPDiVAJfQisGnJYZie -PEOJw8iISTVXPCqbjHwIi7I1Kp6Yih4PLfUxmc4+Eq9FoB1pzxG3xEfcXinsJIuF -d3vH9uwUTv5mKO4IJxjc3Tg6nTMjrDfJHrRYeA40r+30abeWc6X3KhEQsk9nuj9N -PJmTY7dRkzxRsmpA9inJkunwhHF5FQdj2IqiQJNbapqE62MGlVofSKO8P2uF7UNh -8+C0k4ZSHTnS9+b55RDRvfduWosJbililNh6B12yqEfDMXayn812h0JNWv7lglVu -+EiCrCqnAWYhbqLPtIXHv2lowx+gulxyIrPlK4D6LCYy9iL3Qqh2bERfccPS5EaK -eU+Sj0KN2KeXv3X0DTKI1iieWOjk8dv5G+wml5cUNDHeBdKbsGuWWaG9F4l9Em7c -V8cLN84RcsyRKJCRL1kOpejD/eTWzuT3CmoWqFsqxsJGu2wXmrrXfBuTLIsC7liM -jtnF+BZZSebX4ST05USOHbKojx+yXhIOnO9oabm+ylnbOUrXXe3ufIA1P+z8GMJP -KSrRIeaRMfkiotW72wa+ofmRl98vSwzHdeP950ACf26OVe3Z7PWYI9nSmGR4lqrf -vxMAbLBvLbpq0CXQgDhpw1YX4UvvVLGndlcxVey6btFuy5Lmwoci+cgpkGBoDsau -oemfgVOMNoFSjoFO96kaKbrMLHmniEWdXX1FlHw2PTjv4YeniblvywFz3KqtxKzW -xOnWF7BwBTTm299ojTotOOl/iGMeMFXyGAc/lm7SLtpdHxYlr/3906Jee4ubhch4 -EEsNxqsvo4vBOl1tmspazPHVeECeL1Io664PTdTACQnENd67dHa0ytLS8SdW8w+r -7UrjK41PRhAhEBJUVnTKOE7QA9CPVMT74Qx51AQbW1uqlxuoFyO3w1Ra+B51eVjj -zjzN4x9M9m1TQzmpGBf5j8inIctdSAmhCpEB7qxyJVmHOoIUn48u3i47uWmQVwmB -W58f9J1TYAmUTvaSC+Mcmvbpo0ELhCRKVMQjuFT45ukrG3jeohiecPU9ga1VcWPc -uQdaijy+oNHDfJstQloWn8TU2Uaf2LvdSc2tuex/qdEt7eBXDpSzEl2gRlfrBFcz -/8jQqhsdmp0aFv5GkOtO0M7C6GAA9IMwYUDJBthITvUQa3feKKZNMWp61LUdbS+j -CwExwV8nX6YonV6QSq6nPL4+cmu70PthGuqgWSihuSYYbVi9UQWBiWET4PpFFpcc -5AVuyZrFhCYggeRGmukNTDhYUdThC9Ar35e5vFHWvZBbY+6Y9onhTiszAW9uESIf -ZBtmpRyZmbUYeuQgX2PwtD+ELBXMikyVt2mzuLKjeVocqaHsaZHiCuj24OsgdWji -IDr7DNNiLn06KFduCeQY+qWqyaj+Zo+m6Ez9h5BlINgDoNteEOIn0EshqsYgnmld -rYDfPHIxPFdRWaEI718VX5OLUdOXrPuW1joXZX3wiWstOBhqeAcKLbxlDd6FKyRN -xOXnKYOUXTJ69+FnPvUDpvoSIyFwOBqzQj27FhFIKNwjgdqLWiGeWNa5lhRf/XF8 -saaVma+d4alTp5KDMa1FdysEjbmWSZ+2WAF0NIx73qq9gpoHxFxLJ9K0dsYIfMx7 -SlckNm7qyFXsplSVieEC+xrQoU6E2Qz+o0bI/XSnPBN2ZvYaCrcgqe3SXDVNGXVC -HWmv85z1IBGP/DtcE3upNZyAR+Ty5PH+QhdzSPk5bxAp4dwqax+MD/cH7wB4CQ3j -Qm0WkWw5n9NkGQ+j6q5SH/eJsk060+irhPNKsT3ZefENM0K3JrMMFOZea6vRiT5e ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes128 b/tests/data_files/keyfile_4096.aes128 deleted file mode 100644 index 0a7be9112c..0000000000 --- a/tests/data_files/keyfile_4096.aes128 +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,04DD86A29AB89C3160EF3A295444C3C8 - -Ki+maRW6CfjCEUAf9gX8bbOj/x1wHiYmRAj3x0J3NewGLeE4Et/nTwrzB7TGxCuj -foKa76U0GQGZe/8Z5Vx6GYVs4ChxVxa6nYWrC589Hil5GS/ycXyeW3dD+TRSDEGO -sBROGmdh9+EooNu62ohi3ttvBcreIz+sENprX6o6x9+bJzxUPiccEBIUcJHA4noF -NilSaT99A+m5j8/yBg5UIcYKgIwcn2Fmzg9g9GbPDY7zM/EkmEJUo8FaYYScuciW -6dyTpswA8ixR7drSJASXCLXpHbO3cK3gZJ1yUCEq2Ymn0pZyomonaSdN8sURvt1V -DeZJzoW7zc44L63B2+XKRjNtv84EtHa6UOOq5Y/0MhRGiPRJPAe4SruSB/Zf5N24 -jrQasz0+UYSl6sIvonmQje4G+jxyQDpGI6IZNK1tHunpMmjognhGV2CROrGkX/U8 -n6fhpITz3KYVtSyVapeyX8uk1wNEFlBIf6UTtt3hSN3js2RI7WnQ8Qpn6FJ8DXy7 -fMjPGhO3Tmx3aR2hL1ulv1B19DMmBabMiow6TW1BFT3YQvHpO4A/hp9eK3wd44me -dKrj39oYoB/yuEIp+UZ7dJaQtz5ZFwJGrFmmyow4wRJ7a6Bdkq+moN5VdK6AL+y6 -TFQashQT1KSQgqdiXX9wCvFMLe7PIsCR7i/tIr18fzbV4ejYKtece1vMBajyg4cX -RCVKSYO9zGTuxsBQX+mTPT/Wv+CA6H6CLssasdHrfxiJFP7jYLbkDUYtxgBhIWU1 -s7SygJETP01b37YuRhGPPYs4nMhv3QH9T6P+nx82nOPE2V83mxGF/g6Ht96qCn95 -1l2aPGrpw6zAd7ZmbRWPcNaDsxgkeFkpeGGCULybcP5yupRVm/lEQ1+YZ6JWUw6y -Yi3JYUuPDSvzEIxqSCLK+M4lWsTvjG5XLhl3e0nbjf5PIEeQcpU5O0aWHGMJbVwF -fRrcaCzuws5xZrdeSMDEOVN2IZspX5OEYruePtvF3RLHIFONcwIE5RZailYmdC3l -6+T3elpIndnb2OmbQsCV7fMXcoEcDn6UeGHtP2gtyg3zUKu1gd8gAt3XJRSAC4iB -vguPWHU9s84I263KiB6PyqtKrlCsXJ1AG5HCuBCejiganE3UwLbhs7JNAjiMAzFD -yvnXz5h66IQyG11LkPFBZEedm/9LPyM7yJtILKRRYZKnHEhO5wOqaVkp+d3BJU+8 -kqjreiCLqoxnncFWLre87AWGrlr4dLHqGnixbUyaT1ep7L2wogRzGcfkY4n4ERxT -VCXw1KrhAOCZ5KBA38byKwvSJBZSNrAK488lnTpm6/zU37VwrhXmdbJx2dS3DtYu -54wk6RIkfYKXK3NNz9auG5WpucUarApvX/56B1nGMvO2zuJr4C9b3IXFGl68jl9H -x1D27Rb4V/dMYW6XIhJ2DCZcWuHu1DkaugBW4kmRgbfyFk0JKpB1rQMXKsIPaAVs -uV02aOD+tCZ5Kd/l/cXISpaDIFXHO99hAv5euQck30hczI3y7LdUj4u945RxEgC1 -dA/VzSsQ88hbDavULg4t2Kk+jwdqm7aojbFTgjr3K7wJvocyJxDzgCrW6yZCZksY -C3z1hjzZldeFORDrgxptpeHfuwYHK9FFfDL1ItySWmETJK8YFo7rP3f1HvS31QbW -vFgseAteA9kn/EAskSR7tulrj2FAyF4CzXHAW1VsBbzmIMPx+HLuFON4TwVBibfC -udwwu4XNtK3yNqz7uPUHbUxYZ3E2CbJfBs698YauieNPZNboKLl3N2ITmpxlAcLN -2wNfh1v6UODeqepRXsn0NmYY4RZm7/90mnfcoe4zJ8+rRdCbNWLrXthra6ouqGsa -7qKH9xcsxp+y75/2S5sJ14TnXFFD72A5AdowSMH3poYSRgQT+SiBpTIOhl4/Lsz/ -jTHieMNE5htL3l+wjtkq+cGsZsDpV1GQhgB/0U0ps27jH+Q49KxB4TT71XLZJ/lj -gsDk9aVktLI/fZVzgzHWTXLXXPwbyKcKd6idJyOlekbddK7ESd4z0FXLNOVgkZr1 -JPFL6I5K3Cnx5TPt80shUH4noNHu1U/LdrAlwJ58CRZm0AQ5H+an1nhgis5lAOSp -iW4XQZ5SQgiCDNWSBer5qyXdJxA1j6BFNN3d8bm6OWCxTz3fYw6sqNe/gWtpnyi5 -WpUeNrkxIHiZSNyjfLjjJ19+Pxqrliz7vYVKw3YQ8u1R+8H6hDThB2d6yUOFc2Vh -XD3kl79zWYBUJRLOoi3mev3zTj4NK0NCXYQnM18+CmZcQPVPpyjC5dnukGjqJWdq -CBMt4gPhd+6oQXJJ7T4xkEo0g7N7x+Ha0dhPP5tyoX6aglAWLGbk4ZpT+87km4TB -4revhoSNcIWWwDqj34Mgh+9cH22fTLWqhmCNrUl0rTMgnZSQO8Z4gGSDRQxHFyzT -p0+vXucoTQ7Jci6VCqLUCfTLdNyTRgUubEBU/cTWgKZU0rutq3AB1G6++dEFZTtH -Ul04D+T/+G6Cc6R5s+Y1UzLVVpWtpwmxlnoyLXH1H3ROeyfJyMrweLGMxIL8VWKs -FM03tnwQFt60m0oL6qxFPbtu9NnGcLqc0uuQdif4IW9FMDp7aIIrABfX/YZQ7F83 -HySehJ7aJYKAyDhbOj3l3p3Er+DytaTH4kuV+6D6c2gMoE2aVqnSy6in3ky4xN8i -K+3BBuKuRRda8Z5EQWTEyiWj+2fglLehhVP3DTMDHw0pOf/jieTdXD1eHJmMeLYw -w8jLNcFGGhK2if/eBLKWBfJBc/Ernwbi/e99PN40TtxsBDYuInnP/SmWQCfys+1Y -mCtb9IIMiqReKwl0L97Mune6hImw2/LyJvqIpZR2veN1DK7vvdIBGU/KHhkUTjZJ -30Xdw64MBcM/s95qwzYn2qrmOZz7+si428Hxx5uXfkM9ylwFyvgwTqo0/xmh8Av0 -wmQYWJbP+bMSyXuHm1GVmSFfJo4aCA31JTEV2Azhap5+EAxQkWQcIY2sFRHqG6uX -xx3/2EMmtHpOPlbw3A3Pgvs1z0P0un7mxxTLBggfsnWeyWmB2sPquzk/37bXys39 -0S9AeBocaPsStJ5sPCUWGuQHAe/bhI6AwerxEKLGo/cBOo7G8+km8VK+WMx44QXr ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes192 b/tests/data_files/keyfile_4096.aes192 deleted file mode 100644 index f57762f26a..0000000000 --- a/tests/data_files/keyfile_4096.aes192 +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,FD96F730C10A4F9DC895B3C06D91C5A2 - -QDAO7lDXzLmdM6VPdNkh6tQpnIACwT0f8rLd2RW7HlJEjdyd0e6Eamqxaluxc0wc -zWP/uchPuvWvJ+OAZjX/+Bj+SKWnnbG5kiK0NnavDFU5BhdlCwOE0RxMpAXQtf1o -5YNxSlY0u+k970/KQq1QJGR2osEdy7yA1GaXN3DNsDFOODFniATl0jctIDEg9lAN -fBCKJmI4xy2u//3FXN9FF6QkN9+Cryec0HtkwMVoEFv8If+AIGVKqjJLtQnuAq8q -VKiswT/Lc809zO6xf2wZr7KXzAbm9w8nYBBm3NaViNuBQZH9NMxw1Wss32SI1co8 -BHu7XZlBNCumjvJPewgdwkd8pggMJGw3r8oADPSKd7VmfxG3FwUpXL/JmJFs0DOO -A8aJE0yJrYHVPIJOMBgJM5ZC7iNHNyzSa09jzt7gctUV0zBW5xUVqU0ldiZvt00h -XCtIaz5wZdxt1S0hnqi13Z71rrJuzJg9/lpB4rGlhKqNiWNlvgdpw32FBpicowxo -LLd8Ly6nECj1wAL7TrEeS1j2J4wT+/PSQFGCJoxKQZWMfrqDFLGXaPiZJNiEtJxU -ISJGUV47WqUEmwUCZVE86zj5JUVaSrdcbcc6FPlkIIced9otJJFzeG0Ypg/J8f5f -Myr2bHHkDfIwigGurY7WK4vnWuj3tf5V6lVYrMaetPW9UZbxQOV7v1/vZiiYQj4a -FfLGKvlas03/IA8q+Egqi8I2wPXTl2Rtzv2bj91tsnxZ5Svm2+8UXiMKE9pKfP+C -twpNUr8LFBPvSUnMf7tWNo63pUiqfW81y846HtkWo6idwflkRc+jHRU9l64Nrq8i -YrkN+CPypW7IJhagzvniBXe//wfU3Cc4X7oNE5Ml6zbnVc6UTf8Ab1HiOnJ3xVF0 -xZsN40UE7s0+i4BgqcTAmNZUUzcNj8LEfGs7TwlhzpTZSGp9CfX9j73I1nqekJm4 -J5ENS0QlSh/UMGcE0vpqdfSWrgdIvVw5ArA9DSBg2yoR2twnUuH+D64SawGyPRqU -+pk3ZUAKBRadnreUH1wNS1p8WdBRCJDg2gE4ZcKGi7qBGtt+jZfj712FFgm60WyQ -kAZe3rsAeJuAmJVkFDmaBR2mA7Fdkzg5idlavjuTmV4nHKcBltNbOMKlrzgRkca6 -GmzR9ICeiHWp1Jr3bjqWejvb0qrEsBAkMHTmBKp9SNDeoiFahKwBzxk4NSNJPG+D -XlXIZF6gTfgwTWf7KbvAfonSqAHtdBiZSDOSbloSVyBmTseF8SQHL1eVvWAfBQaG -qwFdhjHKRQdJZbj7hrfUL57GVivuR4xOkPFopsRJOVi79jhTstnVbXbwrQBP79Gv -/ABHXlEz5ZmRTeCjCCXGXY91JZGCSksDSPVb++J2Ox4B1pfT69G0exdHYM2kKO6i -jtrmcM2t/o3+4NH9GapBcHRYPA/SFu4sVLvnuWi+xrKJCUjxfsStyEIMoYPJVeld -hv4Ra3uYqzw+bcVTfZ79cUDHqXwt28xkro82VPesCZhE/YpPYP3gxiKRV37EGedf -iczeQgWD3+90LhHsynOmR/i3J582/koEbjCBM4lKwBYjsRpYzM1NHiJ39BAx4CKx -0JRHbW/OfClnvG/6cg9RVm5hHV9JQCWgkzHGAQw09zP1PaVIS71nlPJhHzEBl2zw -yWFTksRP9Bhuh5BSItZLeZu79m6l5Dx3OYP9H5Dkyz7p8TLYoC7cg5UqIpWBgaM5 -ZSJA+TMwHQlijS/FthvR4yxAVvoK4vwmbsdkkorWpZxV/oQyjyVAl4onRiaDOR7N -/c4VG5iW7qoRukNOkHriFhPiWcF5cTLJDWYiLnxvOGY4qT5QZmQ2gc/QdKD5V5vR -34rV2m/iEmKc+a7SN5n3FsQ9Sst779Dyc+Tbne6YmaWqwWsJfQmUnhxU0RerKoIN -XMtFTx2M0NP26Atz3bYC65trqoqgTx7vnnnh9BxACggCcJYNrk7pCqr/ucitTQl+ -fzPmuKV8fIKd7RggwUnhjzZxYasEBIqusS3g8GYK6pfeMWViWOsh5k3w7/M3ewGF -KxtQ39cn7HlsuCamL0UchKjE/iV3W9Tm2s7TSNiDPDGYYfyQIcohqN4OtNBoOMwA -fuxSecUpLP8W02f9k2l8OQP0wXivP0BT58eLPT4edwdKFC6R0rihkDIUdHXmZJ87 -PgQxPyse4WnL8pEiQ6dfjwYzRKtZaJDpjxNYJYIdqW9Cc4K6WHsgVKPnS/I2S+Md -T99RyjWgMCJ/qwY8JhyMENYrla1m+utW9Hxhi4P59y8QKX/SPj4gdLZftF7hjkoW -CoPp5K7oWKNdxGOOzM57e2ssBUgot4jHGurcMSaIpqW5J1qsodlbJ87Yajd6MTuO -fAT/KXir2m0q1sIiLtPT3o6App+LPmbu8lOpHNFezhUI5YbznexDfaStY3hb0jyf -Vp1aUM1YrGbxNU1bL2wwYH90GD/2yjFK+BlitQpQwkhL2nOuCuzlvxq7cSOkvt3D -AnrP31zytlVMQbrjyufa3CG3mH7skYwssWSwbv1WfY45LdSWoT8msgLhb1jPVswa -+kICBKFzX3k8+NmdwEgEJT/8gUG90jlcmQO8+r3L9F9cjvUD4NHFHyLswK8CHYKi -auZaHf4eU/Il9I26pOba7TyvkFY7m/BtvyytP+uHG44X1jUSZuqf9FT2+PCiFqi2 -L6cKQ7MIi3A88BPoHVJrrmEr1AbeYWdZB5ydBq4fZYPtD1zgxmSGAPzWfRj5l6wa -3DzFFaRBPaq0z0fclCGED43qo4tDGZJLcnAnlZEfJckwITeyis06mwWZmBelokP2 -9eB7Z5ho36y1nKCuHw9i2DrSGMqi4WjG0/TsdfkXuOMZHDwYm9Rf6QTiAdlSvcR7 -GDrHbx2HPetA353OQ4QM4fgJ9GmaWt5SC4UtVs9IszvP774d94OWGSz35keHhDKk -JD6P4DcLwQxJbMrCH4U5UqtoZYaKumjpap4AxuDbt2daXHDa6ylJtplOiAHA3FGj -UXzBw53fX9WQ3E9cuaKJVVs8JPvNEQG74om5ykxkZcJOvF3IwuRCMcWWkC7BsTNl -yDIZ3HrQgq85243A9Y4N5IF1m00zNrZJEaNTqoM8wfeYgHBCYRz7rtCGpAmJDzZ+ ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes256 b/tests/data_files/keyfile_4096.aes256 deleted file mode 100644 index 2659f17edc..0000000000 --- a/tests/data_files/keyfile_4096.aes256 +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,57D8E4C458F2FF1E5EED4FE0E81F987B - -3thXhfEmF8+g8k4jTlpQ/xPGCBqofqx3PIYwUT/I8vKen90oF01fRyc1kJhTH0Es -NtzvSHFobm2THHZis1W9zmHIOupkTNpGgaMtiZPcgPIAOFiDH+jP9JRA30MhDs5b -qAgZzZ7sZy/pqVRD+Zf1AYEtmOi9toD+DFrDMffQ3tf6/DTMqAXR4S013c19i+hT -lDwr5pgeWYvtojoQh3uA60OtCmqWdR1h5Khkc/FfTK1TOLKNf7TPfQRSDlPjlBg1 -2vcMkhn/ETdB0a/poKAynRW8ZLJHXcWuIEYDXMhBEfDD/JhLqNAbpQ6V38X9UJmC -vOrsmAiXKtzY4Uw9DEBGOp8OgpickVybmpLDHWpJZzJ4BPoSQuhSqhfXT8c1xJDT -19l0+ysR6h+fy+fiiYoHz99M1SuW7Du99fDkzXzPtGR8HRoeGY09OMPd7AzvFp09 -5BBKXNXEmNeeqOiQcVgdWVhZx/9AhT41pNScWg2vJ4jrdAIFEy05tYU9H/e6138B -2VZVXy+cj7bRQiVXWy3T9ax3gC0Su/5sJbdfJBtC7kqx2FVhCcty4r9PhO5HlYNC -6T36JKoSsCz+ggmWntyxyi46iAxkdERzpFRnVHeDvT/dvUYQ6FOQs+LoYavPRAqE -/OTU3rzbzL0bMQtk9ovd6zgOHTUDrBOx2c1ahkaoefvF+7WhwluQ1L68bgYZITp/ -d3Cd3TEdL8cT+jhu7MaAvlp99IurByrtjAnZnLJ23AqGty/4o3bAfiCOSQZTjxif -K9+fCR+RjStAGuz0GtAjFXKsYp0L+nyL7ZIuqJCnRT1a+sqkX0xpf+jubQTnJE9t -lESqcDHFHcM11r9I4ktNM2HZHzGSjtBsuDEKwIo6NplAc1OU0UJ+Hytco826cZuO -ta0/9WmTAtE7xSY7kutK8MU1jpE3QA0xKS6gGyLeYY8vu1dMVU9rk0DHv6ZPfUQ1 -BB4lPHvSNflm+KjrOIAzY2b3ETKskJJtrBQ9Y/FPoMp3znIuas6MZupKNTbUXMzy -HUyoWL25kSt4F7TY8/PHlVWwdSXN9L+ql0or8WMa/QKUqGytENsYNh9Jl26ZFThW -uz0sWmAbZL4E9Vxz84W7Mzc3U1fMRmMwcSxixwxvENfapxVvbC31yrCTuK3D3mML -XXQSPELUqiHTvjO2m2ya78pE1roXCGCElEyZ/YF4MWSb08ovD7SgMI8vvGq8mrGz -sQgAG1yQnGI4NgLQKpoqYoHpTVXhjXpd61RLxgNbGiJdaV8yWp/WAtwiM7V4+BQD -KhboOnjyVcp79MiACv9QD0uuqI4PYmQJa1Y3swsiGPDRxxYYbzE40oPeUwC8ihYZ -yItNScHYEn49iF0jPYm1BtxH8IPGMk0o2w6s7Fz3MQAdvgrHrudFIPYh7wn7cRfJ -Wgha1pDmc72qorPOpzzSQwCAnAd9CrfYs69+V3DBA41X/GscziduUFfIe2AkNOjW -I296Zc+uJJ6Y2RdsZCUSLRjqbKqu5RQZa839uPfsUT0vmRI42k6qndFHMEbDzZy1 -2fntlBtggN2QO0khyoU5CiWKxhCS0vkXdcYqfyrk84xefWEWJItmLgIiJgbCsl5u -Tejsj6V6oJUWbQyZEnjFsKrDsobwQBO9x848COUseTb4cBP6jkyh5xItyxfxm9e7 -Gx4h0yfgZSBsVynofZMvMecZezQynjDOTm0FKUOiQglG4Z/R/ozbsfoiHVOzovH3 -cX+XT74TGjqBIoMYvShXpA8SVA/YvGL5HIPw9Gdh7FD70R+92Z2J1PHAiAPLLS5V -0X8dGPWSb27EGd6iDqZ3REN8fqWw00Wrss5cXTdLIW8eLRVTdTJb7Pu23yEnp4Er -sR3erVaThvaDG8S9dI8jr91zmHRT/BPXB8kbSRwDu35rskrCiWZG8koa4DiS9Ik6 -ssKA13CuW7gx/KNq7ambCryRf/X8ACspggtDUn9fCcF3yFrWkoGlGN2zrnhZOhtD -U6Y8HQf4PP2H1Gai8PoMe/NUK+/iOEHHZgv5UTXRTU1MM9sNPiFKv37zgmMOnSng -EXpUTs+R0WYi5/Zqa/gFzb00yDYf/FRrdMdVntSg2iQoEXOBwYj8mm3R8m6TjX8i -o9dFBVSQmBVTYrAHeNtubl+KDfWLyCSVr8nDXEg3TzUpIAEfaXJaIOjkMRdRJL8x -FPkKAe18iWf5g3AjRFdUWiF6K2h8/h8WFKN7GZc9P0m4eyR+k4ym43+Px9HOnzNJ -hVeIiW7GQ+KfsbIfC88kEwvzt4+AKXil1dzzADIi/tH+APXuugSgrE2k3d6ZtnkR -4fO20OaIDEENUaE63mtctB1wTCBmDZtjBffIKbXinpO92+GFsU45jHKhQpquaxMT -Ipy9Enev8oEn+iCxksZMvkYltN4dJ2FajoKTPjLHR7Kqn3NS9BqrXpguLovlB2Pk -MZpZ2QnLdA134kMsu2wApJQkr2jAjDujfp2bGddEhaLJY+opCto6KZ/qd/OSCbfv -Nw33F3JE1ZWnU4eeR7tcvo8J3y2Gnb7IIJK71Hyc+94IC9SrerewhC4Yiy0Hzfw6 -XG0iJD15eILOLt8sqMJujAkhSxHTOq+/0DVrVT0KD848VZ+Nu+lTSHp2/PiRz1Fy -WAOzz8FdrK+4BiLyvXet+APd5af8gOvb3PkWeMlh5PGsG2JS75BwiwNcwodbgPvR -LSzS0uB8SGgQhb3OU0uJGHna7GSlFYalk8QDiYec6iFcJ9OGpcCtplyyJaRYczsL -5ZKDi1830GzBS7X54v6GvTvUr83Z7FpW81hDXFy4hSbON4Vk9///9D9NjH0r4VE4 -2riSBlrVSY+vuBhmbsGnbMDRNB1tWWNDVVRJQPaZdanXc7m5Gdf9cjTxQrOvyMyz -jdLYLlSFVCo41C2JclmrcQWSu+5eBa27v6oKbOYqazASBtvlsPJZW9tngNJGvwq/ -Jq5U2v2XAzxulJd8hihb7uCLEf2rHQT70RPV7125JhI/6y0nEGqJX4WpuqTdAbx0 -VLwTgzvI8OVWFbGCPFWnMsJsFNFPYqlDRxy1idqfy0T6gk7vwtmcfLtTVQxptyoS -MF1RIXifjmMNBrWLmka3wUeJMSlB1i+MafihGQdwapQbZRh8Zx1P1+eH1sQo9C0p ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.des b/tests/data_files/keyfile_4096.des deleted file mode 100644 index fe98803d8c..0000000000 --- a/tests/data_files/keyfile_4096.des +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,D6688446CC64F13B - -fE4BXR367Zorqu39EfKNXmZtCI6KflkwdYEkhIng1S67XwAawKYAnWIVAYWma1EZ -aVAa8/9B9B1C66hx21lFeBSFiGOZcjoB+Mf2rZyxdKOkiS0zHTIS5RAydP4Wysox -MLGRPaUVcc+5ZLjtqJBQVCQ1+CcqGjomqJo1VkTlWTw3P25WlFwHGGU86aIoKf3J -5PnEwes6cLXhetB3UXVcI3NhFCGzWSF29qQ2lmxNxXYv9z49kuJ/xPqYsJ0noa6x -eWep5pqJswyV0EaJCNHgsRB9RPOEL6QKHSEh7J7tRiImDVu+gAr3ewUC0pikmwWF -fcCcaMGr+kuQTgdX6plwaxxSmS4bQDmHDJuFeRkN/cXaAwk0/PZbfBbR7rO/waeO -HgcKXnvPFHDxkvhav0LCXbQp1RYN1O3U6KaMHP9MrXjmih2Alse+V7ZA5iNq7nCL -d/RIzOJEqPZFa1K1WohoPmcwX2X/aRLWabnCzx5VRrrptpWKZkHH22niX6mU3zqh -vfrdZ4o0NOmbKTTezqgU4WPX4rVzbzaxcrt/u+ukqubgg42v+KJIS5qiroASt/vL -nvdyQDmtOMBhuypTTXCu/uQRAN5N3dVWH3T0rioCFOPTaHZIU4+VBDSBFVrZiTCn -aS67ukj+U4sYffReO5IVanh3cZSW5P3FEUOgogmcq4Uv69G8MjGmbRCX2qtophxr -dQbXE5OqXopEgZlUu4YZeqHbIlfpKmN11/jOcnRMpo/Rm8fammL5gYda1uXbmjDg -8xQVdJ1kBWnWIYkdvoxfPwQ3XQeKxXJKvftu/HP2IKKlEvvP26wGadfD6q8N7dwz -l+ZpEHpbi+Idi8m77daKyEAMvYTCo69EfhkxsxNXlcn4MfJ4+JRRyAUTWZMc13gW -skRBsXi1AtszINDT6W18MrCXvfJlgxKl2zGFi5J922kI5NUG1kstqNWDqwiXK4IY -YKOa1HiP0Wk8CeZWceASL/hvgNGvp6uNkii+Vd8CP04JVLC37pvEtdxo7BI1HS+h -I4lR10LbNxyNaTq8QD/uFyziYq1HBkkWNzwNLPTVw+V06mqyioAByX5Uhmd+X/K2 -1Z3vmKtidC3CjhYhLDjwaT1xbPwh3BFRrKrnK0mkICHFrnTQKTw1UfR+Lf5mE97G -4DZYcaCwB91UhuYKnbeoSYt2ZzZV+/jKQZC+h8OevhggNP+n1bjxU8AZOBFt+UT+ -JRKlqEE3jn3u4b0v++j6dRqjACgH9EKZ3yUDcfWa51n1p+VPIQ0jXmjBKn25v+ks -p86J0Gs/Y5u+DuouYuJ1h4UJRY3iuYKWaY1KX17CK3lHlh6mPDi3tu6uFgLu+mvD -oud3LjanxqDPHAlGpZikaN9KHGdrG7AefaNMZc9TGdgehJ18e3pP3IKJ53o32n9q -NzqNs7q/zD4/rFKThpT6N27Zr3GgTqx1HkD11RiKsUCz7tSaWwVfFjJyrw6X7ua/ -UoDQaf8i93lEpPutubjQ1Z+QgfIX2wAz9nPRzxUnW8cyw90ghPiG/KulXLXgI4hd -J+67FnYU15xxQ7qBEw5SOk20iAjpAJBjqphUEsmrjKmg1Ffwb1dUEUVq7cBv3A6n -LBcR5BhEInerwLklPCFwZzNe8IhVQ4FOc5uWGHV+P0qsaN5A6UyaEe5pZjRBaM6Y -CRtRpblR29rP+a+CC578NSjY975T38lSN/lMQN7bnaTUkxZIl49ihuTv7R1wS9d1 -aksi/NVtoZzHVpciN6J4Or8JTqip7uebh3FE/cbaGf0b6H5DMOGOv5TEJpE7HlY/ -xoKC9oAHxomG8wuE2O9DNlol9v0W0MOTNInXX6D/g7A/DcmxzfuVKQOPKLQMUMKT -mCFgIBGPUUhAmwzh9ZTwq7cjLs4uxd3cJJSE2+TC4Er9AZdz8EMIlsan6JvfXW1v -DpUd7Ww0cCI1PlJWyrTmx0q/peBE5gqv9oUH/EwEBHrRv1JyhwpcY6gVN+EcP9QB -q+sIK7p7m3ioyub9D2jZyiDp8ZhhmiJsu1Q4LbfjZ8OHIdut57oCtJ2kxyQ8u6NC -DIbSB2wklzju9EVKkwjsq0OObOA21IaAk1eOGRX1AWo1jsdzUTUf56IJD2+z0vfg -ElKWS9oaoFqgYKX7bShk1u2kYR3cP2IDYGCMH2VoNVEsi5o1OP/LLGarF6uqSOHx -eZAJ6uq8LJYsU7+pRXu8T40gchtq8r7anx8Su48+qfky8+Y+GVUfGrZbuNxa6Qyx -ga7NysGzhFeFYHxUGFDxOW0OcUFkCawOtxO7VqqxceEnwQm5XmUVED0qQsrQmUXL -3dJOgWYLfmIJw/I3JRSgNAM6Q+DVRe0owFW2Qe7cZoJDsaRznsGj5d91kg84A4Np -Wod5Idn03QYQCKociIbW/2Sqf9wcpKnz9rHxYEW5ukoHCDtSM/4FeytOj3WB2KGB -q2lB4tTLcVIEI9dGSXrKb6Z15cKtkWAk3QDXJKF4t2bOgPb03QX8syMyrllqjFyV -3Jwzkx5qO1Xg99R0Ts/okvayLCFq9IsJ54453otPW/j9rlWefc3YL3x6TMRqd0hd -r93cUEM5dNP4IVqfsqfMaOhaULENQVUgUSoZUHB6dyElMbwGDYdiD7AqqG1YultV -K8rnkmKjbOzl04k7d2mhIF91pEa+TcHzJZDJpxZ08Im6C+iXWy8iTPr2hBaI6fiH -VvS77aubeTQapKJMieKYcC3XKCfp6S8A16YdIILKiKCRnXIGqlL9/8pqV5uKfv1K -m+I7f41Qa8XSuopKsK2FZyycODk5/LWbQi4t1t65i2NykOFsRok2y0AZ3xhLVSa+ -+/vViIHaqVHFINQ2ehgjqV4yDR4acCdtBoIS8+Fy0q5zGQ/KgHnq6qVxGxoFTR5a -h/6jOq+xiDevppRmgaVoeBixJtnfkPS6SFNbrw9vDzrQpJldnpCz/W+ImU0fl/J5 -VG9f9CFOptSCd6hxm6k4SyIL/L+i0KvfmP8OVLI9qIY/BhN4kH/Dj8/RgemsnZbV -g3T20lgnqsAEnfINdkULeH88zopFN04/0dT4NMO1au4gyWYIVgW5LX3gJLaGQrAh -7wpowgliu2u+6VvOaOBOrCFz1sc4tdiiAa0ElbwnyXPmXJY7Lx4/94u/6Z8aHqIg ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_1024.der b/tests/data_files/pkcs8_pbe_sha1_2des_1024.der deleted file mode 100644 index d0156e991fa695236fb155b39567ba961b883ded..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2qHP*GJ5k()B*ws00e>pfOMx}A=XGM z?X^&}Gs9GHBfhQrQPnTXSX&*&lf!oXgOxXh$gi(cY zN++mU>OHpAU7UFrTPn;Wep@S&?UFfkr4nX~mv#tiA)H|^N zS92fsQdA+=T+VSwPONavPdqJaTrHo7YYq2>JaE>Nbkm@9hT~aSg2gCUXm8D@srNYx zB!9yAWA4STK{;uYW;sJt*_3mYR+Tq1bKWu{lkW~&p3fcqy%{G|Mx*YS9CX4t!Zyl-X1L)bM&~N(_JR)f z%~1du2;h>6!{Cd|bCDa;xbU9kzsS9s{)c0@+iDWI6+01EcOtWeEUDIXaOlE(Vr(=% zHwUgn+mYcWA${5M*v#m7_(8pHmQ<#bhrCrE2}o7>xm*WV)ylXaJve2)f=aN~q}AZ- MHlmZFXyd~eQlLdh?EnA( diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_1024.key b/tests/data_files/pkcs8_pbe_sha1_2des_1024.key deleted file mode 100644 index e9cc9233e3..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_2des_1024.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICojAcBgoqhkiG9w0BDAEEMA4ECE/PEGdD1W7AAgIIAASCAoBApn+7s1iR59tk -qRMzsN2aGKS1IoYtJzUWEFhwAeMUzEPFhXkdCvd470VrkQsCXc2Q+7zqBT3uxb5s -oU75OJKamxiruNd8e52sQ2nNOF7gl/g821zy1b7vVhu/++pxgcrcjOIeL8OFf/xA -MSGvA0UfguIMYuy3fbKJTSltpyNR+mIH6PeVj+k8f5VFNKg5hsFcetTYURduybfi -DoqRTIcPKQVnP0gknw+Vacu1OgcKtQUa0823++OvAqF3J18Shu2dDob46mvXSJzL -n1ArkY+E7RV6hDCZ4vRYQU0sogDb8vwOvOPQBJ20f0EE0mY0Q+MCW5I/yiDR8KQf -Z4WG+cpmIpsbRnCwA07kAkO+QiibRYKK4fBIor/D8Y2Gi+xBXENHYIUimaH7O/kf -V1FotY0SvgD929T30gbk2Y3H2PWH1f7ckWzfUllQ8nlj0Ap1w14pwP1+CP0HzSqV -5uVWj4Vj06+vdAuUuzVhOTmyYWd+HdIec5chG323rovRO7yhTokiVu4v90umVMOj -gcnTIKJpJaqjQyFUpHbHonDKA2DpUhbMmBuL5OA83Dm9YRouAEpW/btjnrhFdWFw -DG7OrPzynb0jMyl/R62KRaouN0L59M+MBennECwpvXx8iXkWwA41uZH3fJx0GRIB -5eZtT0u6edJgVkfWHA1YReio7y4rFx5M56BndICDeH4Hy9LFIFSBgDqMzY4Tn4wc -qdTLQS0XptnJFJwfgH7YlNpBspxWvubCotp9PKxqFmx4B2KAKNvg4yCpyTpLcseH -/c8pgJkMFM9IxHSY/ujm74J9FyGj5Qq8qeu6PGY7SkjKxJFWZYERXtubUdSPEx5A -ZIRxGSK0 ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.der b/tests/data_files/pkcs8_pbe_sha1_2des_2048.der deleted file mode 100644 index cf13703ec61624d88cc0d4b0d91f537ccc1b3579..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1262 zcmVr$o=Yt5*dQI zLRSz55QIs$J#B?1RNcbN3VHcd^O!Vv)GlWPeYa6R>5fS2j;ntjHH9A`xv7650|G#3 zsx-K~veutz&Cc%(MuR?3am}{TkwJ#irENuZxWBk9t<}~JHU^#SUv-#8;d0Ra{C4O% zQc`@fGd^?9gcU^gca;0tvKP&firu4sWwW_T&&}TYBLMA8F|$bABr!I2JicMF^+`b; zNGYxh?^L{-ggJ-p4?64-p2jWNj6|AtT@%D{fB%q24cfgZ7+H*qJDl#h8qwUo{j_NX z-_Qc$v3 zhaaiBU#kF(9|v1*-_!$)4{I)EM#nb1k)h%JXK0d!rrep8ZFei~Bibg`;V`;N%8)n* zsrrU!&7yuPe6LLECh>H>#rkB$xyQnqf_86~m(-Ee`Kw#^x%!kMjBeB*hoTsIAT5Fy zHXMfqDnXVoa*xn){oPep#na&>+0XUgLxNIN3Sh$p*d0@^iN0(youPLk%6nxl2yRc- zjRYtw76QoD0*m7y%3CsMZaJJ&T3SkQSYD7PBrqG#4=YgSjL(xCB9oI=!IYw?Ro%|)DL3qqfS zZ>&Sy=LYC(`Ogdk{h)a_X3tB~E$7%?b?s1)t5TW7SN>&Q{X*O3AEql54ror=a66m& zrFQp=7(eQ%7qS!uRXrqC>+$$2>K00``JSs(ST?I#(Oj9G`V`AaMZ~TYJut-O0|Dr7`ZgIn{3F>z7%B^R(N3-vZ!^RM-BayV$ z(KtoR490%=sc{an8{5^a1`NUv+`-L~ehx)mfoy4w95A(UiE=YkQ1eH8=Qs7m@f!L% z+vK9d%G|F$7B-Qs_AbXduc2W+94qTmI&!$PW8(+4^*S&@(J$<5`OuW zrRHrCJqW&ld1qSO$|}DCa6G8+QvsR3oWnyC-bK+qE<1Cj2W;|;ITx*8VkMSjs6j*0 ziSyh5jcRUKKh#!}X`f1H>a}f}hxHnsE9;5ou9g6-_-uc)a=P|m5mrBM=x%;AK#TKW zPJ@pZix_s;d;h0~7G_Knp9-SZAWY5lbvu8j21u`PW_vWK3O7A|f+0VcY!6c63lS{I zX}a33xxBKf$N~ZqPMZ2gmW0{ifLun7gY;wqCyt=^^%C@sCGV~bm2&@_st zPkJB$dS!7$2_`lvX1zs<=ASvRjx>cevw86;BXFIYg9+Dw<;b&XK|=LOVq>EK5S4q= YBfu@Rbdan2agyh(&~8+;Nxtx@0?*uR761SM diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key deleted file mode 100644 index 49ab9d13bd..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEEMA4ECA89psSqndTZAgIIAASCBMgl69v6yJiZx5nv -sqKgaDdqe03S7YQK81v90fxRjkVE7Que6V2n3DpVDSB7xONi8prK/TlHC2gR/1Nr -DA25wB7kNgpjT1D2S+o1j6Wwv1DMWWH+7+eAvJuTt9y2lmqSLKenW9hT500tYsom -FzG9m+h14Aj5ELbilOJWci8ENLiS5y2cT7G6iin+udnN+9E/K1mIBfxmVTm96mma -P+71CkGQU7vCwyK1loXh8ZaNNyuWaMG6qLkTFEGEWCfR737I02jFQzme7PLMi8s9 -bNWFTNSBMA9CL2II6tHVHsp3BLKd1s1F1gj1/D7zyV+MqyCzgnogweRFlCKqy2xL -0fx/KzArjCIHNlgxm+6o4EJuMSBXQfDyqPgDNzpYg5t/Pob7PbnJ2AfJ4k8zk6ml -QRe9OmWhrdCNJmBzz18SmDInlLq0/IGXQj+c+sIcghtZowu+t+VcxTvhE4FKsKpy -lErsymCwSgpDMf+rp1U07HM48VaqiGthV3JsJpuXkA9CQAntbxviUTxXbiw4RyIp -mGqWdL0956b5z2m7ypyIabBXjGrc3GVaBtD+9QWSl4eRNqt8rQRKBN1aWf+KflQn -HRsnkynT3ZgQv2odn7RwGwm9iz4iNHcBlU1G+1OCPZJ6uTMi4DjVgI8MTxLD9JoO -QbNy0ZTYhkgu9Bwr9effrr0Uu2GN9jgh/IvtCwH/iYJC3dg+f5V4MGqBQTScKvOj -/H7gtpsdoSdlXAeUDRbMD1CHwK/xDSlO+xiLkfnW11WZhPyAcuZg0kFtkDdt3K9X -lh5YSyL/cqGt0WbCDLNzvOuRlRD3N7aV6J8IktM6aZ3WO56YeWQzsCEh88xuXt+E -TGJOO8SPFu1rITvbjIxJIwxjbwJY9cUXJXZrqjEzjq+tkcoF4/x8PNM/wJdxDz5u -tbVg4lJ8BDYwfkxQL3LQbjDIwvyx5OH76gCzvILJBrO8FhcqbnHzlX41S29sWRmj -JQ26H26SKmXks3Ty3XCla8khw8BYGXRvPnE37teffVsVZlAg9aYlXLKRadtp0duz -WWQ7ZKT9YpXsvGmkESrWFyb8hFUqwRkiTT134fYy6ySAuYRoK3av2Y/WYJqj44j9 -eY0z0gY7uPOH0Kmb5gQYJz0hj5IOVeC2MVe3vlIuugaOFzaevQzKy6ypJcb++75V -cHlZcVuVr2Cu/z0QuoloSoxI7K01sreTOHuN2UgN0MSQAr2O6qpT2lpWtiKjTKGY -N/di4Fhe5Fg8axUM7R63Q058LfJw2kDfWUiL2zwWqB3NoBMCZWqX7NhofekL4a1e -2ecGR1m/HS5+UFmC60MsNlr9Uv3SCd2MAgUAKzCZ8MkorjSNhOE32PX8+5+jtT8Q -B6vcZbyO8IR20pxSFrJILSSR4jA1cfwKPstKnjR5LXq2U24gZ4gauR89oJetAzE6 -pcesXaxD5Q+p3FQIrUTlijDH+cTesamY8SVHATgJBJYIN3p7P5r/JoDBy2c53gfK -7fNWEbj1hT8x4d1APvfTZI8qELtkd620CsURtsuzMO4jh4798zlvlkvIbJPWPHYo -RNvdUxQXR5xMonks8VIznmPzcTLGxsFNNH16/ZiJeZqVFp7CqjNY2/nLszp4CzJd -/hOagJdV7sfSJ4eosX4= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.der b/tests/data_files/pkcs8_pbe_sha1_2des_4096.der deleted file mode 100644 index 38cecb0cbb3b241a4f066dfde1b2a112bdb07517..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R1TYQ+2!d%{!t%}7S^@$H00e>wNP|}2Pk(7+ z?Da781K!?*xM0$O`!UK>tnrP}&f@pES(Wnhj8UTb6Z{_EMid0Hdr=wVNTZITx>m%N za|}N5P>I$pJWk|{%2t5J1ooNFi_V@x1mOM696`X`?i6l;__B!I|3^E`8y#2o((r(d zhv5i$`m>wL%)aCwrf+(^)a%;Aq-;3==4RbW4x5;(yP3@E6GBP}xNWCPEnzN0?3AF8 z^-y`{c!f%HDA+uhWT+ZGS@lz@g4ZL04PUQr1px8s8 zsI+8ebbz5=s|~jVV~;fMf58AkhxzgtTH=_A8f=DH>>5s~i|%0km8z08oxVBu4b7bd zFx{#KfI@p`J-Xt%VffOi9Uj9wjWfmDs;l7?AureyQ{*-ZQErnZlK8WsYJ;uFh{$-3 z&62!JW724ReYmU*en%pYN0+PdW!{g0a`Mig7f5Dzcxl1R3UF^%r|wc++d$;?*2pO( z6tZODiy)04D?J|AI&rNl4U1FPP%#{};wZxCZR6PdpbDHOBGSlCrNaGZ2B;E$Q4>%; zm(AsqoC4pAk3t#%LQD4;s=Tkj6BiC4s`ZS%<4r`!#&n?Hx62Nl$6-cbTyn*15!!;8 zpi0t&&lDWObNtrp_2X8YzLp8!Nq>I=>bKH4bjvroYxw#5ECGR?H9>>v`8{jLplw;> zBU_1cRA?pKVlhJT?8htiVN;X0a!9yuYFTK2UkMA3xLPNLQE-hjwzg{y1nl>R1j(y} zyvq9a0W;k%$%>|zQ9Yef`SNa&g;3hdvspYJWSyFR15A+~WJLu*5#9Jh=o=koR9$OP zXHx7g_#dc_3H8&iDPB~Zx7Ye-tN7`klqpcfZItcH=!081@r;llB7GO;iaun=KubE8 z7DW{yUP75VN3bS+)&*w?thUF=tPfy_o{Zdmh)^yeo zXn(ZX6f-v5jz{ghiMV29u9LvJ0|Xk8@pWId9U{J<;06pBzg>ZamXqMiA(z+P_+)^g zId3U*9wFDApzD<({UbCWPgZDV7=~H!5_{8=0^7Z$cL^ZW-_g6ann#BAxfaG<3w=Os zsIj&8L=$7lM}BG<>AqiTBB$LZ(_on;8kvvC64pGKQEv*{ALUB0fbB#Ggx`TsZfW(F zt1H4<8jad!ez)?@Tew_KH)vvhSXq0*&|MoM(QvM46WEX&PBWR=p+nNQ)=Y*IG!=)R z$(AQ~k?b-Z<0s1vq}W;b#xr)ee~}EG$lUXZi`Ghved`+Z+y$uho3PHUXEq@~7wFQVE+5R?e1VF?|Ccc6puDSh|v7n(^RQCz($v_|)vZ@D%S-(u2C; zvpTf5-} zjH)!h8wHd4O3MWmuJwj~AmLh`HGD=Fk&?G{kcMBb<<-ax&g1NxyMSS`n>cSDu*Yo$ zs%Lfs1G_u`TD5k5vR25 zsLO5M<%tOffW}Z)6m$8>GSh^Z)@g=JK`Qd=XO&-Grr;#N(Jp?nTd&wiuQE2Bc4~0<&d3 zhPeyKiTK!pnI4}X9@kgx7iqD)ztx@Wi0O4zVYmM-U*>(YbcV6T8^DlE-cJVd4alN% zE#=4u4d}y|DJd&uB7w*u$V_{o4|$tRAJQ6{AltF203By90K~)&wj@rQ{Zf#m7z$SN zj#(aQBD($NK|bTx&B-gKg}l{jTQsS^JQvT~hMd|W>^jLp>R6rWm;%Qpm!%&3ggBk- z$|8&QB13!<+_k8?6tlk4sT43%cVI{S>O^}M&+iDO+NpAIFHzl{7)$ZtuV z-F;k<#!-t7dCh5TnfWx=sH|26ZL=l@Au0Bvq0W)FKy3_bNhEjoo$yy4}Eije3rQJiu zMgfoP4hU%U@aCpHmI=r gsf*IEcYk2GJi5@Y6F_H-NpZeq{E2MD`cF{Jx#yP3)Bpeg diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key deleted file mode 100644 index f3f7fe35ef..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJajAcBgoqhkiG9w0BDAEEMA4ECPxYSkeFhfn5AgIIAASCCUj5M4r1OJopnVtB -kyYUjmtJv3x6ricsKg6xfG8RsdP29gkrnRcFUvqA/QsZsrHAFlymyvdu68245/1f -Gwine+PDLBmIOmfhJJ32K6Ag2BTBqnld5mXaV3ykXcgD9oyxTPDU2CJguRncTFtY -CYT5bQvWG+dd41mblHt3cs63CaUePimzjIX9n90tPzAZcHFErYvgDzVdgZ1WQf45 -JwZelQ6JiMFCO6Kd2TMUM3ctcA8uFxoxlBCSw2C5pxnCYOskh5FJ0uFJ2TSP6kOP -USErm4radP2ERKNucsbzD3nL72Gl1nvVFr1UVEyvCLHfez7+If8X4/Ix/VaqgEJm -2b2znEK/UKnZk0jPrFG9NJ9dEgIyha3Y5NX28rfEeHLaH0A9CJLBGdKdrH0FIiA3 -GiO9ayiA1W3g5ujkGu2awPFvCMk0J5CffXumMs9BAmBMllJpVBJsf96l5lI2Q3BY -9+xDGxNf0yYV/mi6pKufIsU9GHt7MhQv0IUA7l9WmjP1jWUkh3rFeDtXow626UGS -qSHmZa7HRxiXuEmDX83AAdMhJpm4o67vmmhVnCALIdYSjEJ0lcCz+qK6XgSRpwvJ -+qmAF+W1ObkWI74d+w0XbHPLvlY7v14ZMB+8eCC9ANIyABqOgdhmmrD20mKphYXZ -ZgPOg99e77ijM4bRfWKL8NdFwRv83YUoi1HvZN9iltMaCbWsT3y3OnZmuFuYCPLj -oeQQ3r5bvuSThlTXWgbuH3YkYI/CW1Gnrevgbu0h0SuO7wxVWg62ZOAPbU3cYBkF -5/PACrRdwOaI7HViz+IPbzzsIArYGe81E/JXXqXfGkwfTqXzsa3resZqivlTVHtr -Rk2g8q253SEbL9zy4nNtoSFWgMmrGdbeL4iczQR2aKmwRKyL6DwylrCijwPEONjO -yik9P1b86jmGCZhh6VFugqXSyNDSUXxiAGW0w0uFhL8cr9n+WWfb2j/Zimsyv+wo -EbP5zMbYAK9gFQ1sOEKC9Isbvsgl1uSfaIxwYx63LuvrIxMCy7w7t6v3YHwQ8Gcf -fNf/VBjR+F764nqSo5XgXv1MX7ctWOQzj/Km5ix8cPuPszWGOvHxAHj6IJljSG51 -arq6NKrA33Y4bm6XxhU9BBSZL90CTU4lguqhznSl+I0VS02lqt4m5uce6ikyHFgq -Tv8hoJlW6E6CqvBJZWFrItoNIwBIJeGtKsrlyKyRvYhCdlDTteQmPNtFvvEjIkKp -AKofFUmiPTjMJ3ZBxydVnxUmdkIwGjZKUU0I+D80ENAHDLpYjKkgRC66/kGjqKei -pEzrTBXZ63B2qKitfShltE/d/Q5LpZXThQWYziktXsfxzaZdkKzb/Yvo9GnA4ix5 -jUDQBIIsKmtH0t/yZar31CGRqOaraq7UOYLN6+tXqTcW1e+uGzY/phQip8PQiSb1 -nbY5xekZcnxN7T+TYJ4FNCOQzsocskOYPpdXy/40h6aHvJ5A/PZM/6MbATRo10Vr -6bqlmPAcy9OZtlu8HEEkctVpER7P6wlvNGzzFIg9ASZhLqEFH5bKcjZtoWG3bJLH -va6U7pH1mt4Lyn3V1t7ZHkXLyBUbnE+Z5OxPown7QNT44/DG/91/SOy4Ugl+nAuD -1qH3QAs8aGMJM40LOH6Cw0ZOOio4S8TNrmzMFEVtEtpnGuLK0Gj5+fjm7q5ZEE3Y -cdkHFnIyTE62VuyPWFVkFlZKVmCRrVH9spfkPRjZMBRaGHqk38V34T6IXaO5u6fT -4jYqYN7dLcQ3xmGG7tDDkqFMAYWweYhUNPZtAYacQwptgBPPn5/iaUirx6T/OsSx -YoWIhtPsQoKn2lWosxlGFmoCyKlMvl7WuyMys2uavh5tPHw9wzzDcOH4MKxtDKgE -5/c+GE/DoAiLxPoZFx+qLNI3kAtq2FMJLbY2r9cQf/VXWnGHZD0b8UmHhXYR6UvF -FYpo1OF73zfx8+zJFRbwI1iSeEYHaGRXp8xEPWvB61wvojbGoZJhp5V1rPtO4hI7 -hwIU64WMn7WSPEcUN+Y3eUMZFipMSp9UQ02g2R8hvD9LJ44f995DuOEwT7w59NPP -MEBXL7hs/LIoSmKAgpvV8QUvbehMMh7/FWq1DUW+Ixf9uinwlxoIKFh/vaw7Hl1w -/YJWZvlw2PGGle9B5lQSGz3qyfxNdE9jP8V4Egl7xPar9B7vhANTCivpxpk18tYX -JiIFVizxfglZyaEHqvuymTfU6K3MkF8+34l09ZqyI26JxtptwwfEjyO12CJS618C -L183TGh/j0xDpahCu0j2bCHU/HjPIVtJ7M2EVyV1jXtDggK/MLAQAxM9nW8cPcFs -i357JmYQdSylL55umrj+l4FDYCGAk1HgHN8c3QseR0mLP7rleKC8YcE0OkA1I+2Z -kYxLuq1XQx5mSTA/BDtwmLunZjBSxThD6/LO8pThK4s4m1d1hNqCJBTseQeJX2Am -fF5oCO/+pu0qIif7qPXEdPZn5ZeT6Qonlf7oSGCY3Ov3GNZuzclyr2qYyARTvFfP -HX8nUZO3vWfAm2i7fKYVwKc9mqavpdx/LI5qEbIhZN0QzynZA1WjDmG8+jsL/2tG -J+DCKOIfhD4YyCVN1yPv8rCLDQELqdx/n533S7fDXH7L/NfTJe63M2o3Fv4eiDqP -jqOhr/fHx8apCwNC4q68zWoFAthCflCqSp3MFGhvwekcO8hXh4KTE4RCk2G0i6CL -oJUTDYULCUb7xUix5scX6SMF4YBUqINV/nffziE9SfaadSYp9krgNwvcJYG02tnz -O81Y4rWCK5JlIyx6t9r1vKoxm/tu1sXZgbU/J+e1sth3O50Ege6WP9Ec7Vj/MYIC -d8TD1Kd8sm1m4DZPpqUG0OxFvSEZqVfmBSwVsLDB2wr9D1nCfn9WMTj2lSvkhObt -I88hpO4EJ/kjH06TejhgRnuqJbpULpCr8YG4QQRCQxuMw301yohhU+D91aI/N+j5 -oHVx8kQX88vqSpzsrq8PokyxCqztjIInEPuu3FSmzAxd9vyMvAOWZzUn146N3nvy -PHrsZOiNUIoOuLAWVwm3QQupyt88dfqX/RGqbajFJdoVDt0ULwQSiBWYUQPouBmL -hAfrm+jtdorAFDG9WjAUEdsWQSvOk9ccZeNB97BLxmSPZbTXm006tarrUPNV2ycG -1Qs6LGLS17QGzDwCa3Q= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_1024.der b/tests/data_files/pkcs8_pbe_sha1_3des_1024.der deleted file mode 100644 index 82ff7265ae96b547873e61cb0a6b53f008582691..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2)-{PRevHgR00AB00e>pfbWj9T~1S& zQZEPFCVeAZ`5lUjJWv;o4i~MKV~4IX+4!`+!U3A&6-rgCLQ%~Km8Bv3;FD*6y4SOY zXY>c&f4iW`0s)fLEi2pzDj!KJ!*?CQ!In29U^Rx)s?I^}2Hk*41^TLpdl5Rj+_J;` z=MVNGf&qK^@cML#7!T0zIg-6S$&ez#dx5aGYg_xiUeK51U?IkzAGR39{37U2KL(lD zy(yf|2yxt%k5k9Oog>*LyQQHqpze*k(&(|kf=5(WowQT7u5;2x zN*#Kg&`N|lDrtFeI@sr=>+$Ddw~vAxN?O@)|79~L-uHzJwipQ&Fs>|OZUIh}Lhxb} zh?>s)k_~v{jbfBG2nuGVlawXWa8}wXeN&Y5O4A+S{DCZwZ{O#%DI6A5YJye&=~k84fLpureip}-OChuyvd+2<^!p!yo8 zvadkDzsRf0TcPO2?2?GmSvr$ewq%Q9iTq zwQUcFeom~AnqppMLg@?0=eh0C&a$IW$Q1TVEC57Z?U6CTl6^M-)l`J6*;CK{3N}?u zvCD#;h?2%I!q0Rtvj<0<4i1v)CoG%kjKkaL3NEJZ0~=5@GE~n`1WL0G)*8k?GApFY zx*ZTT@E>a`dgqxvJtHSSugq^uX}K{j+bY7tgcEHz`Gb-$>3KPW(S8>N2R#|8G z)sdAH>jumMtN$(5eTJ1ne#UPel2%g})rpZX^{?})ykwohA;n8Ro!2VRT z0E3F}i-rV&jo%|n9m>r6SmuDm-92PCVaXvGb2yxC1=x+VLzD<0aRzUAWH`=&cex0d zXf-ri+Q#Kqmh(;4G)xv=xC~tZtK`M_buh{3Np{h(qvJ0G!^fw%R#jyiVQQH+34nqL z1K&Covw#9sLIpu_Ty?JRFgu$Lq)Jkvv&9+~YJiJ+tAc9r+gi?H59%Y)7K;y!*@YM| zq{3z{Njr!*vOO{E3H4Z{8$d~eK3AsG)!zgmc&rp=?Z12fq?P0m4R^WE($1c{`}^cP4aIuvH>{0|?nqIB#e*TxyN<2)lVJ!#6mP z@KkRC*L64)Ku`P1;ZVum5j+*rN?0gyfSA7qIx|Qclp(@W1YU(bkp-byAYV?pexPXM;pKqg49i(!XK?xXDH-RiO zw&Q#l10SEirxoLx*+t;d%j@i0#>5oCEoYdpTg7x|HK}ff**3+`y-ODTy9iw?zZgzW z%#Dl7{6=1H+!`l7zlL4qynr+Sp8=3K=&71Ugh{5G{YG$d=HKrOB_GLgLYyci6-gCa zgDbdb(H%C{bHsat2R+gs#MrxJ(4_c+ia9>%|N8x#NQHKk^Y>+Q356p??-;J<0KKs6 z?Bpa-mk319I7eh+Fm0&zJtn@Y*LmJdbs*y4A*=n|U=&lV+A!>z;`LH7^V5^^H0mmp z>w_ec7RL^c$oj>$H{waOSmyAzSr*cm(wdYGwktvq6ppH@jGD#-G{T$pAT z$+d82VLoWbvu``~&Z#sdA)B4D!bs1n;NJkDCl@`1_q*r`#2R9!2??ZgR-=wQ5Qz)# z%Yp;0^6^Z3`|Q_t6p{M+R%>O_!mqQ6R~DP%W}XW0u3%|}Kx?DPx7IiH1Y$-~%?&sm zO*L7|@9kYz&YMAE}mkEWM+&to3i~s-t diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_2048.key b/tests/data_files/pkcs8_pbe_sha1_3des_2048.key deleted file mode 100644 index cf4f4eb677..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_3des_2048.key +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEDMA4ECNiujRMQRcGoAgIIAASCBMhkPKqJt0WrzNqj -6mmg3kODdGl5iNHU9FQOzGRLEYa6jgoRefeVVTG1Xdol55JgMvyLmM2kPR0hQYAD -tw2pjv9E7gsMSplrRryxFZNeDz2n9jp/lUziDCXkAQaCtH7FGRSOCu+2HE5x1J7H -YUcrAO0A+c0BGKZbSwYm29fujT+vHkwwg/E+TEiddUDVxt+qPyPhtxjWTy+5xMGE -N5BXJSe7kJ8oqZFFOwIO3+WPbu2jCGhUimLOK0YxQgw7cqJL1ys2tgtPnT+SQ48T -aECllzkiJ1fdkvqn+rfR41m3HMctmdg6vIuCd1fyKXEJColbQIbDDM9yBKz1APR5 -nmQZqQm/h9kN1EfcTh6pZONVI7pczsuZx+zfgNpS2oQIHEJy/vlKimMjd9kwRJjx -2Ccd3tGDnptQ0Nv1o8CHf5c3rvuB3tQV2XOZYAjKb09KmFfsM6BB2E02+cSiVa8f -LfqFvBNsA5Ti6e12VzCiW5pK83zW5QlPfv8H4VjJq5vA5KEF2hqnvbKog1OLo/6V -TQjlgqibWFQeCpiTB+zdqaA+j9qiyDkGxZh7zzAtZI14QkReY5Z14Himx5FmUlRl -bu/enc/pkkYfuu/Q+c2u6WaGUZfIW8RWvKN0V7dUqsCwynSVcO3tEsvHwsIASqGQ -p+v0e6cjxXHkOB6tkhooMxte7T25geZzclJnq1gX8Nd3HibSF34c99z/6XKvmwmn -38mmHySj0H3C0F3wGSxnd7N66xVI+3ivmPrC/13u0ZNHUERI4Kyak58jJ4feWCLW -0UtsRTXF2UwaqiRLFkPn4jNQltvLQXEITk53rqH0IAcawFQyoFjXSp0iMbVrXgoQ -Eb6nIcCl3yOwUy4mGzv61itve1HdxY+47ZixZt0r0lYb+CvIIp7E6q1JWWR5YrG8 -OhSu49OMX1RnuzF+thvy8Fl/disd5hEfW1i8ORiaz7xl0MP6/sA26AnYXUzdZeHU -Z2wyv6U8RfKfRACzGPCNPD+UhUhQpdC72BDE5z7Hrj+GSAfaOZZ7JyhB2Qr76DLc -W/V6m2Ak1x2fNy+Zrtke4dGdT+DqqBpF10IJvtISUjJKGTeEP1OqXDCbqPqPIDXI -7W0WskVKMMu7Y+ADGjXxBGtmSnhJFKXoRVyjUt/yHzNWdJpfxwz+s0QwfYiWj2O2 -85UxXpjOUukapY7R/b+rQP3Vij6eQ3/ddGLkTLBbYsZBmqqIZv1pj0oR+uYXanLW -2kbZp6Uq4c7GwmkA4cJLnqcbCH5K0UAg/ArvCxZifTz/rQkvQ8ycz1dnWB/hLX3O -zrP1vLO68Ci9VI/Wd3OJC79T0DUfY+E9KAtE40duL4+i5LouXfkb+tZx374Q+u2b -DyWspIZaTQiSSYJWAgKCKfqrFhJLddNs7v8nK5zpgwYRcjutiZs94+9KHq6dYgfh -TSOZYP79c6lr0o32NjKl64+zRRoOyhk2fKGd5W8x3JCTd+xt2ZAQaQTibV3dAHo5 -a4sLZDUDVD93kSc6goS3lpdB+Xv67cSMolHM2b5Qu2fH3Hu4LrKxgqYV0gmyEcbN -RY+B8gEczz7Dk70J+L7kHW54ajzoqWy5OZ6RvapYpcTC1qrdnyfeq4Vl+F23MV9i -nG5wW51p7CLhHgXfUho= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_4096.der b/tests/data_files/pkcs8_pbe_sha1_3des_4096.der deleted file mode 100644 index e3a2ddb8ed3d6d3940f9ea6ea31e7dfc0056d69f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R127H*2#RypH3Uy%=K=x<00e>wNJZW^GTkDb)U~xT=V7TFJ3VB zK@X}+ipwrqaNK4d2=Q8>r|9?L$Y$M>NH3Kt0pUc&qsx)W1o{%Q*m9h!)9pNS2BgoF zxkRgz+AdER={n|Kpve39UDr)CgYa1oRN55)#z!y6rF*uN>+B(+Gh87Q?LLmH$dkR( zGH;ibs;iW9=6MRhr^(2`)_2r2QSk;H4ozR(;G3JIlLBy!FRg#_^W!9uwzc8k;Ywa8 zK?%6{dZwlcAyx*{WZbEC3u&>goi?q~`7!J9uXg}@vXJ315t_x4VTC9o>kC1THMNi5 zM~o=k1C!|^gV$v((uSo@oJ{r^aywDQNbcS++{e8=-vd%xUyWg+g&dWekX9Rijx7&p6H} zpLSpW;|jR5_(GZM_RGt#ssQt@QkrCy$w)AX2QJ5sOsD zf&4x?keb=H;9T86aOaCd3-#Dpj=8_T)u!z!uYmpI&6+4pdH(YXB$YY?*-kiZ>cap zx|qZ`M(hN(qHLqX3QCmLZsV%O?*oq?+W?5dU$H`E!r}4Y&gdMQ55Q_!nm^5j;;;dO zd}MWeW8Ks^u|g9Fm11y4gI514hr7&gbM(#_qB8YzU?zIzQDYK2jkt`Du401QB+uNh zjFkjFCpt+?)E2e{nLeIfkr&G*XZv|))&%cr&joQ3+402Dg0?_UdLMV?W{Yh%W&?D( z=KLO(l(}h`IXox6L^0Ubhr=Or*p^2`lJuMI*zMSJ`fAEiJ|5e~{EpQttO%>4&)gOglfRJOf@1XLhMqtO^#sP5+0o~}0K~e4D)uEgWa%4lSXyZ5s(c zsLeeZ$)Sk^SlGL19+t+GpeHP;Ka~QpajnuURANl0LuzQoa%HsBX4VJqwy$xJ5Pslb zoRC>;Z2EKq3`2DTYn?7}R$jj0zhrj}O31CZPHpnrMP{K5^s`ZwkQR)z?$EK6fd9&h z5B;ShLBBnvMk$B1ESFeQsr>=&3av)cR%wL3hX5Z1>$c>92Pt;g9Ob=nCPwv=%dQ^ejxgm6|dME-; zL41p96Bo9kHBee99AL;sV1```&Oq^tkocRlXI}Q~5oP>^?K8kIJqaAMLrvKXS2wW} zG%n#-C*g;u>;GX+lL8R&v+qPT(h*%Q7~Yr7`1M`saU@H zdr@)pYwhdC#!B=H8Nwc#j&nqL;_+{P*n@ZI<93r?ASz8L>Ba{N(xZXeWZ09b{?5&; zcSEL^nE#vop%F`FI*g0E#5cZb0k82bc*ga$?lZUUuY+`{zd)m zM7KJlv;d*@567cC+s;8GahwG_EQ8&wo|la>#9Yca0~lqy-+1FFTS%`Uj$MXQqg0zo zgS1w)`6EOf{C4HOJiugU)hnvg$^Cvau%KTJn+MocfgE{n@Ya;>2BsqeSz~ zdFi7nAl#x19olee$pIq*!=J}va7K~juK8pMnQn3JJ-=3uHYBddClUe}^MZLTe-LC_ ztW16_3J2YZpK`jlg8B)q=OWXY%nRO90p1W~m9BN?c zHr)YxM<6GK3>Lf#A}xVemGx^Iec!pf$OD_Eea=p{ASD4$G+{`j7g+M%g{&qxRCH4{ gJiKI;Cx_ZO)m~%j27CHCN+2dofaLDCp0R72yF4zsFaQ7m diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_4096.key b/tests/data_files/pkcs8_pbe_sha1_3des_4096.key deleted file mode 100644 index f4c093d3b5..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_3des_4096.key +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJajAcBgoqhkiG9w0BDAEDMA4ECOdloICds7/DAgIIAASCCUjAgGtjIHyoGOIB -lTXPve5HO13IRcklwoy8cS6jSwhxRy0RZEC7fqNkDurxw0otXtW2heYsuBpwbiaz -qUTJezqVgX5GEmjdA5wWzyrMseC9k9PNBBjsOPq3IaF25H7FqMUdcJoELOJz7/ok -kKFV4rvWRfi400Wj3rK4GUJbC0cCD8io4vGGPbV//8isXKaE4t5AyKaG36hZH1zu -YCfOD4walC7OSmPiwb0Xa3v2lQPujruQc5pMWvw3BvAd/sFWMRXkWM1NUyhCefVa -ATARfygLxRiiy1vUjTliEN/trhBA1Gh8by+03QSy7FWNcaxWnxeunTF+x4hNJzvn -Bdfly8jE2s+JG0gwU4veZmR0kKf6fGmntjILCYKufwEu5OSVvURh5gqRAfxvq5Ef -2aWWbUyfAmZSoqgN47haLfnDS1fP1caErtdhqtlk+PvXPagBmLQtK8AFkYKB5N8C -z1dAXL2rrS8orJc0aoIOORbhoZpqLrU26d4/qOWsCMcwyJiG/9D4TvUbtmv3+WbT -cL7z4tGuD9uJpKa9+NNyXx5P3DXWiRK4RQlfHte/gst6aszegxdyfcqzVJIuAInS -nLjuVElwcONaRRKUAVwjzEVvHpfqtE4hoUlb2DADVdmbtSjyh7JY3MXig8GrLhAf -SZDjKZb4yB32yRadN0ojTkVk74ECjsGYbeMWycCdNybvwtqBvgiZ/3OvqMK7VC7v -ygLKv4kmrwN1gz/ANc5wWeK477Q7eXJe6nOGoi50anOtke0ACG7uK53U7y/+YQ5J -spKiNb3T2PeLu10bJbh80cw/mHjyzBHVr048zvGDvZwYg1x5ueX7VDOVXuGwb9f+ -8egH7nnX9rcn7eJK54GKFmwSFhV5jYoHmX76pSSp8hiVBBVsTS5zbw87YJrwqaSX -qt7KWqdObyA/UnJzsy/+0EQDQ4FeFabVq7XDLNXc1PdHEvJ4FSnJAv5ZTskDMjhv -/dAjCkZc/F5ed4I13+n6F8Hs6Bei1lR4L8Oe0TcAsAgQOutomhUiJgXi/AET7Y1X -IKaOIcKWU4CGtSinHwDgTtUL0BnROjAOrln781dAdF+9wxa2U26AWdyLYpnEVcLj -/RpGLINT5Ycsemo9r+rIKr+v3vo4GgStMLoEBZ43X+VKfppAw4Fz/71vO4fQKQxZ -SJitVmWwBvrvmuIve4ffzo0y2XpO8Nk3sgOstOQ7BNTi+2w5qwuikV2HH9thvgG0 -szAZTxafsjPrzeoceOvY2ttS+ZfVWdv/WcPHeRSG6GvMEACyh8J738vtjUrrdATa -KEvbPiCqnlmRigv4WtO+uLMjrnzGfQqOpNfsdpNflM/TUxT5AMSCIVhMsUZBHP1i -nfXz4P40ff4KFFuYo/xe2cRayvEtpIp7BUKn+PP39GAlsZbxDPIvA1q7nQ/L8Wmb -+uXpiXBNutxp91TVsShZXpRyl5GTza0cmBwF/FQiNcPBquhxxBLFXA8TRVG9+Bvg -H/t6s8JpIebhGQZJiwn4/qrOXtw6mmR37dYASIe4w4C86qYwLJt+kClLQmix4DbM -8KsaVKCuhtxBbRsl8aOvtTZA1x/STaSNCdXDgMPICktw/UTV90F+2m8Or0Yims5X -dOiY71CEgGPevENIKsYz7Qao7bqVX4MsBpt6zVdbxKtvGNXNqXJxVvB2TDqzbkCg -ZyTqX2//NJwhxQvEi28VYrAgKoELt0CNRZE93XU03yXN214ac3lQuEnwqCb2mu6b -Lbvvs9v/C3+OYcTj2tozXKcuIPpsr860myqS7nBwkmXg+CeUAPHUeWeGeA+OC/xZ -YzQkwv99+DJnX+6/J5j9qkBn3Xlkoz/Wk8C2ibeX4Ah9gAbRm4rHR2uqY28yZ+9N -B3qWaz1moYkUZ6yjpvzc/cuy7e6vwiVSCn0KP2Vv+kDzozRxEWt2dE/h5fbDOeyE -MHZFbAXuSYi5Iw103WaHVdoiitup42lr4E6u99u4z//2ul2yPmhyAxrW6dbTKokc -lTveP2gmBFHx4ZU4Q/1rX8BfRbD2Svx0I9QT/yhIvVm5y88vOju3g22BplTwlWrW -h33DhZxZaTZU79IaJHEHe0PFsY2dKr2M/BpG8wTIs4Bfno/7hVFS9upqaZwULZiJ -h2KW1+E9WtpiYCNbFSZLtHTN6vu1qWu32v3WJfOCRW1VXY4Rn9ANVmd9BUPbrVuZ -LdB5jtHHsCKvbQOQ9sLGGAdoLPsSASfEtN/XHq5cxh8eSfxl0uODBZpXi8vTD0X2 -KoOR+gX8LdjdakJ9Z7YLi7Qw5/DHeFsPpb4BGjsq/Itk7wTV/dOpXbeXRSWIAovt -ryfQmA+D7pbYZ3Ak5P1uXqpjliaf18gIbtpldnZlcmjL2l9CjOwpkLwzDTGrQAJd -swxd97I6y9qlRdmNP5/GlnuJ0nAYSDPaLKSGGjrv0CMHVHg74nDPLyW0qjPKzPQv -1l9Lul7B/AoZ+kBgVRe+ez+Oe9QL8173v2ahoAQBP5DR0DxXbOvcgKPrDdrDupjP -U/GRIig9mf1mhR376ZpYMe+/QunMdLckIhePbpY3MZiZ17iijy2jxhWURaEJ0Y87 -4yy9+u1Yu5ygHSZlDOOg9irrk4+cwbN8Nd00OE/2h0MKBRpo/PwirzVJuuWKya3A -u2b/r8UFM/Ly1nVs53lG4455/g4/XwpTjyAvMc1+UkIhFGvHCucdhiqqyY6fN+Mq -/sK6fwh+IwRro+e5HRKLELxK1IlHSj+mi7pcRaesm1XYa1YE0qMJZFM6hdsr2ptk -ZGbioH1hBvny9WZ00yFUbyvtz5W9S8DGLDFWGNEqJuD20kNq2WE7eKhCdQRkGOCQ -XA0/N85lQ3teQyHZaZg2AK0LWMoNcJsADzZTBXGF3N7eb7rXohFl2UJFEQli4MZH -EX6cL/yHfajeRmVWO39HyvDIssukNGS19Gb9yN9BmcAjQi41Ftj+tO+xRH5g70+z -pThK7K4gmmTmSXNW2BVbHAoJMqRRMAVkhAK4ZQohid3SaFtv8kiyEJuXeoD3Q6jC -O/BtTGVtnfIcX0TPRsUH2OE7g3n3Ot/9phIaftWqTwL2YLUvOOxaGItMXSglf4+H -27GQYvfQeV/jvBGypXHuGO/pbMu3cRfgr5JtwPgyHPyC4rH4507eR2APC2a2XpAI -Ht2LPuhKmpzN1Slkpxw= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der deleted file mode 100644 index 39d6572a5e856558765459eb5b6d3b870840a9d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 673 zcmV;S0$%+vf&!f|90m$1hDe6@4FL=R0Wb~(2v6}0^P>&g#R38d00e>pd#5||zcQV+ zs(Zj&E}a$uxtTaZjY1y4)b~I#U%&&9T--*nV^xsVh_=OtCq8(NMJ*FMayn;=IN_5L zokGTkLys5i(E!YVIjq$|3cPbvD`4~`qj({qM&qJibFcv&qEq@bm zJ5xPB?T#}SE)C+BkB;pOAvJ!y%U5`HHo=*+r6g!WF4Kp~}8*KD6!6eQ>D z`L3XV|C8}e+mZ9gL|d9l1>23nZ_Wl$^ix{Sunj4EIigl9%nM(2;j_6qHR(!mmaqlo z-ne~W{ha*!K(0rzRtBF=j`KCHqZ+y6+kjovxXT5PIo}32pnd``AyYGG^~c;iK`6r8 zqvNK&aAhqX8VhZ~i}S|`%2^l@OkG8^OpGtA4&_dn-{m#9ll?J?DX3}eQlN+evlL-M ziP`H`*q+I7bc_v8ML>;h=(9465?)QjbI0}pbjdf3?;CSrp(u@3G#d==1f`>H>Zh9? zpeMx&$BBENnat9>pw%7B_S9CQ07ZVCE-2k)TLLR7!XlXoW#t4-jHiOrT|P&fI_#V0 H#7@qniJ3rs diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key deleted file mode 100644 index 94a4df4ba5..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICnTAcBgoqhkiG9w0BDAEBMA4ECNbmP7UF8CbfAgIIAASCAnuA63P9lQDRpOUH -RTWs/TL/H7tTBxLZpCiewFAadKpCre1TBDObhwYuWB41lgLUF1BXMv9ljbNF0MiC -Gnau2x+nzAtc9RsoaRTazz0y0OxYRoSXyDgLajyyAKo64aF+2gKofPjb9M6rgkXM -3kGBbH/sQ9KFoXnW8B/gNgxI34Uwfxn1SqCF+K1qW2ZVkW2kyMrUSAvTrBpgLCjN -/YGxt/JvmceDxSzIPLzegPaA9fCpzNldDn64P7csNGc4fbp+CJ76hJKtFqlMCtSw -7o8XtaQOALPbzh5hNaHycDpwbu7R6IJP4k3fgPBzB+ZmLa8kO5lnPDgTIRyTgDh+ -J55hnPdoNqekcVSAziA7NOy+MG/cz+eElZ6bkrNSRfmhmhc6GDi8hfzHObS1DJSc -BqAYSu471EI328kSVkQ6zZQUKBJbpGe/PK/CpvXxjp+8fYMfv2hCqAgQj560oR27 -YFAEZ16cZZL2o+JmffSIvZBuY/M/shYHOwukz6iGatcpgQQgl8k/3tAQ80nzP7SP -q4XXCY3HP9AL1YrMQohyuO2Y+i9uO1yak9gFaVM3i49d6iNs/Ujw/oI982ZHlCBF -Ls6sP6FnbWXxlI1UAkKGuMyh3rfcEa0qbkNqD6RErtlefKVtYwcJOeUT5axR2ahj -Nhe3VHMky0Aq9dgsCMDxI8Usca2v3xrPt9utGhvG89PmgG0YaMmPBADVwfA+L3Sy -n/z4GumLLG/mC/3ZwGzLN4TsIVhQcOthLXf07e6qsSodLMjCIEmSrcNiU9c7hCl/ -s42+lywTdTw9G4gxLmiwxNdPlWd/W7o4c9YpukXlIXrTguTJkTyXX2kaCY+SvNsp -9g== ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der deleted file mode 100644 index 760187edeff89353b6a15652f8fa1a56b4d6db24..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1256 zcmVr!n}}iz_}bu z4p~?S_bQrByk$#0Zwt@P>2VRLYF_F57ziGZCbYol^Uw3LXX1-Bge)ZJ`7xO+3`w#v zFkta}y)Mi5$hcLyAcbulQfHn{rzp(~7h{6$;2S|bmt?VP%pBG{1MNyT`#G(*o?;M0 z7n&zzZcfF$K9tqPp(15n4ViR53#C|>S>&iDJo)!#BqKton@N)5-t?%DeN0_1Dqec4rSqTzV`Uzuab}TyO>}z~e#T}hH zS}RbaWEvG;#`2asOxKbVGrZdsG(a9Zl$`ULyr!ZWQ9=GP1NS5UvL3{K!;~l@tHhNg zm@AJ)nAfaQ_mTv+*$RnHFHt9ZJ%nTJ1w%1qW1fWh@}JG5pAZ=zW0j1pgMO5Pw=NoK zGCT|e!)*aL@TU1+#{`ou7MBXr?+=4+exD4APOVa9ic{@xSfTtZ}~C(TV?X=az&zoKsR>j zaEp8Xwb`=lvdYO4`i0Il`erlg%4ZUS%AYxqlGjNek1wbdI<{p_hHP*KDMXYzbOV*s z@i(x@$(PVr58FzJsn*gO9?QN*_9Mq2JEK+~;#=beT49$I_(JQDS6FVr315_GM@raH zNj+=V6+|^{^ft5_b+lxDeca7JgI3SBpeap|+!+`o2-mEFlfa%`Z1d9IQTBtAZqoiR z)tzZ$UcfiBo^qzrH1xW3??%5rNQUgh#m1LmOb@$zSm%(!nofXf+bNH)YBE&WVMwFr z)#SElkeVHUTDU#-2$pvvsQj#dRS)qGza&7%>u|m-I$fU~;7JpX2Z-VGhz7f>U;xom zlndF55?B%XGVl+(W<7vLE-RE-wt0cD8^G^uWqJa)=^fp3m2T12r8_Z@ekplev9+2R z6u|KHX!_p9m#{0L{{{hu=~!+#bg0xOp!-cK;m@u3@i-l0U+%LKKNer6BH8GJ?Z?GfJkM`D|(@2nZngI zPteiAxydZfoPiR+mOf&l5JJ#;qYYDB8fPPN{}28%LIK=XKL^6y70pLLM$3}1ox?=0 zmFJkBUs$j3DP}rQjh`|U_0p1xc_vP`BTZCR? S#tWaa9S`kWp%Ax>aCSXj&s;J9 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key deleted file mode 100644 index f3be991e9c..0000000000 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIE5DAcBgoqhkiG9w0BDAEBMA4ECANod10o/6XyAgIIAASCBMIhYRF0ehbnMC+T -q8Mh/0vGvpn2rn6L++Vam+jle/aTKct49cIfHemIcWpmewwbtyAcY7b01hpbKL3D -T60jbR6Jsf1AFkk9SliC/zS9sOlshwoNrb306ZEU3NA19zw0ezvnCZNReY50ABbr -X6zV1zfJKsKZ+jvA7EQyAUQgVAeN6L5XpPwYxb6+CJfuM0iuolavZLVUFrIobQQE -aI7TUnXngQARK047nCU3t4dfSnL5NmVf7uHbhffEwjvBYaHhDSECSotOCkDydzdt -LJdtasuApmvX/c4qey/f9yIuMhDKPiIjqEVqqAriLVMs3pD9g/qxpqyrcfwQ93pZ -ARj48cvyS0AZTeYsc3DQ0a7rOe+JnPzzIaEAeeQUW2cffa1/h71e5PoniB/imcTt -QpYNCk2xqxJ7jLlCtfzwso1ZNeXxlLqK3jfpsMmBjAzuPdhYZFegbFyCTl+hK1DW -CYTTo/vL+VJOcJ8o+v2vQTMA9vJYNwfwEyUN0CxXZL8IsEONSJpIg4OobgNH00aY -yXVkSar+HHOBv0XvyfruiupNsvb0fS+U9lyLq7R8fnuApjzCas0gBgP4X1DWFmm8 -uRkdxFTdAnyo5BEDKb4SzYS0c0wxPNTKU/KLI17DPZC3+UDZEyqug18QMXl5kZce -Kl3ofBYuVEbcQDPhzwRJ69iJ+DJZ5Jy0mpp3FYdhVBty3g+fzEqQm3DSFYiXSWz+ -W+NlmiJAZ00kk0Wwi/nfKfXpdoQ1gcUOHdcEnYEEKF5wcBJs6uLuVQALPS1tAU/B -S04PLALo/AR28D/MdAjxkV90mCKWQahks8M4IVqXeuECE9AuXd8yJ3geF1STeN7S -f9xkdyB9n5So9zwaaNBauMq6F6Or8bPdAYN3CnQuoodqFFzRiEwGrqGZX5ht5n9U -ROMmkBiqGfPcQ+LISvKnzFrf0n4/+Tcn1Q6H2vpHDwaXAh4/nnQL334lG7NVsDzk -j2alocZInPZBpb7ehL0OJlWOVzkxUs2n412Qdew61/hhed1T2u8XPT1GZTgzv3fp -1HdBNxSv/B5m6ZIM9Qc74Ibe52XtIBrOTD9jETrCIxVEi52ClFTQuVZ7PwHq21WZ -FfmJ3c5FxNPN6VmM++F9IeStSRTtohtds531jORKsiXiX27CYru9zaX3DzZksWFk -e9PVbccTcw4wYOJtiYA9kIu1qNVHDs4+0xCNvZeS+92deI+TKqP98Sk1+k90TtFo -ARwkOnCgFVhQhpumT/CmX/s6gtFq2MSpwely6kxV6n9rsVm+Eqm4GNkI0tBLwQOv -OwZQ8zTGyZ9wqcVfU0Oij2/475C8EoRmnkTE0JhcCcdei1CUPmUwiQTAhcXiqvii -f+W21AysbugJ1lww2bBuEvG9HOaunIYq3kCFJbrmY/NZaEOLuZXKbh4cvtGUjFlr -BrBEc3+rmjZXXKcNL8PVLs+ENvBsgKUOcf0lj4DGI0ZDgPKgcMyLGbDDsNPtUKUc -A9gKH1pMlIiS5gKXp+O81eOihSExTrxxnDPqE32hqMXEeS5rVoDHIBEGzLE1CTbR -9tVNuUQHtv+5V79ie5hNweqOIcHFxM3FuwbOSDGVW54e8awj6YFQpY1pIt0n0rYw -t0oJTQDl0KU= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der deleted file mode 100644 index 8b538fdd54007c7185a26a29304e749b51eb8a7d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2413 zcmV-z36l0Of(dCb90m$1hDe6@4FL=R0Wb~(2%syRM82?XeF6dq00e>wN7m2eFZ!${ zjfk|Ov53+6gmseahAGjU`L+PR<;&I9UyXcBm5pNzy5G$S8#x|VYHfmkA>I?aZ5vM1 zVZGsHe~v7M0?P^_D>t`EC|+ucuF*l|J56h~;H}p8K8_c^x`_9P!To%8(Th-91A4vi z2}ZMa#rReGFg3Z_9&+iA8S&R@v^rXt-E|u5@eHJTE8JtOfpv&{wim7(6=*72xa_(g zDoE?~Sw*xb`(ZKQ*RQ)7qr>T!$HaF=<{d z!P-nN%v~HkglRTJ)PB#q#TyB@F^VBNGwE8I5kbzCE6M$An3+43om=Ic1>Gn0_)W4b z&j>29@x5$q$}xvVn+?}_E%`0l?A#Ju*PGw8mKJo#Cgl zb?@C*xyo>OloQ^`=d58%G&oL}x6_;&Y^r@7r<4pzZi+wojoZ8M#LIhZ#$^Xf(a`N2 zkHwl1k^|B|N>1ik^gi6zTF8kxklJYRClc-9%+#aEB zs182<_X2#A@IGIV5a*f$MUVyv;9~NjOcElK2Y)I=y^}4y;lC%UDdY;aM6647#^a(8j_0NNiQz$Ur}t~hJ~R^_mPDeD{ddlCwU@sV0%1P8cWuD zDdmh@Vg+<(AN;8V1tGJkhG1j#2j-P#F+kR*Z%TeheO7GjYJrl+Y25eXnktG0x=>!o zIlkOZ$@C%V{O@FYWW-<2Hdf!Qng7X7OUGsu_%rp+LTda7`uY~j!6@qlt1Aw6*_Z<0 zym%GJ94J;*Fm?^BU}%(Af{G@&Y73!4+h!*!U>;HL*bnZ!6IW^nqKF!Mju7g*%$46e z-suXG?;}B6eFq~0oep>B!o9taij;;P)n8&ue~K%Z+6{aAs@T4~QF7nF3-QP2{q!nd zcqJ!DI!7=)iS8*EfiTh`f^aPuFR0B;Vxy?wKNp;NdQP`dmZ4&9lC!F{B?`3j6-3{a za(XR~v7JxJ<&D5%O*fKyEI12|g>_rY%lu%nOtm!2FT>@hVL?jt>55R3JgRDPW@gas zE`>zygzkV<1VX+O$rCC^rZYjI1Ys?&D|^3TiCrtFo@)0f3O_z4>kMsuEhs)>{bl+_ z*O@Z%?T6_8qSrV*Ap{xlM{Twu^YYZ0h3AIRqEAE3O1h@(H7z{p)#)LS{_=P7+0o|7 zxY8RgflkOQiXyhp#m`JACm2Ok9lLH;eB*Eo63TacXeik^eed;(Vp|&2JB#s^wnz+UEa;RM{;wIX%|ebi!4g^6pk)Ooydq)g??zWM~ey-GqgmS-%( z*Yr*<(BC;VSfqEK#KGh{n2zNy@WarueE)^e0x`S2qI2SU9%8~UWcs8>gsgJ+-{7M} z>RQ%n#o+tQliq8gc?m{cUv|^?n8y$d?R802lkzhGX+v?$8PWW{0b0dx)JFZV`wb%@ z+-)U-@$n>34@*ohYsv2-E5EekvK8m?fpM6$s48ie!E7btsyGE?4s%WWDnIFygy%VH z;8vQd;9c3L+UEz}qDK>Ich6l9eP@kOVYaR!NjfqPqTUH4q`qKbskf{ z2_|X#!!KEk7g@vRjak(c3qtGXwrq4)SN@+6ntd@RSX{$70nUvI0PkWl6qy7kdLHk?=?cC_Kt-e4}f(4xV zEi!9T^Bp5Ev1@qU7@>skVw7)@-Q#932w9~JZPwNh@*WzJhx+d=Z7gI(b+uj=q~p-5 ztj4E&CfM#%*x=tzV+Z2zj2gH(|Z=WkZlq zxJ=HyDM;rWlT8CGk=~A&xp-@g^cu?-a<++Y%pRT*N5T&S)9xk#ouI zPcJ|Z-t$`L-nM~XkOc+flY-G-$X(f$Ubb${hd;ptARPl2Fvj#BQ1A*IotAxNH}BWs zN0WWv4n_n6)X2l>oJo~3ES-Yrr0zP88S#d8R1kp@R+V2UabD@GjeX`87jET4tJ8#ppTZ(s6kMO$<; z@7U?VWYv`Dibg}M8RLcY_U`G{Z=-Kn#=yTn?p`h&zYnyFbVilJegqUB~Pw*m*VEVP#X*_ecS;)L?8I fY)6BFM&LNQU&4g?67mzy4?FbgaK z0tf&w6b1+?hDe6@4Fd-R2o03VaOt2`D+Gc9fVIUQ8hM(XeFOWPZ5);oASzYIwrhlBa zu$XT_UM{=AT0P{G!}H^P>RquV)n5U$vcc_;hyv8wCcInJ(}%6s7G>eSW9vcoA$`K{ zKd#i}#wQiAeQEVddH!!PRQi~O+ZFU^^uWGy~mEF?m`bpI6@2jAF_R&ENP z<{f}g{fBQPNqa_+K3m&w2|LYFKBy!@JVah*Y$O*2Uogu0auiNnp*!miUU)q~ZhCsrx zXA*?+*o?BJfc6I)%07LOBnVR*#Bsrp4EwIDxW^uW$ii!Tw*Ls-iZ-5!sS&^7s?q&? wb$_N_PqZAj43-?a122>&HhOajNh$EQx2zdFra&965+kSb-np@jm`cStCP=(l8UO$Q diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key deleted file mode 100644 index 5e43a56d13..0000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIH84hnyJLdCQCAggA -MBQGCCqGSIb3DQMHBAiOq5X43zb6zQSCAoCbPjReKG+eKwVvc/0YBcNz62jtO2vd -KizRjLbGyQoQ80zEeeSZSkyFsSc026vI3w1TWq6f0+R2YovRyyetyb766fC6CPey -0xvP4MTBlWMrB+O235A/tLOV0C0iEHyh3a6YV67KLRh2fa8Y44RysdQj8MP557LZ -ckc5JZM06U9Hh0iLWdO/BdXg3jw4gZ59r0V3gcyZhy4m+AsTEswCeHpu+wXYBkQ5 -Kw2HhK7GPd1uiuJvOh5aVwgA/RZZsHnu13LiWAOtbPrkvM/HzHop8bGFJ46uv0mu -Yd6tgPxYlSR0ymMBFFarZXiA9+uoR5tAznpMFv5FOzcaquNkWFgZCW+2iIjWPsqi -t+AlQVlzZDjr3/+rETrANGVPdOKrGtBd0F2rXlo3x/JjbB1TYNF1xeUDgJGkkcxm -djvy7Hp49npauDcWTofMaquQGapHX0COPUNbKAzwAfTqGiwG87CuCGmer5dWeaAK -9qtwdCyPCyA5wncVBjVatYQqAWDMERYuGm4X5K51s/QMCA0xCgTGeHiRDJa/EXOv -6IobgRIcD0FXTtp4FB7Qc68yUN9PHh1OKtAHyvvURkYb5EwY/nibL7+P8pDXjiYe -EMzAtw1SOCnOCfFwXuCASXnsLh7k5d+GpfL4b139gYgzy1RRCOkJkoTvCjN1XgLX -fUnTa/GKtxJatQOfBKZG/k5QT5tpP2FdaHR1S5G+B+SAa4F4LQsOAx6nwpRr4wez -A1+HjDrfDGZytuaEwXpMmJBFeEPylccVGtD2S7BqNYuM3Lev0pwjKvMgQEvMZ0qC -EbiT3CssZm8Qretil8jdB/mkcyTvqcP4jna0+QkZaCwq6QS1N/wXPpQq ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der deleted file mode 100644 index b9da065a6ecd6d259f505c69d60099c80c9ad07f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1298 zcmV+t1?~DUf&~sRKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?5AEL8;c-y`q> z0tf&w6b1+?hDe6@4Fd-R2*7;4>C$x}(*%M9$fu;eA2#EQ2)>_4`fDw$Ak|g1jJ8^1 z*+v;WMh4M1?z1u!fWMw_1+;?cZrcPB?{<=|!yxRA6(XUHA-*B`JLt|%PwJ%0cJ-{Z zza(Xll~p*Bzq$qs-Zo}N!OhqBy+UmIm(T?8JeG4n(ccv#YP)1R)(bA+ZqF#l{#vV+ zc z)uhc;`^W@`3FZKJ#nm!krUTTPYa(W*yH;h_e(#z&Tc3TRw_S#E7_H+A^TeaYfFfs% z%B?FB@{a(;8BcYg|42`p_uwUVAxxMnn`MK#N!9_1ZEv-o&DU3T?_d0PzU-SD^BmwK z!M`#-ntVgPlTz_3BTbQ^5s@fhbcV)_2kP?dtiQ3#m|t(L@`6-74?@6bm_B|JV!UTW zd>389_9FH*e>(!i;(jPvj+`=#^OFZ5v=b|dn@?x8E`3z8OXezJ5kWNJ~WnY7P*>aH#SycP+8tL^R>l)!!5rB+SPc$A3St!;IiB~Ie!92e=C8E!y6P7%Bu^~S7)0+IpZ&A zXnZu@6rRGHm>bV#(PLldDhNCfhAB06F`?4HSJ4^%DKzwC7qfVjeRE<}(N}V_Af(_S zfU7y&$dTd?u*gTF)80W=eGClo6^g!5GDnDlMlnX?%QGlGym3@2m!7}2-dt}4U5Y4F zaaIhJpw+@RI;-B2(G#*u;gsCP@$tELmYLYesemm0k~yr5q*XF~zj0V)pjk*@e=TFY zn*J*#4<6fHPol#?s-gKazqDYfBQ%Oib_Fl@rgYqWdg>4=0%OYK$OkucBAfXHO*Ywe zU(lqZIE<-f5MxQ8cBcr|7@B7mC!Z^{xe%%(@aoqR;Wi+M=ZxYh_@G8%%Zk76PSNo~ I_i`e`H>!tyv;Y7A diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key deleted file mode 100644 index 113ff43c94..0000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI/AHrzeKeap4CAggA -MBQGCCqGSIb3DQMHBAh7ILIFfzuMngSCBMgo7osY2jE3UGsryC0M1mpOLcr88oSp -OjyCBLdVgX6t7jz+EAWM18tcStBEVYpJfhKaMxyvn+qoif30K7BnTSHHL+J4q16Q -VuAnoTpCq/13SDidX2062BsjSYlsgAe/933hq9vUXstlq69FoRDbVgE9NFQib44G -TkJDsMJLfOXdJdLNcnzAEvZAEbvzhuuqeYPNm5PN9msIlo/kf+tX++rtZATArbhF -KYBunm/wEsNKrL4YrdqErj2SDGob8h0V4YFAIYjCHjn5z4kkOlfc8qwgCLZnn4hG -TaJhn4x8A/ahaYeWJKaDf1s5xe9iyp4VOwFBIXVTvDqR05ysc8uKFr+MkMSQuq/w -85ztpSBmOxT7I96O/bCYiQOfHsDdqx9cM2lUbYHk7wl0qF/r22TlO5tR7LEjfkDQ -qYbbe7Dcux5574PPHt8TcKmmXRA/Tm4DuqcHH4DIl7FS5T19Ger1O61YWnPNIEH1 -bvR32y2MjAe67tMzatWM9cUVOLvBrfUhLE409sK2xip4ef4Zfn4UvbxSqQ0c0lg/ -tfy4HR+UiO1lYfqG2e43GtDajXDVWjLlouWAN+oO74kZ2UYVK0bOisdklls3idjs -3Ot6NWyIR5XgyWxxpmYt8Ikqy7L2bUEYahW9+bgY2EAjcoJKdqaS/oWlWqe+wpYH -WpRn+K5Uq+EzXiRfO2HhsyDwEaHQEih6Tc/5ycNJ+CDXy3fOX+cjOZ3C8D/BAJGd -xw00XdBJbnlGEfWFI06r/Dt9tuDOpmOUxdQAk9ZZYNEb2l4jHjSh5pW/V/okOxpT -byy0QQMESnHInMiDpmTAMyhGPqZHy9XXz9BLPr9+WYgJFSbEKIPJYss3vd9V0P2j -DdnCS1eiLYR9jGmOOSrx7GDYqL1TW4KgpN7Nlk7H51R4YHVL34GGToboKdQL4/wb -870Uw8OnEqG/rOiNX8kyJmH9PgyMjrSZNXpb6hjfIyL86BbburI1svne5fku69Dq -DT04cLekL3RwtsyQgWk98C/3amIak1EZGXmAhkPUwGDQ8lxARfdnuJGNYUbF0asz -kvGJ0mXQyGJV9CdSI01gKsv7/qAxTl9ndHBCaP+aPuMRNlAPJuF9LHsLpcbaq/hI -OCPclBU1nEW7RtC6+tSKxmzOKEp0mtM0PPdLJ96QVijv18Dkit77e+rco8VrUUnf -LPdvv26SZViHg3sOyfECS/Oxl6mnkIJvXI1pQVdkWXQu8VtX2aNxTv9+0TtXz4W4 -acAn6kB2BshqLA3m2qZFKFFD4oriO/GcgWEm9K7sogVZ30fDSbxeXI+WEDLXiAuK -fgqgada+nq6S7/6sim37BwIvrnbSLA4s3qwgesPQ3zocH5DTR3r4eCqWFjAXVIOt -r6y7OoZzYAD7hHaFk4Xj/1xYbtFwciQBmXEtRfxRrhlsv/ESDVcN9ynKkUCP4tSN -mk8R4c7Bm8cgysAdFRwYczP2al+jxaV8K6vBV/9xOzVujzhJf9lxcx441mKhENSU -RT2YYgaD4xb1i963nAZ4aK6PEpJAxQPvc0OP/YjBhxF4g2eGEQ4wQ8vBffB/iECl -8E+fAXwGCk7I6XHGqeI3MnI2bCSC/TQIPv2EmHLOFEeHsw0hKp6BmnsouUklijVm -0LI= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der deleted file mode 100644 index 565b4a7b1bc6cd52cb48579e8d406913b68f73d6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2450 zcmV;D32pW;f(ec=Kn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?5AYbH=N3w=of z0tf&w6b1+?hDe6@4Fd-R2w6u{p)TvVas+}2NW+vVp@($%SJa{?JF=js`Y<|2^KOTo zH-@z#uQaAAQJz^=;5KK>8P6;5pGQ`n^kd?XTO(ui z$FH+8)o+cvNTIeZ3Oty&eNu*18s2FF6iXpe;TVT2Txd_J41Xf<9_&-1yQ>FM+kG(v zowzm%4{prxA13nhowMN1+nbhQB!9z zvf^t73QLpXM%3$+UUBxIHU-e!Wg36X;Cz8ug8Lp^=qN9n=V>qf6D5OG>Zdj)*)sA@ z>G$0L{;XO4)(5f7p|QI3l@eXY)p)^@1KE%`)h|%HBnm!6C5DppBBZC$_!Q#VM$MW7G0TU|3hYA=xes@t(hU2&umc0|$Zj8EzExW#263{B#4y z7f$!g0F|K()Mo&vyi@&7V5tuF^>JTLe^l1bERryhJ*=y64NxpICF=`r8fCrh(h|K6 zLKRQ=z%ri)xIW=kc}0{|3Jyh<+_gVK95P}gGFhXd`|W_Y8*)uhwftUlAR{D-1-d?) z4luVb$E~|3=kRuH^0`emC979)Bm{ubji6~mcE($&kz9`(X)tOWFYgm`1?L*_kOh*o zYd?``})!Q>?MT zF|>b~>4=ql6E4_y6@32)s~HfN$Y82a3jUR>33#?wcO1V8LL7zx4J$_!T?3!^jN^I* z;RVgiAo?YEjZ*8c7`48^@rd@GbPh35?2o#yLLlbP{M1CO#giuDiBbKhIsCGuh98DG z|Hz_UvjqM%_pNW2tnr0JYgeR)OGSbe6QdNJ5#;y?3&BfxeqRw%mc~;712L?CusWd} zENfftT&>br4~i;;8sLUg%4#7|5Ee-y5f_kCW2%Uv+KC@xM5VSNoTc@U7&V>8q$G0o zJw!2A_x**8qiZ?>QVdM(?`-TF8y}MCKmWEUt|j|$ zRjltax~$0U7|pYcG9&!vgsuV;HcpoWPgKW4oQUe4WH}J~dXJL}U#}vI9E*Z9Gw7Nw zoiA%;>tYJ;i_}z>;$0G7 zCh*Nc+eE zw6-aLdO&`9dzS&U2_uEEl6I4g2oU!g;o9qzja13- zY0_}ok3a_@Gkcp(0a%5l;Gp+1)(9cA3#41!X)j|5&^)oHk6=59$e~o2@s*hFh@ghP zYo0ue{Ro?zDrSb$x%;jwF*mcKyH-ksb>!>Ah^N^x;EA%KHDbs6OQwdKGUC{ZoHubG zf@LRRP_1{b`5`S0M*TPD$fG8}W-{0HfA{ck5P5d@gMV61zY$Px_z1GpRbRQK>k`~t zwaAWuFit;@L$@C3E-!-nKRiy$5`3f2z7kJ;^#5($a2b;tkdzPJyu6~Pu!IommFS!o zZ>mc7pSxZx|Gc5p)u`rDDQG`*&EhFgAtyX{f; z_Xu@+0dHNWvN@9OO20TsE0)T0^&It-D$^ST6=Efg)$1w!(^vbVBI`6F=W9nqKZl6({=uDPMQnXUvx=8En4u@@{9NFy5bA>Yg9{8_em! zYMGIR=|>&R%eB}vlg$WdFokCd^O`7r@7Aja^C6o9?4R424BG|@r4YRVW=7wzTDjr{ zN*b#Dj(;e}V>Is1tW3Eq#G)-!29>HU;=U@;I^~?LT%Qe*$Gthjt^@xNk|oWiCcUp! zxwsSPm7=w@i5|tY{5pnL`RMKQrl()}#U<3URF=Wy1|Y6i*y(Qe9i-#LvU;wSdn0lK zUU>gl?$QXkT8bSb{_RPeoc@#XO!s@N6R)hjZIvp1!utXnsWbL1Z z(x?L*NBDlR`%uRsPc|Qq*{4En|IExlp97utzlJl<6u8A5nhPZH>mFmGfJ7C6Vn1al zUsd@L&9P37o5qYawqPJpb#&ohV3A|Z`sA;zjmmRMK``)OBzR^j8xI=%_PQQavE;qo z?HZM{b~WKU(;m$bM!V%oqq$XFClWqj^b1FAK?=ICdK$y_tkYd>iB(13^h1T`KwpRr z>|nuTIc_SaLEN1b^$gsIa`I06wywAu2x^lqETZ(4Zg)h)z$Q>V??FCAC`tfIJBtvu zZU0!#tMXlC;kR^lU|sTKmdk!H4c4uFD{BY_nK})cY zkdM}Od|4_z1<{rZIY*FVDqFGs_tnpPOJ{7ZE!vU32qF>;lsqRRN2d&Y7g;C+o1@Nj z#2IrU7H1Ca5pof6cR_mXg(y6m)ZUP7mbF0+-`@+!QpygWZpFV-b0R3+5;^kW4^{oK z^_cQsMH6B*h~TFB&oHK7<@Z_xa!F?*=B zTK8GIh8uk5$J9uovk3Nyql_9gTN6%q+_R>Xamp3UXqd@EDg&K&rUsAUQ2@3V+;Rp9 QT0T8h_DJ-B`e!$w4lU!VuK)l5 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key deleted file mode 100644 index 44e7683f15..0000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQDyAdjE5pE4CAggA -MBQGCCqGSIb3DQMHBAibdWQrC4JIOgSCCUiPoKxTPRfRt9TEaoe1x7+t5hfcqrKp -TZ7NRUDVSBVDqS1Y5Yvg3Ms8VuSf9AoAFxg16zuV+G55Y6Y4aIIU6Wnui6lBk0OG -CEaH5hgRtxZ47Rb8U+0x+34VsC1Ayz5uRp4d00ejlmzKXRKXKzVLMjxzfjFUAQHs -YpnRVD6bJWLQJjML+Yp56lQx6z0LSprdUfmMtxNFs69urmvm1B7dOk4hUMwhUHIK -DQTZDqig1DD7cvCpMxPxB75NJQP/mD05PM/NILiVu9kGQOXwtPvqzklyta0AydOJ -12xFydDKHUuBVDVoV31yEknXqLxClKSEMpPAnDEWtSMMgNQqV5fUP2sOtKldbKFn -LHHYZ2iuOplWS0qBMRKYwOv9MH79yAkMyRlgHt22B/O8m/IO1HPPY7DTvqZ6KkfQ -wT0odkZlZP+AiJoxdCeM92Wl+dsynm1Z7JbVVA9xLC+poGYh5u+oyeAuMCO7nNde -l5ztg/klkikBL/mM0NvF9jRtl+EMJkSAW9cm4A5b83WKkMSuPbKNvI4L79cQKpL7 -sF413/d0Q5lYIkzYZS/gPq8C2AzY6YFMw5yqZtoMdodZz85dbQEu1hWzKTUa2YxV -a3ULf058wKuRbBVCBnCl6SFmtewhQV+SlhBHj+ZXmwwelMe2gIbEJmDrkK9hD2Yq -/R8jqYgmo0Rv89MzFb2AYjaCIFito6/C/he8ysnkP92z4mNQwp6hwH2kkM4mJhP8 -IB2h/oHaKs3D5AjFsdkhLKQUmh3CMVL7FZBzKu8JJEE9qv9xX8OOO/FDDHVLktj0 -ueQW1bV5s+cFBkZC8p7/fisLOe7kwSPZ68xK9uqLSeZNh9aikTscGBMC2Wo02EEp -ALvTrqGVeRW1yM26ShZgNacgoV8McdUGjSt+l0N+a4cZP/uV1J74+khdCFy4l91q -fywuN/toCEX0babPygJ8SUAspRT6v9Mdumt2Vq2XrK5/pwuWlU7sHTuZm57c+ND7 -u9W5YmHceKBNocX++t2advaaND7WP3jk02ozkhf7OvtE8oIsX+RKTkIrKfxXSbao -iYgV2KGHUh1+tsnLnGmaXqv6mBP7phOr5T6aUh2hQOX7nyWekhl1jpG7H3pwhQ/S -CH83ozDqunHYw8sTLm4hj2WyMaqhdDCmaiJUXqLdR9uj1javVHICxOKtbuW0SyId -3tlki39OcrmIwGpCyD2w2gck0EZag+cXMfOTB5z18aDE8z6zl5kYe3QtHOG3jRJt -kFqt0ck4aAv8NNRvdi4LSu1khyubsN/1UeaGENEYqLPDbwv+ZgtfK86TQbjqIHlA -PjysGhXQC4sBSLztCw0r00tORxnsBpe/XEAZYYxwkUHSr54gRxP1gVx2QdVklZaj -DOQ8UGWdUbFdkM+NxVu1G22dMLzJ/SR4iYm9iC2SUwwgrwgnCcr20vTMRk9iygWQ -rhWYkSLuePRyaemyKeNcb0+si/COQQhFlaMpQJZX3IEqIrv4DQdODQHh3Cqa5qpo -maU/rUmdYEdzCQAnDdNQpVbDvrTEAgHCOHBsAtkye6G82DyTc1VVf6RkyO0YhwoE -gZZ+MJ2TV2e2V0M1WtMEH8VvbVMpQI7PahH4Qs5bg2OE8qqab+2EmwztyeqGXNT3 -rByfq3iyVtcS0YDVrtZ1ZxmG+ioKgaF4G1J/ECI4k7KG1zv+009mVJ9W5eJBl7yS -3tq35F9ldSxjLxVQ2ObrX3WYExp9Qr2rWvb1nCwhTQUsmA0Bhjlv9uBdhoC6NOr+ -rKXEnFHAUwFyNbCoVRZyiYhBck2GW7YSxlWtwuR0jqI+bSSLZymbkj84Kq16GRV3 -gs3cgM9coYLN8WNQiOamPOiCl92ctgm3kGVLNQdKMxNOE2I6C7fWt65hlrp6IxmJ -xflnLSzO9igtxTCvcycs6BADbZ3WKd0HsuqXCCy2V0rb4hinpRnWBcUJyMfcVb/4 -0JSJS3/mP+6Yn/rU6VTW4MC1p3xAaSMFYcO5JOkDvk5YOsiPtnw5KZqgtRPOxJAm -R9SAPyWxjPaH0YdNPuafzqiZ/cf0W9lgU9F+eSFivds6puorTHRFb4YgOjZVRfOa -t7ApQCDmonR5VJsV9H6v1oGiy7VVjAbmLWAujXuJOj6iwBj5MDLkfq2yoqpxJBkD -SvesC2PP4B/otRDJDM3Pytkrxqbf7luF9b2r7/G5zgwAj/ppMkSZTggzq54P2NE+ -1cNPUQAeBMXsFwmS5ZeRQ/6AoTcaVIvTC0gL9IRBdl+ZaDtXBPAIF2HQwsSqJLdb -ZkIJzR6P5CdeGwpQL9zbW293ZBvn7twPrgS7hMDqcpsEHxewbMRgmVHLKWo16Iq0 -LCKd1fKtQBrCbVMv6QQBKU2YaJ6HgUTHDmTsGbvqPf5xff4FStBNm/n8zAmvb5LW -o21onYzR0tDBv8uH1sWi3exocJVw380s3m7Pwmjn32JJ9XLOWyE4LixJ4XBrdhZm -dXgTxux33GCMLk6Vc0s5X6MlixGe5HT2v/euqK0shBvz/xLSNAvpFL21L0auwJpW -L6GsahzwUToDFHBe53Z+EW5q7KJZGB5PiuI1puic3SzArsff18w11oy63izKU4LY -6heyJcUhxJrcgD892akFPgjKTJwM3XfouMiwnMhrNn8MVhhqwAOVGn8Z6cFM1AKa -+OM1vUU61bse52eB5SubjxSgJn4dVMK7LBSyeiouHzRhYpXfZF0Ksn6sDgSJO+C0 -YS8yOfEMP9lwoFeWAzJhunYYC0p+sGR95lpcOPXDHEnBXSZ+fyi4FuLce+d6KBf0 -mxHoUPiRyJNycy4/k3jgIEmCZJas/gYzKL7wHp0ptukUnWxwHB4hD9C6SFJCsuB7 -JLkUFlGTXEaIm0rKhdXU0bD5+ocXfpGRBut7yIM4hQslhGNNI0HVEFTsqrYSzCQ3 -Oi12n3l27fFU6J6fBp9JvElPdMiHCm/iIxJpCSyASlbbdTEhcDefEgkdz4UXhwMt -Zv4mj2Srhtdh4jgKzYRdp6BNkQihOfNkv+yncoRvtWrHVGIZZy2F4i2Lps75KMHV -/kha/O39+6lvNEAQCA9sur65oSNlES2abaLvdhfTQ6Kk1AhB+IaiBup5IvHPkpne -f2e7BNEE2AzFeVMpsEMGZ/Xuad3XS77uQEljKmYJ8oMb/z47Q2JeusdsO+WKVvzT -By8= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der deleted file mode 100644 index 02a26fe43c36a6061765a55880d342891034cb42..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?6?Q0o=^KEA60 z0tf&w5e5Y-4g&%Q1PBdGg#Fw^-uMK90)Tb4Vh~8GCHjTt+qq7J!?5`nf9$eqIM1O~ zc%T6yVs)k$V`e z2)M9nTE7H#R5+5buItaML)i8EmG(IdP^C>J&XWt&D9DivNOlB5QnlUAmLj<0GKj49 zt(P)ozrCn>I9{+&!YK@~K0R&}fAA^s4<6BRkC5vmm>&E*A)DO#u$96`6JM#JqJMjb zV`V??kfdhB%9F0)j*KzLSQgF%n%5?c6PPg)Zto1H8H$r{6`NlXnQh)4!Ok^>JF^f* z=4=;5P?3*s2vpuene=V%`a#iB3SoWzHFzl%7RndFRr)W-T=P6gE-jZDT}kQwO|=`? zTS9d5;RDzfR7f$Nsz7--RSfAbCSOQ35;IBa;l=C5`EF;LRb5U5UEJK~DBBzQ)~IlW zxAKj5KP>pZd^8c*Oe}07n=H zPxdr?h23S$JjYgx+!-Ve_M}t~w$PG-DaW&f0Ho0fv>J^|t8hX!rB81j%2$Up>1SJcMEST~V@Bb(Lcm*#f!z3*th^QmPcXhvhkr|Va( zIzTy^A+w?aV1>(mhR);>o#qH@4u^-_H|!b1T$D#2{TB`Ugb<7QQhW4AOzSoqy)!Cm zP|3yn+K82(7Z-Yvb}KAEB3Zoj5vP8woDlBOgFDVsNHLqqs+N@~OgD{$i_))ImOo-L t=BPTU$-DCG9nRrtdTMQ{Dla8~@{nDahgN5?i|K30@5Yn{3zpfQF}0@?Q9b|w diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key deleted file mode 100644 index 9ea8a463fd..0000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIw+0X32U89PgCAggA -MBEGBSsOAwIHBAg0VpB6xQJjVQSCAoCi3hEr5Di1Db4Xfvdavg8wCqQ7rHCBCdsb -YeUo+WLcUKFPyuJO4Zh2Fu1vqnDRnaTNG5c9SVkJpXACqL3gvoY12gg5UHQNyfO1 -iQWvzvSpg/vOlWsxraP5SiK7C18RKGbj77BTCtlVvraL1RUaWe/ssrATR/4nFpLr -qmzXLz7GCydDRT0QUQs1TIy+tYIuI2rxgg7QQdHT2c40djaUCN5RaEe7i10ZitIp -Aj4LXGBkCJ8PBoPrG+Cw62+piuCzg33VIHq5AngZ/CLFNV6+70ZXlrWmJb3eukAj -RiQiWeRTAFgxtaMjsXC40VREeZplB/avnNUNWdeBe3GJBtwqBWh4plKXr2m+IloT -uastY+ndPgvDBCjq4reticn4SkIbjaCGhugtO8CmAUunzmU18z8AEB9AY+yGITnb -8lAickxhPo/4w7IIX9NCfZpwiJ2AfJnKFNk9JMQ5PpjTo8IM/lOW7WrO9sf/9JzU -Kfn19Gv/TtaYxiFtYwVJLM8UWl9EbVwobSOeVsIqCYOVfRA68qdms9/uztDNeiy2 -Kb11+l2Nb7BhUNnzYSkrPGftjQEy2dvABDk2IV4G/GvFsTviir55KSI/2qitradV -CZPiKKOLw7sy48VCLpiARnqC7e9TZI/HSQnMp9nGKD5O5jM0qb4nTto4Tj3dHNYA -TPeeuDxEThZ1pb4SwhrTvULrNogp9V5R5d9qFf/4hhkfMBBaJn1rlc82KMWq8THi -LdnVv9U2txkpmybtKySBrbEVhNfH6V7Xgu53kopg/Um9FwL+rarKC0bli83QmKyn -M5K981CM1/PlCj7Js4/pNMXbT221GXZaeX5qX5aEhOtcF4YI6xMx ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der deleted file mode 100644 index e60bbf22ffad3f80fba576e2762d93ce905e1f79..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1295 zcmV+q1@QVXf&~jOJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?5Pnp(j@hU>}# z0tf&w5e5Y-4g&%Q1PDkL>ooIUMbrd>1jrrHp!a#2>vW~Sf89C>-I~HdX=_O=KQs@A zgTISj#Osz9Z#pM?pEJtTq_kfcz6t0TGqE5y85w@O_c!<(K)K41ZM~B#^ zen@kgoe;tpL2r@dYxz%T;CicHamy@oM%9UQ`e|GUPj3me^01P5?kYU(Gz{%X6?)zw z+Ok=}3T9YA0c!0kOY11PKuC^gmYxFv_fA1s58MhgJlX1&%bTfe5O1pFKE%P?UZ_df ziX4`?CmUN#%P0qmfVq1)q^Dj93v7|vwY1jkBwSL3N^RD>iEEs1-XH?F*Wc! zbQ+za?Dqz-W@@^YsP&h7O`=9Auu6e@eoURC2i?}WGzI_Xe!sykFUK(Bbf*;XrGRgQ zRp57W*B*z?haCehJB+ZN(CHPS5)-p}&SXyqd7VENm+5xs<+Ny#hAwmfuqP zIan4kl^N1jt@lc7*xw!rZ|;n1#)GEW zgEg!OpYQDl)|ZqT#qROzv5`Vf1t8k{rtrcJE{pDJpml=H$FtXs0>PKSeD%n2=T~D4 zFiRVdH|*aF>GnG-N}e%W-MxPlr~?5(>Us4%2U(z0!|-=8A>a@e9)MRQSJ-cpigJ|4 zZN#5-+ezU4u~4?0{=exI2i3rkT)T{_9w2NPov_N;wvZ103P}%c9{Rv{1214ha6dbq{PSIWVO82VXang~RV+_HR2_zV9$XPcB$S0N`g zLPZx0!|(7(B7r+4_;Cb5*GZ|A$s--wOt%#>(0wv82pfPlwzE39XHCdw^SF*1?#xAF zv(v>I-~%>1b!QHNDa#Jett_@jnI9wW_z;h?KuqA;)HXQY)%?j)J`_zwToAc(9 zmjq%7s7k^KK5uikHQIo-f=U--K$_WYQ>rLi4O+7;<5GE(|=g&2t(@*jM z)_&}Y^Owe4UE6t)C}P~7y;fCxDZ4rp|HefLV(wQ;#e1Thc;ZLvITu$;z1{*+Szysr zGZpBT_O~^a+|f;~7vY7@Jx1?5AzNM-U17!MqBB=IhG}SYvmAscdsD_5q`;`=$yC1l z8Tm2H5i_7Gp;yB%h#)MEU>z*H^rxL>&JQbR=A-!F!AER)JuKp3t`#tHVts&>!r9g8 zlsmeWOWsP*JzXLUXdfuQ@_&R}zp5^@9lTQHTw=mvebmF0JgJG%6GH~*A5I+aqgtg* Fkyewf(eT-Jq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?7HihyikLzJHa z0tf&w5e5Y-4g&%Q1PB$5a?SXC*;E9A2}t%&n^5buY^#I}@9)m0dZi#J-tGdC3o7z^ z^?a)QgDms9(xzRWc~26%Da_$G@I%&Qo5x2^@Kf^>s-Nf;C8HgwjRr|{B2FqYv|dxs zz|3*WY%GFdKho~4G3U4U7^O9SAiK-j!za`jq!v=B*`p8 zWLM-RClpPX7E1v<{XNILae0-EuhYrqA=>hDgegtUG%yYb3W1`2M=Mleba@y0dqAvv z=&R6Xb=D7+gKHrLqSDC9RSed3F>Cl7 zEd*{ctQiHj>o!_LwOeK4)&Rv7x78Xzh(7zW<)Ik+{tgVs0`fWpnE* z%P9m(u#6-doc}2E510=3l}pC^wA3gD2N^&Wg9(_!H={yWw@%rgrNnM$OS4d=LOWUA zPI|@SG|I8NaY6dEhmXuzMK7G>wE*4}ph@0!VfCplj|SN`NOEG(yKhgrXnRB4c9wFx ze{S|Azbs=0$#RIi;sPZ{3JIK3O9Yu2nGUnBnKu7mvW5~1IC8LuyWD5Q()3;z`XKZ{ zB%$%G@UElGk-S=__cc^FWtumd{7k+n$cA!B06Nml^8iy5YfaLyI?Wrr;Pl_(f~R*+ z-oji=cKy*c57~M+`0)4kj|xz-URwc zlTS=Xf)%>wVMTk+4-$?`*(>}{ZDY>64I}Rb-=0=lu6{4ht|lMH5}!lz& zN1PQ=hTASg#SnlE#onOEW-;;3LW1pT7Ur2-*Rs);kst$W$ph!wjAwv8NIW%5bY-~3 z@30yobFKhbD;=u(msv-FGKFp>jQ9ow9fr{Y;r<5ixvpN?pDm2+idR<^y)IYA8OFF%g%Df(O39COwOYEnIha6E)WztmMWdI~pXsh{C(83_ptVCm z!990P-VnUcbnTXGszC~dagyf`Vy8*0DxSll2ozTLeKH;fLk>rN%r`V?nHbD;wxBDC zhdt%;)s0)a+CaNjTpyn%1jnXe_Y??}YwX*1yjN#BF24SG)#_9dO#4htl*;dxDGUV~ zFbIXCoB0_9Bf*qsXd3^{?G5cPSlapfP=+&-t^ijf@`E6KX9+F@v-8jaJz{ZJT4pyb!o~#%Aa@M`ebB4ssJ!ftY-m?jA>z%ZL@%=rBZN zgtF9#KZ3HsaZD-j)gRPBdeZSgN-jN#2vGBIR0L-|iB z4VHDoHhxKM(-8*Xp5w?h7zqq}>0$snjP`mv!6orsI>)m>=Smey%`+)<@wH%$i@q_; zxbhM&#VKK%ENF>Eeflh(2rU@O3*SkI7TVstbyWmJf&z;1$%%V!^wj_t^nFwf3kk|_ zcqNtAd@{_hgDa}|tE$Ik5^@VhXWhPUfc4gV?g zT0w&)@YO!0c>bQck9FM~fHt8w=q|7r+n>fU*%es#xIj~Cx*UY|_ZcN=cf*X9KT5Am zRWGPqlz-2vNSV6t98EI;J-z_!Dr}>Hlb`xXLbLf-&oFdUF*4?_W)0g6_~WDVy97p( zmxbex^ZV)PDDrg3~5B-uTl#_im7_)fAHmY}coLi9pqVtBNopUjc{+j+$rIGC%Q zT~J3809I9#Tv%o>TcIYAgh+1`;YHcv%_IU}7i*T^gbunTl}>@#9$HVD7Z+iB-RY12<&rUNEZ7+IRbmSMwP zRk?oAu8LE&{?tW6mw+bhhxS3ihIau_mg9$m&et~9wma22l6;fJNQgh?X$yX`8D_#n zL;SDO(0~ZC(6)R5jnSX`2SN;c9o|Y*zAVz~CyesBZylFbck&HT&UEy>0vp5OA;-5} zgUDL!?faK*U9w;d7Jxm}C`S)uJI{Lbeg%#~7qu>WJ~7lRnR8`HgedlYd-n4b>`NOe zQs24wiPlXd3E+c^Md^rRA3v9PHD?B}{iHb0%aJTF-@DV0WY*?*(`V6}k#iMVnWxkF z(-_h7MQqOdVYFO~oGVTykk?b#c&gw79f!}^U#@C}j#Zc&v+lYpzTE7q9YcjYEW>in zV7j9{C?As%tb5tpY|!QeRdxCP5cM9i;ywJ#cB$mY;v6OFT1lU% zmEP|b#Rb=QV0!AX&nTwMEHlax>coPei!YsAMt;#DJ4COvmG)5R<$X~Ru!F%L_sQ_^BU@gWkj}=E^pCAAL diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key deleted file mode 100644 index 37a17d95e5..0000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJizA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIn0fSErzBMncCAggA -MBEGBSsOAwIHBAjURz9xO7NuugSCCUhHm1keaRDkjToYahCjveDzt0G2e8p/0mvw -SXO/F9Pb3qcAKNozzpVSHua/ViCrzWjs5fjwIY/vlxfPfI4JukcQG0vfR89ScXMu -j/xQCTAyOW3xO8hUIybNO3Xtvr9VEsXlp6waWWk9VFjDr8Cr+ZoKx/LiDKqEORV8 -e+eDo1wVOmww14kJxnCQ9pxBc7y4QKRx2tuJIQ8EPzyn5ZKAcvVLZzirnkAjyWJi -hb0V16tR+6CYM9E+akaTWsjUBQuxqA89JT1Yh0IaA2pPDt2OA+1DFa6/p9GfGnAx -DAyQBkyt/vjusykKibJzSOVybre1tpIDdjR7ld4w0v0BZRFvNDuHSL22pFfSdqGD -IPnwJ/QcyhG4S+CcvMls8qGpSGuel4lGH3PNWHg7eife2KKb9NRAXan/c6SJlhEr -kJF0vi+cWRaOPWWCEms6st+X2LeYwn8R3G4h9mWHryRAUe898LmPcGNg5e0j/xJk -UG+GtnZFfJHOEtDHMmBKIOWvEieEaJOakjkIVS4wWDddDBPbpkNmVF7Ea/Sz6azb -lRSuObR2YSevWwvfpE0c5J/4QAPxlhmx8uQY/p/+USBo+7GY9H3htsKrZDseqZe3 -dpi0jVGsaKjqZDFMg/GZmSk+wVnF2U2skKy/VM9hgIsNmw1GLqJ9uEbaFaWmxqiB -ylYPJKkKnyWBv5AW73AOZXElJZCXTsRaO1j8OMrxG82z5rXmNIJp/FxAO3qjg0Ev -o0Tz4nqVAm7lVpdrM9lwT7D0+zNKo8YCPZkBPo4PUWmkgVdKEsCKUUXT+jl5Y4PQ -fsXgyLw8lwzwaM2NuphHErJs0cbRH6Kd0cr2TNzMMDbX2lhN9G1FoMh2Uk7KcOXw -/oGoP2oAXd97UxUVTx6J8WGB8+dDKHZDf8jki9LLsNjVaF/iom62J6L/wcxc7GZY -QJLoQJVgTfA01o/FSxuTjuTORA88NrfZdNoA8zZhEHY7TvVDMIZrz4klVPt1BS+g -5IvwDriG/ePO46XtkA6ZGjKNRXVBubPuJMa73ARdcWPcUaOPaOvvR3EuTHl7oCyi -79XAscPuCR9RvBc/JKZF0IB/b0ut4STCmzU1KGAufCR9QasazIzaTN/+MjnNREZo -3DsOsXtBvSs2zOOPdj4AEW+8bRuikQ7UApaajLm2K8LmeySZoAkeSka++XrUbg1m -55yHWcREW0j/Z3YCDnNGHCHPYhiSXQpWW+eLlwQ79VHKSMvunwyu67j/eCadfQ6p -QbNaQG5N3Q3IFG26AaAGlyM+7AuDS958wIyyLl7n4a6Nf3wJILHleZ2MlkxyFv38 -wHJgXmfoVpwhjnJegvzNJpYTauZ6nhsdo8CmuC8t4CwNFYfDORQj34IzUNHhqaEt -PzAdKSD6+E2nSNA4ri9MJ7HfXJ0AqJKNPCAByBhcZYsiuAwMAQWdCxgQ0Vkov6qo -28ZOemMk87mNa1m85mtCwrR69uBdoy/CR87bbjOmt9l2QatqILZ5dAT7WnM5CRDy -9gt4Rzr46EDVdkZiMCM1KgbaMKqfFQeaIk9bXBwjs2YTbfzHps8tACAEHruaddbf -XwAIJBEWMPyCbOsstvOrEFGm5lkQUoKqi1rRPHm7wlhvx8Aj+Y2VEmUGXdeve7J7 -NzrFgvC0yOnYOtYIgTpXjMfM98ZG2kic7jqdES2BdclNfiinxJkh0ZgpFhfTMe34 -GV60u/HfMxfssayyrTTjWrQ8zOvN8zjNjJ/cTllHZDOV9NAdQrNGTTfUh8LuPq8w -AR6xjbIcy0GM5EEoMIFCjXfJLw8N2xzhxjQb34lbPmxyaJaBudfB4SIXTtZYHSKt -b+NJ8NMQgxWbmimijZmpaorS46K6eiBXubgNG9q/IE1OdDWoNM1Yt7XH4G4VKPXH -z+zdE86uWxY6vO+jloLC5PnfzgACHmsKpUvAFWOW45I5etpOZY3KAG/aRg94eW4+ -vOFp4Z0bF6IPQ9hmFR1AN6XsZ2rIAQCiDiTkMsWXy7NHqrg8QANzE0njGUd0w+k7 -KOaK2rXjGq8WADGumwwy0Y9IUDYLQKBDLOatOQM77tHBtJkc+wewNCH+SqPQAeUs -pbcYo6aAIaQVWd5a4AAt+rlZYNaAgLBzUqC5MiEI1SPUlyoypTpnsQUoWx2b4VTn -2H2zt2MZrh34K+Q7tKnJATDY+8azqiH+FAS8+O5SL0zWX5S0GO4CNVD1rf00f14y -HNKlItpshutoa/aG5bmkyUKOgcu5SmARcqbvU1+0B1LO4TM6g2JSeI1eiFl57pkA -RmqqC337UfW+huIsxiMHTVxV2WiFd7jxdy22kNJZwP1/HwWsHXYEwKh3UeNJIqZI -3kwyWyK4j1hp7XuvDald3qVnGoVwMwyOsBxpKlqNO/3RstZw3SaeCXh0qUGLxY72 -Fwb9zaGY+Luxx5OGhslcsa9Lc3oV0yCQGGbJIewwgvBduzK+xPlDqEWnaklpDiYN -u8Py3vAvOpOFURgupoP3NiRv4wcm8MK73a5X58EF5Dpo83oq3C3pELkh5EAGqNrP -rdDxzWHOIH45dB4s2g6/rDMJNKZ98CnkHIAKSWkXwfbNtI0dgPRflp6ZE5k8zNtP -uquYi91fQft1KQNkS2LqNrVixWOq7QJZRNKPB8VTiTl1sIhmn1kb6//lHvo69s0j -WZ+H3MjtVh9z2Q3aSuVQfQl4jL7gUKF8fwxicbDF1uf9rJiDtN7ThA4p/g7T0FEh -3TFCVS874wh7n+FL/JvuQ6Cko844NMAecPx9PMgFmG4VnrsFxgzDzZvXH9m9lmER -fFlzFIsTV3tMYT5YNe7Nc8j/VplG4HII75Ot4EDcEIdyN4GodbiwOhOUnPHE837P -yI49T8sQFDjp/UBPYYLgmREvBIxOxhB7GsPx07Wy7LpYxEmNSoeNCuP/36eTciCV -krz2zKazQzv2ysHe7VzwHkw1hZj9FmyRuMVTGkldnfrySNqDGoj38SKTdEZcte7w -R7bH9Nge/N4ZJ8oskfIxfQ0xHRKJAsBF5KPvRzAzDFYRN4jy7v83IiLoOMr5zbDs -/R/zm1XytGuzCl1tWA+YjmtpTwj30baltzMcJBiYKgoZ7A1YflOM6mgaVduc9KcV -/lU+th8QUgavU16sYUGj8ZJ/3OozJubMqyiVR8csQ4vnGe8YcC7e1CmLnSjKygA= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_3des.pem b/tests/data_files/rsa_pkcs1_1024_3des.pem new file mode 100644 index 0000000000..1bc87c9d13 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_3des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,4A004A85A2D2D627 + +Ls3vMslumxSeBR4o+oncq359q0k0rDTO5FIFxcw7psy6ggd9Vpr3AdIq9qvevmuB +2t1KtlcHoI+Wi+PkpukHCpCvM0Kju19PQuNSvn6eFtR9VOwgk6x+j9x9ZeZp0Qks +BgsGzGubqdN3ze7CEwYGM6CvVpoP3qNC9hR6IogZ9VPTjZ0vM92cm4foSDSABxGt +Q37bLE1OKOfcCTvqx7/r+4U5Z47okeXvOS/Hf7yzayF9ZHuS0hCr+jGWl7qBWNyE +Ze7ITQ19RA7YS2nlvCvq/8rfduQsJyZTV0gIultM3tZ9qNwr1i5yp7Iq4U6O8SGC +cR/95R0Z8PMN2DSXoMJBsSRbK32r2GXJoGjvg+4R0UoTbc1MhUTtsoclIz98lsHk +zVxgPMzk4mEmQGaKVp/wa1ji+9joTkcv3cALHxTtNcE/dElAHBYjjJ7r9V4uAv3t +jay7R8SIPPh7iyuY4NTtDA5m8yyBKt7v6K5hb2WhT4aucWXHYTize+TxSTpekhrG +J0EEz5zhWsrLhXHV1KcGDIHVXlMnu7LCGyVNFCWKRBXIbZaujed0xwWgjfXKbkYd +MKePX76g5OyKFGGcv5KUknlQJhoRElrSz6pywbpwkl0Xqc1dusy1sZ9b5Uh6zjNc +r5sBvj1k7iK27bzdEuL1I3DEcUdmXLNF3dehNo4v5WQL5iBePLoFSxyL8EJkMQOx +fpwoutPzE7l71To1zmE3pmFdZbEXTfjcfqkRy9b4t57gUuo1UEhYYxoB0D0i+BkH +T0ZmJl4Qp2euaaMqYYN2E9FJAyrmpwBMvtgs5oprXRR6geZweT+J9g== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_aes128.pem b/tests/data_files/rsa_pkcs1_1024_aes128.pem new file mode 100644 index 0000000000..f76290f7c1 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_aes128.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,BF176C0F284E2E5F3D50F9C82D9CF950 + +AS/03rvTNYSsPzqtLr13jwrSOVaTUYniMzj42/4psKVTmrI7Kaiujsa2bjI5Ae7S +HDAumVDdRCDO/AV5qL7iJ0iJ+PqOh6aL89PktcYjkgx6XK8FDOq1wl+dPLjmrsYn +oRyRcEllZigBZRbYpnuKZOQ25vnHxGeZ5A4dLm3zUXoMnNXs1h0rPDix/Yd2AbTh +p371Ac6LC8i3KlOIvjlzCFaOWQNwCkffutXDb+TN86xF9+DkJ0bxHhWhHvf9+fI7 +XJFgLAeCpIUMCdhdqwVqr4Y5X0NBA3spmftK4iILn32+RHfLBshRwompMD1mo4Jd +ueEY2P57z7fNxeCaHww7r+OUdZbySauuAmwWHEoA4NxDXAX7c/1/PoPKOI8Y1OPB +00bKQtzGE+FSJQjRzK/n9mIZQFS0A+H54EZ1Iu/ojTpEzmzzE0TR+75lZyfqaf9D +BhQcyjgkwnJpJ2S+u/ssJl0vpC4bKGqs/r3eWmLJQYvZuPKPqorCAUab/ta+dYfi +gxD1DjBCdosbUOolIsjJfsejSuhEQulpaI61DWeMMap5UvzfZLLrQ5kJuibi8XqM +oQioenXf8gPc/FOFiLAAzLKtNjmAgD4tNdA3exmkHwKj8ds+HHS/2FmF+oJ2LR3O +tmO+cov3ZReOVp7wzR6lctG1b2WoVRu3kzwzoOik+SFBnR1v5z3uEggJV6/cyfKm +U3KzhOkrghOjonAqw9+H+Q9hLO8d76cDAwyDB3KxLO9yzdpukB3f+wS+RgaTdrxc +oMSiXklsO9Ro9NIYzYKABjQ1tDLeY8SOOidoLJrrXltJNDKZSVLR3edyk1rZEFXf +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_aes192.pem b/tests/data_files/rsa_pkcs1_1024_aes192.pem new file mode 100644 index 0000000000..c819c02014 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_aes192.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,B83D6A5D09E192044299B9D06C41BDA7 + +DQvNvAQflmShH/6aRopfKpdKCerQBAf4RYC7+MZLYaUxXUuUzFuIuUyEmNbgsvny +ARfFtjCL07e+SGJ31hdR/BM8wWgv3v5P5+VyAnd64vUP0R2mFl92CZVxzcXw2TAf +PbxDrgmiFxv9WfUsa2aDkDhQjKYb4qlLv1WFc1UM68jLiL8W5UBWKKQFnCivcORD +GlsGTSxMq3YXW0QQQ5x47/4uWaXROLnIuRW7ZSeCi0wgG+RkBW1yUH6plhhSb/Aa +EnHqsAlCMZDLwrkgeSnmsMSTpbUcCKfiZmJB5sJeJX3RVwZ6l04MHMBtWh9b5fIZ +4ieSeDJfHqtUgJ9ie8JcLHuNsUxu5Crzjv6yuZ5su6P+YSMsNhHtOBUXAaSunRh1 +1brw1eG7E6qCnRYr7YyvtKhppDXLHf4sB8tdumTCHhBdxxUd49+SrmY8pznkNjAz +Zhfky0/GKe+fTTMzHNjtw9/qhj0NllUpA6SyptMM1vWe62OkcQYSYeH81btdR22H +Kubx1iYMx2hr6dsvM1+BWP8CmtD6wFEhIMBNKYcg/AWHA/NMpd7E2HTmviXBdEVA +4xMh9fTx0cJ9YnNBuVgNNPGSJJLa7JGWdfdCUpTY6S0YEvTQw+1letrVbW3xumW2 +Tk/G/dS0t41QJuaW1sv9DkJJcl1696PSI4ysDJx9Y8LtV1+DzvdlxSyJdg3mJHEL +qC6bCvj9IhjLsrTDWPuwXjIPl2ycG5FGtAn79pJhlDJzKJZKsbzmQJAvD5jj99l5 +ZiJ1UkmVdsFeQLxU9hsKD2Cvpl9/tdhUvLaZ0UPl43c5XaBSwcT9eztiLUXGivzc +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_aes256.pem b/tests/data_files/rsa_pkcs1_1024_aes256.pem new file mode 100644 index 0000000000..9450ec15c7 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_aes256.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,28A56EB102CAFF494BF4AFB55C4ED52A + +5yOXbxDDgomJtRFC9iBL819dU/vCOe0JlwdyQOQbagd1Efj7oErrMuVZJOl18d/o +2G6OtjqlynzoeqkTwE0yJEyRMLz6CIZp0wHGoDMyT4Oe86uGh3ki9ZqIWlgxt+mA +7e1RApFnZOCzmHCGZNCqdSNUV5G/cs7or6Gd9HvdKSCdxffPptE6FaaY8OX4737P +pr7svylp569Secz6MO1Rds7eOPEjAZBJyDSah2AMIiEMJxGrZ662iFo/3S1MuDOY +/xoDHtP/Vo3ep6D8Fp24PeJ4/iocu6hmhAIO4j+zLN6uow/Wu+D8kBKMhtrUtnHO +AoP6sjkNOsMg7fbTEqTrXHkOw92PbZSBbwsgB5z6kKeTCYVDBHUaDDlOTbCxw+t8 +PH6IOrQXUIPl7dt2ilfLjqgzpw4T+RCYp1xgM1ZIsoCspUpizmMTPwtn7fuIjUHb +copBjLOT4tUx7itVi2tTAMvtiW9mrHVI8xgpqSiTz2Hg4uMCFlxkglrwp1yIUClY +BtMGL7qA/l/gmhHRYDpkzf+ewuTeOImyyfEnAawVT3+G6p3tf/Cs9RVgUCnCrFHa +/BuYhGTtTV+R6F7+3yRk/XORp9R3K4BbgWHHma2dB0zYIFDXYtlrODUyQ362Tv1q +JNFis2PbtNB7DRKrB/KtteWtg32mSaTL446a0HCF0VpFB/nq0wEPCvghed5KYHSR +PzoegmnjkDikgid4O/RhcOC5+qEykNalddhQOY6CxJEwVTAviHbQAyW3eP1AnIa+ ++Ifc2o67i57bkLLlg0pqHITlz1+g7SWDj7Aix2Y68zWZVL3n+e/wzqbdYqMVxiGz +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_clear.pem b/tests/data_files/rsa_pkcs1_1024_clear.pem new file mode 100644 index 0000000000..2d1a176020 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_clear.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCvBX05buhPt1/btcKxPH/lplSqiqJHC1Qe4f6wsS0lx5cRUxJJ +4RKWKAQtu7bBINFENSTvTA5uHYlW7rIHevEjSd3u5USDvAbCxhlIzQKyAueWrr2U +06fL+FnCwYGcMky4K5zTTt4mOiq//kcz8HeGnoZg99aDTaU9aQ73mF9rwwIDAQAB +AoGBAIdL8P/C8qcdFGcd3QFxyVTX/b9QKB5PbZnqDh68+C+qWOe1lf+yk9Gr4X8R +CzfEjMDzbDfoTYdmIdMn9ku+CEV9PsQJi6L6CjGfukEcKEHte+gxlqjN+dql0AaU +vDNfxMMiF/4EiLzpy3IC5ZRoserRGQAEd9ssp5f6wZ7aP1jBAkEA4qt2CEG7nTCo +HSIt4etzgdgiFEB/G5dcu/5OGpRn/ZitvXj2B4Nspb4ZKLnRYNl/1FwS1rUuLJhx +oXTGa0iBEwJBAMWrJ2AhWa59byDDwu6FHkbcES5onijV/Lv5kKme+KkLi7RP02Rn +5/wXic62Y6vaM4ZSw8c/ERd0kC6EBWWScJECQQC2zb01T331eaY7SLNkPjU7hImH +d7SLFflOC/wFZ6auWRHVetZAnPdke/liZOm9h+uV4mO3EQuaH5+UrM7Q+vpNAkBx +GV7sN+jSV97PxnKweuY58Qy7mwxznQyAmWjWRKlOP9btkocHehRYPzeQWPdqiuzU +PGLcjA9BdmZQ1yUnWsShAkEAuzLRM+3C4EjUYziLe+nLS+KfS2JQvmA+cONkdQHJ +fd3iCk5xvpX9XnF4TiWspLryW+Vziq5Zu/4cmXeBRHorJA== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_des.pem b/tests/data_files/rsa_pkcs1_1024_des.pem new file mode 100644 index 0000000000..9eafbb6d60 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,B23EB871129DD92A + +F6S1xLJn+qc/BVv7/0RjykUUqvLR12OcChmOFo3hboC5omWrmPzhhy1IS9XuVZuy +1gFiqMQwwLcvp5jtMvWTw2kW9zKVcnRiuzlc/wV07bpYS4YV7chi7aGp2+5oUhvV +Ea9HgFQbx6ZYARk/bcFpejLsptiUBu2gNyy6FC+Bwov36H51y+f3tJIl51ImWnGQ +R1HMDtLuzHTb31CmWvXCYf14IT3gowxvpO8smaqoYOIw4XeSzprBKMgqXL69/qjk ++et4W4/zG0p5R4WlKBaReXJ2C57xvSTmbaqbCjIYroshlPo9csPAwFtRrWi4Aqv5 +j9OELmZzgK745QnL3IkqsjQuS+Luqg8s4OFifcwBLSVpo2pWhdJnKk40cai8QLpr +St8e3BHGZPdxacC04cTc8zN8Xr7r76lZ7h+ppksx0uoTV2U0+3caMqyyByuF5If+ +RUYXOJ0Y2jUMUYdid3k+C0bn5VbChFCxniv10LpJZ24Nt4RKEYy+2VhIQ+FuAbQ/ +dSMJdqBP4TTBu0DzCmqaGvgjjKLTFF635hzP+cFvaFWhVOY2v4tkV+4zkvBUKzss +Ef3ZwhDses56/KTI54GUJqWxNK+a1ekor3tr1IUMPzeaApzUSRXusT62QMBOW0q9 +8lSNcAywvWrlcZ127J2zZMrk0SKo1jNNzYKWt0e9XpqMWAq07SlUL0MJCt/KYw6J +1eXT+xE9H5FEZvQkBFCHYyAyq54P3yrWV9y01xi0y3ruBf50i7k/IrAtE9c1FZda +2h5qh0GNAEiGRr8bbh3A3wugidwAVoHQeuMnAsShf+5gj8Np7W9kEQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_3des.pem b/tests/data_files/rsa_pkcs1_2048_3des.pem new file mode 100644 index 0000000000..ac7ef3c4c0 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_3des.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,3F3828FEA9BF197C + +30fgMPEIKER2VH64TsY5lk8ICdP0prc+UiW/tjbQL+2APptirB5SDRAtuwTvbFRc +Da97zrRwrhhGxNVobJhhffQlyB6vhM6h5aq9dKwD3auOVFosOm0xdiAC/tv+DqAx +DIZIhYUB5IeleQ5rlDJWoReUeOcnB+d7VP+Zlc1l7zDMx/3FgOyOhlq7dufNUGnY +n0tZWKItiV7rOYWTjbDu79BpG52VyHf217v+DeDSugom4FIWQS+XwIKg7xvEnxn/ +vX9pgiaVfXlfZLfUMhKIP+azOIm5BdqB2rklCpa17/7aQ8gQid3qolOMObWfnBcr +MWY2BAq7qSkebPydELB+ULgGP2F7Xdx41RfsAq8RNyVITx0G/NDkYELx02M30f0G +8FGAP9ft1m5DMBbAYBUhZHlSFZ/9G/gWa/VskSmjniq83+RO24fXoTxYUx716z4S +NmDV6QEv5V8ZgLtspoC003H6FWTPXuDim8UuwJeGJ719kXChT2imMeAUpITuoC81 +edv2Yf4sqAqg0EqFlsW6Sd/1k7+GZKfW0LgCRvTaqYoZp0ey4wxFoa8jqvz67jKA +H4nywF2gyf17wk8CM01gXcGypyQcNHrqq7ai+Qr2pxyw8xNBIz5PgWmJ+3Etef0G +hy/tHfQqgqerk/ghiAnDJH4pc048BjFdXfoIr/gMGDM5aHBDJpZuEAmhgC8PMDmV +NjG5TxzRDlxTH1dKDI9SkMukURy9aYYVJgm0RA+Ehn6NnhZrdShv2G4MsLmEZSsm +aik4l71NlDZlAJNYGYik7bXI16Ou9cfU1JNT9+xZ8NcYIMFH7CPRPaTcuW+SgsaM +P7wVw5rUP9+rPwhcZCleRaR2vkD4MRK4r4+HqjIpPzlBagO8FHb5/wxhbRXUQrEW +r7F1bMa0ZlxIGRf+Tq2mLr0suuL2Rlvth6WeVVi+Il0VllO88e4cwA2EbPRW0G+2 ++yuOsb5PRf63BF3FFVhM4jGxYbC+uuGg0qC/RoI60A+098MlJZRoVV4qvvF5tOM6 +PHCqsxIijXHp4/Vvfu//E93AtVSnPxblXsUIYLx78NXMMl1j/i2PHJpTvxhGICwU +j4WUKXT/TQISYrfNiaqc521vq1MeCeYRi5JnILxvMz5UJIQ5ehUQJ6aDxN0OzZk7 +qGFhKD5K91X2ApoE6fq38fxYkh+MN3mjD7uBArQE37TxtDdX3+l7kcxHAiILQUcS +TIe4qYuyxHzuSlt07fkVWQg8ukDdHYBy/vL3HjDj+fuKATiSXbOLP3s5QgAiZQv5 +yzljGNvqtagxJMTjIeD8SUbg2kFwS6FR7q67S57jyyikSkeDKFXjOg56Zb8gEoBU +nrzTkLICntwdZqFpITklGfF3tZDIWWgbYZMqEOVk+u6WQWv+rBlXfgyW1UbmcgOP +yoiJRSvqtsVwY5cSyuiZcm4Py6VM33ad4/fd4E9W3HQL/axHfdUzN3YMGOsd/PfO +AdgGl81+uIgttDOjj+X+HF17gq3jZA409MZEyyBXEI1QXOJE8EKOVnzjHd+nO3OZ +GmXYWveeyMUrZba/VVoVB5S/wZntL64GHd+GqaXSuEgjmqYFTPgsehCUYoHHxxeA +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_aes128.pem b/tests/data_files/rsa_pkcs1_2048_aes128.pem new file mode 100644 index 0000000000..4b9578e6e1 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_aes128.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,4D279F635142BFE952A71E8EE6D14B0D + +6+qW0XUu06eXe0jjSsmRGySu1KXnEjg+682sUbxOk//2YitaMx8wMQqRQvT9Uusp +lW7tYOz47wiz2UrJXKo8Rxow3B38wW7vwjh/Xaw4m6DlcID8Ho3ubN1n9Or9goi9 +Kg3NYtrIWac5njywFzf17TIlxmbHg3wF98c0bKRInBGZxVcEtbcdRiM0ZSst4IAm +xi7vEwHHyo7d3cBJoItJ/1kELqHmwFoWZj2wlXCVEHUU5pFfK5WY7uq5P9FQFBmI +et0IeCCdysZyRmS8Y6BY5cWv2u9mccIvvazQev8H3W8hQ/LS418yYenqd8CAuvct +N0tTpVhV+jXxPwV1+F29kpkburnHrbDN+ZUIVaAdea/yNMC+bcoEypnpT6D1m2ig +ouV7jecJSOxhaDh4h1JccR6Pu2DOWTDpn6pxUrCIo4+2lVbLXOeDS8ClhFf5VzX0 +D+5ZOAdm/LSQIOBXBtqOJ2qDBJINZgpQlRDvo8wDHchslDChTNKdvzjgr/hxdPeE +tAf33lXR0TgqX2vhwbpjqMX2Zi+7VL8ylcjWITdderiNDueDpy7UN45f+0DVhNfT +JIleuqNl09tL34unugpM+QSzgJ0odHpZ1VXkr7zgSFOYau6/drlexS61KXsqk6x0 +rs+n9ssgVqS3HCne0l8I4VOejutBLAVGOXoz7EC9PtS+iYavetnEcqf4SBPHikrn +j67x/wz7jlEsSCyYA8SfPJY1wcKgfKaSU+w2XxAo5bMBjb3QiBYRSvb67q+DtO8K +hUnZMqdbvzFIyXfP4/5WGhBe7ho0dQrtVT+PcCxknMMQ+kyQp+f+jbddLCvcKQFa +Dlvw4XpMR4Ee2ukkaWpXAc6ES301NnXoAwlvKAkThfRDHwGckGfiEIunEZN5l1TK +0X1tp21gUZYE+o7SZNI98Sh2CjxIQSKdA212hI3A+2mOwqBNoZcoDBqrvd2cCoNR +xDA65eV8l5HrDAtMHHt5wTHzcfMik1CTHwL0/O8izQH+fTHKw8xR+VEoGbbQRkAY +PJzMvehkVkc7e4K22nXAs38LARUW0D77ppR78VV2d/D5FCIXrDn58pi4RjjnQOO4 +yoGv4snLhnMq8bYQ5En9403cbMCJBYp4gvC09xeNNkL6EKoBjpupSMrZNn19VsrO +VkACjifittw08/g5ncuAAO98YHQKmNPTM6py707dMs4L5jTOcLHCqo+fo+Wnx9Nx +v7JmWNuFwfG+gIBIYIKmW0om+pcxfYMsry8byIUGNj5SnaGtl5kLD67Lr+LLJwBJ +TNbGd8auBVtroIjdGVnvwtS1oM6eNXogL++sD7NBY5GdJvOMVP9X0VjyfHd+byjL +SfTAJq986dSO+5262mRY3fLsKCeQ/quIvxGsJ2sdRoTFXyKFUu5etuOH+40Yhivx +SnyUd+mVH3MF2sWpuBRE3Ny87mmE8CzFBh+pDdVpdvb1I387wwhpcSfW/6ila16R +1NSvAFwXMeZkxpZZ6hn1Avyc1VQi0fICjKCR0WYY7+Fl3Uv9uXznzuv9COHe2nmu +Giom0TSsOhNeMq0N9AbnUEPAhhIEsaMSZAOODsrvtbRijCcrCkY31EI0O2pT0Vgg +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_aes192.pem b/tests/data_files/rsa_pkcs1_2048_aes192.pem new file mode 100644 index 0000000000..a9585bf376 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_aes192.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,9253446D0CFFFA0AA50C251F129E6148 + +CrtEJsyM72x0zqFnS3qGqTF8JtaUgKe7EkBRoDt5iEowPZFjPM6QILEsBQLAcG4J +RKi3My1S2nBweRpEvTYZHHzHXsO4UyTCNfeIDl7F1lJ4lO+SB/kBkjAWUTcdT+h/ +x5F6F+dZDMKgYvDjvvZfQyl+x3aDd0y2ZqWQWJEvqH/uGQK921d7sdDFclwDVrUT +YWjF91KNzycRaOvTHjX9X/bW4UZZif9KTZSKSr71zOX16YHU7aIWJH+OPD/DSylf +dbhZAVwRBlCsUxckkReg7u13D93jlOlgP0ufvpDAeR1y+jumLOeWddiMBtRtFUPj +IfS2RPcyP8NQnv09tru+ra6KqRJnT6SKRGS3/+cgXGIirwNz0PbYYN0BCIOh12Co +sK7gzCbVrbLLLSLuENsC4NeihK4WBe0NqZDU9BMqZ/ardjwhiT2InM+hZC+HbltV +4h2k/We2LSP3rAU9a7v6ve7U4OI1kFEGn+sNPuDb03C7IkIA3ThASh3gPq1nKs7O +uWQ6SINnZiPXDvlqZiQHzFipF4OBRRxvlYyly7IBdbIfw46cT4dnQh9uBqSadVq7 +dUf25ouFP6uvnmaZ9gEWvpa5yEafb4+x4io4CLbHPp/pPIgOJKIv2Olh5biN8IhM +BdO0surr+BHFogjjfh7p47yFNx3N4E+wc9wmEAzNgWijqq/btu6GxYkBltSwbh4X +8SSwfWrRxmY9+n4zIyehFJ/Q4VCsVTz2meyAc1hCyi21XWm8uBSA55DHmGXrrxwh +j4VQBzn6qYsWJPjvBfwluq0OOKjfniaoa8QiH3+Evmjyfs4wWaSDXOdxAZFvA8JG +oqiuFPuQwmsFLxrVsL9UMPj8U++zHahqOWzCFzrd3LlUrEAE6NRrzLmB5RPcdACM +cgoEgFRR6l81ZWOC+aM+vDyc1u15iOrYhbtgfeeUmj75nJQ3TLXDRv+BryRtP2Wd +kI6lNUL9M8QzqYfJqfKzJ9mKEGa5iuDH1RcWr7cOv8xZtq+ZrzI3BvWMeYs3CTpg +PFgKGg3uWvF6uwq6MQJIXU5K9AZtZE33oH0CQtDjSUVdrFyWgNmDgMGgMZlCeynC +y/82/qCO3xiFUoK53sh7Qv9Qa0xtIeWsRrZyutyxQQv9Lq5xuiOnqL29TL+GVPJm +/wztj2ElsxqPMgnDHJHjixBBC9POX3yHciDAiuXIukz3u6bsPhBfZKwZ6IhsKTVs +R1XMadx8g4kHiv1GnbK0/jlZDC+ne1C5yJg5F0n3X9lx0KJ0tlNe2N2/mWeVd0Eu +mIQq9fLYTrOguE6bSSp6sMzmtpm00Ef3GHSXsf3cWVOFRMEWGLJklDoPgPr/rSke +QwLb0U/in/NOqmO1gfl9y70XM2zJDDDPrSN+SDf7zEu9Y7R6KmHsT4wbcC/LnSbM +/TOodgWOBti4h9EybHc5udSMMSyQxBedAh7I0OkCyBDgXXyQv2g0ak3EgMMlaUHV +8Gtf6y2g4Kwh5DPpJJIJ/kxgsicO6XbSGOm/Ya7i67MBaG3TBZ74B4T/urEYYc2X +X2p8+n3RGXG6BKOQcXR195GWwwjxy+HI6hzXGO41Q7mrs1mOsUvk66VXYFFLpEcK +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_aes256.pem b/tests/data_files/rsa_pkcs1_2048_aes256.pem new file mode 100644 index 0000000000..2e396e1d7b --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_aes256.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,44804F408DA69A39B0DF6B8E84F4F663 + +zEIU+VIoZQIfjf55n7N2sCz7QOOZbVdvEacGnjOEh6NoZ41R4F+bio5HthVcq8qo +hyKUcZaPm3+2AceL/xfdx00pq52GqYVl41MSDTiKwCBE8ulCiHmh9bMZHPToAysC +sQlXWDP1FIcmILk+/OnorPLpsox2Is8CELgVfkd9j/ytCMA0TPVEqxqJzrmwp76p +vP2MWS65MIoDFnLHcabHdZZQlTP5DdRj3AlNfHqUMIGygzs0vEmpHjHttOFW9mMF +HIQ2x+Sznragg9ExjVgW4BgTD5SrXKAEDUcMv64w6VCE8Tox1QaWbKoWKEPMFBnZ +HH7uVQJnptFFgJ7cKd6xu+TynEMe4X6iR5GAqPIqd1rhjWFxkQb7zCUy9PukFHlH +uZ3kSLVGV2FDFWN0Hy1R0rfrEFOXc07dwg5lp6AXG7NziJoMChSS2ipAbXo2uE3G +PdIw6nAR/abyZqtwlyZD1jO2R8WIXYiGUeeXhC0C7OO73J7IZnZox6bbVemFyZw1 +AKgDGjuaEbBC2jBEt3TE5/Aaefef+/nm7MENF9BJlPF465H1ZfFbE3PRf+2eVPf2 +Q/dsfxKFG+Ui86qcXjBjex5BvC2kfMqXumdoTlEx24FGFCRUHB5dmnWRUejglJ9Y +QWfolL6ccre3LPYDSmGAnAzfSB8yCqtvsvT92NDFsSsO6KYBy6grhnvv0ieVcUh+ +iDQa5f80fB7ugitliOPPBzWjt5P9FDJJ7Ht2Fpbor0Ig/JKngyTfTRVjTh15PEMc +kYHFFoeT9r5w/4wABsh6/REnuiahcJlcUadN8js/zrPPXAoAjZGfpvin0uv6haBL +Qh9OHLSw/61J2EP7Jx1IL1TPBCBSsuNb4PLT4e3kqq6GVJNRHCMRpN35ytZr4pqj +lkEgl1uVVeOgJYWr8jMDWrCh9ih6xBCxGCb7SSUmeRU7FUJ+ybBbvfsnMWn1TJZX +Bee2PTac6JkXNdDgM/Pe+B/wCFR3clg0ptmr13hmLqmkbCMxkpCVCM+vPA01GNgc +MjYIxTNxB470tKva3jWqC86ffsvvmZb9eTEog/cfCABscX3Y2ufYl71t49tIOs8X +5AXE6GdJDCqJhyE9pDkt2prxeoDSh7tcDnxjb6JfAhvmNORrjv1hI9mmC+IT8F// +QrqxIxBjgKszkFeG7dS5MHo16FCsawCJyl87Dyq+51KTyqeqsXBvODsNT7FnrBmg +Hho96pEJQ4y0YqP/aXNo89fVfYM3hbdUS9XtN6xh4N4vXI6sNVS9NQzfZTcrtGAM +H6IE/AEYp4htKeFUM+QQsPZI/EcgL5e5GP7BA7xrx5L4T94kHIjz69iKSd1zNKT6 +KhOWNsWzHZABOnpYQPvsjjDeIG9/u0ryXYGtH5dwX/z3VvIz2mQ0w14OIw2KzVYu +KGUpGXRvSx+o7QYulVh1Q4BrA03bSaKtmYnCzpaKKslCBXxbQlTIvL2hlienA63T +V9l9edsJCtzElSfJteqc2uh5oVDkGkgUkfmrY1b/8RHKKbjeEKHOEZB2ZxMTT3mk +RGx6HBKoLSG5jC4TjjUcAIY0NAmJRLsabrBTDLBUqxnMZroF75Id9KaZHSa74x+Z +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_clear.pem b/tests/data_files/rsa_pkcs1_2048_clear.pem new file mode 100644 index 0000000000..d9476348c3 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_clear.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAqFVn+bKgHDTGFY6QU25+HlEP7ppDRC320hNPs91pri4VZrjL +hOD4/N7sAoWTZiIOGCo5pJ+OztG7GA2B5tC9/cmdSN8UAXR8YO49+8ZqN4g9Ox6q +91E42Rq5A9aCMkr7wm5Ym3cK9dZGXHVa4QsROdnoaIKpu3UbbjYOrmQSXXzEkTiX +wMTIsXz8SclaRYNhHtnv6CKAIm1sTP4a3GyGeCzBW40zknNcgTqHo6J3FLw1AENY +iaQEeXqTOxq3MFWm0HQFoJC4IND54RiARCo7+qJe+aqMGPwIIzQEXRIQVVcG3lvU +8lUyTPpegYb2O4zdRrCE7GCpBBe137NmJcZMtQIDAQABAoIBABl8JKu3EWpzyvGE +jfEzr0BjwWe8TybJVq7jYZO3l8JZE8BjhdxuOwP9s/mFw5UY3s1lxyhXR8WkFxFD +KkGJpNoBZiCcNWkq+5GpQBUYKwiRRcPnlrauw06LLyuXlEqM86SyFBQlZ7FkaW6i +Dco4ZLk/dmIsNgo9ZpO+92YLnIQumq5nAY4Mw6CVra54koDmLXorJzidAo2n0059 +K0hUUMgh4o1BEn5I+YPZOkmASsNUh6zbm26tyaiBnU47ueYE//+RPCTPTI4ePBG5 +8nGuRGebGpdOm9OO3IGgps80mADnVUI3QTjcwQlY1pEeaQ6FMf6WpfwFSzssD6WS +lfEoVBkCgYEA0vRCLOvbhikfaKCnAkaBYlhna1BI32gPa4+bwCKupaI2Kl3uRhPT +JB+I+fzWXjPZDq4JsuTcHCpP2EpfBi3ltXmjmmI742D4h20Cv9lPWItICn11HHcQ +aV40Td2Lo96N8fSzwdgr0cH8fVvTEWaZiUMZpafypNIecf7UMMi7opMCgYEAzEdP +e/zyTHUIUpYI4OlD/C+mCHGOGnDtVG5RIAPNOiXuDshGBetQf+GmCt88RjH5Gz4R +LuYhOQIKObtMRzsgD8UbxBoRtmwTAtaX/e/rZiW6kEgplwA7ZV/7oADOBEqhf5Yz +ublAtD1VS9zDXr6ZoTeJVmZ0VMlKXPd3wgnZ+JcCgYBgYQRS7bcwBl25OZzT5055 +lhY560Y/+5T/+W6ZS78rIX9Jv/x6u9f9awLz49Y0189Va6I2v2To4VP1Z5Ueh52p +WderUzI1Yjpp9R4KdMhRleDmGgeFZ8hxu35+DLgduDJ11uzBpXfvr4ch5u/5xTxk +f+mZy6+KKg2K23gqiatgTQKBgQCW2Amfmvco8jrFETlZK6ciL+VA0umGKOF3uUZ6 +h5QiXiPeEpFyiYMWC4BbAuE1TG2QalKx+QmLWTBH1UDMUKKqQnjwY/e0ZzXaoK/3 +uhRvh2iuZjsf3/H8N9ZNHosCrEF5P2bOvDdFYQz9SfWSntg/Lg1iGaHJgiJBaBOs +2y1z3QKBgQDF1Fd/BqSCKA3WM0+3Bf7Mu4l40CKmzjFpVGALTQIscfE4kUiymXna +DLWearAGdiGpWLD9Wq6/hBC+LLQXQ0zckITz3L2Lh5IJBoysOc2R+N2BHdSvVlti +sF7IbcMbszEf8rtt2+ZosApwouLjqtb//15r8CfKiUKDRYNP3OBN2A== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_des.pem b/tests/data_files/rsa_pkcs1_2048_des.pem new file mode 100644 index 0000000000..c2968338de --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_des.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,A21ED2721C71226F + +KC/2MeXdBpU0LCzk1qh2ZkN4f/GNMR2iqyUYYqGdcXGe2tiw1ge21cH9+TPrwX9n +oHFPLGstWmCZDpp6ogyDLR5YD4pcCYrVaqKtHVaNnkuGj2ShMef8ql7c+xcXpWDH +ptya071WCyQO7yifUMj0KzSgN7evDjn7m94sbmBQ7T0hWhmKs9WiBDHqEG4zDsfC +StmDtaXoILmmruCrVgvGWAlCTfye4mBaqXvFjNl4xATLn/Nksk0TgmFijrRP0ynm ++J2shgJGyHvwSgwiX7bkOqhJrEZqI9v/ob2slaG9Kod5NUXiHKxnZjdqcH6PC4i9 +ZCdJTLlNzBEGm4Pq5w5kqm5OxD9ScTfyYKyeXbWpkCJmU8HRkXm0m3DP8jRoF6Il +QwMCY5ANRZ81sEzQQa6obdaXeioMaD1+CpvMVBCsu9EXVAmTiH5Jwj+xbtMXwjz1 +LNIGIlZg8YutLBfnMxnz9RFbz1+PBwJpKIDkK2Sp+Twh/3hbEfsxNrMl59urDyll +9iO/u45sY6wVXomuHiPrclC32S8QW61hGB44aGwdYTDfpTQ4hRo03xuE3l6x3GFZ +W8CPPReIsqv6m8bT2T8THgGDYmTJs/LOQFhZacTbnHi5LwVjNKyf/zq3TXBo8sTh +O2mpmt0Qu7VWOlEqmwmAGdzgxmuPnJtbKpPhAQbqTo35usRd7EjWkgTRzTEd7yle +t5ylUXQoA1DFO+H+VPmzzOo443BLhINJD8nhHKVfGj3VVpWFnZgDALhFB3pC+lpn +5ESLfD1wnMSlSUmKCYbOF5zgmasTAAOi0gaFKW7FehbAPbDha5OyrmZWO6/USAqt +3SrobdHX8XiEjrq83CWlTPDL98gL/LO2lv6lWoO9AA6t32Zur3oS6pjFEYTZtzT2 +sztUpGQbV5OSh7TSSoKRUHKl/0YqBeO/TBUBpM+H+rTtksdnUG9u+wKF7rZodMtS +TsnIb4onpmmk2GZc5YkV36P2kDlsceZHRPte7Vi5zEZvelHUOmiamGtpXWMug9um +lnRs6oryDFffoEZ3gHDetE0bG6f+pRtpnvMJ8VWOFXDnuei2Rv43HLtf5p02+ELq +m0/HtvjFGDvro7ktYFNogpVgAfOwadBArSelmH71GJa/4KvUcM6Anx+yJm2adqE6 +5Ugm8JTaJTxBTHqv8dEKsyDN/5M4QcBC1AfTx3R8XGjqYeApHd0das7w8FdDZtNJ +MK7Oqa2HEq3ChaV8OaiyHul34gR+NttskcQkgRfJX+LJ2j3IxVAqmUdid8LFJL28 +Rpx/pONcGJHjdubbZZ67Cldb/nUs0ST+HQ+BJbYZNqTeDDBSCIsye+MUKnqBIOl/ +30zEUz5WMe2w+c5BWw65aVL7F6gtKao+W93CQ4yZGbNRfiglX193BQYwR1+7QAWT +78jf5WyYzFj3VU8iwZ/PQ3njCR9Fumm75xtIlAhHqliKg8C3Jfb8uZvSjvntkjWn +ksgsLRF+/P1PdulaRYNcZAoYKTz9vYpVaWlSyOm3HnKpl2wSoJXrp/cHzd37FyqW +z8CeXtMSvio2wXmadhBEEoc8QSY5s3/J6jDJaWUxkQNPdWZkDmVgDC0DUlfEdSqh +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_3des.pem b/tests/data_files/rsa_pkcs1_4096_3des.pem new file mode 100644 index 0000000000..6de58fb7b5 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_3des.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,08A2EE4A627B9219 + +BZXLuKYuOupeUZGJPIIiGd1dFXaBiFNmczkwjADQeQPb5rzf89n2d7N1442YkJ5q +nIvyHoezi2er4bhxUX6ToftGdd9X/WeAbuW3QfzlLccf69RgLpKjWasKRlws27WE +ighuRsgPK+UO2CzR1PSBi2OIRdAsUFhUx4IN1oSMPcx5eR3jglH+jrFwv7oOclmz +KBWxAKBguVOFpYfbjy77Oa1sainVFIZMeXOqkOSggfX+kmHg9Vk+AgkCAhM7iy5m +u/2uYjL1Fp3OUuMcnjWG3GAurKAfquWcifF3GSzH6lLyJllC/RnsUwB034J5PHB0 +KrfHipJyIqFSj+lOizDteA65EoT576+4VOpts0aCc5sZeouQS28nyOVKbOtaAXJL +seQbR26RoAw6ngD8JZAFw4QrhekKRPKzkTq8s5E8QplW/Q+G2P4gmn7WeKDQGHW+ +8FJtBd3kmzIydaM8TkdgZOBaNPAvkRdJfPcce1xdhCOVfI+jM2ZrUjGNjGlVChLv +P9cKwP1KgzUVb/jYEboD8d+ia3xwOfB2sfNS7mDoTWeJzle7zl3Np2IVNpND6zpy +eP4sTjSMDJNGZI34aGkGQEBCznX/ssCT00CVLS4tikQQvHGGasHVqn12gTn+c4yl +ranvfJ72h8DIpHenIQdvzRhTHG1wqIn1SpLOxxRzUCtGUuSWmbTk2Hxxk8xZUoNu +n9n9mXv4DecGOmmaA2zHq9N/lmPv9ekRneMypD5sRjo9OUJVPeNkiHCzp8ud+Nr4 +PcKeZSsh9SBbGcgQXrGedntjualYq8/yoE0cLKOud3uq9PA7gtR6u3A+nT1NFMuD +hnsnlDj5p+k1rWDt4GnYDSjRrbFMZ3K+s/OaJ0+Ul7WXBup+0X48zNXv+8FPxsxr +4zMFpLuhxLAI6IJlqjM8TQhRmP79oGxolF/rNyOR+3K+HFjEFaBW/Cm6WZVKYV6N +6kY4HBFsYFhdfPlIpKX2FfdH0WT3yzHLuMBsb1Cc3u8DSYThg/vxldwj1LZnTUJL +ah/r94RjOXd2IDe3CvgxK8ofT5XdAPZHBKXosnMTBx0HZ/prwFXt4YvrwbSxHwT6 +Ekk+uqMZE73Ln5Qh4i1iEH0j6Gwyw+PekVsc5h++Et/7wHlvF1dv+RB1imQvZ09n +Qst9uN6SYhhfHm7CbGpNjMFJGopEgA719QoWnzCefgnuiULWd1nvUTjsmAw+w3DR +WbWVX88K62wE9g22uK/EB+yvyQjbOYDroTIlpL1Pndmj5R86Q84m6zgOsImmn7Jp +fbG1CXlRCIlFCD87dxNSccMeUB5cE/qpxtaAntYqChgcbNdQATuO2YB77ZQyL9T+ +cxCOIXzhnxhqvfZ/Gb6kT4LjxYFzuY2dVIwiGAHtqASpbrB8qhsj5SOcGg+qdNwD +LcN8nOIz90u9+odzilr5BZZIU/mFKzhPw4+Mv5QohAk4PUx50yz6NvFiCDwIhPxX +9MvV6l1pr2Kx6nH0uzpC8H524zL2zhYmNhUdRUOCPApLv5a58t8QkgymFD7ZXQmz +oYtIyuv0D7F5SfHcDCul0sQ/cOoVSLIX5lj23M1SLRVeUOCO1HGK1wLaZX7jLzbf +sZUFFWclSehoyt3Z83M9/nbDq+b1Vlk/1qrxO6/AVYBneb3KKYXiYXIQHkGt6ClF +yeAPRXunxm+R/qoXaIETcknyCOH3teePL0uC1aD4jJEwlFH3JvlSSA3ruAsrBuzQ +Oy9VUq/Q1lK09SRT+EKzmVhvb3lVYkP99Du1BoIyD9IURGyxoT4Flfn2E+tfN2CS +Jf/JQEtf5eI6jSM3xq9fslQORSNGWm+Gb8i1wH/Sl86d7OZMdma5fyfqA4dYAi+W +2k5sPNomZ2z8kL8uixR8Bt/Bg8nkIKjLpZIu4cd0gP8BWbmJ6axfwbcmP78Qk1Tq +kwW49WVg6Sc4sW3T+zPdV1wGm7DdW3KfJJOV+6i6q4GTf+4Idh0631lVC3L4wJ2v +C0l6XgR/VZQ0O5NFGeRU0tdrqvck27BjOkngRvDjTkApngilLrggvIXSeYMku3q1 +2MuydcUFA3najp/F5v+jTiYIzJkuYsF4T49M8N7L0XLuzmhpYK7EU6E6VdsoABCY +JWWzdZdfQ/dkGCbn1gIbSi92hG2YQ8nOJ8wOfm2fynO9iCu3o6h59sJ4zrplAyFs +TTdK6yd0uDnp9glPmurcEXmYOGVjVfRCRRx3K9tE2QHub7lGew52KrcKt9FUPaGc +iD/WQi6WdSVa+YvLopFBLzaau60QrwORYKBiZIOyZyVq4LVWcg1FIbni+1NTOpTO +bo7/ymJVA8yPqlcexbYAUUL9zF9BfS+lE+MWygA83dWVogIpORu8Us4GtUf9Atq8 +Q+uxiIK6V2h3KQn20E3EHFmoRJJ7My3GPHxuG8/mczEAVMhfZJSXqGNiUOgc9EIz +eFsfoyPiUoOkL0WCXYnt9GDPX+P5FZ2ycfLb7pQUCFqY/9Lr+0LzaEqqV/GLyBRH +SR8j61eEV4ZlISLA10eWkkyVVHRA2OeAc2kmaVC2H7xBUY7owYDDtlUzKeKL0/al +gvCqE7kcazHcoiBkQI8IzslFW2Q/plURJGkuiUPou36aFFTj77C2oeWT5hRxc+X3 +9frLSIRQItMhxIRxIccxuv46lHYGA/fiPLJ+L+GiuZZHYX11UIQ9wX+XB2eNLZFS +hvJy7+u9hsYyi7KWYnXM+8I5+RO2NhXfKhPwW9IJ1aMWMUh/VEYlGOMJGSr5c6qy +21qNuK0D5a6tKRkHxaUlLvPOlylqGINRZiupjXIrkbzNy5pEYqz3sJSv31FHUmc5 +EbrQJsI1ia1hEY5Zgq0eQc3k6HcfmfgIIZ2GB83N7AGrpMRyH9g5ZguxhdbSMjcR +1ZgUxx3sXWPIIwlLTsxl4wY6CqTQG2ZNPya2PTW2X+Qsl78NhLqKUgXHsfQjViKO +ZY/02FZEObhIfBprdq0HIu2sFKtqyzO14kVe4MX+ZrB+d7QmwPqDsKb9EpUWimFs +HFPsOkJ0lc8EY5i+V5XecWOhQccjEzoqQzffnlWC+E08/G0MyngXfym/JPRJxYu4 +nFYfGzbdedXl7vYXisw2kbrrQW/EtkVfYyho4G06tszUccLGh9akU1ie6ekDQT2o +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_aes128.pem b/tests/data_files/rsa_pkcs1_4096_aes128.pem new file mode 100644 index 0000000000..c54c1be20d --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_aes128.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,2DBF602A00D044C2770D4CDA0D26E8F1 + +945LBJrU1VrfEqmgyMSQmw0BtwxxjzegntS9iB/6XsTuRbyiOpj1YgiF8oHYhNXm +8Ubgwe0WEkqYOxyWvrBDxFgFfcpHvmrNvPssKW7u2jFx+wKKDCIBHuXIIfm8TJ1t +lhal/TpRAs0Zu6ub66UG6WNxtKIW8Na74OyHiBk74V0GCpNAnNNpWsJ4YW+M3wep +rMXnySl0EJ8caZYCXVzcHQVVygCEHCtSr+cehCPSJl2jeWIwqqy6fiFWYDj6s03C +eTylSyWFOMjpTmi593Dh8vwJ8bIC4aci3BP/+TYlvT6+91voYz/X8HtlNMen/nhP +ZRYbfwH/Qy2FaEhHI9VzQu83Wok07K9TayDBkjh2HDIL/SugeLGqBEeVzVN4aM2O +/QA8wg+gEBTOZH/uXim/81/pWAaYfXPH76/OxjgdrbKQx1CN9GR+h8stFrMnTlQV +AycGUc83rnWEJM9t/3KyrDMSPwbm8lm2npdboh0iXi/OocXxrW9Mm8OpD1mXFOg2 +Lm84CCs+X7lwiDMbBNRSFiiUSzmzX8GWMkwh+jjAiTa98pbc7EKcTlYlkOkOTeVj +rj8Xb9eBz/AfdrV52XnDBXhNmlpe41ceiw2aPmZ2UhfaHbm9wYL70GTrTvbVG/gC +u8yYT/3BLZ6j9BAaS1QlA/sbJvlvc3TqQA7wGUd8RonG1rqEK39wBM6M9dHddre9 +XyCXAaHH4GbXTGFY9xYGcoL61HFrEl6HZ8vBOs41rYROPYIkWJXFmoDHY1aZo1Oa +ofhJG2bvv6gZQdt2f5JKeWSCMpQFSP4PWj8Z8TXvHHYQm9e3dImVK0E2go6MjVrd +ZS6WsJajlp0UB6ceLFX+NYP5YH4u+VJF1PQ2M6+yno0BJpjPBFhv2pEHLxPCQDXg +L66ZgCiW5WPFfnm2PZOE4qtlK2msJGDzOez+nvOc/Pxv2BVhWKhOM9Jyc7c/at2M +gGNV3DPGFlRnuCdHDQy3ncb30fQsjJqQU2Xrj5DMYDaWcLTjznwXO5GMfVAQufdg +EJAYGa730fPudLsT/pDJUIj24Iz4Xfnd6ilj6C2Sbdl91JZP0JwFkEuQ43zo9Nr8 +vMcz+wzfkbq9gXKOM3WNjbHFX/BfS+/vM04Cu4m6dhLIFDw1sguI5yCaHOUiuk2E +gwGHkE2rKo+/afymCXYas/INFr944eIfkK/dMyMZI16CZZtiowG1UoFzynNb9o8U +NUMhy8Ba5qrbvx8LhaQkHbeiBZ2vKmyay5Y9FYZ0JiY/Jn3ngiec8zsgZG3as9XY +3quTs9W8fa0HYTNvJ4o9xZembpWMj+HLGjwZ8uiSQUFDp4mcwltb7t4cnFfu1X9Z +MPPKzHTrECAd8A1XH6HEmeZhUaMwtLt4vNm0daXe4LvgMAHk3pQO1flVrsRxl3K0 +VD5NhJCG1UTl3OUTV2WL5+WW76JkdZ4Mn1N8tTpyLmQraifG9yBhGMxUNl4x5brf +uAQGzV/U09eEjU8pDVZEteaLAbFqH0xsp8Chz9dGM6pKy2t2H/ZFvk3g5YOKo7cX +mMGf1wG8WRyiZTxM+XK+tpmUkuPgRjxdw7rFTTwKNG5VmBymIHGR7lwiv7fLPXo1 +0v3gCztnKBTfCdGUjdG8yRNGAKtT4VdRsCFeUYl3ZehQUXlO3ZU6bcVv8DGFmPli +B566h8BPIkQ49MKbxX2E6ukw5hGzilAoY4VN8txXGtncvm0FUTt+ji+wjIDAKjZM +DWMm4bN7/LCEfsx8f1+XivzqQY7hdVntkeUH6R9GMmJ7ldfR4DYVzGljB1xZmVNV +FD+HihBMVCtvzXLax5zlrf4iunmSMPBW8cNTJCHXNu8HbxNnlhIQ55G77DDIn8RC +sh2UDHEWfkXuhhCfdxOMCUIBTBMCgK4N4pRdxEmj+RFKJR1wHY3SyMrcU7ye5/nr +mxBF0HZKmHm6+U/oASjHeycUi2sXbzu60H+rSQjXVnCuFMubQ7LzJzNddmRc346O +6fNa+28RUAxdmWOD8co5N7f80GAGKh4VwD6Hi7KDFdXPNFclesjTKF8U6E/Q/hjm +HkH+uVeOKZI+41qiNxIpqP+76h4u69ZgZlYVd0qkbRABLBPN69cgsR4EEcLX8JLD +rwgPaLrLyX9muYsFf6I99DDjcqbW4BAu8gjzE5qGZWQnOXAfSihUBqE2VgUQttF1 +Lw+fEe34AqJFr3ARcQg8RsZLomtQbba8VxQBVMiPgi+53HSz9IHTApTQ2ukuFB6x +h/uyVtBImLCEmBu5p2ZSBx1SWXM9A2pj1tg7CgS6l5F+VIFInkjBmSVvRooCj/eL +kaEXz65E96Pq0tmRlw+Zg4Xo3RaU+Ah2Vt/6Je9ljD90wpso6QbQBNnJMDF01EKu +KJvvxf60xXB8j/EZvYm/7wDItCRnSBFZnOQlIfzy4bvM/TLFWN1AgOsIuWjROe+n +Daq5gnCBeTwNwiSkoM5WjjlGGl3K1ubm8t1dEbjgL0tUHEv/A+cD94SkqwdPiL+K +uY3qmWni4ZfwD7V0l9cCkUpdhmmCuX5v3ylwmSvXJ70Ag6tABDSMZK5pj2GTVGno +ggZYcO6eORb8iaiE5ZkJ3tRYjUtbXuqTharC2OqlwEvlOGF72SrQEiS12zgkGYnJ +ZYDGz+wDA2CCpFXxNwL1ZZp6ABgH2rgL3RUqPGrXefdib2lNupvrm7s69//wJmpC +yH4Hex8Y7zA9I1cumIPFARQIOgNbvnCoplRYNeX4TmIMY9uMGtFNRHvrk24bCdz+ +leOGPWFPrT2SbPb6ctGRwZmgXq9NLcea62ErzDHBwEvMxFVhKAGoRUR97YZv2y3F +hkj/kdgQVg5TEQfYWINkDlGX8kpRcyHKYA/VPzupgI9g7dvP65O9Fo3sivJ3RM8N +QJj1hcGn6disCHnw4PrgnxDkVELIAOD5xye5919AYj3j/MwIu7kGANNjJk34Tu6P +gRxagTKQB5qyBMsYJl7k/D0RUPA8OsRH1Z1Vl1+ZXtaraQP95Ozoin74NPESKMnf +8lhmetneI9kgnW7zDxZbz5On26/UnXB9FfJFPsHS60SVpUFihFudrpSB6CHxvYAm +hN5EUekFEAgB7LJ0Tcgc49MbVdMKk7H2Umoovc1Th2DBeET0Q1yabaPG3SQF9lPH +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_aes192.pem b/tests/data_files/rsa_pkcs1_4096_aes192.pem new file mode 100644 index 0000000000..8f2af5a2c9 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_aes192.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,3F70213897D2A537A35A891E5682E0BE + +cjhXvbgnfdO1KzCgWFTwBr0ga2bwtEhFIWSE2EeFXK4IWz413L9nfGyx4VGMcb4b +j9f1XvJIM53bZ1lrqPkDd90qzq3GG1juNdAKUqUSATFUjo41/KLE/yCETMEhWCIr +LdH51NvRGozU75SR+i3DlZGSepn2geDjdCrCQuwVOJlG3sXiyEKYvBpQDHYWhuH8 +isM6Vlh9sibC1WhYrvslY6M9l8C0WuKGkqZcJmIYC2q6uHTcq1g3vyZ7ZEwxSYe8 +qxGMJa9MwkmwAaT9d/FTLjXwfagl0Waz1dSBOegtqcTTjaougv+df0y9VcxVYcay +lMhjo3wasTl1k8PW6tM1SEEXA+4QJsGWdQSqi9TqwiqwPcsxAZ5ycNmF+Kr7h3dY +7yFzc1E3xMpH1zR2lOfvwKk+2aWEyeHrREd611Fpu4Dl0WEtxnTphswt+FHhmNqF +J8OAm2Cyd+pzkPJOJXgbaYqM/ff7DTo9KQd+WJbizOVW9tIwz9benq3KCuL0NyJK +r0Al9BI4ysc+3hmfPKhrGzvP/BaGPTAfE2Rk9qajPfyt1vYg6WzLrvvyPTuS14mC +Ldbfzl/KBZz3ED3eqmW3/uMxIZcnRUL0jr7DPkdN5hoJyEbtu/kT4Cjke9IrOnOR +rVHowECNOjiA+Z5cIW3HFK4jjQwUZKMrZNrN6gRbT/ZDa5CwgdmmFG49U+GwNHmu +cXvNnaGY8PDPvXBG9nmJ7mDA8P/VFPYQVcPLlTbcA3QL8NUBWi95tp4FX0tdEouP ++nR08+UutUnifGDgScBeBvzI1eYP8Tb4jc/yQDT1L2qsk0bY9LNTgo5XMOuStM/d +Hf1IH2vx5o4S71PtUClJ52dGSbdr1FGB7CNLOHugaX+D0FsjxsFiAnPAvOvZ64zR +vILBa9G7pFxhP2cbo1jO6mAixN6pXoZTEYv2i0SpFvQzxAP98PZqWFdAFLPjEza/ +Q+OUs4xV7MdcRh/wycihFCCeGs0QFcmZtlinP7qkTpaXUKdcQmJHj5CTawu2GFZz +4S53US3p8LqoBMOb5dgG8zzaCh85evrG6liKGtzpY3obsGZYej/Dvuht+Q2Pn9a9 +viln5g7al1KEz0cU1VTfB+SIunCMfNS36e0zl8PbSG231vEQqVbx8Xv5zgzSL5wg +I+XtotQEgQE57miw0hjW+DCaDaBc7mpYzPBaqtC0qJUSOpFE/fig21H4uDBBZbk3 +Pf5fkLXrCuoT1EJQ1iYAuJo6KTdvIO//6h1lXu3ZeassNKS3k6yAmyy+mN9+SY4i +RQR/tjyqbKRVoCLiNJ/h917NSa5jFJVM3DQD9ZNYR8KEzVFhullZd+MKeuVM4NoA +H7K50+vCfIPetZfkamT6DQxcgqwRz10pfY02HmNwx5sPk+US7epVcBlEQofklLEq +fUV3oVbnaID1FjcITwvL//MIYMyHa83e/WFkOLORxzRCOnCe5lZMRNNrWFZCCiqb +X61aRfeGtEkEvxe4QYbUnk2jOJYsaBW08T0gOPKaIo6DpzzGKsotzYrTFs4sVr+p +QfQvWVKq8yYwgBe+qCseNcbPFUd40xGSbZrYGLB/Btax5431A1KsRUlzo5gdDDoB +fEGA9oFbVTZ93r+hK+zs6lWXeefe3m1wAetlLWpEneNe9V0mHZ/GiPY3cpE8dJNV +OPucb0DQqJJdmCfC9ZXxgpXSppqB3jo+C75lgTyd2kepwf9uiVTz/ysnHvj7T5tF +A05lfnQa30MdllCBaYisJa77Tpq8VoB1boogC/UNsCorsuXCDe4PvKPeElGokdwF +Z32HdTWftm+9ZkiQBY7aKxPELnMaTEvxV7p3O45bqcLt2yuLejDSp64lPkX3I1Ze +nPdEnYfOLacvDWxZAmqDmzCTwbLqeuqeXEy7SDELsOsLjJQorIcv+t4y175javpP +8f9TNhteNhOTjg2com3KtyyApUPZHxEnFlq88zbWCqOg3pOLYXbm8qaHs2shlDoP +Qi18GHQy8eu/mnju6UDASAY5xCCkfuh3GVQX9TqU63kK3j3+VNFmD8v8luStPFqZ +Z41mebckvTPsdH1wzNSZ0yu1m0nTfGrbNbtG1gDEdnTBsLH4P1hm3DFVOLh1S4TK +iVl0JUnGbWmSP5AJjbxLw4Y8KrKgKMC7SDGlSyWiEH+rPkVtqrJEwG0nnanstM8M +Ddbf5YvpWXFYGzCERMm2WrpWVrXLwXdMW497cO+YeYviwGDTmAqFU8PoJkDCt3F/ +WbP7Sl8Y9r+a92eyoWlOh9iP1uEneNsT3z95wpqWlj9eYZlFNjD8aY/FXgfnjXey +dehNvuCNor5+FI8fuOHj1C/2Z0PskmzoYuWmno5sPhNtE2GpWhUFejVF6QdbRbzm +6WY9+sJeXaZcrd+AGH51ODgsliSPP48bCfkynkni6bVyURPYeTduhd9Ww8ZXpjNi +ROUGA73edxzZffhAuqujKNE7+cs25kVchZ5zh3S9RYCW4iXfMsIyLv2bi6dqJPtD +YW6emBTTHMYNE1EFyBVA/WLL75EDExJeCbIaCf7sh4lsVI6MMyU0TwTmZ+jNANqi +Ciiys0AYSfRAs41m36h1Efy8G1bx946iShl/BYQS/6Bv0nr/LAOfaqo8mx9/jj/z +Zx95oX8rKViAj/dtlH+/teW+i2zVVgjcvDr1pvekeb1n7xNLxMZs2bGHTeGFrqrB +1rv9h9uVJP11YP7AuyAflAC3LOKOtxen8cxhvFWJGW/djyrEaETyKy7mG87v63ze +OboJYP0F2005FS3xRZJGohcysp+CDZS/2r0DfiUi1b/yXeMf6yOdh3rXSVDDrxBZ +ZOciIgadV2wwMgj3tMpHfA4kRuNWMdr2OUws3/Kl2vVo2sd7oh+Nrud+peSnWq1f +0yhsbrEhxTFeSKxd39qkUg8ELMsO3mLjUVKC1bFZzd3cHulVJhBRC0vCrVAgfFye +hy7E9sU4+cbbGGb30k8WODn7ciG146B4rv+ZXDTuDG/PJeDf5FLrJAg78RycF1Xb +vRfMIcrygIczxKgd8sHuAk0/yYN8tM88+9wEzPr5F6Z2Dj6Giai8TH8p3t9SOpev +JIFSVyPYxUWg5B0kCOLhihe2aBP2Gi3+VoWbNoRiqH7dV6refqZG1CPf4RzKJdT2 +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_aes256.pem b/tests/data_files/rsa_pkcs1_4096_aes256.pem new file mode 100644 index 0000000000..e2fc2e2622 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_aes256.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,52B3A521A4BE45F79E26667FB6F79A81 + +m10sgThu0xP1wMx+664P/NHSZSjTW63ntAUwVsCfpWamzPLGWOQwGqhfTP7FF8Aj +ckgoYL9Gryulm4/YLH4lh78/beGVYbY+dhOiQoJ284J28v1hGbwr7jRITuabKted +PSqD8UEWqHRmJojDe9yznbfAKjdRyBapQg9qrbKsuumq9KKmEb/7kXKIy0eEe2lS +U0/aGFlPh2jpyLuV16K5NbeIZBzyuowZWcF12AI6gc+axP33gpWPDoNqP1PLluT3 +LFx7o/1S0mMpVNQ9GUcxk8X3mngJi89AyUVoby1YIffGEQWKM/lqbl4/uztVRaH+ +ZL6d/loOmIV3FqDs4RlDTUGMbauvur3BroH/sFNNfsPv0L60U5ZqNVWpJSLdiyzT +Baqm0jET+pQnwO5pNVMmC4lV7ZTIRcoSmXwautuoxAPoJKGjrU2nKGCFWvbYyq6f +pIR7RUH39pz6ivzW6+cHbS5B/6X4BLGMrgk4Y+DNUWtDaPebocIZKPhUfvnqwb79 +oNyDmn3wIniyOYsZg3YzVOoZGanWfEfMc8AQf/MsHmSETRRG3+zGqfuF2grgLt5M +6f3yz5ybKnMYC3U+Qug/R0xCw4r9PygCF9S1in2mPj4alyfgU7bfTSnyIeEEzA/e +csEnv8c3BUrfu5Mr5H2miBByEnaE8LoW4e/fo9Rjjli5YYPyS0Gmj9dsp2Sxh6d0 +F6uwftnHWidmPjzlYYRaCnCd13cf7MzIgCAALKU6YyZgj6wHZ9UGHuPY/gmM3Tly +rTxtaZ8RkQ63QLyC3rfed9/rScZLP3unnWrE8srxIBfkrdmF7q9F7GvpDLxjg+F/ +SPDXBU91sAVCLsV4uEVmx2uYBnCGQCvk/sESlsDWVHbIzhqQeeGOTFTwRi1L7dEb +b4+/+t5AtWV2/Jqp57c+pi9MISB6dGRi8PwzVL5o18mRqQoqDMGazqiZrnkQ2HLl +kpXAPaZiEC0B/nbHk1jvs7T8vyckNCo3u40Th0WWMWDBg2oMNkFg02Syp9suBfGv +eof3G7qPKGZ42hrMt/niBhRhyK4hB5P8ZtcYs/TdJJVAK3oBHbwZb44j8efkng05 +3gGCvvRjCYqP7ijhHaIBatqsStuAoJqZTQsXed+5BenACYqGxT8mJl+JMqS2kjum +Mt9WNK6EWV5uTe/8M/A4BMbR77/AOgLBYIWpOWcsjnTWDayZiapEwnKoMPUjePlr +pbwSdPhP2VHHFKqNak+OEDsPm3ouYrCAowe/kU+WvGuyf/83BizJZ4cbnu4XE7JO +jw5PHrfIW0HhdqNDM5CagQOOWQazCUB/uH+ehqt0tbDmx7ZHPtA35ZQy+tVYcvFE +RMozwpEcDQHDyooWBIWXx8v8LYySH5kYUkwTySe0WQrPjFAQ4WOQDTaq98gm/q6b +oUGQZeRwPAdUa1muj1xUELzbeok8h2uLFS3VEliLKMo9s3gK/GKcmyb3vhZpE+uW +JHRR+MkvSHNOyV3eT0m6S8zTj+WxDAkrwA4OWN+pZndlIMzUuJ5OH4iyXBDIbozX +OYZgHXN4hXLO2ThNFvud6JFj/pHurTVBIATSo4Bb+VCynRmtiV6OmHoDoNQPrv0J +OtttwAbKEIUp0dQLMDzxiyqnurEkvwXJJA/hXbh7pxCVt8mlTzuVWLLxN+paF5Ro +3BincBlVtPdWcx75TEXhewnF/JiM29iG5qx6NQmaIe4f0MGtPCFFnedhMJg/zKpf +WRQiXWfsCCJWPM6NQdCxmFJkPuoFWGU3wpFepUFrYVwgnSnwYdmDphyo8IzMdZKJ +HoC6TcfxoX3EaOOFYNPDrYqFU64gpfIX537Cunr4l11kmt9F2CpZSZ7SRT/b+fDn +JDk8+Adm8bdisO2ap/Uktei8ibEXMcpB5I0/t6VDOGFLnvax+u+eGH77YK0zVExP +5N6h8kuMFTLYSiDi01rOxB3EgAXYqiMNttM3XyKUiNvLRIuBqiAWjQ/i94PifQzG +i1UeItRU6Dx4JlJhKnk5C174dGwv2cg6iZpKydHexRyKl+/+pmvYFsNOQxkLc/U8 +uxxHANzHRImndCsFiWfX5Wm5AuY9Rj5EbW3D5vsGiAT2wm9Ire+OkIgAzOpp+Y+b +llT2q7aKV6ZRbGYxqy2b7crPhC1+OgvVapGdavCh1Kl28wZyW0z63KzwhKrfpzTG +keJn9uokrNTo8i7kB9OYQnB+Yj4l+FpX0vF6mC80HWtpe8dN1fEa+nBhMg9NYaeW +W/VBcd6HHsMUbI+LCxhJdJYm5ZcN7+7AkoIp1lkWb3hVDutKYKFE35o2PQaulVUw +Tsya4tqVB4FpXZ703IkBXKf2rS+mUZLkBM0FD0NZcVFC9DbYFKhqArhPygP8Dp0b +70eMENpvur+Y28Xi5nhgB5bYtb8AKuEPr2A+MQ2e0RNyS9ADf62Xnml1xKpPjtvP +lz40QIZai03vR4jY60RRVYxiCfbAjdR7UDnuyNynGXgRYR17GAEssztuWszOuneF +uZrUF+QqvjDnuX6TqUUzd7DR0tt9n5nWEeX94YEwkdnGMrPSDjYVBFrUzxb0C8EO +YduXo/ZQVQy0egZNqiIYt9MnaLpnm61PNqYjNAJ+4Lu48q7R1x3mnJj2XcHOonpI +gn3riWaDVOg5oS/M8T2Kog5QTfZXqYj4JYluWZjgPl1OwbxflAPvZ9SJwPnQoENA +v3emZVeCZDH7aIbLVIXPOq5cZtstuqFCVzafY8Fc9WpAQ7Av1TiSvJb/xPeD0D9g +Ka9q9E6K1Y+Y+4gdDkRnssG0ymLk+F164+6cuCAVALwGwW+VtDyc1e1cc+445siC +6epL71QT94CfZMQ7A0ZkgusKrL3Yvwkjf6mBkOvKeh14rbdrAltzCSrf9PmEJtB8 +BRI+CWhsBGUwqqT41U5SFkRG2G1Kx7xILbZgJXJfE71esB77zvTSZRc6/IuvLUyH +Lt+crv6L4NrN80dHYrdpcRKspIYOMpBSGGH8OMfSVU/kvAPVB2zqzHgFxA0oHkm9 +cLCLIPVZP8F2iA8Eghm9uGILxdUkR+YdAY2ZEr2N3722ZIMBBDIljdQEaRAGDh/H +B5e3w69NVD9d8cKHz/M7ld5O9B0o+G+/yrDkAokJuGACHjqhEzhBfpDO1orNb7Sj +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_clear.pem b/tests/data_files/rsa_pkcs1_4096_clear.pem new file mode 100644 index 0000000000..96933cf8ea --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_clear.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAzoPnqYh/7ETGmdNWcczq73FW++HfSm1PdeJqi9VlaQHvm4TZ +hj3JZAp3iw/DyQFiKDRGwukLbroWrQ5tGnksEmuLWYiinaCnApVLqgw3crzCTBoO +XoRwyj9mE7I8D2NyjBwak/Q3mnbqAouNVNtE2WAqBzEHNIBvub1BuIhh9MzqQViB +4SFLyuOzfSPfuRWO0/7RkykoiYC0o12SY+fALP12PMSqwsSuzTXaPNUBI94ScwZO +MAc8ey7jomUKPnEZRASBwCNaC+NYr5RlR4JP2hqozma0nbzndPwPdYZ2m4uZnTzP ++2Y9FbP2brRYCkMbPOmnt0g2CjiDdw1J0UHbFT9OOVXTmFYrGu/BlF3sX7akLz8l ++4EWQ97acGQ2goPk1wpiaoxFAujZsCGWGSdEWEM6LEmY6Jr/2cyX4Elw4+Q7Ljxp +DRN6jc3QFoui62bkKqozqPs+1yu93vPe8GRHIHxCzNTa3oDsE4MVX+boc/CY12nK +9uDkBjpwL4L8/FRFSMDbqiVlCnwqkQZhfutzgD64IMy0B2FhbvaPM+22OEEHVEb2 +hq/Gbs4y6aPQP4VtIWe+UrFh0FUIR0xayGnME+blxD2Px9oJ3KpJ2IEG9ulxtHXe +Lzw5jgC584s4wFJz8R2DL/js1dbNXiSQZnNOau0J2srz7w2XFo1puGxY9UsCAwEA +AQKCAgBp/PKRZNfah7WxzvAnuba9qtqsrVDvHsjQRKLQH3ZLfU3e8EC/j8hjSqft +u+qMp+QbpDDI6dgPPPxUVvoRwyymS4GaMvDam0/7mGnb3Sc8ALprWlgTlD9a3Uzj +QO9oKm7oj6foVUeQRAV3xu2DJoHgWmVXiYccH+q3VfV74qr7e4uie+00gOUoPNKq +oBW7JOBH1xjyQQZoA6Ex0t1F3vQXYwIi0ACfs1fPRBs8a0mJgfjQBeVs6tnUks0L +VHX8dAk2imWZGcumHEkw26VbHPskgdgvDjEWX5QeyxqYA6mtzOjK9SH88YzaLaGF +UZN5uNUq3vRPsYTim/yExlIjTnxEL+dNAeI0kZQpHZK8G4yHbWQ0WRJGd73lxIUS +fXiV4/MJNi/0pPfEklZ6TThUZI26im9QxRzGDxiIk5IfL4o9kF3JXdjNNd/rm62h +/t9pQdb7UvXGzU2RkN9q/fOsdXF7n4xibAtUMzCDSnQwID5sI13gIxsIYpLP6x1x +8Ew2s/4j4xVfyDt/TwimAgCdFQFZuO5IiHNVoAqa7mCcAJH5UFdtFkRvDhtk9/Il +zF9XpG+Bf6vwloUw/NEczjYzNLjKAnl1fZJCgU16ct6VQ6ysR2DXRzNi9VLigWJY +RC/+r4PvOTP0TB5Fid6MtPAakb1/YCP25zg7XZxRW1oAVS4n2QKCAQEA9DGty3ZL +h4BruBSRmkZfGySKS3Wo/eXyrY7kv8/6+Er7DKoGzcVbOeQxBBzwJMgssRkxSTpO +SedraYBA8mb8E1T3ZfuzS2eNPSMNci9ukWl7xSYUJh4BogmVqUDQPdtScgRdantP +/lSFSXFSHoRvte2aeTP6YVIwa6nYICnTi/F10++LBJPHBTWDW/DVjn6zoV4WBlML +zx8C3GAoXDMP38eJN+Yld9ApnlTfVv+yxKGJpJSCy7fDgjr6tVMMfMRlm9CJztqd +hAEVFRhX0HbRYnuU/vcQH8lk9NYDCY57+8xazcc/NdYthZANdRVOX0MVWVhxRrGs +QlBRKL7idcwEFwKCAQEA2H/i1q/oXXAsJ/HdCKVg4Y3dKG3XutDNJOHw7UTPOQdO +Vr8LA6hit+D6zkRlLyGFY22XqlwY8ae0lWlj+dCAbfefdIoNQwXz/K0F1ofz9CCc +qLBBccrvoB5+Lab9Sk7YEjxKAt8d/6UXk19OSKJFxxn/s2zwUtKIl+0gkKpbKLFp +QjP01B45GhYxHvwDTn3odittlaFw0VilnqDb5gqm2ficWgt15NZo160p3+f0MpCu +6f3umM0eRpLsvZxmHmVQmyQGR+STD5AlMHXAJjVoPP7iy8EOnrgGnJgY6uEVTEK/ +2hZ0qYaqU1rPveXSJ/g8su0sokarwKlOC7iXa8+07QKCAQBm75IdVE5eXioKPNFr +wQJSRMLvMDf+XzI/Kx8OJDPc+m59VibsEqdz7dcjrrckKiV8uevmvGdIC/9hR6kZ +BYR4+bYYDVP1Ez+cZ+xBF/F55odAAd84eimiDnxCDoo5qPxGB8UBH94GjcZpwRUm +vBkDDZeyQ9DluWmj2MK8PCVqtmw+3JkzYr/gWEB5PzomiQ5blXefTt6Jfr8L+pTI +2NV2NXyITcG5kcwZbBmBaOQIszd8YwYHrf0CJq6MROfcqEVUu0F8Kvd/L52deNd7 +jrqQ0xtppufrHlAqTRSWsLNe3zPfzn+8x/4EcUba9hJFYdfcA8YsULUWdxjfHigE +E+4dAoIBAQCjXq2f75HaoIDRi7ONiK44xkJy9aBq+pEzGcQiZ2Av2pGE6Bi5o+EK +fJ0F9ZqdHCB5zQM7rM+t2y1r6eFla67eTJNo75veTam1rCLRpjmyqMFOkeJwqgB0 +xU3VyUMtRZ3K9O+shw0uEjheHvcF3F3nRnkrvjMDbJdifa+rOsIbTPTu3iILxtq0 +ErbyeJ1OJ7i5I0BIP1DQyKIBt8T4LGWH6hCh6jAGhL0Ms0D8Ex604XT8YYAgkfgc +rVY0JsbwfOd8ioyqx5MplU5a6SAcNQT5siUWOBJ+NsPWeveilkLqDxySx4s1Ocdh +qw9Ebx5MxweWxV5+/fExKxEXyy2IT25pAoIBABGpeb93kYkzbycwkJl3wsqCPIby +kHwxWFpc0B3w4ugZQAUYt5EiJtLCiKpBqjm+6/1Gdv9zAJTndKnKPeY43gSjTV3P +bObZ3X7X8UuAI9yJ1TybGQKmqlPzMSViBMLu0JaOYCyan0CCSZUMB8Np9XSGkvwN +dgG9jzxqj6XvY+z9ghj3ffhB8o43T/VPIUh4ncIHH6dCToaMWAzPWAbAaIEbAjnv +zqGFToTirBHQguS9U5tmrUxgwdeZEXKt8UE1j/GVirAngnNiImigeUfNUlovmtv2 +CJuAkxzzREpVNdQUVn4+UnMNaaLs8lP+vVqL0ojBRGN3eZEQrvJi4LEbCDc= +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_des.pem b/tests/data_files/rsa_pkcs1_4096_des.pem new file mode 100644 index 0000000000..5bcc71ee23 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_des.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,2B0C21459A0C9951 + +KN6p9tJbTD9sZ8jVAp7fX8Sug6XqCi8YF+oy0SB9NeHO+YBDGJDNtWHSMSKzjbxk +r5AN+75uV2pEoRrLyYaWVA22sbAJc766ZQX01tSkxUX96J++Do4zUxR+GJusIUnj +RBVDZfz7vg/qa3xJy5x3cB0iqunrGGCQJ+CZsUtYnk26V3iMBjTu/WQ+vqt2RRIy +dwzQNPy2LWkXQ7KIoh8yDGjGtWf3XYFYQU37jGlSoOG/AVxa7CrXdtATfa/kGLVP +fOeT4wDLjKdawT4GUhUj5yt70SUSFtisNtTCKsLGLSpgvO4KWMYOsvo6uB4jxUEF +X5pBJLz4978DJ4N4L09Qg2DxC2JIyxZ5L1dJiWSgMVnKtq4HM1J6VFNUseB0ZDB5 +X5/S8AWwfb7gtBRD8hZc+UBaBApgU/us3AZhkqczsa35j12op+mpLGnAWiQNqumn +iHdcCOJT6ZL8dq57qmbEzzyrcdhYtFJmv+GLS6m4YMKk4CHf9lcD/8CmjxhxVZ+x +OkeKF/MK6f1iUmXwZl28QIcoXrTzinyLjF2RbNQfhrgI2ZUTlbVgDVWhygB1eeXm +sW9J4B1H3zGslbOcrqdh0NHdWKTvTp+lfzTtrUtd0TqgRXErFJ6e3pKDDCDgglrI +7lyyrG9sOF2+BmYevLUe6R8XCBIFhbx0axClN19k2OnjvCbNpVlBeyUF/vbYzcBX +1toINEauWM2J9noi0ysFs7vy9nBVlFcrNnSXNFSgbydn73fYk2WnO5myoBBapsKD +Ph9sT48/E7xfgDmKJ+TLyz0Jfo94RMOQGgD8qNvZvAcxTpwZRY1q9c0crCihOdXE +qavdYIzIDF8oh46/SGSU3RilE14uHHOtowzWKc2jzD/Ly5/cHTZy+DfPd1ezL0Ym +w34jj952+FdMMXb9cmzS9Vw3zHNndWCMZ/9tPJMRoqGgbFxcXViwjWlkyNoGn2u2 +J4InmiIbxwvEt8JNfHC8qLLZkQbtdwLKP7viz2Lmyn2kSR7fWenTDr/bwgaLRhWK +Ii4/BiZy+R0vjR64U/12+XtdYI69ijkwOITDLePY+4SYeZjHTe2BhihhfVlR8sLL +xP0JW7MqnFs/eJy+xe+PU1MKG/WWpwhi+jGWPiYJq7cuIwz4l3x4GCuE7R+6EF9x +SxvwD67EhI9myx/ilzdPiPJBwPWqEvd9jVEvqbTBJERiNGH8XXH1pjZ/gPdKxH7L +QnJ+BcZrxxrNW+xKwvkABq12QhF60XkMik3o4XROY4mS9CGIOi7d+B1mrG69Hkg9 +BVVCwVibbYyX+7+Hb90x9x0e4CY9nm7h0PrGMj0vGFSY0oUKka1OPra3gqZVQzdN +Vb+hG22Iw36VlbGbkoEezL+ic7Hpvrl4WwAcNz8Bq5iyQLbupp/rdkmYh/JL4rSh +509YdEFAUV60eNPcGuSnxhxB2m6Oi5ViENMw/zU2po0oZkh5XUPCin+Q+Dg58z1D +qeWg+ZVhLMucsWeXUQiNA3UQEJde/nayi1f2SxMWuvZxsaS5Wh6PrqutfwtOokuf +DJzWJHiMavKP9nfIj9phlomZru1R/2fWEme89rCrUHv3Kl9qV4dwRMCDFsqL6iuh +siD1BjJ2EFwm8sPnNL4GW0SZPsWZiF/ENasiVbUhvRB6gyj9YYomimIhOIjtn7As +6dJpKFAYOFJDXFv9Ofj9sSdDQP/4GYwKTaYGbGYo/qIDPriiquA7CGBI/gksAmoL +DqBsSXrUCaiPF7Xc8Lji5oCTH34WQd0TYLOXawWB+oiCCCUwnIt8fClGBmvbfMfu +5oXoVPUFSDgKCylTedXJjkUXMREvNdQbSNb9osmp81WveLz3HVU7yYksuJK2Ungx +R+QeINhN7wC6E8JJUYtn6AvxfhLpMBpjDfQ1zOqDitye4Z0YR/aI42d5ll2ZilL0 +giof2N7Spnu0g5f1twuW8rIl1BjykiJHAkIFoTHaQApQDtV/iDarJJJ05Og1lWGk +4s5WMwXtVJiq4QIGheCW2ho9eKjcijoUzCDvK8pfb33jTd4/77h5M8DQwzyzVIqP +ap5mVK8WTd7NJypw/VP00EoyKTgYiRY1jxCCYtVajukg6BvLnZijP2YA/E+ivpau +lumYhCYJj/wZHxhBuL1qjjz74Eol6J81VPAgt3Dqmj4Did9XHl2K+OMzWlDfe+Ah +eQFEK0xhkPyScYAE59dTV2Grf+abGBxYnH8RzwxUi3/F0DVWW0lLZx3tfjfJ2GVp +dh54pdlN4DLIDcx6tuKMU/F0NC3l+esQy6sd+Cn62pj8IoJyOBStZuG9b3fJ5CfH +dAkjlCJwtX6F+X/3MAMYLMsFL1L5BxXIdn7F+mJftndtDRX4PuKuW2wv5zM7UiWa +oQSKofdQFI4w5jxup7SbYedLPFu22Gt8IpLWheEjxU6tOmWmp1F+SCFoM9vkv2+4 +hZjDexRp5jidGs8A3rzwQOpnWKD/HGtsJZAMYe1+UFwGJNpz7oNM2It4kfuvVqRE +Kvesu5Ut+2FmRJ80Y5nZWY53mZHle9GTGlJeFTeueOE+aFzpj8ghWXY5swUlcNwc +05J3fqom2j9Zt8PGt1yaVo6Hd/BbIdXJ3lWe63CnjlznSBKWn7XpgeiJ+sU+zqYE +vclIczNVJL+FuOa9h38jn0yblMZQybStDPYpOCpb/AHxr14EFkZJKCs5zNn9RV/S +ypllyB3DT9fBCWed8rxAH0PQ5iYc9UNeSkfmWapfJT4YCUmzNYU0C/f7blYet3xL +1gOXpiISdTh7ilzFe/i5d1I1UegmtTSj/MmVtT8mw1gqc6NIaFIFY+VKU6am0z07 ++aD5llI0Ok3/J2YMJKrW14u8VU6oAKfSqhZRdWnEemBJiAgKre9r+3qwg3pGgBCt +sRYpXZaRLbzmtFjI5Mfy0uB2zhB0XuqVCCgqT7WqzfWilgLRPW1PLJoMxOykg9FW +3EofQFJZ1/jHCm0Mxcy2a5edwgjIHevRQGGAWHaOnjiHXKBhpnRRTlxsv+ct13kH +c8cT7E1vQ614hRluDfTeQmyHXerlkSwgZDsEaJpOJ2nWnes2k6u6hRLNEPMoQy5F +dUdCwLvXxNEnClgx8IizMJmxzhvmAHF+9//WgJS+KxB002MnP4wX8ejpnCgM1/oe +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der new file mode 100644 index 0000000000000000000000000000000000000000..e064e864d835480095cbb74fe4aa092aa0173349 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2!Mm*l=fJU)B*ws00e>pfYL7Rw!gMx zgv?GgA>;(i|gDNea_l|<{~6{GNn@YTVr zB(+Kn9te$&o__NL=Q~qw0V{(+sYHXXLG^3v?Qd$}jeo=jkXj#rK<=i(F*n#H`77I+ zc_8*JN7OGkSd+mC%e=oYiczQ!7FkXGr2gK32WjhVS#`RoC0*J zhtzas@j4h9H!+;cpSeY1qpLe{4q0;6b)BZ~Ia-4U!htU$bXoDb&!gSY?id{r#`7kQ z#Ip++2ak|Iu$PCTCi%k(ayPJ6Sa%>Sc9BmBrBvpd> zMdc_sg**C0bXqOPcS5XIg&4 MbJuDe54{vmUUPRwrvLx| literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem new file mode 100644 index 0000000000..a809e038e0 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEEMA4ECAvRaVQoz78HAgIIAASCAoBiIDDzD49HEwvC +COrRrODVgYMJ4+jy08j0yQoyjjcLRt2TCMdNZ6F6ATuc7YUQhcvJIVT8RLGxluJ9 +Biolgd5Ur3elFFl/8D4jSR7x9zmEFq6fxDjrkcbb1vK/1pth9Cqfh7FXQgD6Dlmp +2Y1YTdrelZTQs0hRZye0YmQB/qpBs+1VY+zkSNvKtlJZqPYnKawMxD9Dif7glpDV +ndpZvNXDbbRy3vLq8k0rKRIJQ7mLjmAA+3kgRRtUhCSTbvUs9oIGqgq7xm60mcAz +yG4LfRQ2khZSQTK47PENsDoZrazioZ6F4d7qmB/peLWuvqVdpBY6gADecxJoGq5a +4qvZy5srgYvOFfGi8T3L88mJc38U2WQ2s/eHsmSzC7EmXapNE3OE6qwDfn3bkOF4 +odksNaz0IoK+msaUc1eweExE97ERlNKo+XuJeO7Q3rjO4+JkFINONbpfFJoSmZEm +XX15ZYFFkYZ5eI36zOpX4ilHmTFmXq7BOmNz8hHWwmKUSVx8JsdvpMDbl7bfTtxU +sTzS5LIgbxpP1n/RdTRe03ALuCFIyD/bFdbjH0tzzKChV8Y9OIHFt9aLDMU/br5i +tRQFh1D5baGV2atoXi080s4iiAm/ZN95btvLOs0C+ixHpolgHsVwrkJgKIzdQKCb +4CSHYst3/4Q/3KTm4Cp4uslKgVD2fbnSWMmHnN70kERG2kTLkCexS/Hht7YDU3WV +g0xSRKbmedpYJ0N4pSvpIwQKAaoBWpgUVjcWOnadLNFHz7rnpwDw5cfhWBKyOor+ +1YxRhpPCLzec7UG9dYu403ATh5nbhxnmz8JkUqumSt/fvfC7j8RSWhNIsBvoiWxh +7SCrd1Z1 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..5a35ea8712d5606ea6319021690fce1191a6e563 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2twD&HR0F)MFIi{00e>pfC-pZm@X?y zTgkyZ%$a@=0+r}Z#3bLi0m3c9cs_I3HMwt7Ib2hLdC<^%B8LupOk0AEJg&I|#OBbT zAsi{tPn6jIf@&HQ6#5hcCl&Ek4OyhpVrnPUQO_iDec*2}R3BdGi%gdRT7h+ZK8{_B zH2pXaV`b{)#$}|X14NUPM;T{GY|`sRif|0C0h)LM~S|DTOFure3E^%KAa>w0en0p)hMO-O&|QQOUhlF zPu)JaB|cxQB~VmrN-SqJl4%C-pKpjdFaD|LMR0r$rimNtPW5W_^mvp|(#I5U_of!k zJdK8g3(xs4d$<;luk@>G6xxVI6*AyQVN}~btyv!RBGA>PZK$8AeP*HX$RgzeqC}lFZu`4z;Vf;3^ zo7VmB@-K8OT2lE-oB@|yTt+bF0>B;J{Ky?1diIKUk4uTUo0gEf ze;c9i9zlJeOt5ihvb_y>+O<7X7CcyGq))Oo^!pLcG**ZU+foI4-T<|Q?3U0LcEy$q MleRV-ZdBP2a&!hh*#H0l literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem new file mode 100644 index 0000000000..ba60e47b34 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEDMA4ECFLoZ7dfvmefAgIIAASCAoCmLLB9OoXC5hH7 +nQ1+s4xBIk1CEfKAJGw0KRMaKsztHCB7hQwizu/pzJlGjDHlDVNkue79C0x3rhPU +1+894yR7pcwToUeJGkv1WGKmxOJUFJjmhnsBPQw7VK/0LkJJtaMriAyoB/3goQ9w +9itzzPBatbrc3t1omc0BQKvjl8T6qKoYOO7sKgKp8aKYxzf51fhlq7NPETnDK2Q0 +ib1L4cVeZS8MHsvl+rY37rrscTAIunEgx8hZj704ZjBMXb+wKvLNtWhpKdwyhwog +zusj155WD/GmqfXQyaTNu3KGKZ+1CtzJ57LC6hQou3tVvqX5lxRv3mk6PdZMeI5Y +vBaU4lBFUd7OEtVrpEegeMnKWAB6a5y83lhrK3t8yc2l7yzvkhLOK6iwF4OEjRXq +lZLZCcKzdVOt2WodwmQ7Q+ul+unnnlaBD8A/mScX5GJQxy7g+aczcPerMbHE4Ndx +H/ut6J4HM65TzVXl6EUGd1B5MkHa5nBqudqsyCAAYyZHlw2I3S4OF5MElsFJYlxE +vv5qCOajPCowvND2vWi9oVntTsbC/c34/Tmxlott8zlSIj5c2sDeEfDi3vJ6nrMe +W7tpAEyXe7Mh/Ya6jbJF64f9FLUHMwGjVsaHSTzMW89zp4H8Gw9ujiE5E8FwsVpJ +NLF/KMRjARZEu+uuhrWbsDQ3B3iHZ94fOH8oQn4K7TPpbK8INj/JG5/FPjTKk9Lw +1ji/zJFD4VfKuZdoRAoMRbC72i0i0h8ZBlZfpeG/pawaTJCE1SVLEvtHKB++2YHX +ZeDqzL95FdQwnK3FgfqfNLGMlIbG2JSuCE9JBY+92RsvXjMJRZxkZjvYL+C3alHR +VBkyv+4V +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der new file mode 100644 index 0000000000000000000000000000000000000000..e7e32b0becd4c95a83d3acf00d0f68280b8e77b1 GIT binary patch literal 674 zcmV;T0$u$uf&!i}90m$1hDe6@4FL=R0Wb~(2#NLD)Dq1ka{>Yg00e>pd~;XIT-7rX zDBm0EzJ&z0p)Y4&28CpLV5F_nJg`kPcZfgZVhqQG8-V3KlXVTXT)TRknZnX$FDG{e zrxgP)xd}A&a=QuPP#*PtKVvyEqd)oq%u8q?YO9P#{M*|+xNrbIcNcnA=cC+f;(zcI z|1s}Ke9Tb!sI-vlDJ#lNjma@NlhATwOc;1Kj1s# z6M467t|kNez>TOu*EGK*#Wt|_z&~Av*3O(_&qEEA5&2ka7wp;Qo^_mOM%taaD_9K1 zliO`z*qp_tgu15nn(vHy*fzP2t%n%`CiJ}DXAnd98$^KrCH+#L0ScrzMBF7M){?rA zutv)QT?SYL%hFgQhOVu7KUoD=Z;4L0KMoykHtduh(SlP1GU7)pI`=%dll$t zaOZ?CPMlhUAC@UDX&!Nx9yZn;=yEACUY#YU{{(KxafZ&7wt0#IgJ6qWrhz**q?oID z0=u@-r7yy&+kLoy&#hCf5c!SC@n0FonKhs!r=GE?`ko%R*+)OmVX&%xP;oaL5M1E+ ztDaOt>St=!nMs;Rs(%U8P+V6>2ha#FZcM9lk)sjPE4nUbPM*`UoR1Prow4~sxsYeC IUzg?1#0gSGs{jB1 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem new file mode 100644 index 0000000000..089945b055 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICnjAcBgoqhkiG9w0BDAEBMA4ECHgR0/cyo14UAgIIAASCAnzDfJIvSkRQKqrV +lAzAMnhd42XlhqWAJLh6aB76LIWVmepDkNnXRNX0W1R+XE27/uzgs4lcovW5hU40 +2HZlv3R0u9MEvMhadjL4ZWS94143p9y7P4vnYembOcc2WnlhFaGSMLFSwMI5vgnL +8xz2P9+d8IuxGpFSgw8S8zchg4Ewzk+0nSdG0px4T5K21uhsFzjvZRLrG7XXuIee +tKluUauy4diqA5jrJ1ShmrFmNTvtzAPfMX+QohuY8nhRUeH6bx9dEWpbIq/1K/25 +1uIdInZff850YKRQpK1IkinW0YfFxoA+sUGvxs+aDecbq8w3noaRIjJN7r7ipFEK +dhdehOxD21Mq7iqsujV9RJxAbqkuoTfECHJP6N/Dmp9CY0wpnE1lnHOTZwCWqDPh +aumtaFsMxJdNPZ3M5xmGInPWnT3JpW2hwtoOF0Vb0pP9VSfo+3yCm9b5ipFvcs8C ++c2MdK87zSqFvKc19cuv9tggguCzNjAcECHN7pgY4VId7cWMK/y3k4mk2C8hPQDw +S7gm/n76BSxjZFjs9ZQn9n5meO/47ohgV1ua2WICPMuPmzz+IPJpT6mQrcPTbzm+ +nNGrBVRooPYwnHPYKGlPJWkfFzsWnQ6dRgEOcM3DJMfU29QLHmNHu0ucz2k2f2C2 +AHB1EFEIC5Rw2BxH1x/gqYlZAB7TCHZ86XWIzbYdJlyNjb+poXNczLvghpvoIBC6 +dxEEsxVVzRYCRbmLtNTdXa7XfQfEaRs5GR3qrKoNNDzms11btQWo8eiZUNIMA6sA +i3Qhs73feJ5P3hup8Kl2P9N29MuAjYsS2oeZApjdiXAzf5IeFaqTQRHR6Vumvn65 +TLE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der new file mode 100644 index 0000000000000000000000000000000000000000..9c33ac90affbc2d8b89963a05bdfc7d6af11d71e GIT binary patch literal 1262 zcmVr$hzBz5Nd$_ z9=C<8m2<-hsHtC14i;MGl*M>9TyK4@DX7z+RFCrF3$@wU=J$Y0dT~v4+b13|z$+5l z$;^5Z!GXhk<)(uXU(HOfQ>_pHQC`{8u<-E-;RrSx-1hA`(?1HAKCC^rZo*QEYJ38M z1B509X=9({<|T>FUK2uchLU1P(tUd2ebp+?Ar1(-P2a%t7EbCtIyvvd%>oU=4Wm-%|GViW!dKfe4Mg_hKntQ7Gkz8xY-d;(`#? z8<#@S%ehvEeRRQ-rtF{MoLi3>k zyz{4mq8^^(elV=@wa}OnP6@HYec1M0jh>sBZ-}YOhE=E&)0>4$glDR9%fK&UBp!(3 zzO)RZ!(=HH3y)S9#Y40c;FAxwc*IW~rv1(tDQ70I3PKy6mO*$kbUXond;Hus(0ZDvsY>y%>m#&eU^C-6v_CkE|o8@p*a z%zb*T4{+3Ne*Kf{cSQXbPD&au5&l~1hH!XcTWOd*J1zpbdn{<9s4W-g6eM0j1n{e1 ziS?yIfo%lma54Z!jZ0;j<5LHMA_Qc3bfz%{ujDv&boY4tx#o^OMRN!^LLZ@$9=D6g^&T9gPEz=Pmm>y? z&ch(sWO;-$W}q`#o_7ofj!$Tz4ymX@n=5c9DhH%uQ#S(fH+0a=fiJToe+auL$r5ru z>B+t)^N@}xcSSl87QU5nF<>x?Y1qY~bgrbdlNiSeKKA;wWNMa%0gcA z&7ozMu0?2Pdv@>Ek5^S!tr1RQ;;jmY&MiZ-7 zj{s;6MM+I2di3^Rtnu5*7{tNI1YmuI9^CT!ezbblN*oJg3RX?Ndc&M7@^n5P34W^V z(L_u_GYMKos3krh$ohczXO#6HvS&2d!j3|I%u(m;JW%1q;+3D|a!W1^HwFs=a{qQ_ zYe3hJ&sW_b%KWL)NvS=u`JY>W>F(jaje%Ec^{)J*TBNf1^NlWoI$Za)~nDAqM0 YL0z(?ueGNndR`qmc1{lL`Ee&B+GAZ|vH$=8 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem new file mode 100644 index 0000000000..534f109c4d --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEEMA4ECA5GT+CJ7KU4AgIIAASCBMjIenQGGZ2PvUzA +9D9eyOS6Tnry7U35p/WsQ+DOp6p1fniIWQmMj2s2dH5+rq1N7acCPEpmTLvDZb0e ++YFrRQU44WuwAR9itfpvr4/yR/NzyvlGlDqY2BiJJIRc9g2oQixBLcN66GMVS8YF +Y9RadQYO3gMoR6adn3Of/6nxDvzy+4RHegXE2c6i15g563nObozLemnnThM6KiIa ++B4wOHbQD+ytp5D9oX9xbW7rK5v+SH834vlLtENres/Fr/DMV6rZGvYAPkJTxEcN +5eTTKpeB45xAZ0DLd5OBrBtVQw/33NIHR6unWbQcD7/Tyb2UvJEwf3RvNQ8LlQ1P +xwd85NBB1jNJ3cFMGZYCGL24m72KTanGdhuzBtXvaAEJe7fLdhtsDhJeD56yFMGX +2KlEvzgvIQYBBIqIgOsnoBAqXg4QdDN8GRc43VmnVjd+zMmQyq30Y6S30SkAs1Wt +lqoKw+HXSLVn3dt6fH/mwM4scau8r/qQxhsw/YkTXspGFvzjI34ejbh7kvlHe57o +1TyJMDcKeGrpC253TJKd5xPnzY9vFQ3OuoLd4Xt2cDbhz+EB/A0IJzRRxPE0Yx0Y +WRU5Y3I1EXI82Hv/DncGFuG91s+OIoWqB4ME9qByec8NQOH8h4Bz7Z6XuCINDBwN +u1GMAsocVL7SwaYdBtmG3Vx3+tFHj7W9IdFBd80nDzavoY08BTJCbfC/P6KgMj87 +oVtl3iD2yecfozPg8ffA4oqTfAW4ACbq6rU9KyETOqNPlRYvqcs8yLK54MRT7hMN +HeT32iOhMVdf/rqO2F3LasYUXY/MY3LFAlBaVWOuXvZ2sRHxDx36G0wyl5kA+Gea +kUftk2h6VtzWywQOzDetbYkSgNW3L6SrrD//3C8Y8vN1s3WB61flF12hR388LPHW +56KjT63/7fp58D94NotijYmXv1S1Vzu360hRmrj2+AsgInfFO2ldB0jxnSDJqyyK +D6SSOEY4jr1BvtZT+FNYBPCJyWiEuDedN+BPpo3arlNRG5uxttSQrXhXA9mtGFBL +wMxMdigt/+KKvZ/4yAmQjfm8JC3kDNC5w90t1Ky8Wb2SqCvW9tMK3whex8tJrER2 +UzAXyjSk3xngsbgopr1dsNVcfJPtMbPFW3X+pVqhwFgN0sVThkXLt2CRS7NTcOFL +mRzDjUphbX1YI5jiERja2+SOvqHvBbzDCvftR46W6h2RZIVICqpULS1Zz32nro0g +4fRBxOr4Ii3bL+wZx8uvYBDws/WjfWeOhDSyUEJx1pl3DnzspwP17JvdMvCoaxpA +qA/+wjogVmyMTaUO2tseo+jKf7Tp5Nd8P3tMelFVI1VxARUV/KXo/gllwYW/aM5H +8gzV5PXZXR3hKGNi+nrv5++JtddrmyisUEBVyBTDqwZHl1KCwmfZcFvsBbNOmdXd +SKp8Tqd5QwmgcOmVeTl9YxHhL7/3zNQB5F8V0ZNDsEXiVy0+UEEjFj1yLfbsl+2D +vWSl30AScCrIsa81iKk385wlAjftaO1XaR57ZxoDiHvG0ZJUtOV6YmW/RnkQUPZz +9+kMTdCjmcSIh6eF7AW6XR3OQ3tTqxLStSH8BUNM9RYnkeBCn5YPnGmgA4rI/Oo5 +8Rsd8ZHYYP6EVbRqqV4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..28162fb6302dfa62a38d2b233de8aad7c11406d6 GIT binary patch literal 1262 zcmVr$R>ydW8c`P zj9J0|`g^2eT(dnD38OxisR-Me1-${D9p)``b)*01W^IP>_dGrGM5G)`fT$*)Waq_- zV4a}9-u^USeke^4(@qkN8h{)KJUq@dFdOVQdOeiMz=z%8mP#y7{%}RjHF%LB41hzK zd$_cW5dm0y5pKlunB6B+qwn$krDo3C$j2x zO$P*4k1p`~b4E(ohH~YXoM!2Vrb)LHL&1c1FHNt}W~c86bdD4sRZqhhAc@ zPd}uR2X`}&)k)b9K4l7pDXv*vWhq_W@3TYt?(B zed0>DL5zTufDU^#6SN(V2&e(;ja!1s`ca}3sDUJoqsA!+zIwxJk&sGag#K8GF%!^| z)HLYMcvK^Uq!LPM0r-uSIFt=SsNHQ`VUNjSeg1-{WjZ*PE zsy?`kaN>RZl=sK!A{tkTsj_9rqnPhAG)SFv!xk!&ukQaAJ$F%K54wn18uIs9#w=x- z>4k}xz{n|k2>_-P(`jE|oeN9kK9KCO8&Uko+2Nh(FUYN=jThY;mK2~A_Ni8#MVwId zT;uH=XV3n1(U=32OHj2ks6S?6WoOV8J6!;@?dtE%UmA7l&J@xP4v(%oKXqv0%S8`8^w~^oWs^TgJl!b=Vd)iOlEpw zvejPw)O>+3KLcEt+L`{UNFN(st%Qr@Mr5x~+d#V}9~aX<6IXBq)1oE5On$tA>|oea z7X+(iP&a)pA-zpZ4S5pnBA>|!1e8WxaGp=M>J^*a1Cgd%dJ8Ay+2a@*cOSmaL3*bT zJV^}TO&X~kBMB`c^J@HSr!LH|2TTAM!$QxK%z%sj57=3>=>bchpytkB?Y}W<98I^~ z%gl_O+dQu5Hlc1RoTUa(<|A}tPB>n)F`9b+Jh-DcF(zuG?EuWLr!T=`#Qt&hn2=yj zUA5%ahM&$O6s$)*Yv_##fMKe3!T%vfD@WQ69Pl3?9ZSuzb8M$6OGm>N|EKMx{1?QA zem;DCp$XO!AjbmW$t{U+U1;SL-drpiUW0E))i!6NnvlOeQ%6`CGC>lOWR}06)MADE zy|y?Rmy$&|Z#w$B{Hl%+qJL$Peq|wnD}smJzpqs$R7cDL->^5601m6%sufUuO^JR+ zvFLp%YXuHEXf#(+k&W8~d!o|Mqk>uR@(&j%c0dgB<&ba+y+uetOe*B|FBSz;PH zsq$_XEgsJvzeltAcxHb?Sw4oO>qpe3k^8MY=?7dD_cvwQgzMnql-^_;v@8}ILj_f% zWLJmJtsPro+M541lkaIZm4U*{5PTSA-69PA9X6SB_#$#l(x^lb?Z_XIc`QwhoN(pi z2ht}9PL{gNB{r; literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem new file mode 100644 index 0000000000..bb9d227c79 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEDMA4ECMCMlAMpv/XoAgIIAASCBMhBuDiyb2dI7UGr +SSjkSXankWDZDnnu9ctLQNh86M63CcomlJelhpPlYOGiE8d190awlciHVdd6bqTK +TeMaeGGf2fG1oKrbXwTu/dhdVBXun82E6XYioHwaz574Cc4FE3zTX5AyiXQuEVpZ +aiMnwwpH9QuurlxOPxWlsv2j1bWo1nkenM7itJ1UqprvXZQRZgvfyVzLrW7k/T4g +MYzoowNNHzuS/IHaWXddpMsO/BGkaD376aSdQtmp89Xocq4ON2o4pjGs0r+iQ5rz +/IjdbNl6vq0KOP5Lkwob7Cl3ROGVim08hYivCDgxFFuN444n9oRFa5HcPkTT2uI4 +JLkJ6UtFfziXkPkMJAbYYNtKFp6XLnQEZ7IZGttGBwuSF/b19e6WIjrhkmc4PtTN +3GEtlnn8WeiohKz7zxINBAjGgH3QfL0SZnJctXXKArJTkpuMcbhvXIgR40ZlV12n +sF9IexnKbhCANkUd09xsDYevxes//6kyXKBvfw9jDNpRqN5JE/dfLtWZz/VdPfGh +z2ZNr/YCOpK6aum8GlPF3XGh0+5dXlRm6ODI5swGqLrJD28E0RBL+I580o7WLJKg +JJCycK/Ny+Bg4GTtqA5jtYihP8oRARdTHaDplujiGdh743qn1dGTBJ+McYxrPUQ1 +wWyNvEfaosF6GmZtFI4Jtp8rleLUmzfB34u09hzf7LgzD2WI9akgtDVH+sIOfXr5 +2iQUdkXumM+TGzCHso8mHVBKAWFn4IpqbpImJcUUcg3NV07lqtwOR2bM0nYnCQTx +ZSxtzs8dJxCGPPYPqmZukMSZfUHVN6zDmEpHbzbEgDbUTdmtVy80Zo7YTzec9fqE +CKlfK+6i06YMncZV4uqMzWUtbENTCX77w99Q5pQTpVRsaV9dDCgn6m8T7zxt7JHC +2uyH2H0Xk7aYQ3aeKqfwmHXkcGIexkxqJkR0JOcRa1wSEhMWnkoN1IPPA0HpcuWL +/QBI+Y2ZoDBjQVcbtB/VlCe6lBTBw+4Pb+fOqdt9DXgqMhoBXeeLIA9UZHef2v8z +cHT02+QpLZfdf8X8hcgca+kSvEiBrjUClivM5U1RcG7uE/Hqc0JE17B9LboRqzyk +MUvaWntz9HR09Z3Dlrvz/rBcVYkgF+tiLESPlINqnRLUsN+/xn9+VezFizO0G39X +95gO9W6lwc+CAA7iZL4+yVzfZa652Yg2eck8EOgZ2N9r+Vd/7rPsv6ysGpU/7p/z +96zCPaZ5FRzVUrh2jQb9ne8SKr2C08XxAO6pqvDEJxHBYC1U8dvki3dfbyO/rNei +GzXpJPnIvIkE1++XxPlWZz7xFOEP5qufivzm+P6cGCNbme3mY64NYhNsDox92S6h +PtYYxdjGrp+de3+vRwQXFkt8WHxg3jxBk1H06832rdP5Nx4SOpPEhFv4xE46oVr+ +WcOi7h15De6dk+0pPZaBffBj2eZjs5lqdokSjyS4ScCgMUVHz/Emq6XLE51C2SOb +c9Zo6w6/zxxfxoXJ+CF8Srmsn5H7cw/tqnTZZmOjsLw0Uh4LaHS5BIwvqfB4z1EU +6RwXSVvjNdZ+7uBKtmE3rETgAneiNSt8JWvpSxV/deq1exseugi89soTc+ki1Swn +UdVwFqkfgdODn/zZGp8= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der new file mode 100644 index 0000000000000000000000000000000000000000..7ebca110c1bb346d99cbe0b362f40dd53fd9cd22 GIT binary patch literal 1256 zcmVr!ebm9w|w(s z#P5MFH=4cWYna;;oVKlDrR|k~RJ*%xqi@pUm2%PbHXQ6`@St{=65wIRTV)d(cae>HfU+p&^c%{7jv zF;HqMVcD;+c3LJ5tMeEYECvcP`M3uV3gu*3Y+hmE>lC$9yAd*aQzUn4>0#Mfki9KE zy1qqBv6qI7@1)M6e_KJw;h8`fGlk7RMsGRjMEJ<-(>Qnl#J$!yAG!uYdHix^&k5P~ z`%g7FbHT(C9ER(bCw`4?x3vybB{`9S_%EpvjYnpg=1K>RU0*2hzYY^M`{O5Q+tJ97 zADe6iSS@7E(}G;be6{o@&$}6bq{v8~671B9m_dV#1)!xBe+x&@#YG9M1OZBZW$cLE zz^gj-pu)16-uX}5sf{*8VDqwF ziNu5q!w^p{UjPWCf|r3?+f&hCjc*2cnDHVU_7-S>YueOY2dg;j))Vu-v6LOdLV)j2 zxX1I#u}>K9sC+LcNMx^8k{csUj;}Y?C6h_^QjfTMI!4@U(_ot0-!G9C%(;BJmcsu> zBeU1(*yn_xAX$23M5i4{(D+CG1%a)VB{vhl4Ql4nk6-QP!bEZ}mud-q(CMi=m7`P6 z4)y;^;xq-Tmrd1ln@rWMwJHuiR4{E3<{xy|p+2?UEj|q$bMjuqOHr5T?DqWAbU7Ve zjgb8fomayTu~mFS4tyd8rlt{NOXv6gj|ShyvvE+d0@(6(2--<^hw6KFV9Qs-(RLsP zE6MB_FFj-6RLxYnEwGwD{dRG0&R9*I!})xM^H861<;Y}Y-0bosf=J`QO4mKL-lys@ z=ZE2@VeHVV8~JdLKZut>I&OsPGW2N4FFfAl)Cy+lq_uvZ87SBrct_Y$;?<%UBkh6| zX2oGWhW#R|@?w;qF}g5NLK1_r)ti5T6W{(><>*URJvbgVFoa4bf4zYxW^>L%JHGtc z^FZ~^fTyjSLi7CYyG4ErJhdi`-@ZM~irMwH(1Av5wo)znsR6N&HijLnlj~ikOJXHVQnC(}+E=E!xGj&4eJhWiSw7Rcl%xyg zCKY&^3k)=kNXe z$UUzvaElx>)jR-R-smI-3!ja!(fMW73dKywNGeZ=qQnY1 z634&6)zWy#nPygDxlPCd6AE;Ff&ExJjnM3+y1i14?RpJTS8q6_qO4k5*P=lj?CM_kAyT|g7B#&abcr;{ z^I#a8Uil1>0Ie<1kLfKoU5(zaw#(1RE};aGZHYm?7k-3#Zy8SeI~f6R%_X^@2KIu_ zIyB{|+Pd79xDnDl;`X3sh&hT^=47OwnZ)8`S&Aw_ll;Hmsz{PQP}k znh5g6lGFA0d4Z$!M^#3#_kKqItJvUuHX{ugaEo~rto3Oj12$Nrm|;dggqv=Kz2~L7 z_whPtoHeC74ZTbwab$ltn*N0O2ca}GRoEOu0X8zRzM9FkTQkz%cxH?ge&(zIwMbB) zv(3xLtu~NNlQbY9kIbKXYoune!7L(8Evp%X`)dQnOdC_|xXzu4E5a569arEVH$0Eb zyhCX87y0`qYVfrpT-T?Cxq|U!zYkIQhuzQYa3#iVAI&_feO90Kv4pRg7)0vG|I~!e zA3&gMn9i?4x8)yQxnyNWz+xJOOZN%Csd7)!?4PrLz)}pH<@)y*;g4F<^4xVF??I{ygo=G#Gp6qmn&Qw2RsES(=r-B)Ldime@7YE z>ft8fBx0ns%-k%BN+b8$;XX83Bl=19m&Tzak?DYHPiuw=9f5H-b>UKvwMpI2_iKh- z#(gDKYqUFom%9AYYv%?eQWbsz`HkQVl~xRiU#;G#bzh?HI;W967OpubZ`ecf;?#tv zLb2|+I%r6_VfjJ1X!^##X-7A6OqPozg&s6U7?M-1hR7c^O>JSeVfn@IW}dp^U*haY zCDZNOmtrhO{bWX&2Y9SXP31)8c~Cb>hbx{xSWH;uRQlbBPM|(I+*ubNo{$2vPd%LQ z^k2>!*kxHz0)}}fxvRdC92{_pW>^Nj22WG!Wq0KXj;>>zmn6N$wO*zHV-!Ef0y;UL zBgxfN&*r{|P%PS#s-z5TamVKA5r;3#Vhxx+I9BlPKqI}=vs$Bc*RFR^M=tJVuDmTe z9T4>nj71{{^|Us~N_)NDk-1lVDnhA}67kDz+o{2a54Wx)MO;k#oF?iR_l0|gfaE34 zrFsKlY9&*2YWq1mf35o9^3z*)KQ!`;JGsB&L~u_RSvBm+H-q+I?1Fzg#dO+*V1C^%-?9NHLXC>I()qs9d(tC{uX!vxpeKv2S^S zxY;QS+FT8&EFrbT@*hwS$89J2SKuk*m=%^}JcE(QXW1rGe`d}h-IW4^^Yp$wr<(GQ zLOOd_{mo0UVe*oLHW$~o>$B@RV@h1{)2DvC5N}Ng2Ib=6LQLPN1US7x zIpZ?G{tc^lU8%n(Uj^Fo4$4ByH*TB#aG<9T3w39z(SlEc=Cf#5<0)_%t^jxl%af>G z%8r$}D=Zkp+}a;V;7(C?ke5i}p*dLKPDXt~BEpdKbKKZH8~qMUg^c|k8nro%ezK=? zxqQ|SeViMA)A{$jy=IKNU$0A8s>!;As!Fb-?#Up(#e#vkrT?UE7Nq?x@X!|FBg72W>d!|CKkCNU) zcVKY!=8!o-bv&FH)fl9TRzu|Y6B}a<>v1PWpdqVRU$b~^a53s*&OP?t?PXI#qJMf(uZ^NIIid)7A z>G>MZHBg0;h$VqWmf=wPIejKXlz)WVa4!fG1sEm07LI`e0Pt%u|96-iU)Ky9DGL&7>1T}iqIqVqTR^*nzb<;|SUDM_6 zau5YMx!9Db1LT>CLGR$%TC}8w?$Ef7mSa}>f9?B-q2E9-ru(iOKbci z7s*P*4|k*t<=WN+u!={C+=aA{QCdCF4(JJ39zrh*HhbZw-d$3Z^CC4Fj0@_(1=O@+ z`Ce=^w3Ps%lsz&geZ2{P{=9MlVAzl|(nXNwkNbeuLg$*GJqayCyj?T064F}2M;|@Z zVubW8X{V%-@HL=Dwm<8-(^J_+uS`y8s?9D?}H~4Vc~@Q zh*NeiFZ1c5SfH}CjI%}`VOOmfe-`qX%nAN}fn9Kya|6)dlOwt53fEgh#<962+W%rL z$>Qx*owDs3P>kHl9$LT-0D7~@yc&!igmS{>XI{)4e{43b(@>GaQ)l66XJ2S(oEI}s zGge=bf(-<&)nd|)ML$O-RcRnP%P)09somnYkLB74ES3Z=!E}S0sWBLxW#Op{&^Y|t zl%m7o=42LvOMguL#J6@4H_c;r4EWmOeI+IDv zm=@4_?QT_wFYQ9mznxS3^!>tjW>xfxQGWMVVt@5Y@JB#yYp5{5-G$HPw#I{}Cr``= g3Lq+fE0kz8XgbqB^9`p{v90#mk9=dxQ20snxuLhJLI3~& literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem new file mode 100644 index 0000000000..28008ad114 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJajAcBgoqhkiG9w0BDAEEMA4ECPkUjozrjcILAgIIAASCCUh6qXN1usH9xFF1 +BGJOOudiy+TSxZXhEFx5BBhUo7QgeixZ8evDOsjiKXeFCaLszkdN6q0+a26G37Vz +Pq6umDbE4lmwt4WSfvwTPEKmb1Z0e3EKiqJunjigvCASaxsnU6YebzvGAcCqiCHx +PvHLME/5zWhrBWvsPapGZMIOplXuZneQz1wwtLeUtHdRE3DNbbBj43BhRtNu0HA/ +S3WtwBVn+pzeNuAt4c1skQzp4Vi5wZtVxbw4UZPesK5K3v3rw3irl3zI5MWb/Oav +T8ZDcsGmOEnDJQCVD7LnKcXXwSCsvkFOAZ32UikX0g+htY0AX1691Dtjga5cNhnW +Vo6kdAO9JzrYTPgzacldbUg9DdOB+Jf2fcUnFtQEG/t8jN1IroswiTkySQ8FEn4b +ch9CFvMJmR9yQ/Xtb2E30CzIJZ8gcfbR+kIxtJaowSB7N9YEFcCehfxH+stFifU/ +O1MW1k6H+KQ4OFMChRJr4ZDQxGj6yK341G6sJn8KV1/YN6mAdjh0oYkWO1WTKIMs +MEdVyrP6RU8r6tWppS8J3C91qHBp5Uq7QQ+S5cgYLB4C9Y11UuRCePdGx4rx//aA +ibPWNvnI/0Y9+76KpWos+QgcRvkd1xUWN6lc2p8W6BNW5a7xGf0TggNaGy4PQ5Zu +oQc9T6c1OKB00Z4CKXkLV31whq7UPcC3bi0VT3hRr0WBI8L128QhV00WqwKpyRsW +HZb7tnkm3fU6hirLrSb/nmh/fQ8E2wTju5LvRqXNdjk7u69Tfs30qgYlDXUtGd4v +MzM3Xpw6he1QirK2jYKGX0aNcarc5eWHm0hc4HelJO83cQCaWv+CHcNl96hix5Zs +i+ME5L/C3nJ+5xRfsMdceIggwWL4ZRaH/8zMid9petOqmkYausQgbBZfdW6jvNxA +BPjV+rJDD+o0SC82ZXBK2TDNRVPJ0TYGSjh4fUp4yRpM0I3UZV0eOl2tTu9xwBJu +ErcklEDfu0Do2uD+w2dV9fU3fI5kZJQWNfhgMqUumbAl/pNpOAaU/WxX6GynaX6x +NgntoNIO2m8hzev5ORdxcRm90cdrtc1gBqkX+cKfepDE0tr21/8J1cRcgGc+M5tX +jpHCJWl3wgnfQUfJam8KRPYEzVFQg+NHHa0YnWLihAi/UwUegjekZbF8LNmqftEh +OU+PfluF/kOecEFiXPlzejlnzZtgpDh9oev0fJQVkH+1zDCMJDmTAyYa/RofpVNh +yslPPMVMvbrarrZUR13EcdHgq3h76+wrgr5afnQMkCduVuTrZv0UbJ87Bj8L1Q9l +AcwCtuP9ADijvOGtyv3/TVFxVkwLhjMJrxd7rr5pZZ70O/zaZK7zponJ/ieaeu8Q +YanLTkLKDXk8HXBcBV3J4FJ5s19JKMLOWFde/jE3/+FN6drUz4D/oKAKNzzAYmKA +6TWmB1ICmyXubc/oPiwNFLc/KiNcIL6k30d0ezPOVCQ+Wvu4mM4vOCKm8hxg5rFm +yn+KO3wLYi3T/iT6nUYGUpjTvEUGjvn5dwRcPIA2TgQNxJy+KswIpz0P9GbjRVLJ ++Wb/c+wbzLzM9KgmM6IYz1+Bzhmz/45iFhZBjGAILxu8G3hOmdoQJFePwqkehHgT +6L49fJ9niPkc3cUsRCMiY3zoflV0mtiworxNgaHEq+J6bRcSSp4sRNH/AGrG6FHa +dI/9FNgZwSE6rMvE3IxVCwlkF836DzRvlcELosS12KW69pNZokbONc/NZBsyuWq2 +g/rjVN7Iyx5TYt4DUgF38OtZexgJzgaZeKJh8q7nvThpZo0MzbfL1ony1uslmmpx +sMjKqGIPtU/Gcj9eSAQqBY5cWbNOUXyC39Akoe+YVNg2BS46s1Oj+IU0d8yyMtGs +SKGlsO7EuT0Ndn6ZrIXMhWvJzy4XuAGmhdpgeDkDHh6iwLEHZAqGZ8qbgO+UW+cb +pn2o5PHyCiMjkX9M04GzVSKQ36ULapXlqEH6PP/rXz2aZftvMtWZjaygh3240gOH +bZNkYKwe/yQMprb05wvMU+g4pKmz8g6GZ9/ddvSBxDuFc39iwiukZTUA/lfER+kS +c1vC2Qo0/aPXUWXDPF2OMwPYzHdvRgZtd3y4no6lzl+Mmsx8v0l53+ErBWFvxX+b +2jRwxJroalyZox9HD3XIb2nl5ZBDdGQ7C8WpSwlJvYDV7FsOh7ijz6UM9iQ8RKJv +6HYoWLAZ6Tjx1KJQ7j51wUMMWtmy5ktPCCphLYlHTyhLGNAuYY1/y4dSVPHtsjqn +bA5WGNwBILDvi8tJqSOgbkqQCd4zwZG4LgLp1yfrITX9Lq2spFnivRug0LySuTOd +/htruYm7ArA1GX6xzihD03DiVnWU1IawzOmDhujFwkwlrI+zMFuVsoObocQkEPTr +7Z1dQhafMQhHZ4LI4t9camcB3ytCEsGsURFnATqYsJGc83a5NhSoqSP4b4AWlMye +vOILcaoOW+UpjMah7+MIahz0NOr9YKpCNvgM4WybKcsWVjer4fKh8GiWowoHEQKS ++RR9OqfGhIzcSoYE3yxURE5zUB7dbvRtWhIIP+NW03eL+kCLbKK8QY/jsTm8kKS/ +tKZIv63xaA+BX0o0Uchgf9bvf0Nra5+CLGb6Q8NWeCnw4YmwkANiv13eeOzepuYQ +YldTRYAxxjGLJqxBDPb9MCVBB0G6cXvk7MUNL3MChG5bGZqlY/UkV7Yyp5nLiFRo +1a/LQKGHtlbSaNgyGUwof72qfNQZshbPvT+v72YXF53NkzxZzjA/fxp6qUd/Xhoa +HEXILcDRpUNEbdp1adnv8WMJh2q9X/D2qHiCxMJXsQZZEXjuILtZzjqj4cuVoPxZ +qfzGHtaBZJymol95iqcYXpYW3OYDYUJDMby7mEENfyoYA+mYx/7qlVaLBPScWZwx +NTOrntNRYrhLcabHsG6iT8jGYfpAw5Li7YlCMIzXo289fFKMxTUB5ynpPkRRxHeT +AW1itLT3AOsg/E7CMF/4ePe8T7bx/2Mj6YlovE0L2n9lu3AIKZAkdlst4qS1gy0K +2pYFJn6qIwBKVXC8RwQxX+nBOMFxTbrF0AxZ3Ff2IF1x0+JimljBFNr+ZN9I78sQ +lJUtQrgooNSYZJ3wLAZ8DrHb11dg6EsT8B5dtt3EsnZZZ1IHFbedAP0JxVxTTe0+ +7+0jri5fFGtpGIDCl70= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..b6c8249208a0130a32f4b81377a5f0c7a78d08bd GIT binary patch literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R127H*2*PF@bqd0#jRFD)00e>wNU-yplw#&k zon-2w%=2Zntzrzh8i5E$@gzun1Kw_Tr|N&bfh}i`56_T^r-2Vayc57|1vA2=lxL~L zy;o<|d`IxjR@Jl3s@8Q=|=swzU?QE-ME04D$0jJp&8dui zkO#}rXj)DC@?9QxinIHv55Tbu5U&;He}V1W*=+;~EIfy@RO}ZgFt#bGW7tv^Zs6JY z@)0kNQ%d73@8`m^!Cm!oIAh$oF$Q6`wH6+6ikr!~|Lv|P;3gPWA zWoCfl-Wi}C8Wq(=wLroVgUr2QE1e1nKJzs4VNjRh1qTpg3i@J70BD6ieN_A;85g>Fez>Xq-fu-HrNHIf%>TM z)Fu-=)hCr?qf7mCD4|J{ac)}rJ*0u-XEW>*xhC7-4l-ZQGH+yRTw}>Z6)3&y;_|ot)n|uJ>e%iZhl0d)ee{TFS7~Kh4)+xh1ssHcl z7n+Ft$FzgA0TBErQMF3bAxz8VU7E>5ChUjU1qJ;##BdcM`+DgktA-oH#@)1-=k%>? z)J4lyiagGW1flGGPVMwd0Vi}tCB64V}olZ%*PywEJD$ko|W72bLK$8r7T(7aOVqGdQ`!;{+oQqa7q zEH+0o<^X>{T}4u8nhK!Kv2m=A<9RNIFA`i3-$jaSxfTmZ?Sjy=ax?b1%{CzD! z@FtP#54H+mkjl4@QXOGtN!@LG?*4Hr6ei2@6Ii;%5%2$zjlPgccO zxY?cv@y`7{s4J$@$6pv|HYH#^@llh34d+E1xrs6hs@RGl*bIB5b^0R3crd)t%G%!L z%6fo5#8%SCp1#S^NnKcelN+)h8Iae8n1%MYpgIzQ&2n(;gDNY{rD4^1T z&#mb*k)?l3&^+u{4sK#~;1Z#D)vhrUXx=tkm0~oHzm=onAs=xf@6JY8`6H^%Qnws^Ft!ld^4a_ea1D9 z`%b~4L!ki)-nhrq8&Hx4`%diM+kJnpPoAWJcG(M9SYt=PSBR>}t4b^%&#emKB19U# zpr1+-THXfy;PlQZW&XEHx-MxF_Xcz40sWg`ItCdy5q4~lXTG3qKmB&EpJ65I=>WZN3Um{SBWcCCuCBz%=L+n`PUjATkTO==%Er8kzr0oCjm#HG+V5p zKX1JpWZz}W6r_klHDm_Lkrg*QP(jhu= z(t|AuH1s`%DQ7f5IJx8HzkW2obYG8cv=OA62~IJIkci)(=BVF!yVw)0HOQ4tBZz#t zN;EKVTIO9_M5Mt6ma#7EbL>++X$pCM0q`ODrZL@ULJ%Im*ghc)Tct+UnCC=MrszEt z07m#(ydWEf8dhtm&0~*JiJ1Ml9))+HK_R6R;Q`v$fZ-ZiZp=K1os{OvDgF zz4{IP7j|xGBWd!rCWmzelKr-yDzhGtxg{c(-WsX>Q_N|fr-`AJ2HaZoArEpmeyR~s z!P+Vc%PF2WJ*Ub^Mb_FLaMK=zK)92lPay#yF@y82fkB<$+3o~WcZsh^^Zk--M0_~l z8F+DTM!cNzTe?wwU~J|EL=bS{kwkh|0xYb$_7`>FejLuCRs7bI1Tj>$EU%QDB{!my z(46b4j8*#gj_DwPYO+_-C9g)4l6)OuLvSZgURq98X84dHT0C;%uX7tkJ6l@4+$Pf6 z*C;_G4rSFSA)ii>jWEW`&^91!$f$OyZG;c;pS0aL^()@5T+rnk(}+vPqdd?M@}mm& zvBoz&Q-0SM4jb~hlK%8in7vnC3g~Jg7nE?~qSIU+Bk@44Eh-O1!N!^#2=9+Oe~tI7 z^?LEOGunt*U1FXDec%0~Z% zW>eO68$z8cB-PC<*PIJQ4zQWd?)3mX^gUPY@nBE&gR!Ln?K&;x0>FDMbHxp*>eC~9 z#4F16un&snAzXT6Ijzui^D|tWmpICja{_0g`Tbj;AJUnh;ex8MH|=}UF38*I{{w6k z>=Zv=lP{)s(KNZs)3TwwBCHDdZJEE{+G2quP|k^PuoUg>K5`{M=sHC23MIL@VIMI6 z@cHO_+GL_>LK~u)Mk9x{xrv<6hqa)}uyc190I0bQa|4EjYksI{b3M`t z^tB*a)Z6+n2_CMhpeizNJFiX3&HflR1f{F+su-%bg}b_}P*~}2L_}BQWSvTb=Ku6K z9W8jiNb9Wjo>`B&h$+; literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem new file mode 100644 index 0000000000..e4333e49c3 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJajAcBgoqhkiG9w0BDAEDMA4ECLM+ZvfOIzTqAgIIAASCCUjfmUnY9iRw1tT8 +WER9PHxdcq3hHQwc1NE31oae0fgzT7SDLrcQaoFsiieBa5DpCszjxErG3xlCOspm +XPHD2zGdGu3tKfmf0ZhezMPfREg3OhQNDn82TIKEbs9bxvDkSuKjuDGGohWGNu1k +8eE5MfkrWUwcz2mGhPjgM0vyBJkMeMioZLzoccwgSti6AAwo4f6ITnUjbUR65VQo +l8Aj/JuuYmnWm7v/eh+I+4fkXHE/DpFRaIPrhzY4+EhgTLSHvkoEEnMGACS6AyQw ++n6IZ8Un3SkDPv8laZTUZIRRJVFmC1e6B2KW/Ky25EhnahDNvGALTanYdsvUFTXb ++dr7HAZjAQdWZGazifUNiqGBuSTXy81zK2NJBcztsAqaELWEufvGfBNngcXwgqN9 +vw4XHkK6mbAVCiVdIO5gx3z30LVdQLeXQE//pn4Cx0cmwXcoCw+5pIaTHQe5HMWe +4+pqQ7igwr8zFAFi5ClEfQP0L2DlBI/Wg4mFEP6ROW9FxGg5+9Sy+l3A7ke3lh5d +Ed3N0iqMAU0Ra9QXnqlArxwimuzLLleV0nMOL5jtG0qDWQhx5Aqb8QPkN4LGrZWI +VG7LFfPxFXFe8LlwI2n68CXOwYWAS2v+8Z1m4Xe+0ZfNMk0UUWhigXDmgXihRkoY +cDfVQxR+LBDoYcTXTVawP+YDyIeVz5X+EaRkN0m6bC8zG7/tYBEafdqjytUrtnZw +za+CfYRNPT5DZfURL32yKOSJ25PXUGfMt+shITmVCJakkIpI5WzhOoXbFVSNrNDt +3jhzgcSVOge0RCiS3iXQLOzhqLJHc7BkOkgRBw+HR3HIpmiXNm+GJJdVTxJYsdf4 +REIW3tGzC+77BXdgmI8bvOXTvOkA4aEYskNGzoslqpoIvcHVjliHbHcjQLkOc9uE +B6TB2qebX3GUFw6PtaazBcCs/WmFooprn1k99+Tp1ZSNXdfXMaq4IAkrixJn2MRS +T4vhzF7rrNQz/x3ky8QnFTvVKg+Ruo7bgJ83J3vuPTDZFO9RPTADjETA5FEHZTtP +Fj9vcPDawNwl2ww0eeqhiM3Lx/nGzz0+8DRykWAX7TPQdHmSEF+F19nhMrdls1F2 +b//ULjF5z3eV/qE+Rvjl8u7SkylXPvKbtVl1MV0us4tbwEz9pOViKk8sViISj1Gg +RzydfhpuCq5cFExDvHbUy0EvOZN6tq/FcuQa02jqVWybmqmQtVUhUX2Cgn9EVE5B +KYGj2od5eRyx+1Nb9uaYz7WO9hX5U/zpGvZweGgz7+/vdt+Yb/zTvP6beyKbJVhy +7gvBiuQcSV29bSUu6wn0IAN+34eMqkbhcS7F7e9/QVTNKaKF6Wx5jtoTUDp9iUlN +C702/MghLNKp4g33MkxryxYgVTbD8YuLalwQqzmytE7AnWX/f6Z+px1Z5aPGEfPl +R+DgvWWAptmb6NtcwYkue76dxy5PBdBsaq4K++W2CxdU0c0yj6I3X3ukzlPWz59R +T6q1ArHXv4dkMfa6bV0db83nldsypXN05qP6CsMrycGQlYQHKlVRjCav9W2hCKyp +nJvL3WTelGyDrC5cRNTZ3N8peMmWVazF49LhMZPpOyRKrvtynmRyB+oIQPe1ncOJ +8VOszefTLpzaIvJsFcygDq8ukZQsLxhyZghC0rKltaeVNYrbf+c1yZc7Xc3CTigY +YCZPNgIb2CVBwxCV+BhfpYAjCZ5h2lJqt32JwxJcc+c9+ZXO9hvYXY54Sv/ccK5D +O5TRDlFmS+PPg6H96LoyOYKy8BGACgTAIQFSNpOQq+LCDLcdxpsUxtfdLTfHyu4k +0+vNterIJ7NW5dZAU1rs5s2Kv/bIglMrYMUPV8gsewQTeHL4OwtcWgMWjgeASTdy +PQZCHw0l7NZBugUYwlMh7JiYerLhiAn8CoqLay6SKpI0OFhSjFwc5AIsSsBPOX+o +Y1kPWqzIBeaHOJYHyl/y4fvCz/8XC6nKD2wEem0i50RUMfZqAX/JHmEe2jxkECgI +XDIWPPLjP4xmb30qTIO7zsOPCc6RUCcPfjaTWKdvlL6GE4mUeS8+U4P6KrwY0KzA +yNKaGvm+QsET8f4YYma9h8Qtjmm9obr6eHIAOhw//qd4gniau/4xo8cROYJXOYzY +WMinLRNwO2U8k2hIzzH4c2G6GQ2+4PBlJwjpDj3OX4wG2O86IlTgWC9R/qoWDVLr +6uuzCtfc3hOQvBhscOBuwQdRH1h5Q8aznHzafovJhyuUi/HywcC+EQjuVnlEUDOH +LQdPczisyByRn7tgZVflKsgsKGRWu38LiCYJTWNSgFTgS0r7vPXf9sGFEsyezHhK +FFpUMga0NbQ+TgRv+7jDgjnmXu5fUrl/LdhuXEp8porhLd0QXNdfyd4xssNnHDAq +nN9SlG/VXqZNe/FX8Nbg2dvaXAm2Xqnfss8NYSpHdlWQvMPAjzyqictqjP8lKCK2 +BQ+ryu3Shq9jP1LoKbxjR9A1gZUcDe6YIcAUn4vu/7ehmCvbZIMhDwGCbdrabtrk +Y6V0/74a6lih0BoIAn5eF5em1wFlXxGVl+F/5O8IZv6FvpaH3DZTIwqUVRc08eai +2zm5OPNLlBiapfLD4jOYi/RLWOEn0TVOjZCPLK+Ij9+I4zhKR14kGtjuwQf77Owh +8t1pNW2kuxqtAR6XniQNlrzraeOA33TagSaBmFT0SuM3Mt6w5iwPTZ0GMnSAKCxg +93Qi/g7GlNgNRbWEV7yW5BJcVuem9Zzq/nvUPHQ35MRhAb3LVf4JDX78ipKM5nuN +nb1si+4lhxll3JK7HmTG9vW5VgRCdslfYmgLjVGGQizyoCsd/H3++7AUskDsptOG +c9iJtXE2RbW/VW8e+4TvqNwDCrtXGbLtw3GGyRoPdrAYOpABkuFoP0yYtvwM16dp +2kAvaIntN1aZbGVblJVNILv9SfmARchemI5Gl86RfyX9XyPAZ2Gma2QTXgm0f6An +BOYpqHE/7E4tEL69cyzkJjtjES0KqZ2BH3UXQNtuewo0bx4u9FSt5GP1qdx5v0+I +stI1KFTS4Pd97LdssbynNJsCex1ns6zXE60JlppXkTFInlor4bMi76PfjKYepQtJ +qIw+cDvt/u1KVQh8KJv+c1xQuABJk18RERYC0os5tTR81UaBAiqNwttJ4vjcC7Ku +yIu5YIqzVqms9uKNYNw= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der new file mode 100644 index 0000000000000000000000000000000000000000..f3bda6335dc4548e5bf735798e16a93349ac1b5d GIT binary patch literal 2412 zcmV-y36u6Pf(d9a90m$1hDe6@4FL=R0Wb~(2rUD2G!2tw@&W<~00e>wM(Z0H-uQW) z@5Fvn`oD+=-66Vl!b=vj;W=;adBlq=!Ri@3)@YPWE#?n- z9r{cHB`sVOrT2jD?_pXG^OMeV7Nd8(50ho!2VlRWfuR|8lngZiVHq}x3MC+fXfXrz z2O7_91I#w-%qav!Bf(u#65B$TVR%61e!*JgOFL=F-F3CU%yQb#PVf(DZn3WmhZC3! zC`Jfzm}beXNqTBHUp~dBLAPs`D#lz@2=_*!Y|R|KiX;Ci`Z9KPvulOe|9!u_I8v+9 zOv6c^a3A|^5ewrciRI-LJ7O^zVoiGtvJAP^q@?MIo5Mp}>oK$P#5#;u+F33*Iav(C{%%(GI-u zmi2GSZ*UQrlcIA{U3KE7{D+2iI$ZmfzQ}SCzBTA28*n*_ADH(LsM04{RX~BsWk2UV zSm9@Z7xOdjNR?#Zs&_X-pBma3Z^N;x(1&sx7Hn01Z2_KXO>}Ic#d@9;WL9`#?Wv5E zzg?i`S+LI`)Nu-}4gf{$sRP{@ES*?Va-pk{H0^3{rDgL|u{th3D~BaJv59ND8^ui8 zKx&8S#;JVRQ&7O#rD_lWLsrqh2{mYcMlR2Ayvhysp@F2)NiJ&Q;&f!FF2M7EzF^G4 z#jib>ozEm2C4gYvcR0{s?tV}7+B=(Lcx@09*$>>IN2zXVA8ybEooy>}_W>=~4@Kcj z-F_oM4^U_3(Nu*2OIa9Bt>t(4d7Nxqys>F8FmpA%Uu^a|9N%E)c~adl&M5JsdQDHK z@OxwC6LPIE68vc_X=Ckqc{)iOn4rcq!`n2ofJ)^?K*c7XVb2EclAw~($@3Fc2tGMm zZ8Wz~{D|P{H$bmBQ`)z`2~P%wa92Og3Dyuj@b3Cd**I%R(FAbsy8Oa`f;r!z6a!)p zUYoNTcatp675L&?Lx7R)jZ5#u8G61Hs!hD54J1B@eB<--WcM&xWM6W{TtSX?J4v)-X#WcOKaZ36zf&;Yp}>@e*UhUu?SR z5cR{|@j+E)CF_jZc&DJ$;fj;~@>ac9{nvHm1Euz`VJyFYY)iU(%XR@EPt7J}qmGRs z5z2y41eWrFmt(8(mNL)opytdQ?yM}n7jAg|4b;9|RcJ}{%F5dTwxScUYtEiw`%oBJ z)TJjQ(_YHH z4VpZmfjZ&pB*MwFb?1>Ng=7^XT0k33@Sm-P31IIB0PS|KeBP)$rX&v3LGJT7eW!2i z&Zy!608|}89re~qf5&k6$`1)7IKG%l(=IwbuG+?)#l~ZXzWKg`jvT2k<(_m`+5q_*P=BH zpt-f(5sPy8DMFLf22?|9X+8Dn$(ar0+O2DRZCEnY*aEv^dJ!$r&fqFTc*U}q{v$$#;+4>m+BG}<;v@7*g9m~pSL8D zxe2GxlcKKTApoBeWWXK6UV%4iW6)FW+4l6lM!#Gl#vB@|t#)KPp}9bt82;BGo!Os_ z(6NN?y@^i8M}hp5uL?<_F^;;&+F-Y6L?IU1X%VxQ&YFv0LU=hlGF<{W|CB&Z+w-80 zg`2>l9{AGey1@*%qc4r4)lnY}qZe8q%tdBLq8I!Cx}br^zuskK**>TXd&)m~+xS0; zlrrYSsYH^canBsb{3_wgvR3L4o_(7;@-K(E%!NhTXuVI&Cn>9RD$O@k9GAelYp#~@ zYc5Luz03ijVJs_y2pE?M(d8jS0TpJ8nKsr1`}Kq&jdj<1pgZx;>;;}yz;+C9nN__s zHlDUGt*{As0#fMc!+dntoJe*Aifp2onPWJ$uF3!L9fghbIF`ECUZ=OB#!wpNN}}v0 zH3tkQTwvk0`W4a0g~+yWF1!KRVqNAw1fZ-{|9U|SFWV1L9Q(i2H-a^xA4=$fmUp=y za~WDETR<{0o+aj;O@%=&DA7?pT z=|an#z}|BQfd0Hs!9#AlEb~)5eOJd}V6cEFtj$O(lks90m2?fgycoJ6LTEa%a7%H$ e4b>KVe;92Q%sFRX4hjGC7p+t1Yx5%ihJV6X=AK;u literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem new file mode 100644 index 0000000000..53867ac535 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJaDAcBgoqhkiG9w0BDAEBMA4ECOJxEWpN/HEEAgIIAASCCUYouEt15A4DUZoG +aJvr19vCKfGPErYDkh1fI9u04hDEKCdb+Z7oxaqXQ34rr0H1t8/SPdhpvqms9Bsz +3nMIlgzEPnppyiRLCa4Ycev0jtA66xkxgGGXnA5uxZQcTOFsGDR4gpTn2hi7//BO +gHhKVDbCd6nShZkNgNUe++tclNg65Fmazm2pwpnCPfY9TGnou8bynMrJrau0CPB+ +v+pI3NR39yxDcq6MNII542Ma8bZWE++WmqmSXjsnXyEV850Dw4j7khbevXlKIh3C +fsf1mb1/lUc+8HtsjFLgBS3Iag2D/AfAbCDCY3wWG5KcMJk2CtNayOAmMetL7P1t +S+i/zTmqAeNVaUF/6ciwY8JNA9YHnjV/0LH04I1Dn1emQVltcqKJahDSoxwGeLD0 +lv0EMQ9CBRHqdKKVaDjBJSqLkwQzLuiqye6ZREnoeIL2cYXDqWoxZzjtxr5t261F +jl+gGBvAX5RRKz3+Vj7hb8y4n7npYJYXk+CanrsTblsBhOMaFhgup+Vd+UhHGQku +FqHR28bHlJzxgUvlhYV/WdMUtHlGHvpax1Zo57ToC0JxlX/o+lPHiZvvpGZegYOe +Mta5f4xI8PcfVrVbfpHaEnt+ffZPtDVZUfhfZwlMniUKX/kJgKGdtpnrgm0wefUR +ymKmn4af2tY/nT828+pOBcRY8WV5G5EPthkA/EemXTor04bb9mglX9ZJ78vrv0n9 +XaOXkMGYuj698Rqkx5BtaVX8EjWKnknHn/GOLSINu38UelRDV+xf5GQyDQREHsuu +Mkj6AcygD5eP0p4AZZaHw9H6nytoZ9SX/vhUmRTk2vbrgnAPwRBFnZy6S4mipfFc +m82EyC4RHklbIriMRRY7EHamBrUTg+8axCqBWY1jtSvTXwm40ybpigsiphtbcaCN +9hT13VfVkglyQIbmxvxeoo9McgKv2BoP+0i5xIdmstu63bcHxO/DaMXw9WPOGgdm +kyFU4MwJZhvk57H4HwleIPXXJd93OJ0NNunDgBWxh3mnKqnM9hpit6ljjl8y41RC +QvJTO5cR3cKuzPpzTqfpC8eYeXiYChuFDgXKXubGE/PSSzSmU7cnKUrHAOyrXlD0 +EdCZkQBFF0gnLksVSjaF/owORlc1KualcD9ahOgWoaup4MqlyW7A+BHJ+f3Iz22z +oezU/B/FGPTcRc+kEpPyIHG+98nNeh2N5nmY1+piXkJCsq0WdcjB13t8MHLLGqQ8 +shUpiKtkwtO45DIP3xVykntZsPb2gHuj2JoHjXYnxmZ7MRVbTe+s1F3xpITNa+G2 +2Yorp0zqVrhNfvtsLG1i0XdOwockHo5k+dAFkNngJvQVTwsBUw/gqcDwgkoG0yKZ +NZTZDRJDv3yfopbIvGxmXBj723/OcR0prKLHUc5qaCvK5y0rvM7G+Dg2/W1rzRGx +9IjCOyZzkUVwE9vKZO+mdsa1zeVja1DtU1sjh3k3+Lw6P2+LcVZKWI7IjJ7vcNxt +XRI6+jlaR3/ht++3+ADgBpZUVAzBwiKeaneanFoiu0kbXv+G74bVDXvKLTXXbynv +0mabkp8cszm2wMehp9WuqnBKtAot5Q6sPg4i6E0si3LrdDzKgENgMAF8+ShG5r4w +ULHQBwMpvNS6LnrY69TqAQp7MNS5JoCCHnQqXSgUQN53Zmcnmaz9qysHvbJLK/On +Rp0akU5A+WHFNPvGqkF8ou5OZRrN9XQMk75RRgi1YYY+UddiaBAsxqFQBKq5ooxN +0sE65WM76WU2/v10va4iCNPTFjB0MhGLrq08sgSNfHhePpBK+WANuzjWDUWS+ekC +VCTNBAARzlPoxuF0YsUUhwYxqFw/VC4PW9WeT0kx8pvaIwhf7Xk++4TKbdayQehK +ImH5vmvpeWxNa1O7nVyvaJfNvSoj49X1zNg4PKDAOm+kEAjGvWeWKEOiHTLIXbzu +HztTw/pjNJ5NaCNVWeThYYduFuRZaqap5khpqP4s07zvDvkTyKiJj3MSFel/K7UV +uy1e0HPymTFToeinLW0x3YaJnLcOKDmF0DSJB1gVwl55B3rEYb8tODF6BLjz149J +BT91EXgj/Futj3YpPTcIjJXsBDElP/KaBtB6uZGkmXgnz8OvRgg7wJR3n1uHU6r+ +S+19ugY5I5hAFFMLAIg+zO2IqSXW1B+CiE94tr5z96VTyIckO2Ov6p5fcGpI1VkB +KtcuXGUVuF9pqFRKkFChu90OiqxdcdKYqgjHy1z1jovuYm2pfCB4kvPLn57XVsmB +T0ZcdHFBf+SwxuKdr8KsK2k4er5c4jTTIflWWktrD9JLcWLc1WUecL18lFByOOWh +5fF7zX+NNsbMBES3F6TG+06NfgC6z24/h29zfnps75usEExBc7YHJsmWl3Aef6bF +vcoS2ug8ZXaiefhlFkyx/frGpRnD57ZOvLCi/TUVf2G0cynEKvfsb21LN50eMKD2 +HiIBGoNj9f3vJdIhLTDFurf42ocY5EQzLGleIQ0Zpv6285LqwqKKl5v28o+A4qnp +Xhkt/3pqZ6aJeSCNQd9Zg5tOd1tXpcTdzl/BmFIvmE+SIsYydLxrX1UEWfJfEL41 +J6qXTzebh7N16bGfxU09OT7puztuK+/vAHEvCGINddDaOJFayVdEaMVUux9nDkoz +b1U/5UxzpzFdNUZBHg1JjkUWK8oTGmkJTlI1aKJKKA1RfmnzwOd4PeHI1hIuT8YQ +8qwKY72mCCb4Sr+Xiw43CqJ9NgWCxYr0ua+hqm2xv43QMhSCNd7v1Dg0bi3ZgOi8 +1eSns5VZFww2JkYo7rrKz21EiFXjhZ4u8MF45M5/cbDqbaPVb6FMx7MqaKmnkpQ8 +xT4BC2M4xCiXnYrrjhugw2/FMkMchIN9jG47IQiACQ8pNqoTd2tLFCFpTZeeRCaP +Dgd8rvaMXjY/Uu9zB+LgRlQ/c01hGL+/d8cNEFzTU9jajOLobi3pKQqLdvlo40Dl +qH6eLTnYusrZnZySBuZD5c57BBW4GMuetvtqr2l8iV4BJnMvLZ9tB69eA1PhKXwq +tHY7a0YkhLUUqKFyPvYcnHjU9Bvg9PnciXnoDFMP1Obkou27vpI6NVmIFKMX1OxQ +A2IJ5YWaN6h8nJOV/THzKjMDmPbXLmtQDuaDPpDaNE+oDwto/UlSQPV8KtW/MR+s +k3rLyN3KXoVl95gT +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..4f860bc963bd5078c4eaccddd204ba25dbdbb2af GIT binary patch literal 714 zcmV;*0yX_Gf&#`cKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?5;ThiYc354DP z0tf&w6b1+?hDe6@4Fd-R2r8Q|J{H(~Cj^25fC|LQpXed_Dk7CGlt4VQ)3gi#XMu3HDYGC?#62}p&gk7vI+eM5yO60=|&d=lgWjrii z2Pu7lELhZ$TB9cWTEX9&T9q&|9D>MowR6P`Y^u}-C~DAu3~%1PS`ILo5x;K<$^QS9*Yl-(wb zqE*hQ&qHI6&HJFgpLUH8CWS}n!;-vs$At|V8k^Q_;k9GyN@x)2FcDwG^Kz?w%;~H= zV0fyrj2g7&b*mOakZV)2o((g3zm%YUO(x|9;TW(qiiH+{P0d4`YCjPGie?071BUI~ z0yiZ$F1YWGtVg59%SK-kW9lN?KaXTA5@j2VsVOb_VSl^kzn40da>l1%-K$PgIUg|Ya{3;x6UAM0V;Jb&T zJ73a6prqR}WdS($&)-Y=0&~0mvgQsa7u-*M8S*Pm91O+W(FGp6IAr7QytY&V4F=$N w?6_~YcF-xs%YdiWRnW;VRj}SK4~1pFGs%!PC+aC5D8)w8F;8JNfB((fKFCl|-2eap literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem new file mode 100644 index 0000000000..c7cf185e3b --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIERyXk+8ULCgCAggA +MBQGCCqGSIb3DQMHBAhUeao9yOi6uwSCAoDMyMGii0I2y8CvM8SrY9tRx+Zt8WsP +vhEWhI1kbzWpZUdS1URWGZZz6oS33GnvUDmN1fZC3V/k9OcknZvfv8UtHj6RhK3a +dBgLVjEkFfqz2/4cOfha9FrRUJXXwW5JmnNhn3e8WZTvbtEt0e89n4jZWjWnkeoJ +rySKWuPn9SKzwFdPh7ur8N2BfjvwxdAZ1uShnj/Umik8o5wJZUz/7w0nd7JpcsOE +r9wC446li8t3owkm81z5jFTQW9SYZmT0ecICF1CRJgsp060TQzBeAKAM2skiOZXr +ldQBUqZBrYV2ZZ3+bepLrmsgobxDzhiNrRXjs+8lO3TGerc6ZD496Xv5XSJF3QuF +aUjWnaW2YX46nRWY60Bq3IhAbuAGF3YGvk4O/+n90Y4NUXj8mwLq8sFMlXKMyxLy +fHBfWKpwTFgtdBO4nSPrn310+xiPSxU61WGMZkBlgv5X75xiX5ZYktUxVlktvr1Z ++ZPeIMRzuoeK8J8iwzx1ADbOVPCAGnPuYbvUalGoGQkjCUEdL08XauaUdK0eDMTh +5gh1amQg+PTb/ZmYAhaDjHsuzIIgfWtsfL+Xk9AsTimK/qwP6mQLT6Kb+PowX3mQ +Tr4SkJH31Jp6mTxueoCtqPEC1BxhuDlqlTvmPdgIPCf4dbFtsEsSGbWRUYuZXgwg +Qmhp6TC3YNPVtLusoCMwjXkUSxRhScAzb6RpEGJwL94grF1UvTfleTGfOppKxZdG +yjzbJcUlcSCuw844HZDwHVzORQT3zxaguKuu/XcgINd5mU2STOopz3AkHhKLSFej +UANon6Dke8NLp96JvX/NN8zqvauRHg/r7RgcSHQWRZpbAzX4bgsEX2Mc +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der new file mode 100644 index 0000000000000000000000000000000000000000..6f1eac29e432f29c1fe7c07042f312cc4e3a1c1c GIT binary patch literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?4UZM&s}NnGs$ z0tf&w5e5Y-4g&%Q1PEZ@&5~$6)nf#L0)U+BBxT+fdbH~%S!#>pdxGNTAAe*K%P~LH zOWe*%BSuq-nF7mlA|G| zJz;aisn7&a*LV2^&)rB{gs?Fk$z^?^b03f|v1vfKhd1*M6x)g6CuT7Hht#WGg7?U{ zvKlQS=Uh*9W4fo<5INIjPwiJJR^}izGf7e*@G5estIQ8^9`+w>6w^;3C}fhVN|t1wmuguj0UgPMjRpv`ZH*2V>{oSYP0-@;*d6Y>`U}eOeOe=5AlVq0D4?eP+rV+Xq)#>6w=9*S%Wc1$O z{427i3};KfQ(==K9|t4OJh6V6LB$P2-Wi%b-bys!OLtfW7}O0jkpmW*vk+!Zcy`!O zWM*uunJY0zTqYa08cHJNSZt(v*({($!@^zCJGV%D=j`|{+lSVg$tH{uCG=#+il}n{ zE^4!a|M<2mo|niU2s@uBVZnNM&P*Sx1EEfPMvSoz3IVxxWO(GrRuV2s^1Y+Fk~!!k z7;+J%D7E7~;EWcR7ZuJ@;X0vorq*_22X<(RipNrIX53O{ANA%a4mZ8vZ2mE$!1t}L z%n1moJ|}1{s;FSqn3tnn?0$n3$RIIG(FOO;o9T$XFPYQZV$hXgTNk6R5oblvX|vG` t(aDts{{kKPdu=I)PNR!X%;iP1In-10nNZb<9)4J0g=?^P{!-0mQ-HA_L{0zz literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem new file mode 100644 index 0000000000..9ffa511ece --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIn5qnCAJVLccCAggA +MBEGBSsOAwIHBAi4cuNF2wB86gSCAoCiwf84D3eyaesCJsiUCgk7bakku/Y10456 +CzrvLgneXNCbksRuCb8iFtYtiHQJcUkAko9B4uVh/3u+L9dNMnBAEEfdW8E+40WM +tJZcX2f+FMZPaXNnGkS6mGRJc12tRmg+1wZTlKWrk1hHzEom3SpPHsIvz+aWlXUO +Vq0mYp+CQIRC311E+lxCT2acamfgyxrNHZpafUq2GwK3NjS55jBg5DYcp5uhMOvd +sPTh72+ZXZq8qn6dqu//RD3L13px9GGsdFPcwT0BPdpKYLkJfdAXRY002DpjAU9R +k3LVxl0O9Z9VDzjnwyJ1qSjmo+Ejz4WsDfwT2oLGrn+6UenTsHxAE2MXmC+mm4r1 +CJ6vdkgw4PTJGxgwVoXaskfzCyz5LjW3oyEQAQn0DHZ1kVS1s+pFSQo05S7wfjjR +KcYwfkMjiTHzWQ5LQmt8/a7GdKSJNEi1I9cs3M/HjlUa3U/KOYrdYlQGp1eD7N5p +mFqc16EdWaPjtVEZWWgprjLFA1SmqAnBtah9xSOHCOmqxbiUiUa1tQExglVYJfTT +cy6HRMBEP4yflxPrONYiHFLigBrb+Er0IRx93BjxGXWOriPytiYWG/idjP10Rmmy +3michch8jBYL+fGNiZs/sbK6+UVfHbAv5lMNvNVuntlnnCJkobBTdUww2YJKAamb +m/URTp8k1xKenzCfc/oqj2zl0j/vxr5jsv30JL8ryHzsUKYnhy3aoFNpknyM6Kid +UAaQtYX11+5tvnI+uKxzjW4AYi45PmLTul+bN4Zb/CysfGbWPtv5fiyM1mvSlyj/ +fI98jOK5GM2bALc1cj/ThK6RNtsRwCGohp6RO3wSlmfBdYye7OLk +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..eda37aa2e82f8fc70cc806498429e1a72d6c15f5 GIT binary patch literal 1298 zcmV+t1?~DUf&~sRKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?6*Mnj(di~9ls z0tf&w6b1+?hDe6@4Fd-R2;6$X)iR3sE(C%E$OWH~;^a*6ljG~bJnf$4#sx$}*y^X_ ze$E5wd9lB!2TJo z0g8{*4|18B4qOefA3iIWg3mGg9?hKA6ka$>=3nx*)x==qaq(bwYxy2Km4 zhZeBEiN$js48*AEjfbgRZ?38~EtJQgxwv$ZlbIa8c=I5(j|7=IQ26&oZ(|%aOda+e9z38&MwQXEQ}o#a4xfuJXATYJl1KQadooXQp>iMaiT+Q zGFg#LN%~6Y7^Y|lx6T{`jxJc`GOtY#gvC?=9}KxwT(P`MJJ|$T%RcLRXqH;0l+TZm zfnzoESgm-k4CN3UFZ6b6*NMb)8b*vek^c7{yJX?0x(-Ra2x(d`+NpwQmGS*oS;+eM z^9ZMIl4a%``aBywfc?6bk9OhzHhf%cfxRKf3jV534p4eSMQ6y=Da2Rp6j$^IG+In+ z)_&hu0~JqZ%3y}2H+@NOX!gJxZ&OJWO=Y0C=hNTCS|JF0;si5O7HIEU%n*58@%^gc zk>oVJtM8N!AfSP*26o&R9*Q{D_DRKcVfIt?|jYUC#zEWB&Qn{RV1 zK!O!|+e?kEgC#-}{@j+AJ=mP5^?jsrui6FLN}}%}vJQ{wjNw8rw7z?y1&UVK_0QwR zGlN!;C0|w=_K1%wl%*9mI|NOro;}#rK6VAyAawd#0P}W3TYVx!`tsfiy0oX*mQ3znmQTZk5o@WY`a~ zCg@Tw?4N(HSlF@krEEe|4^HIFvbTO>BJ*o;T?Nv>Oi9!mIjFI8!5d!CIj$QpQ5zbG z8;x+8-yq-_#-Ev2$@tjG74r`dUA$MlXeBO!=pgZ7<*3ho4+75Vi)O);ARt<$o@pWc z;!4A@MZpUib#ByloS9AZ-a+mI>)C>sY6R&DVHBe6HzSy1=^3$!j$Tk2DlZ%yudEFc zyb2jXbol9CJbh#ZW#GUk&&`#w1J$Op%ieldFg@`?8m}ob4n(}uaCL&_f4`(ta?SAr z`-y*%ilKF&BIB+pi`D&CQJaKhw}`V&;vBAPeW%ozwz!X1xaDTiG*d)C;M2LXg3AfC zdN+m!gi31U0lmr)Phdt`{!xfD?FG_mXS+3KMWm$3iV2M4=(WH4M6Mg)+wU-8!h+v; z$vhM>cuv(r0eKeb!}i*3hzUjQ^$NrLrfpFD)E^(??}<|VOW*L|&LNQU&4g?5s@KZRuS2;ui z0tf&w5e5Y-4g&%Q1PF-jn=No@4_^d=1jx2=J1mx!PzTQNN9yM)+|bD0ki@B4RtF5J zrmA8(oMMx=TBST9adUugZ>z*2+NV+4_z{rP+C>OH7JF24nO zIvm8)Pp&wLA01Z=r)a8csI zs`T+k2NII}lvs->?m{%uRx=v>&&?VF5{%b33@ z2>=J1LSsRDU@0b6=6Sr&IyKgKc(fr+`!=t)4Y&k5{gXhGDdv%&UAQh|kH_+rt&k^F#z zB2Q&?rf#N}A8aU>l0V&4{kq06trV z07)FIx{cWYl(XaLR!bFg=Y4=&qtajC6^7g`s2XZWE)ESZLxn9H&eVHsE+gWa2`wEd zv`J09M#L&_hskgro^=#9NjTtn+KaU{hdFvCHaC^7f>kU~>EpPV^0vEfp<61Ns`BHY zx*RIdXMh{iD5aRW>mh$R*^|; zNAjuksxY?0^Py=gdrOrlCEOLmGN-e_PCZULT#|_|dQv7TDQSdwe8KiHeX39)5C|Hj zb_F(3x>--qTM!}LK~T0m5@~j}_AsJdo_N&Fj;5aPT^(gU<7x|KSfxf6waf!`pA9-K zuvVoDJL-1b_06XSt{_M@LZT+a_F46igQ*O)GCwW{PO>T?97MMhb8zVggWTgSGIp1p z1>MhajPQ>D|1@)4>>xfF@D8HTl|Kg0K3CzZI1fC!{oI*t~7pE4#;Ai{dtK zNU=?`PG1RKh4ec4p9JF zBh0bsw-o@QBQ*Favk!<;yVUsW4xw1dU8vkgU7~R=o~?)W`G7-<5THD)LRN&6O$_Ur-m%z5c7Er*e`K_-SE?3ca881|VCco8M- zjFK)U7?0!~qU-&rr)Zu#TNjkP^pbq3J7B$qt0Bu2W{_|T?rhr9WgX;f0h&LNQU&4g?6?>4JY~sOnP! z0tf&w6b1+?hDe6@4Fd-R2%F%?-B>|LQv`wuNc7d1rV&)LY#6Y0*fxI#O4HF9_c=j6 z9l5MyN#N8TXD+Z1{)gTL(DE28B)jSxpM_EjG=nDny*-O-1q4}i-LL`Zl-7$tDDJat zCbaK5{=e)G3JZifgHY~nd(;9j>Y-e*mbUe^tp{HECfw8Lf8-=ITM3&LcnH`Al*#vQ zYk|v&IzH?JVBlLGX$Q0d@re9@7~SDi;Eu!ko%bfsQECB94PwVxw&wfE2feESJ%!c- zmnT$%1p$Z16ik{jnpYD4K6w5nL?Zs2GA-2!4t_;D zBaV=0(-qOR^y3C-Ibih4_{9=zLFhmcTKpc8F zn!9m2QkN2GSg72hD9onIp~Ru#4fao-0t|cg(Jlp|wv-wJ&~6Z{y3{faE7Nw$eG(vD zQ}ew=K!D#2S1Pkw^U5?jETW0UY0T*uiZOih?MP+C$#RYt6!Y5Dy&nV6k*lTI1x*rt zAX4e9)ye?qkbRpRfBrB}v_B^#+JEDcux>ldFFZ9TYCg32rIlz&@MMeArMB4O9^K9M zHYX7tXCP`dO9Coc@zpRz7Zm1VZ`}5VjO5IA$@s2-u7Su&qG4TqMK+f7()SAY%xZ@T z(IJ;fzvM1@6w8LvZpZaWqg>;2I>cZyk^VfCaYHtaVl1P^e;H7FTS+uH3rPPwXmPU< zdn)NqBYIj3kk&qqL+F%*`-8Ro0qy$$w}7mV4xayNw=d4>hbDp;vW0K|ZJiIfsHmeY ziNoc*GLe z{8%XJ5M}a=@r&H{; zdO^^6AX({h%bdII_j)5haYlqhwbVC)lv!TS>F^7PwTyVTsC6|;!4K)G;Y$!vYe%dC zT(K_=pqHYA3$Wb=FAd`DKV_;PM(M_Nw+d*^5i=~81&Lc+!_497<|pi)G&a;F8GA^0 zcm6H~ZOMyLKE5SApHqhb+F?h8_QndrJiCs~y?M$2p8!M7&3P&4k&&lj9k%>qTK1dW zxCHu~>NYH|mjNs-dDII6n9^;>J!#aS0#R0LxJ9xHkPxV+0YDUp8IfXXc1e9Rn2=8db9V=uqN1lr_2i|n;rlx^ypp|CVuOJ~At z8s8yCp9&b0qn-|LdYYnpOs?;M9r$es1bvpqGEWYJA`L?+)6b7lioiwp=Io0h+tjjc zqe-c_0?;e6zKEV&Sts1NQw5YF{Ribi!*bx!y^{TzXSV~q@|V{<_NUk0rI?my#W<>v;3g@k&k z=dnt&SV^u2il$PsYX6jAO|c}^tjYG@I8kLN4{Y5u5%Ry(G~qgpP`g%~K%!7l{X3(E z@uJwj)qb$9jN%@TZ{LluzqU+H6pMP24+;Ti|x&H65_vKFc5@K>}7fIC)?Le3%wK?9jf8vcv9 zYyb#ZrXeQwm90^X_;<6%*=tAYm!+F-vO_cFc-VWaZ(w&=YPs{9Gbo(6F3PnPgajoB zC?dZP&LKTJV(nZ&*yPXK8gk~Z(OM}{_nx*OHS*K=Z`hWZ z@NnYCwDgHG#LWC4MtuszcXPjYZBK0Vr4FG;2x_Y89FJ4tJ@756witJiJMvbrz;;;QnSAt04AUS#5rcd zjc`7-l*7~(914D|^E;Q@iRrB*A&^{z=36d){pZWrzp5XB>?1G3nJsX zj!R>cd@nobPEg79ga`ylM%Xov6l>kuOu{77Nh5AdC{z@fW#1&KJX{r4XULT{t^B}L z~XDU$UFa+Hsu{B5Ty%%Ghj@pma!GkQr@8erEL+P;IiA%{->G z&AwKZD@Kg;nL)_ZE|6*ZUK(hxlktZ(9gpr%hLH!65S)7<{jCV>mxnJPA-vAawJNn z@qGty2#{CejmmfcZ#}mUN{UbaF-FohurP;rjt4@m*v=8SeH2A4nThpV%%g?z z{~6a-b?d=6&v9r+xO)8}LkWp_cucv<&0eKrelW+W^sLVEqCtJ47%woCw2O?RZiaPk zX#}D%5Q+yOEI4!KY5!x)24p>0;EVH@nD;kLccn#Q9we Q_FbR0{-)2QG5^wEFPiwO2mk;8 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem new file mode 100644 index 0000000000..c5113e7133 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRkUpAqxZvr4CAggA +MBQGCCqGSIb3DQMHBAjFyO62L4EIxwSCCUgDa+4NxmT4wXuKjxhe0+FV2qY41npE +e6jBLdDQuqtSlB4M9A+AVtKWi1sncYzV8FLtPofX25HCciByddYaxsYFtVdmaY1p +ckl9kBU2JIEZ9kvfBxcuHEVeesbvws4hJMO3ADf5CPS+vivEpYt4W6VUANZJTGwD +jA3QBIjSdJlC4ievdcxOn0mUc8Y7X+RMmAhEV778vQoTMaoYKOpAa5aQsL5eN392 +GRexE5rzhI+jSctBnGL1t8IhUbceBnLjAIDRyNrQFnDypzAMrV/Wqtvf3H8o7m/G +3YGSuGa4LbR32PAkT9MrZLIoaKBGxPu64UvxfBFm5RIubtrIgpQXHo5m84Jpwef4 +fD/0argZoh1DSlP/LMJ2s/Rhz6fM4bXohtpPJCqo55FLxjhfBrA180SNXwOWbUtp +wsR5qIhy78REHGHjm7ClQBvy7zr20yFJn0+XGFF58W2+GTKstOg6o+L64Ad5byei +VE0SxPhFUamiY2HGmLpBdbl7Rb5El57GJY6cDl9JRgLPoVZf0eYzScv58n1oLT4p +jHkLZgi7RkoLf9SAyR+Pq8dg+j7b7KLVy3fgIPJxmqERm8kqU4KKs1G5oSmD0wI3 +YVWCB9knPTU7VFnvBvDxmD+02uY5lcKCHIllLSZNWJFjtsYU6MJcLC+6dBDHokF5 +76/h5g7oe++YJjut759NqxeKWpXyJLbHgPT9W0+Q2bODItERHF2d3abGDuo4oY/I +28+ihesssWEfkRx4s7wY8KkbsT6FCXfR4uTxuYYeygsmN7F6rQhM97ErGeH9LtmW +JNq6A/RCZaA4rYiAUzpIFZ8x61EhoQtuSgs8EBJo2W7JSJc35zaMFb6oL0Qqkq3w +rMHlBXlTlf0phppJQxrEPqfCPfqdtAJVLk1SxpfW2RgQH0Gbl/VYbK3Fdu2kdnYA +my3uuOqT5k5vG2rdBkvIZWMqB97CWQNBZmiV8hUYjqIJ4HipCY3ZTtnXIipQVS8M +lnVFc+7nSTkzAQ5/RrTBAguiD+b4CvY0H+CVIp5FgaMuo2BaviqqLN8Nx2fUvCGl +7KsXhWjztJgKPbLubUu2UcmOh4QaTrFQ7Lb+/yt3HHzaUWLV/I4hdOgH3VNdTDbh +Y6+55ayW/gXzODhI21bDWRBa6RCyffRtYx+4fccpAz4mz58ho7QyvOoKnVzb6Len +EAAAPJctuwMbY+thu2mBOICn+fni/AMTqTggY37Mk4BAi0641F/6RkujGlz9/2FA +GFifDO/VSWO9OprlmYCr0HuuGdMaHB+VTEj5j+cwpJ5imUhQHaN1Q3masJmD+sdH +27Du/O164hIdblbvUsS+9v3l+EgMbHqC61RQbBuNzs/1slxTz7uO61a5Snu8XYWP +pibxyCaGznvyunCZGTiWuHNYR8OnEJAM4O/wU4ThCzb+fxKDMchs1LG0ptw54L/B +86oMiScXlkCbdl9fjPRuHTuWBqFDm0Lz77POyXzJFpre2XDbQeSQyTzZFeAOFeGy +P4mrLDMvxsrUU8U3EGeQtTvdiFjNS3Ba6k/VN7qjkBcETQHEmmOnO7EVDn9csybm +q+voR7JpokjD2YKCp2MwUUO+rjuTl8LYxUPrmpofY0yH2c+0OqHA6txszkEXgGbz +oXrgFKZqSM+kFGpaRCIPjkulCdC6IB9i0Qu8w1hCMVUPIN5HFoCkP+JC5jzdz08p +s8m2ZgkVmcZQCmtq0IaRQH2nPS1n2V2dbEd12r4exfxXiiU7GZ42jszfopEhF2wl +GCIjc/joTLGZ2M28tGVFDIg+kuCLiB/C97Uf3WGDTmDfqOY2aBfHcJ97rCHIyxpH +ZVnn94IBvanuoA1DZvEs8tmG4dG/QPhstTVcYZg9wALzOURXZix2zRJca937sEoO +PpVXOj5509lrQwOtbizl3zUcJNT9GJBYWQTpceNVY/1JhB6EKfnZ+Am+qVD8/rjg +1ei/jndWOmX628CGuqhCPT7VUnC/0H4oIvYnf+QJlNqv6sbhStw/VPNpMzDiOhnN +Kl/1aGktHth+IFdzTpmqFbRIxLkvvrAzjxLRGfOnH2N5V+sWBudq6PsQ38QbpdEd +WlF37Xdq74wpQKmX165eE10hd42DJkDORPUycpVTr3y0zDVUjnu5Bo2xi2AZqBoH +aylv9hae26ZYLzp2RmAQFkEFxcpuqUvuJq4MtCxmvXivttrBRqaFmBKojxJyOOon +JQQo6aiof1Zd3inx7Prao/aWI77R/vdaS/j1IWqyOFu5BMi3tkdL7yAxLq/e5cbX +KF+bJAvKvdjV48cPyMQ4i+SiJQtFBEj5l7ynrJ2XaOCh2jhxwyLJHG9/qGU5dF0M +YuD4OY8gTxZDpi1jTU5Q6WUqaQBTUrLQqWXEhDLhyHe+f1mqb6IfAfrW8X/Kbp19 +KeOmyOESPIrfz75yG/nQ3IpEk4ufOmNwA9kXYveZOYtFNfZJcjYMIlC37ypg8+Ly +dzvLpx8xuOplz8aMHtNLojkKKoKpc4KYZ+QZzj9FOB6r0mvc9Sqj2A3xFgntnZal +soJwZmaonKT3kRQxDZ3woU+JDfw2Sdg0Fb0jWvoyPcYdnQoExR7uF9Q9O262oAPg +r8g5UNtcKXpGz1x2/IfVNUQwIQfmz1Slty61ed7l+qNcd51jK9RAW8HGbx8Blukn +izE152He9hrM6XhO3h3WaSw7qx7//5n+VNV0yqp3rQnQDr6V+zcfjgRiNWITXkHg +a2Xvju81h5zT/RJD9jon3PBg88effiBF01UD+DxENNsJ2WKtc70HvhRgZoI6/e5b +04YX6HBLSwdbUCLoiXFbXDFtRE0Krmba0tU/i0eRgzUipPDrQQUNt/6x3a7Ks48A +OC3/EDfcCYzu12W9h0TR09YlfiNJnalxGSU2CgzdxWhXvqxu5lfswIgj6c759RnD +v6676NRTlS6J+wn4S0ShNon1D/9siAGkLbhRKBc9TjRhxSGwHLRFYSbRD0ql0RLZ +/8kIlsKSmX/wJo1k9g3MwEN+SddRkbFZwjgZy4vgTQhrH6r4WQzCUXcO9F1i4Acw +rnMmV9fUJ/IZ22snbGny6yaBa5T9RcvPpCW81PXeFBZo0cK9xrs0t5eRqwmyKTpF +FpldzwRoyFRjDnGVACMo/X1eaCwvew+1M8fcSs1p+qrBfrfRiI4tg8bNrYdL/0u1 +RoE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der new file mode 100644 index 0000000000000000000000000000000000000000..f40c9c9fba44817037173a7a0f1433865f5857e4 GIT binary patch literal 2447 zcmV;A32^o>f(eT-Jq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?58m=MWLy*x_- z0tf&w5e5Y-4g&%Q1PB`z&kI*RipvCo2}n<1K18;h*z((5wgp+kqs_>ehWuxDNE$0> z&G{*om#ZF-N?z@;3rmNt8tcWZUC|pi?r02cRy6+lrVfQ0{k1foW=N#VHLj1cRwt00 zS7e0(CEX2tzSWq?fqQ-fz{6B0GqTd=B8><_`P4JXRT$wUTfh*Buvk21xe@J=kPe#B+>#rV zPQ|FhA(JVmA8a{MKvs1Tk3+6-Mh5G0qVV9*VkNA)kcNuAnBTZjGmeX@#;AuAGx>^L z>{|N&jm>8w%J6cd0V`CK(ezel*1-kUhN{YUeXf&emn1oBk{gQaG<%;`EJ$cwy_d&_fU@2FlE2gIQ%y>>1`S2zx=+7|oG&NY_r|_oGc}cQ|o{3RP zHt+EeKW$T?!Cf-x(!4{OQG1igoxsJTt)vaM>S|$2 zIS^8>3uIT3YKn1Mxwi0xK>=O+S9c^(rmSh)IjYQ5A$*a@BP5 zfGQi!()mW*i}AMIRU3pxf#p104mJGLuU|4^)d^)kx7f|%0I!7d;gB;WR!d(6Zd(?}4Gw;s-qWE1 z(oi1}!@6wqk_BMB7iu$tXD5;UzJYj>Ot~4CpIX(krQ|gt+65QB;zt{+)j}BKZDnX^ z>e=YlH^Kk$AumAk@-qJrV?`4Dd~Az}1tq;?TU)_`w$mfr&Py3QZ+SifB0?|*PqoS# zT<2)+L+QS7g8Fv2=qvsa1JReqi#VcZqGyXi(=R#F?~MnjH4mZ*lKC~}h_shq8Dow> z)yI7OPrxy`K?*Xe2l9qurR5lp@Bv1rr!WAMD0HPOq|wt6klfB@C#`EqX0&fRn)$l` zdKm&i<$Pvn9Jp`Sl1o%hVDFZZFk}cNHYMa}<6}GejyD{L?_C7ML0IE8HD||%syMlO zncE7tWq5YgT;fFmdD#XtVUR3Ap5TGPQo}YmM>r$Z)eaF8&>y!k#N5k@=5O_7V~~Po zgys;O@hjJlD#(^7$za6zYw+}$@cE(3lD93LG**Yvpcm=xyIQYG#w;o7ek->CuUC6a zpoeDn`#f#ci0E;ewF6vwoSSJDYuMXSWfHf{q9MoSrSqD|xlyu7qFJb&gg`_8K7YXjK z*p9+9^<2Ke0S8@n6Xv3JfmTcrlPyT9+@|8(00OrXcpcT}6eP+LpLb>4<+G+Y zL(_*wHD+~&8@Mf01x`){*yPQRjkEXpJF530Yx#rAt^vX@cfSb$WP1A)6^QnbccxEO zoiXh9Sgr&L*L#Nos~13ey32^H6Ge{(D~+!ZRMW>(0<^JtfMxX9cMgKLTsRm|>?BS< z4D>sk{nGoo7cFu}B$ADtBd}%t8OW;Y*P8>Bp;Br|WH`t7O+i z6jo1I=5Vn|)B9-hq5BHfIDdT~1A|~&S9`Xa1LKZk$3ZqRy}Amo(9UBJZ6gT&rw-zy z*U7fhDI)vZI&i~=fU+3^kxD`fF&YBeVZe=tSF27`(A?cWuN+g!GwY2vPJfKI@lQb~ z;;9`gdwY?~3FdEy(<-@1&p~^(Lv-eK-Sej_SKU3<7dcAFJxLt;F&>d=-{i=XPz`CW zxbldud@WBzU9S~n&=ymOHqZ1#iSS0c#?h3TCLp$5pV!?CO1>4ZAM2TT_*16%9uMUR zaG{^SJM{wm${@Y6zp&*-RuctPwxVRTfsP_1B=-PR*rgCY?H5vu`(*%!|LEJF{t4Gk zddFDjOT^QZc(8f9&Oh(V1J2D`FGCTylyB_I&K%qETCX`4J6!XIM+Jjr3*T(th Date: Tue, 22 Nov 2016 14:56:18 +0800 Subject: [PATCH 0288/1059] Correct the printf message of the DTLS handshake. Make it consistent with dtls_server.c --- programs/ssl/dtls_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index e18ee42a12..f271bad30f 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -203,7 +203,7 @@ int main( int argc, char *argv[] ) /* * 4. Handshake */ - mbedtls_printf( " . Performing the SSL/TLS handshake..." ); + mbedtls_printf( " . Performing the DTLS handshake..." ); fflush( stdout ); do ret = mbedtls_ssl_handshake( &ssl ); From 376f7f5fe19b1ed354467adc31060b9bb41ae679 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 23 Aug 2017 16:04:40 +0300 Subject: [PATCH 0289/1059] Fix typo in configs/README.txt file Fix typo in Readme file: ajust->adjust --- configs/README.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/README.txt b/configs/README.txt index e9867bc150..933fa7f21d 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -8,7 +8,7 @@ These files are complete replacements for the default config.h. To use one of them, you can pick one of the following methods: 1. Replace the default file include/mbedtls/config.h with the chosen one. - (Depending on your compiler, you may need to ajust the line with + (Depending on your compiler, you may need to adjust the line with #include "mbedtls/check_config.h" then.) 2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly. From 713fe7f66c4b393e1905568786d6d615a761edbd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 May 2017 11:24:30 +0100 Subject: [PATCH 0290/1059] Add test case calling ssl_set_hostname twice Add a test case calling ssl_set_hostname twice to test_suite_ssl. When run in CMake build mode ASan, this catches the current leak, but will hopefully be fine with the new version. --- tests/suites/test_suite_ssl.data | 3 +++ tests/suites/test_suite_ssl.function | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index a39f6f09f0..b92c1fe8a2 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -54,3 +54,6 @@ ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd12340101":0 SSL DTLS replay: big jump then just delayed ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd123400ff":0 + +SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice +ssl_set_hostname_twice:"server0":"server1" diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8d3448cbc3..60683afeec 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -40,3 +40,16 @@ void ssl_dtls_replay( char *prevs, char *new, int ret ) mbedtls_ssl_config_free( &conf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ +void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) +{ + mbedtls_ssl_context ssl; + mbedtls_ssl_init( &ssl ); + + TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 ); + TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 ); + + mbedtls_ssl_free( &ssl ); +} +/* END_CASE */ \ No newline at end of file From 39f5d359f5bdebd76c4491920002dda8c4789fb8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 13:25:49 +0100 Subject: [PATCH 0291/1059] Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter. --- library/ssl_tls.c | 55 +++++++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065b..8d143a383b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6159,7 +6159,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, { conf->sig_hashes = hashes; } -#endif +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(MBEDTLS_ECP_C) /* @@ -6170,32 +6170,51 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, { conf->curve_list = curve_list; } -#endif +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) { - size_t hostname_len; + /* Initialize to suppress unnecessary compiler warning */ + size_t hostname_len = 0; + + /* Check if new hostname is valid before + * making any change to current one */ + + if( hostname != NULL ) + { + hostname_len = strlen( hostname ); + + if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + /* Now it's clear that we will overwrite the old hostname, + * so we can free it safely */ + + if( ssl->hostname != NULL ) + { + mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_free( ssl->hostname ); + } + + /* Passing NULL as hostname shall clear the old one */ if( hostname == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + { + ssl->hostname = NULL; + } + else + { + ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - hostname_len = strlen( hostname ); + if( ssl->hostname == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - if( hostname_len + 1 == 0 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + memcpy( ssl->hostname, hostname, hostname_len ); - if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - - if( ssl->hostname == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - memcpy( ssl->hostname, hostname, hostname_len ); - - ssl->hostname[hostname_len] = '\0'; + ssl->hostname[hostname_len] = '\0'; + } return( 0 ); } From f5f9d11accdbd95ec82d28785c14019eb8c925d9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 12:59:32 +0100 Subject: [PATCH 0292/1059] Enhance documentation of mbedtls_ssl_set_hostname (1) Add missing error condition (2) Specify allowance and effect of of NULL hostname parameter (3) Describe effect of function on failure --- include/mbedtls/ssl.h | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc00070062..87ea00dbb6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1794,15 +1794,23 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** - * \brief Set the hostname to check against the received server - * certificate. It sets the ServerName TLS extension too, - * if the extension is enabled. - * (client-side only) + * \brief Set or reset the hostname to check against the received + * server certificate. It sets the ServerName TLS extension, + * too, if that extension is enabled. (client-side only) * * \param ssl SSL context - * \param hostname the server hostname + * \param hostname the server hostname, may be NULL to clear hostname + + * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. + * + * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * too long input hostname. + * + * \post Hostname set to the one provided on success (cleared + * when NULL). On allocation failure hostname is cleared. + * On too long input failure, old hostname is unchanged. * - * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ From 2f38a43d3a53173d3129457d5c93d99834fb0ca9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 13:02:16 +0100 Subject: [PATCH 0293/1059] Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. Add a reference to the relevant RFC, adapt ChangeLog. --- ChangeLog | 2 ++ include/mbedtls/ssl.h | 5 ++--- library/ssl_cli.c | 8 ++++++++ library/ssl_tls.c | 2 +- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2bbc4c333b..565ea29041 100644 --- a/ChangeLog +++ b/ChangeLog @@ -194,6 +194,8 @@ Security team. #569 CVE-2017-2784 Bugfix + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 87ea00dbb6..e98101e19d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1804,13 +1804,12 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * - * \post Hostname set to the one provided on success (cleared + * Hostname set to the one provided on success (cleared * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. - * */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe1..19bf021e26 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -80,6 +80,13 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, } /* + * Sect. 3, RFC 6066 (TLS Extensions Definitions) + * + * In order to provide any of the server names, clients MAY include an + * extension of type "server_name" in the (extended) client hello. The + * "extension_data" field of this extension SHALL contain + * "ServerNameList" where: + * * struct { * NameType name_type; * select (name_type) { @@ -96,6 +103,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * struct { * ServerName server_name_list<1..2^16-1> * } ServerNameList; + * */ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8d143a383b..de2490ced9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6218,7 +6218,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) return( 0 ); } -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, From 83ce8201dcd2739a2350fcfc20d28083653c4e3f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 30 Sep 2017 23:39:46 +0100 Subject: [PATCH 0294/1059] Update ChangeLog for fix to #836 --- ChangeLog | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 565ea29041..ec91259611 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Allow comments in test data files. +Bugfix + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by projectgus and jethrogb, #836. + = mbed TLS 2.6.0 branch released 2017-08-10 Security @@ -194,8 +198,6 @@ Security team. #569 CVE-2017-2784 Bugfix - * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. - Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be From ba5b755f1a286dea5d80cd57fd5c75399635cf7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 09:55:49 +0100 Subject: [PATCH 0295/1059] Change signature and semantics of `mbedtls_rsa_deduce_moduli` Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has been found. --- include/mbedtls/rsa.h | 20 +++++------------- library/rsa.c | 49 ++++++++++++++----------------------------- 2 files changed, 21 insertions(+), 48 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 14cdef8d5c..a7e8a3320d 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -96,23 +96,13 @@ extern "C" { * * \return * - 0 if successful. In this case, P and Q constitute a - * factorization of N, and it is guaranteed that D and E - * are indeed modular inverses modulo P-1 and modulo Q-1. - * The values of N, D and E are unchanged. It is checked - * that P, Q are prime if a PRNG is provided. - * - A non-zero error code otherwise. In this case, the values - * of N, D, E are undefined. + * factorization of N. + * - A non-zero error code otherwise. * - * \note The input MPI's are deliberately not declared as constant - * and may therefore be used for in-place calculations by - * the implementation. In particular, their values can be - * corrupted when the function fails. If the user cannot - * tolerate this, he has to make copies of the MPI's prior - * to calling this function. See \c mbedtls_mpi_copy for this. */ -int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_mpi *P, mbedtls_mpi *Q ); +int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, + mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ); /** * \brief Compute RSA private exponent from diff --git a/library/rsa.c b/library/rsa.c index bb456df496..e01397ec92 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -129,20 +129,11 @@ static void mbedtls_zeroize( void *v, size_t n ) { * of (a) and (b) above to attempt to factor N. * */ -int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, +int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, + mbedtls_mpi const *D, mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ) { - /* Implementation note: - * - * Space-efficiency is given preference over time-efficiency here: - * several calculations are done in place and temporarily change - * the values of D and E. - * - * Specifically, D is replaced by the largest odd divisor of DE - 1 - * throughout the calculations. - */ - int ret = 0; uint16_t attempt; /* Number of current attempt */ @@ -151,11 +142,9 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, uint16_t bitlen_half; /* Half the bitsize of the modulus N */ uint16_t order; /* Order of 2 in DE - 1 */ - mbedtls_mpi K; /* Temporary used for two purposes: - * - During factorization attempts, stores a random integer - * in the range of [0,..,N] - * - During verification, holding intermediate results. - */ + mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ + mbedtls_mpi K; /* During factorization attempts, stores a random integer + * in the range of [0,..,N] */ if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -174,20 +163,20 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, */ mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &T ); - /* Replace D by DE - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( D, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( D, D, 1 ) ); + /* T := DE - 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); - if( ( order = mbedtls_mpi_lsb( D ) ) == 0 ) + if( ( order = mbedtls_mpi_lsb( &T ) ) == 0 ) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; } - /* After this operation, D holds the largest odd divisor - * of DE - 1 for the original values of D and E. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( D, order ) ); + /* After this operation, T holds the largest odd divisor of DE - 1. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); /* This is used to generate a few numbers around N / 2 * if no PRNG is provided. */ @@ -220,9 +209,9 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) continue; - /* Go through K^X + 1, K^(2X) + 1, K^(4X) + 1, ... + /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... * and check whether they have nontrivial GCD with N. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, D, N, + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N, Q /* temporarily use Q for storing Montgomery * multiplication helper values */ ) ); @@ -239,14 +228,7 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, * Set Q := N / P. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, &K, N, P ) ); - - /* Restore D */ - - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( D, order ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( D, D, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( D, NULL, D, E ) ); - + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) ); goto cleanup; } @@ -261,6 +243,7 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, cleanup: mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &T ); return( ret ); } From bdefff1ddeb9ef51cb495734debd076d20e2bbd0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 09:57:50 +0100 Subject: [PATCH 0296/1059] Change signature of `mbedtls_rsa_deduce_private` Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations. --- include/mbedtls/rsa.h | 13 +++--------- library/rsa.c | 30 ++++++++++++++-------------- tests/suites/test_suite_rsa.function | 2 +- 3 files changed, 19 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a7e8a3320d..e45520f9a8 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -122,18 +122,11 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, * \return * - 0 if successful. In this case, D is set to a simultaneous * modular inverse of E modulo both P-1 and Q-1. - * - A non-zero error code otherwise. In this case, the values - * of P, Q, E are undefined. + * - A non-zero error code otherwise. * - * \note The input MPI's are deliberately not declared as constant - * and may therefore be used for in-place calculations by - * the implementation. In particular, their values can be - * corrupted when the function fails. If the user cannot - * tolerate this, he has to make copies of the MPI's prior - * to calling this function. See \c mbedtls_mpi_copy for this. */ -int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *E, - mbedtls_mpi *D ); +int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, + mbedtls_mpi const *E, mbedtls_mpi *D ); /** diff --git a/library/rsa.c b/library/rsa.c index e01397ec92..3e58c854a2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -252,11 +252,13 @@ cleanup: * This is essentially a modular inversion. */ -int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E ) +int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ) { int ret = 0; - mbedtls_mpi K; + mbedtls_mpi K, L; if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -269,28 +271,26 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, } mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); - /* Temporarily replace P and Q by P-1 and Q-1, respectively. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); + /* Temporarily put K := P-1 and L := Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); - /* Temporarily compute the gcd(P-1, Q-1) in D. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, P, Q ) ); + /* Temporarily put D := gcd(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) ); - /* Compute LCM(P-1, Q-1) in K */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); + /* K := LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); /* Compute modular inverse of E in LCM(P-1, Q-1) */ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); - /* Restore P and Q. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); - cleanup: mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); return( ret ); } @@ -664,7 +664,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * so together with the primality test above all core parameters are * guaranteed to be sane if this call succeeds. */ if( ( ret = mbedtls_rsa_deduce_private( &ctx->P, &ctx->Q, - &ctx->D, &ctx->E ) ) != 0 ) + &ctx->E, &ctx->D ) ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 062b971538..f32155479b 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -804,7 +804,7 @@ void mbedtls_rsa_deduce_private( int radix_P, char *input_P, } /* Try to deduce D from N, P, Q, E. */ - TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &D, &E ) == result ); + TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &E, &D ) == result ); if( !corrupt ) { From 1b831fe1c54c7c4c75d194c7ffae6b67486a2805 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 12:24:50 +0100 Subject: [PATCH 0297/1059] Clarify guarantees made by `rsa_deduce_moduli/private/crt` --- include/mbedtls/rsa.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e45520f9a8..05c18a9970 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -99,6 +99,10 @@ extern "C" { * factorization of N. * - A non-zero error code otherwise. * + * \note It is neither checked that P, Q are prime nor that + * D, E are modular inverses wrt. P-1 and Q-1. For that, + * use the helper function \c mbedtls_rsa_validate_params. + * */ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), @@ -117,13 +121,13 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, * \param E RSA public exponent * \param D Pointer to MPI holding the private exponent on success. * - * \note This function does not check whether P and Q are primes. - * * \return * - 0 if successful. In this case, D is set to a simultaneous * modular inverse of E modulo both P-1 and Q-1. * - A non-zero error code otherwise. * + * \note This function does not check whether P and Q are primes. + * */ int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, mbedtls_mpi const *E, mbedtls_mpi *D ); @@ -145,6 +149,9 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, * * \return 0 on success, non-zero error code otherwise. * + * \note This function does not check whether P, Q are + * prime and whether D is a valid private exponent. + * */ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, mbedtls_mpi *DP, From 43a08d029ea2844dbc60eee97952f446c1addbf0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 13:16:35 +0100 Subject: [PATCH 0298/1059] Clarify guarantees made by `rsa_check_privkey` and `rsa_complete` Document explicitly that `mbedtls_rsa_check_privkey` and `mbedtls_rsa_complete` succeeding does not guarantee the consistency of the underlying RSA private key but only that enough information is present to perform a private key operation. --- include/mbedtls/rsa.h | 55 +++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 05c18a9970..d711e05472 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -375,8 +375,8 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * a set of imported core parameters. * * \param ctx Initialized RSA context to store parameters - * \param f_rng RNG function, - * \param p_rng RNG parameter + * \param f_rng RNG function, or NULL + * \param p_rng RNG parameter, or NULL * * \note * - To setup an RSA public key, precisely N and E @@ -392,15 +392,26 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * - Alternative implementations need not support these * and may return \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. * - * \note The PRNG is used for probabilistic algorithms - * like the derivation of P, Q from N, D, E, as - * well as primality checks. + * \note The PRNG is used for the probabilistic algorithm + * used in the derivation of P, Q from N, D, E. If it + * not present, a deterministic heuristic is used. * - * \return - 0 if successful. In this case, all imported core - * parameters are guaranteed to be sane, the RSA context - * has been fully setup and is ready for use. + * \return + * - 0 if successful. In this case, it is guaranteed + * the functions \c mbedtls_rsa_check_pubkey resp. + * \c mbedtls_rsa_check_privkey pass in case of a + * public resp. private key. * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. + * + * \warning Implementations are *not* obliged to perform exhaustive + * validation of the imported parameters! + * In particular, parameters that are not needed by the + * implementation may be silently discarded and left unchecked. + * If the user mistrusts the given key material, he should + * employ other means for verification like the helper functions + * \c mbedtls_rsa_validate_params, \c mbedtls_rsa_validate_crt. + * */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -573,21 +584,39 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, unsigned int nbits, int exponent ); /** - * \brief Check if a context contains an RSA public key + * \brief Check if a context contains (at least) an RSA public key * * \param ctx RSA context to be checked * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. + * On success, it is guaranteed that enough information is + * present to perform an RSA public key operation + * \c mbedtls_rsa_public. + * */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); /** - * \brief Check if a context contains a complete - * and valid RSA private key. + * \brief Check if a context contains an RSA private key + * and perform basic sanity checks. * * \param ctx RSA context to be checked * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. + * On success, it is guaranteed that enough information is + * present to perform RSA private and public key operations. + * + * \warning This function is *not* obliged to perform an exhaustive + * sanity check what would guarantee the internal parameters + * to match and \c mbedtls_rsa_private and \c mbedtls_rsa_public + * to be mutually inverse to each other. + * The reason is that for minimal non-CRT implementations + * using only N, D, E, for example, checking the validity + * would be computationally expensive. + * Users mistrusting their key material should use other + * means for verification; see the documentation of + * \c mbedtls_rsa_complete. + * */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); From 7471631ddec87c968ddb614dabe8932f310c6f05 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 10:00:37 +0100 Subject: [PATCH 0299/1059] Make input arguments to `mbedtls_rsa_import_raw` constant Original intention was to be allowed to perform in-place operations like changing the byte-order before importing parameters into an HSM. Now a copy is needed in this case, but there's no more danger of a user expecting the arguments to be left untouched. --- include/mbedtls/rsa.h | 10 +++++----- library/rsa.c | 11 ++++++----- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index d711e05472..94e0b2888d 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -364,11 +364,11 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * \return 0 if successful, non-zero error code on failure. */ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ); + unsigned char const *N, size_t N_len, + unsigned char const *P, size_t P_len, + unsigned char const *Q, size_t Q_len, + unsigned char const *D, size_t D_len, + unsigned char const *E, size_t E_len ); /** * \brief Attempt to complete an RSA context from diff --git a/library/rsa.c b/library/rsa.c index 3e58c854a2..00f83a06a4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -18,6 +18,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ + /* * The following sources were referenced in the design of this implementation * of the RSA algorithm: @@ -551,11 +552,11 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, } int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ) + unsigned char const *N, size_t N_len, + unsigned char const *P, size_t P_len, + unsigned char const *Q, size_t Q_len, + unsigned char const *D, size_t D_len, + unsigned char const *E, size_t E_len ) { int ret; From 3f3ae85e11852d52984d0a27ead5c4cee3da729b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 10:08:39 +0100 Subject: [PATCH 0300/1059] Correct memory leak in RSA test suite The test for `mbedtls_rsa_import_raw` didn't include freeing the allocate buffers. --- tests/suites/test_suite_rsa.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f32155479b..b965bd65b2 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1329,20 +1329,19 @@ void mbedtls_rsa_import_raw( char *input_N, size_t lenE = 0; mbedtls_rsa_context ctx; - mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); + mbedtls_rsa_init( &ctx, 0, 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) == 0 ); - mbedtls_rsa_init( &ctx, 0, 0 ); - if( strlen( input_N ) ) lenN = unhexify( bufN, input_N ); @@ -1437,6 +1436,10 @@ void mbedtls_rsa_import_raw( char *input_N, exit: + mbedtls_free( buf_orig ); + mbedtls_free( buf_enc ); + mbedtls_free( buf_dec ); + mbedtls_rsa_free( &ctx ); mbedtls_ctr_drbg_free( &ctr_drbg ); From 98838b04afca59ff562746829e3912521b8f8c38 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 13:16:10 +0100 Subject: [PATCH 0301/1059] Minor improvements --- include/mbedtls/rsa.h | 5 ++-- library/rsa.c | 55 +++++++++++++++++++++++++++---------------- 2 files changed, 38 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 94e0b2888d..d3347fc031 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -383,7 +383,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * must have been imported. * * - To setup an RSA private key, enough information must be - * present for the other parameters to be efficiently derivable. + * present for the other parameters to be derivable. * * The default implementation supports the following: * - Derive P, Q from N, D, E @@ -629,7 +629,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); +int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, + const mbedtls_rsa_context *prv ); /** * \brief Do an RSA public key operation diff --git a/library/rsa.c b/library/rsa.c index 00f83a06a4..1fcffdfc3a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -310,7 +310,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, mbedtls_mpi_init( &K ); mbedtls_mpi_init( &L ); - /* Check that DP - P == 0 mod P - 1 */ + /* Check that DP - D == 0 mod P - 1 */ if( DP != NULL ) { if( P == NULL ) @@ -329,7 +329,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, } } - /* Check that DQ - Q == 0 mod Q - 1 */ + /* Check that DQ - D == 0 mod Q - 1 */ if( DQ != NULL ) { if( Q == NULL ) @@ -348,7 +348,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, } } - /* Check that QP * P - 1 == 0 mod P */ + /* Check that QP * Q - 1 == 0 mod P */ if( QP != NULL ) { if( P == NULL || Q == NULL ) @@ -689,7 +689,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, #endif /* MBEDTLS_RSA_NO_CRT */ /* - * Step 3: Double check + * Step 3: Basic sanity check */ if( is_priv ) @@ -1009,23 +1009,32 @@ cleanup: */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { - if( !ctx->N.p || !ctx->E.p ) + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - if( ( ctx->N.p[0] & 1 ) == 0 || - ( ctx->E.p[0] & 1 ) == 0 ) + if( mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 || + mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } if( mbedtls_mpi_bitlen( &ctx->N ) < 128 || mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } if( mbedtls_mpi_bitlen( &ctx->E ) < 2 || mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } return( 0 ); } @@ -1035,8 +1044,10 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { - if( mbedtls_rsa_check_pubkey( ctx ) != 0 || - mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, + if( mbedtls_rsa_check_pubkey( ctx ) != 0 ) + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + + if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, &ctx->D, &ctx->E, NULL, NULL ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -1055,9 +1066,10 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) /* * Check if contexts holding a public and private key match */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ) +int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, + const mbedtls_rsa_context *prv ) { - if( mbedtls_rsa_check_pubkey( pub ) != 0 || + if( mbedtls_rsa_check_pubkey( pub ) != 0 || mbedtls_rsa_check_privkey( prv ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -2621,8 +2633,9 @@ int mbedtls_rsa_self_test( int verbose ) memcpy( rsa_plaintext, RSA_PT, PT_LEN ); - if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, PT_LEN, - rsa_plaintext, rsa_ciphertext ) != 0 ) + if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, + PT_LEN, rsa_plaintext, + rsa_ciphertext ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -2633,9 +2646,9 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 decryption : " ); - if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, &len, - rsa_ciphertext, rsa_decrypted, - sizeof(rsa_decrypted) ) != 0 ) + if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, + &len, rsa_ciphertext, rsa_decrypted, + sizeof(rsa_decrypted) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -2660,8 +2673,9 @@ int mbedtls_rsa_self_test( int verbose ) mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); - if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, - sha1sum, rsa_ciphertext ) != 0 ) + if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, + sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -2672,8 +2686,9 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, - sha1sum, rsa_ciphertext ) != 0 ) + if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, + sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); From c6fc878eda1421c68a3414bf47546e4f64f63839 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 12:25:52 +0100 Subject: [PATCH 0302/1059] Remove `mbedtls_rsa_check_crt` This is no longer needed after the decision to not exhaustively validate private key material. --- include/mbedtls/rsa.h | 23 ------------ library/pkparse.c | 3 +- library/rsa.c | 70 ------------------------------------- programs/pkey/rsa_decrypt.c | 8 ----- programs/pkey/rsa_sign.c | 8 ----- 5 files changed, 1 insertion(+), 111 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index d3347fc031..df0ade80c2 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -417,29 +417,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); -/** - * \brief Check if CRT-parameters match core parameters - * - * \param ctx Complete RSA private key context - * \param DP Private exponent modulo P-1, or NULL - * \param DQ Private exponent modulo Q-1, or NULL - * \param QP Modular inverse of Q modulo P, or NULL - * - * \return 0 if successful, testifying that the non-NULL optional - * parameters provided are in accordance with the core - * RSA parameters. Non-zero error code otherwise. - * - * \note This function performs in-place computations on the - * parameters DP, DQ and QP. If modification cannot be - * tolerated, you should make copies with mbedtls_mpi_copy - * before calling this function. - * - */ -int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, - mbedtls_mpi *DQ, - mbedtls_mpi *QP ); - /** * \brief Export core parameters of an RSA key * diff --git a/library/pkparse.c b/library/pkparse.c index a6916e7b9b..f0b9db3201 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -751,8 +751,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, /* Check optional parameters */ if( ( ret = mbedtls_asn1_get_mpi( &p, end, &DP ) ) != 0 || ( ret = mbedtls_asn1_get_mpi( &p, end, &DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 || - ( ret = mbedtls_rsa_check_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 ) goto cleanup; if( p != end ) diff --git a/library/rsa.c b/library/rsa.c index 1fcffdfc3a..841f489767 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -706,52 +706,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, return( 0 ); } -/* - * Check if CRT parameters match RSA context. - * This has to be implemented even if CRT is not used, - * in order to be able to validate DER encoded RSA keys, - * which always contain CRT parameters. - */ -int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) -{ - int ret = 0; - - /* Check if key is private or public */ - const int is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; - - if( !is_priv ) - { - /* Checking optional parameters only makes sense for private keys. */ - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } - -#if !defined(MBEDTLS_RSA_NO_CRT) - if( ( DP != NULL && mbedtls_mpi_cmp_mpi( DP, &ctx->DP ) != 0 ) || - ( DQ != NULL && mbedtls_mpi_cmp_mpi( DQ, &ctx->DQ ) != 0 ) || - ( QP != NULL && mbedtls_mpi_cmp_mpi( QP, &ctx->QP ) != 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } -#else /* MBEDTLS_RSA_NO_CRT */ - if( ( ret = mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, - DP, DQ, QP ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } -#endif - - if( ret != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); - - return( 0 ); -} - int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, unsigned char *P, size_t P_len, @@ -2532,21 +2486,6 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) "910E4168387E3C30AA1E00C339A79508" \ "8452DD96A9A5EA5D9DCA68DA636032AF" -#define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \ - "3C94D22288ACD763FD8E5600ED4A702D" \ - "F84198A5F06C2E72236AE490C93F07F8" \ - "3CC559CD27BC2D1CA488811730BB5725" - -#define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \ - "D8AAEA56749EA28623272E4F7D0592AF" \ - "7C1F1313CAC9471B5C523BFE592F517B" \ - "407A1BD76C164B93DA2D32A383E58357" - -#define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \ - "F38D18D2B2F0E2DD275AA977E2BF4411" \ - "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \ - "A74206CEC169D74BF5A8C50D6F48EA08" - #define PT_LEN 24 #define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \ "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD" @@ -2619,15 +2558,6 @@ int mbedtls_rsa_self_test( int verbose ) return( 1 ); } - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DP ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, &K, NULL, NULL ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DQ ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, &K, NULL ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_QP ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, NULL, &K ) ); - if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 encryption : " ); diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 493c8706ef..48275bc238 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -150,14 +150,6 @@ int main( int argc, char *argv[] ) goto exit; } - /* Although we're not using them, verify CRT parameters */ - if( ( return_val = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_rsa_check_crt returned %d\n\n", - return_val ); - goto exit; - } - /* * Extract the RSA encrypted value from the text file */ diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 5f615618f2..ff6473632e 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -130,14 +130,6 @@ int main( int argc, char *argv[] ) goto exit; } - /* Although we're not using them, verify CRT parameters */ - if( ( ret = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_rsa_check_crt returned %d\n\n", - ret ); - goto exit; - } - /* * Compute the SHA-256 hash of the input file, * then calculate the RSA signature of the hash. From b5beaa8995289f080ba410eea293a3065d62bec3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 13:01:43 +0100 Subject: [PATCH 0303/1059] Check that 1 < D, E < N in `mbedtls_rsa_validate_params` --- include/mbedtls/rsa.h | 11 ++++++----- library/rsa.c | 26 ++++++++++++++++++++------ 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df0ade80c2..46daac55f3 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -174,12 +174,13 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * \param p_rng PRNG context for f_rng, or NULL * * \return - * - 0 if the following conditions are satisfied: - * - N = PQ if N,P,Q != NULL + * - 0 if the following conditions are satisfied + * if all relevant parameters are provided: + * - P prime if f_rng != NULL + * - Q prime if f_rng != NULL + * - 1 < N = PQ + * - 1 < D, E < N * - D and E are modular inverses modulo P-1 and Q-1 - * if D,E,P,Q != NULL - * - P prime if f_rng, P != NULL - * - Q prime if f_rng, Q != NULL * - A non-zero error code otherwise. * * \note The function can be used with a restricted set of arguments diff --git a/library/rsa.c b/library/rsa.c index 841f489767..b0ba1eb2c6 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -422,13 +422,13 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, #endif /* MBEDTLS_GENPRIME */ /* - * Step 2: Check that N = PQ + * Step 2: Check that 1 < N = PQ */ if( P != NULL && Q != NULL && N != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || + if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; @@ -437,15 +437,29 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, } /* - * Step 3: Check that D, E are inverse modulo P-1 and Q-1 + * Step 3: Check and 1 < D, E < N if present. + */ + + if( N != NULL && D != NULL && E != NULL ) + { + if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( D, N ) >= 0 || + mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* + * Step 4: Check that D, E are inverse modulo P-1 and Q-1 */ if( P != NULL && Q != NULL && D != NULL && E != NULL ) { if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || - mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 ) + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; From 70da2c545b239c710a5f30893402a4f4c051af13 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 15:02:59 +0100 Subject: [PATCH 0304/1059] Improve documentation of `mbedtls_dhm_make_params` --- include/mbedtls/dhm.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 542592d855..9254d953ad 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -211,9 +211,11 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * \param p_rng RNG parameter * * \note The destination buffer must be large enough to hold - * the modulus, the generator, and the public key, each - * wrapped with a 2-byte length field. It is the responsibility - * of the caller to ensure that enough space is available. + * the reduced binary presentation of the modulus, the generator + * and the public key, each wrapped with a 2-byte length field. + * It is the responsibility of the caller to ensure that enough + * space is available. Refer to \c mbedtls_mpi_size to computing + * the byte-size of an MPI. * * \note This function assumes that ctx->P and ctx->G * have already been properly set (for example From de6c1644cc68e34bf0ccf1161f0cf0e74853434d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 15:03:15 +0100 Subject: [PATCH 0305/1059] Add brackets around arguments of internal macro DHM_MPI_EXPORT --- library/dhm.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index a29b02992e..344b92cb5c 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -430,12 +430,14 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, /* * export P, G, GX */ -#define DHM_MPI_EXPORT(X,n) \ +#define DHM_MPI_EXPORT( X, n ) \ do { \ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, p + 2, n ) ); \ - *p++ = (unsigned char)( n >> 8 ); \ - *p++ = (unsigned char)( n ); \ - p += n; \ + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ), \ + p + 2, \ + ( n ) ) ); \ + *p++ = (unsigned char)( ( n ) >> 8 ); \ + *p++ = (unsigned char)( ( n ) ); \ + p += ( n ); \ } while( 0 ) n1 = mbedtls_mpi_size( &ctx->P ); From f8258e7d5a50b61e2d525b4a62d056e665dbe320 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 15:04:40 +0100 Subject: [PATCH 0306/1059] Adapt documentation of `mbedtls_ssl_conf_dh_param` to new moduli --- include/mbedtls/ssl.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc00070062..fb2f02f0e8 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1702,7 +1702,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, /** * \brief Set the Diffie-Hellman public P and G values, * read as hexadecimal strings (server-side only) - * (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG]) + * (Default: mbedtls_dhm_rfc7919_ffdhe2048_[pg]) * * \param conf SSL configuration * \param dhm_P Diffie-Hellman-Merkle modulus @@ -1710,7 +1710,9 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, * * \return 0 if successful */ -int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ); +int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, + const char *dhm_P, + const char *dhm_G ); /** * \brief Set the Diffie-Hellman public P and G values, From d4d856265ec2c486a3dc83238934c11a77d239b9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 15:06:27 +0100 Subject: [PATCH 0307/1059] Don't use deprecated macro form of DHM moduli in benchmark program --- programs/test/benchmark.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index eb578e7306..9c6d46271b 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -668,12 +668,12 @@ int main( int argc, char *argv[] ) { int dhm_sizes[] = { 2048, 3072 }; const char *dhm_P[] = { - MBEDTLS_DHM_RFC3526_MODP_2048_P, - MBEDTLS_DHM_RFC3526_MODP_3072_P, + mbedtls_dhm_rfc3526_modp_2048_p, + mbedtls_dhm_rfc3526_modp_3072_p, }; const char *dhm_G[] = { - MBEDTLS_DHM_RFC3526_MODP_2048_G, - MBEDTLS_DHM_RFC3526_MODP_3072_G, + mbedtls_dhm_rfc3526_modp_2048_g, + mbedtls_dhm_rfc3526_modp_3072_g, }; mbedtls_dhm_context dhm; From f240ea0b50c16dcae781c23294eba2468fdd59c2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 15:09:14 +0100 Subject: [PATCH 0308/1059] Expand documentation of `mbedtls_dhm_read_params` --- include/mbedtls/dhm.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 9254d953ad..ed39f8db42 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -190,8 +190,13 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); * \brief Parse the ServerKeyExchange parameters * * \param ctx DHM context - * \param p &(start of input buffer), will be increased - * by the amount of data read. + * \param p On input, *p must be the start of the input buffer. + * On output, *p is updated to point to the end of the data + * that has been read. On success, this is the first byte + * past the end of the ServerKeyExchange parameters. + * On error, this is the point at which an error has been + * detected, which is usually not useful except to debug + * failures. * \param end end of buffer * * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code From 4e1be398f64170a10495561e91ccc27aa31f94a3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 15:56:48 +0100 Subject: [PATCH 0309/1059] Remove FORCE_VERIFICATION and FORCE_BLINDING --- include/mbedtls/config.h | 77 -------------------------------------- include/mbedtls/rsa.h | 31 +++------------ library/rsa.c | 22 ----------- library/version_features.c | 9 ----- 4 files changed, 5 insertions(+), 134 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 741ce416ae..52556262a9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -970,41 +970,6 @@ */ #define MBEDTLS_PKCS1_V21 -/** - * \def MBEDTLS_RSA_FORCE_BLINDING - * - * Force the use of blinding in RSA private key operations. - * This makes these operations fail when the caller doesn't - * provide a PRNG. - * - * Comment this macro to allow RSA private key operations - * without blinding. - * - * \deprecated Disabling this option is deprecated and only - * disabled by default for backwards compatibility. - * Future versions of Mbed TLS will remove this - * option and enforce blinding unconditionally. - * - * \warning Disabling this can be a security risk! - * Blinding RSA private key operations is a way - * to prevent statistical timing attacks as in - * [P. Kocher ', Timing Attacks on Implementations - * of Diffie-Hellman, RSA, DSS, and Other Systems] - * - * \note Disabling this does not mean that blinding - * will never be used: if a PRNG is provided, - * blinding will be in place. Instead, disabling this - * option may result in private key operations being - * performed in a way potentially leaking sensitive - * information through side-channels when no PRNG - * is supplied by the user. - * - * \note For more on the use of blinding in RSA - * private key operations, see the documentation - * of \c mbedtls_rsa_private. - */ -//#define MBEDTLS_RSA_FORCE_BLINDING - /** * \def MBEDTLS_RSA_NO_CRT * @@ -1016,48 +981,6 @@ */ //#define MBEDTLS_RSA_NO_CRT -/** - * \def MBEDTLS_RSA_FORCE_CRT_VERIFICATION - * - * Force verification of results of RSA private key operations - * when RSA-CRT is used. - * - * Comment this macro to disable RSA-CRT verification. - * - * \warning Disabling this can be a security risk! - * Omitting verification makes the RSA-CRT - * signing vulnerable to the Bellcore - * glitch attack leading to private key - * compromise if an attacker can cause a - * glitch in a certain timeframe during - * the signing operation. Uncomment only - * if you're sure that glitches are out of - * your attack model. - */ -#define MBEDTLS_RSA_FORCE_CRT_VERIFICATION - -/** - * \def MBEDTLS_RSA_FORCE_VERIFICATION - * - * Force verification of results of any RSA private key - * operation regardless of the algorithm used. - * - * Uncomment this to enable unconditional RSA verification. - * - * \note This is to prevent the RSA signing operation - * (regardless of the particular algorithm chosen) - * from potential future glitch attacks. We are - * currently not aware of any such for our default - * implementation, therefore disabling the option - * by default. - * - * \note Enabling it comes at the cost of roughly an - * additional public key operation at the end of - * signing (low compared to private key operations), - * as well as minor memory consumption. - */ -//#define MBEDTLS_RSA_FORCE_VERIFICATION - /** * \def MBEDTLS_SELF_TEST * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e34fea0f28..bc2f810ae8 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -63,15 +63,6 @@ #define MBEDTLS_RSA_SALT_LEN_ANY -1 -/* - * RSA configuration - */ -#if defined(MBEDTLS_RSA_FORCE_VERIFICATION) || \ - ( ! defined(MBEDTLS_RSA_NO_CRT) && \ - defined(MBEDTLS_RSA_FORCE_CRT_VERIFICATION ) ) -#define MBEDTLS_RSA_REQUIRE_VERIFICATION -#endif - /* * The above constants may be used even if the RSA module is compile out, * eg for alternative (PKCS#11) RSA implemenations in the PK layers. @@ -239,28 +230,16 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). * - * \note Enabling and disabling of blinding: - * - If f_rng is NULL and MBEDTLS_RSA_FORCE_BLINDING - * is disabled, blinding is disabled. - * - If f_rng is NULL and MBEDTLS_RSA_FORCE_BLINDING - * is enabled, the function fails. + * \note Blinding is used if and onlf if a PRNG is provided. * * \note If blinding is used, both the base of exponentation * and the exponent are blinded, preventing both statistical * timing and power analysis attacks. * - * \note Depending on the way RSA is implemented, a failure - * in the computation can lead to disclosure of the private - * key if the wrong result is passed to attacker - e.g., - * implementing RSA through CRT is vulnerable to the - * Bellcore glitch attack. - * - * As a remedy, the user can force double checking the - * result of the private key operation through the option - * MBEDTLS_RSA_FORCE_VERIFICATION. If verification is - * to be enabled only when RSA-CRT is used (as controlled - * by the configuration option MBEDTLS_RSA_NO_CRT), the - * option MBEDTLS_RSA_FORCE_CRT_VERIFICATION can be used. + * \warning It is deprecated and a security risk to not provide + * a PRNG here and thereby prevent the use of blinding. + * Future versions of the library may enforce the presence + * of a PRNG. * */ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, diff --git a/library/rsa.c b/library/rsa.c index d866c7aa3c..de684b39c7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -66,13 +66,6 @@ #define mbedtls_free free #endif -#if !defined(MBEDTLS_RSA_FORCE_BLINDING) && \ - defined(MBEDTLS_DEPRECATED_WARNING) -#warning Not enforcing blinding checks for RSA private key operations\ - is deprecated. Please uncomment MBEDTLS_RSA_FORCE_BLINDING\ - in config.h to enforce blinding checks. -#endif - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; @@ -434,16 +427,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi *D = &ctx->D; #endif /* MBEDTLS_RSA_NO_CRT */ -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) /* Temporaries holding the initial input and the double * checked result; should be the same in the end. */ mbedtls_mpi I, C; -#endif - -#if defined(MBEDTLS_RSA_FORCE_BLINDING) - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); -#endif /* Sanity-check that all relevant fields are at least set, * but don't perform a full keycheck. */ @@ -496,10 +482,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); #endif -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) mbedtls_mpi_init( &I ); mbedtls_mpi_init( &C ); -#endif /* End of MPI initialization */ @@ -510,9 +494,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, goto cleanup; } -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); -#endif if( f_rng != NULL ) { @@ -604,14 +586,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, } /* If requested by the config, verify the result to prevent glitching attacks. */ -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, &ctx->N, &ctx->RN ) ); if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } -#endif /* MBEDTLS_RSA_REQUIRE_VERIFICATION */ olen = ctx->len; MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); @@ -642,10 +622,8 @@ cleanup: mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ ); #endif -#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION) mbedtls_mpi_free( &C ); mbedtls_mpi_free( &I ); -#endif if( ret != 0 ) return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret ); diff --git a/library/version_features.c b/library/version_features.c index f7fa041c42..9f97c7bc3e 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -345,18 +345,9 @@ static const char *features[] = { #if defined(MBEDTLS_PKCS1_V21) "MBEDTLS_PKCS1_V21", #endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_RSA_FORCE_BLINDING) - "MBEDTLS_RSA_FORCE_BLINDING", -#endif /* MBEDTLS_RSA_FORCE_BLINDING */ #if defined(MBEDTLS_RSA_NO_CRT) "MBEDTLS_RSA_NO_CRT", #endif /* MBEDTLS_RSA_NO_CRT */ -#if defined(MBEDTLS_RSA_FORCE_CRT_VERIFICATION) - "MBEDTLS_RSA_FORCE_CRT_VERIFICATION", -#endif /* MBEDTLS_RSA_FORCE_CRT_VERIFICATION */ -#if defined(MBEDTLS_RSA_FORCE_VERIFICATION) - "MBEDTLS_RSA_FORCE_VERIFICATION", -#endif /* MBEDTLS_RSA_FORCE_VERIFICATION */ #if defined(MBEDTLS_SELF_TEST) "MBEDTLS_SELF_TEST", #endif /* MBEDTLS_SELF_TEST */ From 7da7cb399e415ba68676964c1eecafbe0da9163f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 26 Sep 2017 11:29:11 +0300 Subject: [PATCH 0310/1059] Fix ssl_server2 sample application prompt FIx the type of server_addr parameter from %d to %s. Issue reported by Email by Bei Jin --- programs/ssl/ssl_server2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a25886824e..1285abcbd1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -326,7 +326,7 @@ int main( void ) #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ - " server_addr=%%d default: (all interfaces)\n" \ + " server_addr=%%s default: (all interfaces)\n" \ " server_port=%%d default: 4433\n" \ " debug_level=%%d default: 0 (disabled)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ From 967a60502e02fddd587ada912842d82c7505757f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 2 Oct 2017 19:12:54 +0100 Subject: [PATCH 0311/1059] Fix changelog for ssl_server2.c usage fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index ec91259611..b3d4d519af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Features Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. + * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. = mbed TLS 2.6.0 branch released 2017-08-10 From 2dec5e8b00d25f2fd6946172eb3b30177a4b124e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 07:49:52 +0100 Subject: [PATCH 0312/1059] Correct outdated comment --- library/rsa.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index de684b39c7..56f434563a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -585,8 +585,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); } - /* If requested by the config, verify the result to prevent glitching attacks. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, &ctx->N, &ctx->RN ) ); + /* Verify the result to prevent glitching attacks. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, + &ctx->N, &ctx->RN ) ); if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; From 558477d073655f1b956bcc334794ac082c436f34 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 16:31:20 +0100 Subject: [PATCH 0313/1059] Add tests for non-reduced length encoding in PKCS1 v15 signatures This commit adds some tests to the RSA test suite verifying that RSA PKCS-v15 signatures with non-reduced length encodings are refuted. Details are provided via comments in the test suite data file. --- tests/suites/test_suite_rsa.data | 35 ++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index fc7d93588d..e899a7988a 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -140,6 +140,41 @@ RSA PKCS1 Verify v1.5 padding too short depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"AABBCC03020100FFFFFFFFFF1122330A0B0CCCDDDDDDDDDD":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"9292758453063D803DD603D5E777D7888ED1D5BF35786190FA2F23EBC0848AEADDA92CA6C3D80B32C4D109BE0F36D6AE7130B9CED7ACDF54CFC7555AC14EEBAB93A89813FBF3C4F8066D2D800F7C38A81AE31942917403FF4946B0A83D3D3E05EE57C6F5F5606FB5D4BC6CD34EE0801A5E94BB77B07507233A0BC7BAC8F90F79":16:"10001":"6edd56f397d9bc6d176bbe3d80946fc352ad6127b85b1d67d849c0a38cbde7222c5fafbb18dcef791178a8e15f5c8cd91869f8ca4b758c46ce3e229bf666d2e3e296544351bcb5db7e0004f6c0800f76a432071297e405759d4324d1cf1c412758be93a39f834e03dee59e28ac571ce2b0b3c8fe639979f516223b54027340a5":MBEDTLS_ERR_RSA_INVALID_PADDING +# The following tests check whether the use of reduced length encodings (as mandated for DER in contrast to BER) is enforced in +# the verification of PKCS1 v1.5 signatures - this is relevant to prevent Bleichenbacher signature forgery attacks. +# The test data has been generated by signing a test file using `programs/pkey/rsa_sign` after making modifications +# to `mbedtls_rsa_rsassa_pkcs1_v15_encode` to force the use of non-reduced encodings in different places as indicated in the respective tests. +# See the documentation of `mbedtls_rsa_rsassa_pkcs1_v15_encode` for the layout of the relevant ASN.1 structure. +# Correct signature with DER-compliant reduced length encodings +RSA PKCS1 Verify v1.5 reduced length encoding +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"5B56096ECADA4DAC299FD3D6091C1BE4D7C4210086E61ADA6FFC267A690034DAFB3734035880B9E71CEB0331C32C8DE1A254D777DFE3C848AC7764907602452EC16FD8EB3664E2E682DB3AA8979059BFADFE6192D9029844C8CAF310552717DD5B5B36A9910CFABE5C54AC16F3A3461DEE730060981BD9B47EE8D6644963B7CA":0 + +# Non-reduced 1-byte length encoding in `DigestInfo` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #1 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"2FCF7FC1B60B3C083872B1BD9C666745921951A8A9E099FD629675F620B670713519C4A97B870591B97FE5C5DB2FC2A0A3FCB0016536D1205AA32BA8BFCF54ABD542C02F7FCEA3C3531D7A87C82ED5B151A9599F1BDB070A905F5B721DE3C22F8AC35034C607920CE0699D7F79E5913915F3A01856B5D30F9E68F0CD7856D40F":MBEDTLS_ERR_RSA_VERIFY_FAILED + +# Non-reduced 2-byte length encoding for `digestAlgorithm` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #2 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"3C27512A8FDC973D856C0F288BE27D00D54FC0B359C520DA73A05156D98CDD6A83E6657BFA81D7B9716EEDFD98C08CD82F399298782782AE341D9AABCBB6B5F9C6552DE1D8B93047E1135032653F4F65A8937352E903864E008429E049680E3AA80F5DE1C7408C403011CEF4A3ECA549C027C8954BFBCA21F2A41C3EB0278029":MBEDTLS_ERR_RSA_VERIFY_FAILED + +# Non-reduced 3-byte length encoding for optional parameters in `digestAlgorithm` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #3 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"24BEB8502F24E0D11D9C10CEE4435EA972CEC93C23936E815ED2DF41BECEDDE889AF85BBEAF1B8C6928913AC523EA1D6653832E9D4E74F55B76771EA84F5A607342C341A14AB258019F38DBAEE4B967C8C8D26D6AF2583D32988471BA38751B6A67BA3D1147619C266A9AAC34244740BB59CD9DB3AFF19438B04C619AB719123":MBEDTLS_ERR_RSA_VERIFY_FAILED + +# Non-reduced 4-byte length encoding in `digest` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #4 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"13172EF7362CF421103FE1893429FAE85F83636BA8AF545252599A39892E62CEC317DC47C1D6B19328B63CDFD02FA0B49CE7980504635251FF08C0A1308C64D6466DFBF1EF2BA49EFDD6C2C888A30870EC2DC0FA4D67FDE6631C85ED2CEF8EEBF5578C974CBA4A04034D9B579B420D6CA93E4BFC09E014542A0EFB902AF90C5E":MBEDTLS_ERR_RSA_VERIFY_FAILED + +# Non-reduced 3-byte length encoding for OID in `digestAlgorithm` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #5 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"65DD518F63A2E289C035E9F2A9927BF5A6A74FF6FEFFF61AFCC52ED4A8A5B93534A3AD1709136306EE1379B47A4863BC6ED879E92CD6F99AA5B5F106102BDAE8DAFB15CF6EF00CB5FA63967706528DEE8876F3D04E8D75533009C73DA4C5744D20FFDB18EA78EE4D5D9D6F7BD3AFC2AD9A0EDDD56AA40AAEF789E6FB12AB6DE7":MBEDTLS_ERR_RSA_VERIFY_FAILED + RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA) depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA512:1536:16:"c8c67df894c882045ede26a9008ab09ea0672077d7bc71d412511cd93981ddde8f91b967da404056c39f105f7f239abdaff92923859920f6299e82b95bd5b8c959948f4a035cbd693ad83014294d349813d1ad57911a6355d0731fe3a034e9db":16:"f15147d0e7c04a1e3f37adde802cdc610999bf7ab0088434aaeda0c0ab3910b14d2ce56cb66bffd97552195fae8b061077e03920814d8b9cfb5a3958b3a82c2a7fc97e55db5978b47a922156eb8a3e55c06a54a45d1670abdfb995489c4d0051":16:"bd429bb7c3b00bbea19ba664c0f8172d1a73c3cfa05e2ed656d570c1590918bb7e372ed25e2cd71395ba0a9b1a30f3ee012ffb0546cab8e3581fe3e23f44ab57a8aee9717e71a936a580fa8572d450fb00339a6f6704b717df0c149a465bab768c61500cd93b61113ff3e4389167f7b2c8e3c0da2d4765286bee555b0bcb4998f59b14fad03180a17c8b4f69bcd1234f4ae85950137665ac2ba80b55cc9b1aafb454b83771aa755acd2a00e93ddb65e696dbed8bdca69fb5e0c5c2097b9cfe4b":16:"3":"93b6fa99485c116ca6efdd4202ea1cf49f4c6345fae692584413743ce5b65510e8e4690aee9a19ea1ff10d57f22aa3548d839f28a8525a34354e9e58e0f3947e056ce2554e21bf287e220b98db3b551258cd42b495e5d1a3bbc83c9d1a02f2a300ef6d866ea75108e44ebb3e16b47df2f6de28feb2be3874dbbf21599451082d86e9f2f462575a8185c69aa1f1fcb6a363c5d71aeba2103449eaf3845285291148d5f78d1646b8dc95cbcc4082f987d948b0e7d4e80b60595f8a7517584e1643":0 From 171a8f1c957f02fce452f9e27e58ef74b54e3a88 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Sep 2017 12:32:16 +0100 Subject: [PATCH 0314/1059] Move constant time memcmp for signature verification This commit replaces the ad-hoc code for constant-time double-checking the PKCS1 v1.5 RSA signature by an invocation of `mbedtls_safer_memcmp`. --- library/rsa.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index bdd2538c3a..3cc90c0bec 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -71,6 +71,20 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } +/* constant-time buffer comparison */ +static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) +{ + size_t i; + const unsigned char *A = (const unsigned char *) a; + const unsigned char *B = (const unsigned char *) b; + unsigned char diff = 0; + + for( i = 0; i < n; i++ ) + diff |= A[i] ^ B[i]; + + return( diff ); +} + /* * Initialize an RSA context */ @@ -1162,9 +1176,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, unsigned char *p = sig; const char *oid = NULL; unsigned char *sig_try = NULL, *verif = NULL; - size_t i; - unsigned char diff; - volatile unsigned char diff_no_optimize; int ret; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) @@ -1249,12 +1260,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) ); - /* Compare in constant time just in case */ - for( diff = 0, i = 0; i < ctx->len; i++ ) - diff |= verif[i] ^ sig[i]; - diff_no_optimize = diff; - - if( diff_no_optimize != 0 ) + if( mbedtls_safer_memcmp( verif, sig, ctx->len ) != 0 ) { ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED; goto cleanup; From fdf38030de70b95a77205f17d65591f05e74be08 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Sep 2017 12:35:55 +0100 Subject: [PATCH 0315/1059] Outsource code for generating PKCS1 v1.5 encoding This commit moves the code preparing PKCS1 v1.5 encoded hashes from `mbedtls_rsa_rsassa_pkcs1_v15_sign` to a separate non-public function `rsa_rsassa_pkcs1_v15_encode`. This code-path will then be re-used by the signature verification function `mbetls_rsa_rsassa_pkcs1_v15_verify` in a later commit. --- library/rsa.c | 216 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 152 insertions(+), 64 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 3cc90c0bec..a93cdb1c4b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1160,6 +1160,138 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function */ + +/* Construct a PKCS v1.5 encoding of a hashed message + * + * This is used both for signature generation and verification. + * + * Parameters: + * - md_alg: Identifies the hash algorithm used to generate the given hash; + * MBEDTLS_MD_NONE if raw data are signed. + * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE. + * - hash: Buffer containing the hashed message. + * - sig_len: Length of the encoded message. + * - dst: Buffer to hold the encoded message. + * + * Assumptions: + * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE. + * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE. + * - dst points to a buffer of size at least sig_len. + * + */ +static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + size_t sig_len, + unsigned char *dst ) +{ + size_t oid_size = 0; + size_t nb_pad = sig_len; + unsigned char *p = dst; + const char *oid = NULL; + + /* Are we signing hashed or raw data? */ + if( md_alg != MBEDTLS_MD_NONE ) + { + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + hashlen = mbedtls_md_get_size( md_info ); + + /* Double-check that 8 + hashlen + oid_size can be used as a + * 1-byte ASN.1 length encoding and that there's no overflow. */ + if( 8 + hashlen + oid_size >= 0x80 || + 10 + hashlen < hashlen || + 10 + hashlen + oid_size < 10 + hashlen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* + * Static bounds check: + * - Need 10 bytes for five tag-length pairs. + * (Insist on 1-byte length encodings to protect against variants of + * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification) + * - Need hashlen bytes for hash + * - Need oid_size bytes for hash alg OID. + */ + if( nb_pad < 10 + hashlen + oid_size ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + nb_pad -= 10 + hashlen + oid_size; + } + else + { + if( nb_pad < hashlen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + nb_pad -= hashlen; + } + + /* Signature header and padding delimiter */ + if( nb_pad < 3 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + nb_pad -= 3; + + /* Now nb_pad is the amount of memory to be filled + * with padding; must be at least 8 bytes. */ + if( nb_pad < 8 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* Write signature header and padding */ + *p++ = 0; + *p++ = MBEDTLS_RSA_SIGN; + memset( p, 0xFF, nb_pad ); + p += nb_pad; + *p++ = 0; + + /* Are we signing raw data? */ + if( md_alg == MBEDTLS_MD_NONE ) + { + memcpy( p, hash, hashlen ); + return( 0 ); + } + + /* Signing hashed data, add corresponding ASN.1 structure + * + * DigestInfo ::= SEQUENCE { + * digestAlgorithm DigestAlgorithmIdentifier, + * digest Digest } + * DigestAlgorithmIdentifier ::= AlgorithmIdentifier + * Digest ::= OCTET STRING + * + * Schematic: + * TAG-SEQ + LEN [ TAG-SEQ + LEN [ TAG-OID + LEN [ OID ] + * TAG-NULL + LEN [ NULL ] ] + * TAG-OCTET + LEN [ HASH ] ] + */ + *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; + *p++ = 0x08 + oid_size + hashlen; + *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; + *p++ = 0x04 + oid_size; + *p++ = MBEDTLS_ASN1_OID; + *p++ = oid_size; + memcpy( p, oid, oid_size ); + p += oid_size; + *p++ = MBEDTLS_ASN1_NULL; + *p++ = 0x00; + *p++ = MBEDTLS_ASN1_OCTET_STRING; + *p++ = hashlen; + memcpy( p, hash, hashlen ); + p += hashlen; + + /* Just a sanity-check, should be automatic + * after the initial bounds check. */ + if( p != dst + sig_len ) + { + mbedtls_zeroize( dst, sig_len ); + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + + return( 0 ); +} + /* * Do an RSA operation to sign the message digest */ @@ -1172,85 +1304,41 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig ) { - size_t nb_pad, olen, oid_size = 0; - unsigned char *p = sig; - const char *oid = NULL; - unsigned char *sig_try = NULL, *verif = NULL; int ret; + unsigned char *sig_try = NULL, *verif = NULL; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - olen = ctx->len; - nb_pad = olen - 3; + /* + * Prepare PKCS1-v1.5 encoding (padding and hash identifier) + */ - if( md_alg != MBEDTLS_MD_NONE ) - { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - - if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - - nb_pad -= 10 + oid_size; - - hashlen = mbedtls_md_get_size( md_info ); - } - - nb_pad -= hashlen; - - if( ( nb_pad < 8 ) || ( nb_pad > olen ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - - *p++ = 0; - *p++ = MBEDTLS_RSA_SIGN; - memset( p, 0xFF, nb_pad ); - p += nb_pad; - *p++ = 0; - - if( md_alg == MBEDTLS_MD_NONE ) - { - memcpy( p, hash, hashlen ); - } - else - { - /* - * DigestInfo ::= SEQUENCE { - * digestAlgorithm DigestAlgorithmIdentifier, - * digest Digest } - * - * DigestAlgorithmIdentifier ::= AlgorithmIdentifier - * - * Digest ::= OCTET STRING - */ - *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char) ( 0x08 + oid_size + hashlen ); - *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char) ( 0x04 + oid_size ); - *p++ = MBEDTLS_ASN1_OID; - *p++ = oid_size & 0xFF; - memcpy( p, oid, oid_size ); - p += oid_size; - *p++ = MBEDTLS_ASN1_NULL; - *p++ = 0x00; - *p++ = MBEDTLS_ASN1_OCTET_STRING; - *p++ = hashlen; - memcpy( p, hash, hashlen ); - } - - if( mode == MBEDTLS_RSA_PUBLIC ) - return( mbedtls_rsa_public( ctx, sig, sig ) ); + if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, + ctx->len, sig ) ) != 0 ) + return( ret ); /* + * Call respective RSA primitive + */ + + if( mode == MBEDTLS_RSA_PUBLIC ) + { + /* Skip verification on a public key operation */ + return( mbedtls_rsa_public( ctx, sig, sig ) ); + } + + /* Private key operation + * * In order to prevent Lenstra's attack, make the signature in a * temporary buffer and check it before returning it. */ + sig_try = mbedtls_calloc( 1, ctx->len ); if( sig_try == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - verif = mbedtls_calloc( 1, ctx->len ); + verif = mbedtls_calloc( 1, ctx->len ); if( verif == NULL ) { mbedtls_free( sig_try ); From 64a8c0acd67a3fc97f3ddedd4c2f2a1a08fc3701 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Sep 2017 12:39:49 +0100 Subject: [PATCH 0316/1059] Verify PKCS1 v1.5 signature without parsing This commit modifies the PKCS1 v1.5 signature verification function `mbedtls_rsa_rsassa_pkcs1_v15_verify` to prepare the expected PKCS1-v1.5-encoded hash using the function also used by the signing routine `mbedtls_rsa_rsassa_pkcs1_v15_sign` and comparing it to the provided byte-string afterwards. This comes at the benefits of (1) avoiding any error-prone parsing, (2) removing the dependency of the RSA module on the ASN.1 parsing module, and (3) reducing code size. --- library/rsa.c | 141 +++++++++++++++----------------------------------- 1 file changed, 42 insertions(+), 99 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index a93cdb1c4b..811bf302ea 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1559,121 +1559,64 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, const unsigned char *hash, const unsigned char *sig ) { - int ret; - size_t len, siglen, asn1_len; - unsigned char *p, *p0, *end; - mbedtls_md_type_t msg_md_alg; - const mbedtls_md_info_t *md_info; - mbedtls_asn1_buf oid; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + int ret = 0; + const size_t sig_len = ctx->len; + unsigned char *encoded = NULL, *encoded_expected = NULL; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - siglen = ctx->len; + /* + * Prepare expected PKCS1 v1.5 encoding of hash. + */ - if( siglen < 16 || siglen > sizeof( buf ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( ( encoded = mbedtls_calloc( 1, sig_len ) ) == NULL || + ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL ) + { + ret = MBEDTLS_ERR_MPI_ALLOC_FAILED; + goto cleanup; + } + + if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len, + encoded_expected ) ) != 0 ) + goto cleanup; + + /* + * Apply RSA primitive to get what should be PKCS1 encoded hash. + */ ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf ); - + ? mbedtls_rsa_public( ctx, sig, encoded ) + : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded ); if( ret != 0 ) - return( ret ); - - p = buf; - - if( *p++ != 0 || *p++ != MBEDTLS_RSA_SIGN ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); - - while( *p != 0 ) - { - if( p >= buf + siglen - 1 || *p != 0xFF ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); - p++; - } - p++; /* skip 00 byte */ - - /* We've read: 00 01 PS 00 where PS must be at least 8 bytes */ - if( p - buf < 11 ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); - - len = siglen - ( p - buf ); - - if( len == hashlen && md_alg == MBEDTLS_MD_NONE ) - { - if( memcmp( p, hash, hashlen ) == 0 ) - return( 0 ); - else - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - } - - md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - hashlen = mbedtls_md_get_size( md_info ); - - end = p + len; + goto cleanup; /* - * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure. - * Insist on 2-byte length tags, to protect against variants of - * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification. + * Compare */ - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 || asn1_len + 2 != len ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 || asn1_len + 6 + hashlen != len ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + if( ( ret = mbedtls_safer_memcmp( encoded, encoded_expected, + sig_len ) ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; + goto cleanup; + } - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &oid.len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); +cleanup: - oid.p = p; - p += oid.len; + if( encoded != NULL ) + { + mbedtls_zeroize( encoded, sig_len ); + mbedtls_free( encoded ); + } - if( mbedtls_oid_get_md_alg( &oid, &msg_md_alg ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + if( encoded_expected != NULL ) + { + mbedtls_zeroize( encoded_expected, sig_len ); + mbedtls_free( encoded_expected ); + } - if( md_alg != msg_md_alg ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - /* - * assume the algorithm parameters must be NULL - */ - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_NULL ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 || asn1_len != hashlen ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - if( memcmp( p, hash, hashlen ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - p += hashlen; - - if( p != end ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - return( 0 ); + return( ret ); } #endif /* MBEDTLS_PKCS1_V15 */ From c21a8db3fe9dfac6828144fe6a404f8d6036cea4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Sep 2017 12:44:45 +0100 Subject: [PATCH 0317/1059] Adapt test suites to modified error codes As the new PKCS v1.5 verification function opaquely compares an expected encoding to the given one, it cannot distinguish multiple reasons of failure anymore and instead always returns MBEDTLS_ERR_RSA_VERIFY_FAILED. This necessitates some modifications to the expected return values of some tests verifying signatures with bad padding. --- tests/suites/test_suite_pk.data | 6 +++--- tests/suites/test_suite_rsa.data | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f6ea378ff1..cfb4281be6 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -114,13 +114,13 @@ Verify ext RSA #8 (PKCS1 v2.1, RSASSA-PSS without options) depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_PK_BAD_INPUT_DATA -Verify ext RSA #9 (PKCS1 v2.1, RSA with options) +Verify ext RSA #9 (PKCS1 v1.5, RSA with options) depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_PK_BAD_INPUT_DATA -Verify ext RSA #10 (PKCS1 v2.1, RSA without options) +Verify ext RSA #10 (PKCS1 v1.5, RSA without options) depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_INVALID_PADDING +pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_VERIFY_FAILED Verify ext RSA #11 (PKCS1 v2.1, asking for ECDSA) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index e899a7988a..2dcdbc4a23 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -26,7 +26,7 @@ mbedtls_rsa_pkcs1_verify:"44637d3b8de525fd589237bc81229c8966d3af24540850c2403633 RSA PKCS1 Verify v1.5 CAVS #7 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 # Bad padding after performing the public key operation -mbedtls_rsa_pkcs1_verify:"d03f12276f6ba7545b8fce719471bd253791878809694e8754f3b389f26c9253a758ed28b4c62535a8d5702d7a778731d5759ff2b3b39b192db680e791632918b6093c0e8ca25c2bf756a07fde4144a37f769fe4054455a45cb8cefe4462e7a9a45ce71f2189b4fef01b47aee8585d44dc9d6fa627a3e5f08801871731f234cd":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"d03f12276f6ba7545b8fce719471bd253791878809694e8754f3b389f26c9253a758ed28b4c62535a8d5702d7a778731d5759ff2b3b39b192db680e791632918b6093c0e8ca25c2bf756a07fde4144a37f769fe4054455a45cb8cefe4462e7a9a45ce71f2189b4fef01b47aee8585d44dc9d6fa627a3e5f08801871731f234cd":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #8 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 @@ -38,7 +38,7 @@ mbedtls_rsa_pkcs1_verify:"647586ba587b09aa555d1b8da4cdf5c6e777e08859379ca4578901 RSA PKCS1 Verify v1.5 CAVS #10 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"55013a489e09b6553262aab59fb041b49437b86d52876f8e5d5e405b77ca0ff6ce8ea2dd75c7b3b411cf4445d56233c5b0ff0e58c49128d81b4fedd295e172d225c451e13defb34b87b7aea6d6f0d20f5c55feb71d2a789fa31f3d9ff47896adc16bec5ce0c9dda3fde190e08ca2451c01ff3091449887695f96dac97ad6a30e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"10001":"dd82b7be791c454fbbf6f1de47cbe585a687e4e8bbae0b6e2a77f8ca4efd06d71498f9a74b931bd59c377e71daf708a624c51303f377006c676487bad57f7067b09b7bb94a6189119ab8cf7321c321b2dc7df565bfbec833a28b86625fb5fd6a035d4ed79ff0f9aee9fa78935eec65069439ee449d7f5249cdae6fdd6d8c2a63":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"55013a489e09b6553262aab59fb041b49437b86d52876f8e5d5e405b77ca0ff6ce8ea2dd75c7b3b411cf4445d56233c5b0ff0e58c49128d81b4fedd295e172d225c451e13defb34b87b7aea6d6f0d20f5c55feb71d2a789fa31f3d9ff47896adc16bec5ce0c9dda3fde190e08ca2451c01ff3091449887695f96dac97ad6a30e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"10001":"dd82b7be791c454fbbf6f1de47cbe585a687e4e8bbae0b6e2a77f8ca4efd06d71498f9a74b931bd59c377e71daf708a624c51303f377006c676487bad57f7067b09b7bb94a6189119ab8cf7321c321b2dc7df565bfbec833a28b86625fb5fd6a035d4ed79ff0f9aee9fa78935eec65069439ee449d7f5249cdae6fdd6d8c2a63":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #11 depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 @@ -82,11 +82,11 @@ mbedtls_rsa_pkcs1_verify:"a3edb0f52c6166d7b76e71634761f402337c3e9667549d00cd7877 RSA PKCS1 Verify v1.5 CAVS #21 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"ac58fd024208d7f045d81a56cd55aad40ab86b0d216ab55136c7027aca23ea13480a52c0dacce0d98139b25965aa4ff76a41dd92037195d24bc0750d52cb3467b48b7b3e71d852c5f82bd9ee85a8388ead5cd8bc38c3d4792e8daa9734a137d31963e245ad3217fad235f7dfd5584de0fe91c4526568588e08b60bdf1badd99f":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"a142b0d9456f8f4772675265a08613a66c416bd1ae712975c69d9ca5fb8c1be9c24359a04fd15460bf6136a8a11f13e3ce2de2171524f10cb715f0d71e3db15281ab99eadbe86cf8c5c518162c638ef27a4f7bfb4a1a3873f3c384a5b1c3b4966c837b9d8d192ac34e03943b7ae191355aa1ff3b9cd041bb2668f1f81cf0d015b3d3608cd9ac79398212c0f132f1bd45d47768b999fcf3c05fe2069593ceecedc851a7fc465abcfef0fabba9b9460153f6ba8723a5c6e766c83a446aef3ee327":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"ac58fd024208d7f045d81a56cd55aad40ab86b0d216ab55136c7027aca23ea13480a52c0dacce0d98139b25965aa4ff76a41dd92037195d24bc0750d52cb3467b48b7b3e71d852c5f82bd9ee85a8388ead5cd8bc38c3d4792e8daa9734a137d31963e245ad3217fad235f7dfd5584de0fe91c4526568588e08b60bdf1badd99f":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"a142b0d9456f8f4772675265a08613a66c416bd1ae712975c69d9ca5fb8c1be9c24359a04fd15460bf6136a8a11f13e3ce2de2171524f10cb715f0d71e3db15281ab99eadbe86cf8c5c518162c638ef27a4f7bfb4a1a3873f3c384a5b1c3b4966c837b9d8d192ac34e03943b7ae191355aa1ff3b9cd041bb2668f1f81cf0d015b3d3608cd9ac79398212c0f132f1bd45d47768b999fcf3c05fe2069593ceecedc851a7fc465abcfef0fabba9b9460153f6ba8723a5c6e766c83a446aef3ee327":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #22 depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"027f767928a5821e2723d6f36c43e6b498b6f0b381852571794a096bd49f1c36a4d7bacec7ec402c24b970163169173bb930ec7fdc39bc9457dfc4ca051f5f28a64de1bbe007c22e8368ff9b117dbda17efd2fb73434bbbf5a4158df56813b8c904bb2e779de504dcd974a291568210d6f85810291606a1c0cd88d51ceadf98a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"0676e64daaa18f4af46e9dfbe234db389b8a527b0fe1db97eb7f404e3155226cba70d318800f83160fa1aa19916e5c09f079331079f18cb8ab1a4b884cb28501824974f683ed2b9babae9f8c15bea30802805c6b2152119764811bbf5f3994d2e97fa2fe8c5ab15a23c14d7ae56be00eaa8bc26678481ff5ba59b0acfb0e43341bff9fc638e5625480a73dbc5d8d13bd2b9e64037c6b79df0c60869980c6a22ec46f80fb859cb4ee5d2032ac1fe538cfd85c70a7f33b4af50a93395917c2cfb6":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"027f767928a5821e2723d6f36c43e6b498b6f0b381852571794a096bd49f1c36a4d7bacec7ec402c24b970163169173bb930ec7fdc39bc9457dfc4ca051f5f28a64de1bbe007c22e8368ff9b117dbda17efd2fb73434bbbf5a4158df56813b8c904bb2e779de504dcd974a291568210d6f85810291606a1c0cd88d51ceadf98a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"0676e64daaa18f4af46e9dfbe234db389b8a527b0fe1db97eb7f404e3155226cba70d318800f83160fa1aa19916e5c09f079331079f18cb8ab1a4b884cb28501824974f683ed2b9babae9f8c15bea30802805c6b2152119764811bbf5f3994d2e97fa2fe8c5ab15a23c14d7ae56be00eaa8bc26678481ff5ba59b0acfb0e43341bff9fc638e5625480a73dbc5d8d13bd2b9e64037c6b79df0c60869980c6a22ec46f80fb859cb4ee5d2032ac1fe538cfd85c70a7f33b4af50a93395917c2cfb6":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #23 depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 @@ -118,11 +118,11 @@ mbedtls_rsa_pkcs1_verify:"f7857ce04bf4292ea1755f9e587822372f4dcdf10bddfc0ff498a8 RSA PKCS1 Verify v1.5 CAVS #30 depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"ca312774f2756ac2019f213a01a63c9a0b4a49ccafecf25e97a4c632668e3c77e664f4d7635241f25205e50c37061b02c546db8346fa597c3da8cfd44a827c5a4ff4ecfcd1797b39a1b215d9bbb93fdb6eb35bafbda427a5068888a6e19f86224b0897490491207e35ce39085668b10b4fb851b7dd9465c03869790ef38a61b5":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"3":"a202c33eb831b9d8e818b6c3bcdb42818e1d9c22a06ddd73a17a21e49d18cda44df349a066477cae068e1a5d2b518b0885e889ef796ca9e6f42a69ac755b8a6405fbaef93fe0130d98de35d689addfee3eecd26658903f774bda481c3f40ee0e9569a3c3e2da7ad576c7de82159d933e36fa29cfef99367005e34ab5082d80f48276d37dabc88dbb023bd01585329d2ccf417f78ec508aaa29751007d31f1669296b981d44c8fa99130c5df7a071725b496859314aaf9baf0ebc780355914249":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"ca312774f2756ac2019f213a01a63c9a0b4a49ccafecf25e97a4c632668e3c77e664f4d7635241f25205e50c37061b02c546db8346fa597c3da8cfd44a827c5a4ff4ecfcd1797b39a1b215d9bbb93fdb6eb35bafbda427a5068888a6e19f86224b0897490491207e35ce39085668b10b4fb851b7dd9465c03869790ef38a61b5":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"3":"a202c33eb831b9d8e818b6c3bcdb42818e1d9c22a06ddd73a17a21e49d18cda44df349a066477cae068e1a5d2b518b0885e889ef796ca9e6f42a69ac755b8a6405fbaef93fe0130d98de35d689addfee3eecd26658903f774bda481c3f40ee0e9569a3c3e2da7ad576c7de82159d933e36fa29cfef99367005e34ab5082d80f48276d37dabc88dbb023bd01585329d2ccf417f78ec508aaa29751007d31f1669296b981d44c8fa99130c5df7a071725b496859314aaf9baf0ebc780355914249":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #31 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"2abe079077290ceb6c80ac5c61062ce8da814b1fb99a1a9fb2860ed900e6541856ec64bf19c0d9d1cc2280b7cc50af3e3d2ad8e044945d44761ca60891dd72bd6aa26a33274ffcf7ae7d661b5e651135fcff21aaf06b4a2db18fe5827e0243884f2841760b9f1c65fbda870f7f0cfbd6ff484f0825e688614928f2d12d1e7080":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"402631f3cddfb02cc4d9cb58ef1ab6726bd787a50e12e98567c9702bfdf47af85904aec5a2f6c5df9a10f08f90f93728eb090ae2ac21ded9f38faecd8195f3eb3d4107521b1cee956e7a214245b038adae912fa35ec97cb3bdc41352e8aaff80173561284cb740f999a3cd6653a6c3d5a3f911a416f41e2155083982c99eb5998a0a74d77f1ae999d901ee24a7f2c424179a3f92b07dc0b3498c1884e60677bee0175e810b426c4ad008d2743cd19b00b33177bf8be3fed7f7406e1bce0c2ea3":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"2abe079077290ceb6c80ac5c61062ce8da814b1fb99a1a9fb2860ed900e6541856ec64bf19c0d9d1cc2280b7cc50af3e3d2ad8e044945d44761ca60891dd72bd6aa26a33274ffcf7ae7d661b5e651135fcff21aaf06b4a2db18fe5827e0243884f2841760b9f1c65fbda870f7f0cfbd6ff484f0825e688614928f2d12d1e7080":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"402631f3cddfb02cc4d9cb58ef1ab6726bd787a50e12e98567c9702bfdf47af85904aec5a2f6c5df9a10f08f90f93728eb090ae2ac21ded9f38faecd8195f3eb3d4107521b1cee956e7a214245b038adae912fa35ec97cb3bdc41352e8aaff80173561284cb740f999a3cd6653a6c3d5a3f911a416f41e2155083982c99eb5998a0a74d77f1ae999d901ee24a7f2c424179a3f92b07dc0b3498c1884e60677bee0175e810b426c4ad008d2743cd19b00b33177bf8be3fed7f7406e1bce0c2ea3":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #32 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 @@ -130,7 +130,7 @@ mbedtls_rsa_pkcs1_verify:"da9505809dc92cfd8e01a1857dde52df6677c40d98f4577c1659ca RSA PKCS1 Verify v1.5 CAVS #33 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"d0cd038c65b3acca45822eaf91ea5176e82043268876dec0b62e2abd619023b7023abc67c6b823cfef5447b8772f985ff7910d6cc87e6c23688ac6de1fee40bbe2da1a92770de92adaa427ace02fee571a0a0176fceb0c8f3eb72dde839ab201395625f5c0db8641ce19d7711212dec61733262c6ce4476c025e67a3d5bc01f3":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA512:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"11":"2f30629c1117d013bb36e6099dee931dcaf0a1032b07ec23e2b262898a8945e569c9573d81e22bb0a5f8a28b0d7b8ff01367dd7f089c68ed1daa11cf53a96ee91b38e6b839b6e90bea34d14b78f5d2c7629b68c5b4f2ecfff66b483b2233cb14f95df533c867a2b610aebcdbb7ea3109aaf2f5762ab3edc2571deccc7da0c9a5b443ca2b924c0f18de7bbb736a08fed3916795018a436a3ae62c85d554a53a6d48623908e06e7d275f4251d3b3bd530bd11e155dcf2b5c2adf030cdf931ae749":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"d0cd038c65b3acca45822eaf91ea5176e82043268876dec0b62e2abd619023b7023abc67c6b823cfef5447b8772f985ff7910d6cc87e6c23688ac6de1fee40bbe2da1a92770de92adaa427ace02fee571a0a0176fceb0c8f3eb72dde839ab201395625f5c0db8641ce19d7711212dec61733262c6ce4476c025e67a3d5bc01f3":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA512:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"11":"2f30629c1117d013bb36e6099dee931dcaf0a1032b07ec23e2b262898a8945e569c9573d81e22bb0a5f8a28b0d7b8ff01367dd7f089c68ed1daa11cf53a96ee91b38e6b839b6e90bea34d14b78f5d2c7629b68c5b4f2ecfff66b483b2233cb14f95df533c867a2b610aebcdbb7ea3109aaf2f5762ab3edc2571deccc7da0c9a5b443ca2b924c0f18de7bbb736a08fed3916795018a436a3ae62c85d554a53a6d48623908e06e7d275f4251d3b3bd530bd11e155dcf2b5c2adf030cdf931ae749":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #34 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 @@ -138,7 +138,7 @@ mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e9 RSA PKCS1 Verify v1.5 padding too short depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"AABBCC03020100FFFFFFFFFF1122330A0B0CCCDDDDDDDDDD":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"9292758453063D803DD603D5E777D7888ED1D5BF35786190FA2F23EBC0848AEADDA92CA6C3D80B32C4D109BE0F36D6AE7130B9CED7ACDF54CFC7555AC14EEBAB93A89813FBF3C4F8066D2D800F7C38A81AE31942917403FF4946B0A83D3D3E05EE57C6F5F5606FB5D4BC6CD34EE0801A5E94BB77B07507233A0BC7BAC8F90F79":16:"10001":"6edd56f397d9bc6d176bbe3d80946fc352ad6127b85b1d67d849c0a38cbde7222c5fafbb18dcef791178a8e15f5c8cd91869f8ca4b758c46ce3e229bf666d2e3e296544351bcb5db7e0004f6c0800f76a432071297e405759d4324d1cf1c412758be93a39f834e03dee59e28ac571ce2b0b3c8fe639979f516223b54027340a5":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"AABBCC03020100FFFFFFFFFF1122330A0B0CCCDDDDDDDDDD":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"9292758453063D803DD603D5E777D7888ED1D5BF35786190FA2F23EBC0848AEADDA92CA6C3D80B32C4D109BE0F36D6AE7130B9CED7ACDF54CFC7555AC14EEBAB93A89813FBF3C4F8066D2D800F7C38A81AE31942917403FF4946B0A83D3D3E05EE57C6F5F5606FB5D4BC6CD34EE0801A5E94BB77B07507233A0BC7BAC8F90F79":16:"10001":"6edd56f397d9bc6d176bbe3d80946fc352ad6127b85b1d67d849c0a38cbde7222c5fafbb18dcef791178a8e15f5c8cd91869f8ca4b758c46ce3e229bf666d2e3e296544351bcb5db7e0004f6c0800f76a432071297e405759d4324d1cf1c412758be93a39f834e03dee59e28ac571ce2b0b3c8fe639979f516223b54027340a5":MBEDTLS_ERR_RSA_VERIFY_FAILED # The following tests check whether the use of reduced length encodings (as mandated for DER in contrast to BER) is enforced in # the verification of PKCS1 v1.5 signatures - this is relevant to prevent Bleichenbacher signature forgery attacks. @@ -193,7 +193,7 @@ mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e9 RSA PKCS1 Sign #2 Verify (Fail) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"5aee2b9dbc02a6a2d87ff64a64165dc0b9ce70c79bab2d287939e2601c3223e0493988d5468731ae4edc7d5f5d449335c204fdb0e192c1915c9d694d3a61c3be14df79c4b34d6ac73707829024d263c94f9107fa93f3783de3965522336e18d1e01a142b5103451bb97839eaf2f44703a63050a36b78aef4072ea1a8daaaf1a2918fc03ee957a9c09efdc6287bcb4d6aec4723290294b249b3e3dc63157b560ad9c867323a73ebeb360cc9e482111643b0d86c4e33dcf170155590f0eba7d170789e84de336b7fe2f6cf485ddca94607a4ff379fc49d375c730249dd1a210e7dccd763d1c23c7532e769c6aa88e38e8654ff90f7b34df4c07ba90e89099ec1ed":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"5aee2b9dbc02a6a2d87ff64a64165dc0b9ce70c79bab2d287939e2601c3223e0493988d5468731ae4edc7d5f5d449335c204fdb0e192c1915c9d694d3a61c3be14df79c4b34d6ac73707829024d263c94f9107fa93f3783de3965522336e18d1e01a142b5103451bb97839eaf2f44703a63050a36b78aef4072ea1a8daaaf1a2918fc03ee957a9c09efdc6287bcb4d6aec4723290294b249b3e3dc63157b560ad9c867323a73ebeb360cc9e482111643b0d86c4e33dcf170155590f0eba7d170789e84de336b7fe2f6cf485ddca94607a4ff379fc49d375c730249dd1a210e7dccd763d1c23c7532e769c6aa88e38e8654ff90f7b34df4c07ba90e89099ec1ed":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Sign #3 (SHA224, 2048 bits RSA) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 From 2b2f898cbdebfd4e5b6f702ff3a62d4b008bedd3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 17:10:03 +0100 Subject: [PATCH 0318/1059] Streamline code-path in rsa_rsassa_pkcs1_v15_encode --- library/rsa.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 811bf302ea..36a8d8880a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1229,15 +1229,14 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, nb_pad -= hashlen; } - /* Signature header and padding delimiter */ - if( nb_pad < 3 ) + /* Need space for signature header and padding delimiter (3 bytes), + * and 8 bytes for the minimal padding */ + if( nb_pad < 3 + 8 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); nb_pad -= 3; /* Now nb_pad is the amount of memory to be filled - * with padding; must be at least 8 bytes. */ - if( nb_pad < 8 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + * with padding, and at least 8 bytes long. */ /* Write signature header and padding */ *p++ = 0; From e58d38c66f5f2be0ec49d05070042ad174f28e49 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 17:09:00 +0100 Subject: [PATCH 0319/1059] Minor improvements --- library/rsa.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 36a8d8880a..3ccc7f8d7c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1167,26 +1167,26 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * * Parameters: * - md_alg: Identifies the hash algorithm used to generate the given hash; - * MBEDTLS_MD_NONE if raw data are signed. + * MBEDTLS_MD_NONE if raw data is signed. * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE. - * - hash: Buffer containing the hashed message. - * - sig_len: Length of the encoded message. + * - hash: Buffer containing the hashed message or the raw data. + * - dst_len: Length of the encoded message. * - dst: Buffer to hold the encoded message. * * Assumptions: * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE. * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE. - * - dst points to a buffer of size at least sig_len. + * - dst points to a buffer of size at least dst_len. * */ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, - size_t sig_len, + size_t dst_len, unsigned char *dst ) { size_t oid_size = 0; - size_t nb_pad = sig_len; + size_t nb_pad = dst_len; unsigned char *p = dst; const char *oid = NULL; @@ -1282,9 +1282,9 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, /* Just a sanity-check, should be automatic * after the initial bounds check. */ - if( p != dst + sig_len ) + if( p != dst + dst_len ) { - mbedtls_zeroize( dst, sig_len ); + mbedtls_zeroize( dst, dst_len ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } From f9734b35b53fd9707ed3c44925f06068a2c442b6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 12:09:22 +0100 Subject: [PATCH 0320/1059] Change wording of warnings --- include/mbedtls/config.h | 30 +++++++++++++++--------------- include/mbedtls/dhm.h | 22 ++++++++++------------ 2 files changed, 25 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b490e33d77..cff9391ea0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -619,11 +619,11 @@ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA * - * \warning The possibility for the use of custom groups - * in the use of DHM in TLS constitutes a security - * risk. If possible, it is recommended to use - * EC-based key exchanges instead. See the documentation - * at the top of dhm.h for more information. + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. * */ #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED @@ -725,11 +725,11 @@ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA * - * \warning The possibility for the use of custom groups - * in the use of DHM in TLS constitutes a security - * risk. If possible, it is recommended to use - * EC-based key exchanges instead. See the documentation - * at the top of dhm.h for more information. + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. * */ #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED @@ -1850,11 +1850,11 @@ * This module is used by the following key exchanges: * DHE-RSA, DHE-PSK * - * \warning The possibility for the use of custom groups - * in the use of DHM in TLS constitutes a security - * risk. If possible, it is recommended to use - * EC-based key exchanges instead. See the documentation - * at the top of dhm.h for more information. + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. * */ #define MBEDTLS_DHM_C diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index ed39f8db42..9ef8146503 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -25,22 +25,20 @@ * of non-safe primes both decreases the difficulty of the underlying * discrete logarithm problem and can lead to small subgroup attacks * leaking private exponent bits when invalid public keys are used - * and not detected. This is especially relevant if the same DHM parameters - * are reused for multiple key exchanges as in static DHM, while the - * criticality of small-subgroup attacks is lower for ephemeral DHM. + * and not detected. This is especially relevant if the same DHM + * parameters are reused for multiple key exchanges as in static DHM, + * while the criticality of small-subgroup attacks is lower for + * ephemeral DHM. * * For performance reasons, the code does neither perform primality * nor safe primality tests, nor the expensive checks for invalid - * subgroups. + * subgroups. Moreover, even if these were performed, non-standardized + * primes cannot be trusted because of the possibility of backdoors + * that can't be effectively checked for. * - * The possibility for the use of custom, non-safe primes in DHM - * is a deficiency in the TLS protocol that has been adressed only - * recently through the addition of the named group extension from - * RFC 7919, which however is not yet implemented in Mbed TLS. - * - * If possible, we recommend to use elliptic curve based key - * exchanges instead of DHM-based ones, because the former only - * accepts standardized groups. + * We therefore consider DHE a security risk. If possible, it is + * recommended users should consider preferring other methods of + * key exchange. * */ #ifndef MBEDTLS_DHM_H From 5178dcab121b638b221b2704c22ae01451b554dd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:29:37 +0100 Subject: [PATCH 0321/1059] Clarify parameter ownership in `mbedtls_rsa_import[_raw]` --- include/mbedtls/rsa.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 46daac55f3..a655d0e46a 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -332,6 +332,9 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * and complete the provided information to a ready-for-use * public or private RSA key. * + * \note The imported parameters are copied and need not be preserved + * for the lifetime of the RSA context being set up. + * * \return 0 if successful, non-zero error code on failure. */ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, @@ -362,6 +365,9 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * and complete the provided information to a ready-for-use * public or private RSA key. * + * \note The imported parameters are copied and need not be preserved + * for the lifetime of the RSA context being set up. + * * \return 0 if successful, non-zero error code on failure. */ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, From db13cefde229c750dd7712feb1aa6e99c251a77c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:31:05 +0100 Subject: [PATCH 0322/1059] Correct typo in RSA test suite data --- tests/suites/test_suite_rsa.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index ace4d397a3..a1b84c9759 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,4 +1,4 @@ - Date: Tue, 3 Oct 2017 14:32:56 +0100 Subject: [PATCH 0323/1059] Correct memory leak in `mbedtls_rsa_validate_crt` --- library/rsa.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index b0ba1eb2c6..408ceb122b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -325,7 +325,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; } } @@ -344,7 +345,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; } } @@ -362,7 +364,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; } } From 8ba6ce4f4f4e6e3786f6a94fd2e4f654eca8bca4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:36:26 +0100 Subject: [PATCH 0324/1059] Rename `rsa_deduce_private` to `rsa_deduce_private_exponent` --- include/mbedtls/rsa.h | 6 ++++-- library/rsa.c | 16 +++++++++------- tests/suites/test_suite_rsa.data | 8 ++++---- tests/suites/test_suite_rsa.function | 13 +++++++------ 4 files changed, 24 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a655d0e46a..df0e24ad9c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -129,8 +129,10 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, * \note This function does not check whether P and Q are primes. * */ -int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, - mbedtls_mpi const *E, mbedtls_mpi *D ); +int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ); /** diff --git a/library/rsa.c b/library/rsa.c index 408ceb122b..031dc2c435 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -78,7 +78,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * There are two classes of helper functions: * (1) Parameter-generating helpers. These are: * - mbedtls_rsa_deduce_moduli - * - mbedtls_rsa_deduce_private + * - mbedtls_rsa_deduce_private_exponent * - mbedtls_rsa_deduce_crt * Each of these functions takes a set of core RSA parameters * and generates some other, or CRT related parameters. @@ -253,10 +253,10 @@ cleanup: * This is essentially a modular inversion. */ -int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ) +int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ) { int ret = 0; mbedtls_mpi K, L; @@ -681,8 +681,10 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, /* Deduce private exponent. This includes double-checking of the result, * so together with the primality test above all core parameters are * guaranteed to be sane if this call succeeds. */ - if( ( ret = mbedtls_rsa_deduce_private( &ctx->P, &ctx->Q, - &ctx->E, &ctx->D ) ) != 0 ) + if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P, + &ctx->Q, + &ctx->E, + &ctx->D ) ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index a1b84c9759..1768c48d82 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -404,16 +404,16 @@ RSA Validate Params, non-prime, PRNG mbedtls_rsa_validate_params:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd18":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"":1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Deduce Private, toy example -mbedtls_rsa_deduce_private:10:"7":10:"11":10:"7":10:"13":0:0 +mbedtls_rsa_deduce_private_exponent:10:"7":10:"11":10:"7":10:"13":0:0 RSA Deduce Private, toy example, corrupted -mbedtls_rsa_deduce_private:10:"3":10:"5":10:"3":10:"3":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +mbedtls_rsa_deduce_private_exponent:10:"3":10:"5":10:"3":10:"3":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE RSA Deduce Private -mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":0:0 +mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":0:0 RSA Deduce Private, corrupted -mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE RSA Deduce Moduli, toy example mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index b965bd65b2..dbd1c0fbd7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -779,11 +779,11 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_rsa_deduce_private( int radix_P, char *input_P, - int radix_Q, char *input_Q, - int radix_E, char *input_E, - int radix_D, char *output_D, - int corrupt, int result ) +void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_E, char *input_E, + int radix_D, char *output_D, + int corrupt, int result ) { mbedtls_mpi P, Q, D, Dp, E, R, Rp; @@ -804,7 +804,8 @@ void mbedtls_rsa_deduce_private( int radix_P, char *input_P, } /* Try to deduce D from N, P, Q, E. */ - TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &E, &D ) == result ); + TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q, + &E, &D ) == result ); if( !corrupt ) { From 0f65e0ca03cdd49b2e7b514235d3693ae77eefd6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:39:16 +0100 Subject: [PATCH 0325/1059] Rename `rsa_deduce_moduli` to `rsa_deduce_primes` --- include/mbedtls/rsa.h | 2 +- library/rsa.c | 6 +++--- tests/suites/test_suite_rsa.data | 8 ++++---- tests/suites/test_suite_rsa.function | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df0e24ad9c..0448877490 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -104,7 +104,7 @@ extern "C" { * use the helper function \c mbedtls_rsa_validate_params. * */ -int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ); diff --git a/library/rsa.c b/library/rsa.c index 031dc2c435..d14817c2c9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -77,7 +77,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * * There are two classes of helper functions: * (1) Parameter-generating helpers. These are: - * - mbedtls_rsa_deduce_moduli + * - mbedtls_rsa_deduce_primes * - mbedtls_rsa_deduce_private_exponent * - mbedtls_rsa_deduce_crt * Each of these functions takes a set of core RSA parameters @@ -130,7 +130,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * of (a) and (b) above to attempt to factor N. * */ -int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ) @@ -659,7 +659,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, { /* This includes sanity checking of core parameters, * so no further checks necessary. */ - ret = mbedtls_rsa_deduce_moduli( &ctx->N, &ctx->D, &ctx->E, + ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->D, &ctx->E, f_rng, p_rng, &ctx->P, &ctx->Q ); if( ret != 0 ) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 1768c48d82..8ca6445bc6 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -416,16 +416,16 @@ RSA Deduce Private, corrupted mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE RSA Deduce Moduli, toy example -mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 +mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 RSA Deduce Moduli, toy example, corrupted -mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Deduce Moduli -mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 +mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 RSA Deduce Moduli, corrupted -mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Import (N,P,Q,D,E) mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index dbd1c0fbd7..fc27353e70 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -723,7 +723,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ -void mbedtls_rsa_deduce_moduli( int radix_N, char *input_N, +void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, int radix_D, char *input_D, int radix_E, char *input_E, int radix_P, char *output_P, @@ -756,7 +756,7 @@ void mbedtls_rsa_deduce_moduli( int radix_N, char *input_N, TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); /* Try to deduce P, Q from N, D, E only. */ - TEST_ASSERT( mbedtls_rsa_deduce_moduli( &N, &D, &E, mbedtls_ctr_drbg_random, + TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, mbedtls_ctr_drbg_random, &ctr_drbg, &P, &Q ) == result ); if( !corrupt ) From 17c3276a2e2f2983a341d2121678a5b80764e0f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:56:04 +0100 Subject: [PATCH 0326/1059] Improve output on bad cmd line args in `programs/x509/cert_write` --- programs/x509/cert_write.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index d04739389e..9cc582d610 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -323,6 +323,7 @@ int main( int argc, char *argv[] ) if( opt.authority_identifier != 0 && opt.authority_identifier != 1 ) { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } } @@ -332,6 +333,7 @@ int main( int argc, char *argv[] ) if( opt.subject_identifier != 0 && opt.subject_identifier != 1 ) { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } } @@ -341,6 +343,7 @@ int main( int argc, char *argv[] ) if( opt.basic_constraints != 0 && opt.basic_constraints != 1 ) { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } } @@ -355,32 +358,47 @@ int main( int argc, char *argv[] ) else if( strcmp( q, "MD5" ) == 0 ) opt.md = MBEDTLS_MD_MD5; else + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } } else if( strcmp( p, "version" ) == 0 ) { opt.version = atoi( q ); if( opt.version < 1 || opt.version > 3 ) + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } opt.version--; } else if( strcmp( p, "selfsign" ) == 0 ) { opt.selfsign = atoi( q ); if( opt.selfsign < 0 || opt.selfsign > 1 ) + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } } else if( strcmp( p, "is_ca" ) == 0 ) { opt.is_ca = atoi( q ); if( opt.is_ca < 0 || opt.is_ca > 1 ) + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } } else if( strcmp( p, "max_pathlen" ) == 0 ) { opt.max_pathlen = atoi( q ); if( opt.max_pathlen < -1 || opt.max_pathlen > 127 ) + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } } else if( strcmp( p, "key_usage" ) == 0 ) { @@ -404,7 +422,10 @@ int main( int argc, char *argv[] ) else if( strcmp( q, "crl_sign" ) == 0 ) opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN; else + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } q = r; } @@ -431,7 +452,10 @@ int main( int argc, char *argv[] ) else if( strcmp( q, "object_signing_ca" ) == 0 ) opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA; else + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } q = r; } From 82759aa1c7d59e074eb9e2a0d28ca2a6b3ffb0fc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 Jun 2017 14:52:39 +0200 Subject: [PATCH 0327/1059] Note in README that GNU make is required Our README claims that we only use basic Make functionality, but in fact GNU make is required for conditional compilation. Document this. Addresses issue #967 --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 11b4ebf6a4..624e03fe31 100644 --- a/README.md +++ b/README.md @@ -14,11 +14,11 @@ Compiling There are currently four active build systems used within mbed TLS releases: - yotta -- Make +- GNU Make - CMake - Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010) -The main systems used for development are CMake and Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. +The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. Yotta, as a build system, is slightly different from the other build systems: @@ -54,9 +54,9 @@ For more details on the yotta/mbed OS edition of mbed TLS, including example pro ### Make -We intentionally only use the minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make or on different platforms. As such, the Makefiles sometimes require some manual changes or export statements in order to work for your platform. +We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. -In order to build from the source code using Make, just enter at the command line: +In order to build from the source code using GNU Make, just enter at the command line: make From ec82da4cb2fde14244fca2d8583a0159b49cdefa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Oct 2017 10:52:50 +0200 Subject: [PATCH 0328/1059] Restored note about using minimum functionality in makefiles --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 624e03fe31..5ffd2ae561 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ For more details on the yotta/mbed OS edition of mbed TLS, including example pro We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. +We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake. + In order to build from the source code using GNU Make, just enter at the command line: make From e2fcfa84ea2fe8453adb26cbf32261dc4683d0f7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:12:15 +0100 Subject: [PATCH 0329/1059] Stick to the use of constant-macros This commit returns to using constant macros instead of global variables for the DHM group constants. Further, macros providing the binary encoding of the primes from RFC 3526 and RFC 7919 are added. The hex-string macros are deprecated. --- include/mbedtls/dhm.h | 812 +++++++++++++++++++++++++++++++++++++----- library/dhm.c | 243 ------------- 2 files changed, 717 insertions(+), 338 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 9ef8146503..c105d7a786 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -58,101 +58,7 @@ #define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ #define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */ - -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -#endif - -/** - * RFC 3526, RFC 5114 and RFC 7919 standardize a number of - * Diffie-Hellman groups, some of which are included here - * for use within the SSL/TLS module and the user's convenience - * when configuring the Diffie-Hellman parameters by hand - * through \c mbedtls_ssl_conf_dh_param. - * - * Included are: - * RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup - * RFC 3526 3. 2048-bit MODP Group - * RFC 3526 4. 3072-bit MODP Group - * RFC 3526 5. 4096-bit MODP Group - * RFC 7919 A.1 ffdhe2048 - * RFC 7919 A.2 ffdhe3072 - * RFC 7919 A.3 ffdhe4096 - * RFC 7919 A.4 ffdhe6144 - * RFC 7919 A.5 ffdhe8192 - * - * The constants with suffix "_p" denote the chosen prime moduli, while - * the constants with suffix "_g" denote the chosen generator - * of the associated prime field. - * - * All constants are represented as null-terminated strings containing the - * hexadecimal presentation of the respective numbers. - * - * \warning The origin of the primes in RFC 5114 is not documented and - * their use therefore constitutes a security risk! - * - * \deprecated The primes from RFC 5114 are superseded by the primes - * from RFC 3526 and RFC 7919 and should no longer be used. - * They will be removed in the next major revision. - * - * The primes from RFC 3526 and RFC 7919 have been generating by the following - * trust-worthy procedure: - * - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number - * the first and last 64 bits are all 1, and the remaining N - 128 bits of - * which are 0x7ff...ff. - * - Add the smallest multiple of the first N - 129 bits of the binary expansion - * of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string - * such that the resulting integer is a safe-prime. - * - The result is the respective RFC 3526 / 7919 prime, and the corresponding - * generator is always chosen to be 2 (which is a square for these prime, - * hence the corresponding subgroup has order (p-1)/2 and avoids leaking a - * bit in the private exponent). - * - * The above description can be validated using the - * the program programs/util/rfc_3526_7919_verify. - */ - -const char * const mbedtls_dhm_rfc3526_modp_2048_p; -const char * const mbedtls_dhm_rfc3526_modp_2048_g; -const char * const mbedtls_dhm_rfc3526_modp_3072_p; -const char * const mbedtls_dhm_rfc3526_modp_3072_g; -const char * const mbedtls_dhm_rfc3526_modp_4096_p; -const char * const mbedtls_dhm_rfc3526_modp_4096_g; - -const char * const mbedtls_dhm_rfc7919_ffdhe2048_p; -const char * const mbedtls_dhm_rfc7919_ffdhe2048_g; -const char * const mbedtls_dhm_rfc7919_ffdhe3072_p; -const char * const mbedtls_dhm_rfc7919_ffdhe3072_g; -const char * const mbedtls_dhm_rfc7919_ffdhe4096_p; -const char * const mbedtls_dhm_rfc7919_ffdhe4096_g; -const char * const mbedtls_dhm_rfc7919_ffdhe6144_p; -const char * const mbedtls_dhm_rfc7919_ffdhe6144_g; -const char * const mbedtls_dhm_rfc7919_ffdhe8192_p; -const char * const mbedtls_dhm_rfc7919_ffdhe8192_g; - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -MBEDTLS_DEPRECATED const char * const mbedtls_dhm_rfc5114_modp_2048_p; -MBEDTLS_DEPRECATED const char * const mbedtls_dhm_rfc5114_modp_2048_g; -#endif - -/** - * \deprecated These macros are superseded by direct access to the corresponding - * global variables and will be removed in the next major revision. - */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#define MBEDTLS_DHM_RFC5114_MODP_2048_P mbedtls_dhm_rfc5114_modp_2048_p -#define MBEDTLS_DHM_RFC5114_MODP_2048_G mbedtls_dhm_rfc5114_modp_2048_g -#define MBEDTLS_DHM_RFC3526_MODP_2048_P mbedtls_dhm_rfc3526_modp_2048_p -#define MBEDTLS_DHM_RFC3526_MODP_2048_G mbedtls_dhm_rfc3526_modp_2048_g -#define MBEDTLS_DHM_RFC3526_MODP_3072_P mbedtls_dhm_rfc3526_modp_3072_p -#define MBEDTLS_DHM_RFC3526_MODP_3072_G mbedtls_dhm_rfc3526_modp_3072_g -#define MBEDTLS_DHM_RFC3526_MODP_4096_P mbedtls_dhm_rfc3526_modp_4096_p -#define MBEDTLS_DHM_RFC3526_MODP_4096_G mbedtls_dhm_rfc3526_modp_4096_g -#endif +#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3500 /**< Setting the modulus and generator failed. */ #ifdef __cplusplus extern "C" { @@ -337,4 +243,720 @@ int mbedtls_dhm_self_test( int verbose ); } #endif +/** + * RFC 3526, RFC 5114 and RFC 7919 standardize a number of + * Diffie-Hellman groups, some of which are included here + * for use within the SSL/TLS module and the user's convenience + * when configuring the Diffie-Hellman parameters by hand + * through \c mbedtls_ssl_conf_dh_param. + * + * Included are: + * RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup + * RFC 3526 3. 2048-bit MODP Group + * RFC 3526 4. 3072-bit MODP Group + * RFC 3526 5. 4096-bit MODP Group + * RFC 7919 A.1 ffdhe2048 + * RFC 7919 A.2 ffdhe3072 + * RFC 7919 A.3 ffdhe4096 + * RFC 7919 A.4 ffdhe6144 + * RFC 7919 A.5 ffdhe8192 + * + * The constants with suffix "_p" denote the chosen prime moduli, while + * the constants with suffix "_g" denote the chosen generator + * of the associated prime field. + * + * The constants further suffixed with "_bin" are provided in binary format, + * while all other constants represent null-terminated strings holding the + * hexadecimal presentation of the respective numbers. + * + * The primes from RFC 3526 and RFC 7919 have been generating by the following + * trust-worthy procedure: + * - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number + * the first and last 64 bits are all 1, and the remaining N - 128 bits of + * which are 0x7ff...ff. + * - Add the smallest multiple of the first N - 129 bits of the binary expansion + * of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string + * such that the resulting integer is a safe-prime. + * - The result is the respective RFC 3526 / 7919 prime, and the corresponding + * generator is always chosen to be 2 (which is a square for these prime, + * hence the corresponding subgroup has order (p-1)/2 and avoids leaking a + * bit in the private exponent). + * + * The above description can be validated using the + * the program programs/util/rfc_3526_7919_verify. + */ + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +MBEDTLS_DEPRECATED typedef char const * deprecated_constant_t; +#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ + ( (deprecated_constant_t) ( VAL ) ) +#else +#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL +#endif /* ! MBEDTLS_DEPRECATED_WARNING */ + +/** + * \warning The origin of the primes in RFC 5114 is not documented and + * their use therefore constitutes a security risk! + * + * \deprecated The hex-encoded primes from RFC 5114 are deprecated and are + * likely to be removed in a future version of the library without + * replacement. + */ + +#define MBEDTLS_DHM_RFC5114_MODP_P \ + MBEDTLS_DEPRECATED_STRING_CONSTANT( \ + "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \ + "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \ + "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \ + "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \ + "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \ + "B3BF8A317091883681286130BC8985DB1602E714415D9330" \ + "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \ + "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \ + "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \ + "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \ + "CF9DE5384E71B81C0AC4DFFE0C10E64F" ) + +#define MBEDTLS_DHM_RFC5114_MODP_2048_G \ + MBEDTLS_DEPRECATED_STRING_CONSTANT( \ + "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" \ + "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" \ + "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" \ + "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" \ + "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" \ + "F180EB34118E98D119529A45D6F834566E3025E316A330EF" \ + "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" \ + "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" \ + "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" \ + "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" \ + "81BC087F2A7065B384B890D3191F2BFA" ) + +/** + * \deprecated The hex-encoded primes from RFC 3625 are deprecated and + * superseded by the corresponding macros providing them as + * binary constants. Their hex-encoded constants are likely + * to be removed in a future version of the library. + * + */ + +#define MBEDTLS_DHM_RFC3526_MODP_2048_P \ + MBEDTLS_DEPRECATED_STRING_CONSTANT( \ + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ + "15728E5A8AACAA68FFFFFFFFFFFFFFFF" ) + +#define MBEDTLS_DHM_RFC3526_MODP_2048_G \ + MBEDTLS_DEPRECATED_STRING_CONSTANT("02" ) + +#define MBEDTLS_DHM_RFC3526_MODP_3072_P \ + MBEDTLS_DEPRECATED_STRING_CONSTANT( \ + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \ + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \ + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \ + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \ + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ + "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" ) + +#define MBEDTLS_DHM_RFC3526_MODP_3072_G \ + MBEDTLS_DEPRECATED_STRING_CONSTANT("02" ) + +#define MBEDTLS_DHM_RFC3526_MODP_4096_P \ + MBEDTLS_DEPRECATED_STRING_CONSTANT( \ + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \ + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \ + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \ + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \ + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ + "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \ + "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \ + "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \ + "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \ + "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \ + "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \ + "FFFFFFFFFFFFFFFF" ) + +#define MBEDTLS_DHM_RFC3526_MODP_4096_G \ + MBEDTLS_DEPRECATED_STRING_CONSTANT("02" ) + +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + +/* + * Trustworthy DHM parameters in binary form + */ + +#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN { \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ + 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ + 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ + 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ + 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ + 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + +#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 } + +#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN { \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ + 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ + 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ + 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ + 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ + 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \ + 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \ + 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \ + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \ + 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \ + 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \ + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \ + 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \ + 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \ + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \ + 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \ + 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \ + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \ + 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \ + 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \ + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \ + 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + +#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 } + +#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN { \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \ + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \ + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \ + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \ + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \ + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \ + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \ + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \ + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \ + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \ + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \ + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \ + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \ + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \ + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \ + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \ + 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \ + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \ + 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \ + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \ + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \ + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \ + 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \ + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \ + 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \ + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \ + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \ + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \ + 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \ + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \ + 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \ + 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \ + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \ + 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \ + 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \ + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \ + 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \ + 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \ + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \ + 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \ + 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \ + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \ + 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \ + 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \ + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \ + 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, \ + 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, \ + 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, \ + 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, \ + 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, \ + 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, \ + 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, \ + 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, \ + 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \ + 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, \ + 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, \ + 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, \ + 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, \ + 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, \ + 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, \ + 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, \ + 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + +#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 } + +#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN { \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, } + +#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 } + +#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + +#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 } + +#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN { \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + +#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 } + +#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN { \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ + 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ + 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ + 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ + 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ + 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ + 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ + 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ + 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ + 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ + 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ + 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ + 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ + 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ + 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ + 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ + 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ + 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ + 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ + 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ + 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ + 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ + 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ + 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ + 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ + 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ + 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ + 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ + 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ + 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ + 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ + 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ + 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + +#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 } + +#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN { \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ + 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ + 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ + 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ + 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ + 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ + 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ + 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ + 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ + 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ + 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ + 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ + 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ + 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ + 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ + 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ + 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ + 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ + 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ + 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ + 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ + 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ + 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ + 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ + 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ + 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ + 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ + 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ + 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ + 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ + 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ + 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ + 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \ + 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \ + 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \ + 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \ + 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \ + 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \ + 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \ + 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \ + 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \ + 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \ + 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \ + 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \ + 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \ + 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \ + 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \ + 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \ + 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \ + 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \ + 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \ + 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \ + 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \ + 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \ + 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \ + 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \ + 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \ + 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \ + 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \ + 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \ + 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \ + 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \ + 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \ + 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \ + 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF } + +#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 } + #endif /* dhm.h */ diff --git a/library/dhm.c b/library/dhm.c index 344b92cb5c..8d9f663861 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -57,249 +57,6 @@ #define mbedtls_free free #endif -/* - * Diffie-Hellman groups from RFC 5114 - * - * \warning The origin of the primes in RFC 5114 is not documented and - * their use therefore constitutes a security risk! - * - * \deprecated The primes from RFC 5114 are superseded by the primes - * from RFC 3526 and RFC 7919 and should no longer be used. - * They will be removed in the next major version. - */ - -const char * const mbedtls_dhm_rfc5114_modp_2048_p = - "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" - "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" - "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" - "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" - "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" - "B3BF8A317091883681286130BC8985DB1602E714415D9330" - "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" - "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" - "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" - "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" - "CF9DE5384E71B81C0AC4DFFE0C10E64F"; -const char * const mbedtls_dhm_rfc5114_modp_2048_g = - "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" - "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" - "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" - "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" - "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" - "F180EB34118E98D119529A45D6F834566E3025E316A330EF" - "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" - "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" - "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" - "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" - "81BC087F2A7065B384B890D3191F2BFA"; - -/* - * Diffie-Hellman groups from RFC 3526 - */ - -const char * const mbedtls_dhm_rfc3526_modp_2048_p = - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AACAA68FFFFFFFFFFFFFFFF"; -const char * const mbedtls_dhm_rfc3526_modp_2048_g = "02"; - -const char * const mbedtls_dhm_rfc3526_modp_3072_p = - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" - "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"; -const char * const mbedtls_dhm_rfc3526_modp_3072_g = "02"; - -const char * const mbedtls_dhm_rfc3526_modp_4096_p = - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" - "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" - "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" - "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" - "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" - "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" - "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" - "FFFFFFFFFFFFFFFF"; -const char * const mbedtls_dhm_rfc3526_modp_4096_g = "02"; - -/* - * Diffie-Hellman groups from RFC 7919 - */ - -const char * const mbedtls_dhm_rfc7919_ffdhe2048_p = - "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" - "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" - "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" - "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" - "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" - "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" - "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" - "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" - "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" - "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" - "886B423861285C97FFFFFFFFFFFFFFFF"; -const char * const mbedtls_dhm_rfc7919_ffdhe2048_g = "02"; - -const char * const mbedtls_dhm_rfc7919_ffdhe3072_p = - "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" - "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" - "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" - "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" - "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" - "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" - "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" - "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" - "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" - "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" - "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" - "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" - "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" - "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" - "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" - "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF"; -const char * const mbedtls_dhm_rfc7919_ffdhe3072_g = "02"; - -const char * const mbedtls_dhm_rfc7919_ffdhe4096_p = - "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" - "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" - "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" - "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" - "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" - "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" - "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" - "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" - "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" - "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" - "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" - "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" - "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" - "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" - "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" - "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" - "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" - "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" - "A907600A918130C46DC778F971AD0038092999A333CB8B7A" - "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" - "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A" - "FFFFFFFFFFFFFFFF"; -const char * const mbedtls_dhm_rfc7919_ffdhe4096_g = "02"; - -const char * const mbedtls_dhm_rfc7919_ffdhe6144_p = - "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" - "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" - "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" - "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" - "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" - "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" - "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" - "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" - "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" - "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" - "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" - "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" - "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" - "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" - "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" - "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" - "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" - "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" - "A907600A918130C46DC778F971AD0038092999A333CB8B7A" - "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" - "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" - "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" - "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" - "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" - "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" - "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" - "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" - "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" - "D72B03746AE77F5E62292C311562A846505DC82DB854338A" - "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" - "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" - "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF"; -const char * const mbedtls_dhm_rfc7919_ffdhe6144_g = "02"; - -const char * const mbedtls_dhm_rfc7919_ffdhe8192_p = - "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" - "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" - "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" - "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" - "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" - "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" - "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" - "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" - "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" - "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" - "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" - "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" - "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" - "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" - "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" - "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" - "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" - "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" - "A907600A918130C46DC778F971AD0038092999A333CB8B7A" - "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" - "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" - "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" - "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" - "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" - "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" - "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" - "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" - "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" - "D72B03746AE77F5E62292C311562A846505DC82DB854338A" - "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" - "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" - "A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C838" - "1E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E" - "0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665" - "CB2C0F1CC01BD70229388839D2AF05E454504AC78B758282" - "2846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022" - "BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C" - "51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9" - "D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA457" - "1EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30" - "FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D" - "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C" - "D68C8BB7C5C6424CFFFFFFFF" - "FFFFFFFF"; -const char * const mbedtls_dhm_rfc7919_ffdhe8192_g = "02"; - - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; From b953921a4e1af098aabbf748a13f7f2f731280ca Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:13:34 +0100 Subject: [PATCH 0330/1059] Adapt benchmark application to naming and binary format --- programs/test/benchmark.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 9c6d46271b..5361a5c8aa 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -667,14 +667,22 @@ int main( int argc, char *argv[] ) if( todo.dhm ) { int dhm_sizes[] = { 2048, 3072 }; - const char *dhm_P[] = { - mbedtls_dhm_rfc3526_modp_2048_p, - mbedtls_dhm_rfc3526_modp_3072_p, - }; - const char *dhm_G[] = { - mbedtls_dhm_rfc3526_modp_2048_g, - mbedtls_dhm_rfc3526_modp_3072_g, - }; + const unsigned char dhm_P_2048[] = + MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; + const unsigned char dhm_P_3072[] = + MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN; + const unsigned char dhm_G_2048[] = + MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; + const unsigned char dhm_G_3072[] = + MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN; + + const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; + const size_t dhm_P_size[] = { sizeof( dhm_P_2048 ), + sizeof( dhm_P_3072 ) }; + + const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 }; + const size_t dhm_G_size[] = { sizeof( dhm_G_2048 ), + sizeof( dhm_G_3072 ) }; mbedtls_dhm_context dhm; size_t olen; @@ -682,8 +690,10 @@ int main( int argc, char *argv[] ) { mbedtls_dhm_init( &dhm ); - if( mbedtls_mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 || - mbedtls_mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 ) + if( mbedtls_mpi_read_binary( &dhm.P, dhm_P[i], + dhm_P_size[i] ) != 0 || + mbedtls_mpi_read_binary( &dhm.G, dhm_G[i], + dhm_G_size[i] ) != 0 ) { mbedtls_exit( 1 ); } From 00d0a6834ae81c5eea7989a56e8611225884f5c3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:14:29 +0100 Subject: [PATCH 0331/1059] Adapt code setting default DHM parameters --- library/ssl_tls.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1ef50c244e..f233e0a872 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7537,9 +7537,15 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) if( endpoint == MBEDTLS_SSL_IS_SERVER ) { - if( ( ret = mbedtls_ssl_conf_dh_param( conf, - mbedtls_dhm_rfc7919_ffdhe2048_p, - mbedtls_dhm_rfc7919_ffdhe2048_g ) ) != 0 ) + const unsigned char dhm_p[] = + MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; + const unsigned char dhm_g[] = + MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; + + if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_p, + sizeof( dhm_p ) ) ) != 0 || + ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_g, + sizeof( dhm_g ) ) ) != 0 ) { return( ret ); } From 8880e75dcbe06e74ca205e473fa66bbd9a4e4f2c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:15:08 +0100 Subject: [PATCH 0332/1059] Add new function mbedtls_dhm_set_group to DHM Group --- include/mbedtls/dhm.h | 21 +++++++++++++++++++-- library/dhm.c | 22 ++++++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index c105d7a786..de818697de 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -127,8 +127,9 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * the byte-size of an MPI. * * \note This function assumes that ctx->P and ctx->G - * have already been properly set (for example - * using mbedtls_mpi_read_string or mbedtls_mpi_read_binary). + * have already been properly set. For that, use + * \c mbedtls_dhm_set_group below in conjunction with + * \c mbedtls_mpi_read_binary and \c mbedtls_mpi_read_string. * * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code */ @@ -137,6 +138,22 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Set prime modulus and generator + * + * \param ctx DHM context + * \param P MPI holding DHM prime modulus + * \param G MPI holding DHM generator + * + * \note This function can be used to set P, G + * in preparation for \c mbedtls_dhm_make_params. + * + * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code + */ +int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, + const mbedtls_mpi *P, + const mbedtls_mpi *G ); + /** * \brief Import the peer's public value G^Y * diff --git a/library/dhm.c b/library/dhm.c index 8d9f663861..f824f7b9b1 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -218,6 +218,28 @@ cleanup: return( 0 ); } +/* + * Set prime modulus and generator + */ +int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, + const mbedtls_mpi *P, + const mbedtls_mpi *G ) +{ + int ret; + + if( ctx == NULL || P == NULL || G == NULL ) + return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + + if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 || + ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 ) + { + return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret ); + } + + ctx->len = mbedtls_mpi_size( &ctx->P ); + return( 0 ); +} + /* * Import the peer's public value G^Y */ From ab74056037535de9639c9878a20092ec43c7284c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:15:37 +0100 Subject: [PATCH 0333/1059] Make use of `mbedtls_dhm_set_group` when generating DHM params --- library/ssl_srv.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce6..fbfc9222a7 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2940,10 +2940,11 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; */ - if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 || - ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 ) + if( ( ret = mbedtls_dhm_set_group( &ssl->handshake->dhm_ctx, + &ssl->conf->dhm_P, + &ssl->conf->dhm_G ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_set_group", ret ); return( ret ); } From a6dd90de30bc40b8a7703eb79af5420eac8480b5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:15:54 +0100 Subject: [PATCH 0334/1059] Add error string for failure code in `mbedtls_dhm_set_group` --- library/error.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/error.c b/library/error.c index db42381c42..6fa0c21d0f 100644 --- a/library/error.c +++ b/library/error.c @@ -206,6 +206,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" ); if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) ) mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" ); + if( use_ret == -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED) ) + mbedtls_snprintf( buf, buflen, "DHM - Setting modulus and generator failed" ); #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_ECP_C) From 5a7c35d1a8d13824efc6c93ba0be2d617844641e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:32:12 +0100 Subject: [PATCH 0335/1059] Correct documentation of `mbedtls_ssl_conf_dh_param` --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fb2f02f0e8..62f368fc00 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1702,7 +1702,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, /** * \brief Set the Diffie-Hellman public P and G values, * read as hexadecimal strings (server-side only) - * (Default: mbedtls_dhm_rfc7919_ffdhe2048_[pg]) + * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]) * * \param conf SSL configuration * \param dhm_P Diffie-Hellman-Merkle modulus From 0482fd597aae2314e3c97fd5cc37faa4bcd2a101 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:39:08 +0100 Subject: [PATCH 0336/1059] Remove reference to utility program for RFC 3526/7919 verification --- include/mbedtls/dhm.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index de818697de..460ee7f0f1 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -299,8 +299,6 @@ int mbedtls_dhm_self_test( int verbose ); * hence the corresponding subgroup has order (p-1)/2 and avoids leaking a * bit in the private exponent). * - * The above description can be validated using the - * the program programs/util/rfc_3526_7919_verify. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) From 5e6b8d7d29b47954090a09a00f30a0454e1d808c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:41:36 +0100 Subject: [PATCH 0337/1059] Add missing whitespace --- include/mbedtls/dhm.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 460ee7f0f1..73b69e0761 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -372,7 +372,7 @@ MBEDTLS_DEPRECATED typedef char const * deprecated_constant_t; "15728E5A8AACAA68FFFFFFFFFFFFFFFF" ) #define MBEDTLS_DHM_RFC3526_MODP_2048_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT("02" ) + MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) #define MBEDTLS_DHM_RFC3526_MODP_3072_P \ MBEDTLS_DEPRECATED_STRING_CONSTANT( \ @@ -394,7 +394,7 @@ MBEDTLS_DEPRECATED typedef char const * deprecated_constant_t; "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" ) #define MBEDTLS_DHM_RFC3526_MODP_3072_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT("02" ) + MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) #define MBEDTLS_DHM_RFC3526_MODP_4096_P \ MBEDTLS_DEPRECATED_STRING_CONSTANT( \ @@ -422,7 +422,7 @@ MBEDTLS_DEPRECATED typedef char const * deprecated_constant_t; "FFFFFFFFFFFFFFFF" ) #define MBEDTLS_DHM_RFC3526_MODP_4096_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT("02" ) + MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) #endif /* MBEDTLS_DEPRECATED_REMOVED */ From 184f6752566bcae1e6dcdfa8408b9f859d7a5111 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:47:33 +0100 Subject: [PATCH 0338/1059] Improve debugging output --- library/ssl_tls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d2ca101577..1623674298 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1270,7 +1270,8 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) if( ssl->out_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content too large, maximum %d", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d", + (unsigned) ssl->out_msglen, MBEDTLS_SSL_MAX_CONTENT_LEN ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } From d25d44413453bd72e00171812b79905e123c6c1d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 13:56:42 +0100 Subject: [PATCH 0339/1059] Don't allocate space for DTLS header if DTLS is disabled --- include/mbedtls/ssl_internal.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 916817a222..3ce4945650 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -158,11 +158,17 @@ #error Bad configuration - protected record payload too large. #endif -#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_PAYLOAD_LEN \ - + 5 /* TLS record header */ \ - + 8 /* Additional DTLS fields */ \ - ) +#if !defined(MBEDTLS_SSL_PROTO_DTLS) +/* https://tools.ietf.org/html/rfc5246#section-6.2 */ +#define MBEDTLS_SSL_HEADER_LEN 5 +#else +/* https://tools.ietf.org/html/rfc6347#section-4.1 */ +/* 8 additional bytes for epoch and sequence number */ +#define MBEDTLS_SSL_HEADER_LEN 13 +#endif +#define MBEDTLS_SSL_BUFFER_LEN \ + ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) ) /* * TLS extension flags (for extensions with outgoing ServerHello content From 470a8c4d8767565baa0f1c55f1b1487e2152cdbb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 15:28:46 +0100 Subject: [PATCH 0340/1059] Deprecate mbedtls_ssl_conf_dh_param --- include/mbedtls/ssl.h | 18 +++++++++++++++--- library/ssl_tls.c | 3 +++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 62f368fc00..13ee5bd874 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1699,6 +1699,15 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif + /** * \brief Set the Diffie-Hellman public P and G values, * read as hexadecimal strings (server-side only) @@ -1708,12 +1717,15 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, * \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_G Diffie-Hellman-Merkle generator * + * \deprecated Superseded by \c mbedtls_ssl_conf_dh_param_bin. + * * \return 0 if successful */ -int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, - const char *dhm_P, - const char *dhm_G ); +MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, + const char *dhm_P, + const char *dhm_G ); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Set the Diffie-Hellman public P and G values, * read from existing context (server-side only) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f233e0a872..fe945c3c96 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6115,6 +6115,8 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) { int ret; @@ -6129,6 +6131,7 @@ int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, cons return( 0 ); } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) { From a90658f248cc7842d1b644f62c12deb9d2b32408 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 15:29:08 +0100 Subject: [PATCH 0341/1059] Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ library/ssl_tls.c | 24 ++++++++++++++++++++---- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 13ee5bd874..32cec54b1d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1726,6 +1726,24 @@ MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_G ); #endif /* MBEDTLS_DEPRECATED_REMOVED */ + +/** + * \brief Set the Diffie-Hellman public P and G values + * from big-endian binary presentations. + * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN) + * + * \param conf SSL configuration + * \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form + * \param P_len Length of DHM modulus + * \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form + * \param G_len Length of DHM generator + * + * \return 0 if successful + */ +int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, + const unsigned char *dhm_P, size_t P_len, + const unsigned char *dhm_G, size_t G_len ); + /** * \brief Set the Diffie-Hellman public P and G values, * read from existing context (server-side only) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fe945c3c96..89d223d6a2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6133,6 +6133,23 @@ int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, cons } #endif /* MBEDTLS_DEPRECATED_REMOVED */ +int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, + const unsigned char *dhm_P, size_t P_len, + const unsigned char *dhm_G, size_t G_len ) +{ + int ret; + + if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 || + ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 ) + { + mbedtls_mpi_free( &conf->dhm_P ); + mbedtls_mpi_free( &conf->dhm_G ); + return( ret ); + } + + return( 0 ); +} + int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) { int ret; @@ -7545,10 +7562,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, const unsigned char dhm_g[] = MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_p, - sizeof( dhm_p ) ) ) != 0 || - ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_g, - sizeof( dhm_g ) ) ) != 0 ) + if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf, + dhm_p, sizeof( dhm_p ), + dhm_g, sizeof( dhm_g ) ) ) != 0 ) { return( ret ); } From e3481ab533b6416ec3609e2873424a72ce5cdd37 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 4 Oct 2017 16:05:10 +0100 Subject: [PATCH 0342/1059] Improve top warning in dhm.h --- include/mbedtls/dhm.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 73b69e0761..479aef8416 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -36,6 +36,14 @@ * primes cannot be trusted because of the possibility of backdoors * that can't be effectively checked for. * + * Diffie-Hellman-Merkle is therefore a security risk when not using + * standardized primes generated using a trustworthy ("nothing up + * my sleeve") method, such as the RFC 3526 / 7919 primes. In the TLS + * protocol, DH parameters need to be negotiated, so using the default + * primes systematically is not always an option. If possible, use + * Elliptic Curve Diffie-Hellman (ECDH), which has better performance, + * and for which the TLS protocol mandates the use of standard + * parameters that were generated in a nothing-up-my-sleeve manner. * We therefore consider DHE a security risk. If possible, it is * recommended users should consider preferring other methods of * key exchange. From 86e5230e548ae792bd2d8bd14483c2ac7479da9e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 09:08:53 +0100 Subject: [PATCH 0343/1059] Adapt ChangeLog --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4436237ae2..8bf697a224 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,13 @@ Bugfix * Correct extraction of signature-type from PK instance in X.509 CRT and CSR writing routines that prevented these functions to work with alternative RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011. + * Don't print X.509 version tag for v1 CRT's, and omit extensions for + non-v3 CRT's. + +Changes + * Extend cert_write example program by options to set the CRT version + and the message digest. Further, allow enabling/disabling of authority + identifier, subject identifier and basic constraints extensions. = mbed TLS 2.6.0 branch released 2017-08-10 From 3cdc7119726013ed9d7b27b251da83808201cae3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 10:09:31 +0100 Subject: [PATCH 0344/1059] Deprecate usage of RSA primitives with wrong key type Further, state explicitly that wrong key types need not be supported by alternative RSA implementations, and that those may instead return the newly introduced error code MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. --- include/mbedtls/rsa.h | 117 ++++++++++++++++++++++++++++++++++++++++-- library/error.c | 2 + 2 files changed, 115 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 7d7469d509..2ffb7ab3f8 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -48,6 +48,7 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ +#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't provide the requested operation. */ /* * RSA constants @@ -250,6 +251,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size @@ -273,6 +283,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size @@ -299,6 +318,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size @@ -327,13 +355,22 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size @@ -359,13 +396,22 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size @@ -393,16 +439,25 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The input buffer must be as large as the size + * \note The input buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, @@ -430,6 +485,15 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the signing operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -460,6 +524,15 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the signing operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -488,6 +561,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the signing operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -522,6 +604,15 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the verify operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -552,6 +643,15 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the verify operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -580,6 +680,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the verify operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * diff --git a/library/error.c b/library/error.c index db42381c42..0217767ccf 100644 --- a/library/error.c +++ b/library/error.c @@ -331,6 +331,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); + if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) + mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't provide the requested operation" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) From 1613715f6f6d3d97d4ef77987bae02d1d3de4c67 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 10:10:30 +0100 Subject: [PATCH 0345/1059] Adapt ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index e199682eab..b7fb5d5d64 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. +API Changes + * Deprecate usage of RSA primitives with non-matching key-type + (e.g., signing with a public key). + = mbed TLS 2.6.0 branch released 2017-08-10 Security From f8b56d4e411cca80ad3788f3fa3fe0741a9acd89 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 10:16:37 +0100 Subject: [PATCH 0346/1059] Adapt RSA test suite Don't expect alternative implementations to implement the RSA operations for wrong key-types. --- tests/suites/test_suite_rsa.function | 65 ++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d48bc8595e..a6bd7c124c 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -59,9 +59,12 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig msg_len = unhexify( message_str, message_hex_string ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), + message_str, msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, digest, 0, + hash_result, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len ); @@ -70,7 +73,8 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); + mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -118,6 +122,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, char *input_N, int radix_E, char *input_E, char *result_hex_str ) { + int res; unsigned char message_str[1000]; unsigned char hash_result[1000]; unsigned char output[1000]; @@ -156,7 +161,9 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, unhexify( message_str, message_hex_string ); hash_len = unhexify( hash_result, hash_result_string ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_len, hash_result, output ) == 0 ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, + hash_len, hash_result, output ) == 0 ); hexify( output_str, output, ctx.len ); @@ -168,13 +175,22 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, + res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, - hash_len, hash_result, output ) == 0 ); + hash_len, hash_result, output ); - hexify( output_str, output, ctx.len ); +#if !defined(MBEDTLS_RSA_ALT) + TEST_ASSERT( res == 0 ); +#else + TEST_ASSERT( ( res == 0 ) || + ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); +#endif - TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + if( res == 0 ) + { + hexify( output_str, output, ctx.len ); + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } } exit: @@ -189,6 +205,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, char *input_N, int radix_E, char *input_E, char *result_hex_str, int correct ) { + int res; unsigned char message_str[1000]; unsigned char hash_result[1000]; unsigned char result_str[1000]; @@ -219,15 +236,25 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, { int ok; - TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, + res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, - &olen, result_str, output, sizeof( output ) ) == 0 ); + &olen, result_str, output, sizeof( output ) ); - ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0; - if( correct == 0 ) - TEST_ASSERT( ok == 1 ); - else - TEST_ASSERT( ok == 0 ); +#if !defined(MBEDTLS_RSA_ALT) + TEST_ASSERT( res == 0 ); +#else + TEST_ASSERT( ( res == 0 ) || + ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); +#endif + + if( res == 0 ) + { + ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0; + if( correct == 0 ) + TEST_ASSERT( ok == 1 ); + else + TEST_ASSERT( ok == 0 ); + } } exit: @@ -262,7 +289,9 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int msg_len = unhexify( message_str, message_hex_string ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PUBLIC, msg_len, + message_str, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len ); @@ -300,7 +329,9 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode, msg_len = unhexify( message_str, message_hex_string ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, + MBEDTLS_RSA_PUBLIC, msg_len, + message_str, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len ); From bc389d1d3c8edd41a8d82c8e7d0c56b222853189 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 11:49:53 +0100 Subject: [PATCH 0347/1059] Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code --- include/mbedtls/rsa.h | 3 ++- library/error.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 2ffb7ab3f8..562395f2b4 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -48,7 +48,8 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ -#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't provide the requested operation. */ +#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, + e.g. because of security violations or lack of functionality */ /* * RSA constants diff --git a/library/error.c b/library/error.c index 0217767ccf..66e6aa23c7 100644 --- a/library/error.c +++ b/library/error.c @@ -332,7 +332,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) - mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't provide the requested operation" ); + mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, "\ + "e.g. because of security violations or lack of functionality" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) From 7e304fcac93209450fd835a006405d3cf48f0216 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 11:50:16 +0100 Subject: [PATCH 0348/1059] Move deprecation to separate section in ChangeLog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index b7fb5d5d64..569f12f60d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,7 @@ Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. -API Changes +New deprecations * Deprecate usage of RSA primitives with non-matching key-type (e.g., signing with a public key). From 074c58f08bceeb50fd59c131ed54c07db356df37 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:33:34 +0100 Subject: [PATCH 0349/1059] Always print gmt_unix_time in TLS client Change ssl_parse_server_hello() so that the parsed first four random bytes from the ServerHello message are printed by the TLS client as a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The debug message will only be printed if debug_level is 3 or higher. Unconditionally enabling the debug print enabled testing of this value. --- library/ssl_cli.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 19bf021e26..544c8cf5c2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1448,9 +1448,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif int handshake_failure = 0; const mbedtls_ssl_ciphersuite_t *suite_info; -#if defined(MBEDTLS_DEBUG_C) - uint32_t t; -#endif MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); @@ -1553,13 +1550,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); } -#if defined(MBEDTLS_DEBUG_C) - t = ( (uint32_t) buf[2] << 24 ) - | ( (uint32_t) buf[3] << 16 ) - | ( (uint32_t) buf[4] << 8 ) - | ( (uint32_t) buf[5] ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); -#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", + ( (uint32_t) buf[2] << 24 ) | + ( (uint32_t) buf[3] << 16 ) | + ( (uint32_t) buf[4] << 8 ) | + ( (uint32_t) buf[5] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); From a46a58ab942c324c414d46bc78fb4eb4db26f4ee Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:38:07 +0100 Subject: [PATCH 0350/1059] Extend ssl-opt.h so that run_test takes function Extend the run_test function in ssl-opt.sh so that it accepts the -f and -F options. These parameters take an argument which is the name of a shell function that will be called by run_test and will be given the client input and output debug log. The idea is that these functions are defined by each test and they can be used to do some custom check beyon those allowed by the pattern matching capabilities of the run_test function. --- tests/ssl-opt.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc63486..b349512cc4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -357,9 +357,11 @@ detect_dtls() { # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output # -u pattern lines after pattern must be unique in client output +# -f call shell function on client output # -S pattern pattern that must be absent in server output # -C pattern pattern that must be absent in client output # -U pattern lines after pattern must be unique in server output +# -F call shell function on server output run_test() { NAME="$1" shift 1 @@ -546,6 +548,18 @@ run_test() { return fi ;; + "-F") + if ! $2 "$SRV_OUT"; then + fail "function call to '$2' failed on Server output" + return + fi + ;; + "-f") + if ! $2 "$CLI_OUT"; then + fail "function call to '$2' failed on Client output" + return + fi + ;; *) echo "Unknown test: $1" >&2 From ac36e382a97a54b06cca1f61f70eddc8c3904f4d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:44:01 +0100 Subject: [PATCH 0351/1059] Add ssl-opt.sh test to check gmt_unix_time is good Add a test to ssl-opt.sh that parses the client and server debug output and then checks that the Unix timestamp in the ServerHello message is within acceptable bounds. --- tests/ssl-opt.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b349512cc4..e23daeeaff 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -321,6 +321,33 @@ wait_server_start() { fi } +# Given the client or server debug output, parse the unix timestamp that is +# included in the first 4 bytes of the random bytes and check that its within +# acceptable bounds +check_server_hello_time() { + # Extract the time from the debug (lvl 3) output of the client + SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')" + # Get the Unix timestamp for now + CUR_TIME=$(date +'%s') + THRESHOLD_IN_SECS=300 + + # Check if the ServerHello time was printed + if [ -z "$SERVER_HELLO_TIME" ]; then + return 1 + fi + + # Check the time in ServerHello is within acceptable bounds + if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then + # The time in ServerHello is at least 5 minutes before now + return 1 + elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then + # The time in ServerHello is at least 5 minues later than now + return 1 + else + return 0 + fi +} + # wait for client to terminate and set CLI_EXIT # must be called right after starting the client wait_client_done() { @@ -696,6 +723,21 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" +# Test current time in ServerHello +requires_config_enabled MBEDTLS_HAVE_TIME +run_test "Default, ServerHello contains gmt_unix_time" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3" \ + 0 \ + -s "Protocol is TLSv1.2" \ + -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ + -s "client hello v3, signature_algorithm ext: 6" \ + -s "ECDHE curve: secp521r1" \ + -S "error" \ + -C "error" \ + -f "check_server_hello_time" \ + -F "check_server_hello_time" + # Test for uniqueness of IVs in AEAD ciphersuites run_test "Unique IV in GCM" \ "$P_SRV exchanges=20 debug_level=4" \ From 5987ef451ca75fa492cbd1e8c4a8d3fed5aaf42f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 14 Sep 2017 12:41:29 +0100 Subject: [PATCH 0352/1059] Fix typos in ssl-opt.sh comments --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e23daeeaff..1a9482f104 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -322,7 +322,7 @@ wait_server_start() { } # Given the client or server debug output, parse the unix timestamp that is -# included in the first 4 bytes of the random bytes and check that its within +# included in the first 4 bytes of the random bytes and check that it's within # acceptable bounds check_server_hello_time() { # Extract the time from the debug (lvl 3) output of the client @@ -341,7 +341,7 @@ check_server_hello_time() { # The time in ServerHello is at least 5 minutes before now return 1 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then - # The time in ServerHello is at least 5 minues later than now + # The time in ServerHello is at least 5 minutes later than now return 1 else return 0 From acdae0cb33fe51e2693a92fa8a015bb784cac833 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 15 Sep 2017 15:49:24 +0100 Subject: [PATCH 0353/1059] Remove use of GNU sed features from ssl-opt.sh --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1a9482f104..7fcca685b1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -326,7 +326,7 @@ wait_server_start() { # acceptable bounds check_server_hello_time() { # Extract the time from the debug (lvl 3) output of the client - SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')" + SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" # Get the Unix timestamp for now CUR_TIME=$(date +'%s') THRESHOLD_IN_SECS=300 From b04e2c3d8159493c118f9774e8f2588521aedd77 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 15:45:12 +0200 Subject: [PATCH 0354/1059] Allow comments in test data files --- ChangeLog | 3 +++ tests/scripts/generate_code.pl | 21 +++++++++++++++++++++ tests/suites/main_test.function | 19 ++++++++++++------- tests/suites/test_suite_md.data | 1 + tests/suites/test_suite_mdx.data | 1 + tests/suites/test_suite_rsa.data | 3 +++ tests/suites/test_suite_shax.data | 1 + 7 files changed, 42 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index e199682eab..ab4c50db4e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x released xxxx-xx-xx +Features + * Allow comments in test data files. + Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 84e949dfad..a486319469 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -49,6 +49,27 @@ # file name is used to replace the symbol 'TESTCASE_FILENAME' in the main # code file above. # +# A test data file consists of a sequence of paragraphs separated by +# a single empty line. Line breaks may be in Unix (LF) or Windows (CRLF) +# format. Lines starting with the character '#' are ignored +# (the parser behaves as if they were not present). +# +# Each paragraph describes one test case and must consist of: (1) one +# line which is the test case name; (2) an optional line starting with +# the 11-character prefix "depends_on:"; (3) a line containing the test +# function to execute and its parameters. +# +# A depends_on: line consists of a list of compile-time options +# separated by the character ':', with no whitespace. The test case +# is executed only if this compilation option is enabled in config.h. +# +# The last line of each paragraph contains a test function name and +# a list of parameters separated by the character ':'. Running the +# test case calls this function with the specified parameters. Each +# parameter may either be an integer written in decimal or hexadecimal, +# or a string surrounded by double quotes which may not contain the +# ':' character. +# use strict; diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index a7bb41de35..551f239d23 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -140,14 +140,19 @@ int get_line( FILE *f, char *buf, size_t len ) { char *ret; - ret = fgets( buf, len, f ); - if( ret == NULL ) - return( -1 ); + buf[0] = '#'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) - buf[strlen(buf) - 1] = '\0'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) - buf[strlen(buf) - 1] = '\0'; + while( buf[0] == '#' ) + { + ret = fgets( buf, len, f ); + if( ret == NULL ) + return( -1 ); + + if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) + buf[strlen(buf) - 1] = '\0'; + if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) + buf[strlen(buf) - 1] = '\0'; + } return( 0 ); } diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 71d1f6dde5..abd8e55d94 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -1,3 +1,4 @@ +# Tests of the generic message digest interface MD process mbedtls_md_process: diff --git a/tests/suites/test_suite_mdx.data b/tests/suites/test_suite_mdx.data index 2d403b4108..3d063a4770 100644 --- a/tests/suites/test_suite_mdx.data +++ b/tests/suites/test_suite_mdx.data @@ -1,3 +1,4 @@ +# Test MD2, MD4, MD5 and RIPEMD160 mbedtls_md2 Test vector RFC1319 #1 md2_text:"":"8350e5a3e24c153df2275c9f80692773" diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5013ac8b00..fc7d93588d 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,5 +1,6 @@ RSA PKCS1 Verify v1.5 CAVS #1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 +# Good padding but wrong hash mbedtls_rsa_pkcs1_verify:"d6248c3e96b1a7e5fea978870fcc4c9786b4e5156e16b7faef4557d667f730b8bc4c784ef00c624df5309513c3a5de8ca94c2152e0459618666d3148092562ebc256ffca45b27fd2d63c68bd5e0a0aefbe496e9e63838a361b1db6fc272464f191490bf9c029643c49d2d9cd08833b8a70b4b3431f56fb1eb55ccd39e77a9c92":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #2 @@ -24,6 +25,7 @@ mbedtls_rsa_pkcs1_verify:"44637d3b8de525fd589237bc81229c8966d3af24540850c2403633 RSA PKCS1 Verify v1.5 CAVS #7 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 +# Bad padding after performing the public key operation mbedtls_rsa_pkcs1_verify:"d03f12276f6ba7545b8fce719471bd253791878809694e8754f3b389f26c9253a758ed28b4c62535a8d5702d7a778731d5759ff2b3b39b192db680e791632918b6093c0e8ca25c2bf756a07fde4144a37f769fe4054455a45cb8cefe4462e7a9a45ce71f2189b4fef01b47aee8585d44dc9d6fa627a3e5f08801871731f234cd":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_INVALID_PADDING RSA PKCS1 Verify v1.5 CAVS #8 @@ -365,6 +367,7 @@ RSA Generate Key - 2048 bit key mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key +# mbedtls_rsa_gen_key only supports even-sized keys mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Encrypt Bad RNG diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index ea2a18380d..ee8074dc08 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -1,3 +1,4 @@ +# Test the operation of SHA-1 and SHA-2 SHA-1 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA1_C mbedtls_sha1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709" From 964faeb6c4248a015df2375c26a864f53b93d8a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 18:00:25 +0200 Subject: [PATCH 0355/1059] Cleaned up get_line for test data files Look, ma, a use for do...while! Also removed 1-3 calls to strlen. --- tests/suites/main_test.function | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 551f239d23..20add3c776 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -136,23 +136,31 @@ DISPATCH_FUNCTION "TESTCASE_FILENAME" +/** Retrieve one input line into buf, which must have room for len + * bytes. The trailing line break (if any) is stripped from the result. + * Lines beginning with the character '#' are skipped. Lines that are + * more than len-1 bytes long including the trailing line break are + * truncated; note that the following bytes remain in the input stream. + * + * \return 0 on success, -1 on error or end of file + */ int get_line( FILE *f, char *buf, size_t len ) { char *ret; - buf[0] = '#'; - - while( buf[0] == '#' ) + do { ret = fgets( buf, len, f ); if( ret == NULL ) return( -1 ); - - if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) - buf[strlen(buf) - 1] = '\0'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) - buf[strlen(buf) - 1] = '\0'; } + while( buf[0] == '#' ); + + ret = buf + strlen( buf ); + if( ret-- > buf && *ret == '\n' ) + *ret = '\0'; + if( ret-- > buf && *ret == '\r' ) + *ret = '\0'; return( 0 ); } From e1a94a64042414b6c7a8af604ce5fd901f4fde09 Mon Sep 17 00:00:00 2001 From: Xinyu Chen Date: Tue, 22 Nov 2016 14:56:18 +0800 Subject: [PATCH 0356/1059] Correct the printf message of the DTLS handshake. Make it consistent with dtls_server.c --- programs/ssl/dtls_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index e18ee42a12..f271bad30f 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -203,7 +203,7 @@ int main( int argc, char *argv[] ) /* * 4. Handshake */ - mbedtls_printf( " . Performing the SSL/TLS handshake..." ); + mbedtls_printf( " . Performing the DTLS handshake..." ); fflush( stdout ); do ret = mbedtls_ssl_handshake( &ssl ); From cb8d54b22d68e108b8ea0a5134d9a6f790afb6e1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 23 Aug 2017 16:04:40 +0300 Subject: [PATCH 0357/1059] Fix typo in configs/README.txt file Fix typo in Readme file: ajust->adjust --- configs/README.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/README.txt b/configs/README.txt index e9867bc150..933fa7f21d 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -8,7 +8,7 @@ These files are complete replacements for the default config.h. To use one of them, you can pick one of the following methods: 1. Replace the default file include/mbedtls/config.h with the chosen one. - (Depending on your compiler, you may need to ajust the line with + (Depending on your compiler, you may need to adjust the line with #include "mbedtls/check_config.h" then.) 2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly. From b25c0c78cfacf535287d4a959426e8221dcc4ed9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 May 2017 11:24:30 +0100 Subject: [PATCH 0358/1059] Add test case calling ssl_set_hostname twice Add a test case calling ssl_set_hostname twice to test_suite_ssl. When run in CMake build mode ASan, this catches the current leak, but will hopefully be fine with the new version. --- tests/suites/test_suite_ssl.data | 3 +++ tests/suites/test_suite_ssl.function | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index a39f6f09f0..b92c1fe8a2 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -54,3 +54,6 @@ ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd12340101":0 SSL DTLS replay: big jump then just delayed ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd123400ff":0 + +SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice +ssl_set_hostname_twice:"server0":"server1" diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8d3448cbc3..60683afeec 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -40,3 +40,16 @@ void ssl_dtls_replay( char *prevs, char *new, int ret ) mbedtls_ssl_config_free( &conf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ +void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) +{ + mbedtls_ssl_context ssl; + mbedtls_ssl_init( &ssl ); + + TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 ); + TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 ); + + mbedtls_ssl_free( &ssl ); +} +/* END_CASE */ \ No newline at end of file From 947194e7cfe9e8c84eec2221ad67439ae6d0ed2f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 13:25:49 +0100 Subject: [PATCH 0359/1059] Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter. --- library/ssl_tls.c | 55 +++++++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b388156dfc..b837690c2e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6166,7 +6166,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, { conf->sig_hashes = hashes; } -#endif +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(MBEDTLS_ECP_C) /* @@ -6177,32 +6177,51 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, { conf->curve_list = curve_list; } -#endif +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) { - size_t hostname_len; + /* Initialize to suppress unnecessary compiler warning */ + size_t hostname_len = 0; + + /* Check if new hostname is valid before + * making any change to current one */ + + if( hostname != NULL ) + { + hostname_len = strlen( hostname ); + + if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + /* Now it's clear that we will overwrite the old hostname, + * so we can free it safely */ + + if( ssl->hostname != NULL ) + { + mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_free( ssl->hostname ); + } + + /* Passing NULL as hostname shall clear the old one */ if( hostname == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + { + ssl->hostname = NULL; + } + else + { + ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - hostname_len = strlen( hostname ); + if( ssl->hostname == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - if( hostname_len + 1 == 0 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + memcpy( ssl->hostname, hostname, hostname_len ); - if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - - if( ssl->hostname == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - memcpy( ssl->hostname, hostname, hostname_len ); - - ssl->hostname[hostname_len] = '\0'; + ssl->hostname[hostname_len] = '\0'; + } return( 0 ); } From 0446a39744fb4f6eeb1936a464ea3890fc4e7bcc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 12:59:32 +0100 Subject: [PATCH 0360/1059] Enhance documentation of mbedtls_ssl_set_hostname (1) Add missing error condition (2) Specify allowance and effect of of NULL hostname parameter (3) Describe effect of function on failure --- include/mbedtls/ssl.h | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc00070062..87ea00dbb6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1794,15 +1794,23 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** - * \brief Set the hostname to check against the received server - * certificate. It sets the ServerName TLS extension too, - * if the extension is enabled. - * (client-side only) + * \brief Set or reset the hostname to check against the received + * server certificate. It sets the ServerName TLS extension, + * too, if that extension is enabled. (client-side only) * * \param ssl SSL context - * \param hostname the server hostname + * \param hostname the server hostname, may be NULL to clear hostname + + * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. + * + * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * too long input hostname. + * + * \post Hostname set to the one provided on success (cleared + * when NULL). On allocation failure hostname is cleared. + * On too long input failure, old hostname is unchanged. * - * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ From 1a9a51c7cfec37271b064324883bbd03087d125c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 13:02:16 +0100 Subject: [PATCH 0361/1059] Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. Add a reference to the relevant RFC, adapt ChangeLog. --- ChangeLog | 2 ++ include/mbedtls/ssl.h | 5 ++--- library/ssl_cli.c | 8 ++++++++ library/ssl_tls.c | 2 +- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index ab4c50db4e..8729c87e21 100644 --- a/ChangeLog +++ b/ChangeLog @@ -198,6 +198,8 @@ Security team. #569 CVE-2017-2784 Bugfix + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 87ea00dbb6..e98101e19d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1804,13 +1804,12 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * - * \post Hostname set to the one provided on success (cleared + * Hostname set to the one provided on success (cleared * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. - * */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe1..19bf021e26 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -80,6 +80,13 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, } /* + * Sect. 3, RFC 6066 (TLS Extensions Definitions) + * + * In order to provide any of the server names, clients MAY include an + * extension of type "server_name" in the (extended) client hello. The + * "extension_data" field of this extension SHALL contain + * "ServerNameList" where: + * * struct { * NameType name_type; * select (name_type) { @@ -96,6 +103,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * struct { * ServerName server_name_list<1..2^16-1> * } ServerNameList; + * */ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b837690c2e..10fff954c9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6225,7 +6225,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) return( 0 ); } -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, From 2c4f9460ea98ca0a1d5eefbd10cf6c33c3629b7e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 30 Sep 2017 23:39:46 +0100 Subject: [PATCH 0362/1059] Update ChangeLog for fix to #836 --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8729c87e21..ad773c73aa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ Features Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by projectgus and jethrogb, #836. = mbed TLS 2.6.0 branch released 2017-08-10 @@ -198,8 +200,6 @@ Security team. #569 CVE-2017-2784 Bugfix - * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. - Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be From 71f68c4043fe5cd9bab9e7d7cfdd953cb5c81192 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 26 Sep 2017 11:29:11 +0300 Subject: [PATCH 0363/1059] Fix ssl_server2 sample application prompt FIx the type of server_addr parameter from %d to %s. Issue reported by Email by Bei Jin --- programs/ssl/ssl_server2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a25886824e..1285abcbd1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -326,7 +326,7 @@ int main( void ) #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ - " server_addr=%%d default: (all interfaces)\n" \ + " server_addr=%%s default: (all interfaces)\n" \ " server_port=%%d default: 4433\n" \ " debug_level=%%d default: 0 (disabled)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ From 16373a5933489c5f7d9a412f5c6a280aff31eb1e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 2 Oct 2017 19:12:54 +0100 Subject: [PATCH 0364/1059] Fix changelog for ssl_server2.c usage fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index ad773c73aa..a89f2a4677 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Bugfix as recommended in RFC 6347 Section 4.1.2.7. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. + * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. = mbed TLS 2.6.0 branch released 2017-08-10 From 11cb578fda46941807c6d09fd790752c87f62cde Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 Jun 2017 14:52:39 +0200 Subject: [PATCH 0365/1059] Note in README that GNU make is required Our README claims that we only use basic Make functionality, but in fact GNU make is required for conditional compilation. Document this. Addresses issue #967 --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 11b4ebf6a4..624e03fe31 100644 --- a/README.md +++ b/README.md @@ -14,11 +14,11 @@ Compiling There are currently four active build systems used within mbed TLS releases: - yotta -- Make +- GNU Make - CMake - Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010) -The main systems used for development are CMake and Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. +The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. Yotta, as a build system, is slightly different from the other build systems: @@ -54,9 +54,9 @@ For more details on the yotta/mbed OS edition of mbed TLS, including example pro ### Make -We intentionally only use the minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make or on different platforms. As such, the Makefiles sometimes require some manual changes or export statements in order to work for your platform. +We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. -In order to build from the source code using Make, just enter at the command line: +In order to build from the source code using GNU Make, just enter at the command line: make From 470edd031fce0aed8303d7add0f48c3c5abf9177 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Oct 2017 10:52:50 +0200 Subject: [PATCH 0366/1059] Restored note about using minimum functionality in makefiles --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 624e03fe31..5ffd2ae561 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ For more details on the yotta/mbed OS edition of mbed TLS, including example pro We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. +We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake. + In order to build from the source code using GNU Make, just enter at the command line: make From 6bce9cb5acbbdc56877e34126253703fdf744d20 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:33:34 +0100 Subject: [PATCH 0367/1059] Always print gmt_unix_time in TLS client Change ssl_parse_server_hello() so that the parsed first four random bytes from the ServerHello message are printed by the TLS client as a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The debug message will only be printed if debug_level is 3 or higher. Unconditionally enabling the debug print enabled testing of this value. --- library/ssl_cli.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 19bf021e26..544c8cf5c2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1448,9 +1448,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif int handshake_failure = 0; const mbedtls_ssl_ciphersuite_t *suite_info; -#if defined(MBEDTLS_DEBUG_C) - uint32_t t; -#endif MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); @@ -1553,13 +1550,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); } -#if defined(MBEDTLS_DEBUG_C) - t = ( (uint32_t) buf[2] << 24 ) - | ( (uint32_t) buf[3] << 16 ) - | ( (uint32_t) buf[4] << 8 ) - | ( (uint32_t) buf[5] ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); -#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", + ( (uint32_t) buf[2] << 24 ) | + ( (uint32_t) buf[3] << 16 ) | + ( (uint32_t) buf[4] << 8 ) | + ( (uint32_t) buf[5] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); From 93993defd1afee80cfbca5ca13039da5bd55a891 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:38:07 +0100 Subject: [PATCH 0368/1059] Extend ssl-opt.h so that run_test takes function Extend the run_test function in ssl-opt.sh so that it accepts the -f and -F options. These parameters take an argument which is the name of a shell function that will be called by run_test and will be given the client input and output debug log. The idea is that these functions are defined by each test and they can be used to do some custom check beyon those allowed by the pattern matching capabilities of the run_test function. --- tests/ssl-opt.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc63486..b349512cc4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -357,9 +357,11 @@ detect_dtls() { # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output # -u pattern lines after pattern must be unique in client output +# -f call shell function on client output # -S pattern pattern that must be absent in server output # -C pattern pattern that must be absent in client output # -U pattern lines after pattern must be unique in server output +# -F call shell function on server output run_test() { NAME="$1" shift 1 @@ -546,6 +548,18 @@ run_test() { return fi ;; + "-F") + if ! $2 "$SRV_OUT"; then + fail "function call to '$2' failed on Server output" + return + fi + ;; + "-f") + if ! $2 "$CLI_OUT"; then + fail "function call to '$2' failed on Client output" + return + fi + ;; *) echo "Unknown test: $1" >&2 From b84c40b12f4db5f17f2b1623a79449d7ec3ad936 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:44:01 +0100 Subject: [PATCH 0369/1059] Add ssl-opt.sh test to check gmt_unix_time is good Add a test to ssl-opt.sh that parses the client and server debug output and then checks that the Unix timestamp in the ServerHello message is within acceptable bounds. --- tests/ssl-opt.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b349512cc4..e23daeeaff 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -321,6 +321,33 @@ wait_server_start() { fi } +# Given the client or server debug output, parse the unix timestamp that is +# included in the first 4 bytes of the random bytes and check that its within +# acceptable bounds +check_server_hello_time() { + # Extract the time from the debug (lvl 3) output of the client + SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')" + # Get the Unix timestamp for now + CUR_TIME=$(date +'%s') + THRESHOLD_IN_SECS=300 + + # Check if the ServerHello time was printed + if [ -z "$SERVER_HELLO_TIME" ]; then + return 1 + fi + + # Check the time in ServerHello is within acceptable bounds + if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then + # The time in ServerHello is at least 5 minutes before now + return 1 + elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then + # The time in ServerHello is at least 5 minues later than now + return 1 + else + return 0 + fi +} + # wait for client to terminate and set CLI_EXIT # must be called right after starting the client wait_client_done() { @@ -696,6 +723,21 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" +# Test current time in ServerHello +requires_config_enabled MBEDTLS_HAVE_TIME +run_test "Default, ServerHello contains gmt_unix_time" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3" \ + 0 \ + -s "Protocol is TLSv1.2" \ + -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ + -s "client hello v3, signature_algorithm ext: 6" \ + -s "ECDHE curve: secp521r1" \ + -S "error" \ + -C "error" \ + -f "check_server_hello_time" \ + -F "check_server_hello_time" + # Test for uniqueness of IVs in AEAD ciphersuites run_test "Unique IV in GCM" \ "$P_SRV exchanges=20 debug_level=4" \ From 3b1bdff28579e9537e5e2d2f165a3a01f011d9ff Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 14 Sep 2017 12:41:29 +0100 Subject: [PATCH 0370/1059] Fix typos in ssl-opt.sh comments --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e23daeeaff..1a9482f104 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -322,7 +322,7 @@ wait_server_start() { } # Given the client or server debug output, parse the unix timestamp that is -# included in the first 4 bytes of the random bytes and check that its within +# included in the first 4 bytes of the random bytes and check that it's within # acceptable bounds check_server_hello_time() { # Extract the time from the debug (lvl 3) output of the client @@ -341,7 +341,7 @@ check_server_hello_time() { # The time in ServerHello is at least 5 minutes before now return 1 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then - # The time in ServerHello is at least 5 minues later than now + # The time in ServerHello is at least 5 minutes later than now return 1 else return 0 From 67d8da522fa46270be593b8f6f38de0f748d8251 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 15 Sep 2017 15:49:24 +0100 Subject: [PATCH 0371/1059] Remove use of GNU sed features from ssl-opt.sh --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1a9482f104..7fcca685b1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -326,7 +326,7 @@ wait_server_start() { # acceptable bounds check_server_hello_time() { # Extract the time from the debug (lvl 3) output of the client - SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')" + SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" # Get the Unix timestamp for now CUR_TIME=$(date +'%s') THRESHOLD_IN_SECS=300 From 21acb66cba6bd3ef6a12c9d65e43d1168ae2baee Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 6 Oct 2017 14:38:15 +0100 Subject: [PATCH 0372/1059] Correct typo: PBDFK -> PBKDF --- tests/suites/test_suite_pkparse.data | 72 ++++++++++++++-------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index b0fd49bd7b..df7c1407c4 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -218,147 +218,147 @@ Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der":"PolarSSLTest":0 -Parse RSA Key #38 (PKCS#8 encrypted v2 PBDFK2 3DES) +Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTest":0 -Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) +Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBKDF2 3DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) +Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBKDF2 3DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #39 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit) +Parse RSA Key #39 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTest":0 -Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, wrong PW) +Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, no PW) +Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #40 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit) +Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0 -Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, wrong PW) +Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, no PW) +Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #41 (PKCS#8 encrypted v2 PBDFK2 3DES DER) +Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTest":0 -Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) +Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) +Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #42 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit) +Parse RSA Key #42 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTest":0 -Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, wrong PW) +Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, no PW) +Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #43 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit) +Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0 -Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, wrong PW) +Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, no PW) +Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #44 (PKCS#8 encrypted v2 PBDFK2 DES) +Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTest":0 -Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBDFK2 DES, wrong PW) +Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBKDF2 DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBDFK2 DES, no PW) +Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBKDF2 DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #45 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) +Parse RSA Key #45 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTest":0 -Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit, wrong PW) +Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit, no PW) +Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #46 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit) +Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0 -Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit, wrong PW) +Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit, no PW) +Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #47 (PKCS#8 encrypted v2 PBDFK2 DES DER) +Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTest":0 -Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, wrong PW) +Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, no PW) +Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #48 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit) +Parse RSA Key #48 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTest":0 -Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit, wrong PW) +Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit, no PW) +Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #49 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit) +Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0 -Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit, wrong PW) +Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit, no PW) +Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT From def0339db2ffb08abb7e26db9d6523d584566f17 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 1 Oct 2017 16:42:29 +0100 Subject: [PATCH 0373/1059] Ensure failed test_suite output is sent to stdout The change modifies the template code in tests/suites/helpers.function and tests/suites/main.function so that error messages are printed to stdout instead of being discarded. This makes errors visible regardless of the --verbose flag being passed or not to the test suite programs. --- tests/suites/helpers.function | 19 +++++++++++++------ tests/suites/main_test.function | 24 +++++++++++++++++++----- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 63815df852..cac104a3b8 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -99,7 +99,15 @@ typedef UINT32 uint32_t; /*----------------------------------------------------------------------------*/ /* Global variables */ -static int test_errors = 0; + +static struct +{ + int failed; + const char *test; + const char *filename; + int line_no; +} +test_info; /*----------------------------------------------------------------------------*/ @@ -395,10 +403,9 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) static void test_fail( const char *test, int line_no, const char* filename ) { - test_errors++; - if( test_errors == 1 ) - mbedtls_fprintf( stdout, "FAILED\n" ); - mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", test, line_no, - filename ); + test_info.failed = 1; + test_info.test = test; + test_info.line_no = line_no; + test_info.filename = filename; } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 20add3c776..120247e538 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -339,6 +339,9 @@ int main(int argc, const char *argv[]) testfile_count = 1; } + /* Initialize the struct that holds information about the last test */ + memset( &test_info, 0, sizeof( test_info ) ); + /* Now begin to execute the tests in the testfiles */ for ( testfile_index = 0; testfile_index < testfile_count; @@ -369,7 +372,7 @@ int main(int argc, const char *argv[]) if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; - mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); + mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf ); mbedtls_fprintf( stdout, " " ); for( i = strlen( buf ) + 1; i < 67; i++ ) mbedtls_fprintf( stdout, "." ); @@ -409,11 +412,11 @@ int main(int argc, const char *argv[]) break; cnt = parse_arguments( buf, strlen(buf), params ); } - + // If there are no unmet dependencies execute the test if( unmet_dep_count == 0 ) { - test_errors = 0; + test_info.failed = 0; #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) /* Suppress all output from the library unless we're verbose @@ -467,9 +470,20 @@ int main(int argc, const char *argv[]) unmet_dep_count = 0; } - else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) + else if( ret == DISPATCH_TEST_SUCCESS ) { - mbedtls_fprintf( stdout, "PASS\n" ); + if( test_info.failed == 0 ) + { + mbedtls_fprintf( stdout, "PASS\n" ); + } + else + { + total_errors++; + mbedtls_fprintf( stdout, "FAILED\n" ); + mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", + test_info.test, test_info.line_no, + test_info.filename ); + } fflush( stdout ); } else if( ret == DISPATCH_INVALID_TEST_DATA ) From 3f50f511de4079ed492d589b7ffe761ad539a72c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 1 Oct 2017 16:42:29 +0100 Subject: [PATCH 0374/1059] Ensure failed test_suite output is sent to stdout The change modifies the template code in tests/suites/helpers.function and tests/suites/main.function so that error messages are printed to stdout instead of being discarded. This makes errors visible regardless of the --verbose flag being passed or not to the test suite programs. --- tests/suites/helpers.function | 19 +++++++++++++------ tests/suites/main_test.function | 24 +++++++++++++++++++----- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 63815df852..cac104a3b8 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -99,7 +99,15 @@ typedef UINT32 uint32_t; /*----------------------------------------------------------------------------*/ /* Global variables */ -static int test_errors = 0; + +static struct +{ + int failed; + const char *test; + const char *filename; + int line_no; +} +test_info; /*----------------------------------------------------------------------------*/ @@ -395,10 +403,9 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) static void test_fail( const char *test, int line_no, const char* filename ) { - test_errors++; - if( test_errors == 1 ) - mbedtls_fprintf( stdout, "FAILED\n" ); - mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", test, line_no, - filename ); + test_info.failed = 1; + test_info.test = test; + test_info.line_no = line_no; + test_info.filename = filename; } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 20add3c776..120247e538 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -339,6 +339,9 @@ int main(int argc, const char *argv[]) testfile_count = 1; } + /* Initialize the struct that holds information about the last test */ + memset( &test_info, 0, sizeof( test_info ) ); + /* Now begin to execute the tests in the testfiles */ for ( testfile_index = 0; testfile_index < testfile_count; @@ -369,7 +372,7 @@ int main(int argc, const char *argv[]) if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; - mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); + mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf ); mbedtls_fprintf( stdout, " " ); for( i = strlen( buf ) + 1; i < 67; i++ ) mbedtls_fprintf( stdout, "." ); @@ -409,11 +412,11 @@ int main(int argc, const char *argv[]) break; cnt = parse_arguments( buf, strlen(buf), params ); } - + // If there are no unmet dependencies execute the test if( unmet_dep_count == 0 ) { - test_errors = 0; + test_info.failed = 0; #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) /* Suppress all output from the library unless we're verbose @@ -467,9 +470,20 @@ int main(int argc, const char *argv[]) unmet_dep_count = 0; } - else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) + else if( ret == DISPATCH_TEST_SUCCESS ) { - mbedtls_fprintf( stdout, "PASS\n" ); + if( test_info.failed == 0 ) + { + mbedtls_fprintf( stdout, "PASS\n" ); + } + else + { + total_errors++; + mbedtls_fprintf( stdout, "FAILED\n" ); + mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", + test_info.test, test_info.line_no, + test_info.filename ); + } fflush( stdout ); } else if( ret == DISPATCH_INVALID_TEST_DATA ) From 86968c6dd1d5b272de78060a6dca7f7f2f961574 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 14:04:40 +0100 Subject: [PATCH 0375/1059] Fix typo and bracketing in macro args --- library/net_sockets.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a4..31c42db05a 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -63,8 +63,8 @@ #endif #endif /* _MSC_VER */ -#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0) -#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0) +#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) +#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) #define close(fd) closesocket(fd) static int wsa_init_done = 0; @@ -85,7 +85,7 @@ static int wsa_init_done = 0; #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* Some MS functions want int and MSVC warns if we pass size_t, - * but the standard fucntions use socklen_t, so cast only for MSVC */ + * but the standard functions use socklen_t, so cast only for MSVC */ #if defined(_MSC_VER) #define MSVC_INT_CAST (int) #else From 36855d66bbdc5c204013b125a0d60ea4b3b061f4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 9 Oct 2017 17:22:07 +0100 Subject: [PATCH 0376/1059] Change generate_errors.pl to call perl grep Change the script generate_errors.pl to call the grep function in Perl instead of calling the external tool grep directly as this causes problems when ANSI escape sequences are included in the grep output string. --- scripts/generate_errors.pl | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index cfcf07c8f3..040a48895b 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -46,7 +46,14 @@ close(FORMAT_FILE); $/ = $line_separator; -open(GREP, "grep \"define MBEDTLS_ERR_\" $include_dir/* |") || die("Failure when calling grep: $!"); +my @files = <$include_dir/*>; +my @matches; +foreach my $file (@files) { + open(FILE, "$file"); + my @grep_res = grep(/define MBEDTLS_ERR_/, ); + push(@matches, @grep_res); + close FILE; +} my $ll_old_define = ""; my $hl_old_define = ""; @@ -58,7 +65,8 @@ my $headers = ""; my %error_codes_seen; -while (my $line = ) + +foreach my $line (@matches) { next if ($line =~ /compat-1.2.h/); my ($error_name, $error_code) = $line =~ /(MBEDTLS_ERR_\w+)\s+\-(0x\w+)/; From d0c56de93415a44671716dc927e1033d038ab913 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 10 Oct 2017 17:03:08 +0300 Subject: [PATCH 0377/1059] Add support for public keys encoded with PKCS#1 1) Add support for public keys encoded with PKCS#1 2) Add tests for PKCS#1 PEM and DER, and PKCS#8 DER --- ChangeLog | 1 + library/pkparse.c | 163 +++++++++++++++++++-------- tests/data_files/format_gen_der.pub | Bin 0 -> 162 bytes tests/data_files/public_rsa_key.der | Bin 0 -> 294 bytes tests/data_files/public_rsa_key.pem | 8 ++ tests/suites/test_suite_pkparse.data | 12 ++ 6 files changed, 135 insertions(+), 49 deletions(-) create mode 100644 tests/data_files/format_gen_der.pub create mode 100644 tests/data_files/public_rsa_key.der create mode 100644 tests/data_files/public_rsa_key.pem diff --git a/ChangeLog b/ChangeLog index b3d4d519af..f13982b623 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Allow comments in test data files. + * Add support for public keys encoded in PKCS#1 format Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. diff --git a/library/pkparse.c b/library/pkparse.c index efdf437466..1d573a4005 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -637,11 +637,11 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_RSA_C) /* - * Parse a PKCS#1 encoded private RSA key + * Parse a PKCS#1 encoded private( mode 0 )/public( mode 1 ) RSA key */ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, const unsigned char *key, - size_t keylen ) + size_t keylen , int mode) { int ret; size_t len; @@ -649,7 +649,16 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, p = (unsigned char *) key; end = p + keylen; + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + { + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + end = p + len; + + if( mode == 0 ) + { /* * This function parses the RSAPrivateKey (PKCS#1) * @@ -666,52 +675,77 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) + { + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + if( rsa->ver != 0 ) + { + return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); + } + + if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) + { + mbedtls_rsa_free( rsa ); + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + rsa->len = mbedtls_mpi_size( &rsa->N ); + + if( p != end ) + { + mbedtls_rsa_free( rsa ); + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + + if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) + { + mbedtls_rsa_free( rsa ); + return( ret ); + } } - - end = p + len; - - if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) + else /* public key*/ { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + /* + * This function parses the RSAPublicKey (PKCS#1) + * + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ + if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ) + { + mbedtls_rsa_free( rsa ); + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + rsa->len = mbedtls_mpi_size( &rsa->N ); + + if( p != end ) + { + mbedtls_rsa_free( rsa ); + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + + if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) + { + mbedtls_rsa_free( rsa ); + return( ret ); + } + } - - if( rsa->ver != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); - } - - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - rsa->len = mbedtls_mpi_size( &rsa->N ); - - if( p != end ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } - - if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( ret ); - } - return( 0 ); } #endif /* MBEDTLS_RSA_C */ @@ -907,7 +941,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA ) { - if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) + if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len, 0 ) ) != 0 ) { mbedtls_pk_free( pk ); return( ret ); @@ -1086,7 +1120,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), - pem.buf, pem.buflen ) ) != 0 ) + pem.buf, pem.buflen, 0 ) ) != 0 ) { mbedtls_pk_free( pk ); } @@ -1218,7 +1252,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) + ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen, 0 ) ) == 0 ) { return( 0 ); } @@ -1255,8 +1289,39 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, mbedtls_pem_context pem; mbedtls_pem_init( &pem ); - +#if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ + if( keylen == 0 || key[keylen - 1] != '\0' ) + ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; + else + ret = mbedtls_pem_read_buffer( &pem, + "-----BEGIN RSA PUBLIC KEY-----", + "-----END RSA PUBLIC KEY-----", + key, NULL, 0, &len ); + + if( ret == 0 ) + { + const mbedtls_pk_info_t *pk_info; + if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) + return( ret ); + + if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ), + pem.buf, pem.buflen, 1 ) ) != 0 ) + mbedtls_pk_free( ctx ); + mbedtls_pem_free( &pem ); + return( ret ); + } + else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + { + mbedtls_pem_free( &pem ); + return( ret ); + } +#endif /* MBEDTLS_RSA_C */ + + /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if( keylen == 0 || key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else diff --git a/tests/data_files/format_gen_der.pub b/tests/data_files/format_gen_der.pub new file mode 100644 index 0000000000000000000000000000000000000000..fe429985bf29b545b3d52a24b692807062a827b5 GIT binary patch literal 162 zcmV;T0A2qufuAr91_>&LNQUm7(YwGJ1K49Joe8Zo!w`XNif5NQbH1%0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>l*+EQ+)gnMp6SCRo zNgj~*v=fEN&(1&-bb~o94M#At+spgeT+|;r0~RDR}=#Z?|>tl{KOuq z>sU7xJQQ^`1*|*ikdk}dMm(;uNzxXg`zx^Uik|N(Ko$l~U(Q2@Ix6)`_H z4r0-653FbEfi~qV5^|-3=PnS;9nqV+w%-szaJv4@z8_XFP8lt4Aya3@KH3d}QwP>g z+Ap~=M{_xH$7t{buyk$sPyTmYVyjBY>+C}}= sh~f Date: Tue, 10 Oct 2017 14:44:53 +0100 Subject: [PATCH 0378/1059] Allow default arguments for client/server/proxy in ssl-opt.sh ssl-opt.sh checks whether the client, server and proxy commands are names of executable files, forbidding the use of default arguments by by e.g. setting P_SRV="ssl_server2 debug_level=3". This commit relaxes this check, only considering the part of the command string prior to the first whitespace. --- tests/ssl-opt.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc63486..7f5510cce1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -597,16 +597,22 @@ fi get_options "$@" # sanity checks, avoid an avalanche of errors -if [ ! -x "$P_SRV" ]; then - echo "Command '$P_SRV' is not an executable file" +P_SRV_BIN=$(echo "$P_SRV" | sed -r -n "s/^([^ ]*).*$/\1/p") +echo "Server binary: ${P_SRV_BIN}" +P_CLI_BIN=$(echo "$P_CLI" | sed -r -n "s/^([^ ]*).*$/\1/p") +echo "Client binary: ${P_CLI_BIN}" +P_PXY_BIN=$(echo "$P_PXY" | sed -r -n "s/^([^ ]*).*$/\1/p") +echo "Proxy binary: ${P_PXY_BIN}" +if [ ! -x "$P_SRV_BIN" ]; then + echo "Command '$P_SRV_BIN' is not an executable file" exit 1 fi -if [ ! -x "$P_CLI" ]; then - echo "Command '$P_CLI' is not an executable file" +if [ ! -x "$P_CLI_BIN" ]; then + echo "Command '$P_CLI_BIN' is not an executable file" exit 1 fi -if [ ! -x "$P_PXY" ]; then - echo "Command '$P_PXY' is not an executable file" +if [ ! -x "$P_PXY_BIN" ]; then + echo "Command '$P_PXY_BIN' is not an executable file" exit 1 fi if [ "$MEMCHECK" -gt 0 ]; then From f65ca329b6e9b75694fce075f5eef8d19681e4a6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 14:44:57 +0100 Subject: [PATCH 0379/1059] Introduce UDP proxy wrapper script This commit introduces the script `programs/test/udp_proxy_wrapper.sh` which can be used to wrap the SSL server binary `programs/ssl/ssl_server2` by the UDP proxy application `programs/test/udp_proxy` while maintaining the same interface from the command line. Specifically, given UDP proxy arguments ARGS_UDP and SSL server arguments ARGS_SSL, the command line > ./udp_proxy_wrapper.sh ARGS_UDP -- ARGS_SSL behaves like > ./ssl_server2 ARGS_SSL wrapped by > ./udp_proxy ARGS_UDP The motivation and benefit of this is that scripts like `ssl-opt.sh` can be used with the server command line `P_SRV` modified to `./udp_proxy_wrapper.sh ARGS_UDP -- DEFAULT_ARGS_SSL` which will result in all tests being executed for an SSL server behind a UDP proxy. --- programs/test/udp_proxy_wrapper.sh | 103 +++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100755 programs/test/udp_proxy_wrapper.sh diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh new file mode 100755 index 0000000000..415f883995 --- /dev/null +++ b/programs/test/udp_proxy_wrapper.sh @@ -0,0 +1,103 @@ +#!/bin/sh + +set -u + +MBEDTLS_BASE="$(pwd)/$(dirname $0)/../../" +TPXY_BIN="$MBEDTLS_BASE/test/udp_proxy" +SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2" + +: ${VERBOSE:=0} +VERBOSE=1 + +PARAM_SEP="^(.*)--(.*)$" +PROXY_PARAMS=$(echo $@ | sed -n -r "s/$PARAM_SEP/\1/p") +SERVER_PARAMS=$(echo $@ | sed -n -r "s/$PARAM_SEP/\2/p") + +stop_proxy() { + test -n "${TPXY_PID:-}" && + ( + echo "\n * Killing proxy (pid $TPXY_PID) ..." + kill $TPXY_PID + ) +} + +stop_server() { + test -n "${SRV_PID:-}" && + ( + echo "\n * Killing server (pid $SRV_PID) ..." + kill $SRV_PID >/dev/null 2>/dev/null + ) +} + +cleanup() { + stop_server + stop_proxy + return 1 +} + +trap cleanup INT TERM HUP + +DTLS_ENABLED=$(echo "$SERVER_PARAMS" | grep -v "::1" | grep "dtls=1") +if [ -z "$DTLS_ENABLED" ]; then + echo " * Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." + if [ $VERBOSE -gt 0 ]; then + echo "[ $SRV_BIN $SERVER_PARAMS ]" + fi + $SRV_BIN $SERVER_PARAMS >&1 2>&1 & + SRV_PID=$! + wait $SRV_PID + exit 0 +fi + +SERVER_PORT_ORIG=$(echo "$SERVER_PARAMS" | sed -n -r "s/^.*server_port=([0-9]+).*$/\1/p") +if [ -z "$SERVER_PORT_ORIG" ]; then + echo " * No server port specified - exit" + exit 1 +fi + +SERVER_ADDR_ORIG=$(echo "$SERVER_PARAMS" | sed -n -r "s/^.*server_addr=([a-zA-Z0-9\.]+).*$/\1/p") +if [ -z "$SERVER_ADDR_ORIG" ]; then + echo " * No server address specified - exit" + exit 1 +fi + +echo " * Server address: $SERVER_ADDR_ORIG" +echo " * Server port: $SERVER_PORT_ORIG" + +SERVER_PORT=$(( $SERVER_PORT_ORIG + 1 )) +echo " * Intermediate port: $SERVER_PORT" + +TPXY_CMD=\ +"$TPXY_BIN $PROXY_PARAMS "\ +"listen_port=$SERVER_PORT_ORIG "\ +"server_port=$SERVER_PORT "\ +"server_addr=$SERVER_ADDR_ORIG "\ +"listen_addr=$SERVER_ADDR_ORIG" + +echo " * Start proxy in background ..." +if [ $VERBOSE -gt 0 ]; then + echo "[ $TPXY_CMD ]" +fi + +$TPXY_CMD >/dev/null 2>&1 & +TPXY_PID=$! + +if [ $VERBOSE -gt 0 ]; then + echo " * Proxy ID: $TPXY_PID" +fi + +SERVER_PARAMS_NEW=$(echo $SERVER_PARAMS | sed -n -r "s/^(.*server_port=)[0-9]+(.*)$/\1$SERVER_PORT\2/p") +SRV_CMD="$SRV_BIN $SERVER_PARAMS_NEW" + +echo " * Starting server ..." +if [ $VERBOSE -gt 0 ]; then + echo "[ $SRV_CMD ]" +fi + +$SRV_CMD >&2 & +SRV_PID=$! + +wait $SRV_PID + +stop_proxy +return 0 From 1dd62ea81139e9fff902b6ee9e5701f342d4e022 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 22 May 2017 14:30:59 +0100 Subject: [PATCH 0380/1059] Add packing option to UDP proxy This commit provides the new option pack=TIME for the udp proxy ./programs/test/udp_proxy. If used, udp packets with the same destination will be queued and concatenated for up to TIME milliseconds before being delivered. This is useful to test how mbed TLS's deals with multiple DTLS records within a single datagram. --- programs/test/udp_proxy.c | 137 +++++++++++++++++++++++++++++++++++--- 1 file changed, 128 insertions(+), 9 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 20624d227f..bb5537ff10 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -85,6 +85,7 @@ int main( void ) #define DFL_SERVER_PORT "4433" #define DFL_LISTEN_ADDR "localhost" #define DFL_LISTEN_PORT "5556" +#define DFL_PACK 0 #define USAGE \ "\n usage: udp_proxy param=<>...\n" \ @@ -108,6 +109,8 @@ int main( void ) " protect_len=%%d default: (don't protect packets of this size)\n" \ "\n" \ " seed=%%d default: (use current time)\n" \ + " pack=%%d default: 0 (don't merge)\n" \ + " options: t > 0 (merge for t milliseconds)\n" \ "\n" /* @@ -128,6 +131,8 @@ static struct options int bad_ad; /* inject corrupted ApplicationData record */ int protect_hvr; /* never drop or delay HelloVerifyRequest */ int protect_len; /* never drop/delay packet of the given size*/ + int merge; /* merge packets into single datagram for + * at most \c merge milliseconds if > 0 */ unsigned int seed; /* seed for "random" events */ } opt; @@ -152,6 +157,7 @@ static void get_options( int argc, char *argv[] ) opt.server_port = DFL_SERVER_PORT; opt.listen_addr = DFL_LISTEN_ADDR; opt.listen_port = DFL_LISTEN_PORT; + opt.merge = DFL_PACK; /* Other members default to 0 */ for( i = 1; i < argc; i++ ) @@ -193,6 +199,10 @@ static void get_options( int argc, char *argv[] ) if( opt.drop < 0 || opt.drop > 20 || opt.drop == 1 ) exit_usage( p, q ); } + else if( strcmp( p, "pack" ) == 0 ) + { + opt.merge = atoi( q ); + } else if( strcmp( p, "mtu" ) == 0 ) { opt.mtu = atoi( q ); @@ -288,6 +298,94 @@ static unsigned long ellapsed_time( void ) #endif } +typedef struct +{ + mbedtls_net_context *ctx; + + const char *description; + + unsigned long packet_lifetime; + size_t num_datagrams; + + unsigned char data[MAX_MSG_SIZE]; + unsigned len; + +} ctx_buffer; + +static ctx_buffer outbuf[2]; + +static int ctx_buffer_flush( ctx_buffer *buf ) +{ + int ret; + + mbedtls_printf( " %05lu flush %s: %u bytes, %lu datagrams, " + "last %ld ms\n", ellapsed_time(), + buf->description, buf->len, buf->num_datagrams, + ellapsed_time() - buf->packet_lifetime ); + + ret = mbedtls_net_send( buf->ctx, buf->data, buf->len ); + + buf->len = 0; + buf->num_datagrams = 0; + + return( ret ); +} + +static inline int ctx_buffer_check( ctx_buffer *buf ) +{ + if( buf->len > 0 && + ellapsed_time() - buf->packet_lifetime >= (size_t) opt.merge ) + { + return( ctx_buffer_flush( buf ) ); + } + + return( 0 ); +} + +static int ctx_buffer_append( ctx_buffer *buf, + const unsigned char * data, + size_t len ) +{ + int ret; + + if( len > sizeof( buf->data ) ) + { + mbedtls_printf( " ! buffer size %lu too large (max %lu)\n", + len, sizeof( buf->data ) ); + return( -1 ); + } + + if( sizeof( buf->data ) - buf->len < len ) + { + if( ( ret = ctx_buffer_flush( buf ) ) <= 0 ) + return( ret ); + } + + memcpy( buf->data + buf->len, data, len ); + + buf->len += len; + if( ++buf->num_datagrams == 1 ) + buf->packet_lifetime = ellapsed_time(); + + return( len ); +} + +static int dispatch_data( mbedtls_net_context *ctx, + const unsigned char * data, + size_t len ) +{ + ctx_buffer *buf = NULL; + if( outbuf[0].ctx == ctx ) + buf = &outbuf[0]; + else if( outbuf[1].ctx == ctx ) + buf = &outbuf[1]; + + if( buf == NULL ) + return( mbedtls_net_send( ctx, data, len ) ); + + return( ctx_buffer_append( buf, data, len ) ); +} + typedef struct { mbedtls_net_context *dst; @@ -301,10 +399,10 @@ typedef struct void print_packet( const packet *p, const char *why ) { if( why == NULL ) - mbedtls_printf( " %05lu %s %s (%u bytes)\n", + mbedtls_printf( " %05lu dispatch %s %s (%u bytes)\n", ellapsed_time(), p->way, p->type, p->len ); else - mbedtls_printf( " %s %s (%u bytes): %s\n", + mbedtls_printf( " dispatch %s %s (%u bytes): %s\n", p->way, p->type, p->len, why ); fflush( stdout ); } @@ -323,17 +421,17 @@ int send_packet( const packet *p, const char *why ) ++buf[p->len - 1]; print_packet( p, "corrupted" ); - if( ( ret = mbedtls_net_send( dst, buf, p->len ) ) <= 0 ) + if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 ) { - mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); + mbedtls_printf( " ! dispatch returned %d\n", ret ); return( ret ); } } print_packet( p, why ); - if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 ) + if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 ) { - mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); + mbedtls_printf( " ! dispatch returned %d\n", ret ); return( ret ); } @@ -344,9 +442,9 @@ int send_packet( const packet *p, const char *why ) { print_packet( p, "duplicated" ); - if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 ) + if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 ) { - mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); + mbedtls_printf( " ! dispatch returned %d\n", ret ); return( ret ); } } @@ -471,10 +569,14 @@ int main( int argc, char *argv[] ) int ret; mbedtls_net_context listen_fd, client_fd, server_fd; + struct timeval tm; int nb_fds; fd_set read_fds; + tm.tv_sec = 0; + tm.tv_usec = 0; + mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); mbedtls_net_init( &server_fd ); @@ -560,6 +662,19 @@ accept: nb_fds = listen_fd.fd; ++nb_fds; + if( opt.merge > 0 ) + { + outbuf[0].ctx = &server_fd; + outbuf[0].description = "S <- C"; + outbuf[0].num_datagrams = 0; + outbuf[0].len = 0; + + outbuf[1].ctx = &client_fd; + outbuf[1].description = "S -> C"; + outbuf[1].num_datagrams = 0; + outbuf[1].len = 0; + } + while( 1 ) { FD_ZERO( &read_fds ); @@ -567,7 +682,10 @@ accept: FD_SET( client_fd.fd, &read_fds ); FD_SET( listen_fd.fd, &read_fds ); - if( ( ret = select( nb_fds, &read_fds, NULL, NULL, NULL ) ) <= 0 ) + ctx_buffer_check( &outbuf[0] ); + ctx_buffer_check( &outbuf[1] ); + + if( ( ret = select( nb_fds, &read_fds, NULL, NULL, &tm ) ) < 0 ) { perror( "select" ); goto exit; @@ -589,6 +707,7 @@ accept: &client_fd, &server_fd ) ) != 0 ) goto accept; } + } exit: From fbb0b701e4d6ee7c5cd30394ddde8cf1e4def5d7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 May 2017 16:55:07 +0100 Subject: [PATCH 0381/1059] Corrupt application data in the beginning instead of the end in UDP proxy The UDP proxy corrupts application data at the end of the datagram. If there are multiple DTLS records within the same datagram, this leads to the wrong message being corrupted. This commit always corrupts the beginning of the message to prevent this. Overall, the UDP proxy needs reworking if it is supposed to reliably support multiple records within a single datagram, because it determines its actions from the type of the first record in the current datagram only. --- programs/test/udp_proxy.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index bb5537ff10..c978f9047d 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -418,9 +418,17 @@ int send_packet( const packet *p, const char *why ) { unsigned char buf[MAX_MSG_SIZE]; memcpy( buf, p->buf, p->len ); - ++buf[p->len - 1]; - print_packet( p, "corrupted" ); + if( p->len <= 13 ) + { + mbedtls_printf( " ! can't corrupt empty AD record" ); + } + else + { + ++buf[13]; + print_packet( p, "corrupted" ); + } + if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 ) { mbedtls_printf( " ! dispatch returned %d\n", ret ); From e65ce7862a40a9abbfda6ae374cb755033029a8d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 22 May 2017 14:47:48 +0100 Subject: [PATCH 0382/1059] Enhance debugging output in ssl_tls.c Give a note on the debugging output on the following occasions: (1) The timer expires in mbedtls_ssl_fetch_input (2) There's more than one records within a single datagram --- library/ssl_tls.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065b..759dca0131 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2294,7 +2294,10 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) * that will end up being dropped. */ if( ssl_check_timer( ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) ); ret = MBEDTLS_ERR_SSL_TIMEOUT; + } else { len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf ); @@ -3921,7 +3924,13 @@ read_record_header: /* Done reading this record, get ready for the next one */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl ); + if( ssl->next_record_offset < ssl->in_left ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) ); + } + } else #endif ssl->in_left = 0; From e09ca3d9b68486fa9a4c368fd6578c68fc54c242 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 22 May 2017 15:06:06 +0100 Subject: [PATCH 0383/1059] Add polling function for network contexts This commit adds a function `mbedtls_net_poll` to the network module allowing to check if a network context is available for read or write. --- include/mbedtls/net_sockets.h | 28 ++++++++++++++++++ library/error.c | 4 +++ library/net_sockets.c | 56 +++++++++++++++++++++++++++++++++-- 3 files changed, 86 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index de335526fe..2777b79e4f 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -45,12 +45,17 @@ #define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ #define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ #define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ +#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 /**< Polling the net context failed. */ +#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 /**< Input invalid. */ #define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ #define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ #define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ +#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */ +#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */ + #ifdef __cplusplus extern "C" { #endif @@ -131,6 +136,29 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, mbedtls_net_context *client_ctx, void *client_ip, size_t buf_size, size_t *ip_len ); +/** + * \brief Check and wait for the context to be ready for read/write + * + * \param ctx Socket to check + * \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and + * MBEDTLS_NET_POLL_WRITE specifying the events + * to wait for: + * - If MBEDTLS_NET_POLL_READ is set, the function + * will return as soon as the net context is available + * for reading. + * - If MBEDTLS_NET_POLL_WRITE is set, the function + * will return as soon as the net context is available + * for writing. + * \param timeout Maximal amount of time to wait before returning, + * in milliseconds. If \c timeout is zero, the + * function returns immediately. If \c timeout is + * -1u, the function blocks potentially indefinitely. + * + * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE + * on success or timeout, or a negative return code otherwise. + */ +int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ); + /** * \brief Set the socket blocking * diff --git a/library/error.c b/library/error.c index db42381c42..8977cc4e56 100644 --- a/library/error.c +++ b/library/error.c @@ -654,6 +654,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" ); if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) ) mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" ); + if( use_ret == -(MBEDTLS_ERR_NET_POLL_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Polling the net context failed" ); + if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "NET - Input invalid" ); #endif /* MBEDTLS_NET_C */ #if defined(MBEDTLS_OID_C) diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a4..edd0844168 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -433,6 +433,58 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) #endif } +/* + * Check if data is available on the socket + */ + +int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) +{ + int ret; + struct timeval tv; + + fd_set read_fds; + fd_set write_fds; + + int fd = ctx->fd; + + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + FD_ZERO( &read_fds ); + if( rw & MBEDTLS_NET_POLL_READ ) + { + rw &= ~MBEDTLS_NET_POLL_READ; + FD_SET( fd, &read_fds ); + } + + FD_ZERO( &write_fds ); + if( rw & MBEDTLS_NET_POLL_WRITE ) + { + rw &= ~MBEDTLS_NET_POLL_WRITE; + FD_SET( fd, &write_fds ); + } + + if( rw != 0 ) + return( MBEDTLS_ERR_NET_BAD_INPUT_DATA ); + + tv.tv_sec = timeout / 1000; + tv.tv_usec = ( timeout % 1000 ) * 1000; + + ret = select( fd + 1, &read_fds, &write_fds, NULL, + timeout == (uint32_t) -1u ? NULL : &tv ); + + if( ret < 0 ) + return( MBEDTLS_ERR_NET_POLL_FAILED ); + + ret = 0; + if( FD_ISSET( fd, &read_fds ) ) + ret |= MBEDTLS_NET_POLL_READ; + if( FD_ISSET( fd, &write_fds ) ) + ret |= MBEDTLS_NET_POLL_WRITE; + + return( ret ); +} + /* * Portable usleep helper */ @@ -492,8 +544,8 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) /* * Read at most 'len' characters, blocking for at most 'timeout' ms */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ) +int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, + size_t len, uint32_t timeout ) { int ret; struct timeval tv; From 16970d29127332e109f928fbe9efecc0a118c8dc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 15:56:37 +0100 Subject: [PATCH 0384/1059] Add support for event-driven IO in ssl_client2 and ssl_server2 --- programs/ssl/ssl_client2.c | 302 +++++++++++++++++++++++++++++++------ programs/ssl/ssl_server2.c | 185 +++++++++++++++++++++-- 2 files changed, 429 insertions(+), 58 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5032a9f3d5..e82adaa7b7 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -70,6 +70,7 @@ int main( void ) #define DFL_REQUEST_SIZE -1 #define DFL_DEBUG_LEVEL 0 #define DFL_NBIO 0 +#define DFL_EVENT 0 #define DFL_READ_TIMEOUT 0 #define DFL_MAX_RESEND 0 #define DFL_CA_FILE "" @@ -243,23 +244,25 @@ int main( void ) " server_port=%%d default: 4433\n" \ " request_page=%%s default: \".\"\n" \ " request_size=%%d default: about 34 (basic request)\n" \ - " (minimum: 0, max: 16384)\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " nbio=%%d default: 0 (blocking I/O)\n" \ - " options: 1 (non-blocking), 2 (added delays)\n" \ - " read_timeout=%%d default: 0 ms (no timeout)\n" \ + " (minimum: 0, max: 16384)\n" \ + " debug_level=%%d default: 0 (disabled)\n" \ + " nbio=%%d default: 0 (blocking I/O)\n" \ + " options: 1 (non-blocking), 2 (added delays)\n" \ + " event=%%d default: 0 (loop)\n" \ + " options: 1 (level-triggered, implies nbio=1),\n" \ + " read_timeout=%%d default: 0 ms (no timeout)\n" \ " max_resend=%%d default: 0 (no resend on timeout)\n" \ "\n" \ USAGE_DTLS \ "\n" \ - " auth_mode=%%s default: (library default: none)\n" \ + " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ USAGE_IO \ "\n" \ USAGE_PSK \ USAGE_ECJPAKE \ "\n" \ - " allow_legacy=%%d default: (library default: no)\n" \ + " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ " exchanges=%%d default: 1\n" \ " reconnect=%%d default: 0 (disabled)\n" \ @@ -299,7 +302,8 @@ struct options const char *server_port; /* port on which the ssl service runs */ int debug_level; /* level of debugging */ int nbio; /* should I/O be blocking? */ - uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ + int event; /* loop or event-driven IO? level or edge triggered? */ + uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ int max_resend; /* DTLS times to resend on read timeout */ const char *request_page; /* page on server to request */ int request_size; /* pad request with header to requested size */ @@ -433,6 +437,78 @@ static int ssl_sig_hashes_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ +/* + * Wait for an event from the underlying transport or the timer + * (Used in event-driven IO mode). + */ +#if !defined(MBEDTLS_TIMING_C) +void idle( mbedtls_ssl_context *ssl, + mbedtls_net_context *fd, + int idle_reason ) +{ +#else +void idle( mbedtls_ssl_context *ssl, + mbedtls_net_context *fd, + mbedtls_timing_delay_context *timer, + int idle_reason ) +{ +#if defined(MBEDTLS_DEBUG_C) + struct mbedtls_timing_hr_time tm; + unsigned long time_elapsed; +#endif +#endif + + int poll_type = 0; + + if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) + poll_type = MBEDTLS_NET_POLL_WRITE; + else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ ) + poll_type = MBEDTLS_NET_POLL_READ; +#if !defined(MBEDTLS_TIMING_C) + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: No reason for idling given" ) ); + return; + } +#endif + + /* One should not idle on the underlying transport + * if data is still pending to be processed. */ + if( mbedtls_ssl_check_pending( ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, " + "but idling requested!" ) ); + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); + +#if defined(MBEDTLS_TIMING_C) && defined(MBEDTLS_DEBUG_C) + mbedtls_timing_get_timer( &tm, 1 /* restart */ ); +#endif + + while( 1 ) + { +#if defined(MBEDTLS_TIMING_C) +#if defined(MBEDTLS_DEBUG_C) + time_elapsed = mbedtls_timing_get_timer( &tm, 0 ); +#endif + if( mbedtls_timing_get_delay( timer ) == 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] timer expired - continue", + time_elapsed ) ); + break; + } +#endif + + if( poll_type != 0 && + mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - " + "continue", time_elapsed ) ); + break; + } + } +} + int main( int argc, char *argv[] ) { int ret = 0, len, tail_len, i, written, frags, retry_left; @@ -516,6 +592,7 @@ int main( int argc, char *argv[] ) opt.server_port = DFL_SERVER_PORT; opt.debug_level = DFL_DEBUG_LEVEL; opt.nbio = DFL_NBIO; + opt.event = DFL_EVENT; opt.read_timeout = DFL_READ_TIMEOUT; opt.max_resend = DFL_MAX_RESEND; opt.request_page = DFL_REQUEST_PAGE; @@ -589,6 +666,12 @@ int main( int argc, char *argv[] ) if( opt.nbio < 0 || opt.nbio > 2 ) goto usage; } + else if( strcmp( p, "event" ) == 0 ) + { + opt.event = atoi( q ); + if( opt.event < 0 || opt.event > 2 ) + goto usage; + } else if( strcmp( p, "read_timeout" ) == 0 ) opt.read_timeout = atoi( q ); else if( strcmp( p, "max_resend" ) == 0 ) @@ -858,6 +941,16 @@ int main( int argc, char *argv[] ) goto usage; } + /* Event-driven IO is incompatible with the above custom + * receive and send functions, as the polling builds on + * refers to the underlying net_context. */ + if( opt.event == 1 && opt.nbio != 1 ) + { + mbedtls_printf( "Warning: event-driven IO mandates nbio=1" + " - overwrite\n" ); + opt.nbio = 1; + } + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif @@ -1092,7 +1185,8 @@ int main( int argc, char *argv[] ) #endif if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1115,7 +1209,8 @@ int main( int argc, char *argv[] ) else #endif #if defined(MBEDTLS_CERTS_C) - ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, + ret = mbedtls_x509_crt_parse( &clicert, + (const unsigned char *) mbedtls_test_cli_crt, mbedtls_test_cli_crt_len ); #else { @@ -1125,7 +1220,8 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1138,7 +1234,8 @@ int main( int argc, char *argv[] ) else #endif #if defined(MBEDTLS_CERTS_C) - ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, + ret = mbedtls_pk_parse_key( &pkey, + (const unsigned char *) mbedtls_test_cli_key, mbedtls_test_cli_key_len, NULL, 0 ); #else { @@ -1148,7 +1245,8 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_key " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1166,11 +1264,13 @@ int main( int argc, char *argv[] ) opt.server_addr, opt.server_port ); fflush( stdout ); - if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) + if( ( ret = mbedtls_net_connect( &server_fd, + opt.server_addr, opt.server_port, + opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? + MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_net_connect " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1180,7 +1280,8 @@ int main( int argc, char *argv[] ) ret = mbedtls_net_set_block( &server_fd ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! net_set_(non)block() " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1197,7 +1298,8 @@ int main( int argc, char *argv[] ) opt.transport, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1220,13 +1322,15 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) - mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max ); + mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, + opt.hs_to_max ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len " + "returned %d\n\n", ret ); goto exit; } #endif @@ -1249,8 +1353,8 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) if( opt.recsplit != DFL_RECSPLIT ) mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit - ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED - : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); + ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED + : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); #endif #if defined(MBEDTLS_DHM_C) @@ -1262,7 +1366,8 @@ int main( int argc, char *argv[] ) if( opt.alpn_string != NULL ) if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols " + "returned %d\n\n", ret ); goto exit; } #endif @@ -1301,7 +1406,8 @@ int main( int argc, char *argv[] ) { if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert " + "returned %d\n\n", ret ); goto exit; } } @@ -1320,16 +1426,19 @@ int main( int argc, char *argv[] ) (const unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk " + "returned %d\n\n", ret ); goto exit; } #endif if( opt.min_version != DFL_MIN_VERSION ) - mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); + mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, + opt.min_version ); if( opt.max_version != DFL_MAX_VERSION ) - mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); + mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, + opt.max_version ); #if defined(MBEDTLS_SSL_FALLBACK_SCSV) if( opt.fallback != DFL_FALLBACK ) @@ -1338,14 +1447,16 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup " + "returned -0x%x\n\n", -ret ); goto exit; } #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname " + "returned %d\n\n", ret ); goto exit; } #endif @@ -1357,7 +1468,8 @@ int main( int argc, char *argv[] ) (const unsigned char *) opt.ecjpake_pw, strlen( opt.ecjpake_pw ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password " + "returned %d\n\n", ret ); goto exit; } } @@ -1366,7 +1478,8 @@ int main( int argc, char *argv[] ) if( opt.nbio == 2 ) mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL ); else - mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, + mbedtls_ssl_set_bio( &ssl, &server_fd, + mbedtls_net_send, mbedtls_net_recv, opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); #if defined(MBEDTLS_TIMING_C) @@ -1384,9 +1497,11 @@ int main( int argc, char *argv[] ) while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { - if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake " + "returned -0x%x\n", -ret ); if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) mbedtls_printf( " Unable to verify the server's certificate. " @@ -1398,10 +1513,21 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n" ); goto exit; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } } mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n", - mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) ); + mbedtls_ssl_get_version( &ssl ), + mbedtls_ssl_get_ciphersuite( &ssl ) ); if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 ) mbedtls_printf( " [ Record expansion is %d ]\n", ret ); @@ -1429,7 +1555,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_get_session " + "returned -0x%x\n\n", -ret ); goto exit; } @@ -1448,7 +1575,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " failed\n" ); - mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); + mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), + " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); } @@ -1478,9 +1606,21 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate " + "returned %d\n\n", ret ); goto exit; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } + } mbedtls_printf( " ok\n" ); } @@ -1524,27 +1664,54 @@ send_request: { for( written = 0, frags = 0; written < len; written += ret, frags++ ) { - while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) ) - <= 0 ) + while( ( ret = mbedtls_ssl_write( &ssl, buf + written, + len - written ) ) <= 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_write " + "returned -0x%x\n\n", -ret ); goto exit; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } } } } else /* Not stream, so datagram */ { - do ret = mbedtls_ssl_write( &ssl, buf, len ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( 1 ) + { + ret = mbedtls_ssl_write( &ssl, buf, len ); + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } + } if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_write " + "returned %d\n\n", ret ); goto exit; } @@ -1553,7 +1720,8 @@ send_request: } buf[written] = '\0'; - mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf ); + mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", + written, frags, (char *) buf ); /* * 7. Read the HTTP response @@ -1574,7 +1742,18 @@ send_request: if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) + { + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } continue; + } if( ret <= 0 ) { @@ -1616,9 +1795,24 @@ send_request: len = sizeof( buf ) - 1; memset( buf, 0, sizeof( buf ) ); - do ret = mbedtls_ssl_read( &ssl, buf, len ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( 1 ) + { + ret = mbedtls_ssl_read( &ssl, buf, len ); + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } + } if( ret <= 0 ) { @@ -1671,6 +1865,16 @@ send_request: mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); goto exit; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &server_fd, &timer, ret ); +#else + idle( &ssl, &server_fd, ret ); +#endif + } } mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a25886824e..b317bcca31 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -101,6 +101,7 @@ int main( void ) #define DFL_SERVER_PORT "4433" #define DFL_DEBUG_LEVEL 0 #define DFL_NBIO 0 +#define DFL_EVENT 0 #define DFL_READ_TIMEOUT 0 #define DFL_CA_FILE "" #define DFL_CA_PATH "" @@ -331,6 +332,8 @@ int main( void ) " debug_level=%%d default: 0 (disabled)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ " options: 1 (non-blocking), 2 (added delays)\n" \ + " event=%%d default: 0 (loop)\n" \ + " options: 1 (level-triggered, implies nbio=1),\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \ "\n" \ USAGE_DTLS \ @@ -399,6 +402,7 @@ struct options const char *server_port; /* port on which the ssl service runs */ int debug_level; /* level of debugging */ int nbio; /* should I/O be blocking? */ + int event; /* loop or event-driven IO? level or edge triggered? */ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ const char *ca_file; /* the file with the CA certificate(s) */ const char *ca_path; /* the path with the CA certificate(s) reside */ @@ -837,6 +841,78 @@ static int ssl_sig_hashes_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ +/* + * Wait for an event from the underlying transport or the timer + * (Used in event-driven IO mode). + */ +#if !defined(MBEDTLS_TIMING_C) +void idle( mbedtls_ssl_context *ssl, + mbedtls_net_context *fd, + int idle_reason ) +{ +#else +void idle( mbedtls_ssl_context *ssl, + mbedtls_net_context *fd, + mbedtls_timing_delay_context *timer, + int idle_reason ) +{ +#if defined(MBEDTLS_DEBUG_C) + struct mbedtls_timing_hr_time tm; + unsigned long time_elapsed; +#endif +#endif + + int poll_type = 0; + + if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) + poll_type = MBEDTLS_NET_POLL_WRITE; + else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ ) + poll_type = MBEDTLS_NET_POLL_READ; +#if !defined(MBEDTLS_TIMING_C) + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: No reason for idling given" ) ); + return; + } +#endif + + /* One should not idle on the underlying transport + * if data is still pending to be processed. */ + if( mbedtls_ssl_check_pending( ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, " + "but idling requested!" ) ); + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); + +#if defined(MBEDTLS_TIMING_C) && defined(MBEDTLS_DEBUG_C) + mbedtls_timing_get_timer( &tm, 1 /* restart */ ); +#endif + + while( 1 ) + { +#if defined(MBEDTLS_TIMING_C) +#if defined(MBEDTLS_DEBUG_C) + time_elapsed = mbedtls_timing_get_timer( &tm, 0 ); +#endif + if( mbedtls_timing_get_delay( timer ) == 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] timer expired - continue", + time_elapsed ) ); + break; + } +#endif + + if( poll_type != 0 && + mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - " + "continue", time_elapsed ) ); + break; + } + } +} + int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; @@ -969,6 +1045,7 @@ int main( int argc, char *argv[] ) opt.server_addr = DFL_SERVER_ADDR; opt.server_port = DFL_SERVER_PORT; opt.debug_level = DFL_DEBUG_LEVEL; + opt.event = DFL_EVENT; opt.nbio = DFL_NBIO; opt.read_timeout = DFL_READ_TIMEOUT; opt.ca_file = DFL_CA_FILE; @@ -1047,6 +1124,12 @@ int main( int argc, char *argv[] ) if( opt.nbio < 0 || opt.nbio > 2 ) goto usage; } + else if( strcmp( p, "event" ) == 0 ) + { + opt.event = atoi( q ); + if( opt.event < 0 || opt.event > 2 ) + goto usage; + } else if( strcmp( p, "read_timeout" ) == 0 ) opt.read_timeout = atoi( q ); else if( strcmp( p, "ca_file" ) == 0 ) @@ -1328,6 +1411,16 @@ int main( int argc, char *argv[] ) goto usage; } + /* Event-driven IO is incompatible with the above custom + * receive and send functions, as the polling builds on + * refers to the underlying net_context. */ + if( opt.event == 1 && opt.nbio != 1 ) + { + mbedtls_printf( "Warning: event-driven IO mandates nbio=1" + " - overwrite\n" ); + opt.nbio = 1; + } + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold( opt.debug_level ); #endif @@ -2113,9 +2206,22 @@ handshake: mbedtls_printf( " . Performing the SSL/TLS handshake..." ); fflush( stdout ); - do ret = mbedtls_ssl_handshake( &ssl ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) + { + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } + } if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { @@ -2221,7 +2327,18 @@ data_exchange: if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) + { + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } + continue; + } if( ret <= 0 ) { @@ -2309,9 +2426,24 @@ data_exchange: len = sizeof( buf ) - 1; memset( buf, 0, sizeof( buf ) ); - do ret = mbedtls_ssl_read( &ssl, buf, len ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( 1 ) + { + ret = mbedtls_ssl_read( &ssl, buf, len ); + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } + } if( ret <= 0 ) { @@ -2352,6 +2484,16 @@ data_exchange: mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret ); goto reset; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } } mbedtls_printf( " ok\n" ); @@ -2386,14 +2528,39 @@ data_exchange: mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); goto reset; } + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } } } } else /* Not stream, so datagram */ { - do ret = mbedtls_ssl_write( &ssl, buf, len ); - while( ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE ); + while( 1 ) + { + ret = mbedtls_ssl_write( &ssl, buf, len ); + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + break; + + /* For event-driven IO, wait for socket to become available */ + if( opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &ssl, &client_fd, &timer, ret ); +#else + idle( &ssl, &client_fd, ret ); +#endif + } + } if( ret < 0 ) { From 8b170a0a0b3b1f2b0cf27e572c0125ab3123e04d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 11:51:19 +0100 Subject: [PATCH 0385/1059] Enhance and extend checking of message processing state - Enhances the documentation of mbedtls_ssl_get_bytes_avail (return the number of bytes left in the current application data record, if there is any). - Introduces a new public function mbedtls_ssl_check_pending for checking whether any data in the internal buffers still needs to be processed. This is necessary for users implementing event-driven IO to decide when they can safely idle until they receive further events from the underlying transport. --- include/mbedtls/ssl.h | 47 +++++++++++++++++++++++++++++++-- library/ssl_tls.c | 61 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc00070062..8b82eff8f0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2235,11 +2235,54 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** - * \brief Return the number of data bytes available to read + * \brief Check if there is data already read from the + * underlying transport but not yet processed. * * \param ssl SSL context * - * \return how many bytes are available in the read buffer + * \return 0 if nothing's pending, 1 otherwise. + * + * \note This function is essential when using the library + * with event-driven I/O. The user should not idle + * (waiting for events from the underlying transport + * or from timers) before this function's check passes. + * Otherwise, it's possible to run into a deadlock + * (if processing the pending data involves essential + * communication with the peer) or to accumulate and + * potentially lose data. + * + * \note This is different in purpose and behaviour from + * \c mbedtls_ssl_get_bytes_avail in that it considers + * any kind of unprocessed data, not only unread + * application data. If \c mbedtls_ssl_get_bytes + * returns a non-zero value, this function will + * also signal pending data, but the converse does + * not hold. For example, in DTLS there might be + * further records waiting to be processed from + * the current underlying transport's datagram. + * + * \note If this function returns 0 (data pending), this + * does not imply that a subsequent call to + * \c mbedtls_ssl_read will provide any data; + * e.g., the unprocessed data might turn out + * to be an alert or a handshake message. + */ +int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); + +/** + * \brief Return the number of application data bytes + * remaining to be read from the current record. + * + * \param ssl SSL context + * + * \return How many bytes are available in the application + * data record read buffer. + * + * \note When working over a datagram transport, this is + * useful to detect the current datagram's boundary + * in case \c mbedtls_ssl_read has written the maximal + * amount of data fitting into the input buffer. + * */ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 759dca0131..7e8476cc6a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6392,6 +6392,67 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); } +int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) +{ + /* + * Case A: We're currently holding back + * a message for further processing. + */ + + if( ssl->keep_current_message == 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record " + "held back for processing" ) ); + return( 1 ); + } + + /* + * Case B: Further records are pending in the current datagram. + */ + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->in_left > ssl->next_record_offset ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records " + "within current datagram" ) ); + return( 1 ); + } +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + + /* + * Case C: A handshake message is being processed. + */ + + /* TODO This needs correction in the same way as + * read_record_layer, see IOTSSL-1414 */ + if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake " + "messages within current record" ) ); + return( 1 ); + } + + /* + * Case D: An application data message is being processed + */ + if( ssl->in_offt != NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data " + "record is being processed" ) ); + return( 1 ); + } + + /* + * In all other cases, the rest of the message can be dropped. + * As in ssl_read_record_layer, this needs to be adapted if + * we implement support for multiple alerts in single records. + */ + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) ); + return( 0 ); +} + uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) { if( ssl->session != NULL ) From cadb5bbe3c332ee460e9a0f60e563cb1cf01d48d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 May 2017 13:56:10 +0100 Subject: [PATCH 0386/1059] Add slight delay before killing server in ssl-opt.sh for log output It seems that tests from ssl-opt.sh are sometimes failing because the server is killed before its output has been finalized. This commit adds a small delay in ssl-opt.sh before killing the server to prevent that. --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7f5510cce1..821df212c8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -443,6 +443,8 @@ run_test() { eval "$CLI_CMD" >> $CLI_OUT 2>&1 & wait_client_done + sleep 0.05 + # terminate the server (and the proxy) kill $SRV_PID wait $SRV_PID From d82d84664af1da94aef06febf860418f82f97358 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 29 May 2017 21:37:46 +0100 Subject: [PATCH 0387/1059] ssl-opt.sh: Kill server via KILL signal if TERM doesn't succeed --- tests/ssl-opt.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 821df212c8..fbb689a0bd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -447,10 +447,19 @@ run_test() { # terminate the server (and the proxy) kill $SRV_PID - wait $SRV_PID + sleep 0.01 + if kill -0 $SRV_PID >/dev/null 2>&1; then + kill -KILL $SRV_PID + wait $SRV_PID + fi + if [ -n "$PXY_CMD" ]; then kill $PXY_PID >/dev/null 2>&1 - wait $PXY_PID + sleep 0.01 + if kill -0 $PXY_PID >/dev/null 2>&1; then + kill -KILL $pXY_PID + wait $PXY_PID + fi fi # retry only on timeouts From 52c6dc64c675d24b1be65e06d43dd67dc111e762 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 May 2017 16:07:36 +0100 Subject: [PATCH 0388/1059] Correct length check for DTLS records from old epochs. DTLS records from previous epochs were incorrectly checked against the current epoch transform's minimal content length, leading to the rejection of entire datagrams. This commit fixed that and adapts two test cases accordingly. Internal reference: IOTSSL-1417 --- library/ssl_tls.c | 143 ++++++++++++++++++++++++---------------------- tests/ssl-opt.sh | 10 ++-- 2 files changed, 79 insertions(+), 74 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7e8476cc6a..c6aac473c9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3522,81 +3522,23 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - /* Check length against bounds of the current transform and version */ - if( ssl->transform_in == NULL ) - { - if( ssl->in_msglen < 1 || - ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } - } - else - { - if( ssl->in_msglen < ssl->transform_in->minlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } - -#if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && - ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * TLS encrypted messages can have up to 256 bytes of padding - */ - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && - ssl->in_msglen > ssl->transform_in->minlen + - MBEDTLS_SSL_MAX_CONTENT_LEN + 256 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } -#endif - } - /* - * DTLS-related tests done last, because most of them may result in - * silently dropping the record (but not the whole datagram), and we only - * want to consider that after ensuring that the "basic" fields (type, - * version, length) are sane. + * DTLS-related tests. + * Check epoch before checking length constraint because + * the latter varies with the epoch. E.g., if a ChangeCipherSpec + * message gets duplicated before the corresponding Finished message, + * the second ChangeCipherSpec should be discarded because it belongs + * to an old epoch, but not because its length is shorter than + * the minimum record length for packets using the new record transform. + * Note that these two kinds of failures are handled differently, + * as an unexpected record is silently skipped but an invalid + * record leads to the entire datagram being dropped. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; - /* Drop unexpected ChangeCipherSpec messages */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && - ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && - ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); - } - - /* Drop unexpected ApplicationData records, - * except at the beginning of renegotiations */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && - ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->state == MBEDTLS_SSL_SERVER_HELLO ) -#endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); - } - /* Check epoch (and sequence number) with DTLS */ if( rec_epoch != ssl->in_epoch ) { @@ -3636,9 +3578,74 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); } #endif + + /* Drop unexpected ChangeCipherSpec messages */ + if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && + ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && + ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + } + + /* Drop unexpected ApplicationData records, + * except at the beginning of renegotiations */ + if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && + ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER +#if defined(MBEDTLS_SSL_RENEGOTIATION) + && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->state == MBEDTLS_SSL_SERVER_HELLO ) +#endif + ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ + + /* Check length against bounds of the current transform and version */ + if( ssl->transform_in == NULL ) + { + if( ssl->in_msglen < 1 || + ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + } + else + { + if( ssl->in_msglen < ssl->transform_in->minlen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && + ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) + /* + * TLS encrypted messages can have up to 256 bytes of padding + */ + if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && + ssl->in_msglen > ssl->transform_in->minlen + + MBEDTLS_SSL_MAX_CONTENT_LEN + 256 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } +#endif + } + return( 0 ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fbb689a0bd..57d5e60532 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3702,8 +3702,8 @@ run_test "DTLS proxy: duplicate every packet" \ 0 \ -c "replayed record" \ -s "replayed record" \ - -c "discarding invalid record" \ - -s "discarding invalid record" \ + -c "record from another epoch" \ + -s "record from another epoch" \ -S "resend" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" @@ -3715,8 +3715,8 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ 0 \ -c "replayed record" \ -S "replayed record" \ - -c "discarding invalid record" \ - -s "discarding invalid record" \ + -c "record from another epoch" \ + -s "record from another epoch" \ -c "resend" \ -s "resend" \ -s "Extra-header:" \ @@ -3777,8 +3777,6 @@ run_test "DTLS proxy: delay ChangeCipherSpec" \ 0 \ -c "record from another epoch" \ -s "record from another epoch" \ - -c "discarding invalid record" \ - -s "discarding invalid record" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" From 4cb1f4d49cff999d0c853bc696ad7eea68888c35 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 15:59:57 +0100 Subject: [PATCH 0389/1059] Style corrections --- library/ssl_srv.c | 8 ++-- programs/ssl/ssl_client2.c | 94 ++++++++++++++++++++++++-------------- programs/ssl/ssl_server2.c | 41 +++++++++++------ 3 files changed, 90 insertions(+), 53 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce6..be961af710 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -785,7 +785,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, const mbedtls_ssl_ciphersuite_t *suite_info; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) + defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) mbedtls_pk_type_t sig_type; #endif @@ -2955,7 +2955,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) dig_signed = p; dig_signed_len = len; #endif @@ -3044,7 +3044,7 @@ curve_matching_done: /* * 3.1: Choose hash algorithm: - * A: For TLS 1.2, obey signature-hash-algorithm extension + * A: For TLS 1.2, obey signature-hash-algorithm extension * to choose appropriate hash. * B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1 * (RFC 4492, Sec. 5.4) @@ -3065,7 +3065,7 @@ curve_matching_done: sig_alg ) ) == MBEDTLS_MD_NONE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - /* (... because we choose a cipher suite + /* (... because we choose a cipher suite * only if there is a matching hash.) */ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e82adaa7b7..5b82693ff3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -354,7 +354,8 @@ static void my_debug( void *ctx, int level, if( *p == '/' || *p == '\\' ) basename = p + 1; - mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str ); + mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", + basename, line, level, str ); fflush( (FILE *) ctx ); } @@ -400,7 +401,8 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len ) /* * Enabled if debug_level > 1 in code below */ -static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags ) +static int my_verify( void *data, mbedtls_x509_crt *crt, + int depth, uint32_t *flags ) { char buf[1024]; ((void) data); @@ -685,7 +687,8 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "request_size" ) == 0 ) { opt.request_size = atoi( q ); - if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + if( opt.request_size < 0 || + opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) goto usage; } else if( strcmp( p, "ca_file" ) == 0 ) @@ -715,16 +718,23 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "renegotiation" ) == 0 ) { - opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : - MBEDTLS_SSL_RENEGOTIATION_DISABLED; + opt.renegotiation = (atoi( q )) ? + MBEDTLS_SSL_RENEGOTIATION_ENABLED : + MBEDTLS_SSL_RENEGOTIATION_DISABLED; } else if( strcmp( p, "allow_legacy" ) == 0 ) { switch( atoi( q ) ) { - case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break; - case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break; - case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break; + case -1: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; + break; + case 0: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; + break; + case 1: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; + break; default: goto usage; } } @@ -781,8 +791,12 @@ int main( int argc, char *argv[] ) { switch( atoi( q ) ) { - case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break; - case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break; + case 0: + opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; + break; + case 1: + opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; + break; default: goto usage; } } @@ -958,19 +972,20 @@ int main( int argc, char *argv[] ) if( opt.force_ciphersuite[0] > 0 ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); + ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); if( opt.max_version != -1 && ciphersuite_info->min_minor_ver > opt.max_version ) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); + mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } if( opt.min_version != -1 && ciphersuite_info->max_minor_ver < opt.min_version ) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); + mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } @@ -996,7 +1011,7 @@ int main( int argc, char *argv[] ) { if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED ) { - mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n"); + mbedtls_printf( "forced RC4 ciphersuite with RC4 disabled\n" ); ret = 2; goto usage; } @@ -1016,7 +1031,7 @@ int main( int argc, char *argv[] ) if( strlen( opt.psk ) % 2 != 0 ) { - mbedtls_printf("pre-shared key not valid hex\n"); + mbedtls_printf( "pre-shared key not valid hex\n" ); goto exit; } @@ -1033,7 +1048,7 @@ int main( int argc, char *argv[] ) c -= 'A' - 10; else { - mbedtls_printf("pre-shared key not valid hex\n"); + mbedtls_printf( "pre-shared key not valid hex\n" ); goto exit; } psk[ j / 2 ] = c << 4; @@ -1047,7 +1062,7 @@ int main( int argc, char *argv[] ) c -= 'A' - 10; else { - mbedtls_printf("pre-shared key not valid hex\n"); + mbedtls_printf( "pre-shared key not valid hex\n" ); goto exit; } psk[ j / 2 ] |= c; @@ -1138,11 +1153,12 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); goto exit; } @@ -1180,13 +1196,13 @@ int main( int argc, char *argv[] ) #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); + mbedtls_printf( "MBEDTLS_CERTS_C not defined." ); } #endif if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", + -ret ); goto exit; } @@ -1771,7 +1787,8 @@ send_request: goto reconnect; default: - mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); + mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", + -ret ); goto exit; } } @@ -1853,7 +1870,8 @@ send_request: if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", + -ret ); goto exit; } @@ -1862,7 +1880,8 @@ send_request: if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", + -ret ); goto exit; } @@ -1921,21 +1940,25 @@ reconnect: if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", + -ret ); goto exit; } if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", + ret ); goto exit; } - if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) + if( ( ret = mbedtls_net_connect( &server_fd, + opt.server_addr, opt.server_port, + opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? + MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", + -ret ); goto exit; } @@ -1946,7 +1969,7 @@ reconnect: if( ret != 0 ) { mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", - -ret ); + -ret ); goto exit; } @@ -1955,7 +1978,8 @@ reconnect: if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", + -ret ); goto exit; } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b317bcca31..d16c534191 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1171,16 +1171,23 @@ int main( int argc, char *argv[] ) opt.version_suites = q; else if( strcmp( p, "renegotiation" ) == 0 ) { - opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : - MBEDTLS_SSL_RENEGOTIATION_DISABLED; + opt.renegotiation = (atoi( q )) ? + MBEDTLS_SSL_RENEGOTIATION_ENABLED : + MBEDTLS_SSL_RENEGOTIATION_DISABLED; } else if( strcmp( p, "allow_legacy" ) == 0 ) { switch( atoi( q ) ) { - case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break; - case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break; - case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break; + case -1: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; + break; + case 0: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; + break; + case 1: + opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; + break; default: goto usage; } } @@ -1337,8 +1344,12 @@ int main( int argc, char *argv[] ) { switch( atoi( q ) ) { - case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break; - case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break; + case 0: + opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; + break; + case 1: + opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; + break; default: goto usage; } } @@ -1428,19 +1439,20 @@ int main( int argc, char *argv[] ) if( opt.force_ciphersuite[0] > 0 ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); + ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); if( opt.max_version != -1 && ciphersuite_info->min_minor_ver > opt.max_version ) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); + mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } if( opt.min_version != -1 && ciphersuite_info->max_minor_ver < opt.min_version ) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); + mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } @@ -1619,11 +1631,12 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); goto exit; } From 8ec8102c9a6356b420aebf5074d042902b060a2c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 10:35:08 +0100 Subject: [PATCH 0390/1059] Split WANT_READ in two error codes This commit restricts WANT_READ to indicate that no data is available on the underlying transport. To signal the need for further processing - which was previously also handled through this error code - a new internal error code MBEDTLS_ERR_SSL_CONTINUE_PROCESSING is introduced. --- include/mbedtls/ssl.h | 63 ++++++++++++++++++++++++++++++++++--------- library/error.c | 4 ++- 2 files changed, 53 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8b82eff8f0..e811bb907d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -102,13 +102,14 @@ #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */ #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */ #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */ -#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */ +#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */ #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */ #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */ #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ +#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */ /* * Various constants @@ -2397,6 +2398,19 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or * a specific SSL error code. * + * If MBEDTLS_ERR_SSL_WANT_READ is returned, the handshake is + * unfinished and no further data is available from the underlying + * transport. In this case, the function needs to be called again + * at some later stage. + * + * \note Remarks regarding event-driven DTLS: + * If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram + * from the underlying transport layer is currently being processed, + * and it is safe to idle until the timer or the underlying transport + * signal a new event. This is not true for a successful handshake, + * in which case the currently processed underlying transport's datagram + * might or might not contain further DTLS records. + * * \note If this function returns something other than 0 or * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context * becomes unusable, and you should either free it or call @@ -2460,20 +2474,20 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * \param buf buffer that will hold the data * \param len maximum number of bytes to read * - * \return the number of bytes read, or - * 0 for EOF, or - * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or - * MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or - * another negative error code. + * \return One of the following: + * - 0 for EOF, or + * - the (positive) number of bytes read, or + * - a negative error code on failure. * - * \note If this function returns something other than a positive - * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or - * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data + * is available from the underlying transport. In this case, + * the function needs to be called again at some later stage. * - * \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT + * If MBEDTLS_ERR_SSL_WANT_WRITE is returned, a write is pending + * but the underlying transport isn't available for writing. In this + * case, the function needs to be called again at some later stage. + * + * When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT * (which can only happen server-side), it means that a client * is initiating a new connection using the same source port. * You can either treat that as a connection close and wait @@ -2486,6 +2500,29 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * again. WARNING: not validating the identity of the client * again, or not transmitting the new identity to the * application layer, would allow authentication bypass! + * + * If this function returns something other than a positive + * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or + * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context + * becomes unusable, and you should either free it or call + * \c mbedtls_ssl_session_reset() on it before re-using it for + * a new connection; the current connection must be closed. + * + * \note Remarks regarding event-driven DTLS: + * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram + * from the underlying transport layer is currently being processed, + * and it is safe to idle until the timer or the underlying transport + * signal a new event. + * - If the function returns MBEDTLS_ERR_SSL_WANT_READ this does not mean + * that no data was available from the underlying transport in the first place, + * as there might have been delayed or duplicated messages, or a renegotiation + * request from the peer. Therefore, the user must be prepared to receive + * MBEDTLS_ERR_SSL_WANT_READ even when reacting to an incoming-data event + * from the underlying transport. + * - On success, the currently processed underlying transport's datagram + * might or might not contain further DTLS records, and the user should + * consult \c mbedtls_ssl_check_pending in that regard. + * */ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); diff --git a/library/error.c b/library/error.c index 8977cc4e56..c426424677 100644 --- a/library/error.c +++ b/library/error.c @@ -426,7 +426,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) ) mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) ) - mbedtls_snprintf( buf, buflen, "SSL - Connection requires a read call" ); + mbedtls_snprintf( buf, buflen, "SSL - No data of requested type currently available on underlying transport" ); if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) ) mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" ); if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) ) @@ -439,6 +439,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" ); if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) ) mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); + if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) ) + mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signalling that further message-processing should be done" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) From 90333dab855c8f5f5fa02149e23b95183253650e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 11:27:13 +0100 Subject: [PATCH 0391/1059] Replace wrong usage of WANT_READ by CONTINUE_PROCESSING --- library/ssl_srv.c | 8 ++++-- library/ssl_tls.c | 67 +++++++++++++++++++++++++++-------------------- 2 files changed, 44 insertions(+), 31 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index be961af710..c52aa4737d 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3790,7 +3790,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) /* Read the message without adding it to the checksum */ do { - if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) + do ret = mbedtls_ssl_read_record_layer( ssl ); + while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); + + if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); return( ret ); @@ -3798,7 +3801,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_handle_message_type( ssl ); - } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); + } while( MBEDTLS_ERR_SSL_NON_FATAL == ret || + MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret ); if( 0 != ret ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c6aac473c9..e2df822428 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3020,7 +3020,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) if( ssl_bitmask_check( bitmask, msg_len ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) ); - return( MBEDTLS_ERR_SSL_WANT_READ ); + return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); } MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) ); @@ -3126,7 +3126,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) ssl->handshake->in_msg_seq ) ); } - return( MBEDTLS_ERR_SSL_WANT_READ ); + return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); } /* Wait until message completion to increment in_msg_seq */ @@ -3734,7 +3734,10 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) { do { - if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 ) + do ret = mbedtls_ssl_read_record_layer( ssl ); + while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); + + if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); return( ret ); @@ -3742,7 +3745,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_handle_message_type( ssl ); - } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ); + } while( MBEDTLS_ERR_SSL_NON_FATAL == ret || + MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret ); if( 0 != ret ) { @@ -3872,12 +3876,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) return( 0 ); } - /* Need to fetch a new record */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -read_record_header: -#endif - /* Current record either fully processed or to be discarded. */ if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 ) @@ -3912,7 +3910,7 @@ read_record_header: } /* Get next record */ - goto read_record_header; + return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); } #endif return( ret ); @@ -3984,7 +3982,7 @@ read_record_header: ssl->in_left = 0; MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); - goto read_record_header; + return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); } return( ret ); @@ -4089,7 +4087,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) ); /* Will be handled when trying to parse ServerHello */ return( 0 ); } @@ -6868,25 +6866,16 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } /* - * TODO - * - * The logic should be streamlined here: - * - * Instead of - * + * The logic could be streamlined here. Instead of * - Manually checking whether ssl->in_offt is NULL * - Fetching a new record if yes * - Setting ssl->in_offt if one finds an application record * - Resetting keep_current_message after handling the application data - * * one should - * * - Adapt read_record to set ssl->in_offt automatically * when a new application data record is processed. * - Always call mbedtls_ssl_read_record here. - * * This way, the logic of ssl_read would be much clearer: - * * (1) Always call record layer and see what kind of record is on * and have it ready for consumption (in particular, in_offt * properly set for application data records). @@ -6896,13 +6885,11 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * (3) If it's something different from application data, * handle it accordingly, e.g. potentially start a * renegotiation. - * * This will also remove the need to manually reset * ssl->keep_current_message = 0 below. - * */ - if( ssl->in_offt == NULL ) + while( ssl->in_offt == NULL ) { /* Start timer if not already running */ if( ssl->f_get_timer != NULL && @@ -6957,7 +6944,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* With DTLS, drop the packet (probably from last handshake) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + { + continue; + } #endif return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -6972,7 +6961,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* With DTLS, drop the packet (probably from last handshake) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + { + continue; + } #endif return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -7044,7 +7035,25 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } } - return( MBEDTLS_ERR_SSL_WANT_READ ); + /* At this point, we don't know whether the renegotiation has been + * completed or not. The cases to consider are the following: + * 1) The renegotiation is complete. In this case, no new record + * has been read yet. + * 2) The renegotiation is incomplete because the client received + * an application data record while awaiting the ServerHello. + * 3) The renegotiation is incomplete because the client received + * a non-handshake, non-application data message while awaiting + * the ServerHello. + * In each of these case, looping will be the proper action: + * - For 1), the next iteration will read a new record and check + * if it's application data. + * - For 2), the loop condition isn't satisfied as application data + * is present, hence continue is the same as break + * - For 3), the loop condition is satisfied and read_record + * will re-deliver the message that was held back by the client + * when expecting the ServerHello. + */ + continue; } else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { From c76c619dd08eba3210caa6d13a8cca43e3a697fa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 6 Jun 2017 10:03:17 +0100 Subject: [PATCH 0392/1059] Reconcile resending of previous flights This commit reconciles the code path responsible for resending the final DTLS handshake flight with the path for handling resending of the other flights. --- library/ssl_tls.c | 55 +++++++++++------------------------------------ 1 file changed, 13 insertions(+), 42 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e2df822428..83d3c9698a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3097,9 +3097,11 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) int ret; unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; - /* ssl->handshake is NULL when receiving ClientHello for renego */ if( ssl->handshake != NULL && - recv_msg_seq != ssl->handshake->in_msg_seq ) + ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && + recv_msg_seq != ssl->handshake->in_msg_seq ) || + ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && + ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) { /* Retransmit only on last message from previous flight, to avoid * too many retransmissions. @@ -4003,46 +4005,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) } } - /* - * When we sent the last flight of the handshake, we MUST respond to a - * retransmit of the peer's previous flight with a retransmit. (In - * practice, only the Finished message will make it, other messages - * including CCS use the old transform so they're dropped as invalid.) - * - * If the record we received is not a handshake message, however, it - * means the peer received our last flight so we can clean up - * handshake info. - * - * This check needs to be done before prepare_handshake() due to an edge - * case: if the client immediately requests renegotiation, this - * finishes the current handshake first, avoiding the new ClientHello - * being mistaken for an ancient message in the current handshake. - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL && - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - { - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) ); - - if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); - return( ret ); - } - - return( MBEDTLS_ERR_SSL_WANT_READ ); - } - else - { - ssl_handshake_wrapup_free_hs_transform( ssl ); - } - } -#endif - return( 0 ); } @@ -4109,6 +4071,15 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) return MBEDTLS_ERR_SSL_NON_FATAL; } +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake != NULL && + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + { + ssl_handshake_wrapup_free_hs_transform( ssl ); + } +#endif + return( 0 ); } From 68b4d58bd8e4e4738bf7da84ee69df47823d4ec5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 16:39:10 +0100 Subject: [PATCH 0393/1059] Remove PRNG argument from `mbedtls_rsa_deduce_moduli` It is not necessary to pass a CSPRNG to `mbedtls_rsa_deduce_moduli`, as there exist well-working static strategies, and even if a PRNG is preferred, a non-secure one would be sufficient. Further, the implementation is changed to use a static strategy for the choice of candidates which according to some benchmarks even performs better than the previous one using random candidate choices. --- include/mbedtls/rsa.h | 6 ++---- library/rsa.c | 42 ++++++++++++++++++++---------------------- 2 files changed, 22 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0448877490..04175eb4f8 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -89,8 +89,6 @@ extern "C" { * \param N RSA modulus N = PQ, with P, Q to be found * \param D RSA private exponent * \param E RSA public exponent - * \param f_rng PRNG to be used for randomization, or NULL - * \param p_rng PRNG context for f_rng, or NULL * \param P Pointer to MPI holding first prime factor of N on success * \param Q Pointer to MPI holding second prime factor of N on success * @@ -105,8 +103,8 @@ extern "C" { * */ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, - mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ); + mbedtls_mpi const *E, + mbedtls_mpi *P, mbedtls_mpi *Q ); /** * \brief Compute RSA private exponent from diff --git a/library/rsa.c b/library/rsa.c index d14817c2c9..b932d977a0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -132,7 +132,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { */ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, mbedtls_mpi const *E, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ) { int ret = 0; @@ -140,13 +139,25 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, uint16_t attempt; /* Number of current attempt */ uint16_t iter; /* Number of squares computed in the current attempt */ - uint16_t bitlen_half; /* Half the bitsize of the modulus N */ uint16_t order; /* Order of 2 in DE - 1 */ mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ mbedtls_mpi K; /* During factorization attempts, stores a random integer * in the range of [0,..,N] */ + const unsigned int primes[] = { 2, + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313 + }; + + const size_t num_primes = sizeof( primes ) / sizeof( *primes ); + if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -179,31 +190,18 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, /* After this operation, T holds the largest odd divisor of DE - 1. */ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); - /* This is used to generate a few numbers around N / 2 - * if no PRNG is provided. */ - if( f_rng == NULL ) - bitlen_half = mbedtls_mpi_bitlen( N ) / 2; - /* * Actual work */ - for( attempt = 0; attempt < 30; ++attempt ) + /* Skip trying 2 if N == 1 mod 8 */ + attempt = 0; + if( N->p[0] % 8 == 1 ) + attempt = 1; + + for( ; attempt < num_primes; ++attempt ) { - /* Generate some number in [0,N], either randomly - * if a PRNG is given, or try numbers around N/2 */ - if( f_rng != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &K, - mbedtls_mpi_size( N ), - f_rng, p_rng ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &K, 1 ) ) ; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &K, bitlen_half ) ) ; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, attempt + 1 ) ); - } + mbedtls_mpi_lset( &K, primes[attempt] ); /* Check if gcd(K,N) = 1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); From 1e801f57064e21e9ab025896984ca94ec666a9e8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 16:44:47 +0100 Subject: [PATCH 0394/1059] Clarify guarantees made by `rsa_complete` and `rsa_check_privkey` --- include/mbedtls/rsa.h | 65 ++++++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 04175eb4f8..0c649073e0 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -405,19 +405,16 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * * \return * - 0 if successful. In this case, it is guaranteed - * the functions \c mbedtls_rsa_check_pubkey resp. - * \c mbedtls_rsa_check_privkey pass in case of a - * public resp. private key. + * that the RSA context can be used for RSA operations + * without the risk of failure or crash. * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. * - * \warning Implementations are *not* obliged to perform exhaustive - * validation of the imported parameters! - * In particular, parameters that are not needed by the - * implementation may be silently discarded and left unchecked. - * If the user mistrusts the given key material, he should - * employ other means for verification like the helper functions - * \c mbedtls_rsa_validate_params, \c mbedtls_rsa_validate_crt. + * \warning This function need not perform consistency checks + * for the imported parameters! In particular, parameters that + * are not needed by the implementation may be silently discarded + * and left unchecked. For the purpose of checking the consistency + * of the key material, see \c mbedtls_rsa_check_privkey. * */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, @@ -581,25 +578,41 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); /** - * \brief Check if a context contains an RSA private key - * and perform basic sanity checks. + * \brief Check if a context contains an RSA private key + * and perform basic consistency checks. * - * \param ctx RSA context to be checked + * \param ctx RSA context to be checked * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. - * On success, it is guaranteed that enough information is - * present to perform RSA private and public key operations. + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. * - * \warning This function is *not* obliged to perform an exhaustive - * sanity check what would guarantee the internal parameters - * to match and \c mbedtls_rsa_private and \c mbedtls_rsa_public - * to be mutually inverse to each other. - * The reason is that for minimal non-CRT implementations - * using only N, D, E, for example, checking the validity - * would be computationally expensive. - * Users mistrusting their key material should use other - * means for verification; see the documentation of - * \c mbedtls_rsa_complete. + * \note This function performs checks substantiating + * the consistency of the key material used to setup + * the RSA context. In case of implementations saving + * all core RSA parameters, this might mean a consistency + * check in the sense of \c mbedtls_rsa_validate_params, + * while other implementations might perform an empirical + * check consisting of an encryption-decryption pair. + * + * \warning This function should catch accidental misconfigurations + * like swapping of parameters, but it cannot establish full + * trust in neither the quality nor the consistency of the key + * material that was used to setup the given RSA context: + * - Regarding consistency, note (see \c mbedtls_rsa_complete) + * that imported parameters irrelevant for the implementation + * might be silently dropped, in which case the present + * function doesn't have access to and hence cannot check them. + * If the user desires to check the consistency of the entire + * content of, say, an PKCS1-encoded RSA private key, he + * should use \c mbedtls_rsa_validate_params before setting + * up the RSA context. + * Further, if the implementation performs empirical checks, + * these checks will substantiate but not guarantee consistency. + * - Regarding quality, this function is not expected to perform + * extended quality assessments like checking that the prime + * factors are safe. Further, it is the user's responsibility to + * ensure trustworthiness of the source of his RSA parameters, + * a question going beyond what's effectively checkable + * by the library. * */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); From 314adb6baa2cabf4244162da68c9733ece3afabc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 10 Oct 2017 18:28:25 +0300 Subject: [PATCH 0395/1059] Address PR review comments 1) update ChangLog to have new feature in Features instead of Changes 2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions: MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT --- ChangeLog | 9 ++-- include/mbedtls/config.h | 4 +- library/ecdsa.c | 105 +++++++++++++++++++------------------ library/version_features.c | 12 +++-- 4 files changed, 71 insertions(+), 59 deletions(-) diff --git a/ChangeLog b/ChangeLog index 94eba42089..040632cf42 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,10 +36,13 @@ Changes * Clarify ECDSA documentation and improve the sample code to avoid misunderstandings and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. - * Add support for alternative implementation for ECDSA, controlled by new - configuration flag MBEDTLS_ECDSA_ALT in config.h. + +Features + * Add support for alternative implementations for ECDSA, controlled by new + configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and + MBEDTLS_ECDSDA_GENKEY_AT in config.h. The following functions from the ECDSA module can be replaced - with an alternative implementation: + with alternative implementation: mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey(). = mbed TLS 2.5.0 branch released 2017-05-17 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 54dc2372de..7c06ec488c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -238,7 +238,6 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT -//#define MBEDTLS_ECDSA_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT @@ -295,6 +294,9 @@ //#define MBEDTLS_AES_SETKEY_DEC_ALT //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT +//#define MBEDTLS_ECDSA_VERIFY_ALT +//#define MBEDTLS_ECDSA_SIGN_ALT +//#define MBEDTLS_ECDSA_GENKEY_ALT /** * \def MBEDTLS_ECP_INTERNAL_ALT diff --git a/library/ecdsa.c b/library/ecdsa.c index 804884bcaf..a241072c3e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -65,8 +65,7 @@ cleanup: return( ret ); } -#if !defined(MBEDTLS_ECDSA_ALT) - +#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) @@ -155,8 +154,47 @@ cleanup: return( ret ); } +#endif /* MBEDTLS_ECDSA_SIGN_ALT */ +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +/* + * Deterministic signature wrapper + */ +int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg ) +{ + int ret; + mbedtls_hmac_drbg_context rng_ctx; + unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; + size_t grp_len = ( grp->nbits + 7 ) / 8; + const mbedtls_md_info_t *md_info; + mbedtls_mpi h; + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + mbedtls_mpi_init( &h ); + mbedtls_hmac_drbg_init( &rng_ctx ); + + /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); + MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); + mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); + + ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, &rng_ctx ); + +cleanup: + mbedtls_hmac_drbg_free( &rng_ctx ); + mbedtls_mpi_free( &h ); + + return( ret ); +} +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + +#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) @@ -242,56 +280,7 @@ cleanup: return( ret ); } - -/* - * Generate key pair - */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - return( mbedtls_ecp_group_load( &ctx->grp, gid ) || - mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); -} - -#endif /* MBEDTLS_ECDSA_ALT */ - -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -/* - * Deterministic signature wrapper - */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) -{ - int ret; - mbedtls_hmac_drbg_context rng_ctx; - unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; - size_t grp_len = ( grp->nbits + 7 ) / 8; - const mbedtls_md_info_t *md_info; - mbedtls_mpi h; - - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - mbedtls_mpi_init( &h ); - mbedtls_hmac_drbg_init( &rng_ctx ); - - /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); - MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); - mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); - - ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, &rng_ctx ); - -cleanup: - mbedtls_hmac_drbg_free( &rng_ctx ); - mbedtls_mpi_free( &h ); - - return( ret ); -} -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ +#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ /* * Convert a signature (given by context) to ASN.1 @@ -417,6 +406,18 @@ cleanup: return( ret ); } +#if !defined(MBEDTLS_ECDSA_GENKEY_ALT) +/* + * Generate key pair + */ +int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + return( mbedtls_ecp_group_load( &ctx->grp, gid ) || + mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); +} +#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ + /* * Set context from an mbedtls_ecp_keypair */ diff --git a/library/version_features.c b/library/version_features.c index df7f957fea..2629098a69 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -93,9 +93,6 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ -#if defined(MBEDTLS_ECDSA_ALT) - "MBEDTLS_ECDSA_ALT", -#endif /* MBEDTLS_ECDSA_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ @@ -165,6 +162,15 @@ static const char *features[] = { #if defined(MBEDTLS_AES_DECRYPT_ALT) "MBEDTLS_AES_DECRYPT_ALT", #endif /* MBEDTLS_AES_DECRYPT_ALT */ +#if defined(MBEDTLS_ECDSA_VERIFY_ALT) + "MBEDTLS_ECDSA_VERIFY_ALT", +#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ +#if defined(MBEDTLS_ECDSA_SIGN_ALT) + "MBEDTLS_ECDSA_SIGN_ALT", +#endif /* MBEDTLS_ECDSA_SIGN_ALT */ +#if defined(MBEDTLS_ECDSA_GENKEY_ALT) + "MBEDTLS_ECDSA_GENKEY_ALT", +#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ #if defined(MBEDTLS_ECP_INTERNAL_ALT) "MBEDTLS_ECP_INTERNAL_ALT", #endif /* MBEDTLS_ECP_INTERNAL_ALT */ From f9e184b9df9d72242fedb6ee94a59a6ef94e4329 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 16:49:26 +0100 Subject: [PATCH 0396/1059] Remove PRNG argument from `mbedtls_rsa_complete` --- include/mbedtls/rsa.h | 10 +--------- library/rsa.c | 14 +------------- tests/suites/test_suite_rsa.function | 16 +--------------- 3 files changed, 3 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0c649073e0..c85e6c81d8 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -382,8 +382,6 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * a set of imported core parameters. * * \param ctx Initialized RSA context to store parameters - * \param f_rng RNG function, or NULL - * \param p_rng RNG parameter, or NULL * * \note * - To setup an RSA public key, precisely N and E @@ -399,10 +397,6 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * - Alternative implementations need not support these * and may return \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. * - * \note The PRNG is used for the probabilistic algorithm - * used in the derivation of P, Q from N, D, E. If it - * not present, a deterministic heuristic is used. - * * \return * - 0 if successful. In this case, it is guaranteed * that the RSA context can be used for RSA operations @@ -417,9 +411,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * of the key material, see \c mbedtls_rsa_check_privkey. * */ -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); /** * \brief Export core parameters of an RSA key diff --git a/library/rsa.c b/library/rsa.c index b932d977a0..66abcf72f3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -601,9 +601,7 @@ cleanup: return( 0 ); } -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) { int ret = 0; @@ -658,7 +656,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, /* This includes sanity checking of core parameters, * so no further checks necessary. */ ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->D, &ctx->E, - f_rng, p_rng, &ctx->P, &ctx->Q ); if( ret != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); @@ -666,15 +663,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, } else if( d_missing ) { -#if defined(MBEDTLS_GENPRIME) - /* If a PRNG is provided, check if P, Q are prime. */ - if( f_rng != NULL && - ( ( ret = mbedtls_mpi_is_prime( &ctx->P, f_rng, p_rng ) ) != 0 || - ( ret = mbedtls_mpi_is_prime( &ctx->Q, f_rng, p_rng ) ) != 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); - } -#endif /* MBEDTLS_GENPRIME */ /* Deduce private exponent. This includes double-checking of the result, * so together with the primality test above all core parameters are diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index fc27353e70..8b99eeda3a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -732,20 +732,11 @@ void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, { mbedtls_mpi N, P, Pp, Q, Qp, D, E; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "test_suite_rsa"; - mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); @@ -756,8 +747,7 @@ void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); /* Try to deduce P, Q from N, D, E only. */ - TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, mbedtls_ctr_drbg_random, - &ctr_drbg, &P, &Q ) == result ); + TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result ); if( !corrupt ) { @@ -767,14 +757,10 @@ void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, } exit: - mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); - - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_entropy_free( &entropy ); } /* END_CASE */ From 7f25f850ac563f9c375c7c26cb1f6c28d68ff9a7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 16:56:22 +0100 Subject: [PATCH 0397/1059] Adapt uses of `mbedtls_rsa_complete` to removed PRNG argument --- library/pkparse.c | 4 ++-- library/rsa.c | 2 +- programs/pkey/dh_server.c | 3 +-- programs/pkey/rsa_decrypt.c | 3 +-- programs/pkey/rsa_sign.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_pkcs1_v15.function | 4 ++-- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 20 ++++++++------------ 9 files changed, 19 insertions(+), 25 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index f0b9db3201..57f966fe05 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -540,7 +540,7 @@ static int pk_get_rsapubkey( unsigned char **p, *p += len; - if( ( ret = mbedtls_rsa_complete( rsa, NULL, NULL ) ) != 0 ) + if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); if( *p != end ) @@ -745,7 +745,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, p += len; /* Complete the RSA private key */ - if( ( ret = mbedtls_rsa_complete( rsa, NULL, NULL ) ) != 0 ) + if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) goto cleanup; /* Check optional parameters */ diff --git a/library/rsa.c b/library/rsa.c index 66abcf72f3..388b634268 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2549,7 +2549,7 @@ int mbedtls_rsa_self_test( int verbose ) MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E ) ); MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa ) ); if( verbose != 0 ) mbedtls_printf( " RSA key validation: " ); diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 49066cd431..a8ee8fd3dd 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -149,8 +149,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_complete( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg ) ) != 0 ) + if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 48275bc238..2da3fbf110 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -142,8 +142,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( return_val = mbedtls_rsa_complete( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg ) ) != 0 ) + if( ( return_val = mbedtls_rsa_complete( &rsa ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", return_val ); diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index ff6473632e..89018cb765 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -115,7 +115,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_complete( &rsa, NULL, NULL ) ) != 0 ) + if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", ret ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 58b6013d75..e847836674 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -361,7 +361,7 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( rsa, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 ); /* decryption test */ memset( output, 0, sizeof( output ) ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 1a06e4fbaf..7f8b1c82ef 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -86,7 +86,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -142,7 +142,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index bd09930454..50da2ff1bb 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -87,7 +87,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -143,7 +143,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8b99eeda3a..87d15a8595 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -47,7 +47,7 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -146,7 +146,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -363,7 +363,7 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -471,7 +471,7 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char * TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -916,9 +916,7 @@ void mbedtls_rsa_import( int radix_N, char *input_N, have_E ? &E : NULL ) == 0 ); } - TEST_ASSERT( mbedtls_rsa_complete( &ctx, - mbedtls_ctr_drbg_random, - &ctr_drbg ) == result ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == result ); /* On expected success, perform some public and private * key operations to check if the key is working properly. */ @@ -1029,7 +1027,7 @@ void mbedtls_rsa_export( int radix_N, char *input_N, strlen( input_D ) ? &D : NULL, strlen( input_E ) ? &E : NULL ) == 0 ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); /* * Export parameters and compare to original ones. @@ -1220,7 +1218,7 @@ void mbedtls_rsa_export_raw( char *input_N, char *input_P, have_D ? bufD : NULL, lenD, have_E ? bufE : NULL, lenE ) == 0 ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); /* * Export parameters and compare to original ones. @@ -1382,9 +1380,7 @@ void mbedtls_rsa_import_raw( char *input_N, ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 ); } - TEST_ASSERT( mbedtls_rsa_complete( &ctx, - mbedtls_ctr_drbg_random, - &ctr_drbg ) == result ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == result ); /* On expected success, perform some public and private * key operations to check if the key is working properly. */ From a84c1cb3551fbab10c1100b5238b7f3283b2a399 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 10 Oct 2017 19:04:27 +0300 Subject: [PATCH 0398/1059] Address PR cpomments reviews 1) move the change into Features from Changes, in the changLog 2) Change the feature alternative configuration MBEDTLS_ECDH_ALT definition to function alternative defintions MBEDTLS_ECDH_COMPUTE_SHARED_ALT and MBEDTLS_ECDH_GEN_PUBLIC_ALT --- ChangeLog | 5 ++++- include/mbedtls/config.h | 3 ++- library/ecdh.c | 7 +++++-- library/version_features.c | 9 ++++++--- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 23698c2339..76a27b666f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,8 +36,11 @@ Changes * Clarify ECDSA documentation and improve the sample code to avoid misunderstandings and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. + +Features * Add support for alternative implementation for ECDH, controlled by new - configuration flag MBEDTLS_ECDH_ALT in config.h. + configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and + MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h. The following functions from the ECDH module can be replaced with an alternative implementation: mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a29312a26b..a151f77cc9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -238,7 +238,6 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT -//#define MBEDTLS_ECDH_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT @@ -295,6 +294,8 @@ //#define MBEDTLS_AES_SETKEY_DEC_ALT //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT +//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT /** * \def MBEDTLS_ECP_INTERNAL_ALT diff --git a/library/ecdh.c b/library/ecdh.c index b66cb58676..61380b6936 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -38,7 +38,7 @@ #include -#if !defined(MBEDTLS_ECDH_ALT) +#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) /* * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair */ @@ -48,7 +48,9 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp { return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng ); } +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) /* * Compute shared secret (SEC1 3.3.1) */ @@ -82,7 +84,8 @@ cleanup: return( ret ); } -#endif /* MBEDTLS_ECDH_ALT */ +#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ + /* * Initialize context */ diff --git a/library/version_features.c b/library/version_features.c index 7b08f04bef..802832ce93 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -93,9 +93,6 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ -#if defined(MBEDTLS_ECDH_ALT) - "MBEDTLS_ECDH_ALT", -#endif /* MBEDTLS_ECDH_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ @@ -165,6 +162,12 @@ static const char *features[] = { #if defined(MBEDTLS_AES_DECRYPT_ALT) "MBEDTLS_AES_DECRYPT_ALT", #endif /* MBEDTLS_AES_DECRYPT_ALT */ +#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) + "MBEDTLS_ECDH_GEN_PUBLIC_ALT", +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) + "MBEDTLS_ECDH_GEN_PUBLIC_ALT", +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ #if defined(MBEDTLS_ECP_INTERNAL_ALT) "MBEDTLS_ECP_INTERNAL_ALT", #endif /* MBEDTLS_ECP_INTERNAL_ALT */ From 134a082455a9d1405422a4afd40e7992d25530c1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:51:24 +0200 Subject: [PATCH 0399/1059] Fixed "config.pl get" for options with no value Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed for config.h lines with a comment at the end, but that broke the case of macros with an empty expansion. Support all cases. --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 406413bd52..4cf4ac8b8c 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -205,7 +205,7 @@ for my $line (@config_lines) { $done = 1; } } elsif (!$done && $action eq "get") { - if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) { + if ($line =~ /^\s*#define\s*$name(?:\s+(.*?))\s*(?:$|\/\*|\/\/)/) { $value = $1; $done = 1; } From 58e5fdc0ca76029c48f9523b4e4d7af4ae71abd2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:54:28 +0200 Subject: [PATCH 0400/1059] config.pl get: don't rewrite config.h; detect write errors scripts/config.pl would always rewrite config.h if it was reading it. This commit changes it to not modify the file when only reading is required, i.e. for the get command. Also, die if writing config.h fails (e.g. disk full). --- scripts/config.pl | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 4cf4ac8b8c..9fc6062786 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -175,7 +175,10 @@ if ($action eq "realfull") { $no_exclude_re = join '|', @non_excluded; } -open my $config_write, '>', $config_file or die "write $config_file: $!\n"; +my $config_write = undef; +if ($action ne "get") { + open $config_write, '>', $config_file or die "write $config_file: $!\n"; +} my $done; for my $line (@config_lines) { @@ -211,7 +214,9 @@ for my $line (@config_lines) { } } - print $config_write $line; + if (defined $config_write) { + print $config_write $line or die "write $config_file: $!\n";; + } } # Did the set command work? @@ -223,10 +228,12 @@ if ($action eq "set"&& $force_option && !$done) { $line .= "\n"; $done = 1; - print $config_write $line; + print $config_write $line or die "write $config_file: $!\n"; } -close $config_write; +if (defined $config_write) { + close $config_write or die "close $config_file: $!\n"; +} if ($action eq "get") { if($done) { From ad8b9ec9e9924929752af3769a64b8867f5c39a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:56:18 +0200 Subject: [PATCH 0401/1059] config.pl get: be better behaved When printing an option's value, print a newline at the end. When the requested option is missing, fail with status 1 (the usual convention for "not found") rather than -1 (which has a system-dependent effect). --- scripts/config.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 9fc6062786..b99140a370 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -56,7 +56,7 @@ Commands unset - Comments out the #define for the given symbol if present in the configuration file. get - Finds the #define for the given symbol, returning - an exitcode of 0 if the symbol is found, and -1 if + an exitcode of 0 if the symbol is found, and 1 if not. The value of the symbol is output if one is specified in the configuration file. full - Uncomments all #define's in the configuration file @@ -220,7 +220,7 @@ for my $line (@config_lines) { } # Did the set command work? -if ($action eq "set"&& $force_option && !$done) { +if ($action eq "set" && $force_option && !$done) { # If the force option was set, append the symbol to the end of the file my $line = "#define $name"; @@ -236,14 +236,14 @@ if (defined $config_write) { } if ($action eq "get") { - if($done) { + if ($done) { if ($value ne '') { - print $value; + print "$value\n"; } exit 0; } else { # If the symbol was not found, return an error - exit -1; + exit 1; } } From ae98d4aa397016e15ce2e2f8ba455322712157ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 11:26:45 +0200 Subject: [PATCH 0402/1059] Minor style fix --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index b99140a370..5a06a33381 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -215,7 +215,7 @@ for my $line (@config_lines) { } if (defined $config_write) { - print $config_write $line or die "write $config_file: $!\n";; + print $config_write $line or die "write $config_file: $!\n"; } } From e867489ff6cb06c51245410eb432532c37d56730 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 17:56:14 +0100 Subject: [PATCH 0403/1059] Remove outdated comments from `mbedtls_rsa_complete` --- library/rsa.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 388b634268..efc148956c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -653,8 +653,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) if( pq_missing ) { - /* This includes sanity checking of core parameters, - * so no further checks necessary. */ ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->D, &ctx->E, &ctx->P, &ctx->Q ); if( ret != 0 ) @@ -663,10 +661,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) } else if( d_missing ) { - - /* Deduce private exponent. This includes double-checking of the result, - * so together with the primality test above all core parameters are - * guaranteed to be sane if this call succeeds. */ if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P, &ctx->Q, &ctx->E, @@ -676,11 +670,9 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) } } - /* In the remaining case of a public key, there's nothing to check for. */ - /* * Step 3: Deduce all additional parameters specific - * to our current RSA implementaiton. + * to our current RSA implementation. */ #if !defined(MBEDTLS_RSA_NO_CRT) From 705fc68d724e37d59aa4b2ed4d193ea1a92557be Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 17:57:02 +0100 Subject: [PATCH 0404/1059] Unify sanity checks for RSA private and public keys --- library/rsa.c | 146 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 99 insertions(+), 47 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index efc148956c..493cd1c123 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -139,7 +139,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, uint16_t attempt; /* Number of current attempt */ uint16_t iter; /* Number of squares computed in the current attempt */ - uint16_t order; /* Order of 2 in DE - 1 */ + uint16_t order; /* Order of 2 in DE - 1 */ mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ mbedtls_mpi K; /* During factorization attempts, stores a random integer @@ -601,6 +601,89 @@ cleanup: return( 0 ); } +/* + * Checks whether the context fields are set in such a way + * that the RSA primitives will be able to execute without error. + * It does *not* make guarantees for consistency of the parameters. + */ +static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) +{ + if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* + * 1. Modular exponentiation needs positive, odd moduli. + */ + + /* Modular exponentiation wrt. N is always used for + * RSA public key operations. */ + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + +#if !defined(MBEDTLS_RSA_NO_CRT) + /* Modular exponentiation for P and Q is only + * used for private key operations and if CRT + * is used. */ + if( is_priv && + ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif /* !MBEDTLS_RSA_NO_CRT */ + + /* + * 2. Exponents must be positive + */ + + /* Always need E for public key operations */ + if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + +#if !defined(MBEDTLS_NO_CRT) + /* For private key operations, use D or DP & DQ + * as (unblinded) exponents. */ + if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +#else + if( is_priv && + ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 || + mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif /* MBEDTLS_RSA_NO_CRT */ + + /* Blinding shouldn't make exponents negative either, + * so check that P, Q >= 1 if that hasn't yet been + * done as part of 1. */ +#if defined(MBEDTLS_NO_CRT) + if( is_priv && + ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif + + /* It wouldn't lead to an error if it wasn't satisfied, + * but check for PQ >= 1 nonetheless. */ +#if !defined(MBEDTLS_NO_CRT) + if( is_priv && + mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif + + return( 0 ); +} + int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) { int ret = 0; @@ -686,21 +769,10 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) #endif /* MBEDTLS_RSA_NO_CRT */ /* - * Step 3: Basic sanity check + * Step 3: Basic sanity checks */ - if( is_priv ) - { - if( ( ret = mbedtls_rsa_check_privkey( ctx ) ) != 0 ) - return( ret ); - } - else - { - if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 ) - return( ret ); - } - - return( 0 ); + return( rsa_check_context( ctx, is_priv ) ); } int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, @@ -960,20 +1032,8 @@ cleanup: */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { - if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) - { + if( rsa_check_context( ctx, 0 /* public */ ) != 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - } - - if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - - if( mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 || - mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - } if( mbedtls_mpi_bitlen( &ctx->N ) < 128 || mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS ) @@ -981,7 +1041,8 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } - if( mbedtls_mpi_bitlen( &ctx->E ) < 2 || + if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 || + mbedtls_mpi_bitlen( &ctx->E ) < 2 || mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -991,18 +1052,22 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) } /* - * Check a private RSA key + * Check for the consistency of all fields in an RSA private key context */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { - if( mbedtls_rsa_check_pubkey( ctx ) != 0 ) + if( mbedtls_rsa_check_pubkey( ctx ) != 0 || + rsa_check_context( ctx, 1 /* private */ ) != 0 ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, &ctx->D, &ctx->E, NULL, NULL ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } + #if !defined(MBEDTLS_RSA_NO_CRT) else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 ) @@ -1046,6 +1111,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, size_t olen; mbedtls_mpi T; + if( rsa_check_context( ctx, 0 /* public */ ) ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + mbedtls_mpi_init( &T ); #if defined(MBEDTLS_THREADING_C) @@ -1162,24 +1230,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi *DQ = &ctx->DQ; #endif - /* Sanity-check that all relevant fields are at least set, - * but don't perform a full keycheck. */ - if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) - { + if( rsa_check_context( ctx, 1 /* private */ ) != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } -#if !defined(MBEDTLS_RSA_NO_CRT) - if( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } -#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); From 04877a48d44fd561c67d9e6bfac7814b819ad92d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 10:01:33 +0100 Subject: [PATCH 0405/1059] Adapt `rsa_import` tests to weakened semantics of `rsa_complete` The tests now accept two result parameters, one for the expected result of the completion call, and one for the expected result of the subsequent sanity check. --- tests/suites/test_suite_rsa.data | 68 ++++++++++++++++------------ tests/suites/test_suite_rsa.function | 34 ++++++++------ 2 files changed, 60 insertions(+), 42 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 8ca6445bc6..91aa1fd8c2 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -428,88 +428,100 @@ RSA Deduce Moduli, corrupted mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Import (N,P,Q,D,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0 + +RSA Import (N,P,Q,D,E), inconsistent +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (N,P,Q,D,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0 + +RSA Import (N,P,Q,D,E), successive, inconsistent +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (-,P,Q,D,E) -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0 RSA Import (-,P,Q,D,E), successive -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0 RSA Import (N,-,-,D,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0 RSA Import (N,-,-,D,E), succesive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0 RSA Import (N,P,Q,-,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0:0 RSA Import (N,P,Q,-,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0:0 RSA Import (-,P,Q,-,E) -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0:0 RSA Import (-,P,Q,-,E), successive -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0:0 RSA Import (N,-,Q,-,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,Q,-,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,-,-,E), complete public key -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0:0:0 RSA Import (N,-,-,-,E), complete public key, successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0:0:0 + +RSA Import (N,-,-,-,E), complete public key, corrupted +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"4":0:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 + +RSA Import (N,-,-,-,E), complete public key, successive, corrupted +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"4":1:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import Raw (N,P,Q,D,E), complete private key -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0 RSA Import Raw (N,P,Q,D,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0:0 RSA Import Raw (-,P,Q,D,E) -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0 RSA Import Raw (-,P,Q,D,E), successive -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0:0 RSA Import Raw (N,-,-,D,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0 RSA Import Raw (N,-,-,D,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0:0 RSA Import Raw (N,P,Q,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0:0 RSA Import Raw (N,P,Q,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0:0 RSA Import Raw (-,P,Q,-,E) -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0:0 RSA Import Raw (-,P,Q,-,E), successive -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0:0 RSA Import Raw (N,-,Q,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import Raw (N,-,Q,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import Raw (N,-,-,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0:0:0 RSA Import Raw (N,-,-,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0:0:0 RSA Export (N,P,Q,D,E) mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 87d15a8595..9ee8ea1fe0 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -831,7 +831,8 @@ void mbedtls_rsa_import( int radix_N, char *input_N, int radix_E, char *input_E, int successive, int is_priv, - int result ) + int res_check, + int res_complete ) { mbedtls_mpi N, P, Q, D, E; mbedtls_rsa_context ctx; @@ -916,17 +917,19 @@ void mbedtls_rsa_import( int radix_N, char *input_N, have_E ? &E : NULL ) == 0 ); } - TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == result ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); /* On expected success, perform some public and private * key operations to check if the key is working properly. */ - if( result == 0 ) + if( res_complete == 0 ) { - TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - - /* Did we expect a full private key to be setup? */ if( is_priv ) - TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); + else + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); + + if( res_check != 0 ) + goto exit; buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); @@ -1294,7 +1297,8 @@ void mbedtls_rsa_import_raw( char *input_N, char *input_D, char *input_E, int successive, int is_priv, - int result ) + int res_check, + int res_complete ) { unsigned char bufN[1000]; unsigned char bufP[1000]; @@ -1380,17 +1384,19 @@ void mbedtls_rsa_import_raw( char *input_N, ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 ); } - TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == result ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); /* On expected success, perform some public and private * key operations to check if the key is working properly. */ - if( result == 0 ) + if( res_complete == 0 ) { - TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - - /* Did we expect a full private key to be setup? */ if( is_priv ) - TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); + else + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); + + if( res_check != 0 ) + goto exit; buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); From a565f54c4c0edf84ef598648e0fdb9a6d5f8f037 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 11:00:19 +0100 Subject: [PATCH 0406/1059] Introduce new files rsa_internal.[ch] for RSA helper functions This commit splits off the RSA helper functions into separate headers and compilation units to have a clearer separation of the public RSA interface, intended to be used by end-users, and the helper functions which are publicly provided only for the benefit of designers of alternative RSA implementations. --- include/mbedtls/config.h | 2 + include/mbedtls/rsa.h | 156 --------- include/mbedtls/rsa_internal.h | 219 ++++++++++++ library/CMakeLists.txt | 1 + library/Makefile | 6 +- library/rsa.c | 475 +-------------------------- library/rsa_internal.c | 471 ++++++++++++++++++++++++++ tests/suites/test_suite_rsa.function | 1 + 8 files changed, 700 insertions(+), 631 deletions(-) create mode 100644 include/mbedtls/rsa_internal.h create mode 100644 library/rsa_internal.c diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ec004f5b31..a93b0aae23 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1650,6 +1650,7 @@ * library/ecp.c * library/ecdsa.c * library/rsa.c + * library/rsa_internal.c * library/ssl_tls.c * * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. @@ -2263,6 +2264,7 @@ * Enable the RSA public-key cryptosystem. * * Module: library/rsa.c + * library/rsa_internal.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index c85e6c81d8..eab8e0dfee 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -74,162 +74,6 @@ extern "C" { #endif -/** - * Helper functions for RSA-related operations on MPI's. - */ - -/** - * \brief Compute RSA prime moduli P, Q from public modulus N=PQ - * and a pair of private and public key. - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param N RSA modulus N = PQ, with P, Q to be found - * \param D RSA private exponent - * \param E RSA public exponent - * \param P Pointer to MPI holding first prime factor of N on success - * \param Q Pointer to MPI holding second prime factor of N on success - * - * \return - * - 0 if successful. In this case, P and Q constitute a - * factorization of N. - * - A non-zero error code otherwise. - * - * \note It is neither checked that P, Q are prime nor that - * D, E are modular inverses wrt. P-1 and Q-1. For that, - * use the helper function \c mbedtls_rsa_validate_params. - * - */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, - mbedtls_mpi const *E, - mbedtls_mpi *P, mbedtls_mpi *Q ); - -/** - * \brief Compute RSA private exponent from - * prime moduli and public key. - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param P First prime factor of RSA modulus - * \param Q Second prime factor of RSA modulus - * \param E RSA public exponent - * \param D Pointer to MPI holding the private exponent on success. - * - * \return - * - 0 if successful. In this case, D is set to a simultaneous - * modular inverse of E modulo both P-1 and Q-1. - * - A non-zero error code otherwise. - * - * \note This function does not check whether P and Q are primes. - * - */ -int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ); - - -/** - * \brief Generate RSA-CRT parameters - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param P First prime factor of N - * \param Q Second prime factor of N - * \param D RSA private exponent - * \param DP Output variable for D modulo P-1 - * \param DQ Output variable for D modulo Q-1 - * \param QP Output variable for the modular inverse of Q modulo P. - * - * \return 0 on success, non-zero error code otherwise. - * - * \note This function does not check whether P, Q are - * prime and whether D is a valid private exponent. - * - */ -int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ); - - -/** - * \brief Check validity of core RSA parameters - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param N RSA modulus N = PQ - * \param P First prime factor of N - * \param Q Second prime factor of N - * \param D RSA private exponent - * \param E RSA public exponent - * \param f_rng PRNG to be used for primality check, or NULL - * \param p_rng PRNG context for f_rng, or NULL - * - * \return - * - 0 if the following conditions are satisfied - * if all relevant parameters are provided: - * - P prime if f_rng != NULL - * - Q prime if f_rng != NULL - * - 1 < N = PQ - * - 1 < D, E < N - * - D and E are modular inverses modulo P-1 and Q-1 - * - A non-zero error code otherwise. - * - * \note The function can be used with a restricted set of arguments - * to perform specific checks only. E.g., calling it with - * (-,P,-,-,-) and a PRNG amounts to a primality check for P. - */ -int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, - const mbedtls_mpi *Q, const mbedtls_mpi *D, - const mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Check validity of RSA CRT parameters - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param P First prime factor of RSA modulus - * \param Q Second prime factor of RSA modulus - * \param D RSA private exponent - * \param DP MPI to check for D modulo P-1 - * \param DQ MPI to check for D modulo P-1 - * \param QP MPI to check for the modular inverse of Q modulo P. - * - * \return - * - 0 if the following conditions are satisfied: - * - D = DP mod P-1 if P, D, DP != NULL - * - Q = DQ mod P-1 if P, D, DQ != NULL - * - QP = Q^-1 mod P if P, Q, QP != NULL - * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, - * potentially including \c MBEDTLS_ERR_MPI_XXX if some - * MPI calculations failed. - * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient - * data was provided to check DP, DQ or QP. - * - * \note The function can be used with a restricted set of arguments - * to perform specific checks only. E.g., calling it with the - * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. - */ -int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *DP, - const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); - -/** - * Implementation of RSA interface - */ - #if !defined(MBEDTLS_RSA_ALT) /** diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h new file mode 100644 index 0000000000..235347046e --- /dev/null +++ b/include/mbedtls/rsa_internal.h @@ -0,0 +1,219 @@ +/** + * \file rsa_internal.h + * + * \brief Context-independent RSA helper functions + * + * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + * + * + * This file declares some RSA-related helper functions useful when + * implementing the RSA interface. They are public and provided in a + * separate compilation unit in order to make it easy for designers of + * alternative RSA implementations to use them in their code, as it is + * conceived that the functionality they provide will be necessary + * for most complete implementations. + * + * End-users of Mbed TLS not intending to re-implement the RSA functionality + * are not expected to get into the need of making use of these functions directly, + * but instead should be able to make do with the implementation of the RSA module. + * + * There are two classes of helper functions: + * (1) Parameter-generating helpers. These are: + * - mbedtls_rsa_deduce_primes + * - mbedtls_rsa_deduce_private_exponent + * - mbedtls_rsa_deduce_crt + * Each of these functions takes a set of core RSA parameters + * and generates some other, or CRT related parameters. + * (2) Parameter-checking helpers. These are: + * - mbedtls_rsa_validate_params + * - mbedtls_rsa_validate_crt + * They take a set of core or CRT related RSA parameters + * and check their validity. + * + */ + +#ifndef MBEDTLS_RSA_INTERNAL_H +#define MBEDTLS_RSA_INTERNAL_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "bignum.h" + +#if defined(MBEDTLS_RSA_C) + +#ifdef __cplusplus +extern "C" { +#endif + + +/** + * \brief Compute RSA prime moduli P, Q from public modulus N=PQ + * and a pair of private and public key. + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param N RSA modulus N = PQ, with P, Q to be found + * \param D RSA private exponent + * \param E RSA public exponent + * \param P Pointer to MPI holding first prime factor of N on success + * \param Q Pointer to MPI holding second prime factor of N on success + * + * \return + * - 0 if successful. In this case, P and Q constitute a + * factorization of N. + * - A non-zero error code otherwise. + * + * \note It is neither checked that P, Q are prime nor that + * D, E are modular inverses wrt. P-1 and Q-1. For that, + * use the helper function \c mbedtls_rsa_validate_params. + * + */ +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, + mbedtls_mpi const *E, + mbedtls_mpi *P, mbedtls_mpi *Q ); + +/** + * \brief Compute RSA private exponent from + * prime moduli and public key. + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of RSA modulus + * \param Q Second prime factor of RSA modulus + * \param E RSA public exponent + * \param D Pointer to MPI holding the private exponent on success. + * + * \return + * - 0 if successful. In this case, D is set to a simultaneous + * modular inverse of E modulo both P-1 and Q-1. + * - A non-zero error code otherwise. + * + * \note This function does not check whether P and Q are primes. + * + */ +int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ); + + +/** + * \brief Generate RSA-CRT parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of N + * \param Q Second prime factor of N + * \param D RSA private exponent + * \param DP Output variable for D modulo P-1 + * \param DQ Output variable for D modulo Q-1 + * \param QP Output variable for the modular inverse of Q modulo P. + * + * \return 0 on success, non-zero error code otherwise. + * + * \note This function does not check whether P, Q are + * prime and whether D is a valid private exponent. + * + */ +int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ); + + +/** + * \brief Check validity of core RSA parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param N RSA modulus N = PQ + * \param P First prime factor of N + * \param Q Second prime factor of N + * \param D RSA private exponent + * \param E RSA public exponent + * \param f_rng PRNG to be used for primality check, or NULL + * \param p_rng PRNG context for f_rng, or NULL + * + * \return + * - 0 if the following conditions are satisfied + * if all relevant parameters are provided: + * - P prime if f_rng != NULL + * - Q prime if f_rng != NULL + * - 1 < N = PQ + * - 1 < D, E < N + * - D and E are modular inverses modulo P-1 and Q-1 + * - A non-zero error code otherwise. + * + * \note The function can be used with a restricted set of arguments + * to perform specific checks only. E.g., calling it with + * (-,P,-,-,-) and a PRNG amounts to a primality check for P. + */ +int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief Check validity of RSA CRT parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of RSA modulus + * \param Q Second prime factor of RSA modulus + * \param D RSA private exponent + * \param DP MPI to check for D modulo P-1 + * \param DQ MPI to check for D modulo P-1 + * \param QP MPI to check for the modular inverse of Q modulo P. + * + * \return + * - 0 if the following conditions are satisfied: + * - D = DP mod P-1 if P, D, DP != NULL + * - Q = DQ mod P-1 if P, D, DQ != NULL + * - QP = Q^-1 mod P if P, Q, QP != NULL + * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, + * potentially including \c MBEDTLS_ERR_MPI_XXX if some + * MPI calculations failed. + * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient + * data was provided to check DP, DQ or QP. + * + * \note The function can be used with a restricted set of arguments + * to perform specific checks only. E.g., calling it with the + * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. + */ +int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); + + +#endif /* MBEDTLS_RSA_C */ + +#endif /* rsa_internal.h */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7a9f185e2c..49f037c8ca 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -48,6 +48,7 @@ set(src_crypto platform.c ripemd160.c rsa.c + rsa_internal.c sha1.c sha256.c sha512.c diff --git a/library/Makefile b/library/Makefile index 28f92315a0..541d47fe9f 100644 --- a/library/Makefile +++ b/library/Makefile @@ -59,9 +59,9 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ padlock.o pem.o pk.o \ pk_wrap.o pkcs12.o pkcs5.o \ pkparse.o pkwrite.o platform.o \ - ripemd160.o rsa.o sha1.o \ - sha256.o sha512.o threading.o \ - timing.o version.o \ + ripemd160.o rsa_internal.o rsa.o \ + sha1.o sha256.o sha512.o \ + threading.o timing.o version.o \ version_features.o xtea.o OBJS_X509= certs.o pkcs11.o x509.o \ diff --git a/library/rsa.c b/library/rsa.c index 493cd1c123..83e2b2be3c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -46,6 +46,7 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" +#include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" #include @@ -67,483 +68,13 @@ #define mbedtls_free free #endif +#if !defined(MBEDTLS_RSA_ALT) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } -/* - * Context-independent RSA helper functions. - * - * There are two classes of helper functions: - * (1) Parameter-generating helpers. These are: - * - mbedtls_rsa_deduce_primes - * - mbedtls_rsa_deduce_private_exponent - * - mbedtls_rsa_deduce_crt - * Each of these functions takes a set of core RSA parameters - * and generates some other, or CRT related parameters. - * (2) Parameter-checking helpers. These are: - * - mbedtls_rsa_validate_params - * - mbedtls_rsa_validate_crt - * They take a set of core or CRT related RSA parameters - * and check their validity. - * - * The helper functions do not use the RSA context structure - * and therefore do not need to be replaced when providing - * an alternative RSA implementation. - * - * Their main purpose is to provide common MPI operations in the context - * of RSA that can be easily shared across multiple implementations. - */ - -/* - * - * Given the modulus N=PQ and a pair of public and private - * exponents E and D, respectively, factor N. - * - * Setting F := lcm(P-1,Q-1), the idea is as follows: - * - * (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2) - * is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the - * square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four - * possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1) - * or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime - * factors of N. - * - * (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same - * construction still applies since (-)^K is the identity on the set of - * roots of 1 in Z/NZ. - * - * The public and private key primitives (-)^E and (-)^D are mutually inverse - * bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e. - * if and only if DE - 1 is a multiple of F, say DE - 1 = F * L. - * Splitting L = 2^t * K with K odd, we have - * - * DE - 1 = FL = (F/2) * (2^(t+1)) * K, - * - * so (F / 2) * K is among the numbers - * - * (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord - * - * where ord is the order of 2 in (DE - 1). - * We can therefore iterate through these numbers apply the construction - * of (a) and (b) above to attempt to factor N. - * - */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, - mbedtls_mpi const *D, mbedtls_mpi const *E, - mbedtls_mpi *P, mbedtls_mpi *Q ) -{ - int ret = 0; - - uint16_t attempt; /* Number of current attempt */ - uint16_t iter; /* Number of squares computed in the current attempt */ - - uint16_t order; /* Order of 2 in DE - 1 */ - - mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ - mbedtls_mpi K; /* During factorization attempts, stores a random integer - * in the range of [0,..,N] */ - - const unsigned int primes[] = { 2, - 3, 5, 7, 11, 13, 17, 19, 23, - 29, 31, 37, 41, 43, 47, 53, 59, - 61, 67, 71, 73, 79, 83, 89, 97, - 101, 103, 107, 109, 113, 127, 131, 137, - 139, 149, 151, 157, 163, 167, 173, 179, - 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251, 257, 263, 269, - 271, 277, 281, 283, 293, 307, 311, 313 - }; - - const size_t num_primes = sizeof( primes ) / sizeof( *primes ); - - if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || - mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( D, N ) >= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) - { - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - } - - /* - * Initializations and temporary changes - */ - - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &T ); - - /* T := DE - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); - - if( ( order = mbedtls_mpi_lsb( &T ) ) == 0 ) - { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto cleanup; - } - - /* After this operation, T holds the largest odd divisor of DE - 1. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); - - /* - * Actual work - */ - - /* Skip trying 2 if N == 1 mod 8 */ - attempt = 0; - if( N->p[0] % 8 == 1 ) - attempt = 1; - - for( ; attempt < num_primes; ++attempt ) - { - mbedtls_mpi_lset( &K, primes[attempt] ); - - /* Check if gcd(K,N) = 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); - if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) - continue; - - /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... - * and check whether they have nontrivial GCD with N. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N, - Q /* temporarily use Q for storing Montgomery - * multiplication helper values */ ) ); - - for( iter = 1; iter < order; ++iter ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); - - if( mbedtls_mpi_cmp_int( P, 1 ) == 1 && - mbedtls_mpi_cmp_mpi( P, N ) == -1 ) - { - /* - * Have found a nontrivial divisor P of N. - * Set Q := N / P. - */ - - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) ); - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); - } - } - - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - -cleanup: - - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &T ); - return( ret ); -} - -/* - * Given P, Q and the public exponent E, deduce D. - * This is essentially a modular inversion. - */ - -int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ) -{ - int ret = 0; - mbedtls_mpi K, L; - - if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 0 ) == 0 ) - { - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - } - - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); - - /* Temporarily put K := P-1 and L := Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); - - /* Temporarily put D := gcd(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) ); - - /* K := LCM(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); - - /* Compute modular inverse of E in LCM(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); - -cleanup: - - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); - - return( ret ); -} - -/* - * Check that RSA CRT parameters are in accordance with core parameters. - */ - -int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *DP, - const mbedtls_mpi *DQ, const mbedtls_mpi *QP ) -{ - int ret = 0; - - mbedtls_mpi K, L; - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); - - /* Check that DP - D == 0 mod P - 1 */ - if( DP != NULL ) - { - if( P == NULL ) - { - ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); - - if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - - /* Check that DQ - D == 0 mod Q - 1 */ - if( DQ != NULL ) - { - if( Q == NULL ) - { - ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); - - if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - - /* Check that QP * Q - 1 == 0 mod P */ - if( QP != NULL ) - { - if( P == NULL || Q == NULL ) - { - ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - -cleanup: - - /* Wrap MPI error codes by RSA check failure error code */ - if( ret != 0 && - ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && - ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) - { - ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - } - - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); - - return( ret ); -} - -/* - * Check that core RSA parameters are sane. - */ - -int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, - const mbedtls_mpi *Q, const mbedtls_mpi *D, - const mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - int ret = 0; - mbedtls_mpi K, L; - - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); - - /* - * Step 1: If PRNG provided, check that P and Q are prime - */ - -#if defined(MBEDTLS_GENPRIME) - if( f_rng != NULL && P != NULL && - ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - - if( f_rng != NULL && Q != NULL && - ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } -#else - ((void) f_rng); - ((void) p_rng); -#endif /* MBEDTLS_GENPRIME */ - - /* - * Step 2: Check that 1 < N = PQ - */ - - if( P != NULL && Q != NULL && N != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - - /* - * Step 3: Check and 1 < D, E < N if present. - */ - - if( N != NULL && D != NULL && E != NULL ) - { - if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( D, N ) >= 0 || - mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - - /* - * Step 4: Check that D, E are inverse modulo P-1 and Q-1 - */ - - if( P != NULL && Q != NULL && D != NULL && E != NULL ) - { - if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - - /* Compute DE-1 mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - - /* Compute DE-1 mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - -cleanup: - - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); - - /* Wrap MPI error codes by RSA check failure error code */ - if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) - { - ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - } - - return( ret ); -} - -int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ) -{ - int ret = 0; - mbedtls_mpi K; - mbedtls_mpi_init( &K ); - - /* DP = D mod P-1 */ - if( DP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); - } - - /* DQ = D mod Q-1 */ - if( DQ != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); - } - - /* QP = Q^{-1} mod P */ - if( QP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); - } - -cleanup: - mbedtls_mpi_free( &K ); - - return( ret ); -} - - -/* - * Default RSA interface implementation - */ - -#if !defined(MBEDTLS_RSA_ALT) - int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, diff --git a/library/rsa_internal.c b/library/rsa_internal.c new file mode 100644 index 0000000000..879e2d5d7d --- /dev/null +++ b/library/rsa_internal.c @@ -0,0 +1,471 @@ +/* + * Helper functions for the RSA module + * + * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + * + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_RSA_C) + +#include "mbedtls/rsa.h" +#include "mbedtls/bignum.h" +#include "mbedtls/rsa_internal.h" + +/* + * Compute RSA prime factors from public and private exponents + * + * Summary of algorithm: + * Setting F := lcm(P-1,Q-1), the idea is as follows: + * + * (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2) + * is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the + * square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four + * possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1) + * or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime + * factors of N. + * + * (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same + * construction still applies since (-)^K is the identity on the set of + * roots of 1 in Z/NZ. + * + * The public and private key primitives (-)^E and (-)^D are mutually inverse + * bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e. + * if and only if DE - 1 is a multiple of F, say DE - 1 = F * L. + * Splitting L = 2^t * K with K odd, we have + * + * DE - 1 = FL = (F/2) * (2^(t+1)) * K, + * + * so (F / 2) * K is among the numbers + * + * (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord + * + * where ord is the order of 2 in (DE - 1). + * We can therefore iterate through these numbers apply the construction + * of (a) and (b) above to attempt to factor N. + * + */ +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, + mbedtls_mpi const *D, mbedtls_mpi const *E, + mbedtls_mpi *P, mbedtls_mpi *Q ) +{ + int ret = 0; + + uint16_t attempt; /* Number of current attempt */ + uint16_t iter; /* Number of squares computed in the current attempt */ + + uint16_t order; /* Order of 2 in DE - 1 */ + + mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ + mbedtls_mpi K; /* Temporary holding the current candidate */ + + const unsigned int primes[] = { 2, + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313 + }; + + const size_t num_primes = sizeof( primes ) / sizeof( *primes ); + + if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || + mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( D, N ) >= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) + { + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } + + /* + * Initializations and temporary changes + */ + + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &T ); + + /* T := DE - 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); + + if( ( order = mbedtls_mpi_lsb( &T ) ) == 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* After this operation, T holds the largest odd divisor of DE - 1. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); + + /* + * Actual work + */ + + /* Skip trying 2 if N == 1 mod 8 */ + attempt = 0; + if( N->p[0] % 8 == 1 ) + attempt = 1; + + for( ; attempt < num_primes; ++attempt ) + { + mbedtls_mpi_lset( &K, primes[attempt] ); + + /* Check if gcd(K,N) = 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) + continue; + + /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... + * and check whether they have nontrivial GCD with N. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N, + Q /* temporarily use Q for storing Montgomery + * multiplication helper values */ ) ); + + for( iter = 1; iter < order; ++iter ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + + if( mbedtls_mpi_cmp_int( P, 1 ) == 1 && + mbedtls_mpi_cmp_mpi( P, N ) == -1 ) + { + /* + * Have found a nontrivial divisor P of N. + * Set Q := N / P. + */ + + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) ); + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); + } + } + + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + +cleanup: + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &T ); + return( ret ); +} + +/* + * Given P, Q and the public exponent E, deduce D. + * This is essentially a modular inversion. + */ +int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ) +{ + int ret = 0; + mbedtls_mpi K, L; + + if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 0 ) == 0 ) + { + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } + + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); + + /* Temporarily put K := P-1 and L := Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); + + /* Temporarily put D := gcd(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) ); + + /* K := LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); + + /* Compute modular inverse of E in LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); + +cleanup: + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + return( ret ); +} + +/* + * Check that RSA CRT parameters are in accordance with core parameters. + */ +int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP ) +{ + int ret = 0; + + mbedtls_mpi K, L; + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); + + /* Check that DP - D == 0 mod P - 1 */ + if( DP != NULL ) + { + if( P == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + + if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* Check that DQ - D == 0 mod Q - 1 */ + if( DQ != NULL ) + { + if( Q == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + + if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* Check that QP * Q - 1 == 0 mod P */ + if( QP != NULL ) + { + if( P == NULL || Q == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + +cleanup: + + /* Wrap MPI error codes by RSA check failure error code */ + if( ret != 0 && + ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && + ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) + { + ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + return( ret ); +} + +/* + * Check that core RSA parameters are sane. + */ +int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret = 0; + mbedtls_mpi K, L; + + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); + + /* + * Step 1: If PRNG provided, check that P and Q are prime + */ + +#if defined(MBEDTLS_GENPRIME) + if( f_rng != NULL && P != NULL && + ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + + if( f_rng != NULL && Q != NULL && + ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } +#else + ((void) f_rng); + ((void) p_rng); +#endif /* MBEDTLS_GENPRIME */ + + /* + * Step 2: Check that 1 < N = PQ + */ + + if( P != NULL && Q != NULL && N != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); + if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* + * Step 3: Check and 1 < D, E < N if present. + */ + + if( N != NULL && D != NULL && E != NULL ) + { + if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( D, N ) >= 0 || + mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* + * Step 4: Check that D, E are inverse modulo P-1 and Q-1 + */ + + if( P != NULL && Q != NULL && D != NULL && E != NULL ) + { + if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + + /* Compute DE-1 mod P-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + + /* Compute DE-1 mod Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + +cleanup: + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + /* Wrap MPI error codes by RSA check failure error code */ + if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) + { + ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } + + return( ret ); +} + +int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ) +{ + int ret = 0; + mbedtls_mpi K; + mbedtls_mpi_init( &K ); + + /* DP = D mod P-1 */ + if( DP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); + } + + /* DQ = D mod Q-1 */ + if( DQ != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); + } + + /* QP = Q^{-1} mod P */ + if( QP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); + } + +cleanup: + mbedtls_mpi_free( &K ); + + return( ret ); +} + +#endif /* MBEDTLS_RSA_C */ diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 9ee8ea1fe0..3f892f71ca 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/rsa.h" +#include "mbedtls/rsa_internal.h" #include "mbedtls/md2.h" #include "mbedtls/md4.h" #include "mbedtls/md5.h" From 8dd73e62d21dc47d8b520ab23795885ff3f1d4bc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 3 Oct 2017 15:58:26 +0300 Subject: [PATCH 0407/1059] Parse Signature Algorithm ext when renegotiating Signature algorithm extension was skipped when renegotiation was in progress, causing the signature algorithm not to be known when renegotiating, and failing the handshake. Fix removes the renegotiation step check before parsing the extension. --- ChangeLog | 3 +++ library/ssl_srv.c | 7 ++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b3d4d519af..c4e3998d04 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Parse signature algorithm extension when renegotiating. Previously, + renegotiated handshakes would only accept signatures using SHA-1 + regardless of the peer's preferences, or fail if SHA-1 was disabled. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce6..37f415dd12 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1694,11 +1694,8 @@ read_record_header: #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - break; -#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); + ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); if( ret != 0 ) return( ret ); From 88f5808c135485308fdaeebeafb18a7490a3585b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 5 Oct 2017 12:29:42 +0100 Subject: [PATCH 0408/1059] Renegotiation: Add tests for SigAlg ext parsing This commit adds regression tests for the bug when we didn't parse the Signature Algorithm extension when renegotiating. (By nature, this bug affected only the server) The tests check for the fallback hash (SHA1) in the server log to detect that the Signature Algorithm extension hasn't been parsed at least in one of the handshakes. A more direct way of testing is not possible with the current test framework, since the Signature Algorithm extension is parsed in the first handshake and any corresponding debug message is present in the logs. --- tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7fcca685b1..64f26a0cf0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1470,6 +1470,40 @@ run_test "Renegotiation: server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that +# the server did not parse the Signature Algorithm extension. This test is valid only if an MD +# algorithm stronger than SHA-1 is enabled in config.h +run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? + +# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that +# the server did not parse the Signature Algorithm extension. This test is valid only if an MD +# algorithm stronger than SHA-1 is enabled in config.h +run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" \ + -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? + run_test "Renegotiation: double" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ From 14a00c057845fc914440cc5b30638021ce9b3719 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 12:58:23 +0100 Subject: [PATCH 0409/1059] Add early detection of bad parameters in `mbedtls_deduce_primes` --- library/rsa_internal.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 879e2d5d7d..4d688e09d0 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -169,6 +169,11 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); } + + if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 ) + { + break; + } } ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; From 7643d4e30c887c5ce1ed46893e7423f8ac97c3e8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 15:53:02 +0100 Subject: [PATCH 0410/1059] Fix number of loop iterations in `mbedtls_deduce_primes` The number of loop iterations per candidate in `mbedtls_deduce_primes` was off by one. This commit corrects this and removes a toy non-example from the RSA test suite, as it seems difficult to have the function fail on small values of N even if D,E are corrupted. --- library/rsa_internal.c | 2 +- tests/suites/test_suite_rsa.data | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 4d688e09d0..292fc13209 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -148,7 +148,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, Q /* temporarily use Q for storing Montgomery * multiplication helper values */ ) ); - for( iter = 1; iter < order; ++iter ) + for( iter = 1; iter <= order; ++iter ) { MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 91aa1fd8c2..e7012b0772 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -418,9 +418,6 @@ mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842d RSA Deduce Moduli, toy example mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 -RSA Deduce Moduli, toy example, corrupted -mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - RSA Deduce Moduli mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 From 5d42b53e512029bd310d6bd909b27aed8f7a6132 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 15:58:00 +0100 Subject: [PATCH 0411/1059] Enhance documentation and performance of `mbedtls_rsa_deduce_primes` --- library/rsa_internal.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 292fc13209..3b54fdee7b 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -150,6 +150,11 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, for( iter = 1; iter <= order; ++iter ) { + /* If we reach 1 prematurely, there's no point + * in continuing to square K */ + if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 ) + break; + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); @@ -170,6 +175,13 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); } + /* + * If we get here, then either we prematurely aborted the loop because + * we reached 1, or K holds primes[attempt]^(DE - 1) mod N, which must + * be 1 if D,E,N were consistent. + * Check if that's the case and abort if not, to avoid very long, + * yet eventually failing, computations if N,D,E were not sane. + */ if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 ) { break; From b82a5b554c2c55d591296f60b6ff9438af212016 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 19:10:23 +0100 Subject: [PATCH 0412/1059] Fix typos and mixup related to RSA_NO_CRT --- library/rsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 83e2b2be3c..3913e61d97 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -176,7 +176,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); -#if !defined(MBEDTLS_NO_CRT) +#if defined(MBEDTLS_RSA_NO_CRT) /* For private key operations, use D or DP & DQ * as (unblinded) exponents. */ if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 ) @@ -193,7 +193,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) /* Blinding shouldn't make exponents negative either, * so check that P, Q >= 1 if that hasn't yet been * done as part of 1. */ -#if defined(MBEDTLS_NO_CRT) +#if defined(MBEDTLS_RSA_NO_CRT) if( is_priv && ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) @@ -204,7 +204,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) /* It wouldn't lead to an error if it wasn't satisfied, * but check for PQ >= 1 nonetheless. */ -#if !defined(MBEDTLS_NO_CRT) +#if !defined(MBEDTLS_RSA_NO_CRT) if( is_priv && mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) { From e167fe6a53eaded3a23d41f5b13cde3b6db043fb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 19:42:56 +0100 Subject: [PATCH 0413/1059] Correct pkparse test case to lead to failure for MBEDTLS_RSA_NO_CRT The test case parses an RSA private key with N=P=Q=D=E=1 and expects a failure from the PK layer. With the weakened semantics of `mbedtls_rsa_complete`, the latter won't throw an error on that key in case if MBEDTLS_RSA_NO_CRT is set. This commit modifies the test case to use N=2 which is rejected by `mbedtls_rsa_complete` regardless of whether MBEDTLS_RSA_NO_CRT is set or not. --- tests/suites/test_suite_pkparse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 9c0edbb512..473148cd1c 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -225,4 +225,4 @@ Key ASN1 (RSAPrivateKey, values present, length mismatch) pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, values present, check_privkey fails) -pk_parse_key_rsa:"301b020100020101020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +pk_parse_key_rsa:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT From efa14e8b0c126f688260b3e721344f8fa82ef858 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 19:45:19 +0100 Subject: [PATCH 0414/1059] Reduce number of MPI's used in `pk_parse_key_pkcs1_der` As the optional RSA parameters DP, DQ and QP are effectively discarded (they are only considered for their length to ensure that the key fills the entire buffer), it is not necessary to read them into separate MPI's. --- library/pkparse.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 57f966fe05..805d5a358b 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -661,11 +661,8 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, size_t len; unsigned char *p, *end; - mbedtls_mpi DP, DQ, QP; - - mbedtls_mpi_init( &DP ); - mbedtls_mpi_init( &DQ ); - mbedtls_mpi_init( &QP ); + mbedtls_mpi T; + mbedtls_mpi_init( &T ); p = (unsigned char *) key; end = p + keylen; @@ -749,9 +746,9 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, goto cleanup; /* Check optional parameters */ - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &DP ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 ) + if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ) goto cleanup; if( p != end ) @@ -762,12 +759,11 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, cleanup: - mbedtls_mpi_free( &DP ); - mbedtls_mpi_free( &DQ ); - mbedtls_mpi_free( &QP ); + mbedtls_mpi_free( &T ); if( ret != 0 ) { + /* Wrap error code if it's coming from a lower level */ if( ( ret & 0xff80 ) == 0 ) ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; else From 6ea44fabc543867aa76cf9901a0a2aa09ed68561 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 07:46:10 +0100 Subject: [PATCH 0415/1059] Adapt ChangeLog: API extended by `net_poll` and `check_pending` --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..50fefacb07 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +API changes + * Add function mbedtls_net_poll to public API allowing to wait for a + network context to become ready for reading or writing. + * Add function mbedtls_ssl_check_pending to public API allowing to check + if more data is pending to be processed in the internal message buffers. + This function is necessary to determine when it is safe to idle on the + underlying transport in case event-driven IO is used. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From c53826b459b174bc6be4d6a9f52fc8f528c1494f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 07:46:41 +0100 Subject: [PATCH 0416/1059] Adapt ChangeLog: Usage restriction for WANT_READ --- ChangeLog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index 50fefacb07..6b0fe3ba5e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,15 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Bugfix + * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations + where data needs to be fetched from the underlying transport in order + to make progress. Previously, this error code was also occasionally + returned when unexpected messages were being discarded, ignoring that + further messages could potentially already be pending to be processed + in the internal buffers; these cases lead to deadlocks in case + event-driven I/O was used. Found by Hubert Mis. + API changes * Add function mbedtls_net_poll to public API allowing to wait for a network context to become ready for reading or writing. From dfd15b344477481431208a0046a60a0957cf6d6c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 09:14:09 +0100 Subject: [PATCH 0417/1059] Add toy example triggering early abort in `mbedtls_rsa_deduce_primes` --- tests/suites/test_suite_rsa.data | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index e7012b0772..33d6a731bf 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -415,8 +415,11 @@ mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842d RSA Deduce Private, corrupted mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -RSA Deduce Moduli, toy example -mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 +RSA Deduce Primes, toy example +mbedtls_rsa_deduce_primes:10:"35":10:"5":10:"5":10:"5":10:"7":0:0 + +RSA Deduce Primes, toy example, corrupted +mbedtls_rsa_deduce_primes:10:"35":10:"5":10:"5":10:"5":10:"7":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Deduce Moduli mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 From 08f055eb4fc3541e7d8dca8710dd10d0efd2eb0d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 10:53:58 +0100 Subject: [PATCH 0418/1059] Don't remove CRT parameters from RSA context for ABI compatibility Albeit possible without conflicts now, this has to wait for the next ABI changing releaese. --- include/mbedtls/rsa.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index eab8e0dfee..c0a3a8e43c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -97,18 +97,18 @@ typedef struct mbedtls_mpi P; /*!< 1st prime factor */ mbedtls_mpi Q; /*!< 2nd prime factor */ -#if !defined(MBEDTLS_RSA_NO_CRT) + /* DP,DQ,QP are not used in NO_CRT but temporarily kept for ABI + * compatibility. Will be removed on next ABI changing release. */ mbedtls_mpi DP; /*!< D % (P - 1) */ mbedtls_mpi DQ; /*!< D % (Q - 1) */ mbedtls_mpi QP; /*!< 1 / (Q % P) */ -#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi RN; /*!< cached R^2 mod N */ -#if !defined(MBEDTLS_RSA_NO_CRT) + /* RP, RQ are not used in NO_CRT but temporarily kept for ABI + * compatibility. Will be removed on next ABI changing release. */ mbedtls_mpi RP; /*!< cached R^2 mod P */ mbedtls_mpi RQ; /*!< cached R^2 mod Q */ -#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi Vi; /*!< cached blinding value */ mbedtls_mpi Vf; /*!< cached un-blinding value */ From ebd2c024dc90527b9fd019b9f096b2e1283fd5f7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 10:54:53 +0100 Subject: [PATCH 0419/1059] Don't require P,Q in `rsa_private` if neither CRT nor blinding used --- library/rsa.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 3913e61d97..5366abc22f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -137,8 +137,15 @@ cleanup: * that the RSA primitives will be able to execute without error. * It does *not* make guarantees for consistency of the parameters. */ -static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) +static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, + int blinding_needed ) { +#if !defined(MBEDTLS_RSA_NO_CRT) + /* blinding_needed is only used for NO_CRT to decide whether + * P,Q need to be present or not. */ + ((void) blinding_needed); +#endif + if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -194,7 +201,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) * so check that P, Q >= 1 if that hasn't yet been * done as part of 1. */ #if defined(MBEDTLS_RSA_NO_CRT) - if( is_priv && + if( is_priv && blinding_needed && ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) { @@ -303,7 +310,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) * Step 3: Basic sanity checks */ - return( rsa_check_context( ctx, is_priv ) ); + return( rsa_check_context( ctx, is_priv, 1 ) ); } int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, @@ -563,7 +570,7 @@ cleanup: */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { - if( rsa_check_context( ctx, 0 /* public */ ) != 0 ) + if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); if( mbedtls_mpi_bitlen( &ctx->N ) < 128 || @@ -588,7 +595,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { if( mbedtls_rsa_check_pubkey( ctx ) != 0 || - rsa_check_context( ctx, 1 /* private */ ) != 0 ) + rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } @@ -642,7 +649,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, size_t olen; mbedtls_mpi T; - if( rsa_check_context( ctx, 0 /* public */ ) ) + if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); mbedtls_mpi_init( &T ); @@ -761,8 +768,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi *DQ = &ctx->DQ; #endif - if( rsa_check_context( ctx, 1 /* private */ ) != 0 ) + if( rsa_check_context( ctx, 1 /* private key checks */, + f_rng != NULL /* blinding y/n */ ) != 0 ) + { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); From d22b78bf128cee65c2d78ffb2376327ca416a69f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 11:42:17 +0100 Subject: [PATCH 0420/1059] Switch to old model for alternative implementations --- include/mbedtls/rsa.h | 27 ++++++++++++++++----------- include/mbedtls/rsa_internal.h | 5 ----- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index c0a3a8e43c..55209b0dce 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -68,14 +68,15 @@ * The above constants may be used even if the RSA module is compile out, * eg for alternative (PKCS#11) RSA implemenations in the PK layers. */ -#if defined(MBEDTLS_RSA_C) + +#if !defined(MBEDTLS_RSA_ALT) +// Regular implementation +// #ifdef __cplusplus extern "C" { #endif -#if !defined(MBEDTLS_RSA_ALT) - /** * \brief RSA context structure * @@ -125,12 +126,6 @@ typedef struct } mbedtls_rsa_context; -#else - -#include "rsa_alt.h" - -#endif /* MBEDTLS_RSA_ALT */ - /** * \brief Initialize an RSA context * @@ -928,6 +923,18 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); +#ifdef __cplusplus +} +#endif + +#else /* MBEDTLS_RSA_ALT */ +#include "rsa_alt.h" +#endif /* MBEDTLS_RSA_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Checkup routine * @@ -939,6 +946,4 @@ int mbedtls_rsa_self_test( int verbose ); } #endif -#endif /* MBEDTLS_RSA_C */ - #endif /* rsa.h */ diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index 235347046e..080f09f7a6 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -58,8 +58,6 @@ #include "bignum.h" -#if defined(MBEDTLS_RSA_C) - #ifdef __cplusplus extern "C" { #endif @@ -213,7 +211,4 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *DP, const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); - -#endif /* MBEDTLS_RSA_C */ - #endif /* rsa_internal.h */ From 3226d36d6170c36ef966b46779bcb53ca45d5182 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Oct 2017 14:17:48 +0300 Subject: [PATCH 0421/1059] Fix typo in configuration Change duplicate of MBEDTLS_ECDH_GEN_PUBLIC_ALT to MBEDTLS_ECDH_COMPUTE_SHARED_ALT --- include/mbedtls/config.h | 2 +- library/version_features.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a151f77cc9..a6003b7d15 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -295,7 +295,7 @@ //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT //#define MBEDTLS_ECDH_GEN_PUBLIC_ALT -//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT /** * \def MBEDTLS_ECP_INTERNAL_ALT diff --git a/library/version_features.c b/library/version_features.c index 802832ce93..d7acae39f3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -165,9 +165,9 @@ static const char *features[] = { #if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) "MBEDTLS_ECDH_GEN_PUBLIC_ALT", #endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ -#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) - "MBEDTLS_ECDH_GEN_PUBLIC_ALT", -#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) + "MBEDTLS_ECDH_COMPUTE_SHARED_ALT", +#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ #if defined(MBEDTLS_ECP_INTERNAL_ALT) "MBEDTLS_ECP_INTERNAL_ALT", #endif /* MBEDTLS_ECP_INTERNAL_ALT */ From f5dce36a2440aaf1d2ecbac7323b5cc93f0311d4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 13:45:10 +0100 Subject: [PATCH 0422/1059] Don't claim ECDH parameters are nothing-up-my-sleeve numbers --- include/mbedtls/dhm.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 479aef8416..05a710903a 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -43,10 +43,7 @@ * primes systematically is not always an option. If possible, use * Elliptic Curve Diffie-Hellman (ECDH), which has better performance, * and for which the TLS protocol mandates the use of standard - * parameters that were generated in a nothing-up-my-sleeve manner. - * We therefore consider DHE a security risk. If possible, it is - * recommended users should consider preferring other methods of - * key exchange. + * parameters. * */ #ifndef MBEDTLS_DHM_H From 854244abbf0f1f465cfa65607a6214f1509cf617 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 16:26:37 +0100 Subject: [PATCH 0423/1059] Adapt ChangeLog --- ChangeLog | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ChangeLog b/ChangeLog index e8d1da5c98..c65e5c5cc0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,23 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Enhancement + * Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In + particular, don't require P,Q if neither CRT nor blinding are + used. Reported and fix proposed independently by satur9nine and sliai + on GitHub. + +API Changes + * Extend RSA interface by multiple functions allowing structure- + independent setup and export of RSA contexts. Most notably, + mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting + up RSA contexts from partial key material and having them completed to the + needs of the implementation automatically. This allows to setup RSA + contexts from keys consisting of N,D,E only, even if P,Q are needed for the + purpose or CRT and/or blinding. + += mbed TLS x.x.x branch released xxxx-xx-xx + Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From 106637fc2d654ef2032f78746be0291affb66b84 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 21 Nov 2016 15:38:02 +0000 Subject: [PATCH 0424/1059] Correctly handle leap year in x509_date_is_valid() This patch ensures that invalid dates on leap years with 100 or 400 years intervals are handled correctly. --- ChangeLog | 3 +++ library/x509.c | 14 ++++++++++---- tests/suites/test_suite_x509parse.data | 15 +++++++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c4e3998d04..e7abd5ce60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ Bugfix * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix leap year calculation in x509_date_is_valid() to ensure that invalid + dates on leap years with 100 and 400 intervals are handled correctly. Found + by Nicholas Wilson. #694 = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/x509.c b/library/x509.c index e94a8a329f..371d6da1dc 100644 --- a/library/x509.c +++ b/library/x509.c @@ -496,9 +496,10 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res ) return( 0 ); } -static int x509_date_is_valid(const mbedtls_x509_time *t) +static int x509_date_is_valid(const mbedtls_x509_time *t ) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; + int month_len; CHECK_RANGE( 0, 9999, t->year ); CHECK_RANGE( 0, 23, t->hour ); @@ -508,17 +509,22 @@ static int x509_date_is_valid(const mbedtls_x509_time *t) switch( t->mon ) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: - CHECK_RANGE( 1, 31, t->day ); + month_len = 31; break; case 4: case 6: case 9: case 11: - CHECK_RANGE( 1, 30, t->day ); + month_len = 30; break; case 2: - CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day ); + if( ( !( t->year % 4 ) && t->year % 100 ) || + !( t->year % 400 ) ) + month_len = 29; + else + month_len = 28; break; default: return( ret ); } + CHECK_RANGE( 1, month_len, t->day ); return( 0 ); } diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b8c902e239..a49137bb76 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1670,3 +1670,18 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 +X509 Get time (Generalized Time invalid leap year multiple of 4 and 100) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (Generalized Time year multiple of 4 and not multiple of 100) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 + +X509 Get time (Generalized Time year multiple of 400) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 + +X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 From 47e7b56fb6c06ca3c30b44f9a0c324f1e43c5900 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 6 Oct 2017 17:05:24 +0100 Subject: [PATCH 0425/1059] Improve leap year test names in x509parse.data --- tests/suites/test_suite_x509parse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a49137bb76..d4cc11a08f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1670,15 +1670,15 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 Get time (Generalized Time invalid leap year multiple of 4 and 100) +X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 Get time (Generalized Time year multiple of 4 and not multiple of 100) +X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 -X509 Get time (Generalized Time year multiple of 400) +X509 Get time (Generalized Time, year multiple of 400 is a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 From 77f1b109ec205a6f5866169cc3523da57c21815e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:24:44 +0100 Subject: [PATCH 0426/1059] Fix typo in asn1.h --- include/mbedtls/asn1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 082832c87f..e159e57ea0 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -59,7 +59,7 @@ /** * \name DER constants - * These constants comply with DER encoded the ANS1 type tags. + * These constants comply with the DER encoded ASN.1 type tags. * DER encoding uses hexadecimal representation. * An example DER sequence is:\n * - 0x02 -- tag indicating INTEGER From 4552bf75582d375dee3baee498f9b79c9e5a3774 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 15:45:12 +0200 Subject: [PATCH 0427/1059] Allow comments in test data files --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a89f2a4677..b932145f75 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx Features * Allow comments in test data files. From bd9d42c236df565f9439aeffef4b2f2f87a29516 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 14:04:40 +0100 Subject: [PATCH 0428/1059] Fix typo and bracketing in macro args --- library/net_sockets.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a4..31c42db05a 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -63,8 +63,8 @@ #endif #endif /* _MSC_VER */ -#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0) -#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0) +#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) +#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) #define close(fd) closesocket(fd) static int wsa_init_done = 0; @@ -85,7 +85,7 @@ static int wsa_init_done = 0; #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* Some MS functions want int and MSVC warns if we pass size_t, - * but the standard fucntions use socklen_t, so cast only for MSVC */ + * but the standard functions use socklen_t, so cast only for MSVC */ #if defined(_MSC_VER) #define MSVC_INT_CAST (int) #else From f0f55ccb7226e2930d70b56e63269f9b07f81e94 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:51:24 +0200 Subject: [PATCH 0429/1059] Fixed "config.pl get" for options with no value Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed for config.h lines with a comment at the end, but that broke the case of macros with an empty expansion. Support all cases. --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 406413bd52..4cf4ac8b8c 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -205,7 +205,7 @@ for my $line (@config_lines) { $done = 1; } } elsif (!$done && $action eq "get") { - if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) { + if ($line =~ /^\s*#define\s*$name(?:\s+(.*?))\s*(?:$|\/\*|\/\/)/) { $value = $1; $done = 1; } From 01f57e351c2c229377994b0b583d53e73eee0957 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:54:28 +0200 Subject: [PATCH 0430/1059] config.pl get: don't rewrite config.h; detect write errors scripts/config.pl would always rewrite config.h if it was reading it. This commit changes it to not modify the file when only reading is required, i.e. for the get command. Also, die if writing config.h fails (e.g. disk full). --- scripts/config.pl | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 4cf4ac8b8c..9fc6062786 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -175,7 +175,10 @@ if ($action eq "realfull") { $no_exclude_re = join '|', @non_excluded; } -open my $config_write, '>', $config_file or die "write $config_file: $!\n"; +my $config_write = undef; +if ($action ne "get") { + open $config_write, '>', $config_file or die "write $config_file: $!\n"; +} my $done; for my $line (@config_lines) { @@ -211,7 +214,9 @@ for my $line (@config_lines) { } } - print $config_write $line; + if (defined $config_write) { + print $config_write $line or die "write $config_file: $!\n";; + } } # Did the set command work? @@ -223,10 +228,12 @@ if ($action eq "set"&& $force_option && !$done) { $line .= "\n"; $done = 1; - print $config_write $line; + print $config_write $line or die "write $config_file: $!\n"; } -close $config_write; +if (defined $config_write) { + close $config_write or die "close $config_file: $!\n"; +} if ($action eq "get") { if($done) { From d98e9e85771435ff1a45de76e147f0350b695bbe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:56:18 +0200 Subject: [PATCH 0431/1059] config.pl get: be better behaved When printing an option's value, print a newline at the end. When the requested option is missing, fail with status 1 (the usual convention for "not found") rather than -1 (which has a system-dependent effect). --- scripts/config.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 9fc6062786..b99140a370 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -56,7 +56,7 @@ Commands unset - Comments out the #define for the given symbol if present in the configuration file. get - Finds the #define for the given symbol, returning - an exitcode of 0 if the symbol is found, and -1 if + an exitcode of 0 if the symbol is found, and 1 if not. The value of the symbol is output if one is specified in the configuration file. full - Uncomments all #define's in the configuration file @@ -220,7 +220,7 @@ for my $line (@config_lines) { } # Did the set command work? -if ($action eq "set"&& $force_option && !$done) { +if ($action eq "set" && $force_option && !$done) { # If the force option was set, append the symbol to the end of the file my $line = "#define $name"; @@ -236,14 +236,14 @@ if (defined $config_write) { } if ($action eq "get") { - if($done) { + if ($done) { if ($value ne '') { - print $value; + print "$value\n"; } exit 0; } else { # If the symbol was not found, return an error - exit -1; + exit 1; } } From 8ca0e8fdff8c946f27d65c73e9751b414fc7bf95 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 11:26:45 +0200 Subject: [PATCH 0432/1059] Minor style fix --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index b99140a370..5a06a33381 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -215,7 +215,7 @@ for my $line (@config_lines) { } if (defined $config_write) { - print $config_write $line or die "write $config_file: $!\n";; + print $config_write $line or die "write $config_file: $!\n"; } } From 73a381772b3290487c9d010dce0a6c8dc13f66b7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 3 Oct 2017 15:58:26 +0300 Subject: [PATCH 0433/1059] Parse Signature Algorithm ext when renegotiating Signature algorithm extension was skipped when renegotiation was in progress, causing the signature algorithm not to be known when renegotiating, and failing the handshake. Fix removes the renegotiation step check before parsing the extension. --- ChangeLog | 3 +++ library/ssl_srv.c | 7 ++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b932145f75..7a81383f9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Parse signature algorithm extension when renegotiating. Previously, + renegotiated handshakes would only accept signatures using SHA-1 + regardless of the peer's preferences, or fail if SHA-1 was disabled. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce6..37f415dd12 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1694,11 +1694,8 @@ read_record_header: #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - break; -#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); + ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); if( ret != 0 ) return( ret ); From b0f148c0ab742acd45b16996b3605eb1a29e07ee Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 5 Oct 2017 12:29:42 +0100 Subject: [PATCH 0434/1059] Renegotiation: Add tests for SigAlg ext parsing This commit adds regression tests for the bug when we didn't parse the Signature Algorithm extension when renegotiating. (By nature, this bug affected only the server) The tests check for the fallback hash (SHA1) in the server log to detect that the Signature Algorithm extension hasn't been parsed at least in one of the handshakes. A more direct way of testing is not possible with the current test framework, since the Signature Algorithm extension is parsed in the first handshake and any corresponding debug message is present in the logs. --- tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7fcca685b1..64f26a0cf0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1470,6 +1470,40 @@ run_test "Renegotiation: server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that +# the server did not parse the Signature Algorithm extension. This test is valid only if an MD +# algorithm stronger than SHA-1 is enabled in config.h +run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? + +# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that +# the server did not parse the Signature Algorithm extension. This test is valid only if an MD +# algorithm stronger than SHA-1 is enabled in config.h +run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" \ + -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? + run_test "Renegotiation: double" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ From 735b37eeef5f300d458ebe60381e979c8aa2a5ae Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 21 Nov 2016 15:38:02 +0000 Subject: [PATCH 0435/1059] Correctly handle leap year in x509_date_is_valid() This patch ensures that invalid dates on leap years with 100 or 400 years intervals are handled correctly. --- ChangeLog | 3 +++ library/x509.c | 14 ++++++++++---- tests/suites/test_suite_x509parse.data | 15 +++++++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7a81383f9f..ded60d39f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ Bugfix * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix leap year calculation in x509_date_is_valid() to ensure that invalid + dates on leap years with 100 and 400 intervals are handled correctly. Found + by Nicholas Wilson. #694 = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/x509.c b/library/x509.c index e94a8a329f..371d6da1dc 100644 --- a/library/x509.c +++ b/library/x509.c @@ -496,9 +496,10 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res ) return( 0 ); } -static int x509_date_is_valid(const mbedtls_x509_time *t) +static int x509_date_is_valid(const mbedtls_x509_time *t ) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; + int month_len; CHECK_RANGE( 0, 9999, t->year ); CHECK_RANGE( 0, 23, t->hour ); @@ -508,17 +509,22 @@ static int x509_date_is_valid(const mbedtls_x509_time *t) switch( t->mon ) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: - CHECK_RANGE( 1, 31, t->day ); + month_len = 31; break; case 4: case 6: case 9: case 11: - CHECK_RANGE( 1, 30, t->day ); + month_len = 30; break; case 2: - CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day ); + if( ( !( t->year % 4 ) && t->year % 100 ) || + !( t->year % 400 ) ) + month_len = 29; + else + month_len = 28; break; default: return( ret ); } + CHECK_RANGE( 1, month_len, t->day ); return( 0 ); } diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b8c902e239..a49137bb76 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1670,3 +1670,18 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 +X509 Get time (Generalized Time invalid leap year multiple of 4 and 100) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (Generalized Time year multiple of 4 and not multiple of 100) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 + +X509 Get time (Generalized Time year multiple of 400) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 + +X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 From 60100d09ee03ddf2c4e65ebf79cc4df9716d8bfe Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 6 Oct 2017 17:05:24 +0100 Subject: [PATCH 0436/1059] Improve leap year test names in x509parse.data --- tests/suites/test_suite_x509parse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a49137bb76..d4cc11a08f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1670,15 +1670,15 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 Get time (Generalized Time invalid leap year multiple of 4 and 100) +X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 Get time (Generalized Time year multiple of 4 and not multiple of 100) +X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 -X509 Get time (Generalized Time year multiple of 400) +X509 Get time (Generalized Time, year multiple of 400 is a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 From 9fb02057a53f86060a0d0843b4214156d7a07dd4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:24:44 +0100 Subject: [PATCH 0437/1059] Fix typo in asn1.h --- include/mbedtls/asn1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 082832c87f..e159e57ea0 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -59,7 +59,7 @@ /** * \name DER constants - * These constants comply with DER encoded the ANS1 type tags. + * These constants comply with the DER encoded ASN.1 type tags. * DER encoding uses hexadecimal representation. * An example DER sequence is:\n * - 0x02 -- tag indicating INTEGER From 085c10afdba433ace0bcebf73ebd7277822c9d5e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 15:45:12 +0200 Subject: [PATCH 0438/1059] Allow comments in test data files --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ded60d39f3..303190ea05 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Allow comments in test data files. + Features * Allow comments in test data files. From 6f63db7ed5cd3ae664273540b0a7d7b6119641b7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 2 Oct 2017 19:12:54 +0100 Subject: [PATCH 0439/1059] Fix changelog for ssl_server2.c usage fix --- ChangeLog | 3 --- 1 file changed, 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 303190ea05..ded60d39f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,9 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Features - * Allow comments in test data files. - Features * Allow comments in test data files. From 0cd5b94dba7548c3b40efc0681f377744b424f59 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 13 Oct 2017 17:17:28 +0100 Subject: [PATCH 0440/1059] Adapt ChangeLog --- ChangeLog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ChangeLog b/ChangeLog index e199682eab..62a705d4fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,21 @@ Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. +Security + * Change default choice of DHE parameters from untrustworthy RFC 5114 + to RFC 3526 containing parameters generated in a nothing-up-my-sleeve + manner. + +New deprecations + * Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by + parameters from RFC 3526 or the newly added parameters from RFC 7919. + * Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc. + Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN + etc. + * Deprecate mbedtls_ssl_conf_dh_param for setting default DHE parameters + from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin + accepting DHM parameters in binary form, matching the new constants. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From da44de60b125b2c9dc8d7b08b7bd7b67935c476f Mon Sep 17 00:00:00 2001 From: Kevin Luty Date: Fri, 13 Oct 2017 13:18:28 -0500 Subject: [PATCH 0441/1059] Fix for returning correct error code --- programs/pkey/pk_sign.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index daf08a9055..5cc190eee9 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -100,7 +100,6 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { - ret = 1; mbedtls_printf( " failed\n ! Could not open '%s'\n", argv[1] ); goto exit; } @@ -134,7 +133,6 @@ int main( int argc, char *argv[] ) if( ( f = fopen( filename, "wb+" ) ) == NULL ) { - ret = 1; mbedtls_printf( " failed\n ! Could not create %s\n\n", filename ); goto exit; } From b00651828943a505315e5ca1de0cdd6c96e449ce Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 16 Oct 2017 12:40:27 +0300 Subject: [PATCH 0442/1059] Resolve PR review comments 1) use `pk_get_rsapubkey` instead of reimplementing the parsing 2) rename the key files, according to their type and key size 3) comment in the data_files/Makefile hoe the keys were generated 4) Fix issue of failure parsing pkcs#1 DER format parsing, missed in previous commit --- library/pkparse.c | 62 ++++++++---------- tests/data_files/Makefile | 6 ++ tests/data_files/public_rsa_key.der | Bin 294 -> 0 bytes tests/data_files/public_rsa_key.pem | 8 --- tests/data_files/rsa_pkcs1_2048_public.der | Bin 0 -> 270 bytes tests/data_files/rsa_pkcs1_2048_public.pem | 8 +++ ..._gen_der.pub => rsa_pkcs8_1024_public.der} | Bin tests/suites/test_suite_pkparse.data | 6 +- 8 files changed, 43 insertions(+), 47 deletions(-) delete mode 100644 tests/data_files/public_rsa_key.der delete mode 100644 tests/data_files/public_rsa_key.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_public.der create mode 100644 tests/data_files/rsa_pkcs1_2048_public.pem rename tests/data_files/{format_gen_der.pub => rsa_pkcs8_1024_public.der} (100%) diff --git a/library/pkparse.c b/library/pkparse.c index 1d573a4005..9c84e36e82 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -649,14 +649,6 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, p = (unsigned char *) key; end = p + keylen; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - end = p + len; - if( mode == 0 ) { /* @@ -675,6 +667,14 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + { + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + end = p + len; + if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); @@ -715,36 +715,11 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, } else /* public key*/ { - /* - * This function parses the RSAPublicKey (PKCS#1) - * - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ) + if( ( ret = pk_get_rsapubkey( &p, end, rsa ) ) != 0 ) { mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( ret ); } - - rsa->len = mbedtls_mpi_size( &rsa->N ); - - if( p != end ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } - - if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( ret ); - } - } return( 0 ); } @@ -1287,6 +1262,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, #if defined(MBEDTLS_PEM_PARSE_C) size_t len; mbedtls_pem_context pem; + const mbedtls_pk_info_t *pk_info; mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) @@ -1301,7 +1277,6 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, if( ret == 0 ) { - const mbedtls_pk_info_t *pk_info; if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); @@ -1319,6 +1294,21 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, mbedtls_pem_free( &pem ); return( ret ); } + + if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) + return( ret ); + + ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ), + key, keylen, 1 ); + if ( ret == 0 ) + { + mbedtls_pem_free( &pem ); + return( ret ); + } + mbedtls_pk_free( ctx ); #endif /* MBEDTLS_RSA_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f7826d4359..bfcdc684a1 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -64,7 +64,13 @@ server2-sha256.crt: server2-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ all_final += server2-sha256.crt +rsa_pkcs1_2048_public.pem: server8.key + $(OPENSSL) rsa -in server8.key -outform PEM -RSAPublicKey_out -out $@ +all_final += rsa_pkcs8_2048_public.pem +rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem + $(OPENSSL) -RSAPublicKey_in -in rsa_pkcs1_2048_public.pem -outform DER -RSAPublicKey_out -out $@ +all_final += rsa_pkcs8_2048_public.der ################################################################ #### Meta targets diff --git a/tests/data_files/public_rsa_key.der b/tests/data_files/public_rsa_key.der deleted file mode 100644 index 376b79a442857eea9410120b18090d443073f906..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 294 zcmV+>0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>l*+EQ+)gnMp6SCRo zNgj~*v=fEN&(1&-bb~o94M#At+spgeT+|;r0~RDR}=#Z?|>tl{KOuq z>sU7xJQQ^`1*|*ikdk}dMm(;uNzxXg`zx^Uik|N(Ko$l~U(Q2@Ix6)`_H z4r0-653FbEfi~qV5^|-3=PnS;9nqV+w%-szaJv4@z8_XFP8lt4Aya3@KH3d}QwP>g z+Ap~=M{_xH$7t{buyk$sPyTmYVyjBY>+C}}= sh~fl+Z=x`3(ddI(RC1@qPWg|s^SIUde}r`kF~wPuo<~GxEV?g z@m+L)XGVtx-dleL1HHkGUI!J_TlC!J&pr9U5iG81xr)6VXJ!}bPQBX|nu3Sq@OZ^HpQ)K&<1_5c>I=1DUhzqOKcg+`0SwGSns%GS&^Obu7Xe`b7Fm8A7sFHi(Q?a7 zU=`YZ;_9tX?~dY&)M|HC)^OQtyYcQh1URF;;?dw{YvPz(f!sWL%K7u0_tq#ICwP3r(A8t7fi#J&C2GC$>h1bh{N*&p!4GjQ(g+Y6twcfK U{&}EdlZvrj>9Fo^0s{d60Wn65O8@`> literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_2048_public.pem b/tests/data_files/rsa_pkcs1_2048_public.pem new file mode 100644 index 0000000000..9040cb04d4 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_public.pem @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA2xx/LgvNv87RdRCgorjOfariBeB62ERjj7W9wLAZuTe4GUoO8V10 +gGdGhwbeW38GA73BjV4HFdRb9Nzlzz35wREsrmq5ir0dZ2YX6k692xWagofk8HjD +o4WHsP2fqZlf4zPszOoLtWFe8Ul+P6Mt6gEMzEKadpvE0DfTsRcBYQEWWX4cF8NT +/dFyy0xgFdp94uqtUO+O4ovUandV1nDZa7vx7jkEOKO94tHgZmvinEeZ6Sjmtvwu +ymdDhOjVg9admGsBPoHcPHrK+fOc99YoGyd4fMPQ1WOngTSJrSVqvfLq7fpX/OU0 +xsEPcS3SCBAbrURB4P55oGOTirFd6bDubwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/tests/data_files/format_gen_der.pub b/tests/data_files/rsa_pkcs8_1024_public.der similarity index 100% rename from tests/data_files/format_gen_der.pub rename to tests/data_files/rsa_pkcs8_1024_public.der diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index f34fc3c83b..b0464e5d29 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -108,15 +108,15 @@ pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0 Parse Public RSA Key #1 (PKCS#8 wrapped, DER) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C -pk_parse_public_keyfile_rsa:"data_files/format_gen_der.pub":0 +pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_1024_public.der":0 Parse Public RSA Key #3 (PKCS#1 wrapped) depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C -pk_parse_public_keyfile_rsa:"data_files/public_rsa_key.pem":0 +pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.pem":0 Parse Public RSA Key #4 (PKCS#1 wrapped, DER) depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C -pk_parse_public_keyfile_rsa:"data_files/public_rsa_key.der":0 +pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0 Parse Public EC Key #1 (RFC 5480, DER) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED From 84df1aeeaf4c212e60ec72998068262e3789adbc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 16 Oct 2017 17:11:52 +0300 Subject: [PATCH 0443/1059] use internal pk_get_rsapubkey function 1) use `pk_get_rsapubkey` function instead of `pk_parse_key_pkcs1_der` 2) revert changes in `pk_parse_key_pkcs1_der` --- library/pkparse.c | 128 +++++++++++++++++++++------------------------- 1 file changed, 59 insertions(+), 69 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 9c84e36e82..6e527530bf 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -637,11 +637,11 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_RSA_C) /* - * Parse a PKCS#1 encoded private( mode 0 )/public( mode 1 ) RSA key + * Parse a PKCS#1 encoded private RSA key */ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, const unsigned char *key, - size_t keylen , int mode) + size_t keylen ) { int ret; size_t len; @@ -649,8 +649,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, p = (unsigned char *) key; end = p + keylen; - if( mode == 0 ) - { + /* * This function parses the RSAPrivateKey (PKCS#1) * @@ -667,60 +666,52 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - end = p + len; - - if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - if( rsa->ver != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); - } - - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } - - rsa->len = mbedtls_mpi_size( &rsa->N ); - - if( p != end ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } - - if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( ret ); - } - } - else /* public key*/ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { - if( ( ret = pk_get_rsapubkey( &p, end, rsa ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( ret ); - } + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); } + + end = p + len; + + if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) + { + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + if( rsa->ver != 0 ) + { + return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); + } + + if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) + { + mbedtls_rsa_free( rsa ); + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + rsa->len = mbedtls_mpi_size( &rsa->N ); + + if( p != end ) + { + mbedtls_rsa_free( rsa ); + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + + if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) + { + mbedtls_rsa_free( rsa ); + return( ret ); + } + return( 0 ); } #endif /* MBEDTLS_RSA_C */ @@ -916,7 +907,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA ) { - if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len, 0 ) ) != 0 ) + if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) { mbedtls_pk_free( pk ); return( ret ); @@ -1095,7 +1086,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), - pem.buf, pem.buflen, 0 ) ) != 0 ) + pem.buf, pem.buflen ) ) != 0 ) { mbedtls_pk_free( pk ); } @@ -1227,7 +1218,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen, 0 ) ) == 0 ) + ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) { return( 0 ); } @@ -1263,7 +1254,6 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, size_t len; mbedtls_pem_context pem; const mbedtls_pk_info_t *pk_info; - mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ @@ -1277,15 +1267,15 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, if( ret == 0 ) { - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + p = pem.buf; + if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) - return( ret ); + if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) + return( ret ); - if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ), - pem.buf, pem.buflen, 1 ) ) != 0 ) - mbedtls_pk_free( ctx ); + if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 ) + mbedtls_pk_free( ctx ); mbedtls_pem_free( &pem ); return( ret ); } @@ -1301,8 +1291,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) return( ret ); - ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *ctx ), - key, keylen, 1 ); + p = (unsigned char *) key; + ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); if ( ret == 0 ) { mbedtls_pem_free( &pem ); From 40b14a894bafeff2df30d669a810ec90b86cd37f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 16 Oct 2017 19:30:00 +0300 Subject: [PATCH 0444/1059] change order of parsing public key First parse PEM, and if fails, parse DER. Use some convention as in parsing the private key (`mbedtls_pk_parse_key`) --- library/pkparse.c | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 6e527530bf..7c9983f5c3 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1284,21 +1284,6 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, mbedtls_pem_free( &pem ); return( ret ); } - - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - - if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) - return( ret ); - - p = (unsigned char *) key; - ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); - if ( ret == 0 ) - { - mbedtls_pem_free( &pem ); - return( ret ); - } - mbedtls_pk_free( ctx ); #endif /* MBEDTLS_RSA_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ @@ -1315,8 +1300,11 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, /* * Was PEM encoded */ - key = pem.buf; - keylen = pem.buflen; + p = pem.buf; + + ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx ); + mbedtls_pem_free( &pem ); + return( ret ); } else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) { @@ -1324,14 +1312,31 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, return( ret ); } #endif /* MBEDTLS_PEM_PARSE_C */ + +#if defined(MBEDTLS_RSA_C) + if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) + return( ret ); + + p = (unsigned char *) key; + ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); + if ( ret == 0 ) + { + mbedtls_pem_free( &pem ); + return( ret ); + } + mbedtls_pk_free( ctx ); + if ( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) + { + return ( ret ); + } +#endif /* MBEDTLS_RSA_C */ p = (unsigned char *) key; ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx ); -#if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_free( &pem ); -#endif - return( ret ); } From 5472d43ffbc05a142d18100770322095fb6138b4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 17 Oct 2017 09:49:00 +0300 Subject: [PATCH 0445/1059] Fix issues when `MBEDTLS_PEM_PARSE_C` not defined 1) Fix compilatoin issues when `MBEDTLS_PEM_PARSE_C` not defined 2) remove dependency for `MBEDTLS_PEM_PARSE_C` in DER tests --- library/pkparse.c | 6 ++++-- tests/suites/test_suite_pkparse.data | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 7c9983f5c3..75f1620b00 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1250,10 +1250,12 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, { int ret; unsigned char *p; +#if defined(MBEDTLS_RSA_C) + const mbedtls_pk_info_t *pk_info; +#endif #if defined(MBEDTLS_PEM_PARSE_C) size_t len; mbedtls_pem_context pem; - const mbedtls_pk_info_t *pk_info; mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ @@ -1311,6 +1313,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, mbedtls_pem_free( &pem ); return( ret ); } + mbedtls_pem_free( &pem ); #endif /* MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_RSA_C) @@ -1324,7 +1327,6 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); if ( ret == 0 ) { - mbedtls_pem_free( &pem ); return( ret ); } mbedtls_pk_free( ctx ); diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index b0464e5d29..391d6c5b1b 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -107,7 +107,7 @@ depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0 Parse Public RSA Key #1 (PKCS#8 wrapped, DER) -depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_MD5_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_1024_public.der":0 Parse Public RSA Key #3 (PKCS#1 wrapped) @@ -115,7 +115,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.pem":0 Parse Public RSA Key #4 (PKCS#1 wrapped, DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_RSA_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0 Parse Public EC Key #1 (RFC 5480, DER) From c36aab69b5e392833a3d85f726fc28887e4732a8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 09:15:06 +0100 Subject: [PATCH 0446/1059] Swap D,E parameters in mbedtls_rsa_deduce_primes --- include/mbedtls/rsa_internal.h | 6 +++--- library/rsa.c | 2 +- library/rsa_internal.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index 080f09f7a6..3b351c916c 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -72,8 +72,8 @@ extern "C" { * overwrite it. * * \param N RSA modulus N = PQ, with P, Q to be found - * \param D RSA private exponent * \param E RSA public exponent + * \param D RSA private exponent * \param P Pointer to MPI holding first prime factor of N on success * \param Q Pointer to MPI holding second prime factor of N on success * @@ -87,8 +87,8 @@ extern "C" { * use the helper function \c mbedtls_rsa_validate_params. * */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, - mbedtls_mpi const *E, +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E, + mbedtls_mpi const *D, mbedtls_mpi *P, mbedtls_mpi *Q ); /** diff --git a/library/rsa.c b/library/rsa.c index 5366abc22f..bf24a09b1f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -274,7 +274,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) if( pq_missing ) { - ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->D, &ctx->E, + ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, &ctx->P, &ctx->Q ); if( ret != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 3b54fdee7b..f65f0dfcf2 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -66,7 +66,7 @@ * */ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, - mbedtls_mpi const *D, mbedtls_mpi const *E, + mbedtls_mpi const *E, mbedtls_mpi const *D, mbedtls_mpi *P, mbedtls_mpi *Q ) { int ret = 0; From 4055a3a16f9721da7c530f2bc797b833021dea8a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 09:15:26 +0100 Subject: [PATCH 0447/1059] Shorten prime array in mbedtls_rsa_deduce_primes --- library/rsa_internal.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index f65f0dfcf2..5e35dbf606 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -79,15 +79,14 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ mbedtls_mpi K; /* Temporary holding the current candidate */ - const unsigned int primes[] = { 2, + const unsigned char primes[] = { 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251, 257, 263, 269, - 271, 277, 281, 283, 293, 307, 311, 313 + 229, 233, 239, 241, 251 }; const size_t num_primes = sizeof( primes ) / sizeof( *primes ); From f8c028a2fbb3b22f759b82606f8ce2d0734efa97 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 09:20:57 +0100 Subject: [PATCH 0448/1059] Minor corrections --- include/mbedtls/rsa_internal.h | 4 ++-- library/rsa.c | 2 +- library/rsa_internal.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index 3b351c916c..e7ddd98a7d 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -30,7 +30,7 @@ * * End-users of Mbed TLS not intending to re-implement the RSA functionality * are not expected to get into the need of making use of these functions directly, - * but instead should be able to make do with the implementation of the RSA module. + * but instead should be able to use the functions declared in rsa.h. * * There are two classes of helper functions: * (1) Parameter-generating helpers. These are: @@ -163,7 +163,7 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * if all relevant parameters are provided: * - P prime if f_rng != NULL * - Q prime if f_rng != NULL - * - 1 < N = PQ + * - 1 < N = P * Q * - 1 < D, E < N * - D and E are modular inverses modulo P-1 and Q-1 * - A non-zero error code otherwise. diff --git a/library/rsa.c b/library/rsa.c index bf24a09b1f..7931673398 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -210,7 +210,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, #endif /* It wouldn't lead to an error if it wasn't satisfied, - * but check for PQ >= 1 nonetheless. */ + * but check for QP >= 1 nonetheless. */ #if !defined(MBEDTLS_RSA_NO_CRT) if( is_priv && mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 5e35dbf606..e28ca50b3f 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -370,7 +370,7 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, #endif /* MBEDTLS_GENPRIME */ /* - * Step 2: Check that 1 < N = PQ + * Step 2: Check that 1 < N = P * Q */ if( P != NULL && Q != NULL && N != NULL ) From 68767a6e88efb74d2afa6ec13f0be2a7bf47ddaf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:13:31 +0100 Subject: [PATCH 0449/1059] Improve documentation in mbedtls_rsa_check_privkey --- include/mbedtls/rsa.h | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 55209b0dce..dc2319ca62 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -416,13 +416,11 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. * - * \note This function performs checks substantiating - * the consistency of the key material used to setup - * the RSA context. In case of implementations saving - * all core RSA parameters, this might mean a consistency - * check in the sense of \c mbedtls_rsa_validate_params, - * while other implementations might perform an empirical - * check consisting of an encryption-decryption pair. + * \note The consistency checks performed by this function not only + * ensure that \c mbedtls_rsa_private can be called successfully + * on the given context, but that the various parameters are + * mutually consistent with high probability, in the sense that + * \c mbedtls_rsa_public and \c mbedtls_rsa_private are inverses. * * \warning This function should catch accidental misconfigurations * like swapping of parameters, but it cannot establish full From 554c32dae6532ae3543a23199ab21c476cd06db1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:21:53 +0100 Subject: [PATCH 0450/1059] Mention validate_params does primality tests only if GENPRIME def'd --- include/mbedtls/rsa_internal.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index e7ddd98a7d..7e6a2ecd97 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -161,11 +161,12 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * \return * - 0 if the following conditions are satisfied * if all relevant parameters are provided: - * - P prime if f_rng != NULL - * - Q prime if f_rng != NULL + * - P prime if f_rng != NULL (%) + * - Q prime if f_rng != NULL (%) * - 1 < N = P * Q * - 1 < D, E < N * - D and E are modular inverses modulo P-1 and Q-1 + * (%) This is only done if MBEDTLS_GENPRIME is defined. * - A non-zero error code otherwise. * * \note The function can be used with a restricted set of arguments From e2a73c13cfe55fc4aa761d03f04fef2e994daa4a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:22:47 +0100 Subject: [PATCH 0451/1059] Enhancement of ChangeLog entry --- ChangeLog | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index c65e5c5cc0..7433dd7c6d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,9 +13,15 @@ API Changes independent setup and export of RSA contexts. Most notably, mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup RSA + needs of the implementation automatically. This allows to setup private RSA contexts from keys consisting of N,D,E only, even if P,Q are needed for the purpose or CRT and/or blinding. + * The configuration option MBEDTLS_RSA_ALT can be used to define alternative + implementations of the RSA interface declared in rsa.h. + +New deprecations + * Direct manipulation of structure fields of RSA contexts is deprecated. + Users are advised to use the extended RSA API instead. = mbed TLS x.x.x branch released xxxx-xx-xx @@ -321,7 +327,7 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). - * Fix a potential integer underflow to buffer overread in + * Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. @@ -341,7 +347,7 @@ Bugfix * Fix an issue that caused valid certificates to be rejected whenever an expired or not yet valid certificate was parsed before a valid certificate in the trusted certificate list. - * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the + * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. * Fix issue that caused a hang when generating RSA keys of odd bitlength * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer @@ -1597,7 +1603,7 @@ Security Changes * Allow enabling of dummy error_strerror() to support some use-cases * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL + disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL * Sending of security-relevant alert messages that do not break interoperability can be switched on/off with the flag POLARSSL_SSL_ALL_ALERT_MESSAGES @@ -1626,7 +1632,7 @@ Bugfix Changes * Added p_hw_data to ssl_context for context specific hardware acceleration data - * During verify trust-CA is only checked for expiration and CRL presence + * During verify trust-CA is only checked for expiration and CRL presence Bugfixes * Fixed client authentication compatibility @@ -1924,9 +1930,9 @@ Features with random data (Fixed ticket #10) Changes - * Debug print of MPI now removes leading zero octets and + * Debug print of MPI now removes leading zero octets and displays actual bit size of the value. - * x509parse_key() (and as a consequence x509parse_keyfile()) + * x509parse_key() (and as a consequence x509parse_keyfile()) does not zeroize memory in advance anymore. Use rsa_init() before parsing a key or keyfile! @@ -1948,7 +1954,7 @@ Features printing of X509 CRLs from file Changes - * Parsing of PEM files moved to separate module (Fixes + * Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding @@ -2091,7 +2097,7 @@ Bug fixes * Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared. (found by code coverage tests) - * Prevented use of long long in bignum if + * Prevented use of long long in bignum if POLARSSL_HAVE_LONGLONG not defined (found by Giles Bathgate). * Fixed incorrect handling of negative strings in @@ -2132,7 +2138,7 @@ Bug fixes * Made definition of net_htons() endian-clean for big endian systems (Found by Gernot). * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in - padlock and timing code. + padlock and timing code. * Fixed an off-by-one buffer allocation in ssl_set_hostname() responsible for crashes and unwanted behaviour. * Added support for Certificate Revocation List (CRL) parsing. @@ -2306,4 +2312,3 @@ XySSL ChangeLog who maintains the Debian package :-) = Version 0.1 released on 2006-11-01 - From 580869dae8d27198e5c37f7484a73f3f0cdd091b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:29:18 +0100 Subject: [PATCH 0452/1059] Handle RSA_EXPORT_UNSUPPORTED error code in strerror --- library/error.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/error.c b/library/error.c index dd2db0c45c..90a38455bf 100644 --- a/library/error.c +++ b/library/error.c @@ -331,6 +331,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); + if( use_ret == -(MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED) ) + mbedtls_snprintf( buf, buflen, "RSA - The requested parameter export is not possible/allowed" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) From fc8fbfa059940da9689caba22cc1a2533d342f23 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:31:15 +0100 Subject: [PATCH 0453/1059] Switch to gender neutral wording in rsa.h --- include/mbedtls/rsa.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index dc2319ca62..da86d16f31 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -430,8 +430,8 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * that imported parameters irrelevant for the implementation * might be silently dropped, in which case the present * function doesn't have access to and hence cannot check them. - * If the user desires to check the consistency of the entire - * content of, say, an PKCS1-encoded RSA private key, he + * If you want to check the consistency of the entire + * content of, say, an PKCS1-encoded RSA private key, you * should use \c mbedtls_rsa_validate_params before setting * up the RSA context. * Further, if the implementation performs empirical checks, From b4ff0aafd96b3bf5f94a86a970911ff7ee4822f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 11:03:04 +0100 Subject: [PATCH 0454/1059] Swap branches accepting/refusing renegotiation in in ssl_read --- library/ssl_tls.c | 51 +++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index de2490ced9..2443a86296 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6921,11 +6921,32 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) #endif /* MBEDTLS_SSL_SRV_C */ /* Determine whether renegotiation attempt should be accepted */ + if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || + ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) ) + { + /* + * Accept renegotiation request + */ - if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || - ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) + /* DTLS clients need to know renego is server-initiated */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; + } +#endif + ret = ssl_start_renegotiation( ssl ); + if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); + return( ret ); + } + } + else { /* * Refuse renegotiation @@ -6963,28 +6984,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } } - else - { - /* - * Accept renegotiation request - */ - - /* DTLS clients need to know renego is server-initiated */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; - } -#endif - ret = ssl_start_renegotiation( ssl ); - if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); - return( ret ); - } - } return( MBEDTLS_ERR_SSL_WANT_READ ); } From 21df7f90d225ca717b9a558260053a712dbc8957 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 11:03:26 +0100 Subject: [PATCH 0455/1059] Fix handling of HS msgs in mbedtls_ssl_read if renegotiation unused Previously, if `MBEDTLS_SSL_RENEGOTIATION` was disabled, incoming handshake messages in `mbedtls_ssl_read` (expecting application data) lead to the connection being closed. This commit fixes this, restricting the `MBEDTLS_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting renegotiation requests and aborting renegotiation attempts after too many unexpected records have been received. --- library/ssl_tls.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2443a86296..89eba056c5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6878,7 +6878,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } } -#if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); @@ -6920,6 +6919,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } #endif /* MBEDTLS_SSL_SRV_C */ +#if defined(MBEDTLS_SSL_RENEGOTIATION) /* Determine whether renegotiation attempt should be accepted */ if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && @@ -6947,6 +6947,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } } else +#endif /* MBEDTLS_SSL_RENEGOTIATION */ { /* * Refuse renegotiation @@ -6987,6 +6988,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) return( MBEDTLS_ERR_SSL_WANT_READ ); } +#if defined(MBEDTLS_SSL_RENEGOTIATION) else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { if( ssl->conf->renego_max_records >= 0 ) From 6851b10ec779772472f50415682abf635251c260 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 14:57:48 +0100 Subject: [PATCH 0456/1059] Note that disabling SSL_RENEGO doesn't open door for renego attack --- include/mbedtls/config.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c7196402..69e997f85e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1155,6 +1155,13 @@ * misuse/misunderstand. * * Comment this to disable support for renegotiation. + * + * \note Even if this option is disabled, both client and server are aware + * of the Renegotiation Indication Extension (RFC 5746) used to + * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). + * (See \c mbedtls_ssl_conf_legacy_renegotiation for the + * configuration of this extension). + * */ #define MBEDTLS_SSL_RENEGOTIATION From 40f8b512210f542e3fd3c34c9c95addba039d6b7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 14:58:55 +0100 Subject: [PATCH 0457/1059] Add comments on the use of the renego SCSV and the renego ext --- library/ssl_cli.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 544c8cf5c2..335379fe28 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -134,6 +134,9 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, *olen = 0; + /* We're always including an TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the + * initial ClientHello, in which case also adding the renegotiation + * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) return; @@ -971,6 +974,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif + /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added + * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; From 6a2436493f2f78c7b9af01fa4c5e96f0b215c47b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 15:18:45 +0100 Subject: [PATCH 0458/1059] Add dependency on SSL_RENEGOTIATION to renego tests in ssl-opt.sh --- tests/ssl-opt.sh | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 64f26a0cf0..6c336045da 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1431,6 +1431,7 @@ run_test "Max fragment length: DTLS client, larger message" \ # Tests for renegotiation +# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION run_test "Renegotiation: none, for reference" \ "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2" \ @@ -1444,6 +1445,7 @@ run_test "Renegotiation: none, for reference" \ -S "=> renegotiate" \ -S "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: client-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1457,6 +1459,7 @@ run_test "Renegotiation: client-initiated" \ -s "=> renegotiate" \ -S "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -1473,6 +1476,7 @@ run_test "Renegotiation: server-initiated" \ # Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that # the server did not parse the Signature Algorithm extension. This test is valid only if an MD # algorithm stronger than SHA-1 is enabled in config.h +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1490,6 +1494,7 @@ run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ # Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that # the server did not parse the Signature Algorithm extension. This test is valid only if an MD # algorithm stronger than SHA-1 is enabled in config.h +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -1504,6 +1509,7 @@ run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ -s "write hello request" \ -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: double" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1517,6 +1523,7 @@ run_test "Renegotiation: double" \ -s "=> renegotiate" \ -s "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: client-initiated, server-rejected" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1532,6 +1539,7 @@ run_test "Renegotiation: client-initiated, server-rejected" \ -c "SSL - Unexpected message at ServerHello in renegotiation" \ -c "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-rejected, default" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ @@ -1547,6 +1555,7 @@ run_test "Renegotiation: server-initiated, client-rejected, default" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=-1 auth_mode=optional" \ @@ -1564,6 +1573,7 @@ run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ -S "failed" # delay 2 for 1 alert record + 1 application data record +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=2 auth_mode=optional" \ @@ -1580,6 +1590,7 @@ run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=0 auth_mode=optional" \ @@ -1595,6 +1606,7 @@ run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ -s "write hello request" \ -s "SSL - An unexpected message was received from our peer" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=0 auth_mode=optional" \ @@ -1611,6 +1623,7 @@ run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: periodic, just below period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -1628,6 +1641,7 @@ run_test "Renegotiation: periodic, just below period" \ -S "failed" # one extra exchange to be able to complete renego +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: periodic, just above period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ @@ -1644,6 +1658,7 @@ run_test "Renegotiation: periodic, just above period" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: periodic, two times period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \ @@ -1660,6 +1675,7 @@ run_test "Renegotiation: periodic, two times period" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: periodic, above period, disabled" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ @@ -1676,6 +1692,7 @@ run_test "Renegotiation: periodic, above period, disabled" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: nbio, client-initiated" \ "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1689,6 +1706,7 @@ run_test "Renegotiation: nbio, client-initiated" \ -s "=> renegotiate" \ -S "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: nbio, server-initiated" \ "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ @@ -1702,6 +1720,7 @@ run_test "Renegotiation: nbio, server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: openssl server, client-initiated" \ "$O_SRV -www" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -1714,6 +1733,7 @@ run_test "Renegotiation: openssl server, client-initiated" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: gnutls server strict, client-initiated" \ "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -1726,6 +1746,7 @@ run_test "Renegotiation: gnutls server strict, client-initiated" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -1738,6 +1759,7 @@ run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ -C "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -1751,6 +1773,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ -C "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -1763,6 +1786,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ -C "error" \ -c "HTTP/1.0 200 [Oo][Kk]" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: DTLS, client-initiated" \ "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1776,6 +1800,7 @@ run_test "Renegotiation: DTLS, client-initiated" \ -s "=> renegotiate" \ -S "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: DTLS, server-initiated" \ "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ @@ -1790,6 +1815,7 @@ run_test "Renegotiation: DTLS, server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: DTLS, renego_period overflow" \ "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ @@ -1801,9 +1827,10 @@ run_test "Renegotiation: DTLS, renego_period overflow" \ -s "record counter limit reached: renegotiate" \ -c "=> renegotiate" \ -s "=> renegotiate" \ - -s "write hello request" \ + -s "write hello request" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ "$G_SRV -u --mtu 4096" \ "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -3696,6 +3723,7 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ -C "error" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ @@ -3709,6 +3737,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ -s "Extra-header:" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ @@ -3953,6 +3982,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3967,6 +3997,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3981,6 +4012,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3996,6 +4028,7 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ From 134c2ab891d35f8a27e71f4773ca97902fd0dbb0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 15:29:50 +0100 Subject: [PATCH 0459/1059] Add build and ssl-opt.sh run for !SSL_RENEGOTIATION to all.sh --- tests/scripts/all.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9c5bbfa4a..c768bdd166 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -326,6 +326,19 @@ OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min tests/ssl-opt.sh +msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s +make test + +msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min +tests/ssl-opt.sh + msg "build: cmake, full config, clang, C99" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 479e8e24e615f3002d13f08bc9da35f567be0e3a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 15:39:45 +0100 Subject: [PATCH 0460/1059] Adapt ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index c4e3998d04..ef20788247 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ Bugfix * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix handling of handshake messages in mbedtls_ssl_read in case + MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp. = mbed TLS 2.6.0 branch released 2017-08-10 From 3f2da84bca52ef2712ecd533005ae0af0e4759a2 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 17 Oct 2017 15:50:30 +0300 Subject: [PATCH 0461/1059] Resolve PR review comments 1) Fix style comments 2) Fix typo in Makefile 3) Remove the `MBEDTLS_MD5_C` dependency from test data file, as the used keys are not encrypted --- library/pkparse.c | 4 +++- tests/data_files/Makefile | 14 +++++++++++--- tests/data_files/rsa_pkcs8_2048_public.der | Bin 0 -> 294 bytes tests/data_files/rsa_pkcs8_2048_public.pem | 9 +++++++++ tests/suites/test_suite_pkparse.data | 7 +++---- 5 files changed, 26 insertions(+), 8 deletions(-) create mode 100644 tests/data_files/rsa_pkcs8_2048_public.der create mode 100644 tests/data_files/rsa_pkcs8_2048_public.pem diff --git a/library/pkparse.c b/library/pkparse.c index 75f1620b00..41eeadf45e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1256,6 +1256,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, #if defined(MBEDTLS_PEM_PARSE_C) size_t len; mbedtls_pem_context pem; + mbedtls_pem_init( &pem ); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ @@ -1278,6 +1279,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 ) mbedtls_pk_free( ctx ); + mbedtls_pem_free( &pem ); return( ret ); } @@ -1288,7 +1290,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, } #endif /* MBEDTLS_RSA_C */ - /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ + /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if( keylen == 0 || key[keylen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index bfcdc684a1..3e20f66411 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -65,11 +65,19 @@ server2-sha256.crt: server2-rsa.csr all_final += server2-sha256.crt rsa_pkcs1_2048_public.pem: server8.key - $(OPENSSL) rsa -in server8.key -outform PEM -RSAPublicKey_out -out $@ -all_final += rsa_pkcs8_2048_public.pem + $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ +all_final += rsa_pkcs1_2048_public.pem rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem - $(OPENSSL) -RSAPublicKey_in -in rsa_pkcs1_2048_public.pem -outform DER -RSAPublicKey_out -out $@ + $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ +all_final += rsa_pkcs1_2048_public.der + +rsa_pkcs8_2048_public.pem: server8.key + $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ +all_final += rsa_pkcs8_2048_public.pem + +rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem + $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ all_final += rsa_pkcs8_2048_public.der ################################################################ diff --git a/tests/data_files/rsa_pkcs8_2048_public.der b/tests/data_files/rsa_pkcs8_2048_public.der new file mode 100644 index 0000000000000000000000000000000000000000..8644a5647e63e647adedd78acc7c631b3bd0a4cb GIT binary patch literal 294 zcmV+>0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>l+Z=x`3(ddI(RC1@ zqPWg|s^SIUde}r`kF~wPuo<~GxEV?g@m+L)XGVtx-dleL1HHkGUI!J_TlC!J&pr9U z5iG81xr)6VXJ!}bPQBX|nu3Sq@OZ^HpQ)K&<1_5c>I=1DUhzqOKcg+`0SwGS zns%GS&^Obu7Xe`b7Fm8A7sFHi(Q?a7U=`YZ;_9tX?~dY&)M|HC)^OQtyYcQh1URF; z;?dw{YvPz(f!sWL%K7u0_tq#ICwP3r(A8t7fi#J& sC2GC$>h1bh{N*&p!4GjQ(g+Y6twcfK{&}EdlZvrj>9Fo^0s{d60qM1nivR!s literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_2048_public.pem b/tests/data_files/rsa_pkcs8_2048_public.pem new file mode 100644 index 0000000000..f1e29cc6e1 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_2048_public.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xx/LgvNv87RdRCgorjO +fariBeB62ERjj7W9wLAZuTe4GUoO8V10gGdGhwbeW38GA73BjV4HFdRb9Nzlzz35 +wREsrmq5ir0dZ2YX6k692xWagofk8HjDo4WHsP2fqZlf4zPszOoLtWFe8Ul+P6Mt +6gEMzEKadpvE0DfTsRcBYQEWWX4cF8NT/dFyy0xgFdp94uqtUO+O4ovUandV1nDZ +a7vx7jkEOKO94tHgZmvinEeZ6SjmtvwuymdDhOjVg9admGsBPoHcPHrK+fOc99Yo +Gyd4fMPQ1WOngTSJrSVqvfLq7fpX/OU0xsEPcS3SCBAbrURB4P55oGOTirFd6bDu +bwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 391d6c5b1b..32957266cc 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -103,12 +103,11 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBED pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 Parse Public RSA Key #1 (PKCS#8 wrapped) -depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C -pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0 +depends_on:MBEDTLS_PEM_PARSE_C +pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0 Parse Public RSA Key #1 (PKCS#8 wrapped, DER) -depends_on:MBEDTLS_MD5_C -pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_1024_public.der":0 +pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.der":0 Parse Public RSA Key #3 (PKCS#1 wrapped) depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C From 15f2b3e5386c9956f52093331f85de497c63a397 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 15:17:05 +0100 Subject: [PATCH 0462/1059] Mention that mpi_fill_random interprets PRNG output as big-endian --- include/mbedtls/bignum.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 456a804204..214e83c2d8 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -683,6 +683,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi * * \return 0 if successful, * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * + * \note The bytes obtained from the PRNG are interpreted + * as a big-endian representation of an MPI; this can + * be relevant in applications like deterministic ECDSA. */ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, int (*f_rng)(void *, unsigned char *, size_t), From 073c199224fc961e6cb045e4d4b6dc51685e617f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 15:17:27 +0100 Subject: [PATCH 0463/1059] Make mpi_read_binary time constant This commit modifies mpi_read_binary to always allocate the minimum number of limbs required to hold the entire buffer provided to the function, regardless of its content. Previously, leading zero bytes in the input data were detected and used to reduce memory footprint and time, but this non-constant behavior turned out to be non-tolerable for the cryptographic applications this function is used for. --- library/bignum.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index d3a150c3c1..79f25f08ec 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -672,16 +672,20 @@ cleanup: int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) { int ret; - size_t i, j, n; + size_t i, j; + size_t const limbs = CHARS_TO_LIMBS( buflen ); - for( n = 0; n < buflen; n++ ) - if( buf[n] != 0 ) - break; + /* Ensure that target MPI has exactly the necessary number of limbs */ + if( X->n != limbs ) + { + mbedtls_mpi_free( X ); + mbedtls_mpi_init( X ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); + } - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - for( i = buflen, j = 0; i > n; i--, j++ ) + for( i = buflen, j = 0; i > 0; i--, j++ ) X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3); cleanup: From 7c8cb9c28b3153aed05db02a2913915524d5f37b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 15:19:38 +0100 Subject: [PATCH 0464/1059] Fix information leak in ecp_gen_keypair_base The function mbedtls_ecp_gen_keypair_base did not wipe the stack buffer used to hold the private exponent before returning. This commit fixes this by not using a stack buffer in the first place but instead calling mpi_fill_random directly to acquire the necessary random MPI. --- library/ecp.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 5ad6863987..b41baef27a 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1953,7 +1953,6 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, { /* SEC1 3.2.1: Generate d such that 1 <= n < N */ int count = 0; - unsigned char rnd[MBEDTLS_ECP_MAX_BYTES]; /* * Match the procedure given in RFC 6979 (deterministic ECDSA): @@ -1964,8 +1963,7 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, */ do { - MBEDTLS_MPI_CHK( f_rng( p_rng, rnd, n_size ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, rnd, n_size ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) ); /* From e1a9a4a82651ff43cf2cea7bc95867c590a99716 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 17 Oct 2017 18:15:41 +0300 Subject: [PATCH 0465/1059] Fix crash when calling `mbedtls_ssl_cache_free` twice Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104 --- ChangeLog | 2 ++ library/ssl_cache.c | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index c4e3998d04..44c2f78eb8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ Bugfix * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by + MilenkoMitrovic, #1104 = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/ssl_cache.c b/library/ssl_cache.c index c771d7fe2a..d34bc3d636 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -43,6 +43,11 @@ #include +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) { memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) ); @@ -321,6 +326,8 @@ void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &cache->mutex ); #endif + + mbedtls_zeroize( cache, sizeof(mbedtls_ssl_cache_context) ); } #endif /* MBEDTLS_SSL_CACHE_C */ From 28a0c727957990ac655cbe40c7eb20b7ef01167d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Oct 2017 19:01:38 +0200 Subject: [PATCH 0466/1059] RSA: Fix buffer overflow in PSS signature verification Fix buffer overflow in RSA-PSS signature verification when the hash is too large for the key size. Found by Seth Terashima, Qualcomm. Added a non-regression test and a positive test with the smallest permitted key size for a SHA-512 hash. --- ChangeLog | 5 ++++ library/rsa.c | 2 ++ tests/data_files/rsa512.key | 9 ++++++++ tests/data_files/rsa521.key | 9 ++++++++ tests/data_files/rsa522.key | 9 ++++++++ tests/data_files/rsa528.key | 9 ++++++++ tests/suites/test_suite_pkcs1_v21.data | 32 ++++++++++++++++++++++++++ 7 files changed, 75 insertions(+) create mode 100644 tests/data_files/rsa512.key create mode 100644 tests/data_files/rsa521.key create mode 100644 tests/data_files/rsa522.key create mode 100644 tests/data_files/rsa528.key diff --git a/ChangeLog b/ChangeLog index a89f2a4677..292acefe3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x released xxxx-xx-xx +Security + * Fix buffer overflow in RSA-PSS verification when the hash is too + large for the key size. Found by Seth Terashima, Qualcomm Product + Security Initiative, Qualcomm Technologies Inc. + Features * Allow comments in test data files. diff --git a/library/rsa.c b/library/rsa.c index bdd2538c3a..a4e3ee6894 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1362,6 +1362,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); + if( siglen < hlen + 2 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); slen = siglen - hlen - 1; /* Currently length of salt + padding */ memset( zeros, 0, 8 ); diff --git a/tests/data_files/rsa512.key b/tests/data_files/rsa512.key new file mode 100644 index 0000000000..1fd7987c21 --- /dev/null +++ b/tests/data_files/rsa512.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBALB20jJQgW+aqwIwfkUrl/DK51mDabQWJOivx5caWaE4kvZLB+qm +7JKMFgstbsj50N1bY8izrAdntPZciS9WwQ8CAwEAAQJAKYfNcIoB7II6PQmsrhrU +Z5dZW3fSKNANX7X/A1DwR0DlF8uZnpWsWbYcRoXX7QjvepZqc54wryhW55Wlm6yI +AQIhAOJIaLjSpbHjzzcJQ7mylxn2WGIlbJPPzJ9OaFZCZQvxAiEAx6OEAvl6JKa6 +6a+N2Wvhtcgb4qqR6UHQGJQYGJz5nP8CIAvgoR6ScAAWZRoOcm+c4DGMrLb6H+ji +T2tNQkzEz2kBAiEAmw34GStU36STpa6RGJ4+tyZN6jWakDVqf7x+HpfFE1cCIQDc +KzXIxec2taye4OeIa1v4W/MigMmYE9w93Uw/Qi3azA== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa521.key b/tests/data_files/rsa521.key new file mode 100644 index 0000000000..0b940aa6e6 --- /dev/null +++ b/tests/data_files/rsa521.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPQIBAAJCATG2mGDzy5v4XqNY/fK9KZDxt3qA1qT9+BekPdiWvffdJq+KwCN/ +Um4NM7EFyXH9vU/6ns6Z/EafMez0Kej1YsHDAgMBAAECQCdoYjwdMSHp4kksL5Aa +0kDc58ni0chy9IgXo+FHjTVmR9DkaZANrwfVvYMJxqYCZo0im1Dw7ZJBUDJQNXnl +ZokCIRiSk66I24AWa7XGUFvatVwXWi2ACE4QEKqzWQe1mQ24/wIhDHD1TCKpqucA +XDI+1N7EHs+fN4CfTSWe8FPGiK6q3VM9AiESrKKLi/q011U4KeS8SfR2blDcL2cg +XFkuQWqxzzLoGOUCIQmgl5E0+Ypwe0zc7NYZFDarf4+ZjqxKQnXCvk0irMHcGQIh +EVPli6RQb3Gcx7vXJHltzSTno7NElzBDRMBVUlBmVxAJ +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa522.key b/tests/data_files/rsa522.key new file mode 100644 index 0000000000..18fbe70ca0 --- /dev/null +++ b/tests/data_files/rsa522.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPgIBAAJCAtMCdT492ij0L02fkshkdCDqb7yXwQ+EmLlmqVPzV2mNZYEGDf4y +yKuY20vFzirN8MHm5ASnWhMoJVDBqjfTzci/AgMBAAECQU05ffxf7uVg74yC9tKg +qCa746NpMh3OM+HZrUxiOXv0sJMRXNEPD5HNLtgcNY6MI5NYbUvkOXktnFZpxWYP +TH7BAiEeFJGs5Z6gRd2v/IbYLMFDHgjqho04INGTOvnyI7lGVKUCIRgJM7moFuoM +UrKTmJK1uOzauWEykCKgc6BGH6TGZoEWkwIhBzQn2v82qO1ydOYGKRk2w2sa+Yd1 +pH5/kkHqf+m8QjKdAiEQ9eVW+4J30wxD0JyX4b1E/S5UpN5KYNhWX0US+6D3NBsC +IRxePzdQlutZWg0Cnku3QE1tOLBCFlP7QVVl5FbKcY5H5w== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa528.key b/tests/data_files/rsa528.key new file mode 100644 index 0000000000..fd463b54dc --- /dev/null +++ b/tests/data_files/rsa528.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBRQIBAAJDAOMcJG1GSFmEJh/RdMqz1DVzRGAuzXk8R9vlQlLTe7NQvGNDWbGV +FVQggORySktnIpG+V8dkj1Finq7yNOhH2ZzGXwIDAQABAkMAsWYyLglQSlwnS4NZ +L1z4zieTqW3lomWr2+BgxkHbxl2w0Rx4L+Ezp+YK6mhtIQWNkoytPvWJJMS7Jrkg +agMAHQJBAiIA+F1y5GO0Bv+igsNLXwwtbCqs8hAkavU9W8egt/oDbhzbAiIA6hds +PZp/s1X7n7dwfmebSs+3vLZFuQfifN8XZLw0CXHNAiEuEzgDQrPdMIN3er96zImI +rYoUBgabiQ9u/WPFfa4xOU0CIgDDYC089Tfjy72pPgcr2PkpZVhqro5esg/8PI5f +yxx7TXkCIgCYoE8Y5IxomtL1ub1AQzPe9UyyUGzQB1yWeiloJh6LjxA= +-----END RSA PRIVATE KEY----- diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index ac16beb8a5..6d31494e56 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -787,3 +787,35 @@ RSASSA-PSS Signature verify options #13 (MGF1 alg != MSG hash alg, arg wrong) depends_on:MBEDTLS_SHA256_C pkcs1_rsassa_pss_verify_ext:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:MBEDTLS_RSA_SALT_LEN_ANY:"c0719e9a8d5d838d861dc6f675c899d2b309a3a65bb9fe6b11e5afcbf9a2c0b1":"7fc506d26ca3b22922a1ce39faaedd273161b82d9443c56f1a034f131ae4a18cae1474271cb4b66a17d9707ca58b0bdbd3c406b7e65bbcc9bbbce94dc45de807b4989b23b3e4db74ca29298137837eb90cc83d3219249bc7d480fceaf075203a86e54c4ecfa4e312e39f8f69d76534089a36ed9049ca9cfd5ab1db1fa75fe5c8":0:MBEDTLS_ERR_RSA_INVALID_PADDING +RSASSA-PSS verify ext, 512-bit key, empty salt, good signature +depends_on:MBEDTLS_SHA256_C +pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf246":0:0 + +RSASSA-PSS verify ext, 512-bit key, empty salt, bad signature +depends_on:MBEDTLS_SHA256_C +pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf247":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING + +RSASSA-PSS verify ext, 522-bit key, SHA-512, empty salt, good signature +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify_ext:522:16:"02d302753e3dda28f42f4d9f92c8647420ea6fbc97c10f8498b966a953f357698d6581060dfe32c8ab98db4bc5ce2acdf0c1e6e404a75a13282550c1aa37d3cdc8bf":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"016752ae0b5dfbade6bbd3dd37868d48c8d741f92dca41c360aeda553204c2212a117b1a3d77e0d3f48723503c46e16c8a64de00f1dee3e37e478417452630859486":0:0 + +RSASSA-PSS verify ext, 528-bit key, SHA-512, saltlen=64, good signature with saltlen=0 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify_ext:528:16:"00e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:64:"":"a9ad7994ba3a1071124153486924448cc67a5af3a5d34e9261d53770782cc85f58e2edde5f7004652a645e3e9606530eb57de41df7298ae2be9dec69cc0d613ab629":0:MBEDTLS_ERR_RSA_INVALID_PADDING + +RSASSA-PSS verify ext, 528-bit key, SHA-512, empty salt, good signature +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify_ext:528:16:"00e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"a9ad7994ba3a1071124153486924448cc67a5af3a5d34e9261d53770782cc85f58e2edde5f7004652a645e3e9606530eb57de41df7298ae2be9dec69cc0d613ab629":0:0 + +RSASSA-PSS verify ext, 528-bit key, SHA-512, saltlen=64, good signature with saltlen=0 +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify_ext:528:16:"00e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:64:"":"a9ad7994ba3a1071124153486924448cc67a5af3a5d34e9261d53770782cc85f58e2edde5f7004652a645e3e9606530eb57de41df7298ae2be9dec69cc0d613ab629":0:MBEDTLS_ERR_RSA_INVALID_PADDING + +RSASSA-PSS verify ext, 512-bit key, SHA-512 (hash too large) +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"ace8b03347da1b9a7a5e94a0d76359bb39c819bb170bef38ea84995ed653446c0ae87ede434cdf9d0cb2d7bf164cf427892363e6855a1d24d0ce5dd72acaf246":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature +depends_on:MBEDTLS_SHA512_C +pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING + From 6a54b0240dea904b5a823b2b1e01b97c37ac2e8f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Oct 2017 19:02:13 +0200 Subject: [PATCH 0467/1059] RSA: Fix another buffer overflow in PSS signature verification Fix buffer overflow in RSA-PSS signature verification when the masking operation results in an all-zero buffer. This could happen at any key size. --- ChangeLog | 2 ++ library/rsa.c | 21 +++++++++++---------- tests/suites/test_suite_pkcs1_v21.data | 4 ++++ 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 292acefe3b..6f7637dc1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Security * Fix buffer overflow in RSA-PSS verification when the hash is too large for the key size. Found by Seth Terashima, Qualcomm Product Security Initiative, Qualcomm Technologies Inc. + * Fix buffer overflow in RSA-PSS verification when the unmasked + data is all zeros. Features * Allow comments in test data files. diff --git a/library/rsa.c b/library/rsa.c index a4e3ee6894..f9aec22702 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1319,10 +1319,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int ret; size_t siglen; unsigned char *p; + unsigned char *hash_start; unsigned char result[MBEDTLS_MD_MAX_SIZE]; unsigned char zeros[8]; unsigned int hlen; - size_t slen, msb; + size_t observed_salt_len, msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; @@ -1364,7 +1365,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, hlen = mbedtls_md_get_size( md_info ); if( siglen < hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - slen = siglen - hlen - 1; /* Currently length of salt + padding */ + hash_start = buf + siglen - hlen - 1; memset( zeros, 0, 8 ); @@ -1379,6 +1380,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, p++; siglen -= 1; } + else if( buf[0] >> ( 8 - siglen * 8 + msb ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1389,25 +1391,24 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, return( ret ); } - mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); + mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx ); buf[0] &= 0xFF >> ( siglen * 8 - msb ); - while( p < buf + siglen && *p == 0 ) + while( p < hash_start - 1 && *p == 0 ) p++; - if( p == buf + siglen || + if( p == hash_start || *p++ != 0x01 ) { mbedtls_md_free( &md_ctx ); return( MBEDTLS_ERR_RSA_INVALID_PADDING ); } - /* Actual salt len */ - slen -= p - buf; + observed_salt_len = hash_start - p; if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && - slen != (size_t) expected_salt_len ) + observed_salt_len != (size_t) expected_salt_len ) { mbedtls_md_free( &md_ctx ); return( MBEDTLS_ERR_RSA_INVALID_PADDING ); @@ -1419,12 +1420,12 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, mbedtls_md_starts( &md_ctx ); mbedtls_md_update( &md_ctx, zeros, 8 ); mbedtls_md_update( &md_ctx, hash, hashlen ); - mbedtls_md_update( &md_ctx, p, slen ); + mbedtls_md_update( &md_ctx, p, observed_salt_len ); mbedtls_md_finish( &md_ctx, result ); mbedtls_md_free( &md_ctx ); - if( memcmp( p + slen, result, hlen ) == 0 ) + if( memcmp( hash_start, result, hlen ) == 0 ) return( 0 ); else return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index 6d31494e56..7c202e9cd4 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -819,3 +819,7 @@ RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature depends_on:MBEDTLS_SHA512_C pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING +RSASSA-PSS verify ext, all-zero padding, automatic salt length +depends_on:MBEDTLS_SHA256_C +pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"":"63a35294577c7e593170378175b7df27c293dae583ec2a971426eb2d66f2af483e897bfae5dc20300a9d61a3644e08c3aee61a463690a3498901563c46041056":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING + From 005939db984168406d8fed04874379677cdd630f Mon Sep 17 00:00:00 2001 From: RonEld Date: Tue, 17 Oct 2017 20:19:48 +0300 Subject: [PATCH 0468/1059] update README file (#1144) * update README file update VS 2010 as the minimal version of required Visual Studio * Rephrase the MS VS requirement Rephrase the VS version sentence --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5ffd2ae561..75639e930a 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ There are currently four active build systems used within mbed TLS releases: - yotta - GNU Make - CMake -- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010) +- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later) The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. From d2da622138a90364438cb1d7ba74b219b3fa3cf7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Oct 2017 21:23:15 +0100 Subject: [PATCH 0469/1059] Ensure that only .h files are parsed in generate_errors.pl --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 040a48895b..96ee1195dd 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -46,7 +46,7 @@ close(FORMAT_FILE); $/ = $line_separator; -my @files = <$include_dir/*>; +my @files = <$include_dir/*.h>; my @matches; foreach my $file (@files) { open(FILE, "$file"); From 69944b1e67d63e2c5da0b214a82b04f382995552 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Oct 2017 21:24:56 +0100 Subject: [PATCH 0470/1059] Make matching more robbust in generate_errors.pl --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 96ee1195dd..a07976001e 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -50,7 +50,7 @@ my @files = <$include_dir/*.h>; my @matches; foreach my $file (@files) { open(FILE, "$file"); - my @grep_res = grep(/define MBEDTLS_ERR_/, ); + my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, ); push(@matches, @grep_res); close FILE; } From 888071184c3247306ae170ee7d30d2554d230f13 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 18 Oct 2017 12:41:30 +0100 Subject: [PATCH 0471/1059] Zeroize stack before returning from mpi_fill_random --- library/bignum.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/bignum.c b/library/bignum.c index 79f25f08ec..d27c130bcb 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -63,6 +63,11 @@ static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; } +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -1886,6 +1891,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) ); cleanup: + mbedtls_zeroize( buf, sizeof( buf ) ); return( ret ); } From 08eacecc62b182b12d9b64f418ad1575b78f10ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Oct 2017 14:20:24 +0200 Subject: [PATCH 0472/1059] Fix some style issues and comment typos --- include/mbedtls/x509_crt.h | 2 +- library/x509_crt.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 2b4d3533fe..916ff8d9c3 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -286,7 +286,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * used to sign the certificate, CRL verification is skipped * silently, that is *without* setting any flag. * - * \note The \c trust_ca list can contain two type of certificates: + * \note The \c trust_ca list can contain two types of certificates: * (1) those of trusted root CAs, so that certificates * chaining up to those CAs will be trusted, and (2) * self-signed end-entity certificates to be trusted (for diff --git a/library/x509_crt.c b/library/x509_crt.c index f586fb4520..782a5cabeb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1645,7 +1645,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 /* * Check that the given certificate is not revoked according to the CRL. - * Skip validation is no CRL for the given CA is present. + * Skip validation if no CRL for the given CA is present. */ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, mbedtls_x509_crl *crl_list, @@ -1994,7 +1994,7 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, if( parent == NULL ) parent = badtime_parent; - return parent; + return( parent ); } /* @@ -2016,7 +2016,7 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt ); if( parent != NULL ) - return parent; + return( parent ); /* Look for a parent upwards the chain */ *parent_is_trusted = 0; @@ -2228,7 +2228,7 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt, } else { - for( name = &crt->subject; name != NULL; name = name->next ) + for( name = &crt->subject; name != NULL; name = name->next ) { if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) From 900fba616fe4102575473385205ae7ec7c2eb68f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Oct 2017 14:28:11 +0200 Subject: [PATCH 0473/1059] Fix check_wildcard() calling convention We shouldn't return a surprising value in case there is no wildcard and then rely on the caller to ensure that this doesn't happen --- library/x509_crt.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 782a5cabeb..e8a46da09c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1770,8 +1770,9 @@ static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) size_t i; size_t cn_idx = 0, cn_len = strlen( cn ); + /* We can't have a match if there is no wildcard to match */ if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) - return( 0 ); + return( -1 ); for( i = 0; i < cn_len; ++i ) { @@ -2194,9 +2195,7 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name, } /* try wildcard match */ - if( name->len > 2 && - memcmp( name->p, "*.", 2 ) == 0 && - x509_check_wildcard( cn, name ) == 0 ) + if( x509_check_wildcard( cn, name ) == 0 ) { return( 0 ); } From 08c36635cb9ec160e0b8150ce0fce6437e2ab55e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Oct 2017 14:57:11 +0200 Subject: [PATCH 0474/1059] Avoid possible miscast of PK key I don't think this can cause a crash as the member accessed is in the beginning of the context, so wouldn't be outside of valid memory if the actual context was RSA. Also, the mismatch will be caught later when checking signature, so the cert chain will be rejected anyway. --- library/x509_crt.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index e8a46da09c..8f8f6930cf 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -208,7 +208,19 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) { - mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; + mbedtls_ecp_group_id gid; + mbedtls_pk_type_t pk_type; + + /* Avoid calling pk_ec() if this is not an EC key */ + pk_type = mbedtls_pk_get_type( pk ); + if( pk_type != MBEDTLS_PK_ECDSA && + pk_type != MBEDTLS_PK_ECKEY && + pk_type != MBEDTLS_PK_ECKEY_DH ) + { + return( -1 ); + } + + gid = mbedtls_pk_ec( *pk )->grp.id; if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) return( 0 ); From 9cfabe3597d1fadf5ed7791973d1490c98719157 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 18 Oct 2017 14:42:01 +0100 Subject: [PATCH 0475/1059] Use a conservative excess of the maximum fragment length in tests This leads to graceful test failure instead of crash when run on the previous code. --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4865043b28..d4096e7444 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1322,7 +1322,7 @@ run_test "Max fragment length: enabled, default" \ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: enabled, default, larger message" \ "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 request_size=20000" \ + "$P_CLI debug_level=3 request_size=16385" \ 0 \ -c "Maximum fragment length is 16384" \ -s "Maximum fragment length is 16384" \ @@ -1330,14 +1330,14 @@ run_test "Max fragment length: enabled, default, larger message" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" \ - -c "20000 bytes written in 2 fragments" \ + -c "16385 bytes written in 2 fragments" \ -s "16384 bytes read" \ - -s "3616 bytes read" + -s "1 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length, DTLS: enabled, default, larger message" \ "$P_SRV debug_level=3 dtls=1" \ - "$P_CLI debug_level=3 dtls=1 request_size=20000" \ + "$P_CLI debug_level=3 dtls=1 request_size=16385" \ 1 \ -c "Maximum fragment length is 16384" \ -s "Maximum fragment length is 16384" \ @@ -1350,18 +1350,18 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 request_size=20000" \ + "$P_CLI debug_level=3 request_size=16385" \ 0 \ -C "Maximum fragment length is 16384" \ -S "Maximum fragment length is 16384" \ - -c "20000 bytes written in 2 fragments" \ + -c "16385 bytes written in 2 fragments" \ -s "16384 bytes read" \ - -s "3616 bytes read" + -s "1 bytes read" requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ - "$P_CLI debug_level=3 dtls=1 request_size=20000" \ + "$P_CLI debug_level=3 dtls=1 request_size=16385" \ 1 \ -C "Maximum fragment length is 16384" \ -S "Maximum fragment length is 16384" \ From 139108af94951855fd37ba5a1b9d6099e63b20c8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 18 Oct 2017 19:03:42 +0200 Subject: [PATCH 0476/1059] RSA PSS: fix minimum length check for keys of size 8N+1 The check introduced by the previous security fix was off by one. It fixed the buffer overflow but was not compliant with the definition of PSS which technically led to accepting some invalid signatures (but not signatures made without the private key). --- library/rsa.c | 7 ++++--- tests/suites/test_suite_pkcs1_v21.data | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f9aec22702..f25137ab89 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1363,9 +1363,6 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); - if( siglen < hlen + 2 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - hash_start = buf + siglen - hlen - 1; memset( zeros, 0, 8 ); @@ -1384,6 +1381,10 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, if( buf[0] >> ( 8 - siglen * 8 + msb ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( siglen < hlen + 2 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + hash_start = p + siglen - hlen - 1; + mbedtls_md_init( &md_ctx ); if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) { diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index 7c202e9cd4..7785b12322 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -817,7 +817,7 @@ pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369 RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature depends_on:MBEDTLS_SHA512_C -pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING +pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSASSA-PSS verify ext, all-zero padding, automatic salt length depends_on:MBEDTLS_SHA256_C From a21e2a015b760122e5918a04245597953e950a64 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 19 Oct 2017 09:13:35 +0100 Subject: [PATCH 0477/1059] Adapt ChangeLog --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index ded60d39f3..cef0e72151 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,13 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Make mbedtls_mpi_read_binary constant-time with respect to + the input data. Previously, trailing zero bytes were detected + and omitted for the sake of saving memory, but potentially + leading to slight timing differences. + Reported by Marco Macchetti, Kudelski Group. + Features * Allow comments in test data files. From 509fef7de331dd4ec336fc3b5f7b9c19b493b049 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 19 Oct 2017 10:10:18 +0100 Subject: [PATCH 0478/1059] Add ChangeLog message for EC private exponent information leak --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index cef0e72151..7838a68849 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ Security and omitted for the sake of saving memory, but potentially leading to slight timing differences. Reported by Marco Macchetti, Kudelski Group. + * Wipe stack buffer temporarily holding EC private exponent + after keypair generation. Features * Allow comments in test data files. From b00b0da45227dface23f1d1da2e28a0165d13313 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Oct 2017 15:23:49 +0200 Subject: [PATCH 0479/1059] RSA PSS: fix first byte check for keys of size 8N+1 For a key of size 8N+1, check that the first byte after applying the public key operation is 0 (it could have been 1 instead). The code was incorrectly doing a no-op check instead, which led to invalid signatures being accepted. Not a security flaw, since you would need the private key to craft such an invalid signature, but a bug nonetheless. --- library/rsa.c | 6 +++--- tests/suites/test_suite_pkcs1_v21.data | 8 ++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f25137ab89..b54960fb72 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1371,15 +1371,15 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, */ msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; + if( buf[0] >> ( 8 - siglen * 8 + msb ) ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) { p++; siglen -= 1; } - else - if( buf[0] >> ( 8 - siglen * 8 + msb ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); if( siglen < hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index 7785b12322..6258c62624 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -819,6 +819,14 @@ RSASSA-PSS verify ext, 521-bit key, SHA-512, empty salt, bad signature depends_on:MBEDTLS_SHA512_C pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:0:"":"00471794655837da498cbf27242807b40593a353c707eb22fd2cc5a3259e728ac4f1df676043eeec8e16c1175b3d9ac8cae72ec1d5772dd69de71c5677f19031568e":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSASSA-PSS verify ext, 521-bit key, SHA-256, empty salt, good signature +depends_on:MBEDTLS_SHA256_C +pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"41":"009c4941157fa36288e467310b198ab0c615c40963d611ffeef03000549ded809235955ecc57adba44782e9497c004f480ba2b3d58db8335fe0b391075c02c843a6d":0:0 + +RSASSA-PSS verify ext, 521-bit key, SHA-256, empty salt, flipped-highest-bit signature +depends_on:MBEDTLS_SHA256_C +pkcs1_rsassa_pss_verify_ext:521:16:"0131b69860f3cb9bf85ea358fdf2bd2990f1b77a80d6a4fdf817a43dd896bdf7dd26af8ac0237f526e0d33b105c971fdbd4ffa9ece99fc469f31ecf429e8f562c1c3":16:"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:0:"41":"00e11a2403df681c44a1f73f014b6c9ad17847d0b673f7c2a801cee208d10ab5792c10cd0cd495a4b331aaa521409fca7cb1b0d978b3a84cd67e28078b98753e9466":MBEDTLS_ERR_RSA_BAD_INPUT_DATA:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + RSASSA-PSS verify ext, all-zero padding, automatic salt length depends_on:MBEDTLS_SHA256_C pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"":"63a35294577c7e593170378175b7df27c293dae583ec2a971426eb2d66f2af483e897bfae5dc20300a9d61a3644e08c3aee61a463690a3498901563c46041056":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING From 91048a3aac537721a84d964eeaa0de43ba14f791 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Oct 2017 17:46:14 +0200 Subject: [PATCH 0480/1059] RSA PSS: remove redundant check; changelog Remove a check introduced in the previous buffer overflow fix with keys of size 8N+1 which the subsequent fix for buffer start calculations made redundant. Added a changelog entry for the buffer start calculation fix. --- ChangeLog | 2 ++ library/rsa.c | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6f7637dc1d..4a2e710b24 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,8 @@ Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were + accepted. Generating these signatures required the private key. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/rsa.c b/library/rsa.c index b54960fb72..148f6b345b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1399,8 +1399,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, while( p < hash_start - 1 && *p == 0 ) p++; - if( p == hash_start || - *p++ != 0x01 ) + if( *p++ != 0x01 ) { mbedtls_md_free( &md_ctx ); return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From 27b34d5bad4766ab8b4d6b81d4571b946b70f55a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 20 Oct 2017 14:24:51 +0100 Subject: [PATCH 0481/1059] Wrong identifier used to check Encrypt-then-MAC flag This commit fixes a comparison of ssl_session->encrypt_then_mac against the ETM-unrelated constant MBEDTLS_SSL_EXTENDED_MS_DISABLED. Instead, MBEDTLS_SSL_ETM_DISABLED should be used. The typo is has no functional effect since both constants have the same value 0. --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 37f415dd12..f98e9e8a96 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2042,7 +2042,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *suite = NULL; const mbedtls_cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { *olen = 0; From ffb1e1ab3da9b235ccf8e28629aa143b6db36f38 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 13:17:42 +0100 Subject: [PATCH 0482/1059] Documentation improvements --- include/mbedtls/ssl.h | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e811bb907d..43ba67cd5f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2244,7 +2244,7 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, * \return 0 if nothing's pending, 1 otherwise. * * \note This function is essential when using the library - * with event-driven I/O. The user should not idle + * with event-driven I/O. You should not idle * (waiting for events from the underlying transport * or from timers) before this function's check passes. * Otherwise, it's possible to run into a deadlock @@ -2398,18 +2398,19 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or * a specific SSL error code. * - * If MBEDTLS_ERR_SSL_WANT_READ is returned, the handshake is - * unfinished and no further data is available from the underlying - * transport. In this case, the function needs to be called again - * at some later stage. + * If this function returns MBEDTLS_ERR_SSL_WANT_READ, the + * handshake is unfinished and no further data is available + * from the underlying transport. In this case, you must call + * the function again at some later stage. * * \note Remarks regarding event-driven DTLS: * If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram * from the underlying transport layer is currently being processed, * and it is safe to idle until the timer or the underlying transport * signal a new event. This is not true for a successful handshake, - * in which case the currently processed underlying transport's datagram - * might or might not contain further DTLS records. + * in which case the datagram of the underlying transport that is + * currently being processed might or might not contain further + * DTLS records. * * \note If this function returns something other than 0 or * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context @@ -2475,7 +2476,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * \param len maximum number of bytes to read * * \return One of the following: - * - 0 for EOF, or + * - 0 if the read end of the underlying transport was closed, * - the (positive) number of bytes read, or * - a negative error code on failure. * @@ -2506,22 +2507,21 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context * becomes unusable, and you should either free it or call * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * a new connection. * * \note Remarks regarding event-driven DTLS: * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram * from the underlying transport layer is currently being processed, * and it is safe to idle until the timer or the underlying transport * signal a new event. - * - If the function returns MBEDTLS_ERR_SSL_WANT_READ this does not mean - * that no data was available from the underlying transport in the first place, - * as there might have been delayed or duplicated messages, or a renegotiation - * request from the peer. Therefore, the user must be prepared to receive - * MBEDTLS_ERR_SSL_WANT_READ even when reacting to an incoming-data event - * from the underlying transport. - * - On success, the currently processed underlying transport's datagram - * might or might not contain further DTLS records, and the user should - * consult \c mbedtls_ssl_check_pending in that regard. + * - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was + * initially available on the underlying transport, as this data may have + * been only e.g. duplicated messages or a renegotiation request. + * Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even + * when reacting to an incoming-data event from the underlying transport. + * - On success, the datagram of the underlying transport that is currently + * being processed may contain further DTLS records. You should call + * \c mbedtls_ssl_check_pending to check for remaining records. * */ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); From a6fb089efc6b6b30434f7db5d4c330e204e03896 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 13:17:48 +0100 Subject: [PATCH 0483/1059] Don't split debug messages --- library/ssl_tls.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 83d3c9698a..caa1cd32ee 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6377,8 +6377,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) if( ssl->keep_current_message == 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record " - "held back for processing" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) ); return( 1 ); } @@ -6390,8 +6389,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ssl->in_left > ssl->next_record_offset ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records " - "within current datagram" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) ); return( 1 ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -6404,8 +6402,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) * read_record_layer, see IOTSSL-1414 */ if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake " - "messages within current record" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) ); return( 1 ); } @@ -6414,8 +6411,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) */ if( ssl->in_offt != NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data " - "record is being processed" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) ); return( 1 ); } From e72489de11067b033a444c13d3b4c305d160cb3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 13:23:50 +0100 Subject: [PATCH 0484/1059] Remove internal references and use milder wording for some comments --- library/ssl_tls.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index caa1cd32ee..80a06fe30c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3790,11 +3790,6 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) * (2) Alert messages: * Consume whole record content, in_msglen = 0. * - * NOTE: This needs to be fixed, since like for - * handshake messages it is allowed to have - * multiple alerts witin a single record. - * Internal reference IOTSSL-1321. - * * (3) Change cipher spec: * Consume whole record content, in_msglen = 0. * @@ -3822,12 +3817,12 @@ int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ) */ /* Notes: - * (1) in_hslen is *NOT* necessarily the size of the + * (1) in_hslen is not necessarily the size of the * current handshake content: If DTLS handshake * fragmentation is used, that's the fragment * size instead. Using the total handshake message - * size here is FAULTY and should be changed at - * some point. Internal reference IOTSSL-1414. + * size here is faulty and should be changed at + * some point. * (2) While it doesn't seem to cause problems, one * has to be very careful not to assume that in_hslen * is always <= in_msglen in a sensible communication. @@ -6398,8 +6393,6 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) * Case C: A handshake message is being processed. */ - /* TODO This needs correction in the same way as - * read_record_layer, see IOTSSL-1414 */ if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) ); From e41158ba10b82da1006509edb1f59f2b5cb435a0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 13:30:32 +0100 Subject: [PATCH 0485/1059] Add comment on the meaning of ssl->in_offt == NULL --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 80a06fe30c..a0c19c9366 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6849,6 +6849,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * ssl->keep_current_message = 0 below. */ + /* Loop as long as no application data record is available */ while( ssl->in_offt == NULL ) { /* Start timer if not already running */ From 4ac73e78048235902727ed420f04dc2d7f296135 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 15:27:37 +0100 Subject: [PATCH 0486/1059] Use shell string processing instead of sed in ssl-opt.sh --- tests/ssl-opt.sh | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 57d5e60532..5078c0bcd7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -457,7 +457,7 @@ run_test() { kill $PXY_PID >/dev/null 2>&1 sleep 0.01 if kill -0 $PXY_PID >/dev/null 2>&1; then - kill -KILL $pXY_PID + kill -KILL $PXY_PID wait $PXY_PID fi fi @@ -608,12 +608,9 @@ fi get_options "$@" # sanity checks, avoid an avalanche of errors -P_SRV_BIN=$(echo "$P_SRV" | sed -r -n "s/^([^ ]*).*$/\1/p") -echo "Server binary: ${P_SRV_BIN}" -P_CLI_BIN=$(echo "$P_CLI" | sed -r -n "s/^([^ ]*).*$/\1/p") -echo "Client binary: ${P_CLI_BIN}" -P_PXY_BIN=$(echo "$P_PXY" | sed -r -n "s/^([^ ]*).*$/\1/p") -echo "Proxy binary: ${P_PXY_BIN}" +P_SRV_BIN="${P_SRV%%[ ]*}" +P_CLI_BIN="${P_CLI%%[ ]*}" +P_PXY_BIN="${P_PXY%%[ ]*}" if [ ! -x "$P_SRV_BIN" ]; then echo "Command '$P_SRV_BIN' is not an executable file" exit 1 From 22829e9860029eb6e3e333ee481ef232fce0c97a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 15:28:55 +0100 Subject: [PATCH 0487/1059] Don't use sed -r in udp_proxy_wrapper.sh --- programs/test/udp_proxy_wrapper.sh | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 415f883995..d0a3660956 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -2,16 +2,14 @@ set -u -MBEDTLS_BASE="$(pwd)/$(dirname $0)/../../" -TPXY_BIN="$MBEDTLS_BASE/test/udp_proxy" +MBEDTLS_BASE="$(dirname -- "$0")/../.." +TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy" SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2" : ${VERBOSE:=0} -VERBOSE=1 - -PARAM_SEP="^(.*)--(.*)$" -PROXY_PARAMS=$(echo $@ | sed -n -r "s/$PARAM_SEP/\1/p") -SERVER_PARAMS=$(echo $@ | sed -n -r "s/$PARAM_SEP/\2/p") +FULL_PARAMS=$* +PROXY_PARAMS=${FULL_PARAMS%%" -- "*} +SERVER_PARAMS=${FULL_PARAMS#*" -- "} stop_proxy() { test -n "${TPXY_PID:-}" && @@ -49,13 +47,13 @@ if [ -z "$DTLS_ENABLED" ]; then exit 0 fi -SERVER_PORT_ORIG=$(echo "$SERVER_PARAMS" | sed -n -r "s/^.*server_port=([0-9]+).*$/\1/p") +SERVER_PORT_ORIG=$(echo "$SERVER_PARAMS" | sed -n "s/^.*server_port=\([0-9]*\).*$/\1/p") if [ -z "$SERVER_PORT_ORIG" ]; then echo " * No server port specified - exit" exit 1 fi -SERVER_ADDR_ORIG=$(echo "$SERVER_PARAMS" | sed -n -r "s/^.*server_addr=([a-zA-Z0-9\.]+).*$/\1/p") +SERVER_ADDR_ORIG=$(echo "$SERVER_PARAMS" | sed -n "s/^.*server_addr=\([a-zA-Z0-9\.]*\).*$/\1/p") if [ -z "$SERVER_ADDR_ORIG" ]; then echo " * No server address specified - exit" exit 1 @@ -86,7 +84,7 @@ if [ $VERBOSE -gt 0 ]; then echo " * Proxy ID: $TPXY_PID" fi -SERVER_PARAMS_NEW=$(echo $SERVER_PARAMS | sed -n -r "s/^(.*server_port=)[0-9]+(.*)$/\1$SERVER_PORT\2/p") +SERVER_PARAMS_NEW=$(echo "$SERVER_PARAMS" | sed -n "s/^\(.*server_port=\)[0-9]*\(.*\)$/\1$SERVER_PORT\2/p") SRV_CMD="$SRV_BIN $SERVER_PARAMS_NEW" echo " * Starting server ..." From a677cdd4592ebd7d0ef725109e76ca3662d8c477 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 15:29:31 +0100 Subject: [PATCH 0488/1059] Detect IPv6 in udp_proxy_wrapper.sh grepping for `server_addr=::1` --- programs/test/udp_proxy_wrapper.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index d0a3660956..987b8a4ca0 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -35,8 +35,10 @@ cleanup() { trap cleanup INT TERM HUP -DTLS_ENABLED=$(echo "$SERVER_PARAMS" | grep -v "::1" | grep "dtls=1") -if [ -z "$DTLS_ENABLED" ]; then +DTLS_ENABLED=$(echo " $SERVER_PARAMS" | grep " dtls=1") +IPV6_IN_USE=$(echo " $SERVER_PARAMS" | grep " server_addr=::1" ) + +if [ -z "$DTLS_ENABLED" ] || [ -n "$IPV6_IN_USE" ]; then echo " * Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." if [ $VERBOSE -gt 0 ]; then echo "[ $SRV_BIN $SERVER_PARAMS ]" From 19773ff8357865b0ebd4af44a0c8c4a09f7d85f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 24 Oct 2017 10:51:26 +0200 Subject: [PATCH 0489/1059] Avoid comparing size between RSA and EC keys --- library/x509_crt.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 8f8f6930cf..a85199817d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -193,9 +193,18 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg, const mbedtls_pk_context *pk ) { + const mbedtls_pk_type_t pk_type = mbedtls_pk_get_type( pk ); + #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) { + /* Avoid comparing size between RSA and ECC */ + if( pk_type != MBEDTLS_PK_RSA && + pk_type != MBEDTLS_PK_RSASSA_PSS ) + { + return( -1 ); + } + if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) return( 0 ); @@ -209,10 +218,8 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, pk_alg == MBEDTLS_PK_ECKEY_DH ) { mbedtls_ecp_group_id gid; - mbedtls_pk_type_t pk_type; /* Avoid calling pk_ec() if this is not an EC key */ - pk_type = mbedtls_pk_get_type( pk ); if( pk_type != MBEDTLS_PK_ECDSA && pk_type != MBEDTLS_PK_ECKEY && pk_type != MBEDTLS_PK_ECKEY_DH ) From afc4f892d1f3afb1f1bd40a5392609392fb5eb12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Oct 2017 10:00:17 +0200 Subject: [PATCH 0490/1059] udp_proxy_wrapper.sh: more robust Don't mangle arguments containing spaces and other special characters, pass them unchanged to the proxy or server as applicable. More robust parsing of server parameters: don't hit on partial words; use ssl_server2's default values. Minor style improvements. --- programs/test/udp_proxy_wrapper.sh | 124 ++++++++++++++++------------- 1 file changed, 69 insertions(+), 55 deletions(-) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 987b8a4ca0..fa13596d69 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -1,4 +1,6 @@ #!/bin/sh +# -*-sh-basic-offset: 4-*- +# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] set -u @@ -7,24 +9,21 @@ TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy" SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2" : ${VERBOSE:=0} -FULL_PARAMS=$* -PROXY_PARAMS=${FULL_PARAMS%%" -- "*} -SERVER_PARAMS=${FULL_PARAMS#*" -- "} stop_proxy() { - test -n "${TPXY_PID:-}" && - ( - echo "\n * Killing proxy (pid $TPXY_PID) ..." - kill $TPXY_PID - ) + if [ -n "${tpxy_pid:-}" ]; then + echo + echo " * Killing proxy (pid $tpxy_pid) ..." + kill $tpxy_pid + fi } stop_server() { - test -n "${SRV_PID:-}" && - ( - echo "\n * Killing server (pid $SRV_PID) ..." - kill $SRV_PID >/dev/null 2>/dev/null - ) + if [ -n "${srv_pid:-}" ]; then + echo + echo " * Killing server (pid $srv_pid) ..." + kill $srv_pid >/dev/null 2>/dev/null + fi } cleanup() { @@ -35,69 +34,84 @@ cleanup() { trap cleanup INT TERM HUP -DTLS_ENABLED=$(echo " $SERVER_PARAMS" | grep " dtls=1") -IPV6_IN_USE=$(echo " $SERVER_PARAMS" | grep " server_addr=::1" ) +# Extract the proxy parameters +tpxy_cmd_snippet='"$TPXY_BIN"' +while [ $# -ne 0 ] && [ "$1" != "--" ]; do + tail="$1" quoted="" + while [ -n "$tail" ]; do + case "$tail" in + *\'*) quoted="${quoted}${tail%%\'*}'\\''" tail="${tail#*\'}";; + *) quoted="${quoted}${tail}"; tail=; false;; + esac + done + tpxy_cmd_snippet="$tpxy_cmd_snippet '$quoted'" + shift +done +unset tail quoted +if [ $# -eq 0 ]; then + echo " * No server arguments (must be preceded by \" -- \") - exit" + exit 3 +fi +shift -if [ -z "$DTLS_ENABLED" ] || [ -n "$IPV6_IN_USE" ]; then - echo " * Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." +dtls_enabled= +ipv6_in_use= +server_port_orig= +server_addr_orig= +for param; do + case "$param" in + server_port=*) server_port_orig="${param#*=}";; + server_addr=*:*) server_addr_orig="${param#*=}"; ipv6_in_use=1;; + server_addr=*) server_addr_orig="${param#*=}";; + dtls=[!0]*) dtls_enabled=1;; + esac +done + +if [ -z "$dtls_enabled" ] || [ -n "$ipv6_in_use" ]; then + echo >&2 "$0: Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." if [ $VERBOSE -gt 0 ]; then - echo "[ $SRV_BIN $SERVER_PARAMS ]" + echo "[ $SRV_BIN $* ]" fi - $SRV_BIN $SERVER_PARAMS >&1 2>&1 & - SRV_PID=$! - wait $SRV_PID - exit 0 + exec "$SRV_BIN" "$@" fi -SERVER_PORT_ORIG=$(echo "$SERVER_PARAMS" | sed -n "s/^.*server_port=\([0-9]*\).*$/\1/p") -if [ -z "$SERVER_PORT_ORIG" ]; then - echo " * No server port specified - exit" - exit 1 +if [ -z "$server_port_orig" ]; then + server_port_orig=4433 +fi +echo " * Server port: $server_port_orig" +tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_port=\$server_port_orig\"" +tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_port=\$server_port\"" + +if [ -n "$server_addr_orig" ]; then + echo " * Server address: $server_addr_orig" + tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_addr=\$server_addr_orig\"" + tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_addr=\$server_addr_orig\"" fi -SERVER_ADDR_ORIG=$(echo "$SERVER_PARAMS" | sed -n "s/^.*server_addr=\([a-zA-Z0-9\.]*\).*$/\1/p") -if [ -z "$SERVER_ADDR_ORIG" ]; then - echo " * No server address specified - exit" - exit 1 -fi - -echo " * Server address: $SERVER_ADDR_ORIG" -echo " * Server port: $SERVER_PORT_ORIG" - -SERVER_PORT=$(( $SERVER_PORT_ORIG + 1 )) -echo " * Intermediate port: $SERVER_PORT" - -TPXY_CMD=\ -"$TPXY_BIN $PROXY_PARAMS "\ -"listen_port=$SERVER_PORT_ORIG "\ -"server_port=$SERVER_PORT "\ -"server_addr=$SERVER_ADDR_ORIG "\ -"listen_addr=$SERVER_ADDR_ORIG" +server_port=$(( server_port_orig + 1 )) +set -- "$@" "server_port=$server_port" +echo " * Intermediate port: $server_port" echo " * Start proxy in background ..." if [ $VERBOSE -gt 0 ]; then - echo "[ $TPXY_CMD ]" + echo "[ $tpxy_cmd_snippet ]" fi - -$TPXY_CMD >/dev/null 2>&1 & -TPXY_PID=$! +eval "$tpxy_cmd_snippet" >/dev/null 2>&1 & +tpxy_pid=$! if [ $VERBOSE -gt 0 ]; then echo " * Proxy ID: $TPXY_PID" fi -SERVER_PARAMS_NEW=$(echo "$SERVER_PARAMS" | sed -n "s/^\(.*server_port=\)[0-9]*\(.*\)$/\1$SERVER_PORT\2/p") -SRV_CMD="$SRV_BIN $SERVER_PARAMS_NEW" - echo " * Starting server ..." if [ $VERBOSE -gt 0 ]; then - echo "[ $SRV_CMD ]" + echo "[ $SRV_BIN $* ]" fi -$SRV_CMD >&2 & -SRV_PID=$! +"$SRV_BIN" "$@" >&2 & +srv_pid=$! -wait $SRV_PID +wait $srv_pid stop_proxy return 0 From 8149321fedd0085f18783d41490a7d4043f7716c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Oct 2017 12:22:40 +0200 Subject: [PATCH 0491/1059] udp_proxy_wrapper.sh: fix cleanup not cleaning up Fixed cleanup leaving the actual udp_proxy behind and only killing an intermediate shell process. Fixed trap handler cleaning up but then not dying. --- programs/test/udp_proxy_wrapper.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index fa13596d69..29033d5d17 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -29,7 +29,7 @@ stop_server() { cleanup() { stop_server stop_proxy - return 1 + exit 129 } trap cleanup INT TERM HUP @@ -96,7 +96,7 @@ echo " * Start proxy in background ..." if [ $VERBOSE -gt 0 ]; then echo "[ $tpxy_cmd_snippet ]" fi -eval "$tpxy_cmd_snippet" >/dev/null 2>&1 & +eval exec "$tpxy_cmd_snippet" >/dev/null 2>&1 & tpxy_pid=$! if [ $VERBOSE -gt 0 ]; then @@ -108,7 +108,7 @@ if [ $VERBOSE -gt 0 ]; then echo "[ $SRV_BIN $* ]" fi -"$SRV_BIN" "$@" >&2 & +exec "$SRV_BIN" "$@" >&2 & srv_pid=$! wait $srv_pid From 3319555b7cbdd0ee2eeef3983bd0c28251e3f1cf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 25 Oct 2017 17:04:10 +0100 Subject: [PATCH 0492/1059] Improve documentation of mbedtls_rsa_import[_raw] --- include/mbedtls/rsa.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index da86d16f31..5e7fdca6bc 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -171,6 +171,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * and complete the provided information to a ready-for-use * public or private RSA key. * + * \note See the documentation of \c mbedtls_rsa_complete for more + * information on which parameters are necessary to setup + * a private or public RSA key. + * * \note The imported parameters are copied and need not be preserved * for the lifetime of the RSA context being set up. * @@ -204,6 +208,10 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * and complete the provided information to a ready-for-use * public or private RSA key. * + * \note See the documentation of \c mbedtls_rsa_complete for more + * information on which parameters are necessary to setup + * a private or public RSA key. + * * \note The imported parameters are copied and need not be preserved * for the lifetime of the RSA context being set up. * From 254eec8bb4844cc9b4ac9974ad34d3c5679d9fb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 26 Oct 2017 09:47:36 +0200 Subject: [PATCH 0493/1059] Document choice of script exit code --- tests/scripts/curves.pl | 1 + tests/scripts/depends-hashes.pl | 1 + tests/scripts/depends-pkalgs.pl | 1 + tests/scripts/key-exchanges.pl | 1 + tests/scripts/test-ref-configs.pl | 1 + 5 files changed, 5 insertions(+) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index b7cfdf6749..004181432f 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -36,6 +36,7 @@ my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index 46628a72de..29dcfb00ce 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -45,6 +45,7 @@ my @hashes = split( /\s+/, system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 3ab1615237..14c92b2214 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -60,6 +60,7 @@ my %algs = ( system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl index 5ce8900466..d167c67c73 100755 --- a/tests/scripts/key-exchanges.pl +++ b/tests/scripts/key-exchanges.pl @@ -33,6 +33,7 @@ my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index fe6d154f95..600fc751ec 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -55,6 +55,7 @@ my $config_h = 'include/mbedtls/config.h'; system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; + # use an exit code between 1 and 124 for git bisect (die returns 255) warn $_[0]; exit 1; } From 3f81691d293f75785f78f0b4fc4683f7bdc0b0b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 26 Oct 2017 10:24:16 +0200 Subject: [PATCH 0494/1059] Revert to old behaviour of profile_check_key() Was never documented to check for key alg compatibility, so should not start doing so. Just stop relying on the pk_alg argument instead. --- library/x509_crt.c | 34 ++++++++-------------------------- 1 file changed, 8 insertions(+), 26 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index a85199817d..bbc0f3c087 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -161,7 +161,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = /* * Check md_alg against profile - * Return 0 if md_alg acceptable for this profile, -1 otherwise + * Return 0 if md_alg is acceptable for this profile, -1 otherwise */ static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, mbedtls_md_type_t md_alg ) @@ -174,7 +174,7 @@ static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, /* * Check pk_alg against profile - * Return 0 if pk_alg acceptable for this profile, -1 otherwise + * Return 0 if pk_alg is acceptable for this profile, -1 otherwise */ static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg ) @@ -187,24 +187,16 @@ static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, /* * Check key against profile - * Return 0 if pk_alg acceptable for this profile, -1 otherwise + * Return 0 if pk is acceptable for this profile, -1 otherwise */ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, - mbedtls_pk_type_t pk_alg, const mbedtls_pk_context *pk ) { - const mbedtls_pk_type_t pk_type = mbedtls_pk_get_type( pk ); + const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk ); #if defined(MBEDTLS_RSA_C) if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) { - /* Avoid comparing size between RSA and ECC */ - if( pk_type != MBEDTLS_PK_RSA && - pk_type != MBEDTLS_PK_RSASSA_PSS ) - { - return( -1 ); - } - if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) return( 0 ); @@ -217,17 +209,7 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) { - mbedtls_ecp_group_id gid; - - /* Avoid calling pk_ec() if this is not an EC key */ - if( pk_type != MBEDTLS_PK_ECDSA && - pk_type != MBEDTLS_PK_ECKEY && - pk_type != MBEDTLS_PK_ECKEY_DH ) - { - return( -1 ); - } - - gid = mbedtls_pk_ec( *pk )->grp.id; + const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) return( 0 ); @@ -1716,7 +1698,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, break; } - if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 ) + if( x509_profile_check_key( profile, &ca->pk ) != 0 ) flags |= MBEDTLS_X509_BADCERT_BAD_KEY; if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, @@ -2183,7 +2165,7 @@ static int x509_crt_verify_chain( *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; /* check size of signing key */ - if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) + if( x509_profile_check_key( profile, &parent->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; #if defined(MBEDTLS_X509_CRL_PARSE_C) @@ -2346,7 +2328,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) *ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; - if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) + if( x509_profile_check_key( profile, &crt->pk ) != 0 ) *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Check the chain */ From 7bba968afcb9d2a352d2e39cc9eae5a338d94c53 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 26 Oct 2017 11:53:26 +0100 Subject: [PATCH 0495/1059] Adapt ChangeLog --- ChangeLog | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b6ab9665a8..2f1f0557c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,12 +2,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Fix memory leak in RSA self test. - Security - * Add option for mandatory use of blinding in RSA private key operations. - * Add options for verification of RSA private key operations to defend + * Verify results of RSA private key operations to defend against Bellcore glitch attack. = mbed TLS 2.x.x branch released xxxx-xx-xx From 2412061a5a55410e8fffc583b3ce3a2f0dfc067d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 26 Oct 2017 11:53:35 +0100 Subject: [PATCH 0496/1059] Correct typo and improve documentation --- include/mbedtls/rsa.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index bc2f810ae8..54a1f25207 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -230,11 +230,11 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). * - * \note Blinding is used if and onlf if a PRNG is provided. + * \note Blinding is used if and only if a PRNG is provided. * * \note If blinding is used, both the base of exponentation - * and the exponent are blinded, preventing both statistical - * timing and power analysis attacks. + * and the exponent are blinded, providing protection + * against some side-channel attacks. * * \warning It is deprecated and a security risk to not provide * a PRNG here and thereby prevent the use of blinding. From df4180a235de1990d9769a1010b03cfe9cbed8c2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 27 Oct 2017 13:43:58 +0100 Subject: [PATCH 0497/1059] Don't break debug messages --- programs/ssl/ssl_client2.c | 78 +++++++++++++++++++------------------- programs/ssl/ssl_server2.c | 24 ++++++------ programs/test/udp_proxy.c | 5 +-- 3 files changed, 53 insertions(+), 54 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5b82693ff3..ed3966495a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -478,8 +478,7 @@ void idle( mbedtls_ssl_context *ssl, * if data is still pending to be processed. */ if( mbedtls_ssl_check_pending( ssl ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, " - "but idling requested!" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, but idling requested!" ) ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); @@ -504,8 +503,8 @@ void idle( mbedtls_ssl_context *ssl, if( poll_type != 0 && mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - " - "continue", time_elapsed ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - continue", + time_elapsed ) ); break; } } @@ -960,8 +959,7 @@ int main( int argc, char *argv[] ) * refers to the underlying net_context. */ if( opt.event == 1 && opt.nbio != 1 ) { - mbedtls_printf( "Warning: event-driven IO mandates nbio=1" - " - overwrite\n" ); + mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" ); opt.nbio = 1; } @@ -1236,8 +1234,8 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", + -ret ); goto exit; } @@ -1261,8 +1259,8 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_key " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", + -ret ); goto exit; } @@ -1285,8 +1283,8 @@ int main( int argc, char *argv[] ) opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_connect " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", + -ret ); goto exit; } @@ -1296,8 +1294,8 @@ int main( int argc, char *argv[] ) ret = mbedtls_net_set_block( &server_fd ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! net_set_(non)block() " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", + -ret ); goto exit; } @@ -1314,8 +1312,8 @@ int main( int argc, char *argv[] ) opt.transport, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", + -ret ); goto exit; } @@ -1345,8 +1343,8 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", + ret ); goto exit; } #endif @@ -1382,8 +1380,8 @@ int main( int argc, char *argv[] ) if( opt.alpn_string != NULL ) if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", + ret ); goto exit; } #endif @@ -1422,8 +1420,8 @@ int main( int argc, char *argv[] ) { if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", + ret ); goto exit; } } @@ -1442,8 +1440,8 @@ int main( int argc, char *argv[] ) (const unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", + ret ); goto exit; } #endif @@ -1463,16 +1461,16 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", + -ret ); goto exit; } #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", + ret ); goto exit; } #endif @@ -1484,8 +1482,8 @@ int main( int argc, char *argv[] ) (const unsigned char *) opt.ecjpake_pw, strlen( opt.ecjpake_pw ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", + ret ); goto exit; } } @@ -1516,8 +1514,8 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake " - "returned -0x%x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", + -ret ); if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) mbedtls_printf( " Unable to verify the server's certificate. " @@ -1571,8 +1569,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_get_session " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", + -ret ); goto exit; } @@ -1622,8 +1620,8 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", + ret ); goto exit; } @@ -1686,8 +1684,8 @@ send_request: if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write " - "returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", + -ret ); goto exit; } @@ -1726,8 +1724,8 @@ send_request: if( ret < 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write " - "returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", + ret ); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d16c534191..d70046c84b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1427,8 +1427,7 @@ int main( int argc, char *argv[] ) * refers to the underlying net_context. */ if( opt.event == 1 && opt.nbio != 1 ) { - mbedtls_printf( "Warning: event-driven IO mandates nbio=1" - " - overwrite\n" ); + mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" ); opt.nbio = 1; } @@ -1733,7 +1732,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", - -ret ); + -ret ); goto exit; } } @@ -1751,8 +1750,7 @@ int main( int argc, char *argv[] ) strcmp( opt.key_file2, "none" ) != 0 ) { #if !defined(MBEDTLS_CERTS_C) - mbedtls_printf( "Not certificated or key provided, and \n" - "MBEDTLS_CERTS_C not defined!\n" ); + mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" ); goto exit; #else #if defined(MBEDTLS_RSA_C) @@ -1760,14 +1758,16 @@ int main( int argc, char *argv[] ) (const unsigned char *) mbedtls_test_srv_crt_rsa, mbedtls_test_srv_crt_rsa_len ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", + -ret ); goto exit; } if( ( ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key_rsa, mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", + -ret ); goto exit; } key_cert_init = 2; @@ -1777,14 +1777,16 @@ int main( int argc, char *argv[] ) (const unsigned char *) mbedtls_test_srv_crt_ec, mbedtls_test_srv_crt_ec_len ) ) != 0 ) { - mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", + -ret ); goto exit; } if( ( ret = mbedtls_pk_parse_key( &pkey2, (const unsigned char *) mbedtls_test_srv_key_ec, mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 ) { - mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", + -ret ); goto exit; } key_cert_init2 = 2; @@ -2190,8 +2192,8 @@ reset: if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl, client_ip, cliip_len ) ) != 0 ) { - mbedtls_printf( " failed\n ! " - "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", + -ret ); goto exit; } } diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index c978f9047d..386b1fcad5 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -318,9 +318,8 @@ static int ctx_buffer_flush( ctx_buffer *buf ) { int ret; - mbedtls_printf( " %05lu flush %s: %u bytes, %lu datagrams, " - "last %ld ms\n", ellapsed_time(), - buf->description, buf->len, buf->num_datagrams, + mbedtls_printf( " %05lu flush %s: %u bytes, %lu datagrams, last %ld ms\n", + ellapsed_time(), buf->description, buf->len, buf->num_datagrams, ellapsed_time() - buf->packet_lifetime ); ret = mbedtls_net_send( buf->ctx, buf->data, buf->len ); From 22360825ae64374fb897d366c39f6704a56441b4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 29 Oct 2017 17:53:52 +0200 Subject: [PATCH 0498/1059] Address PR review comments set `cache->chain` to NULL, instead of setting the whole structure to zero. --- library/ssl_cache.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/library/ssl_cache.c b/library/ssl_cache.c index d34bc3d636..47867f132d 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -43,11 +43,6 @@ #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) { memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) ); @@ -326,8 +321,7 @@ void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &cache->mutex ); #endif - - mbedtls_zeroize( cache, sizeof(mbedtls_ssl_cache_context) ); + cache->chain = NULL; } #endif /* MBEDTLS_SSL_CACHE_C */ From c7acb913ce1ccd2fa6c10b9b113735cc4995772b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 30 Oct 2017 17:03:57 +0200 Subject: [PATCH 0499/1059] Change Arm Trademarks Change the Arm Trademarks according to updated Trademarks --- README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 5ffd2ae561..378db1dd30 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@ -README for mbed TLS +README for Mbed TLS =================== Configuration ------------- -mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions). +Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions). Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below). Compiling --------- -There are currently four active build systems used within mbed TLS releases: +There are currently four active build systems used within Mbed TLS releases: - yotta - GNU Make @@ -23,15 +23,15 @@ The main systems used for development are CMake and GNU Make. Those systems are Yotta, as a build system, is slightly different from the other build systems: - it provides a minimalistic configuration file by default -- depending on the yotta target, features of mbed OS may be used in examples and tests +- depending on the yotta target, features of Mbed OS may be used in examples and tests The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls. ### Yotta -[yotta](http://yottabuild.org) is a package manager and build system developed by mbed, and is the build system of mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing). +[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing). -Once yotta is installed, you can use it to download the latest version of mbed TLS from the yotta registry with: +Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with: yotta install mbedtls @@ -39,18 +39,18 @@ and build it with: yotta build -If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running: +If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running: yotta/create-module.sh -This should be executed from the root mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual: +This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual: cd yotta/module yotta build In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/). -For more details on the yotta/mbed OS edition of mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md). +For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md). ### Make @@ -78,9 +78,9 @@ In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if th Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`. -Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. +Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. -In case you find that you need to do something else as well, please let us know what, so we can add it to the [mbed TLS knowledge base](https://tls.mbed.org/kb). +In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS knowledge base](https://tls.mbed.org/kb). ### CMake @@ -143,7 +143,7 @@ We've included example programs for a lot of different features and uses in `pro Tests ----- -mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. +Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: @@ -158,14 +158,14 @@ Configurations We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` -Porting mbed TLS +Porting Mbed TLS ---------------- -mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful: +Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful: -- [Porting mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS) -- [What external dependencies does mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on) -- [How do I configure mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls) +- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS) +- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on) +- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls) Contributing ------------ @@ -176,12 +176,12 @@ We gratefully accept bug reports and contributions from the community. There are - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. -To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. +To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given. ### Making a Contribution 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. -2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. +2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. 4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :) From 9d22619a13493e335bac7f6c0cf25e42aaffab36 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 30 Oct 2017 18:39:47 +0200 Subject: [PATCH 0500/1059] Change Arm Trademarks to the issue template Change the Trademarks to the issue template document --- .github/issue_template.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 33f68fba19..5e9d83d4fc 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,7 +8,7 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -mbed-OS|linux|windows| +Mbed OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id @@ -38,4 +38,4 @@ Version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** +**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)** From 197a91cd82c6351beacb23d2bea0522066c9b332 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 10:58:53 +0000 Subject: [PATCH 0501/1059] Clean up idle() function in ssl_client2 and ssl_server2 --- programs/ssl/ssl_client2.c | 67 ++++++++++++-------------------------- programs/ssl/ssl_server2.c | 64 +++++++++++------------------------- 2 files changed, 40 insertions(+), 91 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ed3966495a..289920cbdd 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -444,20 +444,14 @@ static int ssl_sig_hashes_for_test[] = { * (Used in event-driven IO mode). */ #if !defined(MBEDTLS_TIMING_C) -void idle( mbedtls_ssl_context *ssl, - mbedtls_net_context *fd, +void idle( mbedtls_net_context *fd, int idle_reason ) { #else -void idle( mbedtls_ssl_context *ssl, - mbedtls_net_context *fd, +void idle( mbedtls_net_context *fd, mbedtls_timing_delay_context *timer, int idle_reason ) { -#if defined(MBEDTLS_DEBUG_C) - struct mbedtls_timing_hr_time tm; - unsigned long time_elapsed; -#endif #endif int poll_type = 0; @@ -468,43 +462,24 @@ void idle( mbedtls_ssl_context *ssl, poll_type = MBEDTLS_NET_POLL_READ; #if !defined(MBEDTLS_TIMING_C) else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: No reason for idling given" ) ); return; - } -#endif - - /* One should not idle on the underlying transport - * if data is still pending to be processed. */ - if( mbedtls_ssl_check_pending( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, but idling requested!" ) ); - } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); - -#if defined(MBEDTLS_TIMING_C) && defined(MBEDTLS_DEBUG_C) - mbedtls_timing_get_timer( &tm, 1 /* restart */ ); #endif while( 1 ) { + /* Check if timer has expired */ #if defined(MBEDTLS_TIMING_C) -#if defined(MBEDTLS_DEBUG_C) - time_elapsed = mbedtls_timing_get_timer( &tm, 0 ); -#endif - if( mbedtls_timing_get_delay( timer ) == 2 ) + if( timer != NULL && + mbedtls_timing_get_delay( timer ) == 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] timer expired - continue", - time_elapsed ) ); break; } -#endif +#endif /* MBEDTLS_TIMING_C */ + /* Check if underlying transport became available */ if( poll_type != 0 && mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - continue", - time_elapsed ) ); break; } } @@ -1532,9 +1507,9 @@ int main( int argc, char *argv[] ) if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } @@ -1629,9 +1604,9 @@ int main( int argc, char *argv[] ) if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } @@ -1693,9 +1668,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } @@ -1715,9 +1690,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } @@ -1761,9 +1736,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } continue; @@ -1822,9 +1797,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } @@ -1887,9 +1862,9 @@ send_request: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &server_fd, &timer, ret ); + idle( &server_fd, &timer, ret ); #else - idle( &ssl, &server_fd, ret ); + idle( &server_fd, ret ); #endif } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d70046c84b..c3321d13a1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -846,20 +846,14 @@ static int ssl_sig_hashes_for_test[] = { * (Used in event-driven IO mode). */ #if !defined(MBEDTLS_TIMING_C) -void idle( mbedtls_ssl_context *ssl, - mbedtls_net_context *fd, +void idle( mbedtls_net_context *fd, int idle_reason ) { #else -void idle( mbedtls_ssl_context *ssl, - mbedtls_net_context *fd, +void idle( mbedtls_net_context *fd, mbedtls_timing_delay_context *timer, int idle_reason ) { -#if defined(MBEDTLS_DEBUG_C) - struct mbedtls_timing_hr_time tm; - unsigned long time_elapsed; -#endif #endif int poll_type = 0; @@ -870,44 +864,24 @@ void idle( mbedtls_ssl_context *ssl, poll_type = MBEDTLS_NET_POLL_READ; #if !defined(MBEDTLS_TIMING_C) else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: No reason for idling given" ) ); return; - } -#endif - - /* One should not idle on the underlying transport - * if data is still pending to be processed. */ - if( mbedtls_ssl_check_pending( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "WARNING: Data still pending, " - "but idling requested!" ) ); - } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "idle, waiting for event... " ) ); - -#if defined(MBEDTLS_TIMING_C) && defined(MBEDTLS_DEBUG_C) - mbedtls_timing_get_timer( &tm, 1 /* restart */ ); #endif while( 1 ) { + /* Check if timer has expired */ #if defined(MBEDTLS_TIMING_C) -#if defined(MBEDTLS_DEBUG_C) - time_elapsed = mbedtls_timing_get_timer( &tm, 0 ); -#endif - if( mbedtls_timing_get_delay( timer ) == 2 ) + if( timer != NULL && + mbedtls_timing_get_delay( timer ) == 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] timer expired - continue", - time_elapsed ) ); break; } -#endif +#endif /* MBEDTLS_TIMING_C */ + /* Check if underlying transport became available */ if( poll_type != 0 && mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "[%lu ms] net_context signals data - " - "continue", time_elapsed ) ); break; } } @@ -2231,9 +2205,9 @@ handshake: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } @@ -2346,9 +2320,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } @@ -2453,9 +2427,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } @@ -2504,9 +2478,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } @@ -2548,9 +2522,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } @@ -2570,9 +2544,9 @@ data_exchange: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &ssl, &client_fd, &timer, ret ); + idle( &client_fd, &timer, ret ); #else - idle( &ssl, &client_fd, ret ); + idle( &client_fd, ret ); #endif } } From 9b19a1253f56b53e6b093197bf6947bb7b51c344 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 13:00:14 +0000 Subject: [PATCH 0502/1059] Clarify use of mbedtls_ssl_check_pending --- include/mbedtls/ssl.h | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 43ba67cd5f..594c7d6b15 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2243,15 +2243,6 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, * * \return 0 if nothing's pending, 1 otherwise. * - * \note This function is essential when using the library - * with event-driven I/O. You should not idle - * (waiting for events from the underlying transport - * or from timers) before this function's check passes. - * Otherwise, it's possible to run into a deadlock - * (if processing the pending data involves essential - * communication with the peer) or to accumulate and - * potentially lose data. - * * \note This is different in purpose and behaviour from * \c mbedtls_ssl_get_bytes_avail in that it considers * any kind of unprocessed data, not only unread @@ -2262,11 +2253,25 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, * further records waiting to be processed from * the current underlying transport's datagram. * - * \note If this function returns 0 (data pending), this + * \note If this function returns 1 (data pending), this * does not imply that a subsequent call to * \c mbedtls_ssl_read will provide any data; * e.g., the unprocessed data might turn out * to be an alert or a handshake message. + * + * \note This function is useful in the following situation: + * If the SSL/TLS module successfully returns from an + * operation - e.g. a handshake or an application record + * read - and you're awaiting incoming data next, you + * must not immediately idle on the underlying transport + * to have data ready, but you need to check the value + * of this function first. The reason is that the desired + * data might already be read but not yet processed. + * If, in contrast, a previous call to the SSL/TLS module + * returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary + * to call this function, as the latter error code entails + * that all internal data has been processed. + * */ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); From 211f44c928293203c82b6781ff58346d9f00739e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 14:08:10 +0000 Subject: [PATCH 0503/1059] Rename `merge` option in UDP proxy to `pack` --- programs/test/udp_proxy.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 386b1fcad5..d0c5b94503 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -131,7 +131,7 @@ static struct options int bad_ad; /* inject corrupted ApplicationData record */ int protect_hvr; /* never drop or delay HelloVerifyRequest */ int protect_len; /* never drop/delay packet of the given size*/ - int merge; /* merge packets into single datagram for + int pack; /* merge packets into single datagram for * at most \c merge milliseconds if > 0 */ unsigned int seed; /* seed for "random" events */ @@ -157,7 +157,7 @@ static void get_options( int argc, char *argv[] ) opt.server_port = DFL_SERVER_PORT; opt.listen_addr = DFL_LISTEN_ADDR; opt.listen_port = DFL_LISTEN_PORT; - opt.merge = DFL_PACK; + opt.pack = DFL_PACK; /* Other members default to 0 */ for( i = 1; i < argc; i++ ) @@ -201,7 +201,7 @@ static void get_options( int argc, char *argv[] ) } else if( strcmp( p, "pack" ) == 0 ) { - opt.merge = atoi( q ); + opt.pack = atoi( q ); } else if( strcmp( p, "mtu" ) == 0 ) { @@ -333,7 +333,7 @@ static int ctx_buffer_flush( ctx_buffer *buf ) static inline int ctx_buffer_check( ctx_buffer *buf ) { if( buf->len > 0 && - ellapsed_time() - buf->packet_lifetime >= (size_t) opt.merge ) + ellapsed_time() - buf->packet_lifetime >= (size_t) opt.pack ) { return( ctx_buffer_flush( buf ) ); } @@ -669,7 +669,7 @@ accept: nb_fds = listen_fd.fd; ++nb_fds; - if( opt.merge > 0 ) + if( opt.pack > 0 ) { outbuf[0].ctx = &server_fd; outbuf[0].description = "S <- C"; From 92474da0a22548b05340857d44020856bc6f3be7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 14:09:30 +0000 Subject: [PATCH 0504/1059] Use Mbed TLS timing module to obtain ellapsed time in udp_proxy --- programs/test/udp_proxy.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index d0c5b94503..39b3bed4a9 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -280,22 +280,17 @@ static const char *msg_type( unsigned char *msg, size_t len ) /* Return elapsed time in milliseconds since the first call */ static unsigned long ellapsed_time( void ) { -#if defined(_WIN32) - return( 0 ); -#else - static struct timeval ref = { 0, 0 }; - struct timeval now; + static int initialized = 0; + static struct mbedtls_timing_hr_time hires; - if( ref.tv_sec == 0 && ref.tv_usec == 0 ) + if( initialized == 0 ) { - gettimeofday( &ref, NULL ); + (void) mbedtls_timing_get_timer( &hires, 1 ); + initialized = 1; return( 0 ); } - gettimeofday( &now, NULL ); - return( 1000 * ( now.tv_sec - ref.tv_sec ) - + ( now.tv_usec - ref.tv_usec ) / 1000 ); -#endif + return( mbedtls_timing_get_timer( &hires, 0 ) ); } typedef struct From 0cc7774dab85d3938b04ead8814e585f76c82f13 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 31 Oct 2017 14:10:07 +0000 Subject: [PATCH 0505/1059] Only add pack option to UDP proxy if MBEDTLS_TIMING_C is enabled --- programs/test/udp_proxy.c | 57 ++++++++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 9 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 39b3bed4a9..7e8d309f40 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -53,6 +53,7 @@ int main( void ) #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/ssl.h" +#include "mbedtls/timing.h" #include @@ -74,11 +75,6 @@ int main( void ) #include #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ -/* For gettimeofday() */ -#if !defined(_WIN32) -#include -#endif - #define MAX_MSG_SIZE 16384 + 2048 /* max record/datagram size */ #define DFL_SERVER_ADDR "localhost" @@ -87,6 +83,14 @@ int main( void ) #define DFL_LISTEN_PORT "5556" #define DFL_PACK 0 +#if defined(MBEDTLS_TIMING_C) +#define USAGE_PACK \ + " pack=%%d default: 0 (don't pack)\n" \ + " options: t > 0 (pack for t milliseconds)\n" +#else +#define USAGE_PACK +#endif + #define USAGE \ "\n usage: udp_proxy param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -106,11 +110,10 @@ int main( void ) " drop packets larger than N bytes\n" \ " bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \ " protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \ - " protect_len=%%d default: (don't protect packets of this size)\n" \ + " protect_len=%%d default: (don't protect packets of this size)\n" \ "\n" \ " seed=%%d default: (use current time)\n" \ - " pack=%%d default: 0 (don't merge)\n" \ - " options: t > 0 (merge for t milliseconds)\n" \ + USAGE_PACK \ "\n" /* @@ -133,7 +136,6 @@ static struct options int protect_len; /* never drop/delay packet of the given size*/ int pack; /* merge packets into single datagram for * at most \c merge milliseconds if > 0 */ - unsigned int seed; /* seed for "random" events */ } opt; @@ -201,7 +203,12 @@ static void get_options( int argc, char *argv[] ) } else if( strcmp( p, "pack" ) == 0 ) { +#if defined(MBEDTLS_TIMING_C) opt.pack = atoi( q ); +#else + mbedtls_printf( " option pack only defined if MBEDTLS_TIMING_C is enabled\n" ); + exit( 1 ); +#endif } else if( strcmp( p, "mtu" ) == 0 ) { @@ -277,6 +284,7 @@ static const char *msg_type( unsigned char *msg, size_t len ) } } +#if defined(MBEDTLS_TIMING_C) /* Return elapsed time in milliseconds since the first call */ static unsigned long ellapsed_time( void ) { @@ -369,6 +377,7 @@ static int dispatch_data( mbedtls_net_context *ctx, size_t len ) { ctx_buffer *buf = NULL; + if( outbuf[0].ctx == ctx ) buf = &outbuf[0]; else if( outbuf[1].ctx == ctx ) @@ -380,6 +389,17 @@ static int dispatch_data( mbedtls_net_context *ctx, return( ctx_buffer_append( buf, data, len ) ); } +#else /* MBEDTLS_TIMING_C */ + +static int dispatch_data( mbedtls_net_context *ctx, + const unsigned char * data, + size_t len ) +{ + return( mbedtls_net_send( ctx, data, len ) ); +} + +#endif /* MBEDTLS_TIMING_C */ + typedef struct { mbedtls_net_context *dst; @@ -392,12 +412,22 @@ typedef struct /* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */ void print_packet( const packet *p, const char *why ) { +#if defined(MBEDTLS_TIMING_C) if( why == NULL ) mbedtls_printf( " %05lu dispatch %s %s (%u bytes)\n", ellapsed_time(), p->way, p->type, p->len ); + else + mbedtls_printf( " %05lu dispatch %s %s (%u bytes): %s\n", + ellapsed_time(), p->way, p->type, p->len, why ); +#else + if( why == NULL ) + mbedtls_printf( " dispatch %s %s (%u bytes)\n", + p->way, p->type, p->len ); else mbedtls_printf( " dispatch %s %s (%u bytes): %s\n", p->way, p->type, p->len, why ); +#endif + fflush( stdout ); } @@ -664,6 +694,7 @@ accept: nb_fds = listen_fd.fd; ++nb_fds; +#if defined(MBEDTLS_TIMING_C) if( opt.pack > 0 ) { outbuf[0].ctx = &server_fd; @@ -676,6 +707,12 @@ accept: outbuf[1].num_datagrams = 0; outbuf[1].len = 0; } + else + { + outbuf[0].ctx = NULL; + outbuf[1].ctx = NULL; + } +#endif /* MBEDTLS_TIMING_C */ while( 1 ) { @@ -684,8 +721,10 @@ accept: FD_SET( client_fd.fd, &read_fds ); FD_SET( listen_fd.fd, &read_fds ); +#if defined(MBEDTLS_TIMING_C) ctx_buffer_check( &outbuf[0] ); ctx_buffer_check( &outbuf[1] ); +#endif if( ( ret = select( nb_fds, &read_fds, NULL, NULL, &tm ) ) < 0 ) { From 2ac96620f35b4e0592272b40adf0da65f3772875 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 1 Nov 2017 14:19:50 +0200 Subject: [PATCH 0506/1059] change URL Change URL from developer.mbed.org to os.mbed.com --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 378db1dd30..788c77853f 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ We gratefully accept bug reports and contributions from the community. There are - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. -To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given. +To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given. ### Making a Contribution From 77abef5cba14ebd2f396e786615fb0e9de4b9338 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 2 Nov 2017 10:50:28 +0000 Subject: [PATCH 0507/1059] Don't use busy-waiting in udp_proxy Also, correct inconsistent use of unsigned integer types in udp_proxy. --- programs/test/udp_proxy.c | 125 +++++++++++++++++++++++--------------- 1 file changed, 76 insertions(+), 49 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 7e8d309f40..0dec40932a 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -134,7 +134,7 @@ static struct options int bad_ad; /* inject corrupted ApplicationData record */ int protect_hvr; /* never drop or delay HelloVerifyRequest */ int protect_len; /* never drop/delay packet of the given size*/ - int pack; /* merge packets into single datagram for + unsigned pack; /* merge packets into single datagram for * at most \c merge milliseconds if > 0 */ unsigned int seed; /* seed for "random" events */ } opt; @@ -204,7 +204,7 @@ static void get_options( int argc, char *argv[] ) else if( strcmp( p, "pack" ) == 0 ) { #if defined(MBEDTLS_TIMING_C) - opt.pack = atoi( q ); + opt.pack = (unsigned) atoi( q ); #else mbedtls_printf( " option pack only defined if MBEDTLS_TIMING_C is enabled\n" ); exit( 1 ); @@ -286,7 +286,7 @@ static const char *msg_type( unsigned char *msg, size_t len ) #if defined(MBEDTLS_TIMING_C) /* Return elapsed time in milliseconds since the first call */ -static unsigned long ellapsed_time( void ) +static unsigned ellapsed_time( void ) { static int initialized = 0; static struct mbedtls_timing_hr_time hires; @@ -307,8 +307,8 @@ typedef struct const char *description; - unsigned long packet_lifetime; - size_t num_datagrams; + unsigned packet_lifetime; + unsigned num_datagrams; unsigned char data[MAX_MSG_SIZE]; unsigned len; @@ -321,8 +321,9 @@ static int ctx_buffer_flush( ctx_buffer *buf ) { int ret; - mbedtls_printf( " %05lu flush %s: %u bytes, %lu datagrams, last %ld ms\n", - ellapsed_time(), buf->description, buf->len, buf->num_datagrams, + mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n", + ellapsed_time(), buf->description, + buf->len, buf->num_datagrams, ellapsed_time() - buf->packet_lifetime ); ret = mbedtls_net_send( buf->ctx, buf->data, buf->len ); @@ -333,15 +334,17 @@ static int ctx_buffer_flush( ctx_buffer *buf ) return( ret ); } -static inline int ctx_buffer_check( ctx_buffer *buf ) +static unsigned ctx_buffer_time_remaining( ctx_buffer *buf ) { - if( buf->len > 0 && - ellapsed_time() - buf->packet_lifetime >= (size_t) opt.pack ) - { - return( ctx_buffer_flush( buf ) ); - } + unsigned const cur_time = ellapsed_time(); - return( 0 ); + if( buf->num_datagrams == 0 ) + return( (unsigned) -1 ); + + if( cur_time - buf->packet_lifetime >= opt.pack ) + return( 0 ); + + return( opt.pack - ( cur_time - buf->packet_lifetime ) ); } static int ctx_buffer_append( ctx_buffer *buf, @@ -352,8 +355,8 @@ static int ctx_buffer_append( ctx_buffer *buf, if( len > sizeof( buf->data ) ) { - mbedtls_printf( " ! buffer size %lu too large (max %lu)\n", - len, sizeof( buf->data ) ); + mbedtls_printf( " ! buffer size %u too large (max %u)\n", + (unsigned) len, (unsigned) sizeof( buf->data ) ); return( -1 ); } @@ -371,35 +374,31 @@ static int ctx_buffer_append( ctx_buffer *buf, return( len ); } +#endif /* MBEDTLS_TIMING_C */ static int dispatch_data( mbedtls_net_context *ctx, const unsigned char * data, size_t len ) { +#if defined(MBEDTLS_TIMING_C) ctx_buffer *buf = NULL; + if( opt.pack > 0 ) + { + if( outbuf[0].ctx == ctx ) + buf = &outbuf[0]; + else if( outbuf[1].ctx == ctx ) + buf = &outbuf[1]; - if( outbuf[0].ctx == ctx ) - buf = &outbuf[0]; - else if( outbuf[1].ctx == ctx ) - buf = &outbuf[1]; + if( buf == NULL ) + return( -1 ); - if( buf == NULL ) - return( mbedtls_net_send( ctx, data, len ) ); + return( ctx_buffer_append( buf, data, len ) ); + } +#endif /* MBEDTLS_TIMING_C */ - return( ctx_buffer_append( buf, data, len ) ); -} - -#else /* MBEDTLS_TIMING_C */ - -static int dispatch_data( mbedtls_net_context *ctx, - const unsigned char * data, - size_t len ) -{ return( mbedtls_net_send( ctx, data, len ) ); } -#endif /* MBEDTLS_TIMING_C */ - typedef struct { mbedtls_net_context *dst; @@ -414,10 +413,10 @@ void print_packet( const packet *p, const char *why ) { #if defined(MBEDTLS_TIMING_C) if( why == NULL ) - mbedtls_printf( " %05lu dispatch %s %s (%u bytes)\n", + mbedtls_printf( " %05u dispatch %s %s (%u bytes)\n", ellapsed_time(), p->way, p->type, p->len ); else - mbedtls_printf( " %05lu dispatch %s %s (%u bytes): %s\n", + mbedtls_printf( " %05u dispatch %s %s (%u bytes): %s\n", ellapsed_time(), p->way, p->type, p->len, why ); #else if( why == NULL ) @@ -601,14 +600,16 @@ int main( int argc, char *argv[] ) int ret; mbedtls_net_context listen_fd, client_fd, server_fd; + +#if defined( MBEDTLS_TIMING_C ) struct timeval tm; +#endif + + struct timeval *tm_ptr = NULL; int nb_fds; fd_set read_fds; - tm.tv_sec = 0; - tm.tv_usec = 0; - mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); mbedtls_net_init( &server_fd ); @@ -707,26 +708,52 @@ accept: outbuf[1].num_datagrams = 0; outbuf[1].len = 0; } - else - { - outbuf[0].ctx = NULL; - outbuf[1].ctx = NULL; - } #endif /* MBEDTLS_TIMING_C */ while( 1 ) { +#if defined(MBEDTLS_TIMING_C) + if( opt.pack > 0 ) + { + unsigned max_wait_server, max_wait_client, max_wait; + max_wait_server = ctx_buffer_time_remaining( &outbuf[0] ); + max_wait_client = ctx_buffer_time_remaining( &outbuf[1] ); + + max_wait = (unsigned) -1; + + if( max_wait_server == 0 ) + ctx_buffer_flush( &outbuf[0] ); + else + max_wait = max_wait_server; + + if( max_wait_client == 0 ) + ctx_buffer_flush( &outbuf[1] ); + else + { + if( max_wait_client < max_wait ) + max_wait = max_wait_client; + } + + if( max_wait != (unsigned) -1 ) + { + tm.tv_sec = max_wait / 1000; + tm.tv_usec = ( max_wait % 1000 ) * 1000; + + tm_ptr = &tm; + } + else + { + tm_ptr = NULL; + } + } +#endif /* MBEDTLS_TIMING_C */ + FD_ZERO( &read_fds ); FD_SET( server_fd.fd, &read_fds ); FD_SET( client_fd.fd, &read_fds ); FD_SET( listen_fd.fd, &read_fds ); -#if defined(MBEDTLS_TIMING_C) - ctx_buffer_check( &outbuf[0] ); - ctx_buffer_check( &outbuf[1] ); -#endif - - if( ( ret = select( nb_fds, &read_fds, NULL, NULL, &tm ) ) < 0 ) + if( ( ret = select( nb_fds, &read_fds, NULL, NULL, tm_ptr ) ) < 0 ) { perror( "select" ); goto exit; From 9a51c032ee2c414e814317d4011b549ece778af2 Mon Sep 17 00:00:00 2001 From: Chris Xue Date: Sun, 5 Nov 2017 19:10:51 +0000 Subject: [PATCH 0508/1059] Fix copy paste error in the error message of mbedtls_ecp_gen_key in gen_key.c --- programs/pkey/gen_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 48126948d8..5474268137 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -339,7 +339,7 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", -ret ); goto exit; } } From 298a7b214dd2cb8f7f82a90c1638e00f34f46807 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 6 Nov 2017 10:45:26 +0000 Subject: [PATCH 0509/1059] Change wording of directions on the usage of SSL context after error --- include/mbedtls/ssl.h | 62 +++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 594c7d6b15..cf98a3cc6e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2418,10 +2418,10 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * DTLS records. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. * * \note If DTLS is in use, then you may choose to handle * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging @@ -2438,10 +2438,10 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. * * \param ssl SSL context * @@ -2465,10 +2465,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); * value. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. */ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -2507,12 +2507,12 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * again, or not transmitting the new identity to the * application layer, would allow authentication bypass! * - * If this function returns something other than a positive - * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or - * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection. + * \note If this function returns something other than a positive value + * or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT, + * you must stop using the SSL context for reading or writing, + * and either free it or call \c mbedtls_ssl_session_reset() on it + * before re-using it for a new connection; the current connection + * must be closed. * * \note Remarks regarding event-driven DTLS: * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram @@ -2548,11 +2548,11 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ, * or another negative error code. * - * \note If this function returns something other than a positive - * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * \note If this function returns something other than a positive value + * or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. * * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, * it must be called later with the *same* arguments, @@ -2579,10 +2579,10 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_ * \return 0 if successful, or a specific SSL error code. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. */ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, unsigned char level, @@ -2595,10 +2595,10 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, * \return 0 if successful, or a specific SSL error code. * * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using + * the SSL context for reading or writing, and either free it or + * call \c mbedtls_ssl_session_reset() on it before re-using it + * for a new connection; the current connection must be closed. */ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); From 7512bf7d6398525b74e248c9a19bd17b1b9c600a Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:12:11 +0100 Subject: [PATCH 0510/1059] Add macros to ASN.1 module to parse ASN.1 tags The macros simply extract the component bits of an ASN.1 tag value --- include/mbedtls/asn1.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index e159e57ea0..8d35c42451 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -87,6 +87,22 @@ #define MBEDTLS_ASN1_PRIMITIVE 0x00 #define MBEDTLS_ASN1_CONSTRUCTED 0x20 #define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 + +/* + * Bit masks for each of the components of an ASN.1 tag as specified in + * Information technnology - ASN.1 encoding rules: Specification of Basic + * Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished + * encoding rules (DER) Section 8.1.2.2: + * + * Bit 8 7 6 5 1 + * +-------+-----+------------+ + * | Class | P/C | Tag number | + * +-------+-----+------------+ + */ +#define MBEDTLS_ASN1_TAG_CLASS_MASK ( 0x03 << 6 ) +#define MBEDTLS_ASN1_TAG_PC_MASK ( 0x01 << 5 ) +#define MBEDTLS_ASN1_TAG_VALUE_MASK ( 0x1F << 0 ) + /* \} name */ /* \} addtogroup asn1_module */ From 849bc65bbfcc8a06b17169274dbfb163de0d59f1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:13:12 +0100 Subject: [PATCH 0511/1059] Fix x509_get_subject_alt_name to drop invalid tag Fix the x509_get_subject_alt_name() function to not accept invalid tags. The problem was that the ASN.1 class for tags consists of two bits. Simply doing bit-wise and of the CONTEXT_SPECIFIC macro with the input tag has the potential of accepting tag values 0x10 (private) which would indicate that the certificate has an incorrect format. --- library/x509_crt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c6209fb40d..6d08d77955 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -472,9 +472,12 @@ static int x509_get_subject_alt_name( unsigned char **p, if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); - if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC ) + if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != + MBEDTLS_ASN1_CONTEXT_SPECIFIC ) + { return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + } /* Skip everything but DNS name */ if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) ) From ceae42659b9d172df9c28a2643a7e6fe7b620cc9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:17:34 +0100 Subject: [PATCH 0512/1059] Add ChangeLog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index ded60d39f3..c81c5d6f5c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Bugfix * Fix leap year calculation in x509_date_is_valid() to ensure that invalid dates on leap years with 100 and 400 intervals are handled correctly. Found by Nicholas Wilson. #694 + * Fix X509 CRT parsing that would potentially accept an invalid tag when + parsing the subject alternative names. = mbed TLS 2.6.0 branch released 2017-08-10 From 72705c906c73cc15512c04d317ff0fba6bc4c8e0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Nov 2017 20:16:19 +0000 Subject: [PATCH 0513/1059] Add regression test for parsing subjectAltNames --- tests/suites/test_suite_x509parse.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d4cc11a08f..374f1c2ccc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1124,6 +1124,10 @@ x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ER X509 Certificate ASN1 (invalid version overflow) x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +X509 Certificate ASN1 (invalid SubjectAltNames tag) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 7786abc16b91897ff185b8141426393f23a5ff7f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 7 Nov 2017 20:21:56 +0000 Subject: [PATCH 0514/1059] Define ASN1 bitmask macros in more direct way --- include/mbedtls/asn1.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 8d35c42451..75b7b3dfbc 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -99,9 +99,9 @@ * | Class | P/C | Tag number | * +-------+-----+------------+ */ -#define MBEDTLS_ASN1_TAG_CLASS_MASK ( 0x03 << 6 ) -#define MBEDTLS_ASN1_TAG_PC_MASK ( 0x01 << 5 ) -#define MBEDTLS_ASN1_TAG_VALUE_MASK ( 0x1F << 0 ) +#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 +#define MBEDTLS_ASN1_TAG_PC_MASK 0x20 +#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F /* \} name */ /* \} addtogroup asn1_module */ From 05c4fc860805c1ffd7c8f3c42eb475105c07d05c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 9 Nov 2017 14:34:06 +0000 Subject: [PATCH 0515/1059] Correct typo in debugging message --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a0c19c9366..abd6f09d07 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3752,7 +3752,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ) if( 0 != ret ) { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret ); + MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret ); return( ret ); } From c81fcb9d36158091d83cc48038bdee964fdbf2ff Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 14 Nov 2017 21:40:02 +0000 Subject: [PATCH 0516/1059] Fix typos in documentation for mbedtls_x509_crt_check_extended_key_usage() --- include/mbedtls/x509_crt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 06166d8b18..f4773b4dc3 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -373,7 +373,7 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) /** - * \brief Check usage of certificate against extentedJeyUsage. + * \brief Check usage of certificate against extendedKeyUsage. * * \param crt Leaf certificate used. * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH). @@ -387,7 +387,7 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len ); -#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) */ +#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ #if defined(MBEDTLS_X509_CRL_PARSE_C) /** From 5a6da63138cf589077f54f49934ca928cf6c73a6 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 14 Nov 2017 21:40:51 +0000 Subject: [PATCH 0517/1059] Fix indentation for mbedtls_x509_crt_check_key_usage() --- include/mbedtls/x509_crt.h | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index f4773b4dc3..b7a509831f 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -373,20 +373,21 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) /** - * \brief Check usage of certificate against extendedKeyUsage. + * \brief Check usage of certificate against extendedKeyUsage. * - * \param crt Leaf certificate used. - * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH). + * \param crt Leaf certificate used. + * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or + * MBEDTLS_OID_CLIENT_AUTH). * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). * - * \return 0 if this use of the certificate is allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. + * \return 0 if this use of the certificate is allowed, + * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. * - * \note Usually only makes sense on leaf certificates. + * \note Usually only makes sense on leaf certificates. */ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len ); + const char *usage_oid, + size_t usage_len ); #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ #if defined(MBEDTLS_X509_CRL_PARSE_C) From 000767123f640648158e4c61564826c9969352ed Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 15 Nov 2017 16:39:08 +0000 Subject: [PATCH 0518/1059] Add tests for event-driven I/O --- tests/ssl-opt.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5078c0bcd7..2ff4110924 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2469,6 +2469,64 @@ run_test "Non-blocking I/O: session-id resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +# Tests for event-driven I/O: exercise a variety of handshake flows + +run_test "Event-driven I/O: basic handshake" \ + "$P_SRV event=1 tickets=0 auth_mode=none" \ + "$P_CLI event=1 tickets=0" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: client auth" \ + "$P_SRV event=1 tickets=0 auth_mode=required" \ + "$P_CLI event=1 tickets=0" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: ticket" \ + "$P_SRV event=1 tickets=1 auth_mode=none" \ + "$P_CLI event=1 tickets=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: ticket + client auth" \ + "$P_SRV event=1 tickets=1 auth_mode=required" \ + "$P_CLI event=1 tickets=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: ticket + client auth + resume" \ + "$P_SRV event=1 tickets=1 auth_mode=required" \ + "$P_CLI event=1 tickets=1 reconnect=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: ticket + resume" \ + "$P_SRV event=1 tickets=1 auth_mode=none" \ + "$P_CLI event=1 tickets=1 reconnect=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O: session-id resume" \ + "$P_SRV event=1 tickets=0 auth_mode=none" \ + "$P_CLI event=1 tickets=0 reconnect=1" \ + 0 \ + -S "mbedtls_ssl_handshake returned" \ + -C "mbedtls_ssl_handshake returned" \ + -c "Read from server: .* bytes read" + # Tests for version negotiation run_test "Version check: all -> 1.2" \ From 72a4f0338d08712209c909d7cdf9853d2cb4d3cf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 15 Nov 2017 16:39:20 +0000 Subject: [PATCH 0519/1059] Add tests for UDP proxy packing option --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ff4110924..34aa43f99f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3777,6 +3777,22 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" +run_test "DTLS proxy: multiple records in same datagram" \ + -p "$P_PXY pack=10" \ + "$P_SRV dtls=1 debug_level=2" \ + "$P_CLI dtls=1 debug_level=2" \ + 0 \ + -c "next record in same datagram" \ + -s "next record in same datagram" + +run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ + -p "$P_PXY pack=10 duplicate=1" \ + "$P_SRV dtls=1 debug_level=2" \ + "$P_CLI dtls=1 debug_level=2" \ + 0 \ + -c "next record in same datagram" \ + -s "next record in same datagram" + run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ -p "$P_PXY bad_ad=1" \ "$P_SRV dtls=1 debug_level=1" \ From c64a48bec792634ee299f50f059f6d42d435e9d1 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 17 Nov 2017 17:09:17 +0000 Subject: [PATCH 0520/1059] Add checks for private parameter in mbedtls_ecdsa_sign() --- library/ecdsa.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ecdsa.c b/library/ecdsa.c index 4156f3c3c4..8892317bfa 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -81,6 +81,10 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, if( grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + /* Make sure d is in range 1..n-1 */ + if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) + return( MBEDTLS_ERR_ECP_INVALID_KEY ); + mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t ); From f5bcbede92348364addf91b81be9a34585df42ef Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 17 Nov 2017 17:09:31 +0000 Subject: [PATCH 0521/1059] Add tests for invalid private parameters in mbedtls_ecdsa_sign() --- tests/suites/test_suite_ecdsa.data | 45 ++++++++++++++++++++++++-- tests/suites/test_suite_ecdsa.function | 13 +++++--- 2 files changed, 50 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index d9640765ee..19c51d35b5 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -20,15 +20,15 @@ ecdsa_prim_random:MBEDTLS_ECP_DP_SECP521R1 ECDSA primitive rfc 4754 p256 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315" +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":0 ECDSA primitive rfc 4754 p384 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"0BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F" +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"0BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F":0 ECDSA primitive rfc 4754 p521 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA1":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660" +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA1":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":0 ECDSA write-read random #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -250,3 +250,42 @@ ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha512 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3" +ECDSA zero private parameter p192 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"0":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B15":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9C":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p192 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD41":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B15":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA zero private parameter p224 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"0":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D5":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p224 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C11":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D5":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA zero private parameter p256 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"0":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p256 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F1":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA zero private parameter p384 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"0":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p384 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"10BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA zero private parameter p521 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p521 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA11":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":MBEDTLS_ERR_ECP_INVALID_KEY diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 88e07a9e6a..b730953881 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -42,7 +42,7 @@ exit: /* BEGIN_CASE */ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str, char *k_str, char *hash_str, char *r_str, - char *s_str ) + char *s_str, int result ) { mbedtls_ecp_group grp; mbedtls_ecp_point Q; @@ -80,12 +80,15 @@ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str, } TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash, hlen, - rnd_buffer_rand, &rnd_info ) == 0 ); + rnd_buffer_rand, &rnd_info ) == result ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); + if ( result == 0) + { + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); - TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 ); + } exit: mbedtls_ecp_group_free( &grp ); From 992b6872f3ca717282ae367749a47f006d337a87 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 9 Nov 2017 18:57:39 +0000 Subject: [PATCH 0522/1059] Fix heap corruption in ssl_decrypt_buf Previously, MAC validation for an incoming record proceeded as follows: 1) Make a copy of the MAC contained in the record; 2) Compute the expected MAC in place, overwriting the presented one; 3) Compare both. This resulted in a record buffer overflow if truncated MAC was used, as in this case the record buffer only reserved 10 bytes for the MAC, but the MAC computation routine in 2) always wrote a full digest. For specially crafted records, this could be used to perform a controlled write of up to 6 bytes past the boundary of the heap buffer holding the record, thereby corrupting the heap structures and potentially leading to a crash or remote code execution. This commit fixes this by making the following change: 1) Compute the expected MAC in a temporary buffer that has the size of the underlying message digest. 2) Compare to this to the MAC contained in the record, potentially restricting to the first 10 bytes if truncated HMAC is used. A similar fix is applied to the encryption routine `ssl_encrypt_buf`. --- library/ssl_tls.c | 36 +++++++++++++++++------------------- tests/ssl-opt.sh | 20 ++++++++++---------- 2 files changed, 27 insertions(+), 29 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8467b13021..341eb7d010 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1293,14 +1293,17 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) { + unsigned char mac[MBEDTLS_SSL_MAC_ADD]; + mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 ); mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 ); mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 ); mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_msg, ssl->out_msglen ); - mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, - ssl->out_msg + ssl->out_msglen ); + mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac ); mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); + + memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen ); } else #endif @@ -1562,8 +1565,6 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) return( 0 ); } -#define SSL_MAX_MAC_SIZE 48 - static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) { size_t i; @@ -1731,7 +1732,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) { - unsigned char computed_mac[SSL_MAX_MAC_SIZE]; + unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; unsigned char pseudo_hdr[13]; MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); @@ -1749,16 +1750,16 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_iv, ssl->in_msglen ); - mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac ); + mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, ssl->transform_in->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", computed_mac, + MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen ); - if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac, - ssl->transform_in->maclen ) != 0 ) + if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, mac_expect, + ssl->transform_in->maclen ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); @@ -1918,15 +1919,13 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) #if defined(SSL_SOME_MODES_USE_MAC) if( auth_done == 0 ) { - unsigned char tmp[SSL_MAX_MAC_SIZE]; + unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; ssl->in_msglen -= ssl->transform_in->maclen; ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); - memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); - #if defined(MBEDTLS_SSL_PROTO_SSL3) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { @@ -1965,8 +1964,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, ssl->in_msglen ); - mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, - ssl->in_msg + ssl->in_msglen ); + mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); /* Call mbedtls_md_process at least once due to cache attacks */ for( j = 0; j < extra_run + 1; j++ ) mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); @@ -1981,12 +1979,12 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, - ssl->transform_in->maclen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen, + ssl->transform_in->maclen ); - if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen, - ssl->transform_in->maclen ) != 0 ) + if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect, + ssl->transform_in->maclen ) != 0 ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 64f26a0cf0..bbf117272b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -829,40 +829,40 @@ run_test "Truncated HMAC: client default, server default" \ "$P_SRV debug_level=4" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 0 \ - -s "dumping 'computed mac' (20 bytes)" \ - -S "dumping 'computed mac' (10 bytes)" + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" run_test "Truncated HMAC: client disabled, server default" \ "$P_SRV debug_level=4" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ trunc_hmac=0" \ 0 \ - -s "dumping 'computed mac' (20 bytes)" \ - -S "dumping 'computed mac' (10 bytes)" + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" run_test "Truncated HMAC: client enabled, server default" \ "$P_SRV debug_level=4" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ trunc_hmac=1" \ 0 \ - -s "dumping 'computed mac' (20 bytes)" \ - -S "dumping 'computed mac' (10 bytes)" + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" run_test "Truncated HMAC: client enabled, server disabled" \ "$P_SRV debug_level=4 trunc_hmac=0" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ trunc_hmac=1" \ 0 \ - -s "dumping 'computed mac' (20 bytes)" \ - -S "dumping 'computed mac' (10 bytes)" + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" run_test "Truncated HMAC: client enabled, server enabled" \ "$P_SRV debug_level=4 trunc_hmac=1" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ trunc_hmac=1" \ 0 \ - -S "dumping 'computed mac' (20 bytes)" \ - -s "dumping 'computed mac' (10 bytes)" + -S "dumping 'expected mac' (20 bytes)" \ + -s "dumping 'expected mac' (10 bytes)" # Tests for Encrypt-then-MAC extension From 7dc832bb531d9a7026b5c4a745f4ffbd5878e18d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 16 Nov 2017 17:39:34 +0000 Subject: [PATCH 0523/1059] Adapt ChangeLog --- ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index ded60d39f3..ee85a9ba3c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix heap corruption in implementation of truncated HMAC extension. + When the truncated HMAC extension is enabled and CBC is used, + sending a malicious application packet can be used to selectively + corrupt 6 bytes on the peer's heap, potentially leading to crash or + remote code execution. This can be triggered remotely from either + side in both TLS and DTLS. + Features * Allow comments in test data files. From 81c7b183517100bd94a2c21e121f63acbf18d620 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 9 Nov 2017 18:39:33 +0000 Subject: [PATCH 0524/1059] Don't truncate MAC key when truncated HMAC is negotiated The truncated HMAC extension as described in https://tools.ietf.org/html/rfc6066.html#section-7 specifies that when truncated HMAC is used, only the HMAC output should be truncated, while the HMAC key generation stays unmodified. This commit fixes Mbed TLS's behavior of also truncating the key, potentially leading to compatibility issues with peers running other stacks than Mbed TLS. Details: The keys for the MAC are pieces of the keyblock that's generated from the master secret in `mbedtls_ssl_derive_keys` through the PRF, their size being specified as the size of the digest used for the MAC, regardless of whether truncated HMAC is enabled or not. /----- MD size ------\ /------- MD size ----\ Keyblock +----------------------+----------------------+------------------+--- now | MAC enc key | MAC dec key | Enc key | ... (correct) +----------------------+----------------------+------------------+--- In the previous code, when truncated HMAC was enabled, the HMAC keys were truncated to 10 bytes: /-10 bytes-\ /-10 bytes-\ Keyblock +-------------+-------------+------------------+--- previously | MAC enc key | MAC dec key | Enc key | ... (wrong) +-------------+-------------+------------------+--- The reason for this was that a single variable `transform->maclen` was used for both the keysize and the size of the final MAC, and its value was reduced from the MD size to 10 bytes in case truncated HMAC was negotiated. This commit fixes this by introducing a temporary variable `mac_key_len` which permanently holds the MD size irrespective of the presence of truncated HMAC, and using this temporary to obtain the MAC key chunks from the keyblock. --- library/ssl_tls.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 341eb7d010..eda49d656d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -490,6 +490,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) unsigned char *key2; unsigned char *mac_enc; unsigned char *mac_dec; + size_t mac_key_len; size_t iv_copy_len; const mbedtls_cipher_info_t *cipher_info; const mbedtls_md_info_t *md_info; @@ -681,6 +682,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) cipher_info->mode == MBEDTLS_MODE_CCM ) { transform->maclen = 0; + mac_key_len = 0; transform->ivlen = 12; transform->fixed_ivlen = 4; @@ -701,7 +703,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } /* Get MAC length */ - transform->maclen = mbedtls_md_get_size( md_info ); + mac_key_len = mbedtls_md_get_size( md_info ); + transform->maclen = mac_key_len; #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) /* @@ -772,11 +775,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { - key1 = keyblk + transform->maclen * 2; - key2 = keyblk + transform->maclen * 2 + transform->keylen; + key1 = keyblk + mac_key_len * 2; + key2 = keyblk + mac_key_len * 2 + transform->keylen; mac_enc = keyblk; - mac_dec = keyblk + transform->maclen; + mac_dec = keyblk + mac_key_len; /* * This is not used in TLS v1.1. @@ -792,10 +795,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SRV_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) { - key1 = keyblk + transform->maclen * 2 + transform->keylen; - key2 = keyblk + transform->maclen * 2; + key1 = keyblk + mac_key_len * 2 + transform->keylen; + key2 = keyblk + mac_key_len * 2; - mac_enc = keyblk + transform->maclen; + mac_enc = keyblk + mac_key_len; mac_dec = keyblk; /* @@ -817,14 +820,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_SSL3) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { - if( transform->maclen > sizeof transform->mac_enc ) + if( mac_key_len > sizeof transform->mac_enc ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - memcpy( transform->mac_enc, mac_enc, transform->maclen ); - memcpy( transform->mac_dec, mac_dec, transform->maclen ); + memcpy( transform->mac_enc, mac_enc, mac_key_len ); + memcpy( transform->mac_dec, mac_dec, mac_key_len ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -832,8 +835,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) { - mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); - mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); + mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); + mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); } else #endif @@ -853,7 +856,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) transform->iv_enc, transform->iv_dec, iv_copy_len, mac_enc, mac_dec, - transform->maclen ) ) != 0 ) + mac_key_len ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); @@ -866,7 +869,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { ssl->conf->f_export_keys( ssl->conf->p_export_keys, session->master, keyblk, - transform->maclen, transform->keylen, + mac_key_len, transform->keylen, iv_copy_len ); } #endif From 32c550141fb1fe36f1ed0d027f7007a459237a1e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 10 Nov 2017 08:42:54 +0000 Subject: [PATCH 0525/1059] Add missing dependencies on trunc HMAC ext in ssl-opt.sh Noticed that the test cases in ssl-opt.sh exercising the truncated HMAC extension do not depend on MBEDTLS_SSL_TRUNCATED_HMAC being enabled in config.h. This commit fixes this. --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bbf117272b..93fa3c4262 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -832,6 +832,7 @@ run_test "Truncated HMAC: client default, server default" \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client disabled, server default" \ "$P_SRV debug_level=4" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -840,6 +841,7 @@ run_test "Truncated HMAC: client disabled, server default" \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client enabled, server default" \ "$P_SRV debug_level=4" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -848,6 +850,7 @@ run_test "Truncated HMAC: client enabled, server default" \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client enabled, server disabled" \ "$P_SRV debug_level=4 trunc_hmac=0" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -856,6 +859,7 @@ run_test "Truncated HMAC: client enabled, server disabled" \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client enabled, server enabled" \ "$P_SRV debug_level=4 trunc_hmac=1" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -3288,6 +3292,7 @@ run_test "Small packet TLS 1.0 BlockCipher without EtM" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 \ @@ -3296,6 +3301,7 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ @@ -3325,6 +3331,7 @@ run_test "Small packet TLS 1.1 StreamCipher" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_1 \ @@ -3333,6 +3340,7 @@ run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ @@ -3362,6 +3370,7 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ @@ -3377,6 +3386,7 @@ run_test "Small packet TLS 1.2 StreamCipher" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ @@ -3434,6 +3444,7 @@ run_test "Large packet TLS 1.0 BlockCipher" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ @@ -3442,6 +3453,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1 \ @@ -3464,6 +3476,7 @@ run_test "Large packet TLS 1.1 StreamCipher" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_1 \ @@ -3472,6 +3485,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ @@ -3494,6 +3508,7 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ @@ -3509,6 +3524,7 @@ run_test "Large packet TLS 1.2 StreamCipher" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ From 8501f98ec48d045b2b3b8a3116aaf02772b6c34f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 10 Nov 2017 08:59:04 +0000 Subject: [PATCH 0526/1059] Extend small packet tests for TLS This commit ensures that there is a small packet test for at least any combination of - SSL/TLS version: SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 - Stream cipher (RC4) or Block cipher (AES) - Usage of Encrypt then MAC extension [TLS only] - Usage of truncated HMAC extension [TLS only] --- tests/ssl-opt.sh | 127 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 110 insertions(+), 17 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 93fa3c4262..558f6daca1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3285,7 +3285,7 @@ run_test "Small packet TLS 1.0 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.0 BlockCipher without EtM" \ +run_test "Small packet TLS 1.0 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 etm=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ @@ -3293,7 +3293,7 @@ run_test "Small packet TLS 1.0 BlockCipher without EtM" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ +run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3302,7 +3302,32 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ +run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=1 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1 \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + +run_test "Small packet TLS 1.0 StreamCipher" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -s "Read from client: 1 bytes read" + +run_test "Small packet TLS 1.0 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ @@ -3310,6 +3335,16 @@ run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + run_test "Small packet TLS 1.1 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_1 \ @@ -3317,10 +3352,30 @@ run_test "Small packet TLS 1.1 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.1 BlockCipher without EtM" \ +run_test "Small packet TLS 1.1 BlockCipher, without EtM" \ "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls1_1 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI request_size=1 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=1 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=1 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1 \ + etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3331,21 +3386,30 @@ run_test "Small packet TLS 1.1 StreamCipher" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ - "$P_SRV" \ +run_test "Small packet TLS 1.1 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ +run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + trunc_hmac=1 \ + etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3356,10 +3420,11 @@ run_test "Small packet TLS 1.2 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" -run_test "Small packet TLS 1.2 BlockCipher without EtM" \ +run_test "Small packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ - "$P_CLI request_size=1 force_version=tls1_2 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI request_size=1 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3371,7 +3436,7 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ +run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3379,6 +3444,16 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=1 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1 \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + run_test "Small packet TLS 1.2 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ @@ -3386,8 +3461,16 @@ run_test "Small packet TLS 1.2 StreamCipher" \ 0 \ -s "Read from client: 1 bytes read" +run_test "Small packet TLS 1.2 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ +run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ @@ -3395,6 +3478,16 @@ run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=1 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 \ + etm=0" \ + 0 \ + -s "Read from client: 1 bytes read" + run_test "Small packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ From 278fc7aedd9d4c274abc849c297e91ba58d7f79b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 10 Nov 2017 09:16:28 +0000 Subject: [PATCH 0527/1059] Extend large packet tests for TLS Same as previous commit, but for large packet tests. --- tests/ssl-opt.sh | 125 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 115 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 558f6daca1..9a28de20b0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3537,8 +3537,15 @@ run_test "Large packet TLS 1.0 BlockCipher" \ 0 \ -s "Read from client: 16384 bytes read" +run_test "Large packet TLS 1.0 BlockCipher, without EtM" \ + "$P_SRV" \ + "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "Read from client: 16384 bytes read" + requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ +run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3547,7 +3554,31 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ +run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -s "Read from client: 16384 bytes read" + +run_test "Large packet TLS 1.0 StreamCipher" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=16384 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -s "Read from client: 16384 bytes read" + +run_test "Large packet TLS 1.0 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=16384 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + etm=0" \ + 0 \ + -s "Read from client: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ @@ -3555,6 +3586,15 @@ run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=16384 force_version=tls1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 etm=0" \ + 0 \ + -s "Read from client: 16384 bytes read" + run_test "Large packet TLS 1.1 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_1 \ @@ -3562,15 +3602,15 @@ run_test "Large packet TLS 1.1 BlockCipher" \ 0 \ -s "Read from client: 16384 bytes read" -run_test "Large packet TLS 1.1 StreamCipher" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ - "$P_CLI request_size=16384 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ +run_test "Large packet TLS 1.1 BlockCipher, without EtM" \ + "$P_SRV" \ + "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ +run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3579,7 +3619,31 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ +run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=16384 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1 etm=0" \ + 0 \ + -s "Read from client: 16384 bytes read" + +run_test "Large packet TLS 1.1 StreamCipher" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=16384 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -s "Read from client: 16384 bytes read" + +run_test "Large packet TLS 1.1 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=16384 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + etm=0" \ + 0 \ + -s "Read from client: 16384 bytes read" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ @@ -3587,6 +3651,15 @@ run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=16384 force_version=tls1_1 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 etm=0" \ + 0 \ + -s "Read from client: 16384 bytes read" + run_test "Large packet TLS 1.2 BlockCipher" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ @@ -3594,6 +3667,13 @@ run_test "Large packet TLS 1.2 BlockCipher" \ 0 \ -s "Read from client: 16384 bytes read" +run_test "Large packet TLS 1.2 BlockCipher, without EtM" \ + "$P_SRV" \ + "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "Read from client: 16384 bytes read" + run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ @@ -3602,7 +3682,7 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ +run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3610,6 +3690,15 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ + "$P_SRV" \ + "$P_CLI request_size=16384 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1 etm=0" \ + 0 \ + -s "Read from client: 16384 bytes read" + run_test "Large packet TLS 1.2 StreamCipher" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ @@ -3617,8 +3706,15 @@ run_test "Large packet TLS 1.2 StreamCipher" \ 0 \ -s "Read from client: 16384 bytes read" +run_test "Large packet TLS 1.2 StreamCipher, without EtM" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=16384 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ + 0 \ + -s "Read from client: 16384 bytes read" + requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC -run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ +run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ @@ -3626,6 +3722,15 @@ run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI request_size=16384 force_version=tls1_2 \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 etm=0" \ + 0 \ + -s "Read from client: 16384 bytes read" + run_test "Large packet TLS 1.2 AEAD" \ "$P_SRV" \ "$P_CLI request_size=16384 force_version=tls1_2 \ From e2148046250e13b0e7235aa6871e410b6ff2462f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 10 Nov 2017 08:59:18 +0000 Subject: [PATCH 0528/1059] Add small packet tests for DTLS Add a DTLS small packet test for each of the following combinations: - DTLS version: 1.0 or 1.2 - Encrypt then MAC extension enabled - Truncated HMAC extension enabled Large packets tests for DTLS are currently not possible due to parameter constraints in ssl_server2. --- tests/ssl-opt.sh | 76 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9a28de20b0..0082f6a328 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3502,6 +3502,82 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \ 0 \ -s "Read from client: 1 bytes read" +# Tests for small packets in DTLS + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small packet DTLS 1.0" \ + "$P_SRV dtls=1 force_version=dtls1" \ + "$P_CLI dtls=1 request_size=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small packet DTLS 1.0, without EtM" \ + "$P_SRV dtls=1 force_version=dtls1 etm=0" \ + "$P_CLI dtls=1 request_size=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet DTLS 1.0, truncated hmac" \ + "$P_SRV dtls=1 force_version=dtls1" \ + "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \ + "$P_SRV dtls=1 force_version=dtls1 \ + etm=0" \ + "$P_CLI dtls=1 request_size=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1"\ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small packet DTLS 1.2" \ + "$P_SRV dtls=1 force_version=dtls1_2" \ + "$P_CLI dtls=1 request_size=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +run_test "Small packet DTLS 1.2, without EtM" \ + "$P_SRV dtls=1 force_version=dtls1_2 \ + etm=0" \ + "$P_CLI dtls=1 request_size=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet DTLS 1.2, truncated hmac" \ + "$P_SRV dtls=1 force_version=dtls1_2" \ + "$P_CLI dtls=1 request_size=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -s "Read from client: 1 bytes read" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Small packet DTLS 1.2, without EtM, truncated MAC" \ + "$P_SRV dtls=1 force_version=dtls1_2 \ + etm=0" \ + "$P_CLI dtls=1 request_size=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ + trunc_hmac=1"\ + 0 \ + -s "Read from client: 1 bytes read" + # A test for extensions in SSLv3 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 From 34d0c3f02e79b13806da43e380a9bf42a556dba1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 17 Nov 2017 15:46:24 +0000 Subject: [PATCH 0529/1059] Add missing truncated HMAC test for TLS The case 'Client disabled, Server enabled' was missing. --- tests/ssl-opt.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0082f6a328..8697db9228 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -859,6 +859,15 @@ run_test "Truncated HMAC: client enabled, server disabled" \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Truncated HMAC: client disabled, server enabled" \ + "$P_SRV debug_level=4 trunc_hmac=1" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ + trunc_hmac=0" \ + 0 \ + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" + requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client enabled, server enabled" \ "$P_SRV debug_level=4 trunc_hmac=1" \ From 4c4f41030cc2ac0869832a8b40dc3d3cf3b1cba7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 10 Nov 2017 09:16:05 +0000 Subject: [PATCH 0530/1059] Add truncated HMAC extension tests for DTLS --- tests/ssl-opt.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8697db9228..46c267dd4b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -877,6 +877,58 @@ run_test "Truncated HMAC: client enabled, server enabled" \ -S "dumping 'expected mac' (20 bytes)" \ -s "dumping 'expected mac' (10 bytes)" +run_test "Truncated HMAC, DTLS: client default, server default" \ + "$P_SRV dtls=1 debug_level=4" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + 0 \ + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Truncated HMAC, DTLS: client disabled, server default" \ + "$P_SRV dtls=1 debug_level=4" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ + trunc_hmac=0" \ + 0 \ + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Truncated HMAC, DTLS: client enabled, server default" \ + "$P_SRV dtls=1 debug_level=4" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Truncated HMAC, DTLS: client enabled, server disabled" \ + "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Truncated HMAC, DTLS: client disabled, server enabled" \ + "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ + trunc_hmac=0" \ + 0 \ + -s "dumping 'expected mac' (20 bytes)" \ + -S "dumping 'expected mac' (10 bytes)" + +requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC +run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ + "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ + trunc_hmac=1" \ + 0 \ + -S "dumping 'expected mac' (20 bytes)" \ + -s "dumping 'expected mac' (10 bytes)" + # Tests for Encrypt-then-MAC extension run_test "Encrypt then MAC: default" \ From 8d19bcf37ff7fe26127d2a6c2f2e52c44137fe8d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 16 Nov 2017 17:39:34 +0000 Subject: [PATCH 0531/1059] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ee85a9ba3c..fcf1019564 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ Features * Allow comments in test data files. Bugfix + * Fix wrong implementation of truncated HMAC extension leading to + compatibility problems with peers not running Mbed TLS. Found by + Andreas Walz. * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. From e89353a6b4aaa91a9e7a89ae047174928699fa19 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 20 Nov 2017 16:36:41 +0000 Subject: [PATCH 0532/1059] Add fallback to non-compliant truncated HMAC for compatibiltiy In case truncated HMAC must be used but the Mbed TLS peer hasn't been updated yet, one can use the compile-time option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT to temporarily fall back to the old, non-compliant implementation of the truncated HMAC extension. --- include/mbedtls/check_config.h | 4 ++++ include/mbedtls/config.h | 16 ++++++++++++++++ library/ssl_tls.c | 8 ++++++++ 3 files changed, 28 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index fa72454e53..bc77b216f2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -77,6 +77,10 @@ #error "MBEDTLS_DHM_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC) +#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_CMAC_C) && \ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) #error "MBEDTLS_CMAC_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c7196402..de49d3af96 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1363,6 +1363,22 @@ */ #define MBEDTLS_SSL_TRUNCATED_HMAC +/** + * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT + * + * Fallback to old, non-conforming implementation of the truncated + * HMAC extension which also truncates the HMAC key. + * + * \warning This should only be enabled temporarily when the use + * of truncated HMAC is mandatory *and* the peer is an Mbed TLS + * stack that doesn't use the fixed implementation yet. + * + * Uncomment to fallback to old, non-compliant truncated HMAC implementation. + * + * Requires: MBEDTLS_SSL_TRUNCATED_HMAC + */ +//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT + /** * \def MBEDTLS_THREADING_ALT * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index eda49d656d..62de5f2740 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -713,7 +713,15 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * so we only need to adjust the length here. */ if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) + { transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; + +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) + /* Fall back to old, non-compliant version of the truncated + * HMAC implementation which also truncates the key. */ + mac_key_len = transform->maclen; +#endif + } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ /* IV length */ From 45ee7877d0e5abdae81eb5388069a032ddafa3df Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 20 Nov 2017 16:45:37 +0000 Subject: [PATCH 0533/1059] Correct truncated HMAC tests in ssl-opt.sh Many truncated HMAC tests were missing the `trunc_hmac=1` for the server application, thereby not testing the extension. --- tests/ssl-opt.sh | 83 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 56 insertions(+), 27 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 46c267dd4b..fa10e0e62d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3355,7 +3355,8 @@ run_test "Small packet TLS 1.0 BlockCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ @@ -3364,7 +3365,8 @@ run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1 \ @@ -3389,7 +3391,8 @@ run_test "Small packet TLS 1.0 StreamCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -3398,7 +3401,8 @@ run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1 \ @@ -3423,7 +3427,8 @@ run_test "Small packet TLS 1.1 BlockCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ @@ -3432,7 +3437,8 @@ run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1 \ @@ -3457,7 +3463,8 @@ run_test "Small packet TLS 1.1 StreamCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -3466,7 +3473,8 @@ run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1 \ @@ -3498,7 +3506,8 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ @@ -3507,7 +3516,8 @@ run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1 \ @@ -3532,7 +3542,8 @@ run_test "Small packet TLS 1.2 StreamCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -3541,7 +3552,8 @@ run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1 \ @@ -3584,8 +3596,10 @@ run_test "Small packet DTLS 1.0, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet DTLS 1.0, truncated hmac" \ - "$P_SRV dtls=1 force_version=dtls1" \ - "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \ + "$P_SRV dtls=1 force_version=dtls1 \ + trunc_hmac=1" \ + "$P_CLI dtls=1 request_size=1 \ + trunc_hmac=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" @@ -3594,6 +3608,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \ "$P_SRV dtls=1 force_version=dtls1 \ + trunc_hmac=1 \ etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3621,7 +3636,8 @@ run_test "Small packet DTLS 1.2, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet DTLS 1.2, truncated hmac" \ - "$P_SRV dtls=1 force_version=dtls1_2" \ + "$P_SRV dtls=1 force_version=dtls1_2 \ + trunc_hmac=1" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ @@ -3632,6 +3648,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet DTLS 1.2, without EtM, truncated MAC" \ "$P_SRV dtls=1 force_version=dtls1_2 \ + trunc_hmac=1 \ etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ @@ -3683,7 +3700,8 @@ run_test "Large packet TLS 1.0 BlockCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ @@ -3692,7 +3710,8 @@ run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ @@ -3716,7 +3735,8 @@ run_test "Large packet TLS 1.0 StreamCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -3725,7 +3745,8 @@ run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1 etm=0" \ @@ -3748,7 +3769,8 @@ run_test "Large packet TLS 1.1 BlockCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ @@ -3757,7 +3779,8 @@ run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1 etm=0" \ @@ -3781,7 +3804,8 @@ run_test "Large packet TLS 1.1 StreamCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -3790,7 +3814,8 @@ run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1 etm=0" \ @@ -3820,7 +3845,8 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ @@ -3829,7 +3855,8 @@ run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV" \ + "$P_SRV \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1 etm=0" \ @@ -3852,7 +3879,8 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -3861,7 +3889,8 @@ run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1 etm=0" \ From 36ba8b683a5795675a3de94c6bb811fa38e4bad5 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 21 Nov 2017 09:55:33 +0000 Subject: [PATCH 0534/1059] Add changelog for mbedtls_ecdsa_sign fix --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index ded60d39f3..f350f5940b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Bugfix * Fix leap year calculation in x509_date_is_valid() to ensure that invalid dates on leap years with 100 and 400 intervals are handled correctly. Found by Nicholas Wilson. #694 + * Add a check for invalid private parameters in mbedtls_ecdsa_sign. + Reported by Yolan Romailler. = mbed TLS 2.6.0 branch released 2017-08-10 From 909f9a389a8f5ac5feff1977f7b85e90687373f3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 21 Nov 2017 17:10:12 +0000 Subject: [PATCH 0535/1059] Improve style in tests/ssl-opt.sh Try to avoid line breaks in server and client command line arguments to ease reading of test cases. --- tests/ssl-opt.sh | 232 +++++++++++++++-------------------------------- 1 file changed, 75 insertions(+), 157 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fa10e0e62d..b19cf6084f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -835,8 +835,7 @@ run_test "Truncated HMAC: client default, server default" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client disabled, server default" \ "$P_SRV debug_level=4" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=0" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 0 \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" @@ -844,8 +843,7 @@ run_test "Truncated HMAC: client disabled, server default" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client enabled, server default" \ "$P_SRV debug_level=4" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=1" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 0 \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" @@ -853,8 +851,7 @@ run_test "Truncated HMAC: client enabled, server default" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client enabled, server disabled" \ "$P_SRV debug_level=4 trunc_hmac=0" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=1" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 0 \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" @@ -862,8 +859,7 @@ run_test "Truncated HMAC: client enabled, server disabled" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client disabled, server enabled" \ "$P_SRV debug_level=4 trunc_hmac=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=0" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 0 \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" @@ -871,8 +867,7 @@ run_test "Truncated HMAC: client disabled, server enabled" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC: client enabled, server enabled" \ "$P_SRV debug_level=4 trunc_hmac=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=1" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 0 \ -S "dumping 'expected mac' (20 bytes)" \ -s "dumping 'expected mac' (10 bytes)" @@ -887,8 +882,7 @@ run_test "Truncated HMAC, DTLS: client default, server default" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC, DTLS: client disabled, server default" \ "$P_SRV dtls=1 debug_level=4" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=0" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 0 \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" @@ -896,8 +890,7 @@ run_test "Truncated HMAC, DTLS: client disabled, server default" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC, DTLS: client enabled, server default" \ "$P_SRV dtls=1 debug_level=4" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=1" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 0 \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" @@ -905,8 +898,7 @@ run_test "Truncated HMAC, DTLS: client enabled, server default" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC, DTLS: client enabled, server disabled" \ "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=1" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 0 \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" @@ -914,8 +906,7 @@ run_test "Truncated HMAC, DTLS: client enabled, server disabled" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC, DTLS: client disabled, server enabled" \ "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=0" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 0 \ -s "dumping 'expected mac' (20 bytes)" \ -S "dumping 'expected mac' (10 bytes)" @@ -923,8 +914,7 @@ run_test "Truncated HMAC, DTLS: client disabled, server enabled" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ - "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ - trunc_hmac=1" \ + "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 0 \ -S "dumping 'expected mac' (20 bytes)" \ -s "dumping 'expected mac' (10 bytes)" @@ -3355,22 +3345,17 @@ run_test "Small packet TLS 1.0 BlockCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1 \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3384,29 +3369,23 @@ run_test "Small packet TLS 1.0 StreamCipher" \ run_test "Small packet TLS 1.0 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ - "$P_CLI request_size=1 force_version=tls1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1 \ - etm=0" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ + "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ + trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3420,29 +3399,23 @@ run_test "Small packet TLS 1.1 BlockCipher" \ run_test "Small packet TLS 1.1 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1 \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3456,29 +3429,23 @@ run_test "Small packet TLS 1.1 StreamCipher" \ run_test "Small packet TLS 1.1 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1 \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3492,8 +3459,7 @@ run_test "Small packet TLS 1.2 BlockCipher" \ run_test "Small packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV" \ "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3506,22 +3472,17 @@ run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1 \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3535,29 +3496,23 @@ run_test "Small packet TLS 1.2 StreamCipher" \ run_test "Small packet TLS 1.2 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1 \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -3596,10 +3551,8 @@ run_test "Small packet DTLS 1.0, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet DTLS 1.0, truncated hmac" \ - "$P_SRV dtls=1 force_version=dtls1 \ - trunc_hmac=1" \ - "$P_CLI dtls=1 request_size=1 \ - trunc_hmac=1 \ + "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \ + "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" @@ -3607,12 +3560,9 @@ run_test "Small packet DTLS 1.0, truncated hmac" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \ - "$P_SRV dtls=1 force_version=dtls1 \ - trunc_hmac=1 \ - etm=0" \ + "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1"\ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 0 \ -s "Read from client: 1 bytes read" @@ -3626,8 +3576,7 @@ run_test "Small packet DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small packet DTLS 1.2, without EtM" \ - "$P_SRV dtls=1 force_version=dtls1_2 \ - etm=0" \ + "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \ "$P_CLI dtls=1 request_size=1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ @@ -3636,23 +3585,18 @@ run_test "Small packet DTLS 1.2, without EtM" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet DTLS 1.2, truncated hmac" \ - "$P_SRV dtls=1 force_version=dtls1_2 \ - trunc_hmac=1" \ + "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 1 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small packet DTLS 1.2, without EtM, truncated MAC" \ - "$P_SRV dtls=1 force_version=dtls1_2 \ - trunc_hmac=1 \ - etm=0" \ + "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1"\ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 0 \ -s "Read from client: 1 bytes read" @@ -3700,21 +3644,17 @@ run_test "Large packet TLS 1.0 BlockCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" @@ -3728,28 +3668,23 @@ run_test "Large packet TLS 1.0 StreamCipher" \ run_test "Large packet TLS 1.0 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1 etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 16384 bytes read" @@ -3769,21 +3704,17 @@ run_test "Large packet TLS 1.1 BlockCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1 etm=0" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 16384 bytes read" @@ -3797,28 +3728,23 @@ run_test "Large packet TLS 1.1 StreamCipher" \ run_test "Large packet TLS 1.1 StreamCipher, without EtM" \ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1 etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 16384 bytes read" @@ -3845,21 +3771,17 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV \ - trunc_hmac=1" \ + "$P_SRV trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ - trunc_hmac=1 etm=0" \ + force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 16384 bytes read" @@ -3879,21 +3801,17 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM" \ requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 0 \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ - "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1" \ + "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ - force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ - trunc_hmac=1 etm=0" \ + force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 0 \ -s "Read from client: 16384 bytes read" From 563423fb21d6d5dcbdd616af496038e2209c6f65 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 21 Nov 2017 17:20:17 +0000 Subject: [PATCH 0536/1059] Improve documentation of MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT option Explain more clearly when this option should be used and which versions of Mbed TLS build on the non-compliant implementation. --- include/mbedtls/config.h | 7 ++++--- library/ssl_tls.c | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index de49d3af96..fa935c798e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1369,9 +1369,10 @@ * Fallback to old, non-conforming implementation of the truncated * HMAC extension which also truncates the HMAC key. * - * \warning This should only be enabled temporarily when the use - * of truncated HMAC is mandatory *and* the peer is an Mbed TLS - * stack that doesn't use the fixed implementation yet. + * \warning This should only be enabled temporarily when (1) the use of + * truncated HMAC is essential in order to save bandwidth, and + * (2) the peer is an Mbed TLS stack that doesn't use the fixed + * implementation yet (version number <= 2.6.0). * * Uncomment to fallback to old, non-compliant truncated HMAC implementation. * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 62de5f2740..3cd1d62992 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -718,7 +718,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) /* Fall back to old, non-compliant version of the truncated - * HMAC implementation which also truncates the key. */ + * HMAC implementation which also truncates the key + * (Mbed TLS versions from 1.3 to 2.6.0) */ mac_key_len = transform->maclen; #endif } From 4c2ac7ef582505c780d957b96ee951e835d0e4e4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 21 Nov 2017 18:22:53 +0000 Subject: [PATCH 0537/1059] Deprecate MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT --- include/mbedtls/config.h | 3 +++ library/ssl_tls.c | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index fa935c798e..6082d46b83 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1374,6 +1374,9 @@ * (2) the peer is an Mbed TLS stack that doesn't use the fixed * implementation yet (version number <= 2.6.0). * + * \deprecated This option is deprecated and will likely be removed in a + * future version of Mbed TLS. + * * Uncomment to fallback to old, non-compliant truncated HMAC implementation. * * Requires: MBEDTLS_SSL_TRUNCATED_HMAC diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3cd1d62992..8bab9139fd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -721,6 +721,13 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * HMAC implementation which also truncates the key * (Mbed TLS versions from 1.3 to 2.6.0) */ mac_key_len = transform->maclen; + +#if defined(MBEDTLS_DEPRECATED_WARNING) +#warning MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT is deprecated and should only be \ + enabled temporarily when (1) the use of truncated HMAC is essential in order \ + to save bandwidth, and (2) the peer is an Mbed TLS stack that doesn not use the \ + fixed implementation yet (version number <= 2.6.0). +#endif #endif } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ From dab611a7b181ebc1f80c731b5f86895b1ece1cfe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Nov 2017 18:53:55 +0100 Subject: [PATCH 0538/1059] ChangeLog entry for ssl_parse_client_psk_identity fix --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 84a05d0035..113570810b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding + 64kB to the address of the SSL buffer wraps around. + = mbed TLS 2.5.1 released xxxx-xx-xx Security From 63073aa3d389500251fcda9bcb0eb3e9d4774f3d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 27 Nov 2017 15:33:18 +0000 Subject: [PATCH 0539/1059] Don't require P,Q in rsa_private in case of non-blinded non-CRT For non-CRT, P and Q are only used for the purpose of blinding the exponent. --- library/rsa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 56f434563a..35ace85c5f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -437,8 +437,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 ) + ( f_rng != NULL && mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) || + ( f_rng != NULL && mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 ) ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } From d4755deafac99abe708edb1ba13bcac0bbc4f007 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Nov 2017 13:31:12 +0100 Subject: [PATCH 0540/1059] add changelog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 84a05d0035..9cb4430a0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,7 @@ Security detect it sometimes. Reported by Hugo Leisink. #810 * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. + * Tighten should-be-constant-time memcmp against compiler optimizations. Bugfix * Remove size zero arrays from ECJPAKE test suite. Size zero arrays are not From 6e5dd79a437c5ea899b0c14d256caeb4e5f0a1ce Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 28 Nov 2017 14:34:04 +0000 Subject: [PATCH 0541/1059] Fix compilation warning on MSVC MSVC complains about the negation in `(uint32_t) -1u`. This commit fixes this by using `(uint32_t) -1` instead. --- library/net_sockets.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index edd0844168..2d1c1082ab 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -471,7 +471,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) tv.tv_usec = ( timeout % 1000 ) * 1000; ret = select( fd + 1, &read_fds, &write_fds, NULL, - timeout == (uint32_t) -1u ? NULL : &tv ); + timeout == (uint32_t) -1 ? NULL : &tv ); if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); From a0748019f1e56c6e19b8156f62cd08fbd7960aa8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 28 Nov 2017 16:48:51 +0200 Subject: [PATCH 0542/1059] Change KB to kB Change KB to kB, as this is the proper way to write kilo bytes --- programs/test/benchmark.c | 2 +- yotta/data/example-benchmark/README.md | 36 +++++++++++++------------- yotta/data/example-benchmark/main.cpp | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index d88bc57ee8..6b70b58e3d 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -126,7 +126,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu KB/s, %9lu cycles/byte\n", \ + mbedtls_printf( "%9lu kB/s, %9lu cycles/byte\n", \ ii * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \ } while( 0 ) diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 8397f5e4a9..92d90122d0 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -56,24 +56,24 @@ To build and run this example you must have: {{start}} - SHA-1 : 3644 KB/s, 32 cycles/byte - SHA-256 : 1957 KB/s, 59 cycles/byte - SHA-512 : 587 KB/s, 200 cycles/byte - AES-CBC-128 : 1359 KB/s, 86 cycles/byte - AES-CBC-192 : 1183 KB/s, 99 cycles/byte - AES-CBC-256 : 1048 KB/s, 111 cycles/byte - AES-GCM-128 : 421 KB/s, 279 cycles/byte - AES-GCM-192 : 403 KB/s, 292 cycles/byte - AES-GCM-256 : 385 KB/s, 305 cycles/byte - AES-CCM-128 : 542 KB/s, 216 cycles/byte - AES-CCM-192 : 484 KB/s, 242 cycles/byte - AES-CCM-256 : 437 KB/s, 268 cycles/byte - CTR_DRBG (NOPR) : 1002 KB/s, 117 cycles/byte - CTR_DRBG (PR) : 705 KB/s, 166 cycles/byte - HMAC_DRBG SHA-1 (NOPR) : 228 KB/s, 517 cycles/byte - HMAC_DRBG SHA-1 (PR) : 210 KB/s, 561 cycles/byte - HMAC_DRBG SHA-256 (NOPR) : 212 KB/s, 557 cycles/byte - HMAC_DRBG SHA-256 (PR) : 185 KB/s, 637 cycles/byte + SHA-1 : 3644 kB/s, 32 cycles/byte + SHA-256 : 1957 kB/s, 59 cycles/byte + SHA-512 : 587 kB/s, 200 cycles/byte + AES-CBC-128 : 1359 kB/s, 86 cycles/byte + AES-CBC-192 : 1183 kB/s, 99 cycles/byte + AES-CBC-256 : 1048 kB/s, 111 cycles/byte + AES-GCM-128 : 421 kB/s, 279 cycles/byte + AES-GCM-192 : 403 kB/s, 292 cycles/byte + AES-GCM-256 : 385 kB/s, 305 cycles/byte + AES-CCM-128 : 542 kB/s, 216 cycles/byte + AES-CCM-192 : 484 kB/s, 242 cycles/byte + AES-CCM-256 : 437 kB/s, 268 cycles/byte + CTR_DRBG (NOPR) : 1002 kB/s, 117 cycles/byte + CTR_DRBG (PR) : 705 kB/s, 166 cycles/byte + HMAC_DRBG SHA-1 (NOPR) : 228 kB/s, 517 cycles/byte + HMAC_DRBG SHA-1 (PR) : 210 kB/s, 561 cycles/byte + HMAC_DRBG SHA-256 (NOPR) : 212 kB/s, 557 cycles/byte + HMAC_DRBG SHA-256 (PR) : 185 kB/s, 637 cycles/byte RSA-2048 : 41 ms/ public RSA-2048 : 1349 ms/private RSA-4096 : 134 ms/ public diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp index 36cfc0e27b..44e66d9bc9 100644 --- a/yotta/data/example-benchmark/main.cpp +++ b/yotta/data/example-benchmark/main.cpp @@ -229,7 +229,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu KB/s, %9lu cycles/byte\r\n", \ + mbedtls_printf( "%9lu kB/s, %9lu cycles/byte\r\n", \ i * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \ } while( 0 ) From d742b748388e550e2f5ba3f03c6aa10fc3a7dc6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Nov 2017 17:40:56 +0100 Subject: [PATCH 0543/1059] Add ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 40b4fae44d..a65b7ae87b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,7 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 0728d69d6d1a096d77d95824cabedfb1b86a9bfa Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 29 Nov 2017 12:08:35 +0200 Subject: [PATCH 0544/1059] Change kB to KiB Change the style of the units to KiB, according to https://docs.mbed.com/docs/writing-and-publishing-guides/en/latest/units/ --- programs/test/benchmark.c | 2 +- yotta/data/example-benchmark/README.md | 36 +++++++++++++------------- yotta/data/example-benchmark/main.cpp | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 6b70b58e3d..a2677af7be 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -126,7 +126,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu kB/s, %9lu cycles/byte\n", \ + mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\n", \ ii * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \ } while( 0 ) diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 92d90122d0..3b66916e5c 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -56,24 +56,24 @@ To build and run this example you must have: {{start}} - SHA-1 : 3644 kB/s, 32 cycles/byte - SHA-256 : 1957 kB/s, 59 cycles/byte - SHA-512 : 587 kB/s, 200 cycles/byte - AES-CBC-128 : 1359 kB/s, 86 cycles/byte - AES-CBC-192 : 1183 kB/s, 99 cycles/byte - AES-CBC-256 : 1048 kB/s, 111 cycles/byte - AES-GCM-128 : 421 kB/s, 279 cycles/byte - AES-GCM-192 : 403 kB/s, 292 cycles/byte - AES-GCM-256 : 385 kB/s, 305 cycles/byte - AES-CCM-128 : 542 kB/s, 216 cycles/byte - AES-CCM-192 : 484 kB/s, 242 cycles/byte - AES-CCM-256 : 437 kB/s, 268 cycles/byte - CTR_DRBG (NOPR) : 1002 kB/s, 117 cycles/byte - CTR_DRBG (PR) : 705 kB/s, 166 cycles/byte - HMAC_DRBG SHA-1 (NOPR) : 228 kB/s, 517 cycles/byte - HMAC_DRBG SHA-1 (PR) : 210 kB/s, 561 cycles/byte - HMAC_DRBG SHA-256 (NOPR) : 212 kB/s, 557 cycles/byte - HMAC_DRBG SHA-256 (PR) : 185 kB/s, 637 cycles/byte + SHA-1 : 3644 KiB/s, 32 cycles/byte + SHA-256 : 1957 KiB/s, 59 cycles/byte + SHA-512 : 587 KiB/s, 200 cycles/byte + AES-CBC-128 : 1359 KiB/s, 86 cycles/byte + AES-CBC-192 : 1183 KiB/s, 99 cycles/byte + AES-CBC-256 : 1048 KiB/s, 111 cycles/byte + AES-GCM-128 : 421 KiB/s, 279 cycles/byte + AES-GCM-192 : 403 KiB/s, 292 cycles/byte + AES-GCM-256 : 385 KiB/s, 305 cycles/byte + AES-CCM-128 : 542 KiB/s, 216 cycles/byte + AES-CCM-192 : 484 KiB/s, 242 cycles/byte + AES-CCM-256 : 437 KiB/s, 268 cycles/byte + CTR_DRBG (NOPR) : 1002 KiB/s, 117 cycles/byte + CTR_DRBG (PR) : 705 KiB/s, 166 cycles/byte + HMAC_DRBG SHA-1 (NOPR) : 228 KiB/s, 517 cycles/byte + HMAC_DRBG SHA-1 (PR) : 210 KiB/s, 561 cycles/byte + HMAC_DRBG SHA-256 (NOPR) : 212 KiB/s, 557 cycles/byte + HMAC_DRBG SHA-256 (PR) : 185 KiB/s, 637 cycles/byte RSA-2048 : 41 ms/ public RSA-2048 : 1349 ms/private RSA-4096 : 134 ms/ public diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp index 44e66d9bc9..d13cde550a 100644 --- a/yotta/data/example-benchmark/main.cpp +++ b/yotta/data/example-benchmark/main.cpp @@ -229,7 +229,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu kB/s, %9lu cycles/byte\r\n", \ + mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\r\n", \ i * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \ } while( 0 ) From c5380649d94e69764e261548087e365262cf4e2e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 28 Nov 2017 19:57:51 +0000 Subject: [PATCH 0545/1059] Change value of MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE Change the value of the error MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE to 0x0023 to ensure the errors in the AES module are all in a continuous range. --- include/mbedtls/aes.h | 5 ++++- include/mbedtls/error.h | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 660ec2addc..f1c3d3a8c8 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -36,9 +36,12 @@ #define MBEDTLS_AES_ENCRYPT 1 #define MBEDTLS_AES_DECRYPT 0 +/* Error codes in range 0x0020-0x0022 */ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ -#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x006E /**< Feature not available, e.g. unsupported AES key size. */ + +/* Error codes in range 0x0023-0x0023 */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available, e.g. unsupported AES key size. */ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8dfeb6221b..5fffb0d222 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -52,7 +52,7 @@ * GCM 2 0x0012-0x0014 * BLOWFISH 2 0x0016-0x0018 * THREADING 3 0x001A-0x001E - * AES 2 0x0020-0x0022 0x006E-0x006E + * AES 2 0x0020-0x0022 0x0023-0x0023 * CAMELLIA 2 0x0024-0x0026 * XTEA 1 0x0028-0x0028 * BASE64 2 0x002A-0x002C From 702dfbcf1374ad4af09df291b4dad217ee78ef72 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 29 Nov 2017 16:35:46 +0000 Subject: [PATCH 0546/1059] Improve documentation of truncated HMAC fallback option --- include/mbedtls/config.h | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6082d46b83..6a04d6e65b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1366,13 +1366,17 @@ /** * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT * - * Fallback to old, non-conforming implementation of the truncated - * HMAC extension which also truncates the HMAC key. + * Fallback to old (pre-2.7), non-conforming implementation of the truncated + * HMAC extension which also truncates the HMAC key. Note that this option is + * only meant for a transitory upgrade period and is likely to be removed in + * a future version of the library. * - * \warning This should only be enabled temporarily when (1) the use of - * truncated HMAC is essential in order to save bandwidth, and - * (2) the peer is an Mbed TLS stack that doesn't use the fixed - * implementation yet (version number <= 2.6.0). + * \warning The old implementation is non-compliant and has a security weakness + * (2^80 brute force attack on the HMAC key used for a single, + * uninterrupted connection). This should only be enabled temporarily + * when (1) the use of truncated HMAC is essential in order to save + * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use + * the fixed implementation yet (pre-2.7). * * \deprecated This option is deprecated and will likely be removed in a * future version of Mbed TLS. From 1df4923eb16086585c16102a9862f88b6108ac4b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 29 Nov 2017 16:36:02 +0000 Subject: [PATCH 0547/1059] Remove compile-time deprecation warning for TRUNCATED_HMAC_COMPAT --- library/ssl_tls.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8bab9139fd..3cd1d62992 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -721,13 +721,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * HMAC implementation which also truncates the key * (Mbed TLS versions from 1.3 to 2.6.0) */ mac_key_len = transform->maclen; - -#if defined(MBEDTLS_DEPRECATED_WARNING) -#warning MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT is deprecated and should only be \ - enabled temporarily when (1) the use of truncated HMAC is essential in order \ - to save bandwidth, and (2) the peer is an Mbed TLS stack that doesn not use the \ - fixed implementation yet (version number <= 2.6.0). -#endif #endif } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ From 004198adb348f1c0de079065096267d95b833f95 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 29 Nov 2017 16:57:06 +0000 Subject: [PATCH 0548/1059] Update ChangeLog --- ChangeLog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fcf1019564..1ea2a2ba25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,14 +9,16 @@ Security corrupt 6 bytes on the peer's heap, potentially leading to crash or remote code execution. This can be triggered remotely from either side in both TLS and DTLS. + * Fix implementation of truncated HMAC extension leading to + compatibility problems with non Mbed TLS peers and allowing + an offline 2^80 brute force attack on the HMAC key of a single, + uninterrupted (excluding session resumption) connection. + Found by Andreas Walz. Features * Allow comments in test data files. Bugfix - * Fix wrong implementation of truncated HMAC extension leading to - compatibility problems with peers not running Mbed TLS. Found by - Andreas Walz. * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. From 832f349f93af536128789f6efc914d88b735197c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2017 11:42:12 +0100 Subject: [PATCH 0549/1059] Fix build without MBEDTLS_FS_IO Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is disabled in the configuration. Introduced by e7707228b4c696549017fbf0fcb5aaae552e4bde Merge remote-tracking branch 'upstream-public/pr/1062' into development --- library/pkparse.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 968c83fa08..387111f096 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -60,12 +60,15 @@ #define mbedtls_free free #endif -#if defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_FS_IO) || \ + defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +#endif +#if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. * From da519251d45e7f62951c6b76852c4f31eed9bb46 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2017 13:22:04 +0100 Subject: [PATCH 0550/1059] Add --no-yotta option to all.sh The Yotta tools break in some environments and it's useful to be able to run the rest of all.sh nonetheless. --- tests/scripts/all.sh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 838b541241..77deecbc9c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -36,6 +36,7 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 RELEASE=0 +YOTTA=1 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -61,6 +62,7 @@ usage() printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" printf " -s|--seed\t\tInteger seed value to use for this test run.\n" printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n" + printf " --no-yotta\t\tSkip yotta build\n" printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" @@ -138,6 +140,9 @@ while [ $# -gt 0 ]; do --release-test|-r) RELEASE=1 ;; + --no-yotta) + YOTTA=0 + ;; --out-of-source-dir) shift OUT_OF_SOURCE_DIR="$1" @@ -183,12 +188,14 @@ while [ $# -gt 0 ]; do done if [ $FORCE -eq 1 ]; then - rm -rf yotta/module "$OUT_OF_SOURCE_DIR" + if [ $YOTTA -eq 1 ]; then + rm -rf yotta/module "$OUT_OF_SOURCE_DIR" + fi git checkout-index -f -q $CONFIG_H cleanup else - if [ -d yotta/module ]; then + if [ $YOTTA -eq 1 ] && [ -d yotta/module ]; then err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'" echo "You can either delete your work and retry, or force the test to overwrite the" echo "test by rerunning the script as: $0 --force" @@ -283,11 +290,13 @@ msg "test: doxygen warnings" # ~ 3s cleanup tests/scripts/doxygen.sh -# Note - use of yotta is deprecated, and yotta also requires armcc to be on the -# path, and uses whatever version of armcc it finds there. -msg "build: create and build yotta module" # ~ 30s -cleanup -tests/scripts/yotta-build.sh +if [ $YOTTA -ne 0 ]; then + # Note - use of yotta is deprecated, and yotta also requires armcc to be + # on the path, and uses whatever version of armcc it finds there. + msg "build: create and build yotta module" # ~ 30s + cleanup + tests/scripts/yotta-build.sh +fi msg "build: cmake, gcc, ASan" # ~ 1 min 50s cleanup From b592f322913580ba10ff469ab49c92f54020c1bb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Dec 2017 23:30:43 +0100 Subject: [PATCH 0551/1059] Added ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index e8d1da5c98..7fa5389ecf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,7 @@ Bugfix * Fix a potential integer overflow in the version verification for DER encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. + * Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of From 8acce8517595f83067091850f3a472c70d3a1fd4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Dec 2017 23:46:40 +0100 Subject: [PATCH 0552/1059] Added ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 0f7bae5197..34a1aa8c6d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -67,6 +67,7 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix incorrect unit in benchmark output. #850 Features * Exposed parts of the Elliptic Curve Point internal interface, to provide From a5e68979cabc0883935fafd3e5cc86418e6a4239 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Dec 2017 08:35:02 +0000 Subject: [PATCH 0553/1059] Resolve integer type conversion problem on MSVC MSVC rightfully complained that there was some conversion from `size_t` to `unsigned int` that could come with a loss of data. This commit re-types the corresponding struct field `ctx_buffer::len` to `size_t`. Also, the function `ctx_buffer_append` has an integer return value which is supposed to be the (positive) length of the appended data on success, and a check is inserted that the data to be appended does not exceed MAX_INT in length. --- programs/test/udp_proxy.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 0dec40932a..5797f3d69c 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -311,7 +311,7 @@ typedef struct unsigned num_datagrams; unsigned char data[MAX_MSG_SIZE]; - unsigned len; + size_t len; } ctx_buffer; @@ -323,7 +323,7 @@ static int ctx_buffer_flush( ctx_buffer *buf ) mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n", ellapsed_time(), buf->description, - buf->len, buf->num_datagrams, + (unsigned) buf->len, buf->num_datagrams, ellapsed_time() - buf->packet_lifetime ); ret = mbedtls_net_send( buf->ctx, buf->data, buf->len ); @@ -353,6 +353,9 @@ static int ctx_buffer_append( ctx_buffer *buf, { int ret; + if( len > (size_t) INT_MAX ) + return( -1 ); + if( len > sizeof( buf->data ) ) { mbedtls_printf( " ! buffer size %u too large (max %u)\n", @@ -372,7 +375,7 @@ static int ctx_buffer_append( ctx_buffer *buf, if( ++buf->num_datagrams == 1 ) buf->packet_lifetime = ellapsed_time(); - return( len ); + return( (int) len ); } #endif /* MBEDTLS_TIMING_C */ From 25d6d1a1df3c9ddc077ae62468e4fc5ae06a607d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Dec 2017 08:22:51 +0000 Subject: [PATCH 0554/1059] Correct record header size in case of TLS The previous commit reduced the internal header size to 5 bytes in case of TLS. This is not a valid since in that situation Mbed TLS internally uses the first 8 bytes of the message buffer for the implicit record sequence number. --- include/mbedtls/ssl_internal.h | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 3ce4945650..4764095470 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -158,14 +158,10 @@ #error Bad configuration - protected record payload too large. #endif -#if !defined(MBEDTLS_SSL_PROTO_DTLS) -/* https://tools.ietf.org/html/rfc5246#section-6.2 */ -#define MBEDTLS_SSL_HEADER_LEN 5 -#else -/* https://tools.ietf.org/html/rfc6347#section-4.1 */ -/* 8 additional bytes for epoch and sequence number */ +/* Note: Even though the TLS record header is only 5 bytes + long, we're internally using 8 bytes to store the + implicit sequence number. */ #define MBEDTLS_SSL_HEADER_LEN 13 -#endif #define MBEDTLS_SSL_BUFFER_LEN \ ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) ) From 5dcae51cd981bafefc7c6546543267f7944b3008 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Dec 2017 15:03:22 +0000 Subject: [PATCH 0555/1059] Add affiliation of bug reporter to credits in the ChangeLog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1ea2a2ba25..a15bdd1532 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,7 +13,8 @@ Security compatibility problems with non Mbed TLS peers and allowing an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted (excluding session resumption) connection. - Found by Andreas Walz. + Found by Andreas Walz (ivESK, Offenburg University of Applied + Sciences). Features * Allow comments in test data files. From 86ffd80456f154b7a44b512d3e9aae23653bae6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 Dec 2017 20:04:13 +0100 Subject: [PATCH 0556/1059] Register new error code in error.h --- include/mbedtls/error.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 31591e2d64..d51bcdec36 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -75,7 +75,7 @@ * PKCS5 2 4 (Started from top) * DHM 3 9 * PK 3 14 (Started from top) - * RSA 4 9 + * RSA 4 10 * ECP 4 8 (Started from top) * MD 5 4 * CIPHER 6 6 From 1434a365a64e7f95626f8ffa0fb08d912a1119fd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Dec 2017 11:24:49 +0000 Subject: [PATCH 0557/1059] Don't split error code description across multiple lines --- include/mbedtls/rsa.h | 3 +-- library/error.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 562395f2b4..d04e71d58c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -48,8 +48,7 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ -#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, - e.g. because of security violations or lack of functionality */ +#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality */ /* * RSA constants diff --git a/library/error.c b/library/error.c index 66e6aa23c7..23e4953fca 100644 --- a/library/error.c +++ b/library/error.c @@ -332,8 +332,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) - mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, "\ - "e.g. because of security violations or lack of functionality" ); + mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) From 418b536028a29dada69440186266a4a2f763dc34 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 14 Dec 2017 18:58:42 +0100 Subject: [PATCH 0558/1059] wait_server_start: minor efficiency improvement In wait_server_start, fork less. When lsof is present, call it on the expected process. This saves a few percent of execution time on a lightly loaded machine. Also, sleep for a short duration rather than using a tight loop. --- tests/ssl-opt.sh | 54 +++++++++++++++++++++--------------------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 326dcad64a..fa785a4f1e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -286,40 +286,32 @@ has_mem_err() { fi } -# wait for server to start: two versions depending on lsof availability -wait_server_start() { - if which lsof >/dev/null 2>&1; then - START_TIME=$( date +%s ) - DONE=0 - - # make a tight loop, server usually takes less than 1 sec to start +# Wait for process $2 to be listening on port $1 +if type lsof >/dev/null 2>/dev/null; then + wait_server_start() { + START_TIME=$(date +%s) if [ "$DTLS" -eq 1 ]; then - while [ $DONE -eq 0 ]; do - if lsof -nbi UDP:"$SRV_PORT" 2>/dev/null | grep UDP >/dev/null - then - DONE=1 - elif [ $(( $( date +%s ) - $START_TIME )) -gt $DOG_DELAY ]; then - echo "SERVERSTART TIMEOUT" - echo "SERVERSTART TIMEOUT" >> $SRV_OUT - DONE=1 - fi - done + proto=UDP else - while [ $DONE -eq 0 ]; do - if lsof -nbi TCP:"$SRV_PORT" 2>/dev/null | grep LISTEN >/dev/null - then - DONE=1 - elif [ $(( $( date +%s ) - $START_TIME )) -gt $DOG_DELAY ]; then - echo "SERVERSTART TIMEOUT" - echo "SERVERSTART TIMEOUT" >> $SRV_OUT - DONE=1 - fi - done + proto=TCP fi - else + # Make a tight loop, server normally takes less than 1s to start. + while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do + if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then + echo "SERVERSTART TIMEOUT" + echo "SERVERSTART TIMEOUT" >> $SRV_OUT + break + fi + # Linux and *BSD support decimal arguments to sleep. On other + # OSes this may be a tight loop. + sleep 0.1 2>/dev/null || true + done + } +else + wait_server_start() { sleep "$START_DELAY" - fi -} + } +fi # Given the client or server debug output, parse the unix timestamp that is # included in the first 4 bytes of the random bytes and check that it's within @@ -466,7 +458,7 @@ run_test() { echo "$SRV_CMD" > $SRV_OUT provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & SRV_PID=$! - wait_server_start + wait_server_start "$SRV_PORT" "$SRV_PID" echo "$CLI_CMD" > $CLI_OUT eval "$CLI_CMD" >> $CLI_OUT 2>&1 & From 12c49c7f7cccdf16f443b55bcc145d372d1e10d1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 14 Dec 2017 19:02:00 +0100 Subject: [PATCH 0559/1059] compat.sh: use wait_server_start Port wait_server_start from ssl-opt.sh to compat.sh, instead of just using "sleep 1". This solves the problem that on a heavily loaded machine, sleep 1 is sometimes not enough (we had CI failures because of this). This is also faster on a lightly-loaded machine (execution time reduced from ~8min to ~6min on my machine). --- tests/compat.sh | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/tests/compat.sh b/tests/compat.sh index c5074cb7ed..958d618542 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -866,6 +866,33 @@ has_mem_err() { fi } +# Wait for process $2 to be listening on port $1 +if type lsof >/dev/null 2>/dev/null; then + wait_server_start() { + START_TIME=$(date +%s) + if is_dtls "$MODE"; then + proto=UDP + else + proto=TCP + fi + while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do + if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then + echo "SERVERSTART TIMEOUT" + echo "SERVERSTART TIMEOUT" >> $SRV_OUT + break + fi + # Linux and *BSD support decimal arguments to sleep. On other + # OSes this may be a tight loop. + sleep 0.1 2>/dev/null || true + done + } +else + wait_server_start() { + sleep 1 + } +fi + + # start_server # also saves name and command start_server() { @@ -895,7 +922,7 @@ start_server() { while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 & PROCESS_ID=$! - sleep 1 + wait_server_start "$PORT" "$PROCESS_ID" } # terminate the running server From 464147cadc694379b7717afb7b517fe05cdb323f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Dec 2017 18:04:59 +0100 Subject: [PATCH 0560/1059] Fix SSLv3 MAC computation In a previous PR (Fix heap corruption in implementation of truncated HMAC extension #425) the place where MAC is computed was changed from the end of the SSL I/O buffer to a local buffer (then (part of) the content of the local buffer is either copied to the output buffer of compare to the input buffer). Unfortunately, this change was made only for TLS 1.0 and later, leaving SSL 3.0 in an inconsistent state due to ssl_mac() still writing to the old, hard-coded location, which, for MAC verification, resulted in later comparing the end of the input buffer (containing the computed MAC) to the local buffer (uninitialised), most likely resulting in MAC verification failure, hence no interop (even with ourselves). This commit completes the move to using a local buffer by using this strategy for SSL 3.0 too. Fortunately ssl_mac() was static so it's not a problem to change its signature. --- library/ssl_tls.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a8aa1c04ff..b977cfbeeb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1203,9 +1203,11 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch /* * SSLv3.0 MAC functions */ -static void ssl_mac( mbedtls_md_context_t *md_ctx, unsigned char *secret, - unsigned char *buf, size_t len, - unsigned char *ctr, int type ) +static void ssl_mac( mbedtls_md_context_t *md_ctx, + const unsigned char *secret, + const unsigned char *buf, size_t len, + const unsigned char *ctr, int type, + unsigned char out[20] ) { unsigned char header[11]; unsigned char padding[48]; @@ -1230,14 +1232,14 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, unsigned char *secret, mbedtls_md_update( md_ctx, padding, padlen ); mbedtls_md_update( md_ctx, header, 11 ); mbedtls_md_update( md_ctx, buf, len ); - mbedtls_md_finish( md_ctx, buf + len ); + mbedtls_md_finish( md_ctx, out ); memset( padding, 0x5C, padlen ); mbedtls_md_starts( md_ctx ); mbedtls_md_update( md_ctx, secret, md_size ); mbedtls_md_update( md_ctx, padding, padlen ); - mbedtls_md_update( md_ctx, buf + len, md_size ); - mbedtls_md_finish( md_ctx, buf + len ); + mbedtls_md_update( md_ctx, out, md_size ); + mbedtls_md_finish( md_ctx, out ); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -1282,10 +1284,15 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_SSL3) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { + unsigned char mac[20]; /* SHA-1 at most */ + ssl_mac( &ssl->transform_out->md_ctx_enc, ssl->transform_out->mac_enc, ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype ); + ssl->out_ctr, ssl->out_msgtype, + mac ); + + memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen ); } else #endif @@ -1932,7 +1939,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) ssl_mac( &ssl->transform_in->md_ctx_dec, ssl->transform_in->mac_dec, ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype ); + ssl->in_ctr, ssl->in_msgtype, + mac_expect ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ From b053efb2954a954415369b42a9249282ec401876 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 19 Dec 2017 10:03:46 +0100 Subject: [PATCH 0561/1059] Fix magic constant in previous commit --- library/ssl_tls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b977cfbeeb..d8df513530 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1203,11 +1203,12 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch /* * SSLv3.0 MAC functions */ +#define SSL_MAC_MAX_BYTES 20 /* MD-5 or SHA-1 */ static void ssl_mac( mbedtls_md_context_t *md_ctx, const unsigned char *secret, const unsigned char *buf, size_t len, const unsigned char *ctr, int type, - unsigned char out[20] ) + unsigned char out[SSL_MAC_MAX_BYTES] ) { unsigned char header[11]; unsigned char padding[48]; @@ -1284,7 +1285,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_SSL3) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { - unsigned char mac[20]; /* SHA-1 at most */ + unsigned char mac[SSL_MAC_MAX_BYTES]; ssl_mac( &ssl->transform_out->md_ctx_enc, ssl->transform_out->mac_enc, From a268da9478f3bfc316aeb83a7443048b9ab41d07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 Dec 2017 12:52:49 +0100 Subject: [PATCH 0562/1059] Fix undefined function in platform.c The bug was introduced in 79a2e7ef069d6 and is not present in the default configuration, which let it go unnoticed so far. --- library/platform.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/platform.c b/library/platform.c index b882b659d8..76df7fac18 100644 --- a/library/platform.c +++ b/library/platform.c @@ -29,6 +29,14 @@ #include "mbedtls/platform.h" +#if defined(MBEDTLS_ENTROPY_NV_SEED) && \ + !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; +} +#endif + #if defined(MBEDTLS_PLATFORM_MEMORY) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) static void *platform_calloc_uninit( size_t n, size_t size ) From a0af95f052fa734c662dfe420d3e34e6ed777ed5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 20:10:46 +0200 Subject: [PATCH 0563/1059] Timing: fix mbedtls_set_alarm(0) on Unix/POSIX The POSIX/Unix implementation of mbedtls_set_alarm did not set the mbedtls_timing_alarmed flag when called with 0, which was inconsistent with what the documentation implied and with the Windows behavior. --- ChangeLog | 1 + library/timing.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index b3d4d519af..bfba279b9a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,7 @@ Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Fix mbedtls_timing_alarm(0) on Unix. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/timing.c b/library/timing.c index a7c7ff0279..4576f317de 100644 --- a/library/timing.c +++ b/library/timing.c @@ -315,6 +315,12 @@ void mbedtls_set_alarm( int seconds ) mbedtls_timing_alarmed = 0; signal( SIGALRM, sighandler ); alarm( seconds ); + if( seconds == 0 ) + { + /* alarm(0) cancelled any previous pending alarm, but the + handler won't fire, so raise the flag straight away. */ + mbedtls_timing_alarmed = 1; + } } #endif /* _WIN32 && !EFIX64 && !EFI32 */ From a9edc4805b5e73885eb3ca1e9fe905e7321c226a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 19:46:45 +0200 Subject: [PATCH 0564/1059] timing interface documentation: minor clarifications --- include/mbedtls/timing.h | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index ae7a713e7a..579de33101 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -1,7 +1,7 @@ /** * \file timing.h * - * \brief Portable interface to the CPU cycle counter + * \brief Portable interface to timeouts and to the CPU cycle counter * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -65,6 +65,9 @@ extern volatile int mbedtls_timing_alarmed; * \warning This is only a best effort! Do not rely on this! * In particular, it is known to be unreliable on virtual * machines. + * + * \note This value starts at an unspecified origin and + * may wrap around. */ unsigned long mbedtls_timing_hardclock( void ); @@ -73,6 +76,8 @@ unsigned long mbedtls_timing_hardclock( void ); * * \param val points to a timer structure * \param reset if set to 1, the timer is restarted + * + * \return Elapsed time in ms (before the reset, if there is a reset) */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); @@ -80,6 +85,7 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int * \brief Setup an alarm clock * * \param seconds delay before the "mbedtls_timing_alarmed" flag is set + * (must be >=0) * * \warning Only one alarm at a time is supported. In a threaded * context, this means one for the whole process, not one per @@ -91,11 +97,15 @@ void mbedtls_set_alarm( int seconds ); * \brief Set a pair of delays to watch * (See \c mbedtls_timing_get_delay().) * - * \param data Pointer to timing data + * \param data Pointer to timing data. * Must point to a valid \c mbedtls_timing_delay_context struct. * \param int_ms First (intermediate) delay in milliseconds. + * The effect if int_ms > fin_ms is unspecified. * \param fin_ms Second (final) delay in milliseconds. * Pass 0 to cancel the current delay. + * + * \note To set a single delay, either use \c mbedtls_timing_set_timer + * directly or use this function with int_ms == fin_ms. */ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); @@ -106,7 +116,7 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); * \param data Pointer to timing data * Must point to a valid \c mbedtls_timing_delay_context struct. * - * \return -1 if cancelled (fin_ms = 0) + * \return -1 if cancelled (fin_ms = 0), * 0 if none of the delays are passed, * 1 if only the intermediate delay is passed, * 2 if the final delay is passed. From d92f0aa3bec86b7b74cd4c7372b9a4b5323b0cfc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Oct 2017 19:33:06 +0200 Subject: [PATCH 0565/1059] mbedtls_timing_get_timer: don't use uninitialized memory mbedtls_timing_get_timer with reset=1 is called both to initialize a timer object and to reset an already-initialized object. In an initial call, the content of the data structure is indeterminate, so the code should not read from it. This could crash if signed overflows trap, for example. As a consequence, on reset, we can't return the previously elapsed time as was previously done on Windows. Return 0 as was done on Unix. --- ChangeLog | 1 + include/mbedtls/timing.h | 13 ++++++++++-- library/timing.c | 45 ++++++++++++++++++++-------------------- 3 files changed, 35 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index bfba279b9a..2061be0f2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Bugfix Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. * Fix mbedtls_timing_alarm(0) on Unix. + * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 579de33101..bfb8579a07 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -75,9 +75,18 @@ unsigned long mbedtls_timing_hardclock( void ); * \brief Return the elapsed time in milliseconds * * \param val points to a timer structure - * \param reset if set to 1, the timer is restarted + * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. * - * \return Elapsed time in ms (before the reset, if there is a reset) + * \return Elapsed time since the previous reset in ms. When + * restarting, this is always 0. + * + * \note To initialize a timer, call this function with reset=1. + * + * Determining the elapsed time and resetting the timer is not + * atomic on all platforms, so after the sequence + * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = + * get_timer(0) }` the value time1+time2 is only approximately + * the delay since the first reset. */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); diff --git a/library/timing.c b/library/timing.c index 4576f317de..a6067d06d9 100644 --- a/library/timing.c +++ b/library/timing.c @@ -244,21 +244,23 @@ volatile int mbedtls_timing_alarmed = 0; unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) { - unsigned long delta; - LARGE_INTEGER offset, hfreq; struct _hr_time *t = (struct _hr_time *) val; - QueryPerformanceCounter( &offset ); - QueryPerformanceFrequency( &hfreq ); - - delta = (unsigned long)( ( 1000 * - ( offset.QuadPart - t->start.QuadPart ) ) / - hfreq.QuadPart ); - if( reset ) + { QueryPerformanceCounter( &t->start ); - - return( delta ); + return( 0 ); + } + else + { + unsigned long delta; + LARGE_INTEGER now, hfreq; + QueryPerformanceCounter( &now ); + QueryPerformanceFrequency( &hfreq ); + delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul + / hfreq.QuadPart ); + return( delta ); + } } /* It's OK to use a global because alarm() is supposed to be global anyway */ @@ -285,23 +287,22 @@ void mbedtls_set_alarm( int seconds ) unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) { - unsigned long delta; - struct timeval offset; struct _hr_time *t = (struct _hr_time *) val; - gettimeofday( &offset, NULL ); - if( reset ) { - t->start.tv_sec = offset.tv_sec; - t->start.tv_usec = offset.tv_usec; + gettimeofday( &t->start, NULL ); return( 0 ); } - - delta = ( offset.tv_sec - t->start.tv_sec ) * 1000 - + ( offset.tv_usec - t->start.tv_usec ) / 1000; - - return( delta ); + else + { + unsigned long delta; + struct timeval now; + gettimeofday( &now, NULL ); + delta = ( now.tv_sec - t->start.tv_sec ) * 1000ul + + ( now.tv_usec - t->start.tv_usec ) / 1000; + return( delta ); + } } static void sighandler( int signum ) From 0827d5c07d35cb60bcb5b09a06187852c4edd3c9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 20:09:26 +0200 Subject: [PATCH 0566/1059] Timing self test: print some diagnosis information Print some not-very-nice-looking but helpful diagnosis information if the timing selftest fails. Since the failures tend to be due to heavy system load that's hard to reproduce, this information is necessary to understand what's going on. --- library/timing.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/library/timing.c b/library/timing.c index a6067d06d9..744e1e7900 100644 --- a/library/timing.c +++ b/library/timing.c @@ -385,13 +385,21 @@ static void busy_msleep( unsigned long msec ) (void) j; } -#define FAIL do \ -{ \ - if( verbose != 0 ) \ - mbedtls_printf( "failed\n" ); \ - \ - return( 1 ); \ -} while( 0 ) +#define FAIL do \ + { \ + if( verbose != 0 ) \ + { \ + mbedtls_printf( "failed at line %d\n", __LINE__ ); \ + mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \ + cycles, ratio, millisecs, secs, hardfail, \ + (unsigned long) a, (unsigned long) b ); \ + mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \ + mbedtls_timing_get_timer( &hires, 0 ), \ + mbedtls_timing_get_timer( &ctx.timer, 0 ), \ + mbedtls_timing_get_delay( &ctx ) ); \ + } \ + return( 1 ); \ + } while( 0 ) /* * Checkup routine @@ -401,17 +409,16 @@ static void busy_msleep( unsigned long msec ) */ int mbedtls_timing_self_test( int verbose ) { - unsigned long cycles, ratio; - unsigned long millisecs, secs; - int hardfail; + unsigned long cycles = 0, ratio = 0; + unsigned long millisecs = 0, secs = 0; + int hardfail = 0; struct mbedtls_timing_hr_time hires; - uint32_t a, b; + uint32_t a = 0, b = 0; mbedtls_timing_delay_context ctx; if( verbose != 0 ) mbedtls_printf( " TIMING tests note: will take some time!\n" ); - if( verbose != 0 ) mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " ); @@ -428,12 +435,7 @@ int mbedtls_timing_self_test( int verbose ) /* For some reason on Windows it looks like alarm has an extra delay * (maybe related to creating a new thread). Allow some room here. */ if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + FAIL; } if( verbose != 0 ) @@ -482,7 +484,6 @@ int mbedtls_timing_self_test( int verbose ) * On a 4Ghz 32-bit machine the cycle counter wraps about once per second; * since the whole test is about 10ms, it shouldn't happen twice in a row. */ - hardfail = 0; hard_test: if( hardfail > 1 ) From 319ac801a84b899890e797c65b475f01fe560254 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 15 Dec 2017 14:57:18 +0100 Subject: [PATCH 0567/1059] selftest: refactor to separate the list of tests from the logic No behavior change. --- programs/test/selftest.c | 368 ++++++++++++++------------------------- 1 file changed, 130 insertions(+), 238 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 1941ad0512..16ff3102da 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -107,8 +107,8 @@ static int run_test_snprintf( void ) * self-test. If this fails, we attempt the test anyway, so no error is passed * back. */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) static void create_entropy_seed_file( void ) { int result; @@ -136,8 +136,130 @@ static void create_entropy_seed_file( void ) } #endif +int mbedtls_entropy_self_test_wrapper( int verbose ) +{ +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) + create_entropy_seed_file( ); +#endif + return( mbedtls_entropy_self_test( verbose ) ); +} +#endif + +#if defined(MBEDTLS_SELF_TEST) +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +int mbedtls_memory_buffer_alloc_free_and_self_test( int verbose ) +{ + if( verbose != 0 ) + { +#if defined(MBEDTLS_MEMORY_DEBUG) + mbedtls_memory_buffer_alloc_status( ); +#endif + } + mbedtls_memory_buffer_alloc_free( ); + return( mbedtls_memory_buffer_alloc_self_test( verbose ) ); +} +#endif + +typedef struct +{ + const char *name; + int ( *function )( int ); +} selftest_t; + +const selftest_t selftests[] = +{ +#if defined(MBEDTLS_MD2_C) + {"md2", mbedtls_md2_self_test}, +#endif +#if defined(MBEDTLS_MD4_C) + {"md4", mbedtls_md4_self_test}, +#endif +#if defined(MBEDTLS_MD5_C) + {"md5", mbedtls_md5_self_test}, +#endif +#if defined(MBEDTLS_RIPEMD160_C) + {"ripemd160", mbedtls_ripemd160_self_test}, +#endif +#if defined(MBEDTLS_SHA1_C) + {"sha1", mbedtls_sha1_self_test}, +#endif +#if defined(MBEDTLS_SHA256_C) + {"sha256", mbedtls_sha256_self_test}, +#endif +#if defined(MBEDTLS_SHA512_C) + {"sha512", mbedtls_sha512_self_test}, +#endif +#if defined(MBEDTLS_ARC4_C) + {"arc4", mbedtls_arc4_self_test}, +#endif +#if defined(MBEDTLS_DES_C) + {"des", mbedtls_des_self_test}, +#endif +#if defined(MBEDTLS_AES_C) + {"aes", mbedtls_aes_self_test}, +#endif +#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) + {"gcm", mbedtls_gcm_self_test}, +#endif +#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) + {"ccm", mbedtls_ccm_self_test}, +#endif +#if defined(MBEDTLS_CMAC_C) + {"cmac", mbedtls_cmac_self_test}, +#endif +#if defined(MBEDTLS_BASE64_C) + {"base64", mbedtls_base64_self_test}, +#endif +#if defined(MBEDTLS_BIGNUM_C) + {"mpi", mbedtls_mpi_self_test}, +#endif +#if defined(MBEDTLS_RSA_C) + {"rsa", mbedtls_rsa_self_test}, +#endif +#if defined(MBEDTLS_X509_USE_C) + {"x509", mbedtls_x509_self_test}, +#endif +#if defined(MBEDTLS_XTEA_C) + {"xtea", mbedtls_xtea_self_test}, +#endif +#if defined(MBEDTLS_CAMELLIA_C) + {"camellia", mbedtls_camellia_self_test}, +#endif +#if defined(MBEDTLS_CTR_DRBG_C) + {"ctr_drbg", mbedtls_ctr_drbg_self_test}, +#endif +#if defined(MBEDTLS_HMAC_DRBG_C) + {"hmac_drbg", mbedtls_hmac_drbg_self_test}, +#endif +#if defined(MBEDTLS_ECP_C) + {"ecp", mbedtls_ecp_self_test}, +#endif +#if defined(MBEDTLS_ECJPAKE_C) + {"ecjpake", mbedtls_ecjpake_self_test}, +#endif +#if defined(MBEDTLS_DHM_C) + {"dhm", mbedtls_dhm_self_test}, +#endif +#if defined(MBEDTLS_ENTROPY_C) + {"entropy", mbedtls_entropy_self_test_wrapper}, +#endif +#if defined(MBEDTLS_PKCS5_C) + {"pkcs5", mbedtls_pkcs5_self_test}, +#endif +/* Slower test after the faster ones */ +#if defined(MBEDTLS_TIMING_C) + {"timing", mbedtls_timing_self_test}, +#endif +/* Heap test comes last */ +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) + {"memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test}, +#endif + {NULL, NULL} +}; + int main( int argc, char *argv[] ) { + const selftest_t *test; int v, suites_tested = 0, suites_failed = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) unsigned char buf[1000000]; @@ -182,244 +304,14 @@ int main( int argc, char *argv[] ) mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) ); #endif -#if defined(MBEDTLS_MD2_C) - if( mbedtls_md2_self_test( v ) != 0 ) + for( test = selftests; test->name != NULL; test++ ) { - suites_failed++; + if( test->function( v ) != 0 ) + { + suites_failed++; + } + suites_tested++; } - suites_tested++; -#endif - -#if defined(MBEDTLS_MD4_C) - if( mbedtls_md4_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_MD5_C) - if( mbedtls_md5_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - if( mbedtls_ripemd160_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_SHA1_C) - if( mbedtls_sha1_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_SHA256_C) - if( mbedtls_sha256_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_SHA512_C) - if( mbedtls_sha512_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_ARC4_C) - if( mbedtls_arc4_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_DES_C) - if( mbedtls_des_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_AES_C) - if( mbedtls_aes_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) - if( mbedtls_gcm_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) - if( mbedtls_ccm_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_CMAC_C) - if( ( mbedtls_cmac_self_test( v ) ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_BASE64_C) - if( mbedtls_base64_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_BIGNUM_C) - if( mbedtls_mpi_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_RSA_C) - if( mbedtls_rsa_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_X509_USE_C) - if( mbedtls_x509_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_XTEA_C) - if( mbedtls_xtea_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_CAMELLIA_C) - if( mbedtls_camellia_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) - if( mbedtls_ctr_drbg_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) - if( mbedtls_hmac_drbg_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_ECP_C) - if( mbedtls_ecp_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_ECJPAKE_C) - if( mbedtls_ecjpake_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_DHM_C) - if( mbedtls_dhm_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_ENTROPY_C) - -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) - create_entropy_seed_file(); -#endif - - if( mbedtls_entropy_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_PKCS5_C) - if( mbedtls_pkcs5_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -/* Slow tests last */ - -#if defined(MBEDTLS_TIMING_C) - if( mbedtls_timing_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - - if( v != 0 ) - { -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - } - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); - if( mbedtls_memory_buffer_alloc_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif #else mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" ); From c82fbb4e14faf3ee3006e978d21fb231767a37dc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 15 Dec 2017 15:01:27 +0100 Subject: [PATCH 0568/1059] selftest: allow running a subset of the tests If given command line arguments, interpret them as test names and only run those tests. --- ChangeLog | 2 ++ programs/test/selftest.c | 43 +++++++++++++++++++++++++++++++++++----- 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2061be0f2c..80e44dd635 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Allow comments in test data files. + * The selftest program can execute a subset of the tests based on command + line arguments. Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 16ff3102da..fc3b0eba09 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -256,10 +256,14 @@ const selftest_t selftests[] = #endif {NULL, NULL} }; +#endif /* MBEDTLS_SELF_TEST */ int main( int argc, char *argv[] ) { +#if defined(MBEDTLS_SELF_TEST) const selftest_t *test; +#endif /* MBEDTLS_SELF_TEST */ + char **argp = argc >= 1 ? argv + 1 : argv; int v, suites_tested = 0, suites_failed = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) unsigned char buf[1000000]; @@ -287,10 +291,11 @@ int main( int argc, char *argv[] ) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } - if( argc == 2 && ( strcmp( argv[1], "--quiet" ) == 0 || + if( argc >= 2 && ( strcmp( argv[1], "--quiet" ) == 0 || strcmp( argv[1], "-q" ) == 0 ) ) { v = 0; + ++argp; } else { @@ -304,13 +309,41 @@ int main( int argc, char *argv[] ) mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) ); #endif - for( test = selftests; test->name != NULL; test++ ) + if( *argp != NULL ) { - if( test->function( v ) != 0 ) + /* Run the specified tests */ + for( ; *argp != NULL; argp++ ) { - suites_failed++; + for( test = selftests; test->name != NULL; test++ ) + { + if( !strcmp( *argp, test->name ) ) + { + if( test->function( v ) != 0 ) + { + suites_failed++; + } + suites_tested++; + break; + } + } + if( test->name == NULL ) + { + mbedtls_printf( " Test suite %s not available -> failed\n\n", *argp ); + suites_failed++; + } + } + } + else + { + /* Run all the tests */ + for( test = selftests; test->name != NULL; test++ ) + { + if( test->function( v ) != 0 ) + { + suites_failed++; + } + suites_tested++; } - suites_tested++; } #else From ff79d27f5ceb30ea7438f1c172b9a9f80692a18b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Dec 2017 18:09:27 +0100 Subject: [PATCH 0569/1059] selftest: allow excluding a subset of the tests E.g. "selftest -x timing" runs all the self-tests except timing. --- programs/test/selftest.c | 49 ++++++++++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index fc3b0eba09..72a37342fd 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -263,8 +263,10 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SELF_TEST) const selftest_t *test; #endif /* MBEDTLS_SELF_TEST */ - char **argp = argc >= 1 ? argv + 1 : argv; - int v, suites_tested = 0, suites_failed = 0; + char **argp; + int v = 1; /* v=1 for verbose mode */ + int exclude_mode = 0; + int suites_tested = 0, suites_failed = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) unsigned char buf[1000000]; #endif @@ -291,17 +293,24 @@ int main( int argc, char *argv[] ) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } - if( argc >= 2 && ( strcmp( argv[1], "--quiet" ) == 0 || - strcmp( argv[1], "-q" ) == 0 ) ) + for( argp = argv + ( argc >= 1 ? 1 : argc ); *argp != NULL; ++argp ) { - v = 0; - ++argp; + if( strcmp( *argp, "--quiet" ) == 0 || + strcmp( *argp, "-q" ) == 0 ) + { + v = 0; + } + else if( strcmp( *argp, "--exclude" ) == 0 || + strcmp( *argp, "-x" ) == 0 ) + { + exclude_mode = 1; + } + else + break; } - else - { - v = 1; + + if( v != 0 ) mbedtls_printf( "\n" ); - } #if defined(MBEDTLS_SELF_TEST) @@ -309,7 +318,7 @@ int main( int argc, char *argv[] ) mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) ); #endif - if( *argp != NULL ) + if( *argp != NULL && exclude_mode == 0 ) { /* Run the specified tests */ for( ; *argp != NULL; argp++ ) @@ -335,9 +344,24 @@ int main( int argc, char *argv[] ) } else { - /* Run all the tests */ + /* Run all the tests except excluded ones */ for( test = selftests; test->name != NULL; test++ ) { + if( exclude_mode ) + { + char **excluded; + for( excluded = argp; *excluded != NULL; ++excluded ) + { + if( !strcmp( *excluded, test->name ) ) + break; + } + if( *excluded ) + { + if( v ) + mbedtls_printf( " Skip: %s\n", test->name ); + continue; + } + } if( test->function( v ) != 0 ) { suites_failed++; @@ -347,6 +371,7 @@ int main( int argc, char *argv[] ) } #else + (void) exclude_mode; mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" ); #endif From 8064bf3adf0298873ed4f6bc0dd89ee6efae3959 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 19:56:06 +0200 Subject: [PATCH 0570/1059] New timing unit tests New set of unit tests for the timing module, instead of just running the selftest function. The selftest function sometimes fails on a heavily loaded machine (such as a typical continuous integration system). Because of the all-in-one nature of the test and because the exact load pattern can be hard to reproduce, it is difficult to diagnose failures of CI runs with selftest. The new tests are more separated and I strove to point out potential failure modes in comments. * mbedtls_timing_hardclock: not tested. This function gives so few guarantees that there isn't much to test, and it is hard to test reliably because clock cycles don't easily relate to time in any remotely portable way. This function isn't used in the library anyway, it's only there for benchmark programs. * mbedtls_timing_get_timer: tested by setting a timer and verifying that it reaches its target, and by verifying that a timer started later than another always has a smaller elapsed time. * mbedtls_set_alarm: tested by setting an alarm, busy-waiting for it and measuring the elapsed time with a timer. * mbedtls_timing_set_delay, mbedtls_timing_get_delay: tested by setting a delay object and watching it go through its two delay values, using a timer to check that the delays are passed at the expected time. The tests pass under light to moderate load, but some of them can be defeated with sufficiently heavy load. This is unavoidable since the test process to be effectively suspended for any length of time, making us think that a timer has gone on for too long. --- ChangeLog | 1 + tests/suites/test_suite_timing.data | 40 ++- tests/suites/test_suite_timing.function | 309 +++++++++++++++++++++++- 3 files changed, 345 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 80e44dd635..d69f5c5bb8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Features * Allow comments in test data files. * The selftest program can execute a subset of the tests based on command line arguments. + * New unit tests for timing. Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data index 3ba79a4760..02677d1268 100644 --- a/tests/suites/test_suite_timing.data +++ b/tests/suites/test_suite_timing.data @@ -1,2 +1,38 @@ -Timing selftest -timing_selftest: +Timing: basic timer operation +timing_timer_simple: + +Timing: timer reset +timing_timer_reset: + +Timing: two parallel timers, delay 0 +timing_two_timers:0: + +Timing: two parallel timers, delay 100 +timing_two_timers:100: + +Timing: two parallel timers, delay 1000 +timing_two_timers:1000: + +Timing: two parallel timers, delay 10000 +timing_two_timers:10000: + +Timing: delay 0ms, 0ms +timing_delay:0:0: + +Timing: delay 0ms, 50ms +timing_delay:0:50: + +Timing: delay 50ms, 50ms +timing_delay:50:50: + +Timing: delay 50ms, 100ms +timing_delay:50:100: + +Timing: delay 50ms, 200ms +timing_delay:50:200: + +Timing: alarm in 0 second +timing_alarm:0: + +Timing: alarm in 1 second +timing_alarm:1: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 5882f85d74..53e0ac3287 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -1,5 +1,43 @@ /* BEGIN_HEADER */ + +/* This test module exercises the timing module. One of the expected failure + modes is for timers to never expire, which could lead to an infinite loop. + The function timing_timer_simple is protected against this failure mode and + checks that timers do expire. Other functions will terminate if their + timers do expire. Therefore it is recommended to run timing_timer_simple + first and run other test functions only if that timing_timer_simple + succeeded. */ + +#include + #include "mbedtls/timing.h" + +/* Wait this many milliseconds for a short timing test. This duration + should be large enough that, in practice, if you read the timer + value twice in a row, it won't have jumped by that much. */ +#define TIMING_SHORT_TEST_MS 100 + +/* A loop that waits TIMING_SHORT_TEST_MS must not take more than this many + iterations. This value needs to be large enough to accommodate fast + platforms (e.g. at 4GHz and 10 cycles/iteration a CPU can run through 20 + million iterations in 50ms). The only motivation to keep this value low is + to avoid having an infinite loop if the timer functions are not implemented + correctly. Ideally this value should be based on the processor speed but we + don't have this information! */ +#define TIMING_SHORT_TEST_ITERATIONS_MAX 1e8 + +/* alarm(0) must fire in no longer than this amount of time. */ +#define TIMING_ALARM_0_DELAY_MS TIMING_SHORT_TEST_MS + +static int expected_delay_status( uint32_t int_ms, uint32_t fin_ms, + unsigned long actual_ms ) +{ + return( fin_ms == 0 ? -1 : + actual_ms >= fin_ms ? 2 : + actual_ms >= int_ms ? 1 : + 0 ); +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -7,9 +45,274 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ -void timing_selftest() +/* BEGIN_CASE */ +void timing_timer_simple( ) { - TEST_ASSERT( mbedtls_timing_self_test( 1 ) == 0 ); + struct mbedtls_timing_hr_time timer; + unsigned long millis = 0; + unsigned long new_millis = 0; + unsigned long iterations = 0; + /* Start the timer. */ + (void) mbedtls_timing_get_timer( &timer, 1 ); + /* Busy-wait loop for a few milliseconds. */ + do + { + new_millis = mbedtls_timing_get_timer( &timer, 0 ); + ++iterations; + /* Check that the timer didn't go backwards */ + TEST_ASSERT( new_millis >= millis ); + millis = new_millis; + } + while( millis < TIMING_SHORT_TEST_MS && + iterations <= TIMING_SHORT_TEST_ITERATIONS_MAX ); + /* The wait duration should have been large enough for at least a + few runs through the loop, even on the slowest realistic platform. */ + TEST_ASSERT( iterations >= 2 ); + /* The wait duration shouldn't have overflowed the iteration count. */ + TEST_ASSERT( iterations < TIMING_SHORT_TEST_ITERATIONS_MAX ); + return; + +exit: + /* No cleanup needed, but show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with millis=%lu new_millis=%lu get(timer)<=%lu iterations=%lu\n", + millis, new_millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); } /* END_CASE */ + +/* BEGIN_CASE */ +void timing_timer_reset( ) +{ + struct mbedtls_timing_hr_time timer; + unsigned long millis = 0; + unsigned long iterations = 0; + /* Start the timer. Timers are always reset to 0. */ + TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 ); + /* Busy-wait loop for a few milliseconds */ + do + { + ++iterations; + millis = mbedtls_timing_get_timer( &timer, 0 ); + } + while( millis < TIMING_SHORT_TEST_MS ); + + /* Reset the timer and check that it has restarted. */ + TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 ); + /* Read the timer immediately after reset. It should be 0 or close + to it. */ + TEST_ASSERT( mbedtls_timing_get_timer( &timer, 0 ) < TIMING_SHORT_TEST_MS ); + return; + +exit: + /* No cleanup needed, but show some diagnostic information, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n", + millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void timing_two_timers( int delta ) +{ + struct mbedtls_timing_hr_time timer1, timer2; + unsigned long millis1, millis2; + + /* Start the first timer and wait for a short time. */ + (void) mbedtls_timing_get_timer( &timer1, 1 ); + do + { + millis1 = mbedtls_timing_get_timer( &timer1, 0 ); + } + while( millis1 < TIMING_SHORT_TEST_MS ); + + /* Do a short busy-wait, so that the difference between timer1 and timer2 + doesn't practically always end up being very close to a whole number of + milliseconds. */ + while( delta > 0 ) + --delta; + + /* Start the second timer and compare it with the first. */ + mbedtls_timing_get_timer( &timer2, 1 ); + do + { + millis1 = mbedtls_timing_get_timer( &timer1, 0 ); + millis2 = mbedtls_timing_get_timer( &timer2, 0 ); + /* The first timer should always be ahead of the first. */ + TEST_ASSERT( millis1 > millis2 ); + /* The timers shouldn't drift apart, i.e. millis2-millis1 should stay + roughly constant, but this is hard to test reliably, especially in + a busy environment such as an overloaded continuous integration + system, so we don't test it it. */ + } + while( millis2 < TIMING_SHORT_TEST_MS ); + + return; + +exit: + /* No cleanup needed, but show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n", + millis1, mbedtls_timing_get_timer( &timer1, 0 ), + millis2, mbedtls_timing_get_timer( &timer2, 0 ) ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void timing_alarm( int seconds ) +{ + struct mbedtls_timing_hr_time timer; + unsigned long millis = 0; + /* We check that about the desired number of seconds has elapsed. Be + slightly liberal with the lower bound, so as to allow platforms where + the alarm (with second resolution) and the timer (with millisecond + resolution) are based on different clocks. Be very liberal with the + upper bound, because the platform might be busy. */ + unsigned long millis_min = ( seconds > 0 ? + seconds * 900 : + 0 ); + unsigned long millis_max = ( seconds > 0 ? + seconds * 1100 + 400 : + TIMING_ALARM_0_DELAY_MS ); + unsigned long iterations = 0; + + /* Set an alarm and count how long it takes with a timer. */ + (void) mbedtls_timing_get_timer( &timer, 1 ); + mbedtls_set_alarm( seconds ); + + if( seconds > 0 ) + { + /* We set the alarm for at least 1 second. It should not have fired + immediately, even on a slow and busy platform. */ + TEST_ASSERT( !mbedtls_timing_alarmed ); + } + /* A 0-second alarm should fire quickly, but we don't guarantee that it + fires immediately, so mbedtls_timing_alarmed may or may not be set at + this point. */ + + /* Busy-wait until the alarm rings */ + do + { + ++iterations; + millis = mbedtls_timing_get_timer( &timer, 0 ); + } + while( !mbedtls_timing_alarmed && millis <= millis_max ); + + TEST_ASSERT( mbedtls_timing_alarmed ); + TEST_ASSERT( millis >= millis_min ); + TEST_ASSERT( millis <= millis_max ); + + mbedtls_timing_alarmed = 0; + return; + +exit: + /* Show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n", + mbedtls_timing_alarmed, + millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); + /* Cleanup */ + mbedtls_timing_alarmed = 0; +} +/* END_CASE */ + +/* BEGIN_CASE */ +void timing_delay( int int_ms, int fin_ms ) +{ + /* This function assumes that if int_ms is nonzero then it is large + enough that we have time to read all timers at least once in an + interval of time lasting int_ms milliseconds, and likewise for (fin_ms + - int_ms). So don't call it with arguments that are too small. */ + + mbedtls_timing_delay_context delay; + struct mbedtls_timing_hr_time timer; + unsigned long delta; /* delay started between timer=0 and timer=delta */ + unsigned long before = 0, after = 0; + unsigned long iterations = 0; + int status = -2; + int saw_status_1 = 0; + int warn_inconclusive = 0; + + assert( int_ms >= 0 ); + assert( fin_ms >= 0 ); + + /* Start a reference timer. Program a delay, and verify that the status of + the delay is consistent with the time given by the reference timer. */ + (void) mbedtls_timing_get_timer( &timer, 1 ); + mbedtls_timing_set_delay( &delay, int_ms, fin_ms ); + /* Set delta to an upper bound for the interval between the start of timer + and the start of delay. Reading timer after starting delay gives us an + upper bound for the interval, rounded to a 1ms precision. Since this + might have been rounded down, but we need an upper bound, we add 1. */ + delta = mbedtls_timing_get_timer( &timer, 0 ) + 1; + + status = mbedtls_timing_get_delay( &delay ); + if( fin_ms == 0 ) + { + /* Cancelled timer. Just check the correct status for this case. */ + TEST_ASSERT( status == -1 ); + return; + } + + /* Initially, none of the delays must be passed yet if they're nonzero. + This could fail for very small values of int_ms and fin_ms, where "very + small" depends how fast and how busy the platform is. */ + if( int_ms > 0 ) + { + TEST_ASSERT( status == 0 ); + } + else + { + TEST_ASSERT( status == 1 ); + } + + do + { + unsigned long delay_min, delay_max; + int status_min, status_max; + ++iterations; + before = mbedtls_timing_get_timer( &timer, 0 ); + status = mbedtls_timing_get_delay( &delay ); + after = mbedtls_timing_get_timer( &timer, 0 ); + /* At a time between before and after, the delay's status was status. + Check that this is consistent given that the delay was started + between times 0 and delta. */ + delay_min = ( before > delta ? before - delta : 0 ); + status_min = expected_delay_status( int_ms, fin_ms, delay_min ); + delay_max = after; + status_max = expected_delay_status( int_ms, fin_ms, delay_max ); + TEST_ASSERT( status >= status_min ); + TEST_ASSERT( status <= status_max ); + if( status == 1 ) + saw_status_1 = 1; + } + while ( before <= fin_ms + delta && status != 2 ); + + /* Since we've waited at least fin_ms, the delay must have fully + expired. */ + TEST_ASSERT( status == 2 ); + + /* If the second delay is more than the first, then there must have been a + point in time when the first delay was passed but not the second delay. + This could fail for very small values of (fin_ms - int_ms), where "very + small" depends how fast and how busy the platform is. In practice, this + is the test that's most likely to fail on a heavily loaded machine. */ + if( fin_ms > int_ms ) + { + warn_inconclusive = 1; + TEST_ASSERT( saw_status_1 ); + } + + return; + +exit: + /* No cleanup needed, but show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n", + delta, before, after, status, iterations ); + if( warn_inconclusive ) + mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" ); + } +/* END_CASE */ From 078f1a1512fec6e73f5aa318e68b41165f7d9f07 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Oct 2017 16:13:13 +0200 Subject: [PATCH 0571/1059] Unit test for mbedtls_timing_hardclock Do test mbedtls_timing_hardclock. We can't reliably test much about it, but at least test that it doesn't crash, isn't constant, and doesn't look completely random. --- tests/suites/test_suite_timing.data | 3 ++ tests/suites/test_suite_timing.function | 42 +++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data index 02677d1268..4dddcf7fc1 100644 --- a/tests/suites/test_suite_timing.data +++ b/tests/suites/test_suite_timing.data @@ -36,3 +36,6 @@ timing_alarm:0: Timing: alarm in 1 second timing_alarm:1: + +Timing: hardclock +timing_hardclock: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 53e0ac3287..71fe7edfc7 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -316,3 +316,45 @@ exit: mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" ); } /* END_CASE */ + +/* BEGIN_CASE */ +void timing_hardclock( ) +{ + /* We make very few guarantees about mbedtls_timing_hardclock: its rate is + platform-dependent, it can wrap around. So there isn't much we can + test. But we do at least test that it doesn't crash, stall or return + completely nonsensical values. */ + + struct mbedtls_timing_hr_time timer; + unsigned long hardclock0, hardclock1, delta1; + + hardclock0 = mbedtls_timing_hardclock( ); + /* Wait 2ms to ensure a nonzero delay. Since the timer interface has 1ms + resolution and unspecified precision, waiting 1ms might be a very small + delay that's rounded up. */ + (void) mbedtls_timing_get_timer( &timer, 1 ); + while( mbedtls_timing_get_timer( &timer, 0 ) < 2 ) + /*busy-wait loop*/; + hardclock1 = mbedtls_timing_hardclock( ); + + /* Although the hardclock counter can wrap around, the difference + (hardclock1 - hardclock0) is taken modulo the type size, so it is + correct as long as the counter only wrapped around at most once. We + further require the difference to be nonzero (after a wait of more than + 1ms, the counter must have changed), and not to be overly large (after + a wait of less than 3ms, plus time lost because other processes were + scheduled on the CPU). If the hardclock counter runs at 4GHz, then + 1000000000 (which is 1/4 of the counter wraparound on a 32-bit machine) + allows 250ms. */ + delta1 = hardclock1 - hardclock0; + TEST_ASSERT( delta1 > 0 ); + TEST_ASSERT( delta1 < 1000000000 ); + return; + +exit: + /* No cleanup needed, but show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n", + hardclock0, hardclock1 ); +} +/* END_CASE */ From 2a26d620fb4fe186a98e6f4864c658549f4b9913 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 18 Oct 2017 20:00:32 +0200 Subject: [PATCH 0572/1059] Timing unit tests: more protection against infinite loops If timing_timer_simple fails because it detects that timers are likely to never expire (e.g. going backward or not incrementing), skip all tests that rely on timers. --- tests/suites/test_suite_timing.function | 77 +++++++++++++++++++------ 1 file changed, 60 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 71fe7edfc7..1610155fbf 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -38,6 +38,14 @@ static int expected_delay_status( uint32_t int_ms, uint32_t fin_ms, 0 ); } +/* Some conditions in timing_timer_simple suggest that timers are unreliable. + Most other test cases rely on timers to terminate, and could loop + indefinitely if timers are too broken. So if timing_timer_simple detected a + timer that risks not terminating (going backwards, or not reaching the + desired count in the alloted clock cycles), set this flag to immediately + fail those other tests without running any timers. */ +static int timers_are_badly_broken = 0; + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -73,6 +81,15 @@ void timing_timer_simple( ) return; exit: + if( iterations >= TIMING_SHORT_TEST_ITERATIONS_MAX || + new_millis < millis ) + { + /* The timer was very unreliable: it didn't increment and the loop ran + out, or it went backwards. Other tests that use timers might go + into an infinite loop, so we'll skip them. */ + timers_are_badly_broken = 1; + } + /* No cleanup needed, but show some diagnostic iterations, because timing problems can be hard to reproduce. */ mbedtls_fprintf( stdout, " Finished with millis=%lu new_millis=%lu get(timer)<=%lu iterations=%lu\n", @@ -87,6 +104,11 @@ void timing_timer_reset( ) struct mbedtls_timing_hr_time timer; unsigned long millis = 0; unsigned long iterations = 0; + + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); + /* Start the timer. Timers are always reset to 0. */ TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 ); /* Busy-wait loop for a few milliseconds */ @@ -107,9 +129,10 @@ void timing_timer_reset( ) exit: /* No cleanup needed, but show some diagnostic information, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n", - millis, mbedtls_timing_get_timer( &timer, 0 ), - iterations ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n", + millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); } /* END_CASE */ @@ -117,7 +140,11 @@ exit: void timing_two_timers( int delta ) { struct mbedtls_timing_hr_time timer1, timer2; - unsigned long millis1, millis2; + unsigned long millis1 = 0, millis2 = 0; + + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); /* Start the first timer and wait for a short time. */ (void) mbedtls_timing_get_timer( &timer1, 1 ); @@ -153,9 +180,10 @@ void timing_two_timers( int delta ) exit: /* No cleanup needed, but show some diagnostic iterations, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n", - millis1, mbedtls_timing_get_timer( &timer1, 0 ), - millis2, mbedtls_timing_get_timer( &timer2, 0 ) ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n", + millis1, mbedtls_timing_get_timer( &timer1, 0 ), + millis2, mbedtls_timing_get_timer( &timer2, 0 ) ); } /* END_CASE */ @@ -177,6 +205,10 @@ void timing_alarm( int seconds ) TIMING_ALARM_0_DELAY_MS ); unsigned long iterations = 0; + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); + /* Set an alarm and count how long it takes with a timer. */ (void) mbedtls_timing_get_timer( &timer, 1 ); mbedtls_set_alarm( seconds ); @@ -209,10 +241,11 @@ void timing_alarm( int seconds ) exit: /* Show some diagnostic iterations, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n", - mbedtls_timing_alarmed, - millis, mbedtls_timing_get_timer( &timer, 0 ), - iterations ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n", + mbedtls_timing_alarmed, + millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); /* Cleanup */ mbedtls_timing_alarmed = 0; } @@ -228,7 +261,7 @@ void timing_delay( int int_ms, int fin_ms ) mbedtls_timing_delay_context delay; struct mbedtls_timing_hr_time timer; - unsigned long delta; /* delay started between timer=0 and timer=delta */ + unsigned long delta = 0; /* delay started between timer=0 and timer=delta */ unsigned long before = 0, after = 0; unsigned long iterations = 0; int status = -2; @@ -238,6 +271,10 @@ void timing_delay( int int_ms, int fin_ms ) assert( int_ms >= 0 ); assert( fin_ms >= 0 ); + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); + /* Start a reference timer. Program a delay, and verify that the status of the delay is consistent with the time given by the reference timer. */ (void) mbedtls_timing_get_timer( &timer, 1 ); @@ -310,8 +347,9 @@ void timing_delay( int int_ms, int fin_ms ) exit: /* No cleanup needed, but show some diagnostic iterations, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n", - delta, before, after, status, iterations ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n", + delta, before, after, status, iterations ); if( warn_inconclusive ) mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" ); } @@ -326,7 +364,11 @@ void timing_hardclock( ) completely nonsensical values. */ struct mbedtls_timing_hr_time timer; - unsigned long hardclock0, hardclock1, delta1; + unsigned long hardclock0 = -1, hardclock1 = -1, delta1 = -1; + + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); hardclock0 = mbedtls_timing_hardclock( ); /* Wait 2ms to ensure a nonzero delay. Since the timer interface has 1ms @@ -354,7 +396,8 @@ void timing_hardclock( ) exit: /* No cleanup needed, but show some diagnostic iterations, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n", - hardclock0, hardclock1 ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n", + hardclock0, hardclock1 ); } /* END_CASE */ From 0f59b130a95a9990fb1f00a5f457d4bad0c23d41 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Oct 2017 19:39:04 +0200 Subject: [PATCH 0573/1059] Timing self test: increased tolerance mbedtls_timing_self_test fails annoyingly often when running on a busy machine such as can be expected of a continous integration system. Increase the tolerances in the delay test, to reduce the chance of failures that are only due to missing a deadline on a busy machine. --- library/timing.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/timing.c b/library/timing.c index 744e1e7900..115204dce3 100644 --- a/library/timing.c +++ b/library/timing.c @@ -450,19 +450,19 @@ int mbedtls_timing_self_test( int verbose ) { mbedtls_timing_set_delay( &ctx, a, a + b ); - busy_msleep( a - a / 8 ); + busy_msleep( a - a / 4 ); if( mbedtls_timing_get_delay( &ctx ) != 0 ) FAIL; - busy_msleep( a / 4 ); + busy_msleep( a / 2 ); if( mbedtls_timing_get_delay( &ctx ) != 1 ) FAIL; - busy_msleep( b - a / 8 - b / 8 ); + busy_msleep( b - a / 4 - b / 4 ); if( mbedtls_timing_get_delay( &ctx ) != 1 ) FAIL; - busy_msleep( b / 4 ); + busy_msleep( b / 2 ); if( mbedtls_timing_get_delay( &ctx ) != 2 ) FAIL; } From 8873bcc4def433aa0edfbe260083f32f04aa097e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Oct 2017 18:42:32 +0200 Subject: [PATCH 0574/1059] Timing self test: increased duration Increase the duration of the self test, otherwise it tends to fail on a busy machine even with the recently upped tolerance. But run the loop only once, it's enough for a simple smoke test. --- ChangeLog | 3 ++- library/timing.c | 30 ++++++++++++------------------ 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index d69f5c5bb8..d7101c070c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,8 @@ Features * Allow comments in test data files. * The selftest program can execute a subset of the tests based on command line arguments. - * New unit tests for timing. + * New unit tests for timing. Improve the self-test to be more robust + when run on a heavily-loaded machine. Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. diff --git a/library/timing.c b/library/timing.c index 115204dce3..f0d1a7840b 100644 --- a/library/timing.c +++ b/library/timing.c @@ -444,28 +444,22 @@ int mbedtls_timing_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " TIMING test #2 (set/get_delay ): " ); - for( a = 200; a <= 400; a += 200 ) { - for( b = 200; b <= 400; b += 200 ) - { - mbedtls_timing_set_delay( &ctx, a, a + b ); + a = 800; + b = 400; + mbedtls_timing_set_delay( &ctx, a, a + b ); /* T = 0 */ - busy_msleep( a - a / 4 ); - if( mbedtls_timing_get_delay( &ctx ) != 0 ) - FAIL; + busy_msleep( a - a / 4 ); /* T = a - a/4 */ + if( mbedtls_timing_get_delay( &ctx ) != 0 ) + FAIL; - busy_msleep( a / 2 ); - if( mbedtls_timing_get_delay( &ctx ) != 1 ) - FAIL; + busy_msleep( a / 4 + b / 4 ); /* T = a + b/4 */ + if( mbedtls_timing_get_delay( &ctx ) != 1 ) + FAIL; - busy_msleep( b - a / 4 - b / 4 ); - if( mbedtls_timing_get_delay( &ctx ) != 1 ) - FAIL; - - busy_msleep( b / 2 ); - if( mbedtls_timing_get_delay( &ctx ) != 2 ) - FAIL; - } + busy_msleep( b ); /* T = a + b + b/4 */ + if( mbedtls_timing_get_delay( &ctx ) != 2 ) + FAIL; } mbedtls_timing_set_delay( &ctx, 0, 0 ); From ada3ee8b9d0dab22714d5de13d9ac9d1cb76cfcd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Dec 2017 22:31:17 +0100 Subject: [PATCH 0575/1059] Timing self test: shorten redundant tests We don't need to test multiple delays in a self-test. Save 5s of busy-wait. --- library/timing.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/timing.c b/library/timing.c index f0d1a7840b..6df137d2d3 100644 --- a/library/timing.c +++ b/library/timing.c @@ -422,8 +422,9 @@ int mbedtls_timing_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " ); - for( secs = 1; secs <= 3; secs++ ) { + secs = 1; + (void) mbedtls_timing_get_timer( &hires, 1 ); mbedtls_set_alarm( (int) secs ); From 621080d7c68370dca67cfe387508abe685304e3e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 21 Dec 2017 10:57:43 +0200 Subject: [PATCH 0576/1059] Fix compilation issue weh self test defined 1. Surround the generate keys with `#if ! defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)` to resolve build issue when `MBEDTLS_SELF_TEST` is defined for alternative CMAC as well 2. Update ChangeLog --- ChangeLog | 6 ++++++ library/cmac.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 13de8672c7..5d43296db4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Add hardware acceleration support for cmac, with the configuration definition + of `MBEDTLS_CMAC_ALT`. Submitted by stevew817 + = mbed TLS 2.4.2 branch released 2017-03-08 Security diff --git a/library/cmac.c b/library/cmac.c index 5575d5c8d7..d3581d589c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -65,7 +65,7 @@ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ -#if !defined(MBEDTLS_CMAC_ALT) +#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -166,7 +166,9 @@ exit: return( ret ); } +#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */ +#if !defined(MBEDTLS_CMAC_ALT) static void cmac_xor_block( unsigned char *output, const unsigned char *input1, const unsigned char *input2, const size_t block_size ) From 0d44573e8baf101bfccfcf9d3a6aeadc4c3187fd Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 21 Dec 2017 09:28:39 +0000 Subject: [PATCH 0577/1059] Add option to do baremetal configuration. --- scripts/config.pl | 44 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 5a06a33381..8c1aa08dd7 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -63,6 +63,7 @@ Commands excluding some reserved symbols, until the 'Module configuration options' section realfull - Uncomments all #define's with no exclusions + baremetal - Set configuration suitable for baremetal build. Options -f | --file - The file or file path for the configuration file @@ -94,11 +95,34 @@ MBEDTLS_PKCS11_C _ALT\s*$ ); +# Things that should be disabled in "baremetal" +my @excluded_baremetal = qw( +MBEDTLS_NET_C +MBEDTLS_TIMING_C +MBEDTLS_FS_IO +MBEDTLS_ENTROPY_NV_SEED +MBEDTLS_HAVE_TIME +MBEDTLS_HAVE_TIME_DATE +MBEDTLS_DEPRECATED_WARNING +MBEDTLS_HAVEGE_C +MBEDTLS_THREADING_C +MBEDTLS_THREADING_PTHREAD +MBEDTLS_MEMORY_BACKTRACE +MBEDTLS_MEMORY_BUFFER_ALLOC_C +MBEDTLS_PLATFORM_TIME_ALT +MBEDTLS_PLATFORM_FPRINTF_ALT +); + # Things that should be enabled in "full" even if they match @excluded my @non_excluded = qw( PLATFORM_[A-Z0-9]+_ALT ); +# Things that should be enabled in "baremetal" +my @non_excluded_baremetal = qw( +MBEDTLS_NO_PLATFORM_ENTROPY +); + # Process the command line arguments my $force_option = 0; @@ -123,7 +147,7 @@ while ($arg = shift) { # ...else assume it's a command $action = $arg; - if ($action eq "full" || $action eq "realfull") { + if ($action eq "full" || $action eq "realfull" || $action eq "baremetal" ) { # No additional parameters die $usage if @ARGV; @@ -166,7 +190,12 @@ open my $config_read, '<', $config_file or die "read $config_file: $!\n"; my @config_lines = <$config_read>; close $config_read; -my ($exclude_re, $no_exclude_re); +# Add required baremetal symbols to the list that is included. +if ( $action eq "baremetal" ) { + @non_excluded = ( @non_excluded, @non_excluded_baremetal ); +} + +my ($exclude_re, $no_exclude_re, $exclude_baremetal_re); if ($action eq "realfull") { $exclude_re = qr/^$/; $no_exclude_re = qr/./; @@ -174,6 +203,9 @@ if ($action eq "realfull") { $exclude_re = join '|', @excluded; $no_exclude_re = join '|', @non_excluded; } +if ( $action eq "baremetal" ) { + $exclude_baremetal_re = join '|', @excluded_baremetal; +} my $config_write = undef; if ($action ne "get") { @@ -182,17 +214,19 @@ if ($action ne "get") { my $done; for my $line (@config_lines) { - if ($action eq "full" || $action eq "realfull") { + if ($action eq "full" || $action eq "realfull" || $action eq "baremetal" ) { if ($line =~ /name SECTION: Module configuration options/) { $done = 1; } if (!$done && $line =~ m!^//\s?#define! && - ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) { + ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) && + ( $action ne "baremetal" || ( $line !~ /$exclude_baremetal_re/ ) ) ) { $line =~ s!^//\s?!!; } if (!$done && $line =~ m!^\s?#define! && - ! ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) { + ! ( ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) && + ( $action ne "baremetal" || ( $line !~ /$exclude_baremetal_re/ ) ) ) ) { $line =~ s!^!//!; } } elsif ($action eq "unset") { From 7ad603e662cd67ed675aff1870e2db7eb32c6ade Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 Dec 2017 23:22:20 +0100 Subject: [PATCH 0578/1059] all.sh: indent --- tests/scripts/all.sh | 128 +++++++++++++++++++++---------------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 77deecbc9c..4decbb1cbd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -252,9 +252,9 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ - "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \ - "i686-w64-mingw32-gcc" + "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ + "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \ + "i686-w64-mingw32-gcc" # # Test Suites to be executed @@ -461,42 +461,42 @@ msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build) make test if uname -a | grep -F Linux >/dev/null; then -msg "build/test: make shared" # ~ 40s -cleanup -make SHARED=1 all check + msg "build/test: make shared" # ~ 40s + cleanup + make SHARED=1 all check fi if uname -a | grep -F x86_64 >/dev/null; then -msg "build: i386, make, gcc" # ~ 30s -cleanup -CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + msg "build: i386, make, gcc" # ~ 30s + cleanup + CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make -msg "build: gcc, force 32-bit compilation" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + msg "build: gcc, force 32-bit compilation" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "build: gcc, force 64-bit compilation" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + msg "build: gcc, force 64-bit compilation" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make -msg "test: gcc, force 64-bit compilation" -make test + msg "test: gcc, force 64-bit compilation" + make test -msg "build: gcc, force 64-bit compilation" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + msg "build: gcc, force 64-bit compilation" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s @@ -599,49 +599,49 @@ WINDOWS_BUILD=1 make clean # MemSan currently only available on Linux 64 bits if uname -a | grep 'Linux.*x86_64' >/dev/null; then -msg "build: MSan (clang)" # ~ 1 min 20s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm -CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . -make + msg "build: MSan (clang)" # ~ 1 min 20s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm + CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . + make -msg "test: main suites (MSan)" # ~ 10s -make test + msg "test: main suites (MSan)" # ~ 10s + make test -msg "test: ssl-opt.sh (MSan)" # ~ 1 min -tests/ssl-opt.sh + msg "test: ssl-opt.sh (MSan)" # ~ 1 min + tests/ssl-opt.sh -# Optional part(s) + # Optional part(s) -if [ "$MEMORY" -gt 0 ]; then - msg "test: compat.sh (MSan)" # ~ 6 min 20s - tests/compat.sh -fi + if [ "$MEMORY" -gt 0 ]; then + msg "test: compat.sh (MSan)" # ~ 6 min 20s + tests/compat.sh + fi else # no MemSan -msg "build: Release (clang)" -cleanup -CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . -make + msg "build: Release (clang)" + cleanup + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . + make -msg "test: main suites valgrind (Release)" -make memcheck + msg "test: main suites valgrind (Release)" + make memcheck -# Optional part(s) -# Currently broken, programs don't seem to receive signals -# under valgrind on OS X + # Optional part(s) + # Currently broken, programs don't seem to receive signals + # under valgrind on OS X -if [ "$MEMORY" -gt 0 ]; then - msg "test: ssl-opt.sh --memcheck (Release)" - tests/ssl-opt.sh --memcheck -fi + if [ "$MEMORY" -gt 0 ]; then + msg "test: ssl-opt.sh --memcheck (Release)" + tests/ssl-opt.sh --memcheck + fi -if [ "$MEMORY" -gt 1 ]; then - msg "test: compat.sh --memcheck (Release)" - tests/compat.sh --memcheck -fi + if [ "$MEMORY" -gt 1 ]; then + msg "test: compat.sh --memcheck (Release)" + tests/compat.sh --memcheck + fi fi # MemSan From 709346aed8d9683c2a4fffa1110d1fa877eb4616 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 Dec 2017 23:43:39 +0100 Subject: [PATCH 0579/1059] all.sh: cleaned up usage output --- tests/scripts/all.sh | 115 ++++++++++++++++++++++++------------------- 1 file changed, 63 insertions(+), 52 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4decbb1cbd..0931012a46 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -56,22 +56,28 @@ fi usage() { - printf "Usage: $0\n" - printf " -h|--help\t\tPrint this help.\n" - printf " -m|--memory\t\tAdditional optional memory tests.\n" - printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" - printf " -s|--seed\t\tInteger seed value to use for this test run.\n" - printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n" - printf " --no-yotta\t\tSkip yotta build\n" - printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." - printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" - printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" - printf " --gnutls-cli=\t\tPath to GnuTLS client executable to use for most tests.\n" - printf " --gnutls-serv=\t\tPath to GnuTLS server executable to use for most tests.\n" - printf " --gnutls-legacy-cli=\t\tPath to GnuTLS client executable to use for legacy tests.\n" - printf " --gnutls-legacy-serv=\t\tPath to GnuTLS server executable to use for legacy tests.\n" - printf " --armc5-bin-dir=\t\tPath to the ARM Compiler 5 bin directory.\n" - printf " --armc6-bin-dir=\t\tPath to the ARM Compiler 6 bin directory.\n" + cat < Directory used for CMake out-of-source build tests. + -r|--release-test Run this script in release mode. This fixes the seed value to 1. + -s|--seed Integer seed value to use for this test run. + +Tool path options: + --armc5-bin-dir= ARM Compiler 5 bin directory. + --armc6-bin-dir= ARM Compiler 6 bin directory. + --gnutls-cli= GnuTLS client executable to use for most tests. + --gnutls-serv= GnuTLS server executable to use for most tests. + --gnutls-legacy-cli= GnuTLS client executable to use for legacy tests. + --gnutls-legacy-serv= GnuTLS server executable to use for legacy tests. + --openssl= OpenSSL executable to use for most tests. + --openssl-legacy= OpenSSL executable to use for legacy tests e.g. SSLv3. +EOF } # remove built files as well as the cmake cache/config @@ -127,42 +133,21 @@ check_tools() while [ $# -gt 0 ]; do case "$1" in - --memory|-m*) - MEMORY=${1#-m} + --armc5-bin-dir) + shift + ARMC5_BIN_DIR="$1" + ;; + --armc6-bin-dir) + shift + ARMC6_BIN_DIR="$1" ;; --force|-f) FORCE=1 ;; - --seed|-s) - shift - SEED="$1" - ;; - --release-test|-r) - RELEASE=1 - ;; - --no-yotta) - YOTTA=0 - ;; - --out-of-source-dir) - shift - OUT_OF_SOURCE_DIR="$1" - ;; - --openssl) - shift - OPENSSL="$1" - ;; - --openssl-legacy) - shift - OPENSSL_LEGACY="$1" - ;; --gnutls-cli) shift GNUTLS_CLI="$1" ;; - --gnutls-serv) - shift - GNUTLS_SERV="$1" - ;; --gnutls-legacy-cli) shift GNUTLS_LEGACY_CLI="$1" @@ -171,17 +156,43 @@ while [ $# -gt 0 ]; do shift GNUTLS_LEGACY_SERV="$1" ;; - --armc5-bin-dir) + --gnutls-serv) shift - ARMC5_BIN_DIR="$1" + GNUTLS_SERV="$1" ;; - --armc6-bin-dir) - shift - ARMC6_BIN_DIR="$1" - ;; - --help|-h|*) + --help|-h) usage - exit 1 + exit + ;; + --memory|-m) + MEMORY=1 + ;; + --no-yotta) + YOTTA=0 + ;; + --openssl) + shift + OPENSSL="$1" + ;; + --openssl-legacy) + shift + OPENSSL_LEGACY="$1" + ;; + --out-of-source-dir) + shift + OUT_OF_SOURCE_DIR="$1" + ;; + --release-test|-r) + RELEASE=1 + ;; + --seed|-s) + shift + SEED="$1" + ;; + *) + echo >&2 "Unknown option: $1" + echo >&2 "Run $0 --help for usage." + exit 120 ;; esac shift From 7c6521688ac2af9af845f329ede5fb8fffa7f22d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 Dec 2017 00:01:40 +0100 Subject: [PATCH 0580/1059] all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far. --- tests/scripts/all.sh | 174 ++++++++++++++++++++++++++++++++----------- 1 file changed, 130 insertions(+), 44 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0931012a46..923932f215 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -35,6 +35,7 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 +KEEP_GOING=0 RELEASE=0 YOTTA=1 @@ -62,6 +63,7 @@ Usage: $0 [OPTION]... General options: -f|--force Force the tests to overwrite any modified files. + -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. --no-yotta Skip yotta build. --out-of-source-dir= Directory used for CMake out-of-source build tests. @@ -83,7 +85,7 @@ EOF # remove built files as well as the cmake cache/config cleanup() { - make clean + command make clean find . -name yotta -prune -o -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} \+ rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile @@ -95,7 +97,21 @@ cleanup() fi } -trap cleanup INT TERM HUP +# Executed on exit. May be redefined depending on command line options. +final_report () { + : +} + +fatal_signal () { + cleanup + final_report $1 + trap - $1 + kill -$1 $$ +} + +trap 'fatal_signal HUP' HUP +trap 'fatal_signal INT' INT +trap 'fatal_signal TERM' TERM msg() { @@ -104,6 +120,7 @@ msg() echo "* $1 " printf "* "; date echo "******************************************************************" + current_section=$1 } armc6_build_test() @@ -164,6 +181,9 @@ while [ $# -gt 0 ]; do usage exit ;; + --keep-going|-k) + KEEP_GOING=1 + ;; --memory|-m) MEMORY=1 ;; @@ -221,7 +241,6 @@ else fi if ! git diff-files --quiet include/mbedtls/config.h; then - echo $? err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " echo "You can either delete or preserve your work, or force the test by rerunning the" echo "script as: $0 --force" @@ -229,6 +248,71 @@ else fi fi +build_status=0 +if [ $KEEP_GOING -eq 1 ]; then + failure_summary= + failure_count=0 + start_red= + end_color= + if [ -t 1 ]; then + case "$TERM" in + *color*|cygwin|linux|rxvt*|screen|[Eex]term*) + start_red=$(printf '\033[31m') + end_color=$(printf '\033[0m') + ;; + esac + fi + record_status () { + if "$@"; then + last_status=0 + else + last_status=$? + text="$current_section: $* -> $last_status" + failure_summary="$failure_summary +$text" + failure_count=$((failure_count + 1)) + echo "${start_red}^^^^$text^^^^${end_color}" + fi + } + make () { + case "$*" in + *test|*check) + if [ $build_status -eq 0 ]; then + record_status command make "$@" + else + echo "(skipped because the build failed)" + fi + ;; + *) + record_status command make "$@" + build_status=$last_status + ;; + esac + } + final_report () { + if [ $failure_count -gt 0 ]; then + echo + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" + echo "${start_red}FAILED: $failure_count${end_color}$failure_summary" + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" + elif [ -z "${1-}" ]; then + echo "SUCCESS :)" + fi + if [ -n "${1-}" ]; then + echo "Killed by SIG$1." + fi + } +else + record_status () { + "$@" + } +fi +if_build_succeeded () { + if [ $build_status -eq 0 ]; then + record_status "$@" + fi +} + if [ $RELEASE -eq 1 ]; then # Fix the seed value to 1 to ensure that the tests are deterministic. SEED=1 @@ -306,7 +390,7 @@ if [ $YOTTA -ne 0 ]; then # on the path, and uses whatever version of armcc it finds there. msg "build: create and build yotta module" # ~ 30s cleanup - tests/scripts/yotta-build.sh + record_status tests/scripts/yotta-build.sh fi msg "build: cmake, gcc, ASan" # ~ 1 min 50s @@ -318,16 +402,16 @@ msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test msg "test: ssl-opt.sh (ASan build)" # ~ 1 min -tests/ssl-opt.sh +if_build_succeeded tests/ssl-opt.sh msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s -tests/scripts/test-ref-configs.pl +if_build_succeeded tests/scripts/test-ref-configs.pl msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min make msg "test: compat.sh (ASan build)" # ~ 6 min -tests/compat.sh +if_build_succeeded tests/compat.sh msg "build: Default + SSLv3 (ASan build)" # ~ 6 min cleanup @@ -340,11 +424,11 @@ msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s make test msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min -tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' -OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' +if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' +if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min -tests/ssl-opt.sh +if_build_succeeded tests/ssl-opt.sh msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min cleanup @@ -357,7 +441,7 @@ msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build make test msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min -tests/ssl-opt.sh +if_build_succeeded tests/ssl-opt.sh msg "build: cmake, full config, clang, C99" # ~ 50s cleanup @@ -365,30 +449,30 @@ cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . -CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' make +make CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' msg "test: main suites (full config)" # ~ 5s -CFLAGS='-Werror -Wall -Wextra' make test +make CFLAGS='-Werror -Wall -Wextra' test msg "test: ssl-opt.sh default (full config)" # ~ 1s -tests/ssl-opt.sh -f Default +if_build_succeeded tests/ssl-opt.sh -f Default msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min -OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' +if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' msg "test/build: curves.pl (gcc)" # ~ 4 min cleanup cmake -D CMAKE_BUILD_TYPE:String=Debug . -tests/scripts/curves.pl +if_build_succeeded tests/scripts/curves.pl msg "test/build: key-exchanges (gcc)" # ~ 1 min cleanup cmake -D CMAKE_BUILD_TYPE:String=Check . -tests/scripts/key-exchanges.pl +if_build_succeeded tests/scripts/key-exchanges.pl msg "build: Unix make, -Os (gcc)" # ~ 30s cleanup -CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' # Full configuration build, without platform support, file IO and net sockets. # This should catch missing mbedtls_printf definitions, and by disabling file @@ -410,8 +494,8 @@ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds -CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' make lib programs -CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make test +make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test # catch compile bugs in _uninit functions msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s @@ -420,21 +504,21 @@ cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_SRV_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C -CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make +make CC=gcc CFLAGS='-Werror -Wall -Werror -O0' # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). @@ -444,7 +528,7 @@ cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux -CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib msg "build: default config except MFL extension (ASan build)" # ~ 30s cleanup @@ -454,7 +538,7 @@ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: ssl-opt.sh, MFL-related tests" -tests/ssl-opt.sh -f "Max fragment length" +if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" cleanup @@ -480,7 +564,7 @@ fi if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup - CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + make CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' msg "build: gcc, force 32-bit compilation" cleanup @@ -488,7 +572,7 @@ if uname -a | grep -F x86_64 >/dev/null; then scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C - CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' msg "build: gcc, force 64-bit compilation" cleanup @@ -496,7 +580,7 @@ if uname -a | grep -F x86_64 >/dev/null; then scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C - CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' msg "test: gcc, force 64-bit compilation" make test @@ -507,7 +591,7 @@ if uname -a | grep -F x86_64 >/dev/null; then scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C - CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s @@ -525,7 +609,7 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup @@ -543,7 +627,7 @@ scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION -CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" ! grep __aeabi_uldiv library/*.o @@ -567,7 +651,7 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib +make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib make clean # ARM Compiler 6 - Target ARMv7-A @@ -589,23 +673,23 @@ msg "build: allow SHA1 in certificates by default" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES -CFLAGS='-Werror -Wall -Wextra' make +make CFLAGS='-Werror -Wall -Wextra' msg "test: allow SHA1 in certificates by default" make test -tests/ssl-opt.sh -f SHA-1 +if_build_succeeded tests/ssl-opt.sh -f SHA-1 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs +make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs # note Make tests only builds the tests, but doesn't run them -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests -WINDOWS_BUILD=1 make clean +make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests +make WINDOWS_BUILD=1 clean msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests -WINDOWS_BUILD=1 make clean +make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs +make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests +make WINDOWS_BUILD=1 clean # MemSan currently only available on Linux 64 bits if uname -a | grep 'Linux.*x86_64' >/dev/null; then @@ -621,13 +705,13 @@ if uname -a | grep 'Linux.*x86_64' >/dev/null; then make test msg "test: ssl-opt.sh (MSan)" # ~ 1 min - tests/ssl-opt.sh + if_build_succeeded tests/ssl-opt.sh # Optional part(s) if [ "$MEMORY" -gt 0 ]; then msg "test: compat.sh (MSan)" # ~ 6 min 20s - tests/compat.sh + if_build_succeeded tests/compat.sh fi else # no MemSan @@ -646,12 +730,12 @@ else # no MemSan if [ "$MEMORY" -gt 0 ]; then msg "test: ssl-opt.sh --memcheck (Release)" - tests/ssl-opt.sh --memcheck + if_build_succeeded tests/ssl-opt.sh --memcheck fi if [ "$MEMORY" -gt 1 ]; then msg "test: compat.sh --memcheck (Release)" - tests/compat.sh --memcheck + if_build_succeeded tests/compat.sh --memcheck fi fi # MemSan @@ -671,3 +755,5 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup + +final_report From 2a22a8041c4ec02774269a0944c4af1739f7984e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Dec 2017 15:19:00 +0100 Subject: [PATCH 0581/1059] all.sh: add --yotta to go with --no-yotta Add --yotta which is currently a no-op but may not remain so if we decide to make no-yotta the default in the future. --- tests/scripts/all.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 923932f215..ae991f13dd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -65,10 +65,11 @@ General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. - --no-yotta Skip yotta build. + --no-yotta Skip yotta module build. --out-of-source-dir= Directory used for CMake out-of-source build tests. -r|--release-test Run this script in release mode. This fixes the seed value to 1. -s|--seed Integer seed value to use for this test run. + --yotta Build yotta module (on by default). Tool path options: --armc5-bin-dir= ARM Compiler 5 bin directory. @@ -209,6 +210,9 @@ while [ $# -gt 0 ]; do shift SEED="$1" ;; + --yotta) + YOTTA=1 + ;; *) echo >&2 "Unknown option: $1" echo >&2 "Run $0 --help for usage." @@ -226,7 +230,7 @@ if [ $FORCE -eq 1 ]; then cleanup else - if [ $YOTTA -eq 1 ] && [ -d yotta/module ]; then + if [ $YOTTA -ne 0 ] && [ -d yotta/module ]; then err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'" echo "You can either delete your work and retry, or force the test to overwrite the" echo "test by rerunning the script as: $0 --force" From bca6ab9d38dccbcf024c43d3979c0feda8751281 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Dec 2017 18:24:31 +0100 Subject: [PATCH 0582/1059] all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline. --- tests/scripts/all.sh | 65 +++++++++++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ae991f13dd..c9c790c809 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -37,6 +37,7 @@ MEMORY=0 FORCE=0 KEEP_GOING=0 RELEASE=0 +RUN_ARMCC=1 YOTTA=1 # Default commands, can be overriden by the environment @@ -65,6 +66,8 @@ General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. + --armcc Run ARM Compiler builds (on by default). + --no-armcc Skip ARM Compiler builds. --no-yotta Skip yotta module build. --out-of-source-dir= Directory used for CMake out-of-source build tests. -r|--release-test Run this script in release mode. This fixes the seed value to 1. @@ -124,15 +127,17 @@ msg() current_section=$1 } -armc6_build_test() -{ - FLAGS="$1" +if [ $RUN_ARMCC -ne 0 ]; then + armc6_build_test() + { + FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" - ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ - WARNING_CFLAGS='-xc -std=c99' make lib - make clean -} + msg "build: ARM Compiler 6 ($FLAGS), make" + ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ + WARNING_CFLAGS='-xc -std=c99' make lib + make clean + } +fi err_msg() { @@ -151,6 +156,9 @@ check_tools() while [ $# -gt 0 ]; do case "$1" in + --armcc) + RUN_ARMCC=1 + ;; --armc5-bin-dir) shift ARMC5_BIN_DIR="$1" @@ -188,6 +196,9 @@ while [ $# -gt 0 ]; do --memory|-m) MEMORY=1 ;; + --no-armcc) + RUN_ARMCC=0 + ;; --no-yotta) YOTTA=0 ;; @@ -352,8 +363,10 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \ - "i686-w64-mingw32-gcc" + "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" +if [ $RUN_ARMCC -ne 0 ]; then + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" +fi # # Test Suites to be executed @@ -389,9 +402,9 @@ msg "test: doxygen warnings" # ~ 3s cleanup tests/scripts/doxygen.sh -if [ $YOTTA -ne 0 ]; then - # Note - use of yotta is deprecated, and yotta also requires armcc to be - # on the path, and uses whatever version of armcc it finds there. +if [ $RUN_ARMCC -ne 0 ] && [ $YOTTA -ne 0 ]; then + # Note - use of yotta is deprecated, and yotta also requires armcc to be on the + # path, and uses whatever version of armcc it finds there. msg "build: create and build yotta module" # ~ 30s cleanup record_status tests/scripts/yotta-build.sh @@ -655,23 +668,25 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib -make clean +if [ $RUN_ARMCC -ne 0 ]; then + make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + make clean -# ARM Compiler 6 - Target ARMv7-A -armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + # ARM Compiler 6 - Target ARMv7-A + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" -# ARM Compiler 6 - Target ARMv7-M -armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + # ARM Compiler 6 - Target ARMv7-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" -# ARM Compiler 6 - Target ARMv8-A - AArch32 -armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + # ARM Compiler 6 - Target ARMv8-A - AArch32 + armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" -# ARM Compiler 6 - Target ARMv8-M -armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" + # ARM Compiler 6 - Target ARMv8-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -# ARM Compiler 6 - Target ARMv8-A - AArch64 -armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" + # ARM Compiler 6 - Target ARMv8-A - AArch64 + armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" +fi msg "build: allow SHA1 in certificates by default" cleanup From c3c3a68e747a07e6a7d9333972962b6f6574dd08 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 21 Dec 2017 15:19:53 +0000 Subject: [PATCH 0583/1059] Update usage description --- scripts/config.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 8c1aa08dd7..d07b130a7a 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -45,7 +45,7 @@ my $config_file = "include/mbedtls/config.h"; my $usage = < | --file ] [-o | --force] [set | unset | get | - full | realfull] + full | realfull | baremetal] Commands set [] - Uncomments or adds a #define for the to @@ -63,7 +63,7 @@ Commands excluding some reserved symbols, until the 'Module configuration options' section realfull - Uncomments all #define's with no exclusions - baremetal - Set configuration suitable for baremetal build. + baremetal - Sets full configuration suitable for baremetal build. Options -f | --file - The file or file path for the configuration file From c4e9694d43999f9e607266a75e9394cd0158594c Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 21 Dec 2017 15:22:37 +0000 Subject: [PATCH 0584/1059] Add MBEDTLS_NO_UDBL_DIVISION to excludes of full config --- scripts/config.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.pl b/scripts/config.pl index d07b130a7a..76ca4709c8 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -92,6 +92,7 @@ MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_ZLIB_SUPPORT MBEDTLS_PKCS11_C +MBEDTLS_NO_UDBL_DIVISION _ALT\s*$ ); From 192c72f7a12cac724150c0bebd0f224722c1ff63 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Dec 2017 15:59:21 +0100 Subject: [PATCH 0585/1059] all.sh: add some documentation --- tests/scripts/all.sh | 90 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 83 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c9c790c809..2ea31dbc29 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4,20 +4,78 @@ # # This file is part of mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved -# +# Copyright (c) 2014-2017, ARM Limited, All Rights Reserved + + + +################################################################ +#### Documentation +################################################################ + # Purpose +# ------- # # To run all tests possible or available on the platform. # +# Notes for users +# --------------- +# # Warning: the test is destructive. It includes various build modes and # configurations, and can and will arbitrarily change the current CMake -# configuration. After this script has been run, the CMake cache will be lost -# and CMake will no longer be initialised. +# configuration. The following files must be committed into git: +# * include/mbedtls/config.h +# * Makefile, library/Makefile, programs/Makefile, tests/Makefile +# After running this script, the CMake cache will be lost and CMake +# will no longer be initialised. # -# The script assumes the presence of gcc and clang (recent enough for using -# ASan with gcc and MemSan with clang, or valgrind) are available, as well as -# cmake and a "good" find. +# The script assumes the presence of a number of tools: +# * Basic Unix tools (Windows users note: a Unix-style find must be before +# the Windows find in the PATH) +# * Perl +# * GNU Make +# * CMake +# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind) +# * arm-gcc and mingw-gcc +# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc +# * Yotta build dependencies, unless invoked with --no-yotta +# * OpenSSL and GnuTLS command line tools, recent enough for the +# interoperability tests. If they don't support SSLv3 then a legacy +# version of these tools must be present as well (search for LEGACY +# below). +# See the invocation of check_tools below for details. +# +# This script must be invoked from the toplevel directory of a git +# working copy of Mbed TLS. +# +# Note that the output is not saved. You may want to run +# script -c tests/scripts/all.sh +# or +# tests/scripts/all.sh >all.log 2>&1 +# +# Notes for maintainers +# --------------------- +# +# The tests are roughly in order from fastest to slowest. This doesn't +# have to be exact, but in general you should add slower tests towards +# the end and fast checks near the beginning. +# +# Sanity checks have the following form: +# 1. msg "short description of what is about to be done" +# 2. run sanity check (failure stops the script) +# +# Build or build-and-test steps have the following form: +# 1. msg "short description of what is about to be done" +# 2. cleanup +# 3. preparation (config.pl, cmake, ...) (failure stops the script) +# 4. make +# 5. Run tests if relevant. All tests must be prefixed with +# if_build_successful for the sake of --keep-going. + + + +################################################################ +#### Initialization and command line parsing +################################################################ # Abort on errors (and uninitialised variables) set -eu @@ -368,6 +426,12 @@ if [ $RUN_ARMCC -ne 0 ]; then check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" fi + + +################################################################ +#### Basic checks +################################################################ + # # Test Suites to be executed # @@ -402,6 +466,12 @@ msg "test: doxygen warnings" # ~ 3s cleanup tests/scripts/doxygen.sh + + +################################################################ +#### Build and test many configurations and targets +################################################################ + if [ $RUN_ARMCC -ne 0 ] && [ $YOTTA -ne 0 ]; then # Note - use of yotta is deprecated, and yotta also requires armcc to be on the # path, and uses whatever version of armcc it finds there. @@ -772,6 +842,12 @@ make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" + + +################################################################ +#### Termination +################################################################ + msg "Done, cleaning up" cleanup From 25b96ea2daeed8f0e4a1a58540ea9c455b6678fa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 21 Dec 2017 17:45:11 +0000 Subject: [PATCH 0586/1059] Remove comment on potential future removal of non-CRT fields --- include/mbedtls/rsa.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 5e7fdca6bc..33ff4e3fbe 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -98,16 +98,12 @@ typedef struct mbedtls_mpi P; /*!< 1st prime factor */ mbedtls_mpi Q; /*!< 2nd prime factor */ - /* DP,DQ,QP are not used in NO_CRT but temporarily kept for ABI - * compatibility. Will be removed on next ABI changing release. */ mbedtls_mpi DP; /*!< D % (P - 1) */ mbedtls_mpi DQ; /*!< D % (Q - 1) */ mbedtls_mpi QP; /*!< 1 / (Q % P) */ mbedtls_mpi RN; /*!< cached R^2 mod N */ - /* RP, RQ are not used in NO_CRT but temporarily kept for ABI - * compatibility. Will be removed on next ABI changing release. */ mbedtls_mpi RP; /*!< cached R^2 mod P */ mbedtls_mpi RQ; /*!< cached R^2 mod Q */ From f40cdf9971679f59cf7bc1722139bc218219db96 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Dec 2017 11:03:27 +0000 Subject: [PATCH 0587/1059] Add dependency of new RSA tests on presence of strong entropy source During the work on the RSA change the issue was brought up, and a fix was provided on development, that some RSA tests use CTR DRBG and depend on the presence of a strong entropy source to succeed. The RSA work introduced more tests using CTR DRBG, and the dependency needs to be added for them, too. --- tests/suites/test_suite_rsa.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e305c4337c..f501222d10 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -847,7 +847,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ void mbedtls_rsa_import( int radix_N, char *input_N, int radix_P, char *input_P, int radix_Q, char *input_Q, @@ -1121,7 +1121,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ void mbedtls_rsa_validate_params( int radix_N, char *input_N, int radix_P, char *input_P, int radix_Q, char *input_Q, @@ -1315,7 +1315,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ void mbedtls_rsa_import_raw( char *input_N, char *input_P, char *input_Q, char *input_D, char *input_E, From 11d3cf477024f3e40d6370833c069176209857ab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 22 Dec 2017 15:34:37 +0100 Subject: [PATCH 0588/1059] Doxygen: don't traverse symbolic links We don't use symbolic links as part of our build process, so tell Doxygen not to traverse them. In particular, if I have a symbolic link to a directory outside the build tree, I don't want Doxygen to follow it. --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 5df1c932db..757a250d2e 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -702,7 +702,7 @@ EXCLUDE = configs yotta/module # directories that are symbolic links (a Unix file system feature) are excluded # from the input. -EXCLUDE_SYMLINKS = NO +EXCLUDE_SYMLINKS = YES # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude From a47023e4d55bef26a5b25409b266e1dccc77de97 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Dec 2017 17:08:03 +0000 Subject: [PATCH 0589/1059] Incorporate comments on merge commit * Correct order of sections in ChangeLog * Restore unintentionally removed whitespace and formatting improvements. * Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h documentation. --- ChangeLog | 35 ++++++++++++++-------------- include/mbedtls/rsa.h | 20 ++++++++-------- tests/suites/test_suite_rsa.function | 5 ++-- 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4a60b2abde..cf2c882b76 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,23 @@ Security Features * Allow comments in test data files. +API Changes + * Extend RSA interface by multiple functions allowing structure- + independent setup and export of RSA contexts. Most notably, + mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting + up RSA contexts from partial key material and having them completed to the + needs of the implementation automatically. This allows to setup private RSA + contexts from keys consisting of N,D,E only, even if P,Q are needed for the + purpose or CRT and/or blinding. + * The configuration option MBEDTLS_RSA_ALT can be used to define alternative + implementations of the RSA interface declared in rsa.h. + +New deprecations + * Deprecate usage of RSA primitives with non-matching key-type + (e.g., signing with a public key). + * Direct manipulation of structure fields of RSA contexts is deprecated. + Users are advised to use the extended RSA API instead. + Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. @@ -57,23 +74,6 @@ Bugfix * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by MilenkoMitrovic, #1104 -New deprecations - * Direct manipulation of structure fields of RSA contexts is deprecated. - Users are advised to use the extended RSA API instead. - * Deprecate usage of RSA primitives with non-matching key-type - (e.g., signing with a public key). - -API Changes - * Extend RSA interface by multiple functions allowing structure- - independent setup and export of RSA contexts. Most notably, - mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting - up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup private RSA - contexts from keys consisting of N,D,E only, even if P,Q are needed for the - purpose or CRT and/or blinding. - * The configuration option MBEDTLS_RSA_ALT can be used to define alternative - implementations of the RSA interface declared in rsa.h. - Changes * Extend cert_write example program by options to set the CRT version and the message digest. Further, allow enabling/disabling of authority @@ -95,7 +95,6 @@ Security * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. Found by Laurent Simon. ->>>>>>> development Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e412643105..d7503ac831 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -274,11 +274,11 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * exporting the requested parameters * cannot be done because of a lack of functionality * or because of security policies, the error code - * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned. * In this case, the RSA context stays intact and can * be continued to be used. * - * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION * would be the following: Firstly, it might be that an * alternative RSA implementation is in use which stores * the key externally, and which either cannot or should not @@ -319,11 +319,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * exporting the requested parameters * cannot be done because of a lack of functionality * or because of security policies, the error code - * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned. * In this case, the RSA context stays intact and can * be continued to be used. * - * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION * would be the following: Firstly, it might be that an * alternative RSA implementation is in use which stores * the key externally, and which either cannot or should not @@ -525,7 +525,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PRIVATE and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -557,7 +557,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PRIVATE and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -592,7 +592,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PRIVATE and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -629,7 +629,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PUBLIC and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes @@ -670,7 +670,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PUBLIC and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes @@ -713,7 +713,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PUBLIC and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f501222d10..639bcb89dc 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -729,8 +729,9 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) mbedtls_entropy_init( &entropy ); mbedtls_rsa_init ( &ctx, 0, 0 ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) == 0 ); TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); if( result == 0 ) From ba8316f79010a3dcf22c04671b3d7bf10ac243e8 Mon Sep 17 00:00:00 2001 From: Micha Kraus Date: Sat, 23 Dec 2017 23:40:08 +0100 Subject: [PATCH 0590/1059] fix bug in get_one_and_zeros_padding() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit add test case (“0000000082”) which fails with the old implementation. --- library/cipher.c | 6 +++--- tests/suites/test_suite_cipher.padding.data | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index e9e0b223e5..ff0327380c 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -516,14 +516,14 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, if( NULL == input || NULL == data_len ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - bad = 0xFF; + bad = 0x80; *data_len = 0; for( i = input_len; i > 0; i-- ) { prev_done = done; - done |= ( input[i-1] != 0 ); + done |= ( input[i - 1] != 0 ); *data_len |= ( i - 1 ) * ( done != prev_done ); - bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done ); + bad ^= input[i - 1] * ( done != prev_done ); } return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data index d6fc266721..1c0ba09801 100644 --- a/tests/suites/test_suite_cipher.padding.data +++ b/tests/suites/test_suite_cipher.padding.data @@ -184,6 +184,10 @@ Check one and zeros padding #7 (overlong) depends_on:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS check_padding:MBEDTLS_PADDING_ONE_AND_ZEROS:"0000000000":MBEDTLS_ERR_CIPHER_INVALID_PADDING:4 +Check one and zeros padding #8 (last byte 0x80 | x) +depends_on:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +check_padding:MBEDTLS_PADDING_ONE_AND_ZEROS:"0000000082":MBEDTLS_ERR_CIPHER_INVALID_PADDING:4 + Check zeros and len padding #1 (correct) depends_on:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN check_padding:MBEDTLS_PADDING_ZEROS_AND_LEN:"DABBAD0001":0:4 From 1f35ca9471617a1478c8fa0e2486a70925580c40 Mon Sep 17 00:00:00 2001 From: Reuven Levin Date: Thu, 7 Dec 2017 10:09:32 +0000 Subject: [PATCH 0591/1059] Added alternated Diffie-Hellman module. 1. Add modified files dhm.c and dhm.h --- include/mbedtls/dhm.h | 11 +++++++++++ library/dhm.c | 5 ++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index d7ab1522ec..6fd74731b7 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -23,7 +23,15 @@ #ifndef MBEDTLS_DHM_H #define MBEDTLS_DHM_H +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif #include "bignum.h" +#if !defined(MBEDTLS_DHM_ALT) + + /* * DHM Error codes @@ -290,6 +298,9 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ +#else +#include "dhm_alt.h" +#endif /* MBEDTLS_DHM_ALT */ /** * \brief Checkup routine diff --git a/library/dhm.c b/library/dhm.c index bec52a11df..6f8f021e5c 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -57,6 +57,9 @@ #define mbedtls_free free #endif +#if !defined(MBEDTLS_DHM_ALT) + + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; @@ -577,7 +580,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) } #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ - +#endif/*MBEDTLS_DHM_ALT*/ #if defined(MBEDTLS_SELF_TEST) static const char mbedtls_test_dhm_params[] = From 49762fa21fe4848d78439e812e1b8e8ba6998463 Mon Sep 17 00:00:00 2001 From: nirekh01 Date: Mon, 25 Dec 2017 06:46:48 +0000 Subject: [PATCH 0592/1059] Add 'MBEDTLS_DHM_ALT' #DEFINE to library/config.h Add 'MBEDTLS_DHM_ALT' #DEFINE to library/config.h to support alternate DHM --- include/mbedtls/config.h | 2 ++ library/dhm.c | 3 ++- library/version_features.c | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 69e997f85e..f8594b841a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -275,6 +275,8 @@ //#define MBEDTLS_SHA1_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT +//#define MBEDTLS_DHM_ALT + /* * When replacing the elliptic curve module, pleace consider, that it is * implemented with two .c files: diff --git a/library/dhm.c b/library/dhm.c index 6f8f021e5c..882b306744 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -580,7 +580,8 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) } #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ -#endif/*MBEDTLS_DHM_ALT*/ +#endif /* MBEDTLS_DHM_ALT */ + #if defined(MBEDTLS_SELF_TEST) static const char mbedtls_test_dhm_params[] = diff --git a/library/version_features.c b/library/version_features.c index 5cbe8aca37..000246edcd 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -123,6 +123,9 @@ static const char *features[] = { #if defined(MBEDTLS_SHA512_ALT) "MBEDTLS_SHA512_ALT", #endif /* MBEDTLS_SHA512_ALT */ +#if defined(MBEDTLS_DHM_ALT) + "MBEDTLS_DHM_ALT", +#endif /* MBEDTLS_DHM_ALT */ #if defined(MBEDTLS_ECP_ALT) "MBEDTLS_ECP_ALT", #endif /* MBEDTLS_ECP_ALT */ From b89c472ad5994f3e2e30f51192fe04d49a3da964 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 26 Dec 2017 12:52:53 +0100 Subject: [PATCH 0593/1059] Improve cmake usage notes in Readme --- README.md | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4270e80693..b9aadc7c02 100644 --- a/README.md +++ b/README.md @@ -84,9 +84,10 @@ In case you find that you need to do something else as well, please let us know ### CMake -In order to build the source using CMake, just enter at the command line: +In order to build the source using CMake in a separate directory (recommended), just enter at the command line: - cmake . + mkdir /path/to/build_dir && cd /path/to/build_dir + cmake /path/to/mbedtls_source make In order to run the tests, enter: @@ -95,7 +96,7 @@ In order to run the tests, enter: The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with: - cmake -DENABLE_TESTING=Off . + cmake -DENABLE_TESTING=Off /path/to/mbedtls_source If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with: @@ -103,7 +104,7 @@ If you disabled the test suites, but kept the programs enabled, you can still ru To configure CMake for building shared libraries, use: - cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . + cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific: @@ -118,16 +119,40 @@ There are many different build modes available within the CMake buildsystem. Mos Switching build modes in CMake is simple. For debug mode, enter at the command line: - cmake -D CMAKE_BUILD_TYPE=Debug . + cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source To list other available CMake options, use: cmake -LH -Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, e.g. (using GNU find): +Note that, with CMake, you can't adjust the compiler of compiler after the +initial invocation of cmake. This means that `CC=your_cc make` and `make +CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables). +These variables need to be adjusted when invoking cmake for the first time, +for example: + + CC=your_cc cmake /path/to/mbedtls_source + +If you already invoked cmake and want to change those settings, you need to +remove the build directory and create it again. + +Note that it is possible to build in-place; this will however overwrite the +provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to +prevent `git status` from showing them as modified). In order to do so, from +the Mbed TLS source directory, use: + + cmake . + make + +If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the +CMake cache. This can be done with the following command using GNU find: find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + - CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake . + +You can not make the desired change: + + CC=your_cc cmake . + make ### Microsoft Visual Studio From 05c92715be05c310bf6e046f2cafcd2569800e58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Dec 2017 09:14:47 +0100 Subject: [PATCH 0594/1059] readme: clarify CFLAGS prepending/overriding --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b9aadc7c02..d0d81fc765 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,9 @@ You'll still be able to run a much smaller set of tests with: In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available). -Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`. +Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved. + +Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line. Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. @@ -154,6 +156,10 @@ You can not make the desired change: CC=your_cc cmake . make +Regarding variables, also note that if you set CFLAGS when invoking cmake, +your value of CFLAGS doesn't override the content provided by cmake (depending +on the build mode as seen above), it's merely prepended to it. + ### Microsoft Visual Studio The build files for Microsoft Visual Studio are generated for Visual Studio 2010. From 08ba530bffe976ef5dd2de6c51326bc9ea762b2b Mon Sep 17 00:00:00 2001 From: nirekh01 Date: Thu, 28 Dec 2017 16:21:38 +0000 Subject: [PATCH 0595/1059] Remove some extra lines Remove some extra lines as was requested in code review --- include/mbedtls/dhm.h | 2 -- library/dhm.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 6fd74731b7..40916c661f 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -31,8 +31,6 @@ #include "bignum.h" #if !defined(MBEDTLS_DHM_ALT) - - /* * DHM Error codes */ diff --git a/library/dhm.c b/library/dhm.c index 882b306744..cff0958750 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -58,8 +58,6 @@ #endif #if !defined(MBEDTLS_DHM_ALT) - - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; From 976dd1674a25c242d423503032d446c53f40b4cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jan 2018 10:49:46 +0100 Subject: [PATCH 0596/1059] Fix typos in previous commits --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d0d81fc765..2c6cc62a05 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,7 @@ To list other available CMake options, use: cmake -LH -Note that, with CMake, you can't adjust the compiler of compiler after the +Note that, with CMake, you can't adjust the compiler or its flags after the initial invocation of cmake. This means that `CC=your_cc make` and `make CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables). These variables need to be adjusted when invoking cmake for the first time, @@ -151,7 +151,7 @@ CMake cache. This can be done with the following command using GNU find: find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + -You can not make the desired change: +You can now make the desired change: CC=your_cc cmake . make From 618d091f2af41c2c60117b6c7fef080687dedc81 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2018 16:04:19 +0100 Subject: [PATCH 0597/1059] Add ChangeLog entry for CCM_ALT Edit the CMAC_ALT ChangeLog entry to mention CCM_ALT which was added in a sister PR and is being merged together. Use full name rather than Github id as attribution. Move the entry under "Features" for better consistency with historical practice. --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6377e7f5da..d9e9dc89e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,8 @@ Features line arguments. * New unit tests for timing. Improve the self-test to be more robust when run on a heavily-loaded machine. + * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT, + MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs. New deprecations * Deprecate usage of RSA primitives with non-matching key-type @@ -71,8 +73,6 @@ Changes * Extend cert_write example program by options to set the CRT version and the message digest. Further, allow enabling/disabling of authority identifier, subject identifier and basic constraints extensions. - * Add hardware acceleration support for cmac, with the configuration definition - of `MBEDTLS_CMAC_ALT`. Submitted by stevew817 = mbed TLS 2.6.0 branch released 2017-08-10 From 8e09d8f6a5d1b8543ee5fb6e782df88179575ad4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2018 16:09:42 +0100 Subject: [PATCH 0598/1059] Add full stop to ChangeLog entry --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 32056b80f5..365a713b72 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,7 +21,7 @@ Features * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT, MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs. * Add support for alternative implementations of GCM, selected by the - configuration flag MBEDTLS_GCM_ALT in config.h + configuration flag MBEDTLS_GCM_ALT. New deprecations * Deprecate usage of RSA primitives with non-matching key-type From ec9c626b75aecd99663695d53460c6a79d5c6d44 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2018 16:27:50 +0100 Subject: [PATCH 0599/1059] ChangeLog entry for PR #964 --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 365a713b72..2284f34272 100644 --- a/ChangeLog +++ b/ChangeLog @@ -70,11 +70,14 @@ Bugfix MilenkoMitrovic, #1104 * Fix mbedtls_timing_alarm(0) on Unix. * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. + * Fix possible memory leaks in mbedtls_gcm_self_test(). + * Added missing return code checks in mbedtls_aes_self_test(). Changes * Extend cert_write example program by options to set the CRT version and the message digest. Further, allow enabling/disabling of authority identifier, subject identifier and basic constraints extensions. + * Only run AES-192 self-test if AES-192 is available. Fixes #963. = mbed TLS 2.6.0 branch released 2017-08-10 From 9736b9d59ab86bd9d7ab00fde866c27fa677f1da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2018 21:54:17 +0100 Subject: [PATCH 0600/1059] all.sh --keep-going: work if TERM is unset --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2ea31dbc29..945d404851 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -328,7 +328,7 @@ if [ $KEEP_GOING -eq 1 ]; then start_red= end_color= if [ -t 1 ]; then - case "$TERM" in + case "${TERM:-}" in *color*|cygwin|linux|rxvt*|screen|[Eex]term*) start_red=$(printf '\033[31m') end_color=$(printf '\033[0m') From 4952e7a8d6792253b61ab2f94a8017e58ad38f1a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 09:27:40 +0000 Subject: [PATCH 0601/1059] Add explicit type cast to avoid truncation warning `mbedtls_rsa_deduce_primes` implicitly casts the result of a call to `mbedtls_mpi_lsb` to a `uint16_t`. This is safe because of the size of MPI's used in the library, but still may have compilers complain about it. This commit makes the cast explicit. --- library/rsa_internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index e28ca50b3f..507009f131 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -114,7 +114,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); - if( ( order = mbedtls_mpi_lsb( &T ) ) == 0 ) + if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 ) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; From e963efa1101aeb65cf1749c3a61e84e186519142 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 10:03:43 +0000 Subject: [PATCH 0602/1059] Don't limit RSA_NO_CRT test in all.sh to 64-bit systems Compilation and test for the `MBEDTLS_RSA_NO_CRT` option were previously guarded by a check for 64-bit systems, for which there is no reason. This commit moves both outside of the guard. --- tests/scripts/all.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 33c17e2d35..cfe305ffd0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -471,15 +471,6 @@ msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make -msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make - -msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" -make test - msg "build: gcc, force 32-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -592,6 +583,15 @@ msg "test: allow SHA1 in certificates by default" make test tests/ssl-opt.sh -f SHA-1 +msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_RSA_NO_CRT +CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make + +msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" +make test + msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs From 88683b2c6d82edf6ec146f813b79442d8e14a3f4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Jan 2018 18:26:54 +0000 Subject: [PATCH 0603/1059] Correct all.sh and config.h after merge commit - Adapt the change in all.sh to the new keep-going mode - Restore alphabetical order of configuration flags for alternative implementations in config.h and rebuild library/version_features.c --- include/mbedtls/config.h | 4 ++-- library/version_features.c | 12 ++++++------ tests/scripts/all.sh | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 5b2c4ada57..269085d320 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -269,16 +269,16 @@ //#define MBEDTLS_CCM_ALT //#define MBEDTLS_CMAC_ALT //#define MBEDTLS_DES_ALT -//#define MBEDTLS_RSA_ALT //#define MBEDTLS_GCM_ALT -//#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_RIPEMD160_ALT +//#define MBEDTLS_RSA_ALT //#define MBEDTLS_SHA1_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT +//#define MBEDTLS_XTEA_ALT /* * When replacing the elliptic curve module, pleace consider, that it is * implemented with two .c files: diff --git a/library/version_features.c b/library/version_features.c index cdb41616e9..71ec125456 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -105,15 +105,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ -#if defined(MBEDTLS_RSA_ALT) - "MBEDTLS_RSA_ALT", -#endif /* MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_GCM_ALT) "MBEDTLS_GCM_ALT", #endif /* MBEDTLS_GCM_ALT */ -#if defined(MBEDTLS_XTEA_ALT) - "MBEDTLS_XTEA_ALT", -#endif /* MBEDTLS_XTEA_ALT */ #if defined(MBEDTLS_MD2_ALT) "MBEDTLS_MD2_ALT", #endif /* MBEDTLS_MD2_ALT */ @@ -126,6 +120,9 @@ static const char *features[] = { #if defined(MBEDTLS_RIPEMD160_ALT) "MBEDTLS_RIPEMD160_ALT", #endif /* MBEDTLS_RIPEMD160_ALT */ +#if defined(MBEDTLS_RSA_ALT) + "MBEDTLS_RSA_ALT", +#endif /* MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_SHA1_ALT) "MBEDTLS_SHA1_ALT", #endif /* MBEDTLS_SHA1_ALT */ @@ -135,6 +132,9 @@ static const char *features[] = { #if defined(MBEDTLS_SHA512_ALT) "MBEDTLS_SHA512_ALT", #endif /* MBEDTLS_SHA512_ALT */ +#if defined(MBEDTLS_XTEA_ALT) + "MBEDTLS_XTEA_ALT", +#endif /* MBEDTLS_XTEA_ALT */ #if defined(MBEDTLS_ECP_ALT) "MBEDTLS_ECP_ALT", #endif /* MBEDTLS_ECP_ALT */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6ffd386874..b1d9add2b8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -771,7 +771,7 @@ msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make +make CC=gcc CFLAGS='-Werror -Wall -Werror -O0' msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" make test From efeef6cf03797cdfc729dc026341a1bae6cd7217 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 08:07:47 +0000 Subject: [PATCH 0604/1059] Correct typo in bignum.h --- include/mbedtls/bignum.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 456a804204..0b40015424 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -70,7 +70,7 @@ * Maximum size of MPIs allowed in bits and bytes for user-MPIs. * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits ) * - * Note: Calculations can results temporarily in larger MPIs. So the number + * Note: Calculations can temporarily result in larger MPIs. So the number * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher. */ #define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ From 895c5ab88e10d5de13e932eaeb6ba04651c76f8b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 08:08:09 +0000 Subject: [PATCH 0605/1059] Preserve old behavior by checking public key in RSA parsing function The function `pk_get_rsapubkey` originally performed some basic sanity checks (e.g. on the size of public exponent) on the parsed RSA public key by a call to `mbedtls_rsa_check_pubkey`. This check was dropped because it is not possible to thoroughly check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ). Still, for the sake of not silently changing existing behavior, this commit puts back the call to `mbedtls_rsa_check_pubkey`. --- library/pkparse.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 159b485ebc..f97d89ea14 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -543,8 +543,11 @@ static int pk_get_rsapubkey( unsigned char **p, *p += len; - if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) + if( mbedtls_rsa_complete( rsa ) != 0 || + mbedtls_rsa_check_pubkey( rsa ) != 0 ) + { return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + } if( *p != end ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + From 3a760a1857cc933512519616f4d6220c56c457bc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 08:14:49 +0000 Subject: [PATCH 0606/1059] Add size check for RSA modulus to `mbedtls_rsa_complete` The function `mbedtls_rsa_complete` is supposed to guarantee that RSA operations will complete without failure. In contrast, it does not ensure consistency of parameters, which is the task of the checking functions `rsa_check_pubkey` and `rsa_check_privkey`. Previously, the maximum allowed size of the RSA modulus was checked in `mbedtls_rsa_check_pubkey`. However, exceeding this size would lead to failure of some RSA operations, hence this check belongs to `mbedtls_rsa_complete` rather than `mbedtls_rsa_check_pubkey`. This commit moves it accordingly. --- library/rsa.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 7931673398..ad1ef6db24 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -146,8 +146,11 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, ((void) blinding_needed); #endif - if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) + if( ctx->len != mbedtls_mpi_size( &ctx->N ) || + ctx->len > MBEDTLS_MPI_MAX_SIZE ) + { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } /* * 1. Modular exponentiation needs positive, odd moduli. @@ -573,8 +576,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - if( mbedtls_mpi_bitlen( &ctx->N ) < 128 || - mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS ) + if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } From d485c319a518b27fd0c3f89ea1d041e3f964a512 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 13:03:53 +0000 Subject: [PATCH 0607/1059] Make small corrections to all.sh Correct gcc flags in !MBEDTLS_SSL_CLI_C test (preexisting) and build and test for RSA_NO_CRT in ASan mode. --- tests/scripts/all.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b1d9add2b8..b559af8e18 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -605,7 +605,7 @@ cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C -make CC=gcc CFLAGS='-Werror -Wall -Werror -O0' +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). @@ -767,11 +767,12 @@ msg "test: allow SHA1 in certificates by default" make test if_build_succeeded tests/ssl-opt.sh -f SHA-1 -msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" +msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_RSA_NO_CRT -make CC=gcc CFLAGS='-Werror -Wall -Werror -O0' +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" make test From 4e5d23fad792ebfcfcd1ef07c87abfab06c8fe4e Mon Sep 17 00:00:00 2001 From: Johannes H Date: Sat, 6 Jan 2018 09:46:57 +0100 Subject: [PATCH 0608/1059] corrected a typo in a comment --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 554348f1b4..acafb0504a 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -937,7 +937,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #endif /* - * We don't support compression with DTLS right now: is many records come + * We don't support compression with DTLS right now: if many records come * in the same datagram, uncompressing one could overwrite the next one. * We don't want to add complexity for handling that case unless there is * an actual need for it. From 239987fd31255e2f8dc0fb03541d311deae6ee51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 9 Jan 2018 10:43:43 +0100 Subject: [PATCH 0609/1059] Fix heap-buffer overread in ALPN ext parsing --- ChangeLog | 3 +++ library/ssl_srv.c | 42 +++++++++++++++++++++++++----------------- 2 files changed, 28 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3f5e56f9d4..ef5abb8bc1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,9 @@ Security corrupt 6 bytes on the peer's heap, potentially leading to crash or remote code execution. This can be triggered remotely from either side in both TLS and DTLS. + * Fix a potential heap buffer overread in ALPN extension parsing + (server-side). Could result in application crash, but only if an ALPN + name larger than 16 bytes had been configured on the server. Features * Allow comments in test data files. diff --git a/library/ssl_srv.c b/library/ssl_srv.c index de3ea80e32..85c3c30cad 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -603,33 +603,41 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, } /* - * Use our order of preference + * Validate peer's list (lengths) */ start = buf + 2; end = buf + len; + for( theirs = start; theirs != end; theirs += cur_len ) + { + cur_len = *theirs++; + + /* Current identifier must fit in list */ + if( cur_len > (size_t)( end - theirs ) ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* Empty strings MUST NOT be included */ + if( cur_len == 0 ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + } + + /* + * Use our order of preference + */ for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ ) { ours_len = strlen( *ours ); for( theirs = start; theirs != end; theirs += cur_len ) { - /* If the list is well formed, we should get equality first */ - if( theirs > end ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - cur_len = *theirs++; - /* Empty strings MUST NOT be included */ - if( cur_len == 0 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - if( cur_len == ours_len && memcmp( theirs, *ours, cur_len ) == 0 ) { From d569ecfc2c7531159548d96c2d964744c2940b91 Mon Sep 17 00:00:00 2001 From: nirekh01 Date: Tue, 9 Jan 2018 16:43:21 +0000 Subject: [PATCH 0610/1059] Add some corrections based on code review -Add the DHM_ALT in an alphabetical order -Close correctly the 'extern "C" { ...' --- include/mbedtls/config.h | 3 ++- include/mbedtls/dhm.h | 11 ++++++++++- library/version_features.c | 6 +++--- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f8594b841a..2aa4686d9f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -267,6 +267,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_DHM_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT @@ -275,7 +276,7 @@ //#define MBEDTLS_SHA1_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT -//#define MBEDTLS_DHM_ALT + /* * When replacing the elliptic curve module, pleace consider, that it is diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 40916c661f..f9725ab095 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -296,10 +296,19 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ -#else + +#ifdef __cplusplus +} +#endif + +#else /* MBEDTLS_DHM_ALT */ #include "dhm_alt.h" #endif /* MBEDTLS_DHM_ALT */ +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Checkup routine * diff --git a/library/version_features.c b/library/version_features.c index 000246edcd..48bd42bcd8 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -99,6 +99,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_DHM_ALT) + "MBEDTLS_DHM_ALT", +#endif /* MBEDTLS_DHM_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ @@ -123,9 +126,6 @@ static const char *features[] = { #if defined(MBEDTLS_SHA512_ALT) "MBEDTLS_SHA512_ALT", #endif /* MBEDTLS_SHA512_ALT */ -#if defined(MBEDTLS_DHM_ALT) - "MBEDTLS_DHM_ALT", -#endif /* MBEDTLS_DHM_ALT */ #if defined(MBEDTLS_ECP_ALT) "MBEDTLS_ECP_ALT", #endif /* MBEDTLS_ECP_ALT */ From d4d60579e4550d034a884d1a413942fbe36a8625 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jan 2018 07:12:01 +0000 Subject: [PATCH 0611/1059] Address issues found by coverity 1) `mbedtls_rsa_import_raw` used an uninitialized return value when it was called without any input parameters. While not sensible, this is allowed and should be a succeeding no-op. 2) The MPI test for prime generation missed a return value check for a call to `mbedtls_mpi_shift_r`. This is neither critical nor new but should be fixed. 3) Both the RSA keygeneration example program and the RSA test suites contained code initializing an RSA context after a potentially failing call to CTR DRBG initialization, leaving the corresponding RSA context free call in the cleanup section of the respective function orphaned. While this defect existed before, Coverity picked up on it again because of newly introduced MPI's that were also wrongly initialized only after the call to CTR DRBG init. The commit fixes both the old and the new issue by moving the initializtion of both the RSA context and all MPI's prior to the first potentially failing call. --- library/rsa.c | 2 +- programs/pkey/rsa_genkey.c | 9 ++++----- tests/suites/test_suite_mpi.function | 3 ++- tests/suites/test_suite_rsa.data | 3 +++ tests/suites/test_suite_rsa.function | 7 +++---- 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index ad1ef6db24..7e921fd545 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -104,7 +104,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char const *D, size_t D_len, unsigned char const *E, size_t E_len ) { - int ret; + int ret = 0; if( N != NULL ) { diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 3dae0a6c89..9399217612 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -71,6 +71,10 @@ int main( void ) const char *pers = "rsa_genkey"; mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); @@ -87,11 +91,6 @@ int main( void ) mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE ); fflush( stdout ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); - mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); - mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); - if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, EXPONENT ) ) != 0 ) { diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index b94c889801..6ae27af5b1 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -830,7 +830,8 @@ void mbedtls_mpi_gen_prime( int bits, int safe, int ref_ret ) TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); if( safe ) { - mbedtls_mpi_shift_r( &X, 1 ); /* X = ( X - 1 ) / 2 */ + /* X = ( X - 1 ) / 2 */ + TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); } } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 46046119d6..2747da7268 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -526,6 +526,9 @@ mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Import Raw (N,-,-,-,E), successive mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0:0:0 +RSA Import Raw (-,-,-,-,-) +mbedtls_rsa_import_raw:"":"":"":"":"":0:0:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + RSA Export (N,P,Q,D,E) mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 639bcb89dc..ee3516ad12 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -878,17 +878,16 @@ void mbedtls_rsa_import( int radix_N, char *input_N, const int have_E = ( strlen( input_E ) > 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); - mbedtls_rsa_init( &ctx, 0, 0 ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, strlen( pers ) ) == 0 ); + if( have_N ) TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); From adb0b2e935618e51e33346ccb278c8341f38ab08 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jan 2018 10:35:11 +0000 Subject: [PATCH 0612/1059] Update Visual Studio project files This commit updates the Visual Studio project file `visualc/VS2010/mbedTLS.vcxproj` to add the newly introduced `rsa_internal.h` and `rsa_internal.c`. --- visualc/VS2010/mbedTLS.vcxproj | 2 ++ 1 file changed, 2 insertions(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 65730cd413..f13f83cc16 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -199,6 +199,7 @@ + @@ -267,6 +268,7 @@ + From 997e2184c55c47bf5e89195de73a8259bca42486 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jan 2018 10:39:20 +0000 Subject: [PATCH 0613/1059] Adapt ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0061fe87d7..d81d596733 100644 --- a/ChangeLog +++ b/ChangeLog @@ -97,6 +97,10 @@ Bugfix * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. * Fix possible memory leaks in mbedtls_gcm_self_test(). * Added missing return code checks in mbedtls_aes_self_test(). + * Fix issues in RSA key generation program programs/x509/rsa_genkey and the + RSA test suite where the failure of CTR DRBG initialization lead to + freeing an RSA context and several MPI's without proper initialization + beforehand. Changes * Extend cert_write example program by options to set the CRT version From 91d49e8b6a8b361a9062df1d2208c547ffbdd215 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 11 Jan 2018 16:35:44 +0000 Subject: [PATCH 0614/1059] ChangeLog: Use Steven Cooreman's correct name --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 63ec7c8043..916ec663e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,7 +46,7 @@ Features * New unit tests for timing. Improve the self-test to be more robust when run on a heavily-loaded machine. * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT, - MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs. + MBEDTLS_CMAC_ALT). Submitted by Steven Cooreman, Silicon Labs. * Add support for alternative implementations of GCM, selected by the configuration flag MBEDTLS_GCM_ALT. * Add support for alternative implementations for ECDSA, controlled by new From 87ae197f3e63ba43b9d54639f38a9b66b86c51c5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 15 Jan 2018 15:27:56 +0000 Subject: [PATCH 0615/1059] Add explicit uint truncation casts This commit adds some explicit downcasts from `size_t` to `uint8_t` in the RSASSA signature encoding function `rsa_rsassa_pkcs1_v15_encode`. The truncation is safe as it has been checked beforehand that the respective values are in the range of a `uint8_t`. --- library/rsa.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index a171fa6d01..8c0d8c3603 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1628,17 +1628,17 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * TAG-OCTET + LEN [ HASH ] ] */ *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = 0x08 + oid_size + hashlen; + *p++ = (unsigned char)( 0x08 + oid_size + hashlen ); *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = 0x04 + oid_size; + *p++ = (unsigned char)( 0x04 + oid_size ); *p++ = MBEDTLS_ASN1_OID; - *p++ = oid_size; + *p++ = (unsigned char) oid_size; memcpy( p, oid, oid_size ); p += oid_size; *p++ = MBEDTLS_ASN1_NULL; *p++ = 0x00; *p++ = MBEDTLS_ASN1_OCTET_STRING; - *p++ = hashlen; + *p++ = (unsigned char) hashlen; memcpy( p, hash, hashlen ); p += hashlen; From 5098400d7118197189fa21172b5ce0ba0a9d4eb8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Jan 2018 08:01:37 +0100 Subject: [PATCH 0616/1059] Add ChangeLog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index d81d596733..a6fa6bbda7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -111,6 +111,8 @@ Changes used. Reported and fix proposed independently by satur9nine and sliai on GitHub. * Only run AES-192 self-test if AES-192 is available. Fixes #963. + * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the + undeclared dependency of the RSA module on the ASN.1 module. = mbed TLS 2.6.0 branch released 2017-08-10 From 952240985a7be2aff451395f3ff51a1ac932ad48 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 12 Dec 2017 23:44:55 +0200 Subject: [PATCH 0617/1059] Remove picocoin reference configuration Picocoin is no longer actively supported by the library, so the reference configuration used in testing has been removed. --- ChangeLog | 1 + configs/config-picocoin.h | 71 ------------------------------- tests/scripts/test-ref-configs.pl | 2 - 3 files changed, 1 insertion(+), 73 deletions(-) delete mode 100644 configs/config-picocoin.h diff --git a/ChangeLog b/ChangeLog index a6fa6bbda7..ab1ed29231 100644 --- a/ChangeLog +++ b/ChangeLog @@ -113,6 +113,7 @@ Changes * Only run AES-192 self-test if AES-192 is available. Fixes #963. * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. + * Removed support for the library reference configuration for picocoin. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/configs/config-picocoin.h b/configs/config-picocoin.h deleted file mode 100644 index 26b24a9e2a..0000000000 --- a/configs/config-picocoin.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Reduced configuration used by Picocoin. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -/* - * Reduced configuration used by Picocoin. - * - * See README.txt for usage instructions. - * - * Distinguishing features: - * - no SSL/TLS; - * - no X.509; - * - ECDSA/PK and some other chosen crypto bits. - */ - -#ifndef MBEDTLS_CONFIG_H -#define MBEDTLS_CONFIG_H - -/* System support */ -#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME - -/* mbed TLS feature support */ -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_PK_PARSE_EC_EXTENDED -#define MBEDTLS_ERROR_STRERROR_DUMMY -#define MBEDTLS_FS_IO - -/* mbed TLS modules */ -#define MBEDTLS_AESNI_C -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BASE64_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#define MBEDTLS_OID_C -#define MBEDTLS_PADLOCK_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_RIPEMD160_C -#define MBEDTLS_SHA1_C -#define MBEDTLS_SHA256_C - -#include "mbedtls/check_config.h" - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index a9a89f1ced..79bacd4663 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -23,8 +23,6 @@ my %configs = ( 'config-suite-b.h' => { 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", }, - 'config-picocoin.h' => { - }, 'config-ccm-psk-tls1_2.h' => { 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', }, From a0188d673046107df8c46e343c99dc4fc7ed4e44 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Fri, 19 Jan 2018 16:21:11 +0100 Subject: [PATCH 0618/1059] Have doxygen run in the doxygen directory When the Doxywizzard GUI is used and the doxyfile is loaded, the workind directory for doxygen is set to the location of the doxyfile. However the Make and CMake build systems expect doxygen to be ran from the top level directory. This commit unifies the build system and the Doxywizzard GUI so that all of them expect doxygen to be executed in the doxygen directory. --- CMakeLists.txt | 4 ++-- Makefile | 2 +- doxygen/mbedtls.doxyfile | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3e47224ea1..ca4cba2165 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -126,8 +126,8 @@ if(ENABLE_PROGRAMS) endif() ADD_CUSTOM_TARGET(apidoc - COMMAND doxygen doxygen/mbedtls.doxyfile - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) + COMMAND doxygen mbedtls.doxyfile + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen) if(ENABLE_TESTING) enable_testing() diff --git a/Makefile b/Makefile index d475868a71..c1f60511f5 100644 --- a/Makefile +++ b/Makefile @@ -103,7 +103,7 @@ lcov: apidoc: mkdir -p apidoc - doxygen doxygen/mbedtls.doxyfile + cd doxygen; doxygen mbedtls.doxyfile apidoc_clean: rm -rf apidoc diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 5df1c932db..0e148af3eb 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -54,7 +54,7 @@ PROJECT_LOGO = # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. -OUTPUT_DIRECTORY = apidoc/ +OUTPUT_DIRECTORY = ../apidoc/ # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output @@ -664,7 +664,7 @@ WARN_LOGFILE = # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = . +INPUT = .. # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is From 0d225daf7d19249e7aab0eada2baefa73c8e04f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Jan 2018 10:22:09 +0100 Subject: [PATCH 0619/1059] Increase waiting times compat.sh and ssl-opt.sh - Some of the CI machines don't have lsof installed yet, so rely on an sleeping an arbitrary number of seconds while the server starts. We're seeing occasional failures with the current delay because the CI machines are highly loaded, which seems to indicate the current delay is not quite enough, but hopefully not to far either, so double it. - While at it, also double the watchdog delay: while I don't remember seeing much failures due to client timeout, this change doesn't impact normal running time of the script, so better err on the safe side. These changes don't affect the test and should only affect the false positive rate coming from the test framework in those scripts. --- tests/compat.sh | 2 +- tests/ssl-opt.sh | 24 +++++++++++++++++++----- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 958d618542..ac1a175e1a 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -888,7 +888,7 @@ if type lsof >/dev/null 2>/dev/null; then } else wait_server_start() { - sleep 1 + sleep 2 } fi diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fa785a4f1e..d4e82aec94 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -656,14 +656,28 @@ fi # used by watchdog MAIN_PID="$$" -# be more patient with valgrind +# We use somewhat arbitrary delays for tests: +# - how long do we wait for the server to start (when lsof not available)? +# - how long do we allow for the client to finish? +# (not to check performance, just to avoid waiting indefinitely) +# Things are slower with valgrind, so give extra time here. +# +# Note: without lsof, there is a trade-off between the running time of this +# script and the risk of spurious errors because we didn't wait long enough. +# The watchdog delay on the other hand doesn't affect normal running time of +# the script, only the case where a client or server gets stuck. if [ "$MEMCHECK" -gt 0 ]; then - START_DELAY=3 - DOG_DELAY=30 + START_DELAY=6 + DOG_DELAY=60 else - START_DELAY=1 - DOG_DELAY=10 + START_DELAY=2 + DOG_DELAY=20 fi + +# some particular tests need more time: +# - for the client, we multiply the usual watchdog limit by a factor +# - for the server, we sleep for a number of seconds after the client exits +# see client_need_more_time() and server_needs_more_time() CLI_DELAY_FACTOR=1 SRV_DELAY_SECONDS=0 From 3c9e2b5004cf288af6c7a5f0b6223bd8c31e1ab6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jan 2018 12:38:15 +0100 Subject: [PATCH 0620/1059] wait_server_start: warn if lsof is not available If lsof is not available, wait_server_start uses a fixed timeout, which can trigger a race condition if the timeout turns out to be too short. Emit a warning so that we know this is going on from the test logs. --- tests/compat.sh | 1 + tests/ssl-opt.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index ac1a175e1a..672bdab784 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -887,6 +887,7 @@ if type lsof >/dev/null 2>/dev/null; then done } else + echo "Warning: lsof not available, wait_server_start = sleep" wait_server_start() { sleep 2 } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d4e82aec94..f13c38f681 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -308,6 +308,7 @@ if type lsof >/dev/null 2>/dev/null; then done } else + echo "Warning: lsof not available, wait_server_start = sleep $START_DELAY" wait_server_start() { sleep "$START_DELAY" } From 15932e0cbfd25ba044f0d38b24801829de7c1884 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 11:43:45 +0100 Subject: [PATCH 0621/1059] Fix typo in deprecation statement --- include/mbedtls/md2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 2a14b1002d..23145de46c 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -220,7 +220,7 @@ int mbedtls_md2_ext( const unsigned char *input, /** * \brief Output = MD2( input buffer ) * - * \deprecated Superseded by mbedtls_md2() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_ext() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data From 9e4f77c6068a633b18f439d8e06670826c54a1d5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 11:48:08 +0100 Subject: [PATCH 0622/1059] New MD API: rename functions from _ext to _ret The _ext suffix suggests "new arguments", but the new functions have the same arguments. Use _ret instead, to convey that the difference is that the new functions return a value. --- include/mbedtls/md2.h | 24 ++-- include/mbedtls/md4.h | 24 ++-- include/mbedtls/md5.h | 24 ++-- include/mbedtls/ripemd160.h | 24 ++-- include/mbedtls/sha1.h | 24 ++-- include/mbedtls/sha256.h | 24 ++-- include/mbedtls/sha512.h | 24 ++-- library/entropy.c | 32 ++--- library/md2.c | 16 +-- library/md4.c | 20 ++-- library/md5.c | 20 ++-- library/md_wrap.c | 64 +++++----- library/pem.c | 18 +-- library/ripemd160.c | 20 ++-- library/rsa.c | 2 +- library/sha1.c | 26 ++-- library/sha256.c | 26 ++-- library/sha512.c | 26 ++-- library/ssl_tls.c | 166 +++++++++++++------------- library/x509write_crt.c | 4 +- programs/hash/hello.c | 2 +- programs/pkey/dh_client.c | 4 +- programs/pkey/dh_server.c | 4 +- programs/pkey/ecdsa.c | 4 +- programs/test/benchmark.c | 12 +- tests/suites/test_suite_mdx.function | 8 +- tests/suites/test_suite_shax.function | 10 +- 27 files changed, 326 insertions(+), 326 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 23145de46c..0df6b36f46 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -86,7 +86,7 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, * * \return 0 if successful */ -int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ); +int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); /** * \brief MD2 process buffer @@ -97,7 +97,7 @@ int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ); * * \return 0 if successful */ -int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, +int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ); @@ -109,7 +109,7 @@ int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, * * \return 0 if successful */ -int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, +int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, unsigned char output[16] ); /** @@ -130,20 +130,20 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); /** * \brief MD2 context setup * - * \deprecated Superseded by mbedtls_md2_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( mbedtls_md2_context *ctx ) { - mbedtls_md2_starts_ext( ctx ); + mbedtls_md2_starts_ret( ctx ); } /** * \brief MD2 process buffer * - * \deprecated Superseded by mbedtls_md2_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_update_ret() in 2.5.0 * * \param ctx MD2 context * \param input buffer holding the data @@ -154,13 +154,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( const unsigned char *input, size_t ilen ) { - mbedtls_md2_update_ext( ctx, input, ilen ); + mbedtls_md2_update_ret( ctx, input, ilen ); } /** * \brief MD2 final digest * - * \deprecated Superseded by mbedtls_md2_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_finish_ret() in 2.5.0 * * \param ctx MD2 context * \param output MD2 checksum result @@ -169,7 +169,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) { - mbedtls_md2_finish_ext( ctx, output ); + mbedtls_md2_finish_ret( ctx, output ); } /** @@ -207,7 +207,7 @@ extern "C" { * \param ilen length of the input data * \param output MD2 checksum result */ -int mbedtls_md2_ext( const unsigned char *input, +int mbedtls_md2_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -220,7 +220,7 @@ int mbedtls_md2_ext( const unsigned char *input, /** * \brief Output = MD2( input buffer ) * - * \deprecated Superseded by mbedtls_md2_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -230,7 +230,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - mbedtls_md2_ext( input, ilen, output ); + mbedtls_md2_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index f5d335d8f5..acd09bd619 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -86,7 +86,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, * * \return 0 if successful */ -int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ); +int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); /** * \brief MD4 process buffer @@ -97,7 +97,7 @@ int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ); * * \return 0 if successful */ -int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, +int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ); @@ -109,7 +109,7 @@ int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, * * \return 0 if successful */ -int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, +int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, unsigned char output[16] ); /** @@ -132,20 +132,20 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, /** * \brief MD4 context setup * - * \deprecated Superseded by mbedtls_md4_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( mbedtls_md4_context *ctx ) { - mbedtls_md4_starts_ext( ctx ); + mbedtls_md4_starts_ret( ctx ); } /** * \brief MD4 process buffer * - * \deprecated Superseded by mbedtls_md4_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_update_ret() in 2.5.0 * * \param ctx MD4 context * \param input buffer holding the data @@ -156,13 +156,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( const unsigned char *input, size_t ilen ) { - mbedtls_md4_update_ext( ctx, input, ilen ); + mbedtls_md4_update_ret( ctx, input, ilen ); } /** * \brief MD4 final digest * - * \deprecated Superseded by mbedtls_md4_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_finish_ret() in 2.5.0 * * \param ctx MD4 context * \param output MD4 checksum result @@ -171,7 +171,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) { - mbedtls_md4_finish_ext( ctx, output ); + mbedtls_md4_finish_ret( ctx, output ); } /** @@ -213,7 +213,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_md4_ext( const unsigned char *input, +int mbedtls_md4_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -226,7 +226,7 @@ int mbedtls_md4_ext( const unsigned char *input, /** * \brief Output = MD4( input buffer ) * - * \deprecated Superseded by mbedtls_md4_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -236,7 +236,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - mbedtls_md4_ext( input, ilen, output ); + mbedtls_md4_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 5a7a00a6b0..18db8b7347 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -81,7 +81,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, * * \return 0 if successful */ -int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ); +int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); /** * \brief MD5 process buffer @@ -92,7 +92,7 @@ int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ); * * \return 0 if successful */ -int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, +int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); @@ -104,7 +104,7 @@ int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, * * \return 0 if successful */ -int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, +int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ); /** @@ -127,20 +127,20 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, /** * \brief MD5 context setup * - * \deprecated Superseded by mbedtls_md5_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( mbedtls_md5_context *ctx ) { - mbedtls_md5_starts_ext( ctx ); + mbedtls_md5_starts_ret( ctx ); } /** * \brief MD5 process buffer * - * \deprecated Superseded by mbedtls_md5_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_update_ret() in 2.5.0 * * \param ctx MD5 context * \param input buffer holding the data @@ -151,13 +151,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( const unsigned char *input, size_t ilen ) { - mbedtls_md5_update_ext( ctx, input, ilen ); + mbedtls_md5_update_ret( ctx, input, ilen ); } /** * \brief MD5 final digest * - * \deprecated Superseded by mbedtls_md5_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.5.0 * * \param ctx MD5 context * \param output MD5 checksum result @@ -166,7 +166,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) { - mbedtls_md5_finish_ext( ctx, output ); + mbedtls_md5_finish_ret( ctx, output ); } /** @@ -208,7 +208,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_md5_ext( const unsigned char *input, +int mbedtls_md5_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -221,7 +221,7 @@ int mbedtls_md5_ext( const unsigned char *input, /** * \brief Output = MD5( input buffer ) * - * \deprecated Superseded by mbedtls_md5_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -231,7 +231,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - mbedtls_md5_ext( input, ilen, output ); + mbedtls_md5_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 3186359887..ea679810eb 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -86,7 +86,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, * * \return 0 if successful */ -int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ); +int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ); /** * \brief RIPEMD-160 process buffer @@ -97,7 +97,7 @@ int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ); * * \return 0 if successful */ -int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, const unsigned char *input, size_t ilen ); @@ -109,7 +109,7 @@ int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, unsigned char output[20] ); /** @@ -132,20 +132,20 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, /** * \brief RIPEMD-160 context setup * - * \deprecated Superseded by mbedtls_ripemd160_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) { - mbedtls_ripemd160_starts_ext( ctx ); + mbedtls_ripemd160_starts_ret( ctx ); } /** * \brief RIPEMD-160 process buffer * - * \deprecated Superseded by mbedtls_ripemd160_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.5.0 * * \param ctx RIPEMD-160 context * \param input buffer holding the data @@ -156,13 +156,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( const unsigned char *input, size_t ilen ) { - mbedtls_ripemd160_update_ext( ctx, input, ilen ); + mbedtls_ripemd160_update_ret( ctx, input, ilen ); } /** * \brief RIPEMD-160 final digest * - * \deprecated Superseded by mbedtls_ripemd160_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.5.0 * * \param ctx RIPEMD-160 context * \param output RIPEMD-160 checksum result @@ -171,7 +171,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] ) { - mbedtls_ripemd160_finish_ext( ctx, output ); + mbedtls_ripemd160_finish_ret( ctx, output ); } /** @@ -213,7 +213,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_ripemd160_ext( const unsigned char *input, +int mbedtls_ripemd160_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ); @@ -226,7 +226,7 @@ int mbedtls_ripemd160_ext( const unsigned char *input, /** * \brief Output = RIPEMD-160( input buffer ) * - * \deprecated Superseded by mbedtls_ripemd160_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -237,7 +237,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160( size_t ilen, unsigned char output[20] ) { - mbedtls_ripemd160_ext( input, ilen, output ); + mbedtls_ripemd160_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index e18e6ac994..57bfea4e62 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -86,7 +86,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * * \return 0 if successful */ -int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ); +int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); /** * \brief SHA-1 process buffer @@ -97,7 +97,7 @@ int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ); * * \return 0 if successful */ -int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, +int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); @@ -109,7 +109,7 @@ int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, * * \return 0 if successful */ -int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, +int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ); /** @@ -132,20 +132,20 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, /** * \brief SHA-1 context setup * - * \deprecated Superseded by mbedtls_sha1_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) { - mbedtls_sha1_starts_ext( ctx ); + mbedtls_sha1_starts_ret( ctx ); } /** * \brief SHA-1 process buffer * - * \deprecated Superseded by mbedtls_sha1_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.5.0 * * \param ctx SHA-1 context * \param input buffer holding the data @@ -156,13 +156,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( const unsigned char *input, size_t ilen ) { - mbedtls_sha1_update_ext( ctx, input, ilen ); + mbedtls_sha1_update_ret( ctx, input, ilen ); } /** * \brief SHA-1 final digest * - * \deprecated Superseded by mbedtls_sha1_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.5.0 * * \param ctx SHA-1 context * \param output SHA-1 checksum result @@ -171,7 +171,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) { - mbedtls_sha1_finish_ext( ctx, output ); + mbedtls_sha1_finish_ret( ctx, output ); } /** @@ -213,7 +213,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_sha1_ext( const unsigned char *input, +int mbedtls_sha1_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ); @@ -226,7 +226,7 @@ int mbedtls_sha1_ext( const unsigned char *input, /** * \brief Output = SHA-1( input buffer ) * - * \deprecated Superseded by mbedtls_sha1_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -236,7 +236,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) { - mbedtls_sha1_ext( input, ilen, output ); + mbedtls_sha1_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 5fce7ee936..be5ef794f6 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -88,7 +88,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * * \return 0 if successful */ -int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); +int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); /** * \brief SHA-256 process buffer @@ -99,7 +99,7 @@ int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); * * \return 0 if successful */ -int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, +int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ); @@ -111,7 +111,7 @@ int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, * * \return 0 if successful */ -int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, +int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ); /** @@ -134,7 +134,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, /** * \brief SHA-256 context setup * - * \deprecated Superseded by mbedtls_sha256_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.5.0 * * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 @@ -143,13 +143,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { - mbedtls_sha256_starts_ext( ctx, is224 ); + mbedtls_sha256_starts_ret( ctx, is224 ); } /** * \brief SHA-256 process buffer * - * \deprecated Superseded by mbedtls_sha256_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.5.0 * * \param ctx SHA-256 context * \param input buffer holding the data @@ -160,13 +160,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( const unsigned char *input, size_t ilen ) { - mbedtls_sha256_update_ext( ctx, input, ilen ); + mbedtls_sha256_update_ret( ctx, input, ilen ); } /** * \brief SHA-256 final digest * - * \deprecated Superseded by mbedtls_sha256_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.5.0 * * \param ctx SHA-256 context * \param output SHA-224/256 checksum result @@ -175,7 +175,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) { - mbedtls_sha256_finish_ext( ctx, output ); + mbedtls_sha256_finish_ret( ctx, output ); } /** @@ -218,7 +218,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_sha256_ext( const unsigned char *input, +int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ); @@ -232,7 +232,7 @@ int mbedtls_sha256_ext( const unsigned char *input, /** * \brief Output = SHA-256( input buffer ) * - * \deprecated Superseded by mbedtls_sha256_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -245,7 +245,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256( unsigned char output[32], int is224 ) { - mbedtls_sha256_ext( input, ilen, output, is224 ); + mbedtls_sha256_ret( input, ilen, output, is224 ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 7cba3f63c5..0fadb4c3b4 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -88,7 +88,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * * \return 0 if successful */ -int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ); +int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); /** * \brief SHA-512 process buffer @@ -99,7 +99,7 @@ int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ); * * \return 0 if successful */ -int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, +int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ); @@ -111,7 +111,7 @@ int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, * * \return 0 if successful */ -int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, +int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ); /** @@ -134,7 +134,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, /** * \brief SHA-512 context setup * - * \deprecated Superseded by mbedtls_sha512_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.5.0 * * \param ctx context to be initialized * \param is384 0 = use SHA512, 1 = use SHA384 @@ -143,13 +143,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) { - mbedtls_sha512_starts_ext( ctx, is384 ); + mbedtls_sha512_starts_ret( ctx, is384 ); } /** * \brief SHA-512 process buffer * - * \deprecated Superseded by mbedtls_sha512_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.5.0 * * \param ctx SHA-512 context * \param input buffer holding the data @@ -160,13 +160,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( const unsigned char *input, size_t ilen ) { - mbedtls_sha512_update_ext( ctx, input, ilen ); + mbedtls_sha512_update_ret( ctx, input, ilen ); } /** * \brief SHA-512 final digest * - * \deprecated Superseded by mbedtls_sha512_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.5.0 * * \param ctx SHA-512 context * \param output SHA-384/512 checksum result @@ -175,7 +175,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ) { - mbedtls_sha512_finish_ext( ctx, output ); + mbedtls_sha512_finish_ret( ctx, output ); } /** @@ -218,7 +218,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_sha512_ext( const unsigned char *input, +int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ); @@ -232,7 +232,7 @@ int mbedtls_sha512_ext( const unsigned char *input, /** * \brief Output = SHA-512( input buffer ) * - * \deprecated Superseded by mbedtls_sha512_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -245,7 +245,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512( unsigned char output[64], int is384 ) { - mbedtls_sha512_ext( input, ilen, output, is384 ); + mbedtls_sha512_ret( input, ilen, output, is384 ); } #undef MBEDTLS_DEPRECATED diff --git a/library/entropy.c b/library/entropy.c index 45b2f2b579..20b24ff090 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -193,10 +193,10 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if( ( ret = mbedtls_sha512_ext( data, len, tmp, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 ) return( ret ); #else - if( ( ret = mbedtls_sha256_ext( data, len, tmp, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 ) return( ret ); #endif p = tmp; @@ -213,22 +213,22 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) return( ret ); else ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) + if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) return( ret ); - return( mbedtls_sha512_update_ext( &ctx->accumulator, p, use_len ) ); + return( mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len ) ); #else if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) return( ret ); else ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) + if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) return( ret ); - return( mbedtls_sha256_update_ext( &ctx->accumulator, p, use_len ) ); + return( mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len ) ); #endif } @@ -374,7 +374,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) * in a previous call to entropy_update(). If this is not guaranteed, the * code below will fail. */ - if( ( ret = mbedtls_sha512_finish_ext( &ctx->accumulator, buf ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 ) goto exit; /* @@ -382,20 +382,20 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) */ mbedtls_sha512_free( &ctx->accumulator ); mbedtls_sha512_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf, + if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) goto exit; /* * Perform second SHA-512 on entropy */ - if( ( ret = mbedtls_sha512_ext( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ) ) != 0 ) goto exit; #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - if( ( ret = mbedtls_sha256_finish_ext( &ctx->accumulator, buf ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 ) goto exit; /* @@ -403,16 +403,16 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) */ mbedtls_sha256_free( &ctx->accumulator ); mbedtls_sha256_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf, + if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) goto exit; /* * Perform second SHA-256 on entropy */ - if( ( ret = mbedtls_sha256_ext( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ) ) != 0 ) goto exit; #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ diff --git a/library/md2.c b/library/md2.c index 06d6ac288a..5028e8c586 100644 --- a/library/md2.c +++ b/library/md2.c @@ -105,7 +105,7 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, /* * MD2 context setup */ -int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ) +int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ) { memset( ctx->cksum, 0, 16 ); memset( ctx->state, 0, 46 ); @@ -156,7 +156,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) /* * MD2 process buffer */ -int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, +int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ) { @@ -190,7 +190,7 @@ int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, /* * MD2 final digest */ -int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, +int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, unsigned char output[16] ) { int ret; @@ -219,7 +219,7 @@ int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, /* * output = MD2( input buffer ) */ -int mbedtls_md2_ext( const unsigned char *input, +int mbedtls_md2_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -228,13 +228,13 @@ int mbedtls_md2_ext( const unsigned char *input, mbedtls_md2_init( &ctx ); - if( ( ret = mbedtls_md2_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md2_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md2_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -296,7 +296,7 @@ int mbedtls_md2_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD2 test #%d: ", i + 1 ); - ret = mbedtls_md2_ext( md2_test_str[i], md2_test_strlen[i], md2sum ); + ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum ); if( ret != 0 ) goto fail; diff --git a/library/md4.c b/library/md4.c index f5972eb63b..34a4b0e24e 100644 --- a/library/md4.c +++ b/library/md4.c @@ -98,7 +98,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, /* * MD4 context setup */ -int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ) +int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -222,7 +222,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, /* * MD4 process buffer */ -int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, +int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ) { @@ -284,7 +284,7 @@ static const unsigned char md4_padding[64] = /* * MD4 final digest */ -int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, +int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, unsigned char output[16] ) { int ret; @@ -302,11 +302,11 @@ int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - ret = mbedtls_md4_update_ext( ctx, (unsigned char *)md4_padding, padn ); + ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn ); if( ret != 0 ) return( ret ); - if( ( ret = mbedtls_md4_update_ext( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 ) return( ret ); @@ -323,7 +323,7 @@ int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, /* * output = MD4( input buffer ) */ -int mbedtls_md4_ext( const unsigned char *input, +int mbedtls_md4_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -332,13 +332,13 @@ int mbedtls_md4_ext( const unsigned char *input, mbedtls_md4_init( &ctx ); - if( ( ret = mbedtls_md4_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md4_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md4_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -400,7 +400,7 @@ int mbedtls_md4_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD4 test #%d: ", i + 1 ); - ret = mbedtls_md4_ext( md4_test_str[i], md4_test_strlen[i], md4sum ); + ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum ); if( ret != 0 ) goto fail; diff --git a/library/md5.c b/library/md5.c index 68a112ab78..8872dc467d 100644 --- a/library/md5.c +++ b/library/md5.c @@ -97,7 +97,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, /* * MD5 context setup */ -int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ) +int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -241,7 +241,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, /* * MD5 process buffer */ -int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, +int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) { @@ -300,7 +300,7 @@ static const unsigned char md5_padding[64] = /* * MD5 final digest */ -int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, +int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) { int ret; @@ -318,10 +318,10 @@ int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if( ( ret = mbedtls_md5_update_ext( ctx, md5_padding, padn ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( ctx, md5_padding, padn ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_md5_update_ext( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( ctx, msglen, 8 ) ) != 0 ) return( ret ); PUT_UINT32_LE( ctx->state[0], output, 0 ); @@ -337,7 +337,7 @@ int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, /* * output = MD5( input buffer ) */ -int mbedtls_md5_ext( const unsigned char *input, +int mbedtls_md5_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -346,13 +346,13 @@ int mbedtls_md5_ext( const unsigned char *input, mbedtls_md5_init( &ctx ); - if( ( ret = mbedtls_md5_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -413,7 +413,7 @@ int mbedtls_md5_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD5 test #%d: ", i + 1 ); - ret = mbedtls_md5_ext( md5_test_buf[i], md5_test_buflen[i], md5sum ); + ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum ); if( ret != 0 ) goto fail; diff --git a/library/md_wrap.c b/library/md_wrap.c index bfd492736c..32f0871976 100644 --- a/library/md_wrap.c +++ b/library/md_wrap.c @@ -73,18 +73,18 @@ static int md2_starts_wrap( void *ctx ) { - return( mbedtls_md2_starts_ext( (mbedtls_md2_context *) ctx ) ); + return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); } static int md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_md2_update_ext( (mbedtls_md2_context *) ctx, input, ilen ) ); + return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); } static int md2_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_md2_finish_ext( (mbedtls_md2_context *) ctx, output ) ); + return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); } static void *md2_ctx_alloc( void ) @@ -124,7 +124,7 @@ const mbedtls_md_info_t mbedtls_md2_info = { md2_starts_wrap, md2_update_wrap, md2_finish_wrap, - mbedtls_md2_ext, + mbedtls_md2_ret, md2_ctx_alloc, md2_ctx_free, md2_clone_wrap, @@ -137,18 +137,18 @@ const mbedtls_md_info_t mbedtls_md2_info = { static int md4_starts_wrap( void *ctx ) { - return( mbedtls_md4_starts_ext( (mbedtls_md4_context *) ctx ) ); + return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); } static int md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_md4_update_ext( (mbedtls_md4_context *) ctx, input, ilen ) ); + return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); } static int md4_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_md4_finish_ext( (mbedtls_md4_context *) ctx, output ) ); + return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); } static void *md4_ctx_alloc( void ) @@ -186,7 +186,7 @@ const mbedtls_md_info_t mbedtls_md4_info = { md4_starts_wrap, md4_update_wrap, md4_finish_wrap, - mbedtls_md4_ext, + mbedtls_md4_ret, md4_ctx_alloc, md4_ctx_free, md4_clone_wrap, @@ -199,18 +199,18 @@ const mbedtls_md_info_t mbedtls_md4_info = { static int md5_starts_wrap( void *ctx ) { - return( mbedtls_md5_starts_ext( (mbedtls_md5_context *) ctx ) ); + return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); } static int md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_md5_update_ext( (mbedtls_md5_context *) ctx, input, ilen ) ); + return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); } static int md5_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_md5_finish_ext( (mbedtls_md5_context *) ctx, output ) ); + return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); } static void *md5_ctx_alloc( void ) @@ -248,7 +248,7 @@ const mbedtls_md_info_t mbedtls_md5_info = { md5_starts_wrap, md5_update_wrap, md5_finish_wrap, - mbedtls_md5_ext, + mbedtls_md5_ret, md5_ctx_alloc, md5_ctx_free, md5_clone_wrap, @@ -261,19 +261,19 @@ const mbedtls_md_info_t mbedtls_md5_info = { static int ripemd160_starts_wrap( void *ctx ) { - return( mbedtls_ripemd160_starts_ext( (mbedtls_ripemd160_context *) ctx ) ); + return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); } static int ripemd160_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_ripemd160_update_ext( (mbedtls_ripemd160_context *) ctx, + return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, input, ilen ) ); } static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_ripemd160_finish_ext( (mbedtls_ripemd160_context *) ctx, + return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, output ) ); } @@ -313,7 +313,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { ripemd160_starts_wrap, ripemd160_update_wrap, ripemd160_finish_wrap, - mbedtls_ripemd160_ext, + mbedtls_ripemd160_ret, ripemd160_ctx_alloc, ripemd160_ctx_free, ripemd160_clone_wrap, @@ -326,19 +326,19 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { static int sha1_starts_wrap( void *ctx ) { - return( mbedtls_sha1_starts_ext( (mbedtls_sha1_context *) ctx ) ); + return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); } static int sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_sha1_update_ext( (mbedtls_sha1_context *) ctx, + return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, input, ilen ) ); } static int sha1_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_sha1_finish_ext( (mbedtls_sha1_context *) ctx, output ) ); + return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); } static void *sha1_ctx_alloc( void ) @@ -377,7 +377,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = { sha1_starts_wrap, sha1_update_wrap, sha1_finish_wrap, - mbedtls_sha1_ext, + mbedtls_sha1_ret, sha1_ctx_alloc, sha1_ctx_free, sha1_clone_wrap, @@ -393,26 +393,26 @@ const mbedtls_md_info_t mbedtls_sha1_info = { static int sha224_starts_wrap( void *ctx ) { - return( mbedtls_sha256_starts_ext( (mbedtls_sha256_context *) ctx, 1 ) ); + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); } static int sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_sha256_update_ext( (mbedtls_sha256_context *) ctx, + return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, input, ilen ) ); } static int sha224_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_sha256_finish_ext( (mbedtls_sha256_context *) ctx, + return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, output ) ); } static int sha224_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { - return( mbedtls_sha256_ext( input, ilen, output, 1 ) ); + return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); } static void *sha224_ctx_alloc( void ) @@ -460,13 +460,13 @@ const mbedtls_md_info_t mbedtls_sha224_info = { static int sha256_starts_wrap( void *ctx ) { - return( mbedtls_sha256_starts_ext( (mbedtls_sha256_context *) ctx, 0 ) ); + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); } static int sha256_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { - return( mbedtls_sha256_ext( input, ilen, output, 0 ) ); + return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); } const mbedtls_md_info_t mbedtls_sha256_info = { @@ -490,26 +490,26 @@ const mbedtls_md_info_t mbedtls_sha256_info = { static int sha384_starts_wrap( void *ctx ) { - return( mbedtls_sha512_starts_ext( (mbedtls_sha512_context *) ctx, 1 ) ); + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); } static int sha384_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_sha512_update_ext( (mbedtls_sha512_context *) ctx, + return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, input, ilen ) ); } static int sha384_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_sha512_finish_ext( (mbedtls_sha512_context *) ctx, + return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, output ) ); } static int sha384_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { - return( mbedtls_sha512_ext( input, ilen, output, 1 ) ); + return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); } static void *sha384_ctx_alloc( void ) @@ -557,13 +557,13 @@ const mbedtls_md_info_t mbedtls_sha384_info = { static int sha512_starts_wrap( void *ctx ) { - return( mbedtls_sha512_starts_ext( (mbedtls_sha512_context *) ctx, 0 ) ); + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); } static int sha512_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { - return( mbedtls_sha512_ext( input, ilen, output, 0 ) ); + return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); } const mbedtls_md_info_t mbedtls_sha512_info = { diff --git a/library/pem.c b/library/pem.c index dea6f99623..bbcfd9bb66 100644 --- a/library/pem.c +++ b/library/pem.c @@ -96,13 +96,13 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[ 0..15] = MD5(pwd || IV) */ - if( ( ret = mbedtls_md5_starts_ext( &md5_ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, pwd, pwdlen ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, iv, 8 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ext( &md5_ctx, md5sum ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) goto exit; if( keylen <= 16 ) @@ -116,15 +116,15 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */ - if( ( ret = mbedtls_md5_starts_ext( &md5_ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, md5sum, 16 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, pwd, pwdlen ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, iv, 8 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ext( &md5_ctx, md5sum ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) goto exit; use_len = 16; diff --git a/library/ripemd160.c b/library/ripemd160.c index 274a7c9c7e..260fee6868 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -96,7 +96,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, /* * RIPEMD-160 context setup */ -int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ) +int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -298,7 +298,7 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, /* * RIPEMD-160 process buffer */ -int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, const unsigned char *input, size_t ilen ) { @@ -358,7 +358,7 @@ static const unsigned char ripemd160_padding[64] = /* * RIPEMD-160 final digest */ -int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, unsigned char output[20] ) { int ret; @@ -376,11 +376,11 @@ int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - ret = mbedtls_ripemd160_update_ext( ctx, ripemd160_padding, padn ); + ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn ); if( ret != 0 ) return( ret ); - ret = mbedtls_ripemd160_update_ext( ctx, msglen, 8 ); + ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 ); if( ret != 0 ) return( ret ); @@ -396,7 +396,7 @@ int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, /* * output = RIPEMD-160( input buffer ) */ -int mbedtls_ripemd160_ext( const unsigned char *input, +int mbedtls_ripemd160_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ) { @@ -405,13 +405,13 @@ int mbedtls_ripemd160_ext( const unsigned char *input, mbedtls_ripemd160_init( &ctx ); - if( ( ret = mbedtls_ripemd160_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_ripemd160_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_ripemd160_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -479,7 +479,7 @@ int mbedtls_ripemd160_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); - ret = mbedtls_ripemd160_ext( ripemd160_test_str[i], + ret = mbedtls_ripemd160_ret( ripemd160_test_str[i], ripemd160_test_strlen[i], output ); if( ret != 0 ) goto fail; diff --git a/library/rsa.c b/library/rsa.c index ab0bd678d6..1909744a76 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2259,7 +2259,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " PKCS#1 data sign : " ); - if( mbedtls_sha1_ext( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) + if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); diff --git a/library/sha1.c b/library/sha1.c index 8d38950356..8432eba8bd 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -97,7 +97,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ) +int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -275,7 +275,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, /* * SHA-1 process buffer */ -int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, +int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) { @@ -333,7 +333,7 @@ static const unsigned char sha1_padding[64] = /* * SHA-1 final digest */ -int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, +int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) { int ret; @@ -351,9 +351,9 @@ int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if( ( ret = mbedtls_sha1_update_ext( ctx, sha1_padding, padn ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_sha1_update_ext( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); @@ -370,7 +370,7 @@ int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, /* * output = SHA-1( input buffer ) */ -int mbedtls_sha1_ext( const unsigned char *input, +int mbedtls_sha1_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ) { @@ -379,13 +379,13 @@ int mbedtls_sha1_ext( const unsigned char *input, mbedtls_sha1_init( &ctx ); - if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -440,7 +440,7 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); - if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) goto fail; if( i == 2 ) @@ -449,20 +449,20 @@ int mbedtls_sha1_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha1_update_ext( &ctx, buf, buflen ); + ret = mbedtls_sha1_update_ret( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } } else { - ret = mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i], + ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i], sha1_test_buflen[i] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha1_finish_ext( &ctx, sha1sum ) ) != 0 ) + if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 ) goto fail; if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) diff --git a/library/sha256.c b/library/sha256.c index b765697929..abcd64d134 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -100,7 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -243,7 +243,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, /* * SHA-256 process buffer */ -int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, +int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { @@ -301,7 +301,7 @@ static const unsigned char sha256_padding[64] = /* * SHA-256 final digest */ -int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, +int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) { int ret; @@ -319,10 +319,10 @@ int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if( ( ret = mbedtls_sha256_update_ext( ctx, sha256_padding, padn ) ) != 0 ) + if( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_sha256_update_ext( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); @@ -344,7 +344,7 @@ int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, /* * output = SHA-256( input buffer ) */ -int mbedtls_sha256_ext( const unsigned char *input, +int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ) @@ -354,13 +354,13 @@ int mbedtls_sha256_ext( const unsigned char *input, mbedtls_sha256_init( &ctx ); - if( ( ret = mbedtls_sha256_starts_ext( &ctx, is224 ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -449,7 +449,7 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - if( ( ret = mbedtls_sha256_starts_ext( &ctx, k ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -458,7 +458,7 @@ int mbedtls_sha256_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha256_update_ext( &ctx, buf, buflen ); + ret = mbedtls_sha256_update_ret( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } @@ -466,13 +466,13 @@ int mbedtls_sha256_self_test( int verbose ) } else { - ret = mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], + ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j], sha256_test_buflen[j] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha256_finish_ext( &ctx, sha256sum ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 ) goto fail; diff --git a/library/sha512.c b/library/sha512.c index d0faba9416..c99b6da950 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -114,7 +114,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ) +int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -274,7 +274,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, /* * SHA-512 process buffer */ -int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, +int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ) { @@ -335,7 +335,7 @@ static const unsigned char sha512_padding[128] = /* * SHA-512 final digest */ -int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, +int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) { int ret; @@ -353,10 +353,10 @@ int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, last = (size_t)( ctx->total[0] & 0x7F ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - if( ( ret = mbedtls_sha512_update_ext( ctx, sha512_padding, padn ) ) != 0 ) + if( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_sha512_update_ext( ctx, msglen, 16 ) ) != 0 ) + if( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) return( ret ); PUT_UINT64_BE( ctx->state[0], output, 0 ); @@ -380,7 +380,7 @@ int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, /* * output = SHA-512( input buffer ) */ -int mbedtls_sha512_ext( const unsigned char *input, +int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ) @@ -390,13 +390,13 @@ int mbedtls_sha512_ext( const unsigned char *input, mbedtls_sha512_init( &ctx ); - if( ( ret = mbedtls_sha512_starts_ext( &ctx, is384 ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -505,7 +505,7 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - if( ( ret = mbedtls_sha512_starts_ext( &ctx, k ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -514,20 +514,20 @@ int mbedtls_sha512_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha512_update_ext( &ctx, buf, buflen ); + ret = mbedtls_sha512_update_ret( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } } else { - ret = mbedtls_sha512_update_ext( &ctx, sha512_test_buf[j], + ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j], sha512_test_buflen[j] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha512_finish_ext( &ctx, sha512sum ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 ) goto fail; if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7bee4e8f55..4f9a084b87 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -244,24 +244,24 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, { memset( padding, (unsigned char) ('A' + i), 1 + i ); - if( ( ret = mbedtls_sha1_starts_ext( &sha1 ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ext( &sha1, padding, 1 + i ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ext( &sha1, secret, slen ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ext( &sha1, random, rlen ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_finish_ext( &sha1, sha1sum ) ) != 0 ) + if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_starts_ext( &md5 ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5, secret, slen ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5, sha1sum, 20 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ext( &md5, dstbuf + i * 16 ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 ) goto exit; } @@ -989,25 +989,25 @@ void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) memset( pad_1, 0x36, 48 ); memset( pad_2, 0x5C, 48 ); - mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update_ext( &md5, pad_1, 48 ); - mbedtls_md5_finish_ext( &md5, hash ); + mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); + mbedtls_md5_update_ret( &md5, pad_1, 48 ); + mbedtls_md5_finish_ret( &md5, hash ); - mbedtls_md5_starts_ext( &md5 ); - mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update_ext( &md5, pad_2, 48 ); - mbedtls_md5_update_ext( &md5, hash, 16 ); - mbedtls_md5_finish_ext( &md5, hash ); + mbedtls_md5_starts_ret( &md5 ); + mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); + mbedtls_md5_update_ret( &md5, pad_2, 48 ); + mbedtls_md5_update_ret( &md5, hash, 16 ); + mbedtls_md5_finish_ret( &md5, hash ); - mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update_ext( &sha1, pad_1, 40 ); - mbedtls_sha1_finish_ext( &sha1, hash + 16 ); + mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); + mbedtls_sha1_update_ret( &sha1, pad_1, 40 ); + mbedtls_sha1_finish_ret( &sha1, hash + 16 ); - mbedtls_sha1_starts_ext( &sha1 ); - mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update_ext( &sha1, pad_2, 40 ); - mbedtls_sha1_update_ext( &sha1, hash + 16, 20 ); - mbedtls_sha1_finish_ext( &sha1, hash + 16 ); + mbedtls_sha1_starts_ret( &sha1 ); + mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); + mbedtls_sha1_update_ret( &sha1, pad_2, 40 ); + mbedtls_sha1_update_ret( &sha1, hash + 16, 20 ); + mbedtls_sha1_finish_ret( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1033,8 +1033,8 @@ void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); - mbedtls_md5_finish_ext( &md5, hash ); - mbedtls_sha1_finish_ext( &sha1, hash + 16 ); + mbedtls_md5_finish_ret( &md5, hash ); + mbedtls_sha1_finish_ret( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1057,7 +1057,7 @@ void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - mbedtls_sha256_finish_ext( &sha256, hash ); + mbedtls_sha256_finish_ret( &sha256, hash ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1078,7 +1078,7 @@ void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - mbedtls_sha512_finish_ext( &sha512, hash ); + mbedtls_sha512_finish_ret( &sha512, hash ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -4854,15 +4854,15 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_starts_ext( &ssl->handshake->fin_md5 ); - mbedtls_sha1_starts_ext( &ssl->handshake->fin_sha1 ); + mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 ); + mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_starts_ext( &ssl->handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_starts_ext( &ssl->handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -4872,15 +4872,15 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -4890,8 +4890,8 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); } #endif @@ -4900,7 +4900,7 @@ static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); } #endif @@ -4908,7 +4908,7 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); } #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -4961,29 +4961,29 @@ static void ssl_calc_finished_ssl( memset( padbuf, 0x36, 48 ); - mbedtls_md5_update_ext( &md5, (const unsigned char *) sender, 4 ); - mbedtls_md5_update_ext( &md5, session->master, 48 ); - mbedtls_md5_update_ext( &md5, padbuf, 48 ); - mbedtls_md5_finish_ext( &md5, md5sum ); + mbedtls_md5_update_ret( &md5, (const unsigned char *) sender, 4 ); + mbedtls_md5_update_ret( &md5, session->master, 48 ); + mbedtls_md5_update_ret( &md5, padbuf, 48 ); + mbedtls_md5_finish_ret( &md5, md5sum ); - mbedtls_sha1_update_ext( &sha1, (const unsigned char *) sender, 4 ); - mbedtls_sha1_update_ext( &sha1, session->master, 48 ); - mbedtls_sha1_update_ext( &sha1, padbuf, 40 ); - mbedtls_sha1_finish_ext( &sha1, sha1sum ); + mbedtls_sha1_update_ret( &sha1, (const unsigned char *) sender, 4 ); + mbedtls_sha1_update_ret( &sha1, session->master, 48 ); + mbedtls_sha1_update_ret( &sha1, padbuf, 40 ); + mbedtls_sha1_finish_ret( &sha1, sha1sum ); memset( padbuf, 0x5C, 48 ); - mbedtls_md5_starts_ext( &md5 ); - mbedtls_md5_update_ext( &md5, session->master, 48 ); - mbedtls_md5_update_ext( &md5, padbuf, 48 ); - mbedtls_md5_update_ext( &md5, md5sum, 16 ); - mbedtls_md5_finish_ext( &md5, buf ); + mbedtls_md5_starts_ret( &md5 ); + mbedtls_md5_update_ret( &md5, session->master, 48 ); + mbedtls_md5_update_ret( &md5, padbuf, 48 ); + mbedtls_md5_update_ret( &md5, md5sum, 16 ); + mbedtls_md5_finish_ret( &md5, buf ); - mbedtls_sha1_starts_ext( &sha1 ); - mbedtls_sha1_update_ext( &sha1, session->master, 48 ); - mbedtls_sha1_update_ext( &sha1, padbuf , 40 ); - mbedtls_sha1_update_ext( &sha1, sha1sum, 20 ); - mbedtls_sha1_finish_ext( &sha1, buf + 16 ); + mbedtls_sha1_starts_ret( &sha1 ); + mbedtls_sha1_update_ret( &sha1, session->master, 48 ); + mbedtls_sha1_update_ret( &sha1, padbuf , 40 ); + mbedtls_sha1_update_ret( &sha1, sha1sum, 20 ); + mbedtls_sha1_finish_ret( &sha1, buf + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); @@ -5040,8 +5040,8 @@ static void ssl_calc_finished_tls( ? "client finished" : "server finished"; - mbedtls_md5_finish_ext( &md5, padbuf ); - mbedtls_sha1_finish_ext( &sha1, padbuf + 16 ); + mbedtls_md5_finish_ret( &md5, padbuf ); + mbedtls_sha1_finish_ret( &sha1, padbuf + 16 ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 36, buf, len ); @@ -5092,7 +5092,7 @@ static void ssl_calc_finished_tls_sha256( ? "client finished" : "server finished"; - mbedtls_sha256_finish_ext( &sha256, padbuf ); + mbedtls_sha256_finish_ret( &sha256, padbuf ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 32, buf, len ); @@ -5141,7 +5141,7 @@ static void ssl_calc_finished_tls_sha384( ? "client finished" : "server finished"; - mbedtls_sha512_finish_ext( &sha512, padbuf ); + mbedtls_sha512_finish_ret( &sha512, padbuf ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 48, buf, len ); @@ -5455,17 +5455,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) defined(MBEDTLS_SSL_PROTO_TLS1_1) mbedtls_md5_init( &handshake->fin_md5 ); mbedtls_sha1_init( &handshake->fin_sha1 ); - mbedtls_md5_starts_ext( &handshake->fin_md5 ); - mbedtls_sha1_starts_ext( &handshake->fin_sha1 ); + mbedtls_md5_starts_ret( &handshake->fin_md5 ); + mbedtls_sha1_starts_ret( &handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) mbedtls_sha256_init( &handshake->fin_sha256 ); - mbedtls_sha256_starts_ext( &handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts_ext( &handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -8095,49 +8095,49 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, * SHA(ClientHello.random + ServerHello.random * + ServerParams); */ - if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret ); goto exit; } - if( ( ret = mbedtls_md5_update_ext( &mbedtls_md5, + if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, ssl->handshake->randbytes, 64 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); goto exit; } - if( ( ret = mbedtls_md5_update_ext( &mbedtls_md5, data, data_len ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); goto exit; } - if( ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, output ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret ); goto exit; } - if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret ); goto exit; } - if( ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, + if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, ssl->handshake->randbytes, 64 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); goto exit; } - if( ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, data, + if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data, data_len ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); goto exit; } - if( ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, + if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1, output + 16 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret ); goto exit; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 3ec55a5acb..41dfe87b75 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -177,7 +177,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); - ret = mbedtls_sha1_ext( buf + sizeof( buf ) - len, len, + ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); if( ret != 0 ) return( ret ); @@ -202,7 +202,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); - ret = mbedtls_sha1_ext( buf + sizeof( buf ) - len, len, + ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); if( ret != 0 ) return( ret ); diff --git a/programs/hash/hello.c b/programs/hash/hello.c index a0c08c7342..2e8c2244d7 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -54,7 +54,7 @@ int main( void ) mbedtls_printf( "\n MD5('%s') = ", str ); - if( ( ret = mbedtls_md5_ext( (unsigned char *) str, 13, digest ) ) != 0 ) + if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 ) return( MBEDTLS_EXIT_FAILURE ); for( i = 0; i < 16; i++ ) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 21c4a815fb..0978408c1c 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -212,9 +212,9 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_sha1_ext( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) + if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha1_ext returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index f1d3be3636..4d8632bf96 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -217,9 +217,9 @@ int main( void ) /* * 5. Sign the parameters and send them */ - if( ( ret = mbedtls_sha1_ext( buf, n, hash ) ) != 0 ) + if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha1_ext returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); goto exit; } diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index ecb6c2230d..b47406010d 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -163,9 +163,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Computing message hash..." ); fflush( stdout ); - if( ( ret = mbedtls_sha256_ext( message, sizeof( message ), hash, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256_ret( message, sizeof( message ), hash, 0 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha256_ext returned %d\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha256_ret returned %d\n", ret ); goto exit; } diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 539d9addad..419557de5e 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -327,32 +327,32 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MD4_C) if( todo.md4 ) - TIME_AND_TSC( "MD4", mbedtls_md4_ext( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_MD5_C) if( todo.md5 ) - TIME_AND_TSC( "MD5", mbedtls_md5_ext( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) if( todo.ripemd160 ) - TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ext( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA1_C) if( todo.sha1 ) - TIME_AND_TSC( "SHA-1", mbedtls_sha1_ext( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA256_C) if( todo.sha256 ) - TIME_AND_TSC( "SHA-256", mbedtls_sha256_ext( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_SHA512_C) if( todo.sha512 ) - TIME_AND_TSC( "SHA-512", mbedtls_sha512_ext( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_ARC4_C) diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 387e7eeb78..648a9cc35d 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -19,7 +19,7 @@ void md2_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md2_ext( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; hexify( hash_str, output, sizeof output ); @@ -41,7 +41,7 @@ void md4_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md4_ext( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); @@ -63,7 +63,7 @@ void md5_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md5_ext( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); @@ -85,7 +85,7 @@ void ripemd160_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_ripemd160_ext( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index b6f8f510cb..d704b388b8 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -18,7 +18,7 @@ void mbedtls_sha1( char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha1_ext( src_str, src_len, output ) == 0 ); + TEST_ASSERT( mbedtls_sha1_ret( src_str, src_len, output ) == 0 ); hexify( hash_str, output, 20 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -39,7 +39,7 @@ void sha224(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha256_ext( src_str, src_len, output, 1 ) == 0 ); + TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 1 ) == 0 ); hexify( hash_str, output, 28 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -60,7 +60,7 @@ void mbedtls_sha256(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha256_ext( src_str, src_len, output, 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 0 ) == 0 ); hexify( hash_str, output, 32 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -81,7 +81,7 @@ void sha384(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha512_ext( src_str, src_len, output, 1 ) == 0 ); + TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 1 ) == 0 ); hexify( hash_str, output, 48 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -102,7 +102,7 @@ void mbedtls_sha512(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha512_ext( src_str, src_len, output, 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 0 ) == 0 ); hexify( hash_str, output, 64 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); From 3e28d70813542d32ff398cd9ce608086df95826b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 12:18:59 +0100 Subject: [PATCH 0623/1059] New MD API: update version number in deprecation statements --- include/mbedtls/md2.h | 10 +++++----- include/mbedtls/md4.h | 10 +++++----- include/mbedtls/md5.h | 10 +++++----- include/mbedtls/ripemd160.h | 10 +++++----- include/mbedtls/sha1.h | 10 +++++----- include/mbedtls/sha256.h | 10 +++++----- include/mbedtls/sha512.h | 10 +++++----- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 0df6b36f46..925c69ddef 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -130,7 +130,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); /** * \brief MD2 context setup * - * \deprecated Superseded by mbedtls_md2_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -143,7 +143,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( /** * \brief MD2 process buffer * - * \deprecated Superseded by mbedtls_md2_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_update_ret() in 2.7.0 * * \param ctx MD2 context * \param input buffer holding the data @@ -160,7 +160,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( /** * \brief MD2 final digest * - * \deprecated Superseded by mbedtls_md2_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_finish_ret() in 2.7.0 * * \param ctx MD2 context * \param output MD2 checksum result @@ -175,7 +175,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( /** * \brief MD2 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_md2_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md2_process() in 2.7.0 * * \param ctx MD2 context */ @@ -220,7 +220,7 @@ int mbedtls_md2_ret( const unsigned char *input, /** * \brief Output = MD2( input buffer ) * - * \deprecated Superseded by mbedtls_md2_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index acd09bd619..f9341a856b 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -132,7 +132,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, /** * \brief MD4 context setup * - * \deprecated Superseded by mbedtls_md4_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -145,7 +145,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( /** * \brief MD4 process buffer * - * \deprecated Superseded by mbedtls_md4_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_update_ret() in 2.7.0 * * \param ctx MD4 context * \param input buffer holding the data @@ -162,7 +162,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( /** * \brief MD4 final digest * - * \deprecated Superseded by mbedtls_md4_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_finish_ret() in 2.7.0 * * \param ctx MD4 context * \param output MD4 checksum result @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( /** * \brief MD4 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_md4_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md4_process() in 2.7.0 * * \param ctx MD4 context * \param data buffer holding one block of data @@ -226,7 +226,7 @@ int mbedtls_md4_ret( const unsigned char *input, /** * \brief Output = MD4( input buffer ) * - * \deprecated Superseded by mbedtls_md4_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 18db8b7347..4f8c92197f 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -127,7 +127,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, /** * \brief MD5 context setup * - * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -140,7 +140,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( /** * \brief MD5 process buffer * - * \deprecated Superseded by mbedtls_md5_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0 * * \param ctx MD5 context * \param input buffer holding the data @@ -157,7 +157,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( /** * \brief MD5 final digest * - * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0 * * \param ctx MD5 context * \param output MD5 checksum result @@ -172,7 +172,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( /** * \brief MD5 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_md5_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md5_process() in 2.7.0 * * \param ctx MD5 context * \param data buffer holding one block of data @@ -221,7 +221,7 @@ int mbedtls_md5_ret( const unsigned char *input, /** * \brief Output = MD5( input buffer ) * - * \deprecated Superseded by mbedtls_md5_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index ea679810eb..ad548d302e 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -132,7 +132,7 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, /** * \brief RIPEMD-160 context setup * - * \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -145,7 +145,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( /** * \brief RIPEMD-160 process buffer * - * \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.7.0 * * \param ctx RIPEMD-160 context * \param input buffer holding the data @@ -162,7 +162,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( /** * \brief RIPEMD-160 final digest * - * \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0 * * \param ctx RIPEMD-160 context * \param output RIPEMD-160 checksum result @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( /** * \brief RIPEMD-160 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.7.0 * * \param ctx RIPEMD-160 context * \param data buffer holding one block of data @@ -226,7 +226,7 @@ int mbedtls_ripemd160_ret( const unsigned char *input, /** * \brief Output = RIPEMD-160( input buffer ) * - * \deprecated Superseded by mbedtls_ripemd160_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 57bfea4e62..03c474bc6f 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -132,7 +132,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, /** * \brief SHA-1 context setup * - * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -145,7 +145,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( /** * \brief SHA-1 process buffer * - * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0 * * \param ctx SHA-1 context * \param input buffer holding the data @@ -162,7 +162,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( /** * \brief SHA-1 final digest * - * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0 * * \param ctx SHA-1 context * \param output SHA-1 checksum result @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( /** * \brief SHA-1 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0 * * \param ctx SHA-1 context * \param data buffer holding one block of data @@ -226,7 +226,7 @@ int mbedtls_sha1_ret( const unsigned char *input, /** * \brief Output = SHA-1( input buffer ) * - * \deprecated Superseded by mbedtls_sha1_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index be5ef794f6..9c52f781c7 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -134,7 +134,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, /** * \brief SHA-256 context setup * - * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0 * * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 @@ -149,7 +149,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( /** * \brief SHA-256 process buffer * - * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0 * * \param ctx SHA-256 context * \param input buffer holding the data @@ -166,7 +166,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( /** * \brief SHA-256 final digest * - * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0 * * \param ctx SHA-256 context * \param output SHA-224/256 checksum result @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( /** * \brief SHA-256 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0 * * \param ctx SHA-256 context * \param data buffer holding one block of data @@ -232,7 +232,7 @@ int mbedtls_sha256_ret( const unsigned char *input, /** * \brief Output = SHA-256( input buffer ) * - * \deprecated Superseded by mbedtls_sha256_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 0fadb4c3b4..7e2fcc592d 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -134,7 +134,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, /** * \brief SHA-512 context setup * - * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0 * * \param ctx context to be initialized * \param is384 0 = use SHA512, 1 = use SHA384 @@ -149,7 +149,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( /** * \brief SHA-512 process buffer * - * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0 * * \param ctx SHA-512 context * \param input buffer holding the data @@ -166,7 +166,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( /** * \brief SHA-512 final digest * - * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0 * * \param ctx SHA-512 context * \param output SHA-384/512 checksum result @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( /** * \brief SHA-512 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0 * * \param ctx SHA-512 context * \param data buffer holding one block of data @@ -232,7 +232,7 @@ int mbedtls_sha512_ret( const unsigned char *input, /** * \brief Output = SHA-512( input buffer ) * - * \deprecated Superseded by mbedtls_sha512_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data From 744a4ac6726a0ee18c3c160748c235cdeff0a202 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Mon, 22 Jan 2018 13:38:31 +0100 Subject: [PATCH 0624/1059] Run doxygen only if the doxygen directory exists --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c1f60511f5..c18b99b2f4 100644 --- a/Makefile +++ b/Makefile @@ -103,7 +103,7 @@ lcov: apidoc: mkdir -p apidoc - cd doxygen; doxygen mbedtls.doxyfile + cd doxygen && doxygen mbedtls.doxyfile apidoc_clean: rm -rf apidoc From 64c3703d1318888211ed15fb4c8c8a342c8329bc Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Mon, 22 Jan 2018 14:32:06 +0100 Subject: [PATCH 0625/1059] Adjust exclusion list to the new working directory --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 0e148af3eb..d5b3abe750 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -696,7 +696,7 @@ RECURSIVE = YES # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = configs yotta/module +EXCLUDE = ../configs ../yotta/module # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded From 0a96910e5505d75a4dc32c09dc99e500063b4b44 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 14:55:20 +0100 Subject: [PATCH 0626/1059] MD API deprecation: ChangeLog updates Use the updated names for the new functions (xxx_ret instead of xxx_ext). List the new deprecations in the appropriate sections. Credit the independent report of the misuse of zeroizing to reset a hash context in entropy.c. --- ChangeLog | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 31b6f98c45..e60ca14d98 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,11 @@ New deprecations (e.g., signing with a public key). * Direct manipulation of structure fields of RSA contexts is deprecated. Users are advised to use the extended RSA API instead. + * Deprecate usage of message digest functions that return void + (mbedtls__starts, mbedtls__update, + mbedtls__finish and mbedtls__process where is + any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions + that can return an error code. API Changes * Extend RSA interface by multiple functions allowing structure- @@ -51,19 +56,14 @@ API Changes purpose or CRT and/or blinding. * The configuration option MBEDTLS_RSA_ALT can be used to define alternative implementations of the RSA interface declared in rsa.h. - * The following functions in the MD2, MD4, MD5, SHA1, SHA256 and SHA512 - modules have been deprecated and replaced as shown below. The new - functions change the return type from void to int to allow returning error - codes when using MBEDTLS__ALT. - mbedtls__starts() -> mbedtls__starts_ext() - mbedtls__update() -> mbedtls__update_ext() - mbedtls__finish() -> mbedtls__finish_ext() + * The following functions in the message digest modules (MD2, MD4, MD5, + SHA1, SHA256, SHA512) have been deprecated and replaced as shown below. + The new functions change the return type from void to int to allow + returning error codes when using MBEDTLS__ALT. + mbedtls__starts() -> mbedtls__starts_ret() + mbedtls__update() -> mbedtls__update_ret() + mbedtls__finish() -> mbedtls__finish_ret() mbedtls__process() -> mbedtls_internal__process() - The type of the function pointers in the mbedtls_md_info_t struct have - also been modified taking into account the functions return code. Every - usage of the deprecated functions was updated. Furthermore, the MD return - codes are checked for error after every usage, except in the ssl_tls.c - module. Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records @@ -118,8 +118,9 @@ Bugfix mbedtls_sha512_starts() in the mbedtls_entropy_init() function. * Fix the entropy.c module to ensure that mbedtls_sha256_init() or mbedtls_sha512_init() is called before operating on the relevant context - structure. Also, ensure that message digest contexts are freed when - calling mbedtls_entropy_free(). + structure. Do not assume that zeroizing a context is a correct way to + reset it. Found independently by ccli8 on Github. + * In mbedtls_entropy_free(), properly free the message digest context. Changes * Extend cert_write example program by options to set the CRT version @@ -132,6 +133,10 @@ Changes * Only run AES-192 self-test if AES-192 is available. Fixes #963. * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. + * Update all internal usage of deprecated message digest functions to the + new ones with return codes. In particular, this modifies the + mbedtls_md_info_t structure. Propagate errors from these functions + everywhere except some locations in the ssl_tls.c module. = mbed TLS 2.6.0 branch released 2017-08-10 From 5e9f14d4d988222aacb49b8eb15eedd266e9f147 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 28 May 2017 10:46:38 +0300 Subject: [PATCH 0627/1059] Set correct minimal versions in default conf Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1` --- ChangeLog | 26 +++++++++++++++----------- include/mbedtls/ssl_internal.h | 3 +++ library/ssl_tls.c | 10 ++++++++-- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index a6fa6bbda7..6dab645dc3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,17 +41,6 @@ New deprecations * Direct manipulation of structure fields of RSA contexts is deprecated. Users are advised to use the extended RSA API instead. -API Changes - * Extend RSA interface by multiple functions allowing structure- - independent setup and export of RSA contexts. Most notably, - mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting - up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup private RSA - contexts from keys consisting of N,D,E only, even if P,Q are needed for the - purpose or CRT and/or blinding. - * The configuration option MBEDTLS_RSA_ALT can be used to define alternative - implementations of the RSA interface declared in rsa.h. - Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. @@ -101,6 +90,10 @@ Bugfix RSA test suite where the failure of CTR DRBG initialization lead to freeing an RSA context and several MPI's without proper initialization beforehand. + * Fix setting version TLSv1 as minimal version, even if TLS 1 + is not enabled. Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` + and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead + of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1` Changes * Extend cert_write example program by options to set the CRT version @@ -114,6 +107,17 @@ Changes * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. +API Changes + * Extend RSA interface by multiple functions allowing structure- + independent setup and export of RSA contexts. Most notably, + mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting + up RSA contexts from partial key material and having them completed to the + needs of the implementation automatically. This allows to setup private RSA + contexts from keys consisting of N,D,E only, even if P,Q are needed for the + purpose or CRT and/or blinding. + * The configuration option MBEDTLS_RSA_ALT can be used to define alternative + implementations of the RSA interface declared in rsa.h. + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 756360b181..56e376b881 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -69,6 +69,9 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */ +#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 +#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 + /* Determine maximum supported version */ #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2690e46730..bc98708f66 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7602,8 +7602,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, * Default */ default: - conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; - conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */ + conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION > + MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ? + MBEDTLS_SSL_MIN_MAJOR_VERSION : + MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION; + conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION > + MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ? + MBEDTLS_SSL_MIN_MINOR_VERSION : + MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; From 980d203a6bcbe9e7cbc7f0022935f5dba21646f0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 23:10:53 +0100 Subject: [PATCH 0628/1059] Add ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index e7abd5ce60..38704bc506 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,7 @@ Bugfix * Fix leap year calculation in x509_date_is_valid() to ensure that invalid dates on leap years with 100 and 400 intervals are handled correctly. Found by Nicholas Wilson. #694 + * Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue. = mbed TLS 2.6.0 branch released 2017-08-10 From 26faa116305e675534d60263ec332713889abbeb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 23:13:22 +0100 Subject: [PATCH 0629/1059] Add ChangeLog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2f0116bcfc..99fb85dead 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,8 @@ Bugfix Vranken. * Fix a numerical underflow leading to stack overflow in mpi_read_file() that was triggered uppon reading an empty line. Found by Guido Vranken. + * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c. + Found and fixed by Martijn de Milliano. Changes * Send fatal alerts in more cases. The previous behaviour was to skip From 7a0c6b8e954a993386d349817cb055c59520f614 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 23:16:52 +0100 Subject: [PATCH 0630/1059] Add ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index d64f11e4c2..24b655cf72 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,7 @@ Changes * Extend cert_write example program by options to set the CRT version and the message digest. Further, allow enabling/disabling of authority identifier, subject identifier and basic constraints extensions. + * Add mechanism to provide alternative implementation of the DHM module. New deprecations * Deprecate usage of RSA primitives with non-matching key-type From 2840f945d29d164d6a882ea3a5250448acb6180c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2018 11:57:19 +0100 Subject: [PATCH 0631/1059] Add definition of inline in md5.h --- include/mbedtls/md5.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 4f8c92197f..bbfcae158c 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -36,6 +36,11 @@ // Regular implementation // +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #ifdef __cplusplus extern "C" { #endif From a40a101e26ffc1aacf55e471d48a26a9799278f6 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 5 Jan 2018 15:33:17 +0000 Subject: [PATCH 0632/1059] Update Doxygen file blocks to remove copyright and license information --- configs/config-ccm-psk-tls1_2.h | 7 +++++-- configs/config-mini-tls1_1.h | 7 +++++-- configs/config-no-entropy.h | 5 ++++- configs/config-picocoin.h | 7 +++++-- configs/config-suite-b.h | 7 +++++-- configs/config-thread.h | 7 +++++-- include/mbedtls/aes.h | 3 ++- include/mbedtls/aesni.h | 3 ++- include/mbedtls/arc4.h | 3 ++- include/mbedtls/asn1.h | 3 ++- include/mbedtls/asn1write.h | 3 ++- include/mbedtls/base64.h | 3 ++- include/mbedtls/bignum.h | 5 +++-- include/mbedtls/blowfish.h | 3 ++- include/mbedtls/bn_mul.h | 5 +++-- include/mbedtls/camellia.h | 3 ++- include/mbedtls/ccm.h | 3 ++- include/mbedtls/certs.h | 3 ++- include/mbedtls/check_config.h | 3 ++- include/mbedtls/cipher.h | 3 ++- include/mbedtls/cipher_internal.h | 3 ++- include/mbedtls/cmac.h | 3 ++- include/mbedtls/compat-1.3.h | 3 ++- include/mbedtls/config.h | 3 ++- include/mbedtls/ctr_drbg.h | 3 ++- include/mbedtls/debug.h | 3 ++- include/mbedtls/des.h | 3 ++- include/mbedtls/dhm.h | 3 ++- include/mbedtls/ecdh.h | 3 ++- include/mbedtls/ecdsa.h | 3 ++- include/mbedtls/ecjpake.h | 3 ++- include/mbedtls/ecp.h | 3 ++- include/mbedtls/ecp_internal.h | 3 ++- include/mbedtls/entropy.h | 3 ++- include/mbedtls/entropy_poll.h | 3 ++- include/mbedtls/error.h | 3 ++- include/mbedtls/gcm.h | 3 ++- include/mbedtls/havege.h | 3 ++- include/mbedtls/hmac_drbg.h | 3 ++- include/mbedtls/md.h | 3 ++- include/mbedtls/md2.h | 3 ++- include/mbedtls/md4.h | 3 ++- include/mbedtls/md5.h | 3 ++- include/mbedtls/md_internal.h | 3 ++- include/mbedtls/memory_buffer_alloc.h | 3 ++- include/mbedtls/net.h | 5 +++-- include/mbedtls/net_sockets.h | 3 ++- include/mbedtls/oid.h | 3 ++- include/mbedtls/padlock.h | 3 ++- include/mbedtls/pem.h | 3 ++- include/mbedtls/pk.h | 3 ++- include/mbedtls/pk_internal.h | 5 +++-- include/mbedtls/pkcs11.h | 3 ++- include/mbedtls/pkcs12.h | 3 ++- include/mbedtls/pkcs5.h | 3 ++- include/mbedtls/platform.h | 3 ++- include/mbedtls/platform_time.h | 3 ++- include/mbedtls/ripemd160.h | 3 ++- include/mbedtls/rsa.h | 3 ++- include/mbedtls/rsa_internal.h | 3 ++- include/mbedtls/sha1.h | 3 ++- include/mbedtls/sha256.h | 3 ++- include/mbedtls/sha512.h | 3 ++- include/mbedtls/ssl.h | 3 ++- include/mbedtls/ssl_cache.h | 3 ++- include/mbedtls/ssl_ciphersuites.h | 3 ++- include/mbedtls/ssl_cookie.h | 3 ++- include/mbedtls/ssl_internal.h | 5 +++-- include/mbedtls/ssl_ticket.h | 3 ++- include/mbedtls/threading.h | 3 ++- include/mbedtls/timing.h | 3 ++- include/mbedtls/version.h | 3 ++- include/mbedtls/x509.h | 3 ++- include/mbedtls/x509_crl.h | 3 ++- include/mbedtls/x509_crt.h | 3 ++- include/mbedtls/x509_csr.h | 3 ++- include/mbedtls/xtea.h | 3 ++- 77 files changed, 176 insertions(+), 87 deletions(-) diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index aee10b86fe..a783e6b73b 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -1,6 +1,9 @@ -/* - * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites +/** + * \file config-ccm-psk-tls1_2.h * + * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h index e22363d1a3..013bc0300d 100644 --- a/configs/config-mini-tls1_1.h +++ b/configs/config-mini-tls1_1.h @@ -1,6 +1,9 @@ -/* - * Minimal configuration for TLS 1.1 (RFC 4346) +/** + * \file config-mini-tls1_1.h * + * \brief Minimal configuration for TLS 1.1 (RFC 4346) + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 73758602ab..b4a0930b9c 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -1,6 +1,9 @@ /** - * Minimal configuration of features that do not require an entropy source + * \file config-no-entropy.h * + * \brief Minimal configuration of features that do not require an entropy source + */ +/* * Copyright (C) 2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/configs/config-picocoin.h b/configs/config-picocoin.h index 26b24a9e2a..5d41f282f1 100644 --- a/configs/config-picocoin.h +++ b/configs/config-picocoin.h @@ -1,6 +1,9 @@ -/* - * Reduced configuration used by Picocoin. +/** + * \file config-picocoin.h * + * \brief Reduced configuration used by Picocoin. + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 3c4804c79d..18e2c40369 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -1,6 +1,9 @@ -/* - * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) +/** + * \file config-suite-b.h * + * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460) + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/configs/config-thread.h b/configs/config-thread.h index 990fe08c6c..25db16bf0f 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -1,6 +1,9 @@ -/* - * Minimal configuration for using TLS as part of Thread +/** + * \file config-thread.h * + * \brief Minimal configuration for using TLS as part of Thread + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index c8dd0f355b..71dcea9e55 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -2,7 +2,8 @@ * \file aes.h * * \brief AES block cipher - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h index b1b7f1cdec..746baa0e17 100644 --- a/include/mbedtls/aesni.h +++ b/include/mbedtls/aesni.h @@ -2,7 +2,8 @@ * \file aesni.h * * \brief AES-NI for hardware AES acceleration on some Intel processors - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index 5fc5395a8c..26de33f8d5 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -2,7 +2,8 @@ * \file arc4.h * * \brief The ARCFOUR stream cipher - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index e159e57ea0..fde328a128 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -2,7 +2,8 @@ * \file asn1.h * * \brief Generic ASN.1 parsing - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 73ff32b669..f76fc807d0 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -2,7 +2,8 @@ * \file asn1write.h * * \brief ASN.1 buffer writing functionality - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 352c652db9..7a64f52163 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -2,7 +2,8 @@ * \file base64.h * * \brief RFC 1521 base64 encoding/decoding - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 0b40015424..c20b367803 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -1,8 +1,9 @@ /** * \file bignum.h * - * \brief Multi-precision integer library - * + * \brief Multi-precision integer library + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 34626eef48..6593730e4d 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -2,7 +2,8 @@ * \file blowfish.h * * \brief Blowfish block cipher - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index cac3f14577..354c1cc1ab 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -1,8 +1,9 @@ /** * \file bn_mul.h * - * \brief Multi-precision integer library - * + * \brief Multi-precision integer library + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 0424d623fb..107056fc66 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -2,7 +2,8 @@ * \file camellia.h * * \brief Camellia block cipher - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 579402fd48..acd94adb88 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -2,7 +2,8 @@ * \file ccm.h * * \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h index ca49086e4f..8dab7b5ce8 100644 --- a/include/mbedtls/certs.h +++ b/include/mbedtls/certs.h @@ -2,7 +2,8 @@ * \file certs.h * * \brief Sample certificates and DHM parameters for testing - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index fa72454e53..1143aa2687 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -2,7 +2,8 @@ * \file check_config.h * * \brief Consistency checks for configuration options - * + */ +/* * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index b12e38843a..b92a8dbb9f 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -4,7 +4,8 @@ * \brief Generic cipher wrapper. * * \author Adriaan de Jong - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h index 6c58bcc525..969ff9ccb8 100644 --- a/include/mbedtls/cipher_internal.h +++ b/include/mbedtls/cipher_internal.h @@ -4,7 +4,8 @@ * \brief Cipher wrappers. * * \author Adriaan de Jong - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 4d3f2d2f4f..a7f7f45e9c 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -3,7 +3,8 @@ * * \brief Cipher-based Message Authentication Code (CMAC) Mode for * Authentication - * + */ +/* * Copyright (C) 2015-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index bba1d2c247..600a0f154c 100644 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -5,7 +5,8 @@ * for the PolarSSL naming conventions. * * \deprecated Use the new names directly instead - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 70039897d2..5e6b63e82b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -6,7 +6,8 @@ * This set of compile-time options may be used to enable * or disable features selectively, and reduce the global * memory footprint. - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 059d3c5c9a..01cd826a17 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -2,7 +2,8 @@ * \file ctr_drbg.h * * \brief CTR_DRBG based on AES-256 (NIST SP 800-90) - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 2957996407..ef8db67ff1 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -2,7 +2,8 @@ * \file debug.h * * \brief Functions for controlling and providing debug output from the library. - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 5ca2ecf2e0..7f8f27eea3 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -2,7 +2,8 @@ * \file des.h * * \brief DES block cipher - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index f9725ab095..d017b380ea 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -2,7 +2,8 @@ * \file dhm.h * * \brief Diffie-Hellman-Merkle key exchange - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 625a281923..14a362b197 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -2,7 +2,8 @@ * \file ecdh.h * * \brief Elliptic curve Diffie-Hellman - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index a277715b3d..6c6ae294f9 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -2,7 +2,8 @@ * \file ecdsa.h * * \brief Elliptic curve DSA - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 161a5b213f..6fcffc777a 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -2,7 +2,8 @@ * \file ecjpake.h * * \brief Elliptic curve J-PAKE - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index dad9aef002..977134059f 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -2,7 +2,8 @@ * \file ecp.h * * \brief Elliptic curves over GF(p) - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h index 2991e26dd9..8a6d517ed0 100644 --- a/include/mbedtls/ecp_internal.h +++ b/include/mbedtls/ecp_internal.h @@ -3,7 +3,8 @@ * * \brief Function declarations for alternative implementation of elliptic curve * point arithmetic. - * + */ +/* * Copyright (C) 2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 747aca4dfa..3161777462 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -2,7 +2,8 @@ * \file entropy.h * * \brief Entropy accumulator implementation - * + */ +/* * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index 81258d5f39..94dd657eb9 100644 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -2,7 +2,8 @@ * \file entropy_poll.h * * \brief Platform-specific and custom entropy polling functions - * + */ +/* * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 4eb7b78ebf..bd4ca90f04 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -2,7 +2,8 @@ * \file error.h * * \brief Error to string translation - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 8f3b565757..f1019861dc 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -2,7 +2,8 @@ * \file gcm.h * * \brief Galois/Counter mode for 128-bit block ciphers - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h index dac5d31138..d4cb3ed38d 100644 --- a/include/mbedtls/havege.h +++ b/include/mbedtls/havege.h @@ -2,7 +2,8 @@ * \file havege.h * * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index e010558028..e0821cf788 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -2,7 +2,8 @@ * \file hmac_drbg.h * * \brief HMAC_DRBG (NIST SP 800-90A) - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 89be847cee..f23bad40aa 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -4,7 +4,8 @@ * \brief Generic message digest wrapper * * \author Adriaan de Jong - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 0f93fbf427..89fcf36ec6 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -2,7 +2,8 @@ * \file md2.h * * \brief MD2 message digest algorithm (hash function) - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 45214d41d9..f086abbdb0 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -2,7 +2,8 @@ * \file md4.h * * \brief MD4 message digest algorithm (hash function) - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 5a64061aa0..378f63f587 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -2,7 +2,8 @@ * \file md5.h * * \brief MD5 message digest algorithm (hash function) - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index e2441bbc49..d051730646 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -6,7 +6,8 @@ * \warning This in an internal header. Do not include directly. * * \author Adriaan de Jong - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h index d5df316fdd..705f9a6369 100644 --- a/include/mbedtls/memory_buffer_alloc.h +++ b/include/mbedtls/memory_buffer_alloc.h @@ -2,7 +2,8 @@ * \file memory_buffer_alloc.h * * \brief Buffer-based memory allocator - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h index 774559b3cf..28ae8217c0 100644 --- a/include/mbedtls/net.h +++ b/include/mbedtls/net.h @@ -3,6 +3,9 @@ * * \brief Deprecated header file that includes mbedtls/net_sockets.h * + * \deprecated Superseded by mbedtls/net_sockets.h + */ +/* * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * @@ -19,8 +22,6 @@ * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) - * - * \deprecated Superseded by mbedtls/net_sockets.h */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index de335526fe..54e612cc5e 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -2,7 +2,8 @@ * \file net_sockets.h * * \brief Network communication functions - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index fcecdafdca..bf2ef5ece4 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -2,7 +2,8 @@ * \file oid.h * * \brief Object Identifier (OID) database - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h index 2045a5ab64..677936ebf8 100644 --- a/include/mbedtls/padlock.h +++ b/include/mbedtls/padlock.h @@ -3,7 +3,8 @@ * * \brief VIA PadLock ACE for HW encryption/decryption supported by some * processors - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index 54dc02d7cd..2cf4c0a709 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -2,7 +2,8 @@ * \file pem.h * * \brief Privacy Enhanced Mail (PEM) decoding - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index f9f9b9bb09..28f6150077 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -2,7 +2,8 @@ * \file pk.h * * \brief Public Key abstraction layer - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h index 01d0f214bc..3dae0fc5b2 100644 --- a/include/mbedtls/pk_internal.h +++ b/include/mbedtls/pk_internal.h @@ -1,8 +1,9 @@ /** - * \file pk.h + * \file pk_internal.h * * \brief Public Key abstraction layer: wrapper functions - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h index 2e88928137..bf65c55a79 100644 --- a/include/mbedtls/pkcs11.h +++ b/include/mbedtls/pkcs11.h @@ -4,7 +4,8 @@ * \brief Wrapper for PKCS#11 library libpkcs11-helper * * \author Adriaan de Jong - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index 9b2d904591..a621ef5b15 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -2,7 +2,8 @@ * \file pkcs12.h * * \brief PKCS#12 Personal Information Exchange Syntax - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index ec5cb9e744..9a3c9fddcc 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -4,7 +4,8 @@ * \brief PKCS#5 functions * * \author Mathias Olsson - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 35010f8852..e051751189 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -2,7 +2,8 @@ * \file platform.h * * \brief mbed TLS Platform abstraction layer - * + */ +/* * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h index abb3431420..2ed36f56c9 100644 --- a/include/mbedtls/platform_time.h +++ b/include/mbedtls/platform_time.h @@ -2,7 +2,8 @@ * \file platform_time.h * * \brief mbed TLS Platform time abstraction - * + */ +/* * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 7083fc8599..ae365f3d62 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -2,7 +2,8 @@ * \file ripemd160.h * * \brief RIPE MD-160 message digest - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index d7503ac831..a4a4716830 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -2,7 +2,8 @@ * \file rsa.h * * \brief The RSA public-key cryptosystem - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index 7e6a2ecd97..bcb3c9401d 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -2,7 +2,8 @@ * \file rsa_internal.h * * \brief Context-independent RSA helper functions - * + */ +/* * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 7a67c6c1fb..d98f166f96 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -2,7 +2,8 @@ * \file sha1.h * * \brief SHA-1 cryptographic hash function - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index f8041adf08..1c872dd55f 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -2,7 +2,8 @@ * \file sha256.h * * \brief SHA-224 and SHA-256 cryptographic hash function - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 627694f425..542dc990bf 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -2,7 +2,8 @@ * \file sha512.h * * \brief SHA-384 and SHA-512 cryptographic hash function - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e98101e19d..7ad71cc315 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2,7 +2,8 @@ * \file ssl.h * * \brief SSL/TLS functions. - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index 3734bb7274..ec081e6d24 100644 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -2,7 +2,8 @@ * \file ssl_cache.h * * \brief SSL session cache implementation - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 9101d9cc7c..545468a510 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -2,7 +2,8 @@ * \file ssl_ciphersuites.h * * \brief SSL Ciphersuites for mbed TLS - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 037e1c3112..80b65bbbb9 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -2,7 +2,8 @@ * \file ssl_cookie.h * * \brief DTLS cookie callbacks implementation - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 756360b181..509927ad94 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1,8 +1,9 @@ /** - * \file ssl_ticket.h + * \file ssl_internal.h * * \brief Internal functions shared by the SSL modules - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 7c6bc61bfb..93ad46ac9c 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -2,7 +2,8 @@ * \file ssl_ticket.h * * \brief TLS server ticket callbacks implementation - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index b0c34ecc74..58e6db2f3a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -2,7 +2,8 @@ * \file threading.h * * \brief Threading abstraction layer - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index bfb8579a07..2c497bf4eb 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -2,7 +2,8 @@ * \file timing.h * * \brief Portable interface to timeouts and to the CPU cycle counter - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 3b209a6b07..8af6f01708 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -2,7 +2,8 @@ * \file version.h * * \brief Run-time version information - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index d7e318dfdc..d6db9c6e37 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -2,7 +2,8 @@ * \file x509.h * * \brief X.509 generic defines and structures - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 7988439900..08a4283a67 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -2,7 +2,8 @@ * \file x509_crl.h * * \brief X.509 certificate revocation list parsing - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index b7a509831f..2dbb7ec964 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -2,7 +2,8 @@ * \file x509_crt.h * * \brief X.509 certificate parsing and writing - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index fe9843cb54..0c6ccad78d 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -2,7 +2,8 @@ * \file x509_csr.h * * \brief X.509 certificate signing request parsing and writing - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index b073f84efa..1d01e56f83 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -2,7 +2,8 @@ * \file xtea.h * * \brief XTEA block cipher (32-bit) - * + */ +/* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * From 25facddba4c2248f120b48a7819e9c8ea91ad7d0 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 23 Jan 2018 15:36:58 +0000 Subject: [PATCH 0633/1059] doxygen: Remove copyright block from Doxygen comments Remove the copyright block from the Doxygen comments, to clean up the detailed description in the generated Doxygen output. Also, add \file and \brief tags to all headers in doxygen/input. --- doxygen/input/doc_encdec.h | 7 +++++-- doxygen/input/doc_hashing.h | 7 +++++-- doxygen/input/doc_mainpage.h | 7 +++++-- doxygen/input/doc_rng.h | 7 +++++-- doxygen/input/doc_ssltls.h | 7 +++++-- doxygen/input/doc_tcpip.h | 7 +++++-- doxygen/input/doc_x509.h | 7 +++++-- 7 files changed, 35 insertions(+), 14 deletions(-) diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h index 9538ed28ee..b1281cb63f 100644 --- a/doxygen/input/doc_encdec.h +++ b/doxygen/input/doc_encdec.h @@ -1,6 +1,9 @@ /** - * @file - * Encryption/decryption module documentation file. + * \file doc_encdec.h + * + * \brief Encryption/decryption module documentation file. + */ +/* * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h index 49f15ea88e..e54b28e560 100644 --- a/doxygen/input/doc_hashing.h +++ b/doxygen/input/doc_hashing.h @@ -1,6 +1,9 @@ /** - * @file - * Hashing module documentation file. + * \file doc_hashing.h + * + * \brief Hashing module documentation file. + */ +/* * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 87b5041bb1..add75f7a26 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -1,6 +1,9 @@ /** - * @file - * Main page documentation file. + * \file doc_mainpage.h + * + * \brief Main page documentation file. + */ +/* * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h index 0159ef357d..0f212e040c 100644 --- a/doxygen/input/doc_rng.h +++ b/doxygen/input/doc_rng.h @@ -1,6 +1,9 @@ /** - * @file - * Random number generator (RNG) module documentation file. + * \file doc_rng.h + * + * \brief Random number generator (RNG) module documentation file. + */ +/* * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h index 7f104bd4d8..4addfb38e5 100644 --- a/doxygen/input/doc_ssltls.h +++ b/doxygen/input/doc_ssltls.h @@ -1,6 +1,9 @@ /** - * @file - * SSL/TLS communication module documentation file. + * \file doc_ssltls.h + * + * \brief SSL/TLS communication module documentation file. + */ +/* * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h index 34d3ca1b52..95f4586012 100644 --- a/doxygen/input/doc_tcpip.h +++ b/doxygen/input/doc_tcpip.h @@ -1,6 +1,9 @@ /** - * @file - * TCP/IP communication module documentation file. + * \file doc_tcpip.h + * + * \brief TCP/IP communication module documentation file. + */ +/* * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h index 315f0e3ce9..9b52569bbb 100644 --- a/doxygen/input/doc_x509.h +++ b/doxygen/input/doc_x509.h @@ -1,6 +1,9 @@ /** - * @file - * X.509 module documentation file. + * \file doc_x509.h + * + * \brief X.509 module documentation file. + */ +/* * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 From a381fe84ce68347631ce09d2f7a655a58f7af046 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2018 18:16:11 +0100 Subject: [PATCH 0634/1059] Add HW_FAILED error codes for message digest modules New error codes to report failures from alternative implementations of MD2, MD4, MD5, RIPEMD160, SHA-1, SHA-256, SHA-512. --- include/mbedtls/error.h | 9 +++++- include/mbedtls/md2.h | 2 ++ include/mbedtls/md4.h | 2 ++ include/mbedtls/md5.h | 2 ++ include/mbedtls/ripemd160.h | 2 ++ include/mbedtls/sha1.h | 2 ++ include/mbedtls/sha256.h | 2 ++ include/mbedtls/sha512.h | 2 ++ library/error.c | 63 +++++++++++++++++++++++++++++++++++++ 9 files changed, 85 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 4eb7b78ebf..16bc8dcb6a 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -64,8 +64,15 @@ * NET 11 0x0042-0x0052 0x0043-0x0045 * ASN1 7 0x0060-0x006C * PBKDF2 1 0x007C-0x007C - * HMAC_DRBG 4 0x0003-0x0009 + * HMAC_DRBG 4 0x0003-0x0009 * CCM 2 0x000D-0x000F + * MD2 1 0x002B-0x002B + * MD4 1 0x002D-0x002D + * MD5 1 0x002F-0x002F + * RIPEMD160 1 0x0031-0x0031 + * SHA1 1 0x0035-0x0035 + * SHA256 1 0x0037-0x0037 + * SHA512 1 0x0039-0x0039 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 925c69ddef..1a9940bba2 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -31,6 +31,8 @@ #include +#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index f9341a856b..ed203709be 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index bbfcae158c..dfd704cf26 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */ + #if !defined(MBEDTLS_MD5_ALT) // Regular implementation // diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index ad548d302e..93a16bc409 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 03c474bc6f..b879ee6aa6 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 9c52f781c7..e9cc0ca21a 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 7e2fcc592d..395f8bb612 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/library/error.c b/library/error.c index 151ca4eae9..9079c5cbc1 100644 --- a/library/error.c +++ b/library/error.c @@ -101,6 +101,18 @@ #include "mbedtls/md.h" #endif +#if defined(MBEDTLS_MD2_C) +#include "mbedtls/md2.h" +#endif + +#if defined(MBEDTLS_MD4_C) +#include "mbedtls/md4.h" +#endif + +#if defined(MBEDTLS_MD5_C) +#include "mbedtls/md5.h" +#endif + #if defined(MBEDTLS_NET_C) #include "mbedtls/net_sockets.h" #endif @@ -129,10 +141,26 @@ #include "mbedtls/pkcs5.h" #endif +#if defined(MBEDTLS_RIPEMD160_C) +#include "mbedtls/ripemd160.h" +#endif + #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif +#if defined(MBEDTLS_SHA1_C) +#include "mbedtls/sha1.h" +#endif + +#if defined(MBEDTLS_SHA256_C) +#include "mbedtls/sha256.h" +#endif + +#if defined(MBEDTLS_SHA512_C) +#include "mbedtls/sha512.h" +#endif + #if defined(MBEDTLS_SSL_TLS_C) #include "mbedtls/ssl.h" #endif @@ -635,6 +663,21 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" ); #endif /* MBEDTLS_HMAC_DRBG_C */ +#if defined(MBEDTLS_MD2_C) + if( use_ret == -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "MD2 - MD2 hardware accelerator failed" ); +#endif /* MBEDTLS_MD2_C */ + +#if defined(MBEDTLS_MD4_C) + if( use_ret == -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "MD4 - MD4 hardware accelerator failed" ); +#endif /* MBEDTLS_MD4_C */ + +#if defined(MBEDTLS_MD5_C) + if( use_ret == -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "MD5 - MD5 hardware accelerator failed" ); +#endif /* MBEDTLS_MD5_C */ + #if defined(MBEDTLS_NET_C) if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) ) mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" ); @@ -672,6 +715,26 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); #endif /* MBEDTLS_PADLOCK_C */ +#if defined(MBEDTLS_RIPEMD160_C) + if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" ); +#endif /* MBEDTLS_RIPEMD160_C */ + +#if defined(MBEDTLS_SHA1_C) + if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" ); +#endif /* MBEDTLS_SHA1_C */ + +#if defined(MBEDTLS_SHA256_C) + if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA512_C) + if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" ); +#endif /* MBEDTLS_SHA512_C */ + #if defined(MBEDTLS_THREADING_C) if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" ); From 342d928e8dda9fc307d685dcbc6b9342a49e805b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2018 18:21:21 +0100 Subject: [PATCH 0635/1059] Fix proprocessor directives for MBEDTLS_RIPEMD160_ALT --- include/mbedtls/ripemd160.h | 2 +- library/ripemd160.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 93a16bc409..3921e66954 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -199,7 +199,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process( #endif #else /* MBEDTLS_RIPEMD160_ALT */ -#include "ripemd160.h" +#include "ripemd160_alt.h" #endif /* MBEDTLS_RIPEMD160_ALT */ #ifdef __cplusplus diff --git a/library/ripemd160.c b/library/ripemd160.c index 260fee6868..b85b117c6a 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -46,6 +46,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ +#if !defined(MBEDTLS_RIPEMD160_ALT) + /* * 32-bit integer manipulation macros (little endian) */ @@ -393,6 +395,8 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, return( 0 ); } +#endif /* ! MBEDTLS_RIPEMD160_ALT */ + /* * output = RIPEMD-160( input buffer ) */ From 9cf1f96a7b4d6dc5e9bb38cb41b407aa65cfeca2 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 30 Jan 2017 14:34:25 +0000 Subject: [PATCH 0636/1059] Fix corner case uses of memory_buffer_alloc.c The corner cases fixed include: * Allocating a buffer of size 0. With this change, the allocator now returns a NULL pointer in this case. Note that changes in pem.c and x509_crl.c were required to fix tests that did not work under this assumption. * Initialising the allocator with less memory than required for headers. * Fix header chain checks for uninitialised allocator. --- ChangeLog | 2 ++ library/memory_buffer_alloc.c | 29 ++++++++++++++++++----------- library/pem.c | 4 ++-- library/x509_crl.c | 4 ++-- 4 files changed, 24 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index a200d51fb7..4aa66fd822 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,8 @@ Bugfix * Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue. * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c. Found and fixed by Martijn de Milliano. + * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found + by Guido Vranken. #639 Changes * Extend cert_write example program by options to set the CRT version diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 545d5a2c32..0d3342dea7 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -182,9 +182,9 @@ static int verify_header( memory_header *hdr ) static int verify_chain() { - memory_header *prv = heap.first, *cur = heap.first->next; + memory_header *prv = heap.first, *cur; - if( verify_header( heap.first ) != 0 ) + if( heap.first == NULL || verify_header( heap.first ) != 0 ) { #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_fprintf( stderr, "FATAL: verification of first header " @@ -202,6 +202,8 @@ static int verify_chain() return( 1 ); } + cur = heap.first->next; + while( cur != NULL ) { if( verify_header( cur ) != 0 ) @@ -245,7 +247,9 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) original_len = len = n * size; - if( n != 0 && len / n != size ) + if( n == 0 || size == 0 || len / n != size ) + return( NULL ); + else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE ) return( NULL ); if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) @@ -386,7 +390,7 @@ static void buffer_alloc_free( void *ptr ) if( ptr == NULL || heap.buf == NULL || heap.first == NULL ) return; - if( p < heap.buf || p > heap.buf + heap.len ) + if( p < heap.buf || p >= heap.buf + heap.len ) { #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed " @@ -570,8 +574,7 @@ static void buffer_alloc_free_mutexed( void *ptr ) void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) { - memset( &heap, 0, sizeof(buffer_alloc_ctx) ); - memset( buf, 0, len ); + memset( &heap, 0, sizeof( buffer_alloc_ctx ) ); #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_init( &heap.mutex ); @@ -581,20 +584,24 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free ); #endif - if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) + if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE ) + return; + else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) { /* Adjust len first since buf is used in the computation */ len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE - - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; + - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE - - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; + - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; } + memset( buf, 0, len ); + heap.buf = buf; heap.len = len; - heap.first = (memory_header *) buf; - heap.first->size = len - sizeof(memory_header); + heap.first = (memory_header *)buf; + heap.first->size = len - sizeof( memory_header ); heap.first->magic1 = MAGIC1; heap.first->magic2 = MAGIC2; heap.first_free = heap.first; diff --git a/library/pem.c b/library/pem.c index 87401ba55f..d726bd61be 100644 --- a/library/pem.c +++ b/library/pem.c @@ -423,7 +423,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, unsigned char *buf, size_t buf_len, size_t *olen ) { int ret; - unsigned char *encode_buf, *c, *p = buf; + unsigned char *encode_buf = NULL, *c, *p = buf; size_t len = 0, use_len, add_len = 0; mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len ); @@ -435,7 +435,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } - if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) + if( use_len != 0 && ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data, diff --git a/library/x509_crl.c b/library/x509_crl.c index 55d12acd03..c302bb2fb7 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -257,7 +257,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, { int ret; size_t len; - unsigned char *p, *end; + unsigned char *p = NULL, *end; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; mbedtls_x509_crl *crl = chain; @@ -294,7 +294,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /* * Copy raw DER-encoded CRL */ - if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) + if( buflen != 0 && ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); From 8ec3bfe1800d7b18e24d9439b641e91c4dd408ed Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 30 Jan 2017 14:35:08 +0000 Subject: [PATCH 0637/1059] Test corner case uses of memory_buffer_alloc.c --- .../test_suite_memory_buffer_alloc.data | 5 ++++ .../test_suite_memory_buffer_alloc.function | 28 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data index 8d3813a7ba..d59f1135ae 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.data +++ b/tests/suites/test_suite_memory_buffer_alloc.data @@ -16,3 +16,8 @@ memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0 Memory buffer alloc - Out of Memory test memory_buffer_alloc_oom_test: +Memory buffer small buffer +memory_buffer_small_buffer: + +Memory buffer underalloc +memory_buffer_underalloc: diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index a0c70d8a20..09684c1d41 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -232,3 +232,31 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_small_buffer( ) +{ + unsigned char buf[1]; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_underalloc( ) +{ + unsigned char buf[100]; + size_t i; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + for( i = 1; i < MBEDTLS_MEMORY_ALIGN_MULTIPLE; i++ ) + { + TEST_ASSERT( mbedtls_calloc( 1, + (size_t)-( MBEDTLS_MEMORY_ALIGN_MULTIPLE - i ) ) == NULL ); + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + +exit: + mbedtls_memory_buffer_alloc_free(); +} +/* END_CASE */ From f1ee63562aa6bd42603adc61cda158b9fe109360 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 6 Jul 2017 10:06:58 +0100 Subject: [PATCH 0638/1059] Style fixes in pem, x509_crl and buf_alloc --- library/memory_buffer_alloc.c | 2 +- library/pem.c | 3 ++- library/x509_crl.c | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 0d3342dea7..1cfc27ca61 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -184,7 +184,7 @@ static int verify_chain() { memory_header *prv = heap.first, *cur; - if( heap.first == NULL || verify_header( heap.first ) != 0 ) + if( prv == NULL || verify_header( prv ) != 0 ) { #if defined(MBEDTLS_MEMORY_DEBUG) mbedtls_fprintf( stderr, "FATAL: verification of first header " diff --git a/library/pem.c b/library/pem.c index d726bd61be..7b3ae8d3df 100644 --- a/library/pem.c +++ b/library/pem.c @@ -435,7 +435,8 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } - if( use_len != 0 && ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) + if( use_len != 0 && + ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data, diff --git a/library/x509_crl.c b/library/x509_crl.c index c302bb2fb7..8f98d8c928 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -257,7 +257,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, { int ret; size_t len; - unsigned char *p = NULL, *end; + unsigned char *p = NULL, *end = NULL; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; mbedtls_x509_crl *crl = chain; @@ -294,7 +294,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /* * Copy raw DER-encoded CRL */ - if( buflen != 0 && ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) + if( buflen != 0 && ( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); From cb5123fa86982c75f2c8061b58ac51c9e9938fdb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Dec 2017 09:39:23 +0000 Subject: [PATCH 0639/1059] Ensure memcpy is not called with NULL and 0 args in x509 module --- library/x509_crl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index 8f98d8c928..9422457b50 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -294,7 +294,9 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /* * Copy raw DER-encoded CRL */ - if( buflen != 0 && ( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) ) + if( buflen == 0 ) + return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + else if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); From c9d6226d2c7b7a99be6694c6014e4e4be1cc69d7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 12 Dec 2017 20:15:03 +0000 Subject: [PATCH 0640/1059] Change formatting of allocation check in x509_crl --- library/x509_crl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index 9422457b50..0bb7236bd1 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -296,7 +296,9 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, */ if( buflen == 0 ) return( MBEDTLS_ERR_X509_INVALID_FORMAT ); - else if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) + + p = mbedtls_calloc( 1, buflen ); + if( p == NULL ) return( MBEDTLS_ERR_X509_ALLOC_FAILED ); memcpy( p, buf, buflen ); From e9124b943da5c30899cc75294f390d46ea23c995 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 23 Jan 2018 20:03:52 +0000 Subject: [PATCH 0641/1059] Ensure that mbedtls_pk_parse_key() does not allocate 0 bytes --- library/pkparse.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index f97d89ea14..491cecf50f 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1274,6 +1274,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, { unsigned char *key_copy; + if( keylen == 0 ) + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) return( MBEDTLS_ERR_PK_ALLOC_FAILED ); From 616d1ca6052307ade19a024127c9c3b0929dfe13 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Jan 2018 10:25:05 +0000 Subject: [PATCH 0642/1059] Add support for alternative ECJPAKE implementation This commit allows users to provide alternative implementations of the ECJPAKE interface through the configuration option MBEDTLS_ECJPAKE_ALT. When set, the user must add `ecjpake_alt.h` declaring the same interface as `ecjpake.h`, as well as add some compilation unit which implements the functionality. This is in line with the preexisting support for alternative implementations of other modules. --- ChangeLog | 2 ++ include/mbedtls/config.h | 1 + include/mbedtls/ecjpake.h | 18 +++++++++++++++++- library/ecjpake.c | 3 +++ library/version_features.c | 3 +++ 5 files changed, 26 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a200d51fb7..0b8667bf11 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ Features The following functions from the ECDH module can be replaced with an alternative implementation: mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). + * Add support for alternative implementation for ECJPAKE, controlled by + new configuration flag MBEDTLS_ECJPAKE_ALT. API Changes * Extend RSA interface by multiple functions allowing structure- diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 5e6b63e82b..6f62a87722 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -271,6 +271,7 @@ //#define MBEDTLS_CMAC_ALT //#define MBEDTLS_DES_ALT //#define MBEDTLS_DHM_ALT +//#define MBEDTLS_ECJPAKE_ALT //#define MBEDTLS_GCM_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 6fcffc777a..d86e8207f1 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -44,6 +44,8 @@ #include "ecp.h" #include "md.h" +#if !defined(MBEDTLS_ECJPAKE_ALT) + #ifdef __cplusplus extern "C" { #endif @@ -223,17 +225,31 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, */ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); +#ifdef __cplusplus +} +#endif + +#else /* MBEDTLS_ECJPAKE_ALT */ +#include "ecjpake_alt.h" +#endif /* MBEDTLS_ECJPAKE_ALT */ + #if defined(MBEDTLS_SELF_TEST) + +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Checkup routine * * \return 0 if successful, or 1 if a test failed */ int mbedtls_ecjpake_self_test( int verbose ); -#endif #ifdef __cplusplus } #endif +#endif /* MBEDTLS_SELF_TEST */ + #endif /* ecjpake.h */ diff --git a/library/ecjpake.c b/library/ecjpake.c index 1fa1c2d801..e8f40862be 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -36,6 +36,8 @@ #include +#if !defined(MBEDTLS_ECJPAKE_ALT) + /* * Convert a mbedtls_ecjpake_role to identifier string */ @@ -764,6 +766,7 @@ cleanup: #undef ID_MINE #undef ID_PEER +#endif /* ! MBEDTLS_ECJPAKE_ALT */ #if defined(MBEDTLS_SELF_TEST) diff --git a/library/version_features.c b/library/version_features.c index ede2276a57..72afec2da0 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -108,6 +108,9 @@ static const char *features[] = { #if defined(MBEDTLS_DHM_ALT) "MBEDTLS_DHM_ALT", #endif /* MBEDTLS_DHM_ALT */ +#if defined(MBEDTLS_ECJPAKE_ALT) + "MBEDTLS_ECJPAKE_ALT", +#endif /* MBEDTLS_ECJPAKE_ALT */ #if defined(MBEDTLS_GCM_ALT) "MBEDTLS_GCM_ALT", #endif /* MBEDTLS_GCM_ALT */ From 9b534666a211da28c2ccf2f1e0f564bb1fc7ab0d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jan 2018 00:04:08 +0100 Subject: [PATCH 0643/1059] Add ChangeLog entry --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index a200d51fb7..34e3406eb3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -104,6 +104,9 @@ Bugfix * Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue. * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c. Found and fixed by Martijn de Milliano. + * Fix bug in cipher decryption with MBEDTLS_PADDING_ONE_AND_ZEROS that + sometimes accepted invalid padding. (Not used in TLS.) Found and fixed + by Micha Kraus. Changes * Extend cert_write example program by options to set the CRT version From 087d5ad593fbd6c1cc432f8c1736afced1060c84 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 24 Jan 2018 16:06:25 +0000 Subject: [PATCH 0644/1059] Minor improvement in ChangeLog --- ChangeLog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0b8667bf11..68aa6da48b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,14 +28,14 @@ Features The following functions from the ECDSA module can be replaced with alternative implementation: mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey(). - * Add support for alternative implementation for ECDH, controlled by new - configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and + * Add support for alternative implementation of ECDH, controlled by the + new configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h. The following functions from the ECDH module can be replaced with an alternative implementation: mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). - * Add support for alternative implementation for ECJPAKE, controlled by - new configuration flag MBEDTLS_ECJPAKE_ALT. + * Add support for alternative implementation of ECJPAKE, controlled by + the new configuration flag MBEDTLS_ECJPAKE_ALT. API Changes * Extend RSA interface by multiple functions allowing structure- From e278b364610c24307f7b9e7d010ab1b634ddbb64 Mon Sep 17 00:00:00 2001 From: Reut Caspi Date: Thu, 19 Oct 2017 08:49:19 +0100 Subject: [PATCH 0645/1059] Change mbedtls_entropy_func in tests to mbedtls_test_entropy_func Change function in tests named mbedtls_entropy_func to mbedtls_test_entropy_func to avoid getting error from the linker when calling the mbedtls_entropy_func elsewhere. --- tests/suites/test_suite_ctr_drbg.function | 10 +++++----- tests/suites/test_suite_hmac_drbg.function | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 883cfe08ec..d8ffebe46a 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -1,8 +1,8 @@ /* BEGIN_HEADER */ #include "mbedtls/ctr_drbg.h" -int test_offset_idx; -int mbedtls_entropy_func( void *data, unsigned char *buf, size_t len ) +static int test_offset_idx; +static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len ) { const unsigned char *p = (unsigned char *) data; memcpy( buf, p + test_offset_idx, len ); @@ -72,7 +72,7 @@ void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string, add2_len = unhexify( add2, add2_string ); test_offset_idx = 0; - TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 ); mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 ); @@ -110,7 +110,7 @@ void ctr_drbg_validate_nopr( char *add_init_string, char *entropy_string, add2_len = unhexify( add2, add2_string ); test_offset_idx = 0; - TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 ); TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 ); TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed, add_reseed_len ) == 0 ); @@ -141,7 +141,7 @@ void ctr_drbg_entropy_usage( ) /* Init must use entropy */ last_idx = test_offset_idx; - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_entropy_func, entropy, NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_entropy_func, entropy, NULL, 0 ) == 0 ); TEST_ASSERT( last_idx < test_offset_idx ); /* By default, PR is off and reseed_interval is large, diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index 52094700b5..a413f5e182 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -7,7 +7,7 @@ typedef struct size_t len; } entropy_ctx; -int mbedtls_entropy_func( void *data, unsigned char *buf, size_t len ) +static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len ) { entropy_ctx *ctx = (entropy_ctx *) data; @@ -50,7 +50,7 @@ void hmac_drbg_entropy_usage( int md_alg ) /* Init must use entropy */ last_len = entropy.len; - TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &entropy, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &entropy, NULL, 0 ) == 0 ); TEST_ASSERT( entropy.len < last_len ); @@ -206,7 +206,7 @@ void hmac_drbg_no_reseed( int md_alg, TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 ); /* And now the normal entropy-based variant */ - TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy, custom, custom_len ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, add1, add1_len ) == 0 ); @@ -251,7 +251,7 @@ void hmac_drbg_nopr( int md_alg, md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy, custom, custom_len ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1, add1_len ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, @@ -296,7 +296,7 @@ void hmac_drbg_pr( int md_alg, md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_entropy_func, &p_entropy, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy, custom, custom_len ) == 0 ); mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON ); TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len, From 4fa619fe56807f5d143b3eb7533add464791838b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Jan 2018 10:55:10 +0100 Subject: [PATCH 0646/1059] Fix race condition in error printing in ssl_server2.c The race goes this way: 1. ssl_recv() succeeds (ie no signal received yet) 2. processing the message leads to aborting handshake with ret != 0 3. reset ret if we were signaled 4. print error if ret is still non-zero 5. go back to net_accept() which can be interrupted by a signal We print the error message only if the signal is received between steps 3 and 5, not when it arrives between steps 1 and 3. This can cause failures in ssl-opt.sh where we check for the presence of "Last error was..." in the server's output: if we perform step 2, the client will be notified and exit, then ssl-opt.sh will send SIGTERM to the server, but if it didn't get a chance to run and pass step 3 in the meantime, we're in trouble. The purpose of step 3 was to avoid spurious "Last error" messages in the output so that ssl-opt.sh can check for a successful run by the absence of that message. However, it is enough to suppress that message when the last error we get is the one we expect from being interrupted by a signal - doing more could hide real errors. Also, improve the messages printed when interrupted to make it easier to distinguish the two cases - this could be used in a testing script wanted to check that the server doesn't see the client as disconnecting unexpectedly. --- programs/ssl/ssl_server2.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1285abcbd1..cc29b493ff 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2019,8 +2019,10 @@ reset: #if !defined(_WIN32) if( received_sigterm ) { - mbedtls_printf( " interrupted by SIGTERM\n" ); - ret = 0; + mbedtls_printf( " interrupted by SIGTERM (not in net_accept())\n" ); + if( ret == MBEDTLS_ERR_NET_INVALID_CONTEXT ) + ret = 0; + goto exit; } #endif @@ -2056,8 +2058,10 @@ reset: #if !defined(_WIN32) if( received_sigterm ) { - mbedtls_printf( " interrupted by signal\n" ); - ret = 0; + mbedtls_printf( " interrupted by SIGTERM (in net_accept())\n" ); + if( ret == MBEDTLS_ERR_NET_ACCEPT_FAILED ) + ret = 0; + goto exit; } #endif From 92143276239d95420b56a33f5abaf2b9d0850ca0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jan 2018 23:26:24 +0100 Subject: [PATCH 0647/1059] Sort list to make things easier to find --- scripts/generate_errors.pl | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index cfcf07c8f3..882afbdb9a 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -29,13 +29,14 @@ if( @ARGV ) { my $error_format_file = $data_dir.'/error.fmt'; -my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM", - "BASE64", "XTEA", "PBKDF2", "OID", - "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", - "HMAC_DRBG", "MD2", "MD4", "MD5", "RIPEMD160", - "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM" ); -my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", - "PK", "PKCS12", "PKCS5" ); +my @low_level_modules = qw( AES ASN1 BASE64 BIGNUM BLOWFISH + CAMELLIA CCM CTR_DRBG DES ENTROPY + GCM HMAC_DRBG MD2 MD4 MD5 + NET OID PADLOCK PBKDF2 RIPEMD160 + SHA1 SHA256 SHA512 THREADING XTEA ); +my @high_level_modules = qw( CIPHER DHM ECP MD + PEM PK PKCS12 PKCS5 + RSA SSL X509 ); my $line_separator = $/; undef $/; From 1b3649906261dfaafcc5b8750279a0012c1c604a Mon Sep 17 00:00:00 2001 From: Dvir Markovich Date: Mon, 26 Jun 2017 13:43:34 +0300 Subject: [PATCH 0648/1059] Improve CTR_DRBG error handling and cleanup Check AES return values and return error when needed. Propagate the underlying AES return code. Perform more memory cleanup. --- library/ctr_drbg.c | 92 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 75 insertions(+), 17 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 55612c7fc9..2d2da2434d 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -94,11 +94,15 @@ int mbedtls_ctr_drbg_seed_entropy_len( /* * Initialize with an empty key */ - mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ); + if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) + { + return( ret ); + } if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 ) + { return( ret ); - + } return( 0 ); } @@ -148,6 +152,7 @@ static int block_cipher_df( unsigned char *output, unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; unsigned char *p, *iv; mbedtls_aes_context aes_ctx; + int ret = 0; int i, j; size_t buf_len, use_len; @@ -180,7 +185,10 @@ static int block_cipher_df( unsigned char *output, for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ ) key[i] = i; - mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ); + if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) + { + goto exit; + } /* * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data @@ -199,7 +207,10 @@ static int block_cipher_df( unsigned char *output, use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; - mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain ); + if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain ) ) != 0 ) + { + goto exit; + } } memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE ); @@ -213,20 +224,40 @@ static int block_cipher_df( unsigned char *output, /* * Do final encryption with reduced data */ - mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ); + if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) + { + goto exit; + } iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE; p = output; for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) { - mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv ) ) != 0 ) + { + goto exit; + } memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE ); p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } - +exit: mbedtls_aes_free( &aes_ctx ); + /* + * tidy up the stack + */ + mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_zeroize( tmp, sizeof( tmp ) ); + mbedtls_zeroize( key, sizeof( key ) ); + mbedtls_zeroize( chain, sizeof( chain ) ); + if( 0 != ret ) + { + /* + * wipe partial seed from memory + */ + mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); + } - return( 0 ); + return( ret ); } static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, @@ -235,6 +266,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char *p = tmp; int i, j; + int ret = 0; memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN ); @@ -250,7 +282,10 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, /* * Crypt counter block */ - mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ); + if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 ) + { + return( ret ); + } p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } @@ -261,7 +296,10 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, /* * Update key and counter */ - mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ); + if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) + { + return( ret ); + } memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE ); return( 0 ); @@ -289,6 +327,7 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, { unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; + int ret; if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT || len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) @@ -319,12 +358,18 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, /* * Reduce to 384 bits */ - block_cipher_df( seed, seed, seedlen ); + if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 ) + { + return( ret ); + } /* * Update state */ - ctr_drbg_update_internal( ctx, seed ); + if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 ) + { + return( ret ); + } ctx->reseed_counter = 1; return( 0 ); @@ -354,15 +399,22 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, ctx->prediction_resistance ) { if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 ) + { return( ret ); - + } add_len = 0; } if( add_len > 0 ) { - block_cipher_df( add_input, additional, add_len ); - ctr_drbg_update_internal( ctx, add_input ); + if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 ) + { + return( ret ); + } + if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + { + return( ret ); + } } while( output_len > 0 ) @@ -377,7 +429,10 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, /* * Crypt counter block */ - mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ); + if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 ) + { + return( ret ); + } use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; @@ -389,7 +444,10 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, output_len -= use_len; } - ctr_drbg_update_internal( ctx, add_input ); + if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + { + return( ret ); + } ctx->reseed_counter++; From 791e08ad8bd2bcbe226fbfddba95d5367e23d932 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 26 Jan 2018 12:04:12 +0000 Subject: [PATCH 0649/1059] Add a ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index a5776c06c0..64a95d361e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -146,6 +146,7 @@ Changes new ones with return codes. In particular, this modifies the mbedtls_md_info_t structure. Propagate errors from these functions everywhere except some locations in the ssl_tls.c module. + * Improve CTR_DRBG error handling by propagating underlying AES errors. = mbed TLS 2.6.0 branch released 2017-08-10 From 7ecab3df4cc3a79e8b74dd6bd79cf3882e033841 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jan 2018 17:56:38 +0100 Subject: [PATCH 0650/1059] Error codes for hardware accelerator failures Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography modules where the software implementation can be replaced by a hardware implementation. This does not include the individual message digest modules since they currently have no way to return error codes. This does include the higher-level md, cipher and pk modules since alternative implementations and even algorithms can be plugged in at runtime. --- ChangeLog | 3 +++ include/mbedtls/aes.h | 3 ++- include/mbedtls/arc4.h | 2 ++ include/mbedtls/blowfish.h | 1 + include/mbedtls/camellia.h | 1 + include/mbedtls/ccm.h | 1 + include/mbedtls/cipher.h | 3 ++- include/mbedtls/cmac.h | 2 ++ include/mbedtls/des.h | 1 + include/mbedtls/dhm.h | 1 + include/mbedtls/ecp.h | 1 + include/mbedtls/error.h | 28 +++++++++++++----------- include/mbedtls/gcm.h | 1 + include/mbedtls/md.h | 1 + include/mbedtls/pk.h | 1 + include/mbedtls/rsa.h | 1 + include/mbedtls/xtea.h | 1 + library/error.c | 44 ++++++++++++++++++++++++++++++++++++++ scripts/generate_errors.pl | 6 +++--- 19 files changed, 84 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index a200d51fb7..50b534773e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -117,6 +117,9 @@ Changes * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. * Add mechanism to provide alternative implementation of the DHM module. + * Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography + modules where the software implementation can be replaced by a hardware + implementation. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 71dcea9e55..541fa930d5 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -41,8 +41,9 @@ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ -/* Error codes in range 0x0023-0x0023 */ +/* Error codes in range 0x0023-0x0025 */ #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available, e.g. unsupported AES key size. */ +#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index 26de33f8d5..875c574317 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -32,6 +32,8 @@ #include +#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */ + #if !defined(MBEDTLS_ARC4_ALT) // Regular implementation // diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 6593730e4d..c0ef5a04cc 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -41,6 +41,7 @@ #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */ +#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ #if !defined(MBEDTLS_BLOWFISH_ALT) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 107056fc66..cf07629d9b 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -38,6 +38,7 @@ #define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ +#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ #if !defined(MBEDTLS_CAMELLIA_ALT) // Regular implementation diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index acd94adb88..1459eb8eab 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -28,6 +28,7 @@ #define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ +#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ #if !defined(MBEDTLS_CCM_ALT) // Regular implementation diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index b92a8dbb9f..97b9226f5c 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -58,7 +58,8 @@ #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ -#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */ +#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */ +#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */ #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */ #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */ diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index a7f7f45e9c..1cac948968 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -31,6 +31,8 @@ extern "C" { #endif +#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */ + #define MBEDTLS_AES_BLOCK_SIZE 16 #define MBEDTLS_DES3_BLOCK_SIZE 8 diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 7f8f27eea3..1752898506 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -37,6 +37,7 @@ #define MBEDTLS_DES_DECRYPT 0 #define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */ +#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */ #define MBEDTLS_DES_KEY_SIZE 8 diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index d017b380ea..8a28ffac9b 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -44,6 +44,7 @@ #define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ #define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */ +#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 /**< DHM hardware accelerator failed. */ /** * RFC 3526 defines a number of standardized Diffie-Hellman groups diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 977134059f..b00ba4da87 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -37,6 +37,7 @@ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ +#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ #if !defined(MBEDTLS_ECP_ALT) /* diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index bd4ca90f04..7e32892694 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -50,23 +50,25 @@ * * Module Nr Codes assigned * MPI 7 0x0002-0x0010 - * GCM 2 0x0012-0x0014 - * BLOWFISH 2 0x0016-0x0018 + * GCM 3 0x0012-0x0014 0x0013-0x0013 + * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * THREADING 3 0x001A-0x001E - * AES 2 0x0020-0x0022 0x0023-0x0023 - * CAMELLIA 2 0x0024-0x0026 - * XTEA 1 0x0028-0x0028 + * AES 4 0x0020-0x0022 0x0023-0x0025 + * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 + * XTEA 2 0x0028-0x0028 0x0029-0x0029 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B * PADLOCK 1 0x0030-0x0030 - * DES 1 0x0032-0x0032 + * DES 2 0x0032-0x0032 0x0033-0x0033 * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 11 0x0042-0x0052 0x0043-0x0045 * ASN1 7 0x0060-0x006C + * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 - * CCM 2 0x000D-0x000F + * CCM 3 0x000D-0x0011 + * ARC4 1 0x0019-0x0019 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors @@ -74,12 +76,12 @@ * PKCS#12 1 4 (Started from top) * X509 2 20 * PKCS5 2 4 (Started from top) - * DHM 3 9 - * PK 3 14 (Started from top) - * RSA 4 10 - * ECP 4 8 (Started from top) - * MD 5 4 - * CIPHER 6 6 + * DHM 3 10 + * PK 3 15 (Started from top) + * RSA 4 11 + * ECP 4 9 (Started from top) + * MD 5 5 + * CIPHER 6 8 * SSL 6 17 (Started from top) * SSL 7 31 * diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index f1019861dc..c7f01c316f 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -32,6 +32,7 @@ #define MBEDTLS_GCM_DECRYPT 0 #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ +#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ #if !defined(MBEDTLS_GCM_ALT) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index f23bad40aa..57c27a6f02 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -38,6 +38,7 @@ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ #define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */ +#define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */ #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 28f6150077..1059bdaa5b 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -64,6 +64,7 @@ #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */ +#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */ #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a4a4716830..752105822c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -50,6 +50,7 @@ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ #define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality */ +#define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED -0x4580 /**< RSA hardware accelerator failed. */ /* * RSA constants diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index 1d01e56f83..34ccee3c22 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -37,6 +37,7 @@ #define MBEDTLS_XTEA_DECRYPT 0 #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ +#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */ #if !defined(MBEDTLS_XTEA_ALT) // Regular implementation diff --git a/library/error.c b/library/error.c index 151ca4eae9..70ea2bffc6 100644 --- a/library/error.c +++ b/library/error.c @@ -45,6 +45,10 @@ #include "mbedtls/aes.h" #endif +#if defined(MBEDTLS_ARC4_C) +#include "mbedtls/arc4.h" +#endif + #if defined(MBEDTLS_BASE64_C) #include "mbedtls/base64.h" #endif @@ -69,6 +73,10 @@ #include "mbedtls/cipher.h" #endif +#if defined(MBEDTLS_CMAC_C) +#include "mbedtls/cmac.h" +#endif + #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" #endif @@ -185,6 +193,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) ) mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" ); + if( use_ret == -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CIPHER - Cipher hardware accelerator failed" ); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) @@ -206,6 +216,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" ); if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) ) mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" ); + if( use_ret == -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "DHM - DHM hardware accelerator failed" ); #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_ECP_C) @@ -225,6 +237,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); + if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" ); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) @@ -236,6 +250,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "MD - Failed to allocate memory" ); if( use_ret == -(MBEDTLS_ERR_MD_FILE_IO_ERROR) ) mbedtls_snprintf( buf, buflen, "MD - Opening or reading of file failed" ); + if( use_ret == -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "MD - MD hardware accelerator failed" ); #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) @@ -288,6 +304,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) ) mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" ); + if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" ); #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_PKCS12_C) @@ -333,6 +351,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality" ); + if( use_ret == -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "RSA - RSA hardware accelerator failed" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) @@ -522,8 +542,15 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "AES - Feature not available, e.g. unsupported AES key size" ); + if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "AES - AES hardware accelerator failed" ); #endif /* MBEDTLS_AES_C */ +#if defined(MBEDTLS_ARC4_C) + if( use_ret == -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" ); +#endif /* MBEDTLS_ARC4_C */ + #if defined(MBEDTLS_ASN1_PARSE_C) if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) ) mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" ); @@ -570,6 +597,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_BLOWFISH_C) if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" ); + if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); #endif /* MBEDTLS_BLOWFISH_C */ @@ -579,6 +608,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CCM_C) @@ -586,8 +617,15 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to function" ); if( use_ret == -(MBEDTLS_ERR_CCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); + if( use_ret == -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CCM - CCM hardware accelerator failed" ); #endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CMAC_C) + if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" ); +#endif /* MBEDTLS_CMAC_C */ + #if defined(MBEDTLS_CTR_DRBG_C) if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); @@ -602,6 +640,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_DES_C) if( use_ret == -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "DES - The data input has an invalid length" ); + if( use_ret == -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "DES - DES hardware accelerator failed" ); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ENTROPY_C) @@ -620,6 +660,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_GCM_C) if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" ); + if( use_ret == -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "GCM - GCM hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_GCM_BAD_INPUT) ) mbedtls_snprintf( buf, buflen, "GCM - Bad input parameters to function" ); #endif /* MBEDTLS_GCM_C */ @@ -684,6 +726,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_XTEA_C) if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" ); + if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" ); #endif /* MBEDTLS_XTEA_C */ // END generated code diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 882afbdb9a..59618d4aa7 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -29,9 +29,9 @@ if( @ARGV ) { my $error_format_file = $data_dir.'/error.fmt'; -my @low_level_modules = qw( AES ASN1 BASE64 BIGNUM BLOWFISH - CAMELLIA CCM CTR_DRBG DES ENTROPY - GCM HMAC_DRBG MD2 MD4 MD5 +my @low_level_modules = qw( AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH + CAMELLIA CCM CMAC CTR_DRBG DES + ENTROPY GCM HMAC_DRBG MD2 MD4 MD5 NET OID PADLOCK PBKDF2 RIPEMD160 SHA1 SHA256 SHA512 THREADING XTEA ); my @high_level_modules = qw( CIPHER DHM ECP MD From 54059629549a1ef4f992801d877dc8e8b14e02b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 29 Jan 2018 10:16:30 +0100 Subject: [PATCH 0651/1059] Fix alarm(0) failure on mingw32 A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also fixed it on Unix. Apparently test results on MinGW were not checked at that point, so we missed that this new test was also failing on this platform. --- ChangeLog | 2 +- library/timing.c | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 64a95d361e..c18ac5bc94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -108,7 +108,7 @@ Bugfix * Fix incorrect unit in benchmark output. #850 * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by MilenkoMitrovic, #1104 - * Fix mbedtls_timing_alarm(0) on Unix. + * Fix mbedtls_timing_alarm(0) on Unix and MinGW. * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. * Fix possible memory leaks in mbedtls_gcm_self_test(). * Added missing return code checks in mbedtls_aes_self_test(). diff --git a/library/timing.c b/library/timing.c index 6df137d2d3..35d6d89e2b 100644 --- a/library/timing.c +++ b/library/timing.c @@ -278,6 +278,14 @@ void mbedtls_set_alarm( int seconds ) { DWORD ThreadId; + if( seconds == 0 ) + { + /* No need to create a thread for this simple case. + * Also, this shorcut is more reliable at least on MinGW32 */ + mbedtls_timing_alarmed = 1; + return; + } + mbedtls_timing_alarmed = 0; alarmMs = seconds * 1000; CloseHandle( CreateThread( NULL, 0, TimerProc, NULL, 0, &ThreadId ) ); From 7ea67274f75701b5ed0b270db827a5adde87d6df Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 8 May 2017 11:15:49 +0100 Subject: [PATCH 0652/1059] Fix test_suite_pk.function to work on 64-bit ILP32 This change fixes a problem in the tests pk_rsa_alt() and pk_rsa_overflow() from test_suite_pk.function that would cause a segmentation fault. The problem is that these tests are only designed to run in computers where the SIZE_MAX > UINT_MAX. --- tests/suites/test_suite_pk.function | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e847836674..ac6429baea 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -5,8 +5,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/rsa.h" -/* For detecting 64-bit compilation */ -#include "mbedtls/bignum.h" +#include static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); @@ -413,11 +412,14 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64 */ +/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ void pk_rsa_overflow( ) { mbedtls_pk_context pk; - size_t hash_len = (size_t)-1; + size_t hash_len = SIZE_MAX; + + if( SIZE_MAX <= UINT_MAX ) + return; mbedtls_pk_init( &pk ); @@ -486,13 +488,13 @@ void pk_rsa_alt( ) TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 ); /* Test signature */ - TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, - sig, &sig_len, rnd_std_rand, NULL ) == 0 ); -#if defined(MBEDTLS_HAVE_INT64) - TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, (size_t)-1, - NULL, NULL, rnd_std_rand, NULL ) == +#if SIZE_MAX > UINT_MAX + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, + sig, &sig_len, rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, + sig, &sig_len, rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); From f4fbdda602232b10a9249c5eb61903c7ba23ab11 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 8 May 2017 11:19:19 +0100 Subject: [PATCH 0653/1059] Add test command for 64-bit ILP32 in all.sh --- tests/scripts/all.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b559af8e18..c60eaaf65a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -653,6 +653,16 @@ if uname -a | grep -F x86_64 >/dev/null; then cleanup make CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' + msg "test: i386, make, gcc" + make test + + msg "build: 64-bit ILP32, make, gcc" # ~ 30s + cleanup + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' + + msg "test: 64-bit ILP32, make, gcc" + make test + msg "build: gcc, force 32-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 6ff067d73db24b8a70c8953ed6f3900f8eea4495 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 9 Jun 2017 14:26:59 +0100 Subject: [PATCH 0654/1059] Add missing stdint.h header to test_suite_pk.func --- tests/suites/test_suite_pk.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ac6429baea..2180f5c8e8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -6,6 +6,7 @@ #include "mbedtls/rsa.h" #include +#include static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); From 0edda4236d83160dfa96fcf3322a3328657fb811 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Dec 2017 14:47:05 +0100 Subject: [PATCH 0655/1059] Added ChangeLog entry for 64-bit ILP32 fix Fixes #849 --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 84473657cc..c9b416d1de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -269,6 +269,7 @@ Bugfix Vranken. * Fix a numerical underflow leading to stack overflow in mpi_read_file() that was triggered uppon reading an empty line. Found by Guido Vranken. + * Fix test_suite_pk to work on 64-bit ILP32 systems. #849 Changes * Send fatal alerts in more cases. The previous behaviour was to skip From 48e689e6becc4a227aaa18ba83e2d3914c46552f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Jan 2018 21:19:09 +0100 Subject: [PATCH 0656/1059] Remove duplicate build run Don't compile twice with MBEDTLS_HAVE_INT64. But do test with MBEDTLS_HAVE_INT32. --- tests/scripts/all.sh | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c60eaaf65a..ccec60fcd1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -678,17 +678,6 @@ if uname -a | grep -F x86_64 >/dev/null; then scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' - - msg "test: gcc, force 64-bit compilation" - make test - - msg "build: gcc, force 64-bit compilation" - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" - scripts/config.pl unset MBEDTLS_HAVE_ASM - scripts/config.pl unset MBEDTLS_AESNI_C - scripts/config.pl unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From 14c3c0610e087e5d119d6d8b785076699fd9aeaf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Jan 2018 21:25:12 +0100 Subject: [PATCH 0657/1059] Test with 32-bit and 64-bit bignum limbs on all architectures Build with MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 on all architectures, not just x86_64. These two modes should work on all platforms (except embedded environments where 64-bit division is not available). Also run the unit tests. Correct the description: this is not "N-bit compilation", but "N-bit bignum limbs". --- tests/scripts/all.sh | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ccec60fcd1..d5fc12d0ac 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -662,24 +662,30 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "test: 64-bit ILP32, make, gcc" make test - - msg "build: gcc, force 32-bit compilation" - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" - scripts/config.pl unset MBEDTLS_HAVE_ASM - scripts/config.pl unset MBEDTLS_AESNI_C - scripts/config.pl unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' - - msg "build: gcc, force 64-bit compilation" - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" - scripts/config.pl unset MBEDTLS_HAVE_ASM - scripts/config.pl unset MBEDTLS_AESNI_C - scripts/config.pl unset MBEDTLS_PADLOCK_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' fi # x86_64 +msg "build: gcc, force 32-bit bignum limbs" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' + +msg "test: gcc, force 32-bit bignum limbs" +make test + +msg "build: gcc, force 64-bit bignum limbs" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' + +msg "test: gcc, force 64-bit bignum limbs" +make test + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From bbca8c5d3c531cb26cad0a642cbdf48287a79cab Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 25 Sep 2017 14:53:51 +0100 Subject: [PATCH 0658/1059] Add documentation warnings for weak algorithms MD2, MD4, MD5, DES and SHA-1 are considered weak and their use constitutes a security risk. If possible, we recommend avoiding dependencies on them, and considering stronger message digests and ciphers instead. --- include/mbedtls/arc4.h | 35 +++++++++++++++++- include/mbedtls/cipher.h | 14 +++++++ include/mbedtls/config.h | 64 ++++++++++++++++++++++++++++++-- include/mbedtls/des.h | 49 ++++++++++++++++++++++++ include/mbedtls/md.h | 8 ++++ include/mbedtls/md2.h | 80 ++++++++++++++++++++++++++++++++++++++++ include/mbedtls/md4.h | 79 +++++++++++++++++++++++++++++++++++++++ include/mbedtls/md5.h | 79 +++++++++++++++++++++++++++++++++++++++ include/mbedtls/sha1.h | 79 +++++++++++++++++++++++++++++++++++++++ 9 files changed, 482 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index 875c574317..f9d93f822f 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -2,6 +2,9 @@ * \file arc4.h * * \brief The ARCFOUR stream cipher + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -20,6 +23,7 @@ * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) + * */ #ifndef MBEDTLS_ARC4_H #define MBEDTLS_ARC4_H @@ -43,7 +47,11 @@ extern "C" { #endif /** - * \brief ARC4 context structure + * \brief ARC4 context structure + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. + * */ typedef struct { @@ -57,6 +65,11 @@ mbedtls_arc4_context; * \brief Initialize ARC4 context * * \param ctx ARC4 context to be initialized + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); @@ -64,6 +77,11 @@ void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); * \brief Clear ARC4 context * * \param ctx ARC4 context to be cleared + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); @@ -73,6 +91,11 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); * \param ctx ARC4 context to be setup * \param key the secret key * \param keylen length of the key, in bytes + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, unsigned int keylen ); @@ -86,6 +109,11 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, * \param output buffer for the output data * * \return 0 if successful + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, unsigned char *output ); @@ -106,6 +134,11 @@ extern "C" { * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. + * */ int mbedtls_arc4_self_test( int verbose ); diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 97b9226f5c..7ac0fd1a54 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -68,6 +68,13 @@ extern "C" { #endif +/** + * \brief An enumeration of supported ciphers. + * + * \warning ARC4 and DES are considered weak ciphers and their use + * constitutes a security risk. We recommend considering stronger + * ciphers instead. + */ typedef enum { MBEDTLS_CIPHER_ID_NONE = 0, MBEDTLS_CIPHER_ID_NULL, @@ -79,6 +86,13 @@ typedef enum { MBEDTLS_CIPHER_ID_ARC4, } mbedtls_cipher_id_t; +/** + * \brief An enumeration of supported (cipher, mode) pairs. + * + * \warning ARC4 and DES are considered weak ciphers and their use + * constitutes a security risk. We recommend considering stronger + * ciphers instead. + */ typedef enum { MBEDTLS_CIPHER_NONE = 0, MBEDTLS_CIPHER_NULL, diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6f62a87722..25ae1da773 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -262,6 +262,12 @@ * * Uncomment a macro to enable alternate implementation of the corresponding * module. + * + * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their + * use constitutes a security risk. If possible, we recommend + * avoiding dependencies on them, and considering stronger message + * digests and ciphers instead. + * */ //#define MBEDTLS_AES_ALT //#define MBEDTLS_ARC4_ALT @@ -321,6 +327,12 @@ * * Uncomment a macro to enable alternate implementation of the corresponding * function. + * + * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use + * constitutes a security risk. If possible, we recommend avoiding + * dependencies on them, and considering stronger message digests + * and ciphers instead. + * */ //#define MBEDTLS_MD2_PROCESS_ALT //#define MBEDTLS_MD4_PROCESS_ALT @@ -525,6 +537,9 @@ * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA * * Uncomment this macro to enable weak ciphersuites + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. */ //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES @@ -1615,6 +1630,11 @@ * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA + * + * \warning ARC4 is considered a weak cipher and its use constitutes a + * security risk. If possible, we recommend avoidng dependencies on + * it, and considering stronger ciphers instead. + * */ #define MBEDTLS_ARC4_C @@ -1841,6 +1861,9 @@ * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers instead. */ #define MBEDTLS_DES_C @@ -2020,6 +2043,11 @@ * Caller: * * Uncomment to enable support for (rare) MD2-signed X.509 certs. + * + * \warning MD2 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * */ //#define MBEDTLS_MD2_C @@ -2032,6 +2060,11 @@ * Caller: * * Uncomment to enable support for (rare) MD4-signed X.509 certs. + * + * \warning MD4 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * */ //#define MBEDTLS_MD4_C @@ -2045,8 +2078,15 @@ * library/pem.c * library/ssl_tls.c * - * This module is required for SSL/TLS and X.509. - * PEM_PARSE uses MD5 for decrypting encrypted keys. + * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2 + * depending on the handshake parameters. Further, it is used for checking + * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded + * encrypted keys. + * + * \warning MD5 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * */ #define MBEDTLS_MD5_C @@ -2309,6 +2349,11 @@ * * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 * depending on the handshake parameters, and for SHA1-signed certificates. + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. If possible, we recommend avoiding dependencies + * on it, and considering stronger message digests instead. + * */ #define MBEDTLS_SHA1_C @@ -2697,8 +2742,13 @@ * Allow SHA-1 in the default TLS configuration for certificate signing. * Without this build-time option, SHA-1 support must be activated explicitly * through mbedtls_ssl_conf_cert_profile. Turning on this option is not - * recommended because of it is possible to generte SHA-1 collisions, however + * recommended because of it is possible to generate SHA-1 collisions, however * this may be safe for legacy infrastructure where additional controls apply. + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. If possible, we recommend avoiding dependencies + * on it, and considering stronger message digests instead. + * */ // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES @@ -2709,7 +2759,13 @@ * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by * default. At the time of writing, there is no practical attack on the use * of SHA-1 in handshake signatures, hence this option is turned on by default - * for compatibility with existing peers. + * to preserve compatibility with existing peers, but the general + * warning applies nonetheless: + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. If possible, we recommend avoiding dependencies + * on it, and considering stronger message digests instead. + * */ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 1752898506..5a1a636522 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -2,6 +2,10 @@ * \file des.h * * \brief DES block cipher + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -20,6 +24,7 @@ * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) + * */ #ifndef MBEDTLS_DES_H #define MBEDTLS_DES_H @@ -51,6 +56,10 @@ extern "C" { /** * \brief DES context structure + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ typedef struct { @@ -71,6 +80,10 @@ mbedtls_des3_context; * \brief Initialize DES context * * \param ctx DES context to be initialized + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void mbedtls_des_init( mbedtls_des_context *ctx ); @@ -78,6 +91,10 @@ void mbedtls_des_init( mbedtls_des_context *ctx ); * \brief Clear DES context * * \param ctx DES context to be cleared + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void mbedtls_des_free( mbedtls_des_context *ctx ); @@ -102,6 +119,10 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx ); * a parity bit to allow verification. * * \param key 8-byte secret key + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); @@ -114,6 +135,10 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); * \param key 8-byte secret key * * \return 0 is parity was ok, 1 if parity was not correct. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); @@ -123,6 +148,10 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI * \param key 8-byte secret key * * \return 0 if no weak key was found, 1 if a weak key was identified. + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); @@ -133,6 +162,10 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); * \param key 8-byte secret key * * \return 0 + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); @@ -143,6 +176,10 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB * \param key 8-byte secret key * * \return 0 + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); @@ -198,6 +235,10 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, * \param output 64-bit output block * * \return 0 if successful + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, const unsigned char input[8], @@ -221,6 +262,10 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, * \param iv initialization vector (updated after use) * \param input buffer holding the input data * \param output buffer holding the output data + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, int mode, @@ -279,6 +324,10 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, * * \param SK Round keys * \param key Base key + * + * \warning DES is considered a weak cipher and its use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 57c27a6f02..bdea393bc8 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -44,6 +44,14 @@ extern "C" { #endif +/** + * \brief Enumeration of supported message digests + * + * \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and + * their use constitutes a security risk. We recommend considering + * stronger message digests instead. + * + */ typedef enum { MBEDTLS_MD_NONE=0, MBEDTLS_MD_MD2, diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index b245b5b7bd..2ff3f171a3 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -2,6 +2,10 @@ * \file md2.h * * \brief MD2 message digest algorithm (hash function) + * + * \warning MD2 is considered a weak message digest and its use constitutes a + * security risk. We recommend considering stronger message digests + * instead. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -20,6 +24,7 @@ * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) + * */ #ifndef MBEDTLS_MD2_H #define MBEDTLS_MD2_H @@ -49,6 +54,11 @@ extern "C" { /** * \brief MD2 context structure + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ typedef struct { @@ -63,6 +73,11 @@ mbedtls_md2_context; * \brief Initialize MD2 context * * \param ctx MD2 context to be initialized + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md2_init( mbedtls_md2_context *ctx ); @@ -70,6 +85,11 @@ void mbedtls_md2_init( mbedtls_md2_context *ctx ); * \brief Clear MD2 context * * \param ctx MD2 context to be cleared + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md2_free( mbedtls_md2_context *ctx ); @@ -78,6 +98,11 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx ); * * \param dst The destination context * \param src The context to be cloned + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md2_clone( mbedtls_md2_context *dst, const mbedtls_md2_context *src ); @@ -88,6 +113,11 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, * \param ctx context to be initialized * * \return 0 if successful + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); @@ -99,6 +129,11 @@ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); * \param ilen length of the input data * * \return 0 if successful + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, const unsigned char *input, @@ -111,6 +146,11 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, * \param output MD2 checksum result * * \return 0 if successful + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, unsigned char output[16] ); @@ -121,6 +161,11 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, * \param ctx MD2 context * * \return 0 if successful + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); @@ -136,6 +181,11 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); * \deprecated Superseded by mbedtls_md2_starts_ret() in 2.7.0 * * \param ctx context to be initialized + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( mbedtls_md2_context *ctx ) @@ -151,6 +201,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( * \param ctx MD2 context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( mbedtls_md2_context *ctx, @@ -167,6 +222,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( * * \param ctx MD2 context * \param output MD2 checksum result + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( mbedtls_md2_context *ctx, @@ -181,6 +241,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( * \deprecated Superseded by mbedtls_internal_md2_process() in 2.7.0 * * \param ctx MD2 context + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_process( mbedtls_md2_context *ctx ) @@ -209,6 +274,11 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md2_ret( const unsigned char *input, size_t ilen, @@ -228,6 +298,11 @@ int mbedtls_md2_ret( const unsigned char *input, * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, size_t ilen, @@ -243,6 +318,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning MD2 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md2_self_test( int verbose ); diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 886a66939b..a2ab57f078 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -2,6 +2,10 @@ * \file md4.h * * \brief MD4 message digest algorithm (hash function) + * + * \warning MD4 is considered a weak message digest and its use constitutes a + * security risk. We recommend considering stronger message digests + * instead. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -20,6 +24,7 @@ * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) + * */ #ifndef MBEDTLS_MD4_H #define MBEDTLS_MD4_H @@ -50,6 +55,11 @@ extern "C" { /** * \brief MD4 context structure + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ typedef struct { @@ -63,6 +73,11 @@ mbedtls_md4_context; * \brief Initialize MD4 context * * \param ctx MD4 context to be initialized + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md4_init( mbedtls_md4_context *ctx ); @@ -70,6 +85,11 @@ void mbedtls_md4_init( mbedtls_md4_context *ctx ); * \brief Clear MD4 context * * \param ctx MD4 context to be cleared + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md4_free( mbedtls_md4_context *ctx ); @@ -78,6 +98,11 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx ); * * \param dst The destination context * \param src The context to be cloned + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md4_clone( mbedtls_md4_context *dst, const mbedtls_md4_context *src ); @@ -88,6 +113,10 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, * \param ctx context to be initialized * * \return 0 if successful + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. */ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); @@ -99,6 +128,11 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); * \param ilen length of the input data * * \return 0 if successful + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, const unsigned char *input, @@ -111,6 +145,11 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, * \param output MD4 checksum result * * \return 0 if successful + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, unsigned char output[16] ); @@ -122,6 +161,11 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, * \param data buffer holding one block of data * * \return 0 if successful + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ); @@ -138,6 +182,11 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, * \deprecated Superseded by mbedtls_md4_starts_ret() in 2.7.0 * * \param ctx context to be initialized + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( mbedtls_md4_context *ctx ) @@ -153,6 +202,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( * \param ctx MD4 context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( mbedtls_md4_context *ctx, @@ -169,6 +223,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( * * \param ctx MD4 context * \param output MD4 checksum result + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( mbedtls_md4_context *ctx, @@ -184,6 +243,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( * * \param ctx MD4 context * \param data buffer holding one block of data + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md4_process( mbedtls_md4_context *ctx, @@ -215,6 +279,11 @@ extern "C" { * \param output MD4 checksum result * * \return 0 if successful + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md4_ret( const unsigned char *input, size_t ilen, @@ -234,6 +303,11 @@ int mbedtls_md4_ret( const unsigned char *input, * \param input buffer holding the data * \param ilen length of the input data * \param output MD4 checksum result + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input, size_t ilen, @@ -249,6 +323,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input, * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning MD4 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md4_self_test( int verbose ); diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 5734b4099a..d49391f811 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -2,6 +2,10 @@ * \file md5.h * * \brief MD5 message digest algorithm (hash function) + * + * \warning MD5 is considered a weak message digest and its use constitutes a + * security risk. We recommend considering stronger message + * digests instead. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -50,6 +54,11 @@ extern "C" { /** * \brief MD5 context structure + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ typedef struct { @@ -63,6 +72,11 @@ mbedtls_md5_context; * \brief Initialize MD5 context * * \param ctx MD5 context to be initialized + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md5_init( mbedtls_md5_context *ctx ); @@ -70,6 +84,11 @@ void mbedtls_md5_init( mbedtls_md5_context *ctx ); * \brief Clear MD5 context * * \param ctx MD5 context to be cleared + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md5_free( mbedtls_md5_context *ctx ); @@ -78,6 +97,11 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx ); * * \param dst The destination context * \param src The context to be cloned + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src ); @@ -88,6 +112,11 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, * \param ctx context to be initialized * * \return 0 if successful + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); @@ -99,6 +128,11 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); * \param ilen length of the input data * * \return 0 if successful + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, @@ -111,6 +145,11 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, * \param output MD5 checksum result * * \return 0 if successful + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ); @@ -122,6 +161,11 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, * \param data buffer holding one block of data * * \return 0 if successful + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); @@ -138,6 +182,11 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0 * * \param ctx context to be initialized + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( mbedtls_md5_context *ctx ) @@ -153,6 +202,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( * \param ctx MD5 context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( mbedtls_md5_context *ctx, @@ -169,6 +223,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( * * \param ctx MD5 context * \param output MD5 checksum result + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( mbedtls_md5_context *ctx, @@ -184,6 +243,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( * * \param ctx MD5 context * \param data buffer holding one block of data + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md5_process( mbedtls_md5_context *ctx, @@ -215,6 +279,11 @@ extern "C" { * \param output MD5 checksum result * * \return 0 if successful + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md5_ret( const unsigned char *input, size_t ilen, @@ -234,6 +303,11 @@ int mbedtls_md5_ret( const unsigned char *input, * \param input buffer holding the data * \param ilen length of the input data * \param output MD5 checksum result + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input, size_t ilen, @@ -249,6 +323,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input, * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_md5_self_test( int verbose ); diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 4d3a164018..613407a2f4 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -2,6 +2,10 @@ * \file sha1.h * * \brief SHA-1 cryptographic hash function + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. We recommend considering stronger message + * digests instead. */ /* * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved @@ -50,6 +54,11 @@ extern "C" { /** * \brief SHA-1 context structure + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ typedef struct { @@ -63,6 +72,11 @@ mbedtls_sha1_context; * \brief Initialize SHA-1 context * * \param ctx SHA-1 context to be initialized + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); @@ -70,6 +84,11 @@ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); * \brief Clear SHA-1 context * * \param ctx SHA-1 context to be cleared + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); @@ -78,6 +97,11 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); * * \param dst The destination context * \param src The context to be cloned + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, const mbedtls_sha1_context *src ); @@ -88,6 +112,11 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * \param ctx context to be initialized * * \return 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); @@ -99,6 +128,11 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * \param ilen length of the input data * * \return 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, @@ -111,6 +145,11 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * \param output SHA-1 checksum result * * \return 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ); @@ -122,6 +161,11 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, * \param data buffer holding one block of data * * \return 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); @@ -138,6 +182,11 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0 * * \param ctx context to be initialized + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) @@ -153,6 +202,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( * \param ctx SHA-1 context * \param input buffer holding the data * \param ilen length of the input data + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( mbedtls_sha1_context *ctx, @@ -169,6 +223,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( * * \param ctx SHA-1 context * \param output SHA-1 checksum result + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, @@ -184,6 +243,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( * * \param ctx SHA-1 context * \param data buffer holding one block of data + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process( mbedtls_sha1_context *ctx, @@ -215,6 +279,11 @@ extern "C" { * \param output SHA-1 checksum result * * \return 0 if successful + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_sha1_ret( const unsigned char *input, size_t ilen, @@ -234,6 +303,11 @@ int mbedtls_sha1_ret( const unsigned char *input, * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, size_t ilen, @@ -249,6 +323,11 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * */ int mbedtls_sha1_self_test( int verbose ); From 2a03794d62e0e43109e27f2f75a7e491f7348e1e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 6 Oct 2017 12:29:50 +0100 Subject: [PATCH 0659/1059] Adapt ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 84473657cc..852c3cd815 100644 --- a/ChangeLog +++ b/ChangeLog @@ -150,6 +150,8 @@ Changes * Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography modules where the software implementation can be replaced by a hardware implementation. + * Add explicit warnings for the use of MD2, MD4, MD5, SHA-1, DES and ARC4 + throughout the library. = mbed TLS 2.6.0 branch released 2017-08-10 From 7f44127c71dbdc52f9958b9d6619a24f46587814 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 22 Jan 2018 11:48:23 +0000 Subject: [PATCH 0660/1059] Improve AES documentation - Separate "\file" blocks from copyright, so that Doxygen doesn't repeat the copyright information in all the Detailed Descriptions. - Improve phrasing and clarity of functions, parameters, defines and enums. GitHub PR: #1292 --- include/mbedtls/aes.h | 328 +++++++++++++++++++++++++----------------- library/error.c | 2 +- 2 files changed, 199 insertions(+), 131 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 541fa930d5..46016dcb7f 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -1,10 +1,18 @@ /** * \file aes.h * - * \brief AES block cipher + * \brief The Advanced Encryption Standard (AES) specifies a FIPS-approved + * cryptographic algorithm that can be used to protect electronic + * data. + * + * The AES algorithm is a symmetric block cipher that can + * encrypt and decrypt information. For more information, see + * FIPS Publication 197: Advanced Encryption Standard and + * ISO/IEC 18033-2:2006: Information technology -- Security + * techniques -- Encryption algorithms -- Part 2: Asymmetric + * ciphers. */ -/* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved +/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +27,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_AES_H #define MBEDTLS_AES_H @@ -34,15 +43,15 @@ #include /* padlock.c and aesni.c rely on these values! */ -#define MBEDTLS_AES_ENCRYPT 1 -#define MBEDTLS_AES_DECRYPT 0 +#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ +#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ /* Error codes in range 0x0020-0x0022 */ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ /* Error codes in range 0x0023-0x0025 */ -#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available, e.g. unsupported AES key size. */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ @@ -59,68 +68,90 @@ extern "C" { #endif /** - * \brief AES context structure - * - * \note buf is able to hold 32 extra bytes, which can be used: - * - for alignment purposes if VIA padlock is used, and/or - * - to simplify key expansion in the 256-bit case by - * generating an extra round key + * \brief The AES context-type definition. */ typedef struct { - int nr; /*!< number of rounds */ - uint32_t *rk; /*!< AES round keys */ - uint32_t buf[68]; /*!< unaligned data */ + int nr; /*!< The number of rounds. */ + uint32_t *rk; /*!< AES round keys. */ + uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can + hold 32 extra Bytes, which can be used for + one of the following purposes: +
  • Alignment if VIA padlock is + used.
    • +
  • Simplifying key expansion in the 256-bit + case by generating an extra round key. +
*/ } mbedtls_aes_context; /** - * \brief Initialize AES context + * \brief This function initializes the specified AES context. * - * \param ctx AES context to be initialized + * It must be the first API called before using + * the context. + * + * \param ctx The AES context to initialize. */ void mbedtls_aes_init( mbedtls_aes_context *ctx ); /** - * \brief Clear AES context + * \brief This function releases and clears the specified AES context. * - * \param ctx AES context to be cleared + * \param ctx The AES context to clear. */ void mbedtls_aes_free( mbedtls_aes_context *ctx ); /** - * \brief AES key schedule (encryption) + * \brief This function sets the encryption key. * - * \param ctx AES context to be initialized - * \param key encryption key - * \param keybits must be 128, 192 or 256 + * \param ctx The AES context to which the key should be bound. + * \param key The encryption key. + * \param keybits The size of data passed in bits. Valid options are: + *
  • 128 bits
    • + *
  • 192 bits
    • + *
  • 256 bits
* - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH + * \return \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH + * on failure. */ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); /** - * \brief AES key schedule (decryption) + * \brief This function sets the decryption key. * - * \param ctx AES context to be initialized - * \param key decryption key - * \param keybits must be 128, 192 or 256 + * \param ctx The AES context to which the key should be bound. + * \param key The decryption key. + * \param keybits The size of data passed. Valid options are: + *
  • 128 bits
    • + *
  • 192 bits
    • + *
  • 256 bits
* - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH + * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); /** - * \brief AES-ECB block encryption/decryption + * \brief This function performs an AES single-block encryption or + * decryption operation. * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block + * It performs the operation defined in the \p mode parameter + * (encrypt or decrypt), on the input data buffer defined in + * the \p input parameter. * - * \return 0 if successful + * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or + * mbedtls_aes_setkey_dec() must be called before the first + * call to this API with the same context. + * + * \param ctx The AES context to use for encryption or decryption. + * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or + * #MBEDTLS_AES_DECRYPT. + * \param input The 16-Byte buffer holding the input data. + * \param output The 16-Byte buffer holding the output data. + + * \return \c 0 on success. */ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, int mode, @@ -129,26 +160,40 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CBC) /** - * \brief AES-CBC buffer encryption/decryption - * Length should be a multiple of the block - * size (16 bytes) + * \brief This function performs an AES-CBC encryption or decryption operation + * on full blocks. * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. + * It performs the operation defined in the \p mode + * parameter (encrypt/decrypt), on the input data buffer defined in + * the \p input parameter. * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * It can be called as many times as needed, until all the input + * data is processed. mbedtls_aes_init(), and either + * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called + * before the first call to this API with the same context. * - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH + * \note This function operates on aligned blocks, that is, the input size + * must be a multiple of the AES block size of 16 Bytes. + * + * \note Upon exit, the content of the IV is updated so that you can + * call the same function again on the next + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If you need to retain the contents of the IV, you should + * either save it manually or use the cipher module instead. + * + * + * \param ctx The AES context to use for encryption or decryption. + * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or + * #MBEDTLS_AES_DECRYPT. + * \param length The length of the input data in Bytes. This must be a + * multiple of the block size (16 Bytes). + * \param iv Initialization vector (updated after use). + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * + * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH + * on failure. */ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, int mode, @@ -160,29 +205,38 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CFB) /** - * \brief AES-CFB128 buffer encryption/decryption. + * \brief This function performs an AES-CFB128 encryption or decryption + * operation. * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. + * It performs the operation defined in the \p mode + * parameter (encrypt or decrypt), on the input data buffer + * defined in the \p input parameter. * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. + * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), + * regardless of whether you are performing an encryption or decryption + * operation, that is, regardless of the \p mode parameter. This is + * because CFB mode uses the same key schedule for encryption and + * decryption. * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv_off offset in IV (updated after use) - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * \note Upon exit, the content of the IV is updated so that you can + * call the same function again on the next + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If you need to retain the contents of the + * IV, you must either save it manually or use the cipher + * module instead. * - * \return 0 if successful + * + * \param ctx The AES context to use for encryption or decryption. + * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or + * #MBEDTLS_AES_DECRYPT. + * \param length The length of the input data. + * \param iv_off The offset in IV (updated after use). + * \param iv The initialization vector (updated after use). + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * + * \return \c 0 on success. */ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, int mode, @@ -193,28 +247,36 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, unsigned char *output ); /** - * \brief AES-CFB8 buffer encryption/decryption. + * \brief This function performs an AES-CFB8 encryption or decryption + * operation. * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. + * It performs the operation defined in the \p mode + * parameter (encrypt/decrypt), on the input data buffer defined + * in the \p input parameter. * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. + * Due to the nature of CFB, you must use the same key schedule for + * both encryption and decryption operations. Therefore, you must + * use the context initialized with mbedtls_aes_setkey_enc() for + * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * \note Upon exit, the content of the IV is updated so that you can + * call the same function again on the next + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If you need to retain the contents of the + * IV, you should either save it manually or use the cipher + * module instead. * - * \return 0 if successful + * + * \param ctx The AES context to use for encryption or decryption. + * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or + * #MBEDTLS_AES_DECRYPT + * \param length The length of the input data. + * \param iv The initialization vector (updated after use). + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * + * \return \c 0 on success. */ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, int mode, @@ -226,26 +288,32 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CTR) /** - * \brief AES-CTR buffer encryption/decryption + * \brief This function performs an AES-CTR encryption or decryption + * operation. * - * Warning: You have to keep the maximum use of your counter in mind! + * This function performs the operation defined in the \p mode + * parameter (encrypt/decrypt), on the input data buffer + * defined in the \p input parameter. * - * Note: Due to the nature of CTR you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. + * Due to the nature of CTR, you must use the same key schedule + * for both encryption and decryption operations. Therefore, you + * must use the context initialized with mbedtls_aes_setkey_enc() + * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. * - * \param ctx AES context - * \param length The length of the data - * \param nc_off The offset in the current stream_block (for resuming - * within current cipher stream). The offset pointer to - * should be 0 at the start of a stream. - * \param nonce_counter The 128-bit nonce and counter. - * \param stream_block The saved stream-block for resuming. Is overwritten - * by the function. - * \param input The input data stream - * \param output The output data stream + * \warning You must keep the maximum use of your counter in mind. * - * \return 0 if successful + * \param ctx The AES context to use for encryption or decryption. + * \param length The length of the input data. + * \param nc_off The offset in the current \p stream_block, for + * resuming within the current cipher stream. The + * offset pointer should be 0 at the start of a stream. + * \param nonce_counter The 128-bit nonce and counter. + * \param stream_block The saved stream block for resuming. This is + * overwritten by the function. + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * + * \return \c 0 on success. */ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, size_t length, @@ -257,30 +325,30 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, #endif /* MBEDTLS_CIPHER_MODE_CTR */ /** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) + * \brief Internal AES block encryption function. This is only + * exposed to allow overriding it using + * \c MBEDTLS_AES_ENCRYPT_ALT. * - * \param ctx AES context - * \param input Plaintext block - * \param output Output (ciphertext) block + * \param ctx The AES context to use for encryption. + * \param input The plaintext block. + * \param output The output (ciphertext) block. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); /** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) + * \brief Internal AES block decryption function. This is only + * exposed to allow overriding it using see + * \c MBEDTLS_AES_DECRYPT_ALT. * - * \param ctx AES context - * \param input Ciphertext block - * \param output Output (plaintext) block + * \param ctx The AES context to use for decryption. + * \param input The ciphertext block. + * \param output The output (plaintext) block. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, const unsigned char input[16], @@ -296,11 +364,11 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \brief Deprecated internal AES block encryption function * without return value. * - * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0. * - * \param ctx AES context - * \param input Plaintext block - * \param output Output (ciphertext) block + * \param ctx The AES context to use for encryption. + * \param input Plaintext block. + * \param output Output (ciphertext) block. */ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, const unsigned char input[16], @@ -310,11 +378,11 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * \brief Deprecated internal AES block decryption function * without return value. * - * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0. * - * \param ctx AES context - * \param input Ciphertext block - * \param output Output (plaintext) block + * \param ctx The AES context to use for decryption. + * \param input Ciphertext block. + * \param output Output (plaintext) block. */ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, const unsigned char input[16], @@ -336,9 +404,9 @@ extern "C" { #endif /** - * \brief Checkup routine + * \brief Checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_aes_self_test( int verbose ); diff --git a/library/error.c b/library/error.c index 4f5e4469fd..e39fb09b93 100644 --- a/library/error.c +++ b/library/error.c @@ -569,7 +569,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "AES - Feature not available, e.g. unsupported AES key size" ); + mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" ); if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "AES - AES hardware accelerator failed" ); #endif /* MBEDTLS_AES_C */ From eecdbea30f50ed97715a800302f5dae36e2fddef Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Wed, 24 Jan 2018 12:56:53 +0000 Subject: [PATCH 0661/1059] Improve CCM documentation - Rephrase function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhering to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. - Fix iv_len values per the standard. GitHub PR: #1305 --- include/mbedtls/ccm.h | 128 +++++++++++++++++++++++------------------- library/error.c | 2 +- 2 files changed, 72 insertions(+), 58 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 1459eb8eab..5a9ee4a1cd 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -1,10 +1,19 @@ /** * \file ccm.h * - * \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers + * \brief CCM combines Counter mode encryption with CBC-MAC authentication + * for 128-bit block ciphers. + * + * Input to CCM includes the following elements: + *
  • Payload - data that is both authenticated and encrypted.
    • + *
  • Associated data (Adata) - data that is authenticated but not + * encrypted, For example, a header.
    • + *
  • Nonce - A unique value that is assigned to the payload and the + * associated data.
+ * */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,16 +28,17 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_CCM_H #define MBEDTLS_CCM_H #include "cipher.h" -#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ -#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ +#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */ +#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ +#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ #if !defined(MBEDTLS_CCM_ALT) // Regular implementation @@ -39,31 +49,33 @@ extern "C" { #endif /** - * \brief CCM context structure + * \brief The CCM context-type definition. The CCM context is passed + * to the APIs called. */ typedef struct { - mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ + mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ } mbedtls_ccm_context; /** - * \brief Initialize CCM context (just makes references valid) - * Makes the context ready for mbedtls_ccm_setkey() or - * mbedtls_ccm_free(). + * \brief This function initializes the specified CCM context, + * to make references valid, and prepare the context + * for mbedtls_ccm_setkey() or mbedtls_ccm_free(). * - * \param ctx CCM context to initialize + * \param ctx The CCM context to initialize. */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); /** - * \brief CCM initialization (encryption and decryption) + * \brief This function initializes the CCM context set in the + * \p ctx parameter and sets the encryption key. * - * \param ctx CCM context to be initialized - * \param cipher cipher to use (a 128-bit block cipher) - * \param key encryption key - * \param keybits key size in bits (must be acceptable by the cipher) + * \param ctx The CCM context to initialize. + * \param cipher The 128-bit block cipher to use. + * \param key The encryption key. + * \param keybits The key size in bits. This must be acceptable by the cipher. * - * \return 0 if successful, or a cipher specific error code + * \return \c 0 on success, or a cipher-specific error code. */ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, @@ -71,36 +83,37 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, unsigned int keybits ); /** - * \brief Free a CCM context and underlying cipher sub-context + * \brief This function releases and clears the specified CCM context + * and underlying cipher sub-context. * - * \param ctx CCM context to free + * \param ctx The CCM context to clear. */ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); /** - * \brief CCM buffer encryption + * \brief This function encrypts a buffer using CCM. * - * \param ctx CCM context - * \param length length of the input data in bytes - * \param iv nonce (initialization vector) - * \param iv_len length of IV in bytes - * must be 2, 3, 4, 5, 6, 7 or 8 - * \param add additional data - * \param add_len length of additional data in bytes - * must be less than 2^16 - 2^8 - * \param input buffer holding the input data - * \param output buffer for holding the output data - * must be at least 'length' bytes wide - * \param tag buffer for holding the tag - * \param tag_len length of the tag to generate in bytes - * must be 4, 6, 8, 10, 14 or 16 + * \param ctx The CCM context to use for encryption. + * \param length The length of the input data in Bytes. + * \param iv Initialization vector (nonce). + * \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13. + * \param add The additional data field. + * \param add_len The length of additional data in Bytes. + * Must be less than 2^16 - 2^8. + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * Must be at least \p length Bytes wide. + * \param tag The buffer holding the tag. + * \param tag_len The length of the tag to generate in Bytes: + * 4, 6, 8, 10, 14 or 16. * - * \note The tag is written to a separate buffer. To get the tag - * concatenated with the output as in the CCM spec, use - * tag = output + length and make sure the output buffer is - * at least length + tag_len wide. + * \note The tag is written to a separate buffer. To concatenate + * the \p tag with the \p output, as done in RFC-3610: + * Counter with CBC-MAC (CCM), use + * \p tag = \p output + \p length, and make sure that the + * output buffer is at least \p length + \p tag_len wide. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, @@ -109,21 +122,22 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, unsigned char *tag, size_t tag_len ); /** - * \brief CCM buffer authenticated decryption + * \brief This function performs a CCM authenticated decryption of a + * buffer. * - * \param ctx CCM context - * \param length length of the input data - * \param iv initialization vector - * \param iv_len length of IV - * \param add additional data - * \param add_len length of additional data - * \param input buffer holding the input data - * \param output buffer for holding the output data - * \param tag buffer holding the tag - * \param tag_len length of the tag + * \param ctx The CCM context to use for decryption. + * \param length The length of the input data in Bytes. + * \param iv Initialization vector. + * \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13. + * \param add The additional data field. + * \param add_len The length of additional data in Bytes. + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * \param tag The buffer holding the tag. + * \param tag_len The length of the tag in Bytes. * - * \return 0 if successful and authenticated, - * MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match + * \return 0 if successful and authenticated, or + * #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, @@ -135,9 +149,9 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, } #endif -#else /* !MBEDTLS_CCM_ALT */ +#else /* MBEDTLS_CCM_ALT */ #include "ccm_alt.h" -#endif /* !MBEDTLS_CCM_ALT */ +#endif /* MBEDTLS_CCM_ALT */ #ifdef __cplusplus extern "C" { @@ -145,9 +159,9 @@ extern "C" { #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /** - * \brief Checkup routine + * \brief The CCM checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_ccm_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ diff --git a/library/error.c b/library/error.c index e39fb09b93..fdfa94ad09 100644 --- a/library/error.c +++ b/library/error.c @@ -642,7 +642,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_CCM_C) if( use_ret == -(MBEDTLS_ERR_CCM_BAD_INPUT) ) - mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to function" ); + mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to the function" ); if( use_ret == -(MBEDTLS_ERR_CCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); if( use_ret == -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED) ) From 9ba6b621deac7d1468e4e43cc0f18d730f819b54 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Wed, 24 Jan 2018 12:59:19 +0000 Subject: [PATCH 0662/1059] Improve cipher documentation - Rephrase function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. GitHub PR: #1306 --- include/mbedtls/cipher.h | 527 +++++++++++++++++++++------------------ library/error.c | 4 +- 2 files changed, 280 insertions(+), 251 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 97b9226f5c..dc1bc56470 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -1,12 +1,12 @@ /** * \file cipher.h * - * \brief Generic cipher wrapper. + * \brief The generic cipher wrapper. * * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -21,7 +21,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_CIPHER_H @@ -52,22 +52,23 @@ #define inline __inline #endif -#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */ -#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters to function. */ -#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */ -#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ -#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ -#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ -#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */ -#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */ +#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */ +#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters. */ +#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */ +#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ +#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ +#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ +#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid. For example, because it was freed. */ +#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */ -#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */ -#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */ +#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */ +#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */ #ifdef __cplusplus extern "C" { #endif +/** Supported cipher IDs. */ typedef enum { MBEDTLS_CIPHER_ID_NONE = 0, MBEDTLS_CIPHER_ID_NULL, @@ -79,6 +80,7 @@ typedef enum { MBEDTLS_CIPHER_ID_ARC4, } mbedtls_cipher_id_t; +/** Supported cipher types. */ typedef enum { MBEDTLS_CIPHER_NONE = 0, MBEDTLS_CIPHER_NULL, @@ -131,6 +133,7 @@ typedef enum { MBEDTLS_CIPHER_CAMELLIA_256_CCM, } mbedtls_cipher_type_t; +/** Supported cipher modes. */ typedef enum { MBEDTLS_MODE_NONE = 0, MBEDTLS_MODE_ECB, @@ -143,14 +146,16 @@ typedef enum { MBEDTLS_MODE_CCM, } mbedtls_cipher_mode_t; +/** Supported cipher padding types. */ typedef enum { - MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default) */ - MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding */ - MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding */ - MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible!) */ - MBEDTLS_PADDING_NONE, /**< never pad (full blocks only) */ + MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */ + MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */ + MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */ + MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible). */ + MBEDTLS_PADDING_NONE, /**< never pad (full blocks only). */ } mbedtls_cipher_padding_t; +/** Type of operation. */ typedef enum { MBEDTLS_OPERATION_NONE = -1, MBEDTLS_DECRYPT = 0, @@ -158,19 +163,19 @@ typedef enum { } mbedtls_operation_t; enum { - /** Undefined key length */ + /** Undefined key length. */ MBEDTLS_KEY_LENGTH_NONE = 0, - /** Key length, in bits (including parity), for DES keys */ + /** Key length, in bits (including parity), for DES keys. */ MBEDTLS_KEY_LENGTH_DES = 64, - /** Key length, in bits (including parity), for DES in two key EDE */ + /** Key length in bits, including parity, for DES in two-key EDE. */ MBEDTLS_KEY_LENGTH_DES_EDE = 128, - /** Key length, in bits (including parity), for DES in three-key EDE */ + /** Key length in bits, including parity, for DES in three-key EDE. */ MBEDTLS_KEY_LENGTH_DES_EDE3 = 192, }; -/** Maximum length of any IV, in bytes */ +/** Maximum length of any IV, in Bytes. */ #define MBEDTLS_MAX_IV_LENGTH 16 -/** Maximum block size of any cipher, in bytes */ +/** Maximum block size of any cipher, in Bytes. */ #define MBEDTLS_MAX_BLOCK_LENGTH 16 /** @@ -184,33 +189,40 @@ typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t; typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t; /** - * Cipher information. Allows cipher functions to be called in a generic way. + * Cipher information. Allows calling cipher functions + * in a generic way. */ typedef struct { - /** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */ + /** Full cipher identifier. For example, + * MBEDTLS_CIPHER_AES_256_CBC. + */ mbedtls_cipher_type_t type; - /** Cipher mode (e.g. MBEDTLS_MODE_CBC) */ + /** The cipher mode. For example, MBEDTLS_MODE_CBC. */ mbedtls_cipher_mode_t mode; - /** Cipher key length, in bits (default length for variable sized ciphers) - * (Includes parity bits for ciphers like DES) */ + /** The cipher key length, in bits. This is the + * default length for variable sized ciphers. + * Includes parity bits for ciphers like DES. + */ unsigned int key_bitlen; - /** Name of the cipher */ + /** Name of the cipher. */ const char * name; - /** IV/NONCE size, in bytes. - * For cipher that accept many sizes: recommended size */ + /** IV or nonce size, in Bytes. + * For ciphers that accept variable IV sizes, + * this is the recommended size. + */ unsigned int iv_size; - /** Flags for variable IV size, variable key size, etc. */ + /** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */ int flags; - /** block size, in bytes */ + /** The block size, in Bytes. */ unsigned int block_size; - /** Base cipher information and functions */ + /** Struct for base cipher information and functions. */ const mbedtls_cipher_base_t *base; } mbedtls_cipher_info_t; @@ -219,125 +231,133 @@ typedef struct { * Generic cipher context. */ typedef struct { - /** Information about the associated cipher */ + /** Information about the associated cipher. */ const mbedtls_cipher_info_t *cipher_info; - /** Key length to use */ + /** Key length to use. */ int key_bitlen; - /** Operation that the context's key has been initialised for */ + /** Operation that the key of the context has been + * initialized for. + */ mbedtls_operation_t operation; #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) - /** Padding functions to use, if relevant for cipher mode */ + /** Padding functions to use, if relevant for + * the specific cipher mode. + */ void (*add_padding)( unsigned char *output, size_t olen, size_t data_len ); int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); #endif - /** Buffer for data that hasn't been encrypted yet */ + /** Buffer for input that has not been processed yet. */ unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]; - /** Number of bytes that still need processing */ + /** Number of Bytes that have not been processed yet. */ size_t unprocessed_len; - /** Current IV or NONCE_COUNTER for CTR-mode */ + /** Current IV or NONCE_COUNTER for CTR-mode. */ unsigned char iv[MBEDTLS_MAX_IV_LENGTH]; - /** IV size in bytes (for ciphers with variable-length IVs) */ + /** IV size in Bytes, for ciphers with variable-length IVs. */ size_t iv_size; - /** Cipher-specific context */ + /** The cipher-specific context. */ void *cipher_ctx; #if defined(MBEDTLS_CMAC_C) - /** CMAC Specific context */ + /** CMAC-specific context. */ mbedtls_cmac_context_t *cmac_ctx; #endif } mbedtls_cipher_context_t; /** - * \brief Returns the list of ciphers supported by the generic cipher module. + * \brief This function retrieves the list of ciphers supported by the generic + * cipher module. * - * \return a statically allocated array of ciphers, the last entry - * is 0. + * \return A statically-allocated array of ciphers. The last entry + * is zero. */ const int *mbedtls_cipher_list( void ); /** - * \brief Returns the cipher information structure associated - * with the given cipher name. + * \brief This function retrieves the cipher-information + * structure associated with the given cipher name. * * \param cipher_name Name of the cipher to search for. * - * \return the cipher information structure associated with the - * given cipher_name, or NULL if not found. + * \return The cipher information structure associated with the + * given \p cipher_name, or NULL if not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); /** - * \brief Returns the cipher information structure associated - * with the given cipher type. + * \brief This function retrieves the cipher-information + * structure associated with the given cipher type. * * \param cipher_type Type of the cipher to search for. * - * \return the cipher information structure associated with the - * given cipher_type, or NULL if not found. + * \return The cipher information structure associated with the + * given \p cipher_type, or NULL if not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); /** - * \brief Returns the cipher information structure associated - * with the given cipher id, key size and mode. + * \brief This function retrieves the cipher-information + * structure associated with the given cipher ID, + * key size and mode. * - * \param cipher_id Id of the cipher to search for - * (e.g. MBEDTLS_CIPHER_ID_AES) - * \param key_bitlen Length of the key in bits - * \param mode Cipher mode (e.g. MBEDTLS_MODE_CBC) + * \param cipher_id The ID of the cipher to search for. For example, + * #MBEDTLS_CIPHER_ID_AES. + * \param key_bitlen The length of the key in bits. + * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC. * - * \return the cipher information structure associated with the - * given cipher_type, or NULL if not found. + * \return The cipher information structure associated with the + * given \p cipher_id, or NULL if not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode ); /** - * \brief Initialize a cipher_context (as NONE) + * \brief This function initializes a \p cipher_context as NONE. */ void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); /** - * \brief Free and clear the cipher-specific context of ctx. - * Freeing ctx itself remains the responsibility of the - * caller. + * \brief This function frees and clears the cipher-specific + * context of \p ctx. Freeing \p ctx itself remains the + * responsibility of the caller. */ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); + /** - * \brief Initialises and fills the cipher context structure with - * the appropriate values. + * \brief This function initializes and fills the cipher-context + * structure with the appropriate values. It also clears + * the structure. * - * \note Currently also clears structure. In future versions you - * will be required to call mbedtls_cipher_init() on the structure - * first. + * \param ctx The context to initialize. May not be NULL. + * \param cipher_info The cipher to use. * - * \param ctx context to initialise. May not be NULL. - * \param cipher_info cipher to use. - * - * \return 0 on success, - * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure, - * MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the + * \return \c 0 on success, + * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure, + * #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the * cipher-specific context failed. + * + * \internal Currently, the function also clears the structure. + * In future versions, the caller will be required to call + * mbedtls_cipher_init() on the structure first. */ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ); /** - * \brief Returns the block size of the given cipher. + * \brief This function returns the block size of the given cipher. * - * \param ctx cipher's context. Must have been initialised. + * \param ctx The context of the cipher. Must be initialized. * - * \return size of the cipher's blocks, or 0 if ctx has not been - * initialised. + * \return The size of the blocks of the cipher, or zero if \p ctx + * has not been initialized. */ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) { @@ -348,13 +368,13 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c } /** - * \brief Returns the mode of operation for the cipher. - * (e.g. MBEDTLS_MODE_CBC) + * \brief This function returns the mode of operation for + * the cipher. For example, MBEDTLS_MODE_CBC. * - * \param ctx cipher's context. Must have been initialised. + * \param ctx The context of the cipher. Must be initialized. * - * \return mode of operation, or MBEDTLS_MODE_NONE if ctx - * has not been initialised. + * \return The mode of operation, or #MBEDTLS_MODE_NONE if + * \p ctx has not been initialized. */ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) { @@ -365,13 +385,14 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl } /** - * \brief Returns the size of the cipher's IV/NONCE in bytes. + * \brief This function returns the size of the IV or nonce + * of the cipher, in Bytes. * - * \param ctx cipher's context. Must have been initialised. + * \param ctx The context of the cipher. Must be initialized. * - * \return If IV has not been set yet: (recommended) IV size - * (0 for ciphers not using IV/NONCE). - * If IV has already been set: actual size. + * \return
  • If no IV has been set: the recommended IV size. + * 0 for ciphers not using IV or nonce.
    • + *
  • If IV has already been set: the actual size.
*/ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { @@ -385,12 +406,12 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct } /** - * \brief Returns the type of the given cipher. + * \brief This function returns the type of the given cipher. * - * \param ctx cipher's context. Must have been initialised. + * \param ctx The context of the cipher. Must be initialized. * - * \return type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has - * not been initialised. + * \return The type of the cipher, or #MBEDTLS_CIPHER_NONE if + * \p ctx has not been initialized. */ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx ) { @@ -401,11 +422,13 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe } /** - * \brief Returns the name of the given cipher, as a string. + * \brief This function returns the name of the given cipher + * as a string. * - * \param ctx cipher's context. Must have been initialised. + * \param ctx The context of the cipher. Must be initialized. * - * \return name of the cipher, or NULL if ctx was not initialised. + * \return The name of the cipher, or NULL if \p ctx has not + * been not initialized. */ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) { @@ -416,13 +439,13 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_ } /** - * \brief Returns the key length of the cipher. + * \brief This function returns the key length of the cipher. * - * \param ctx cipher's context. Must have been initialised. + * \param ctx The context of the cipher. Must be initialized. * - * \return cipher's key length, in bits, or - * MBEDTLS_KEY_LENGTH_NONE if ctx has not been - * initialised. + * \return The key length of the cipher in bits, or + * #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been + * initialized. */ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx ) { @@ -433,13 +456,13 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t } /** - * \brief Returns the operation of the given cipher. + * \brief This function returns the operation of the given cipher. * - * \param ctx cipher's context. Must have been initialised. + * \param ctx The context of the cipher. Must be initialized. * - * \return operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT), - * or MBEDTLS_OPERATION_NONE if ctx has not been - * initialised. + * \return The type of operation: #MBEDTLS_ENCRYPT or + * #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx + * has not been initialized. */ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) { @@ -450,18 +473,18 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci } /** - * \brief Set the key to use with the given context. + * \brief This function sets the key to use with the given context. * - * \param ctx generic cipher context. May not be NULL. Must have been - * initialised using cipher_context_from_type or - * cipher_context_from_string. + * \param ctx The generic cipher context. May not be NULL. Must have + * been initialized using mbedtls_cipher_info_from_type() + * or mbedtls_cipher_info_from_string(). * \param key The key to use. - * \param key_bitlen key length to use, in bits. - * \param operation Operation that the key will be used for, either - * MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT. + * \param key_bitlen The key length to use, in bits. + * \param operation The operation that the key will be used for: + * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * - * \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails or a cipher specific + * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * parameter verification fails, or a cipher-specific * error code. */ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, @@ -469,170 +492,176 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /** - * \brief Set padding mode, for cipher modes that use padding. - * (Default: PKCS7 padding.) + * \brief This function sets the padding mode, for cipher modes + * that use padding. * - * \param ctx generic cipher context - * \param mode padding mode + * The default passing mode is PKCS7 padding. * - * \returns 0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE - * if selected padding mode is not supported, or - * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode + * \param ctx The generic cipher context. + * \param mode The padding mode. + * + * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE + * if the selected padding mode is not supported, or + * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode * does not support padding. */ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ); #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ /** - * \brief Set the initialization vector (IV) or nonce + * \brief This function sets the initialization vector (IV) + * or nonce. * - * \param ctx generic cipher context - * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers) - * \param iv_len IV length for ciphers with variable-size IV; - * discarded by ciphers with fixed-size IV. + * \param ctx The generic cipher context. + * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. + * \param iv_len The IV length for ciphers with variable-size IV. + * This parameter is discarded by ciphers with fixed-size IV. * - * \returns 0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + * \returns \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA * - * \note Some ciphers don't use IVs nor NONCE. For these - * ciphers, this function has no effect. + * \note Some ciphers do not use IVs nor nonce. For these + * ciphers, this function has no effect. */ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ); /** - * \brief Finish preparation of the given context + * \brief This function resets the cipher state. * - * \param ctx generic cipher context + * \param ctx The generic cipher context. * - * \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA - * if parameter verification fails. + * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + * if parameter verification fails. */ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); #if defined(MBEDTLS_GCM_C) /** - * \brief Add additional data (for AEAD ciphers). - * Currently only supported with GCM. - * Must be called exactly once, after mbedtls_cipher_reset(). + * \brief This function adds additional data for AEAD ciphers. + * Only supported with GCM. Must be called + * exactly once, after mbedtls_cipher_reset(). * - * \param ctx generic cipher context - * \param ad Additional data to use. - * \param ad_len Length of ad. + * \param ctx The generic cipher context. + * \param ad The additional data to use. + * \param ad_len the Length of \p ad. * - * \return 0 on success, or a specific error code. + * \return \c 0 on success, or a specific error code on failure. */ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len ); #endif /* MBEDTLS_GCM_C */ /** - * \brief Generic cipher update function. Encrypts/decrypts - * using the given cipher context. Writes as many block - * size'd blocks of data as possible to output. Any data - * that cannot be written immediately will either be added - * to the next block, or flushed when cipher_final is - * called. - * Exception: for MBEDTLS_MODE_ECB, expects single block - * in size (e.g. 16 bytes for AES) + * \brief The generic cipher update function. It encrypts or + * decrypts using the given cipher context. Writes as + * many block-sized blocks of data as possible to output. + * Any data that cannot be written immediately is either + * added to the next block, or flushed when + * mbedtls_cipher_finish() is called. + * Exception: For MBEDTLS_MODE_ECB, expects a single block + * in size. For example, 16 Bytes for AES. * - * \param ctx generic cipher context - * \param input buffer holding the input data - * \param ilen length of the input data - * \param output buffer for the output data. Should be able to hold at - * least ilen + block_size. Cannot be the same buffer as - * input! - * \param olen length of the output data, will be filled with the - * actual number of bytes written. + * \param ctx The generic cipher context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The buffer for the output data. Must be able to hold at + * least \p ilen + block_size. Must not be the same buffer + * as input. + * \param olen The length of the output data, to be updated with the + * actual number of Bytes written. * - * \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * parameter verification fails, - * MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an - * unsupported mode for a cipher or a cipher specific + * #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an + * unsupported mode for a cipher, or a cipher-specific * error code. * * \note If the underlying cipher is GCM, all calls to this - * function, except the last one before mbedtls_cipher_finish(), - * must have ilen a multiple of the block size. + * function, except the last one before + * mbedtls_cipher_finish(). Must have \p ilen as a + * multiple of the block_size. */ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ); /** - * \brief Generic cipher finalisation function. If data still - * needs to be flushed from an incomplete block, data - * contained within it will be padded with the size of - * the last block, and written to the output buffer. + * \brief The generic cipher finalization function. If data still + * needs to be flushed from an incomplete block, the data + * contained in it is padded to the size of + * the last block, and written to the \p output buffer. * - * \param ctx Generic cipher context - * \param output buffer to write data to. Needs block_size available. - * \param olen length of the data written to the output buffer. + * \param ctx The generic cipher context. + * \param output The buffer to write data to. Needs block_size available. + * \param olen The length of the data written to the \p output buffer. * - * \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * parameter verification fails, - * MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption + * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption * expected a full block but was not provided one, - * MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding - * while decrypting or a cipher specific error code. + * #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding + * while decrypting, or a cipher-specific error code + * on failure for any other reason. */ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ); #if defined(MBEDTLS_GCM_C) /** - * \brief Write tag for AEAD ciphers. - * Currently only supported with GCM. + * \brief This function writes a tag for AEAD ciphers. + * Only supported with GCM. * Must be called after mbedtls_cipher_finish(). * - * \param ctx Generic cipher context - * \param tag buffer to write the tag - * \param tag_len Length of the tag to write + * \param ctx The generic cipher context. + * \param tag The buffer to write the tag to. + * \param tag_len The length of the tag to write. * - * \return 0 on success, or a specific error code. + * \return \c 0 on success, or a specific error code on failure. */ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len ); /** - * \brief Check tag for AEAD ciphers. - * Currently only supported with GCM. + * \brief This function checks the tag for AEAD ciphers. + * Only supported with GCM. * Must be called after mbedtls_cipher_finish(). * - * \param ctx Generic cipher context - * \param tag Buffer holding the tag - * \param tag_len Length of the tag to check + * \param ctx The generic cipher context. + * \param tag The buffer holding the tag. + * \param tag_len The length of the tag to check. * - * \return 0 on success, or a specific error code. + * \return \c 0 on success, or a specific error code on failure. */ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len ); #endif /* MBEDTLS_GCM_C */ /** - * \brief Generic all-in-one encryption/decryption - * (for all ciphers except AEAD constructs). + * \brief The generic all-in-one encryption/decryption function, + * for all ciphers except AEAD constructs. * - * \param ctx generic cipher context - * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers) - * \param iv_len IV length for ciphers with variable-size IV; - * discarded by ciphers with fixed-size IV. - * \param input buffer holding the input data - * \param ilen length of the input data - * \param output buffer for the output data. Should be able to hold at - * least ilen + block_size. Cannot be the same buffer as - * input! - * \param olen length of the output data, will be filled with the - * actual number of bytes written. + * \param ctx The generic cipher context. + * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. + * \param iv_len The IV length for ciphers with variable-size IV. + * This parameter is discarded by ciphers with fixed-size + * IV. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The buffer for the output data. Must be able to hold at + * least \p ilen + block_size. Must not be the same buffer + * as input. + * \param olen The length of the output data, to be updated with the + * actual number of Bytes written. * - * \note Some ciphers don't use IVs nor NONCE. For these - * ciphers, use iv = NULL and iv_len = 0. + * \note Some ciphers do not use IVs nor nonce. For these + * ciphers, use \p iv = NULL and \p iv_len = 0. * - * \returns 0 on success, or - * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption + * \returns \c 0 on success, or + * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or + * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption * expected a full block but was not provided one, or - * MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding - * while decrypting, or - * a cipher specific error code. + * #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding + * while decrypting, or a cipher-specific error code on + * failure for any other reason. */ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -641,26 +670,26 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CIPHER_MODE_AEAD) /** - * \brief Generic autenticated encryption (AEAD ciphers). + * \brief The generic autenticated encryption (AEAD) function. * - * \param ctx generic cipher context - * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers) - * \param iv_len IV length for ciphers with variable-size IV; - * discarded by ciphers with fixed-size IV. - * \param ad Additional data to authenticate. - * \param ad_len Length of ad. - * \param input buffer holding the input data - * \param ilen length of the input data - * \param output buffer for the output data. - * Should be able to hold at least ilen. - * \param olen length of the output data, will be filled with the - * actual number of bytes written. - * \param tag buffer for the authentication tag - * \param tag_len desired tag length + * \param ctx The generic cipher context. + * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. + * \param iv_len The IV length for ciphers with variable-size IV. + * This parameter is discarded by ciphers with fixed-size IV. + * \param ad The additional data to authenticate. + * \param ad_len The length of \p ad. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The buffer for the output data. + * Must be able to hold at least \p ilen. + * \param olen The length of the output data, to be updated with the + * actual number of Bytes written. + * \param tag The buffer for the authentication tag. + * \param tag_len The desired length of the authentication tag. * - * \returns 0 on success, or - * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * a cipher specific error code. + * \returns \c 0 on success, or + * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or + * a cipher-specific error code. */ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -670,31 +699,31 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len ); /** - * \brief Generic autenticated decryption (AEAD ciphers). + * \brief The generic autenticated decryption (AEAD) function. * - * \param ctx generic cipher context - * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers) - * \param iv_len IV length for ciphers with variable-size IV; - * discarded by ciphers with fixed-size IV. - * \param ad Additional data to be authenticated. - * \param ad_len Length of ad. - * \param input buffer holding the input data - * \param ilen length of the input data - * \param output buffer for the output data. - * Should be able to hold at least ilen. - * \param olen length of the output data, will be filled with the - * actual number of bytes written. - * \param tag buffer holding the authentication tag - * \param tag_len length of the authentication tag + * \param ctx The generic cipher context. + * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. + * \param iv_len The IV length for ciphers with variable-size IV. + * This parameter is discarded by ciphers with fixed-size IV. + * \param ad The additional data to be authenticated. + * \param ad_len The length of \p ad. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The buffer for the output data. + * Must be able to hold at least \p ilen. + * \param olen The length of the output data, to be updated with the + * actual number of Bytes written. + * \param tag The buffer holding the authentication tag. + * \param tag_len The length of the authentication tag. * - * \returns 0 on success, or - * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic, - * or a cipher specific error code. + * \returns \c 0 on success, or + * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or + * #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic, + * or a cipher-specific error code on failure for any other reason. * * \note If the data is not authentic, then the output buffer - * is zeroed out to prevent the unauthentic plaintext to - * be used by mistake, making this interface safer. + * is zeroed out to prevent the unauthentic plaintext being + * used, making this interface safer. */ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, diff --git a/library/error.c b/library/error.c index fdfa94ad09..f602686594 100644 --- a/library/error.c +++ b/library/error.c @@ -210,7 +210,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "CIPHER - The selected feature is not available" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters to function" ); + mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED) ) mbedtls_snprintf( buf, buflen, "CIPHER - Failed to allocate memory" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_PADDING) ) @@ -220,7 +220,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) ) - mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" ); + mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid. For example, because it was freed" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "CIPHER - Cipher hardware accelerator failed" ); #endif /* MBEDTLS_CIPHER_C */ From 380d05d7ff9b3be93cc6df7014f10f69ae7cc84f Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 25 Jan 2018 21:52:41 +0000 Subject: [PATCH 0663/1059] Improve CMAC documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. GitHub PR: #1315 --- include/mbedtls/cmac.h | 153 +++++++++++++++++++++++------------------ 1 file changed, 87 insertions(+), 66 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 1cac948968..628c9daba2 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -1,11 +1,11 @@ /** * \file cmac.h * - * \brief Cipher-based Message Authentication Code (CMAC) Mode for - * Authentication + * \brief The Cipher-based Message Authentication Code (CMAC) Mode for + * Authentication. */ /* - * Copyright (C) 2015-2016, ARM Limited, All Rights Reserved + * Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -20,8 +20,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_CMAC_H #define MBEDTLS_CMAC_H @@ -31,110 +32,125 @@ extern "C" { #endif -#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */ +#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */ #define MBEDTLS_AES_BLOCK_SIZE 16 #define MBEDTLS_DES3_BLOCK_SIZE 8 #if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* longest used by CMAC is AES */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* The longest block used by CMAC is that of AES. */ #else -#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* The longest block used by CMAC is that of 3DES. */ #endif #if !defined(MBEDTLS_CMAC_ALT) /** - * CMAC context structure - Contains internal state information only + * The CMAC context structure. */ struct mbedtls_cmac_context_t { - /** Internal state of the CMAC algorithm */ + /** The internal state of the CMAC algorithm. */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; /** Unprocessed data - either data that was not block aligned and is still - * pending to be processed, or the final block */ + * pending processing, or the final block. */ unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]; - /** Length of data pending to be processed */ + /** The length of data pending processing. */ size_t unprocessed_len; }; /** - * \brief Set the CMAC key and prepare to authenticate the input - * data. - * Should be called with an initialized cipher context. + * \brief This function sets the CMAC key, and prepares to authenticate + * the input data. + * Must be called with an initialized cipher context. * - * \param ctx Cipher context. This should be a cipher context, - * initialized to be one of the following types: - * MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB, - * MBEDTLS_CIPHER_AES_256_ECB or - * MBEDTLS_CIPHER_DES_EDE3_ECB. - * \param key CMAC key - * \param keybits length of the CMAC key in bits - * (must be acceptable by the cipher) + * \param ctx The cipher context used for the CMAC operation, initialized + * as one of the following types:
    + *
  • MBEDTLS_CIPHER_AES_128_ECB
    • + *
  • MBEDTLS_CIPHER_AES_192_ECB
    • + *
  • MBEDTLS_CIPHER_AES_256_ECB
    • + *
  • MBEDTLS_CIPHER_DES_EDE3_ECB
+ * \param key The CMAC key. + * \param keybits The length of the CMAC key in bits. + * Must be supported by the cipher. * - * \return 0 if successful, or a cipher specific error code + * \return \c 0 on success, or a cipher-specific error code. */ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, const unsigned char *key, size_t keybits ); /** - * \brief Generic CMAC process buffer. - * Called between mbedtls_cipher_cmac_starts() or - * mbedtls_cipher_cmac_reset() and - * mbedtls_cipher_cmac_finish(). - * May be called repeatedly. + * \brief This function feeds an input buffer into an ongoing CMAC + * computation. * - * \param ctx CMAC context - * \param input buffer holding the data - * \param ilen length of the input data + * It is called between mbedtls_cipher_cmac_starts() or + * mbedtls_cipher_cmac_reset(), and mbedtls_cipher_cmac_finish(). + * Can be called repeatedly. * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The cipher context used for the CMAC operation. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * if parameter verification fails. */ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen ); /** - * \brief Output CMAC. - * Called after mbedtls_cipher_cmac_update(). - * Usually followed by mbedtls_cipher_cmac_reset(), then - * mbedtls_cipher_cmac_starts(), or mbedtls_cipher_free(). + * \brief This function finishes the CMAC operation, and writes + * the result to the output buffer. * - * \param ctx CMAC context - * \param output Generic CMAC checksum result + * It is called after mbedtls_cipher_cmac_update(). + * It can be followed by mbedtls_cipher_cmac_reset() and + * mbedtls_cipher_cmac_update(), or mbedtls_cipher_free(). * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The cipher context used for the CMAC operation. + * \param output The output buffer for the CMAC checksum result. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * if parameter verification fails. */ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, unsigned char *output ); /** - * \brief Prepare to authenticate a new message with the same key. - * Called after mbedtls_cipher_cmac_finish() and before - * mbedtls_cipher_cmac_update(). + * \brief This function prepares the authentication of another + * message with the same key as the previous CMAC + * operation. * - * \param ctx CMAC context to be reset + * It is called after mbedtls_cipher_cmac_finish() + * and before mbedtls_cipher_cmac_update(). * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The cipher context used for the CMAC operation. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * if parameter verification fails. */ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); /** - * \brief Output = Generic_CMAC( cmac key, input buffer ) + * \brief This function calculates the full generic CMAC + * on the input buffer with the provided key. * - * \param cipher_info message digest info - * \param key CMAC key - * \param keylen length of the CMAC key in bits - * \param input buffer holding the data - * \param ilen length of the input data - * \param output Generic CMAC-result + * The function allocates the context, performs the + * calculation, and frees the context. * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * The CMAC result is calculated as + * output = generic CMAC(cmac key, input buffer). + * + * + * \param cipher_info The cipher information. + * \param key The CMAC key. + * \param keylen The length of the CMAC key in bits. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The buffer for the generic CMAC result. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * if parameter verification fails. */ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, const unsigned char *key, size_t keylen, @@ -143,16 +159,21 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, #if defined(MBEDTLS_AES_C) /** - * \brief AES-CMAC-128-PRF - * Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615 + * \brief This function implements the AES-CMAC-PRF-128 pseudorandom + * function, as defined in + * RFC-4615: The Advanced Encryption Standard-Cipher-based + * Message Authentication Code-Pseudo-Random Function-128 + * (AES-CMAC-PRF-128) Algorithm for the Internet Key + * Exchange Protocol (IKE). * - * \param key PRF key - * \param key_len PRF key length in bytes - * \param input buffer holding the input data - * \param in_len length of the input data in bytes - * \param output buffer holding the generated pseudorandom output (16 bytes) + * \param key The key to use. + * \param key_len The key length in Bytes. + * \param input The buffer holding the input data. + * \param in_len The length of the input data in Bytes. + * \param output The buffer holding the generated 16 Bytes of + * pseudorandom output. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, @@ -173,9 +194,9 @@ extern "C" { #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) /** - * \brief Checkup routine + * \brief The CMAC checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_cmac_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ From 332658d80ef0fd712ae232e6b7038ea0879db5aa Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 25 Jan 2018 22:02:53 +0000 Subject: [PATCH 0664/1059] Improve platform documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. GitHub PR: #1320 --- include/mbedtls/platform.h | 104 +++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 50 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index e051751189..ed10775848 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -1,10 +1,10 @@ /** * \file platform.h * - * \brief mbed TLS Platform abstraction layer + * \brief The Mbed TLS platform abstraction layer. */ /* - * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,7 +19,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_PLATFORM_H #define MBEDTLS_PLATFORM_H @@ -52,34 +52,34 @@ extern "C" { #include #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF) #if defined(_WIN32) -#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */ +#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */ #else -#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use */ +#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */ #endif #endif #if !defined(MBEDTLS_PLATFORM_STD_PRINTF) -#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use */ +#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */ #endif #if !defined(MBEDTLS_PLATFORM_STD_FPRINTF) -#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */ +#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */ #endif #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) -#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use */ +#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< The default \c calloc function to use. */ #endif #if !defined(MBEDTLS_PLATFORM_STD_FREE) -#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */ +#define MBEDTLS_PLATFORM_STD_FREE free /**< The default \c free function to use. */ #endif #if !defined(MBEDTLS_PLATFORM_STD_EXIT) -#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */ +#define MBEDTLS_PLATFORM_STD_EXIT exit /**< The default \c exit function to use. */ #endif #if !defined(MBEDTLS_PLATFORM_STD_TIME) -#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use */ +#define MBEDTLS_PLATFORM_STD_TIME time /**< The default \c time function to use. */ #endif #if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS) -#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< Default exit value to use */ +#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< The default exit value to use. */ #endif #if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) -#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */ +#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< The default exit value to use. */ #endif #if defined(MBEDTLS_FS_IO) #if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) @@ -116,12 +116,12 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size ); extern void (*mbedtls_free)( void *ptr ); /** - * \brief Set your own memory implementation function pointers + * \brief This function allows configuring custom memory-management functions. * - * \param calloc_func the calloc function implementation - * \param free_func the free function implementation + * \param calloc_func The \c calloc function implementation. + * \param free_func The \c free function implementation. * - * \return 0 if successful + * \return \c 0. */ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), void (*free_func)( void * ) ); @@ -140,11 +140,11 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); /** - * \brief Set your own fprintf function pointer + * \brief This function allows configuring a custom \p fprintf function pointer. * - * \param fprintf_func the fprintf function implementation + * \param fprintf_func The \c fprintf function implementation. * - * \return 0 + * \return \c 0. */ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *, ... ) ); @@ -163,11 +163,12 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char extern int (*mbedtls_printf)( const char *format, ... ); /** - * \brief Set your own printf function pointer + * \brief This function allows configuring a custom \c printf function + * pointer. * - * \param printf_func the printf function implementation + * \param printf_func The \c printf function implementation. * - * \return 0 + * \return \c 0 on success. */ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ); #else /* !MBEDTLS_PLATFORM_PRINTF_ALT */ @@ -196,11 +197,12 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ); extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); /** - * \brief Set your own snprintf function pointer + * \brief This function allows configuring a custom \c snprintf function + * pointer. * - * \param snprintf_func the snprintf function implementation + * \param snprintf_func The \c snprintf function implementation. * - * \return 0 + * \return \c 0 on success. */ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, const char * format, ... ) ); @@ -219,11 +221,12 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, extern void (*mbedtls_exit)( int status ); /** - * \brief Set your own exit function pointer + * \brief This function allows configuring a custom \c exit function + * pointer. * - * \param exit_func the exit function implementation + * \param exit_func The \c exit function implementation. * - * \return 0 + * \return \c 0 on success. */ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #else @@ -266,12 +269,13 @@ extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ); extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ); /** - * \brief Set your own seed file writing/reading functions + * \brief This function allows configuring custom seed file writing and + * reading functions. * - * \param nv_seed_read_func the seed reading function implementation - * \param nv_seed_write_func the seed writing function implementation + * \param nv_seed_read_func The seed reading function implementation. + * \param nv_seed_write_func The seed writing function implementation. * - * \return 0 + * \return \c 0 on success. */ int mbedtls_platform_set_nv_seed( int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), @@ -292,13 +296,13 @@ int mbedtls_platform_set_nv_seed( #if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /** - * \brief Platform context structure + * \brief The platform context structure. * * \note This structure may be used to assist platform-specific - * setup/teardown operations. + * setup or teardown operations. */ typedef struct { - char dummy; /**< Placeholder member as empty structs are not portable */ + char dummy; /**< Placeholder member, as empty structs are not portable. */ } mbedtls_platform_context; @@ -307,32 +311,32 @@ mbedtls_platform_context; #endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** - * \brief Perform any platform initialisation operations + * \brief This function performs any platform initialization operations. * - * \param ctx mbed TLS context + * \param ctx The Mbed TLS context. * - * \return 0 if successful + * \return \c 0 on success. * - * \note This function is intended to allow platform specific initialisation, + * \note This function is intended to allow platform-specific initialization, * and should be called before any other library functions. Its - * implementation is platform specific, and by default, unless platform - * specific code is provided, it does nothing. + * implementation is platform-specific, and unless + * platform-specific code is provided, it does nothing. * - * Its use and whether its necessary to be called is dependent on the + * Its use and whether it is necessary to call it is dependent on the * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** - * \brief Perform any platform teardown operations + * \brief This function performs any platform teardown operations. * - * \param ctx mbed TLS context + * \param ctx The Mbed TLS context. * - * \note This function should be called after every other mbed TLS module has - * been correctly freed using the appropriate free function. - * Its implementation is platform specific, and by default, unless - * platform specific code is provided, it does nothing. + * \note This function should be called after every other Mbed TLS module + * has been correctly freed using the appropriate free function. + * Its implementation is platform-specific, and unless + * platform-specific code is provided, it does nothing. * - * Its use and whether its necessary to be called is dependent on the + * Its use and whether it is necessary to call it is dependent on the * platform. */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From 41ad0824840484c4e1613ac342ce963590eb1156 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 26 Jan 2018 10:54:57 +0000 Subject: [PATCH 0665/1059] Improve DHM documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. - Standardize defines documentation GitHub PR: #1323 --- include/mbedtls/dhm.h | 230 ++++++++++++++++++++++++++---------------- library/error.c | 4 +- 2 files changed, 145 insertions(+), 89 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 8a28ffac9b..b1750f1d46 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -1,10 +1,18 @@ /** * \file dhm.h * - * \brief Diffie-Hellman-Merkle key exchange + * \brief Diffie-Hellman-Merkle key exchange. + * + * RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for + * Internet Key Exchange (IKE) defines a number of standardized + * Diffie-Hellman groups for IKE. + * + * RFC-5114: Additional Diffie-Hellman Groups for Use with IETF + * Standards defines a number of standardized Diffie-Hellman + * groups that can be used. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +27,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_DHM_H #define MBEDTLS_DHM_H @@ -35,7 +44,7 @@ /* * DHM Error codes */ -#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Bad input parameters to function. */ +#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Bad input parameters. */ #define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Reading of the DHM parameters failed. */ #define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Making of the DHM parameters failed. */ #define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Reading of the public values failed. */ @@ -43,22 +52,22 @@ #define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */ #define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ #define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ -#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */ +#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */ #define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 /**< DHM hardware accelerator failed. */ + + /* The following lists the source of the above groups in the standards: + * - RFC-3526 section 3: 2048-bit MODP Group + * - RFC-3526 section 4: 3072-bit MODP Group + * - RFC-3526 section 5: 4096-bit MODP Group + * - RFC-5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup + * . + */ + /** - * RFC 3526 defines a number of standardized Diffie-Hellman groups - * for IKE. - * RFC 5114 defines a number of standardized Diffie-Hellman groups - * that can be used. - * - * Some are included here for convenience. - * - * Included are: - * RFC 3526 3. 2048-bit MODP Group - * RFC 3526 4. 3072-bit MODP Group - * RFC 3526 5. 4096-bit MODP Group - * RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup + * The hexadecimal presentation of the prime underlying the 2048-bit MODP + * Group, as defined in RFC-3526: More Modular Exponential (MODP) + * Diffie-Hellman groups for Internet Key Exchange (IKE). */ #define MBEDTLS_DHM_RFC3526_MODP_2048_P \ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ @@ -73,8 +82,18 @@ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ "15728E5A8AACAA68FFFFFFFFFFFFFFFF" +/** + * The hexadecimal presentation of the chosen generator of the 2048-bit MODP + * Group, as defined in RFC-3526: More Modular Exponential (MODP) + * Diffie-Hellman groups for Internet Key Exchange (IKE). + */ #define MBEDTLS_DHM_RFC3526_MODP_2048_G "02" +/** + * The hexadecimal presentation of the prime underlying the 3072-bit MODP + * Group, as defined in RFC-3072: More Modular Exponential (MODP) + * Diffie-Hellman groups for Internet Key Exchange (IKE). + */ #define MBEDTLS_DHM_RFC3526_MODP_3072_P \ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ @@ -93,8 +112,18 @@ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" +/** + * The hexadecimal presentation of the chosen generator of the 3072-bit MODP + * Group, as defined in RFC-3526: More Modular Exponential (MODP) + * Diffie-Hellman groups for Internet Key Exchange (IKE). + */ #define MBEDTLS_DHM_RFC3526_MODP_3072_G "02" +/** + * The hexadecimal presentation of the prime underlying the 4096-bit MODP + * Group, as defined in RFC-3526: More Modular Exponential (MODP) + * Diffie-Hellman groups for Internet Key Exchange (IKE). + */ #define MBEDTLS_DHM_RFC3526_MODP_4096_P \ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ @@ -119,8 +148,19 @@ "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \ "FFFFFFFFFFFFFFFF" +/** + * The hexadecimal presentation of the chosen generator of the 4096-bit MODP + * Group, as defined in RFC-3526: More Modular Exponential (MODP) + * Diffie-Hellman groups for Internet Key Exchange (IKE). + */ #define MBEDTLS_DHM_RFC3526_MODP_4096_G "02" +/** + * The hexadecimal presentation of the prime underlying the + * 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined + * in RFC-5114: Additional Diffie-Hellman Groups for Use with + * IETF Standards. + */ #define MBEDTLS_DHM_RFC5114_MODP_2048_P \ "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \ "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \ @@ -134,6 +174,11 @@ "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \ "CF9DE5384E71B81C0AC4DFFE0C10E64F" +/** + * The hexadecimal presentation of the chosen generator of the 2048-bit MODP + * Group with 224-bit Prime Order Subgroup, as defined in RFC-5114: + * Additional Diffie-Hellman Groups for Use with IETF Standards. + */ #define MBEDTLS_DHM_RFC5114_MODP_2048_G \ "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\ "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\ @@ -152,59 +197,62 @@ extern "C" { #endif /** - * \brief DHM context structure + * \brief The DHM context structure. */ typedef struct { - size_t len; /*!< size(P) in chars */ - mbedtls_mpi P; /*!< prime modulus */ - mbedtls_mpi G; /*!< generator */ - mbedtls_mpi X; /*!< secret value */ - mbedtls_mpi GX; /*!< self = G^X mod P */ - mbedtls_mpi GY; /*!< peer = G^Y mod P */ - mbedtls_mpi K; /*!< key = GY^X mod P */ - mbedtls_mpi RP; /*!< cached R^2 mod P */ - mbedtls_mpi Vi; /*!< blinding value */ - mbedtls_mpi Vf; /*!< un-blinding value */ - mbedtls_mpi pX; /*!< previous X */ + size_t len; /*!< The size of \p P in Bytes. */ + mbedtls_mpi P; /*!< The prime modulus. */ + mbedtls_mpi G; /*!< The generator. */ + mbedtls_mpi X; /*!< Our secret value. */ + mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */ + mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */ + mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */ + mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */ + mbedtls_mpi Vi; /*!< The blinding value. */ + mbedtls_mpi Vf; /*!< The unblinding value. */ + mbedtls_mpi pX; /*!< The previous \c X. */ } mbedtls_dhm_context; /** - * \brief Initialize DHM context + * \brief This function initializes the DHM context. * - * \param ctx DHM context to be initialized + * \param ctx The DHM context to initialize. */ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); /** - * \brief Parse the ServerKeyExchange parameters + * \brief This function parses the ServerKeyExchange parameters. * - * \param ctx DHM context - * \param p &(start of input buffer) - * \param end end of buffer + * \param ctx The DHM context. + * \param p The start of the input buffer. + * \param end The end of the input buffer. * - * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code + * on failure. */ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, unsigned char **p, const unsigned char *end ); /** - * \brief Setup and write the ServerKeyExchange parameters + * \brief This function sets up and writes the ServerKeyExchange + * parameters. * - * \param ctx DHM context - * \param x_size private value size in bytes - * \param output destination buffer - * \param olen number of chars written - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param ctx The DHM context. + * \param x_size The private value size in Bytes. + * \param olen The number of characters written. + * \param output The destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. * - * \note This function assumes that ctx->P and ctx->G - * have already been properly set (for example - * using mbedtls_mpi_read_string or mbedtls_mpi_read_binary). + * \note This function assumes that the \c ctx->P and \c ctx->G have + * already been properly set, for example, using + * mbedtls_mpi_read_string() or mbedtls_mpi_read_binary(). * - * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code + * on failure. */ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t *olen, @@ -212,28 +260,32 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, void *p_rng ); /** - * \brief Import the peer's public value G^Y + * \brief This function imports the public value G^Y of the peer. * - * \param ctx DHM context - * \param input input buffer - * \param ilen size of buffer + * \param ctx The DHM context. + * \param input The input buffer. + * \param ilen The size of the input buffer. * - * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code + * on failure. */ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief Create own private value X and export G^X + * \brief This function creates its own private value \c X and + * exports \c G^X. * - * \param ctx DHM context - * \param x_size private value size in bytes - * \param output destination buffer - * \param olen must be at least equal to the size of P, ctx->len - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param ctx The DHM context. + * \param x_size The private value size in Bytes. + * \param output The destination buffer. + * \param olen The length of the destination buffer. Must be at least + equal to ctx->len (the size of \c P). + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. * - * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code + * on failure. */ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t olen, @@ -241,22 +293,24 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, void *p_rng ); /** - * \brief Derive and export the shared secret (G^Y)^X mod P + * \brief This function derives and exports the shared secret + * \c (G^Y)^X mod \c P. * - * \param ctx DHM context - * \param output destination buffer - * \param output_size size of the destination buffer - * \param olen on exit, holds the actual number of bytes written - * \param f_rng RNG function, for blinding purposes - * \param p_rng RNG parameter + * \param ctx The DHM context. + * \param output The destination buffer. + * \param output_size The size of the destination buffer. + * \param olen On exit, holds the actual number of Bytes written. + * \param f_rng The RNG function, for blinding purposes. + * \param p_rng The RNG parameter. * - * \return 0 if successful, or an MBEDTLS_ERR_DHM_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code + * on failure. * - * \note If non-NULL, f_rng is used to blind the input as - * countermeasure against timing attacks. Blinding is - * automatically used if and only if our secret value X is - * re-used and costs nothing otherwise, so it is recommended - * to always pass a non-NULL f_rng argument. + * \note If non-NULL, \p f_rng is used to blind the input as + * a countermeasure against timing attacks. Blinding is used + * only if our secret value \p X is re-used and omitted + * otherwise. Therefore, we recommend always passing a + * non-NULL \p f_rng argument. */ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, @@ -264,23 +318,24 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, void *p_rng ); /** - * \brief Free and clear the components of a DHM key + * \brief This function frees and clears the components of a DHM key. * - * \param ctx DHM context to free and clear + * \param ctx The DHM context to free and clear. */ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); #if defined(MBEDTLS_ASN1_PARSE_C) /** \ingroup x509_module */ /** - * \brief Parse DHM parameters in PEM or DER format + * \brief This function parses DHM parameters in PEM or DER format. * - * \param dhm DHM context to be initialized - * \param dhmin input buffer - * \param dhminlen size of the buffer - * (including the terminating null byte for PEM data) + * \param dhm The DHM context to initialize. + * \param dhmin The input buffer. + * \param dhminlen The size of the buffer, including the terminating null + * Byte for PEM data. * - * \return 0 if successful, or a specific DHM or PEM error code + * \return \c 0 on success, or a specific DHM or PEM error code + * on failure. */ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen ); @@ -288,12 +343,13 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, #if defined(MBEDTLS_FS_IO) /** \ingroup x509_module */ /** - * \brief Load and parse DHM parameters + * \brief This function loads and parses DHM parameters from a file. * - * \param dhm DHM context to be initialized - * \param path filename to read the DHM Parameters from + * \param dhm The DHM context to load the parameters to. + * \param path The filename to read the DHM parameters from. * - * \return 0 if successful, or a specific DHM or PEM error code + * \return \c 0 on success, or a specific DHM or PEM error code + * on failure. */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ @@ -312,9 +368,9 @@ extern "C" { #endif /** - * \brief Checkup routine + * \brief The DMH checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_dhm_self_test( int verbose ); diff --git a/library/error.c b/library/error.c index f602686594..d9ad6384a0 100644 --- a/library/error.c +++ b/library/error.c @@ -227,7 +227,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_DHM_C) if( use_ret == -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters to function" ); + mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters" ); if( use_ret == -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED) ) mbedtls_snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" ); if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) ) @@ -243,7 +243,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_DHM_ALLOC_FAILED) ) mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" ); if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" ); + mbedtls_snprintf( buf, buflen, "DHM - Read or write of file failed" ); if( use_ret == -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "DHM - DHM hardware accelerator failed" ); #endif /* MBEDTLS_DHM_C */ From 17b4f7fc60f8a8c018bd977a1b5ae4729a393afd Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 26 Jan 2018 10:56:42 +0000 Subject: [PATCH 0666/1059] Improve GCM documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. GitHub PR: #1324 --- include/mbedtls/gcm.h | 194 ++++++++++++++++++++++++------------------ 1 file changed, 110 insertions(+), 84 deletions(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index c7f01c316f..1e5a507a26 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -1,10 +1,16 @@ /** * \file gcm.h * - * \brief Galois/Counter mode for 128-bit block ciphers + * \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined + * in D. McGrew, J. Viega, The Galois/Counter Mode of Operation + * (GCM), Natl. Inst. Stand. Technol. + * + * For more information on GCM, see NIST SP 800-38D: Recommendation for + * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. + * */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +25,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_GCM_H #define MBEDTLS_GCM_H @@ -42,39 +49,49 @@ extern "C" { #endif /** - * \brief GCM context structure + * \brief The GCM context structure. */ typedef struct { - mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */ - uint64_t HL[16]; /*!< Precalculated HTable */ - uint64_t HH[16]; /*!< Precalculated HTable */ - uint64_t len; /*!< Total data length */ - uint64_t add_len; /*!< Total add length */ - unsigned char base_ectr[16];/*!< First ECTR for tag */ - unsigned char y[16]; /*!< Y working value */ - unsigned char buf[16]; /*!< buf working value */ - int mode; /*!< Encrypt or Decrypt */ + mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ + uint64_t HL[16]; /*!< Precalculated HTable low. */ + uint64_t HH[16]; /*!< Precalculated HTable high. */ + uint64_t len; /*!< The total length of the encrypted data. */ + uint64_t add_len; /*!< The total length of the additional data. */ + unsigned char base_ectr[16]; /*!< The first ECTR for tag. */ + unsigned char y[16]; /*!< The Y working value. */ + unsigned char buf[16]; /*!< The buf working value. */ + int mode; /*!< The operation to perform: + #MBEDTLS_GCM_ENCRYPT or + #MBEDTLS_GCM_DECRYPT. */ } mbedtls_gcm_context; /** - * \brief Initialize GCM context (just makes references valid) - * Makes the context ready for mbedtls_gcm_setkey() or - * mbedtls_gcm_free(). + * \brief This function initializes the specified GCM context, + * to make references valid, and prepares the context + * for mbedtls_gcm_setkey() or mbedtls_gcm_free(). * - * \param ctx GCM context to initialize + * The function does not bind the GCM context to a particular + * cipher, nor set the key. For this purpose, use + * mbedtls_gcm_setkey(). + * + * \param ctx The GCM context to initialize. */ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); /** - * \brief GCM initialization (encryption) + * \brief This function associates a GCM context with a + * cipher algorithm and a key. * - * \param ctx GCM context to be initialized - * \param cipher cipher to use (a 128-bit block cipher) - * \param key encryption key - * \param keybits must be 128, 192 or 256 + * \param ctx The GCM context to initialize. + * \param cipher The 128-bit block cipher to use. + * \param key The encryption key. + * \param keybits The key size in bits. Valid options are: + *
  • 128 bits
    • + *
  • 192 bits
    • + *
  • 256 bits
* - * \return 0 if successful, or a cipher specific error code + * \return \c 0 on success, or a cipher specific error code. */ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, mbedtls_cipher_id_t cipher, @@ -82,26 +99,27 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, unsigned int keybits ); /** - * \brief GCM buffer encryption/decryption using a block cipher + * \brief This function performs GCM encryption or decryption of a buffer. * - * \note On encryption, the output buffer can be the same as the input buffer. - * On decryption, the output buffer cannot be the same as input buffer. - * If buffers overlap, the output buffer must trail at least 8 bytes + * \note For encryption, the output buffer can be the same as the input buffer. + * For decryption, the output buffer cannot be the same as input buffer. + * If the buffers overlap, the output buffer must trail at least 8 Bytes * behind the input buffer. * - * \param ctx GCM context - * \param mode MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT - * \param length length of the input data - * \param iv initialization vector - * \param iv_len length of IV - * \param add additional data - * \param add_len length of additional data - * \param input buffer holding the input data - * \param output buffer for holding the output data - * \param tag_len length of the tag to generate - * \param tag buffer for holding the tag + * \param ctx The GCM context to use for encryption or decryption. + * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or + * #MBEDTLS_GCM_DECRYPT. + * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param iv The initialization vector. + * \param iv_len The length of the IV. + * \param add The buffer holding the additional data. + * \param add_len The length of the additional data. + * \param input The buffer holding the input data. + * \param output The buffer for holding the output data. + * \param tag_len The length of the tag to generate. + * \param tag The buffer for holding the tag. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, int mode, @@ -116,25 +134,26 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, unsigned char *tag ); /** - * \brief GCM buffer authenticated decryption using a block cipher + * \brief This function performs a GCM authenticated decryption of a + * buffer. * - * \note On decryption, the output buffer cannot be the same as input buffer. - * If buffers overlap, the output buffer must trail at least 8 bytes + * \note For decryption, the output buffer cannot be the same as input buffer. + * If the buffers overlap, the output buffer must trail at least 8 Bytes * behind the input buffer. * - * \param ctx GCM context - * \param length length of the input data - * \param iv initialization vector - * \param iv_len length of IV - * \param add additional data - * \param add_len length of additional data - * \param tag buffer holding the tag - * \param tag_len length of the tag - * \param input buffer holding the input data - * \param output buffer for holding the output data + * \param ctx The GCM context. + * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param iv The initialization vector. + * \param iv_len The length of the IV. + * \param add The buffer holding the additional data. + * \param add_len The length of the additional data. + * \param tag The buffer holding the tag. + * \param tag_len The length of the tag. + * \param input The buffer holding the input data. + * \param output The buffer for holding the output data. * - * \return 0 if successful and authenticated, - * MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match + * \return 0 if successful and authenticated, or + * #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. */ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t length, @@ -148,16 +167,18 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, unsigned char *output ); /** - * \brief Generic GCM stream start function + * \brief This function starts a GCM encryption or decryption + * operation. * - * \param ctx GCM context - * \param mode MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT - * \param iv initialization vector - * \param iv_len length of IV - * \param add additional data (or NULL if length is 0) - * \param add_len length of additional data + * \param ctx The GCM context. + * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or + * #MBEDTLS_GCM_DECRYPT. + * \param iv The initialization vector. + * \param iv_len The length of the IV. + * \param add The buffer holding the additional data, or NULL if \p add_len is 0. + * \param add_len The length of the additional data. If 0, \p add is NULL. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, int mode, @@ -167,21 +188,23 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t add_len ); /** - * \brief Generic GCM update function. Encrypts/decrypts using the - * given GCM context. Expects input to be a multiple of 16 - * bytes! Only the last call before mbedtls_gcm_finish() can be less - * than 16 bytes! + * \brief This function feeds an input buffer into an ongoing GCM + * encryption or decryption operation. * - * \note On decryption, the output buffer cannot be the same as input buffer. - * If buffers overlap, the output buffer must trail at least 8 bytes + * ` The function expects input to be a multiple of 16 + * Bytes. Only the last call before calling + * mbedtls_gcm_finish() can be less than 16 Bytes. + * + * \note For decryption, the output buffer cannot be the same as input buffer. + * If the buffers overlap, the output buffer must trail at least 8 Bytes * behind the input buffer. * - * \param ctx GCM context - * \param length length of the input data - * \param input buffer holding the input data - * \param output buffer for holding the output data + * \param ctx The GCM context. + * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param input The buffer holding the input data. + * \param output The buffer for holding the output data. * - * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT + * \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, size_t length, @@ -189,24 +212,27 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, unsigned char *output ); /** - * \brief Generic GCM finalisation function. Wraps up the GCM stream - * and generates the tag. The tag can have a maximum length of - * 16 bytes. + * \brief This function finishes the GCM operation and generates + * the authentication tag. * - * \param ctx GCM context - * \param tag buffer for holding the tag - * \param tag_len length of the tag to generate (must be at least 4) + * It wraps up the GCM stream, and generates the + * tag. The tag can have a maximum length of 16 Bytes. * - * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT + * \param ctx The GCM context. + * \param tag The buffer for holding the tag. + * \param tag_len The length of the tag to generate. Must be at least four. + * + * \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, unsigned char *tag, size_t tag_len ); /** - * \brief Free a GCM context and underlying cipher sub-context + * \brief This function clears a GCM context and the underlying + * cipher sub-context. * - * \param ctx GCM context to free + * \param ctx The GCM context to clear. */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); @@ -223,9 +249,9 @@ extern "C" { #endif /** - * \brief Checkup routine + * \brief The GCM checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_gcm_self_test( int verbose ); From 042e97fa7555528a7293611dce55c50eea757ed5 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 26 Jan 2018 16:35:10 +0000 Subject: [PATCH 0667/1059] Improve RSA documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. - Rephrase the descriptions of all md_alg and hashlen parameters. GitHub PR: #1327 --- include/mbedtls/rsa.h | 1098 ++++++++++++++++++++++------------------- library/error.c | 4 +- 2 files changed, 583 insertions(+), 519 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 752105822c..fb2f77f94f 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1,10 +1,15 @@ /** * \file rsa.h * - * \brief The RSA public-key cryptosystem + * \brief The RSA public-key cryptosystem. + * + * For more information, see Public-Key Cryptography Standards (PKCS) + * #1 v1.5: RSA Encryption and Public-Key Cryptography Standards + * (PKCS) #1 v2.1: RSA Cryptography Specifications. + * */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,7 +24,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_RSA_H #define MBEDTLS_RSA_H @@ -43,26 +48,26 @@ #define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */ #define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */ -#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the library's validity check. */ +#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the validity check of the library. */ #define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */ #define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ -#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality */ +#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation does not offer the requested operation, for example, because of security violations or lack of functionality. */ #define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED -0x4580 /**< RSA hardware accelerator failed. */ /* * RSA constants */ -#define MBEDTLS_RSA_PUBLIC 0 -#define MBEDTLS_RSA_PRIVATE 1 +#define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */ +#define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */ -#define MBEDTLS_RSA_PKCS_V15 0 -#define MBEDTLS_RSA_PKCS_V21 1 +#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS-1 v1.5 encoding. */ +#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS-1 v2.1 encoding. */ -#define MBEDTLS_RSA_SIGN 1 -#define MBEDTLS_RSA_CRYPT 2 +#define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */ +#define MBEDTLS_RSA_CRYPT 2 /**< Identifier for RSA encryption and decryption operations. */ #define MBEDTLS_RSA_SALT_LEN_ANY -1 @@ -80,103 +85,106 @@ extern "C" { #endif /** - * \brief RSA context structure + * \brief The RSA context structure. * * \note Direct manipulation of the members of this structure - * is deprecated and will no longer be supported starting - * from the next major release. All manipulation should instead - * be done through the public interface functions. - * + * is deprecated. All manipulation should instead be done through + * the public interface functions. */ typedef struct { - int ver; /*!< always 0 */ - size_t len; /*!< size(N) in chars */ + int ver; /*!< Always 0.*/ + size_t len; /*!< The size of \p N in Bytes. */ - mbedtls_mpi N; /*!< public modulus */ - mbedtls_mpi E; /*!< public exponent */ + mbedtls_mpi N; /*!< The public modulus. */ + mbedtls_mpi E; /*!< The public exponent. */ - mbedtls_mpi D; /*!< private exponent */ - mbedtls_mpi P; /*!< 1st prime factor */ - mbedtls_mpi Q; /*!< 2nd prime factor */ + mbedtls_mpi D; /*!< The private exponent. */ + mbedtls_mpi P; /*!< The first prime factor. */ + mbedtls_mpi Q; /*!< The second prime factor. */ - mbedtls_mpi DP; /*!< D % (P - 1) */ - mbedtls_mpi DQ; /*!< D % (Q - 1) */ + mbedtls_mpi DP; /*!< \p D % (P - 1) */ + mbedtls_mpi DQ; /*!< \p D % (Q - 1) */ mbedtls_mpi QP; /*!< 1 / (Q % P) */ - mbedtls_mpi RN; /*!< cached R^2 mod N */ + mbedtls_mpi RN; /*!< cached R^2 mod \p N */ - mbedtls_mpi RP; /*!< cached R^2 mod P */ - mbedtls_mpi RQ; /*!< cached R^2 mod Q */ + mbedtls_mpi RP; /*!< cached R^2 mod \p P */ + mbedtls_mpi RQ; /*!< cached R^2 mod \p Q */ - mbedtls_mpi Vi; /*!< cached blinding value */ - mbedtls_mpi Vf; /*!< cached un-blinding value */ + mbedtls_mpi Vi; /*!< The cached blinding value. */ + mbedtls_mpi Vf; /*!< The cached un-blinding value. */ - int padding; /*!< \c MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - \c MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ - int hash_id; /*!< Hash identifier of mbedtls_md_type_t as - specified in the mbedtls_md.h header file - for the EME-OAEP and EMSA-PSS - encoding */ + int padding; /*!< Selects padding mode: + #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and + #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ + int hash_id; /*!< Hash identifier of mbedtls_md_type_t type, + as specified in md.h for use in the MGF + mask generating function used in the + EME-OAEP and EMSA-PSS encodings. */ #if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */ + mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */ #endif } mbedtls_rsa_context; /** - * \brief Initialize an RSA context + * \brief This function initializes an RSA context. * - * Note: Set padding to \c MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP + * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP * encryption scheme and the RSASSA-PSS signature scheme. * - * \param ctx RSA context to be initialized - * \param padding \c MBEDTLS_RSA_PKCS_V15 or \c MBEDTLS_RSA_PKCS_V21 - * \param hash_id \c MBEDTLS_RSA_PKCS_V21 hash identifier + * \param ctx The RSA context to initialize. + * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or + * #MBEDTLS_RSA_PKCS_V21. + * \param hash_id The hash identifier of #mbedtls_md_type_t type, if + * \p padding is #MBEDTLS_RSA_PKCS_V21. * - * \note The hash_id parameter is actually ignored - * when using \c MBEDTLS_RSA_PKCS_V15 padding. + * \note The \p hash_id parameter is ignored when using + * #MBEDTLS_RSA_PKCS_V15 padding. * - * \note Choice of padding mode is strictly enforced for private key + * \note The choice of padding mode is strictly enforced for private key * operations, since there might be security concerns in - * mixing padding modes. For public key operations it's merely + * mixing padding modes. For public key operations it is * a default value, which can be overriden by calling specific - * rsa_rsaes_xxx or rsa_rsassa_xxx functions. + * \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions. * - * \note The chosen hash is always used for OEAP encryption. - * For PSS signatures, it's always used for making signatures, - * but can be overriden (and always is, if set to - * \c MBEDTLS_MD_NONE) for verifying them. + * \note The hash selected in \p hash_id is always used for OEAP + * encryption. For PSS signatures, it is always used for + * making signatures, but can be overriden for verifying them. + * If set to #MBEDTLS_MD_NONE, it is always overriden. */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, int hash_id); /** - * \brief Import a set of core parameters into an RSA context + * \brief This function imports a set of core parameters into an + * RSA context. * - * \param ctx Initialized RSA context to store parameters - * \param N RSA modulus, or NULL - * \param P First prime factor of N, or NULL - * \param Q Second prime factor of N, or NULL - * \param D Private exponent, or NULL - * \param E Public exponent, or NULL + * \param ctx The initialized RSA context to store the parameters in. + * \param N The RSA modulus, or NULL. + * \param P The first prime factor of \p N, or NULL. + * \param Q The second prime factor of \p N, or NULL. + * \param D The private exponent, or NULL. + * \param E The public exponent, or NULL. * * \note This function can be called multiple times for successive - * imports if the parameters are not simultaneously present. + * imports, if the parameters are not simultaneously present. + * * Any sequence of calls to this function should be followed - * by a call to \c mbedtls_rsa_complete which will check - * and complete the provided information to a ready-for-use + * by a call to mbedtls_rsa_complete(), which checks and + * completes the provided information to a ready-for-use * public or private RSA key. * - * \note See the documentation of \c mbedtls_rsa_complete for more - * information on which parameters are necessary to setup - * a private or public RSA key. + * \note See mbedtls_rsa_complete() for more information on which + * parameters are necessary to set up a private or public + * RSA key. * * \note The imported parameters are copied and need not be preserved * for the lifetime of the RSA context being set up. * - * \return 0 if successful, non-zero error code on failure. + * \return \c 0 on success, or a non-zero error code on failure. */ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, @@ -184,36 +192,37 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *D, const mbedtls_mpi *E ); /** - * \brief Import core RSA parameters in raw big-endian - * binary format into an RSA context + * \brief This function imports core RSA parameters, in raw big-endian + * binary format, into an RSA context. * - * \param ctx Initialized RSA context to store parameters - * \param N RSA modulus, or NULL - * \param N_len Byte length of N, ignored if N == NULL - * \param P First prime factor of N, or NULL - * \param P_len Byte length of P, ignored if P == NULL - * \param Q Second prime factor of N, or NULL - * \param Q_len Byte length of Q, ignored if Q == NULL - * \param D Private exponent, or NULL - * \param D_len Byte length of D, ignored if D == NULL - * \param E Public exponent, or NULL - * \param E_len Byte length of E, ignored if E == NULL + * \param ctx The initialized RSA context to store the parameters in. + * \param N The RSA modulus, or NULL. + * \param N_len The Byte length of \p N, ignored if \p N == NULL. + * \param P The first prime factor of \p N, or NULL. + * \param P_len The Byte length of \p P, ignored if \p P == NULL. + * \param Q The second prime factor of \p N, or NULL. + * \param Q_len The Byte length of \p Q, ignored if \p Q == NULL. + * \param D The private exponent, or NULL. + * \param D_len The Byte length of \p D, ignored if \p D == NULL. + * \param E The public exponent, or NULL. + * \param E_len The Byte length of \p E, ignored if \p E == NULL. * * \note This function can be called multiple times for successive - * imports if the parameters are not simultaneously present. + * imports, if the parameters are not simultaneously present. + * * Any sequence of calls to this function should be followed - * by a call to \c mbedtls_rsa_complete which will check - * and complete the provided information to a ready-for-use + * by a call to mbedtls_rsa_complete(), which checks and + * completes the provided information to a ready-for-use * public or private RSA key. * - * \note See the documentation of \c mbedtls_rsa_complete for more - * information on which parameters are necessary to setup - * a private or public RSA key. + * \note See mbedtls_rsa_complete() for more information on which + * parameters are necessary to set up a private or public + * RSA key. * * \note The imported parameters are copied and need not be preserved * for the lifetime of the RSA context being set up. * - * \return 0 if successful, non-zero error code on failure. + * \return \c 0 on success, or a non-zero error code on failure. */ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char const *N, size_t N_len, @@ -223,71 +232,71 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char const *E, size_t E_len ); /** - * \brief Attempt to complete an RSA context from + * \brief This function completes an RSA context from * a set of imported core parameters. * - * \param ctx Initialized RSA context to store parameters + * To setup an RSA public key, precisely \p N and \p E + * must have been imported. * - * \note - * - To setup an RSA public key, precisely N and E - * must have been imported. + * To setup an RSA private key, sufficient information must + * be present for the other parameters to be derivable. * - * - To setup an RSA private key, enough information must be - * present for the other parameters to be derivable. + * The default implementation supports the following: + *
  • Derive \p P, \p Q from \p N, \p D, \p E.
    • + *
  • Derive \p N, \p D from \p P, \p Q, \p E.
+ * Alternative implementations need not support these. * - * The default implementation supports the following: - * - Derive P, Q from N, D, E - * - Derive N, D from P, Q, E. + * If this function runs successfully, it guarantees that + * the RSA context can be used for RSA operations without + * the risk of failure or crash. * - * - Alternative implementations need not support these - * and may return \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. + * \param ctx The initialized RSA context holding imported parameters. * - * \return - * - 0 if successful. In this case, it is guaranteed - * that the RSA context can be used for RSA operations - * without the risk of failure or crash. - * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted - * derivations failed. + * \return \c 0 on success, or #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the + * attempted derivations failed. * * \warning This function need not perform consistency checks - * for the imported parameters! In particular, parameters that - * are not needed by the implementation may be silently discarded - * and left unchecked. For the purpose of checking the consistency - * of the key material, see \c mbedtls_rsa_check_privkey. + * for the imported parameters. In particular, parameters that + * are not needed by the implementation might be silently + * discarded and left unchecked. To check the consistency + * of the key material, see mbedtls_rsa_check_privkey(). * */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); /** - * \brief Export core parameters of an RSA key + * \brief This function exports the core parameters of an RSA key. * - * \param ctx Initialized RSA context - * \param N MPI to hold the RSA modulus, or NULL - * \param P MPI to hold the first prime factor of N, or NULL - * \param Q MPI to hold the second prime factor of N, or NULL - * \param D MPI to hold the private exponent, or NULL - * \param E MPI to hold the public exponent, or NULL + * If this function runs successfully, the non-NULL buffers + * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully + * written, with additional unused space filled leading by + * zero Bytes. * - * \return - * - 0 if successful. In this case, the non-NULL buffers - * pointed to by N, P, Q, D, E are fully written, with - * additional unused space filled leading by 0-bytes. - * - Non-zero return code otherwise. In particular, if - * exporting the requested parameters - * cannot be done because of a lack of functionality - * or because of security policies, the error code - * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned. - * In this case, the RSA context stays intact and can - * be continued to be used. + * Possible reasons for returning + * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
    + *
  • An alternative RSA implementation is in use, which + * stores the key externally, and either cannot or should + * not export it into RAM.
    • + *
  • A SW or HW implementation might not support a certain + * deduction. For example, \p P, \p Q from \p N, \p D, + * and \p E if the former are not part of the + * implementation.
* - * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION - * would be the following: Firstly, it might be that an - * alternative RSA implementation is in use which stores - * the key externally, and which either cannot or should not - * export it into RAM. Alternatively, an implementation - * (regardless of SW or HW) might not support deducing e.g. - * P, Q from N, D, E if the former are not part of the - * implementation. + * If the function fails due to an unsupported operation, + * the RSA context stays intact and remains usable. + * + * \param ctx The initialized RSA context. + * \param N The MPI to hold the RSA modulus, or NULL. + * \param P The MPI to hold the first prime factor of \p N, or NULL. + * \param Q The MPI to hold the second prime factor of \p N, or NULL. + * \param D The MPI to hold the private exponent, or NULL. + * \param E The MPI to hold the public exponent, or NULL. + * + * \return \c 0 on success, + * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the + * requested parameters cannot be done due to missing + * functionality or because of security policies, + * or a non-zero return code on any other failure. * */ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, @@ -295,46 +304,48 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, mbedtls_mpi *D, mbedtls_mpi *E ); /** - * \brief Export core parameters of an RSA key - * in raw big-endian binary format + * \brief This function exports core parameters of an RSA key + * in raw big-endian binary format. * - * \param ctx Initialized RSA context - * \param N Byte array to store the RSA modulus, or NULL - * \param N_len Size of buffer for modulus - * \param P Byte array to hold the first prime factor of N, or NULL - * \param P_len Size of buffer for first prime factor - * \param Q Byte array to hold the second prime factor of N, or NULL - * \param Q_len Size of buffer for second prime factor - * \param D Byte array to hold the private exponent, or NULL - * \param D_len Size of buffer for private exponent - * \param E Byte array to hold the public exponent, or NULL - * \param E_len Size of buffer for public exponent + * If this function runs successfully, the non-NULL buffers + * pointed to by \p N, \p P, \p Q, \p D, and \p E are fully + * written, with additional unused space filled leading by + * zero Bytes. + * + * Possible reasons for returning + * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
    + *
  • An alternative RSA implementation is in use, which + * stores the key externally, and either cannot or should + * not export it into RAM.
    • + *
  • A SW or HW implementation might not support a certain + * deduction. For example, \p P, \p Q from \p N, \p D, + * and \p E if the former are not part of the + * implementation.
+ * If the function fails due to an unsupported operation, + * the RSA context stays intact and remains usable. + * + * \param ctx The initialized RSA context. + * \param N The Byte array to store the RSA modulus, or NULL. + * \param N_len The size of the buffer for the modulus. + * \param P The Byte array to hold the first prime factor of \p N, or + * NULL. + * \param P_len The size of the buffer for the first prime factor. + * \param Q The Byte array to hold the second prime factor of \p N, or + NULL. + * \param Q_len The size of the buffer for the second prime factor. + * \param D The Byte array to hold the private exponent, or NULL. + * \param D_len The size of the buffer for the private exponent. + * \param E The Byte array to hold the public exponent, or NULL. + * \param E_len The size of the buffer for the public exponent. * * \note The length fields are ignored if the corresponding * buffer pointers are NULL. * - * \return - * - 0 if successful. In this case, the non-NULL buffers - * pointed to by N, P, Q, D, E are fully written, with - * additional unused space filled leading by 0-bytes. - * - Non-zero return code otherwise. In particular, if - * exporting the requested parameters - * cannot be done because of a lack of functionality - * or because of security policies, the error code - * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned. - * In this case, the RSA context stays intact and can - * be continued to be used. - * - * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION - * would be the following: Firstly, it might be that an - * alternative RSA implementation is in use which stores - * the key externally, and which either cannot or should not - * export it into RAM. Alternatively, an implementation - * (regardless of SW or HW) might not support deducing e.g. - * P, Q from N, D, E if the former are not part of the - * implementation. - * - * + * \return \c 0 on success, + * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the + * requested parameters cannot be done due to missing + * functionality or because of security policies, + * or a non-zero return code on any other failure. */ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, @@ -344,57 +355,59 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *E, size_t E_len ); /** - * \brief Export CRT parameters of a private RSA key + * \brief This function exports CRT parameters of a private RSA key. * - * \param ctx Initialized RSA context - * \param DP MPI to hold D modulo P-1, or NULL - * \param DQ MPI to hold D modulo Q-1, or NULL - * \param QP MPI to hold modular inverse of Q modulo P, or NULL + * \param ctx The initialized RSA context. + * \param DP The MPI to hold D modulo P-1, or NULL. + * \param DQ The MPI to hold D modulo Q-1, or NULL. + * \param QP The MPI to hold modular inverse of Q modulo P, or NULL. * - * \return 0 if successful, non-zero error code otherwise. + * \return \c 0 on success, non-zero error code otherwise. * * \note Alternative RSA implementations not using CRT-parameters - * internally can implement this function using based on - * \c mbedtls_rsa_deduce_opt. + * internally can implement this function based on + * mbedtls_rsa_deduce_opt(). * */ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); /** - * \brief Set padding for an already initialized RSA context - * See \c mbedtls_rsa_init() for details. + * \brief This function sets padding for an already initialized RSA + * context. See mbedtls_rsa_init() for details. * - * \param ctx RSA context to be set - * \param padding \c MBEDTLS_RSA_PKCS_V15 or \c MBEDTLS_RSA_PKCS_V21 - * \param hash_id \c MBEDTLS_RSA_PKCS_V21 hash identifier + * \param ctx The RSA context to be set. + * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or + * #MBEDTLS_RSA_PKCS_V21. + * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier. */ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); /** - * \brief Get length of RSA modulus in bytes + * \brief This function retrieves the length of RSA modulus in Bytes. * - * \param ctx Initialized RSA context + * \param ctx The initialized RSA context. * - * \return Length of RSA modulus, in bytes. + * \return The length of the RSA modulus in Bytes. * */ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); /** - * \brief Generate an RSA keypair + * \brief This function generates an RSA keypair. * - * \param ctx RSA context that will hold the key - * \param f_rng RNG function - * \param p_rng RNG parameter - * \param nbits size of the public key in bits - * \param exponent public exponent (e.g., 65537) + * \param ctx The RSA context used to hold the key. + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. + * \param nbits The size of the public key in bits. + * \param exponent The public exponent. For example, 65537. * - * \note mbedtls_rsa_init() must be called beforehand to setup - * the RSA context. + * \note mbedtls_rsa_init() must be called before this function, + * to set up the RSA context. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + on failure. */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -402,101 +415,109 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, unsigned int nbits, int exponent ); /** - * \brief Check if a context contains (at least) an RSA public key + * \brief This function checks if a context contains at least an RSA + * public key. * - * \param ctx RSA context to be checked + * If the function runs successfully, it is guaranteed that + * enough information is present to perform an RSA public key + * operation using mbedtls_rsa_public(). * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. - * On success, it is guaranteed that enough information is - * present to perform an RSA public key operation - * \c mbedtls_rsa_public. + * \param ctx The RSA context to check. + * + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); /** - * \brief Check if a context contains an RSA private key + * \brief This function checks if a context contains an RSA private key * and perform basic consistency checks. * - * \param ctx RSA context to be checked + * \param ctx The RSA context to check. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code on + * failure. * * \note The consistency checks performed by this function not only - * ensure that \c mbedtls_rsa_private can be called successfully + * ensure that mbedtls_rsa_private() can be called successfully * on the given context, but that the various parameters are * mutually consistent with high probability, in the sense that - * \c mbedtls_rsa_public and \c mbedtls_rsa_private are inverses. + * mbedtls_rsa_public() and mbedtls_rsa_private() are inverses. * * \warning This function should catch accidental misconfigurations * like swapping of parameters, but it cannot establish full * trust in neither the quality nor the consistency of the key * material that was used to setup the given RSA context: - * - Regarding consistency, note (see \c mbedtls_rsa_complete) - * that imported parameters irrelevant for the implementation - * might be silently dropped, in which case the present - * function doesn't have access to and hence cannot check them. - * If you want to check the consistency of the entire - * content of, say, an PKCS1-encoded RSA private key, you - * should use \c mbedtls_rsa_validate_params before setting - * up the RSA context. - * Further, if the implementation performs empirical checks, - * these checks will substantiate but not guarantee consistency. - * - Regarding quality, this function is not expected to perform - * extended quality assessments like checking that the prime - * factors are safe. Further, it is the user's responsibility to - * ensure trustworthiness of the source of his RSA parameters, - * a question going beyond what's effectively checkable - * by the library. - * + *
  • Consistency: Imported parameters that are irrelevant + * for the implementation might be silently dropped. If dropped, + * the current function does not have access to them, + * and therefore cannot check them. See mbedtls_rsa_complete(). + * If you want to check the consistency of the entire + * content of an PKCS1-encoded RSA private key, for example, you + * should use mbedtls_rsa_validate_params() before setting + * up the RSA context. + * Additionally, if the implementation performs empirical checks, + * these checks substantiate but do not guarantee consistency.
    • + *
  • Quality: This function is not expected to perform + * extended quality assessments like checking that the prime + * factors are safe. Additionally, it is the responsibility of the + * user to ensure the trustworthiness of the source of his RSA + * parameters, which goes beyond what is effectively checkable + * by the library.
*/ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); /** - * \brief Check a public-private RSA key pair. - * Check each of the contexts, and make sure they match. + * \brief This function checks a public-private RSA key pair. * - * \param pub RSA context holding the public key - * \param prv RSA context holding the private key + * It checks each of the contexts, and makes sure they match. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \param pub The RSA context holding the public key. + * \param prv The RSA context holding the private key. + * + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. */ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); /** - * \brief Do an RSA public key operation + * \brief This function performs an RSA public key operation. * - * \param ctx RSA context - * \param input input buffer - * \param output output buffer + * \param ctx The RSA context. + * \param input The input buffer. + * \param output The output buffer. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * - * \note This function does NOT take care of message - * padding. Also, be sure to set input[0] = 0 or ensure that - * input is smaller than N. + * \note This function does not handle message padding. + * + * \note Make sure to set \p input[0] = 0 or ensure that + * input is smaller than \p N. * * \note The input and output buffers must be large - * enough (eg. 128 bytes if RSA-1024 is used). + * enough. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output ); /** - * \brief Do an RSA private key operation + * \brief This function performs an RSA private key operation. * - * \param ctx RSA context - * \param f_rng RNG function (Needed for blinding) - * \param p_rng RNG parameter - * \param input input buffer - * \param output output buffer + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for blinding. + * \param p_rng The RNG parameter. + * \param input The input buffer. + * \param output The output buffer. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * * \note The input and output buffers must be large - * enough (eg. 128 bytes if RSA-1024 is used). + * enough. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -505,32 +526,36 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, unsigned char *output ); /** - * \brief Generic wrapper to perform a PKCS#1 encryption using the - * mode from the context. Add the message padding, then do an - * RSA operation. + * \brief This function adds the message padding, then performs an RSA + * operation. * - * \param ctx RSA context - * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding - * and \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param ilen contains the plaintext length - * \param input buffer holding the data to be encrypted - * \param output buffer that will hold the ciphertext + * It is the generic wrapper for performing a PKCS#1 encryption + * operation using the \p mode from the context. + * + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 + * encoding, and #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ilen The length of the plaintext. + * \param input The buffer holding the data to encrypt. + * \param output The buffer used to hold the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PUBLIC. + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PUBLIC. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PRIVATE and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The input and output buffers must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -540,29 +565,32 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, unsigned char *output ); /** - * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) + * \brief This function performs a PKCS#1 v1.5 encryption operation + * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \param ctx RSA context - * \param f_rng RNG function (Needed for padding and \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param ilen contains the plaintext length - * \param input buffer holding the data to be encrypted - * \param output buffer that will hold the ciphertext + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for padding and + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ilen The length of the plaintext. + * \param input The buffer holding the data to encrypt. + * \param output The buffer used to hold the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PUBLIC. + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PUBLIC. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PRIVATE and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -572,32 +600,34 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, unsigned char *output ); /** - * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) + * \brief This function performs a PKCS#1 v2.1 OAEP encryption + * operation (RSAES-OAEP-ENCRYPT). * - * \param ctx RSA context - * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding - * and \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param label buffer holding the custom label to use - * \param label_len contains the label length - * \param ilen contains the plaintext length - * \param input buffer holding the data to be encrypted - * \param output buffer that will hold the ciphertext + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1 + * encoding and #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param label The buffer holding the custom label to use. + * \param label_len The length of the label. + * \param ilen The length of the plaintext. + * \param input The buffer holding the data to encrypt. + * \param output The buffer used to hold the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PUBLIC. + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PUBLIC. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PRIVATE and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * of ctx->N. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -609,39 +639,42 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, unsigned char *output ); /** - * \brief Generic wrapper to perform a PKCS#1 decryption using the - * mode from the context. Do an RSA operation, then remove - * the message padding + * \brief This function performs an RSA operation, then removes the + * message padding. * - * \param ctx RSA context - * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param olen will contain the plaintext length - * \param input buffer holding the encrypted data - * \param output buffer that will hold the plaintext - * \param output_max_len maximum length of the output buffer + * It is the generic wrapper for performing a PKCS#1 decryption + * operation using the \p mode from the context. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer used to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PRIVATE. + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PUBLIC and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * * \note The output buffer length \c output_max_len should be - * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes - * if RSA-1024 is used) to be able to hold an arbitrary - * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, - * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * as large as the size \p ctx->len of \p ctx->N (for example, + * 128 Bytes if RSA-1024 is used) to be able to hold an + * arbitrary decrypted message. If it is not large enough to + * hold the decryption of the particular ciphertext provided, + * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -652,37 +685,39 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, size_t output_max_len ); /** - * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) + * \brief This function performs a PKCS#1 v1.5 decryption + * operation (RSAES-PKCS1-v1_5-DECRYPT). * - * \param ctx RSA context - * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param olen will contain the plaintext length - * \param input buffer holding the encrypted data - * \param output buffer that will hold the plaintext - * \param output_max_len maximum length of the output buffer + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PRIVATE. + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PUBLIC and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * * \note The output buffer length \c output_max_len should be - * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes - * if RSA-1024 is used) to be able to hold an arbitrary - * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, - * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * as large as the size \p ctx->len of \p ctx->N, for example, + * 128 Bytes if RSA-1024 is used, to be able to hold an + * arbitrary decrypted message. If it is not large enough to + * hold the decryption of the particular ciphertext provided, + * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -693,40 +728,42 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t output_max_len ); /** - * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) + * \brief This function performs a PKCS#1 v2.1 OAEP decryption + * operation (RSAES-OAEP-DECRYPT). * - * \param ctx RSA context - * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param label buffer holding the custom label to use - * \param label_len contains the label length - * \param olen will contain the plaintext length - * \param input buffer holding the encrypted data - * \param output buffer that will hold the plaintext - * \param output_max_len maximum length of the output buffer + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param label The buffer holding the custom label to use. + * \param label_len The length of the label. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PRIVATE. + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PUBLIC and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * * \note The output buffer length \c output_max_len should be - * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes - * if RSA-1024 is used) to be able to hold an arbitrary - * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, - * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * as large as the size \p ctx->len of \p ctx->N, for + * example, 128 Bytes if RSA-1024 is used, to be able to + * hold an arbitrary decrypted message. If it is not + * large enough to hold the decryption of the particular + * ciphertext provided, the function returns + * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). - * + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -739,39 +776,41 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, size_t output_max_len ); /** - * \brief Generic wrapper to perform a PKCS#1 signature using the - * mode from the context. Do a private RSA operation to sign - * a message digest + * \brief This function performs a private RSA operation to sign + * a message digest using PKCS#1. * - * \param ctx RSA context - * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for - * \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for - * signing raw data) - * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) - * \param hash buffer holding the message digest - * \param sig buffer that will hold the ciphertext + * It is the generic wrapper for performing a PKCS#1 + * signature using the \p mode from the context. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer to hold the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PRIVATE. + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PUBLIC and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if the signing operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code + * \return \c 0 if the signing operation was successful, + * or an \c MBEDTLS_ERR_RSA_XXX error code on failure. * - * \note The \c sig buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \note In case of PKCS#1 v2.1 encoding, see comments on - * \c mbedtls_rsa_rsassa_pss_sign() for details on - * \c md_alg and \c hash_id. + * \note For PKCS#1 v2.1 encoding, see comments on + * mbedtls_rsa_rsassa_pss_sign() for details on + * \p md_alg and \p hash_id. */ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -783,32 +822,34 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, unsigned char *sig ); /** - * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) + * \brief This function performs a PKCS#1 v1.5 signature + * operation (RSASSA-PKCS1-v1_5-SIGN). * - * \param ctx RSA context - * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE - * for signing raw data) - * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) - * \param hash buffer holding the message digest - * \param sig buffer that will hold the ciphertext + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer to hold the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PRIVATE. + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PUBLIC and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if the signing operation was successful, + * \return \c 0 if the signing operation was successful, * or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * - * \note The \c sig buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -820,38 +861,42 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, unsigned char *sig ); /** - * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) + * \brief This function performs a PKCS#1 v2.1 PSS signature + * operation (RSASSA-PSS-SIGN). * - * \param ctx RSA context - * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for - * \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE - * for signing raw data) - * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) - * \param hash buffer holding the message digest - * \param sig buffer that will hold the ciphertext + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer to hold the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PRIVATE. + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PUBLIC and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if the signing operation was successful, + * \return \c 0 if the signing operation was successful, * or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * - * \note The \c sig buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \note The \c hash_id in the RSA context is the one used for the - * encoding. \c md_alg in the function call is the type of hash - * that is encoded. According to RFC 3447 it is advised to - * keep both hashes the same. + * \note The \p hash_id in the RSA context is the one used for the + * encoding. \p md_alg in the function call is the type of hash + * that is encoded. According to RFC-3447: Public-Key + * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography + * Specifications it is advised to keep both hashes the + * same. */ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -863,36 +908,41 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, unsigned char *sig ); /** - * \brief Generic wrapper to perform a PKCS#1 verification using the - * mode from the context. Do a public RSA operation and check - * the message digest + * \brief This function performs a public RSA operation and checks + * the message digest. * - * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) - * \param hash buffer holding the message digest - * \param sig buffer holding the ciphertext + * This is the generic wrapper for performing a PKCS#1 + * verification using the mode from the context. + * + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer holding the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PUBLIC. + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * set to #MBEDTLS_RSA_PUBLIC. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PRIVATE and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if the verify operation was successful, + * \return \c 0 if the verify operation was successful, * or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * - * \note The \c sig buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \note In case of PKCS#1 v2.1 encoding, see comments on - * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id. + * \note For PKCS#1 v2.1 encoding, see comments on + * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and + * \p hash_id. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -904,32 +954,34 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, const unsigned char *sig ); /** - * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) + * \brief This function performs a PKCS#1 v1.5 verification + * operation (RSASSA-PKCS1-v1_5-VERIFY). * - * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE - * for signing raw data) - * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) - * \param hash buffer holding the message digest - * \param sig buffer holding the ciphertext + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer holding the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PUBLIC. + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * set to #MBEDTLS_RSA_PUBLIC. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PRIVATE and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if the verify operation was successful, + * \return \c 0 if the verify operation was successful, * or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * - * \note The \c sig buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -941,38 +993,45 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, const unsigned char *sig ); /** - * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) - * (This is the "simple" version.) + * \brief This function performs a PKCS#1 v2.1 PSS verification + * operation (RSASSA-PSS-VERIFY). * - * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) - * \param hash buffer holding the message digest - * \param sig buffer holding the ciphertext + * The hash function for the MGF mask generating function + * is that specified in the RSA context. + * + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer holding the ciphertext. * * \deprecated It is deprecated and discouraged to call this function - * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary - * are likely to remove the mode argument and have it implicitly - * set to MBEDTLS_RSA_PUBLIC. + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PUBLIC. * * \note Alternative implementations of RSA need not support - * mode being set to MBEDTLS_RSA_PRIVATE and may instead - * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if the verify operation was successful, + * \return \c 0 if the verify operation was successful, * or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * - * \note The \c sig buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \note The \c hash_id in the RSA context is the one used for the - * verification. \c md_alg in the function call is the type of - * hash that is verified. According to RFC 3447 it is advised to - * keep both hashes the same. If \c hash_id in the RSA context is - * unset, the \c md_alg from the function call is used. + * \note The \p hash_id in the RSA context is the one used for the + * verification. \p md_alg in the function call is the type of + * hash that is verified. According to RFC-3447: Public-Key + * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography + * Specifications it is advised to keep both hashes the + * same. If \p hash_id in the RSA context is unset, + * the \p md_alg from the function call is used. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -984,28 +1043,33 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, const unsigned char *sig ); /** - * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) - * (This is the version with "full" options.) + * \brief This function performs a PKCS#1 v2.1 PSS verification + * operation (RSASSA-PSS-VERIFY). * - * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) - * \param p_rng RNG parameter - * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE - * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) - * \param hash buffer holding the message digest - * \param mgf1_hash_id message digest used for mask generation - * \param expected_salt_len Length of the salt used in padding, use - * \c MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length - * \param sig buffer holding the ciphertext + * The hash function for the MGF mask generating function + * is that specified in \p mgf1_hash_id. * - * \return 0 if the verify operation was successful, + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG parameter. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param mgf1_hash_id The message digest used for mask generation. + * \param expected_salt_len The length of the salt used in padding. Use + * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. + * \param sig The buffer holding the ciphertext. + * + * \return \c 0 if the verify operation was successful, * or an \c MBEDTLS_ERR_RSA_XXX error code + * on failure. * - * \note The \c sig buffer must be as large as the size - * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \note The \c hash_id in the RSA context is ignored. + * \note The \p hash_id in the RSA context is ignored. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1019,20 +1083,20 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, const unsigned char *sig ); /** - * \brief Copy the components of an RSA context + * \brief This function copies the components of an RSA context. * - * \param dst Destination context - * \param src Source context + * \param dst The destination context. + * \param src The source context. * - * \return 0 on success, - * \c MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure + * \return \c 0 on success, + * #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); /** - * \brief Free the components of an RSA key + * \brief This function frees the components of an RSA key. * - * \param ctx RSA Context to free + * \param ctx The RSA Context to free. */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); @@ -1049,9 +1113,9 @@ extern "C" { #endif /** - * \brief Checkup routine + * \brief The RSA checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_rsa_self_test( int verbose ); diff --git a/library/error.c b/library/error.c index d9ad6384a0..eaf75adb13 100644 --- a/library/error.c +++ b/library/error.c @@ -366,7 +366,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - Something failed during generation of a key" ); if( use_ret == -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) ) - mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the library's validity check" ); + mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the validity check of the library" ); if( use_ret == -(MBEDTLS_ERR_RSA_PUBLIC_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The public key operation failed" ); if( use_ret == -(MBEDTLS_ERR_RSA_PRIVATE_FAILED) ) @@ -378,7 +378,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) - mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality" ); + mbedtls_snprintf( buf, buflen, "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" ); if( use_ret == -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - RSA hardware accelerator failed" ); #endif /* MBEDTLS_RSA_C */ From de2d6221c802d9ede7d46528b605ed9abf9acd5a Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 25 Jan 2018 21:57:43 +0000 Subject: [PATCH 0668/1059] Improve ECDH documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. GitHub PR: #1317 --- include/mbedtls/ecdh.h | 238 ++++++++++++++++++++++++++--------------- 1 file changed, 150 insertions(+), 88 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 14a362b197..99cfde00d0 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -1,10 +1,18 @@ /** * \file ecdh.h * - * \brief Elliptic curve Diffie-Hellman + * \brief The Elliptic Curve Diffie-Hellman (ECDH) protocol APIs. + * + * ECDH is an anonymous key agreement protocol allowing two parties to + * establish a shared secret over an insecure channel. Each party must have an + * elliptic-curve public–private key pair. + * + * For more information, see NIST SP 800-56A Rev. 2: Recommendation for + * Pair-Wise Key Establishment Schemes Using Discrete Logarithm + * Cryptography. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +27,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_ECDH_H #define MBEDTLS_ECDH_H @@ -31,7 +40,9 @@ extern "C" { #endif /** - * When importing from an EC key, select if it is our key or the peer's key + * Defines the source of the imported EC key: + *
  • Our key.
    • + *
  • The key of the peer.
*/ typedef enum { @@ -40,56 +51,67 @@ typedef enum } mbedtls_ecdh_side; /** - * \brief ECDH context structure + * \brief The ECDH context structure. */ typedef struct { - mbedtls_ecp_group grp; /*!< elliptic curve used */ - mbedtls_mpi d; /*!< our secret value (private key) */ - mbedtls_ecp_point Q; /*!< our public value (public key) */ - mbedtls_ecp_point Qp; /*!< peer's public value (public key) */ - mbedtls_mpi z; /*!< shared secret */ - int point_format; /*!< format for point export in TLS messages */ - mbedtls_ecp_point Vi; /*!< blinding value (for later) */ - mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */ - mbedtls_mpi _d; /*!< previous d (for later) */ + mbedtls_ecp_group grp; /*!< The elliptic curve used. */ + mbedtls_mpi d; /*!< The private key. */ + mbedtls_ecp_point Q; /*!< The public key. */ + mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */ + mbedtls_mpi z; /*!< The shared secret. */ + int point_format; /*!< The format of point export in TLS messages. */ + mbedtls_ecp_point Vi; /*!< The blinding value. */ + mbedtls_ecp_point Vf; /*!< The unblinding value. */ + mbedtls_mpi _d; /*!< The previous \p d. */ } mbedtls_ecdh_context; /** - * \brief Generate a public key. - * Raw function that only does the core computation. + * \brief This function generates an ECDH keypair on an elliptic + * curve. * - * \param grp ECP group - * \param d Destination MPI (secret exponent, aka private key) - * \param Q Destination point (public key) - * \param f_rng RNG function - * \param p_rng RNG parameter + * This function performs the first of two core computations + * implemented during the ECDH key exchange. The second core + * computation is performed by mbedtls_ecdh_compute_shared(). * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \param grp The ECP group. + * \param d The destination MPI (private key). + * \param Q The destination point (public key). + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. + * + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or + * \c MBEDTLS_MPI_XXX error code on failure. + * + * \see ecp.h */ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Compute shared secret - * Raw function that only does the core computation. + * \brief This function computes the shared secret. * - * \param grp ECP group - * \param z Destination MPI (shared secret) - * \param Q Public key from other party - * \param d Our secret exponent (private key) - * \param f_rng RNG function (see notes) - * \param p_rng RNG parameter + * This function performs the second of two core computations + * implemented during the ECDH key exchange. The first core + * computation is performed by mbedtls_ecdh_gen_public(). * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \param grp The ECP group. + * \param z The destination MPI (shared secret). + * \param Q The public key from another party. + * \param d Our secret exponent (private key). + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. * - * \note If f_rng is not NULL, it is used to implement + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or + * \c MBEDTLS_MPI_XXX error code on failure. + * + * \see ecp.h + * + * \note If \p f_rng is not NULL, it is used to implement * countermeasures against potential elaborate timing - * attacks, see \c mbedtls_ecp_mul() for details. + * attacks. For more information, see mbedtls_ecp_mul(). */ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, @@ -97,34 +119,41 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, void *p_rng ); /** - * \brief Initialize context + * \brief This function initializes an ECDH context. * - * \param ctx Context to initialize + * \param ctx The ECDH context to initialize. */ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); /** - * \brief Free context + * \brief This function frees a context. * - * \param ctx Context to free + * \param ctx The context to free. */ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); /** - * \brief Generate a public key and a TLS ServerKeyExchange payload. - * (First function used by a TLS server for ECDHE.) + * \brief This function generates a public key and a TLS + * ServerKeyExchange payload. * - * \param ctx ECDH context - * \param olen number of chars written - * \param buf destination buffer - * \param blen length of buffer - * \param f_rng RNG function - * \param p_rng RNG parameter + * This is the first function used by a TLS server for ECDHE + * ciphersuites. * - * \note This function assumes that ctx->grp has already been - * properly set (for example using mbedtls_ecp_group_load). + * \param ctx The ECDH context. + * \param olen The number of characters written. + * \param buf The destination buffer. + * \param blen The length of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. * - * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * \note This function assumes that the ECP group (grp) of the + * \p ctx context has already been properly set, + * for example, using mbedtls_ecp_group_load(). + * + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code + * on failure. + * + * \see ecp.h */ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -132,45 +161,63 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ); /** - * \brief Parse and procress a TLS ServerKeyExhange payload. - * (First function used by a TLS client for ECDHE.) + * \brief This function parses and processes a TLS ServerKeyExhange + * payload. * - * \param ctx ECDH context - * \param buf pointer to start of input buffer - * \param end one past end of buffer + * This is the first function used by a TLS client for ECDHE + * ciphersuites. * - * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * \param ctx The ECDH context. + * \param buf The pointer to the start of the input buffer. + * \param end The address for one Byte past the end of the buffer. + * + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code + * on failure. + * + * \see ecp.h */ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end ); /** - * \brief Setup an ECDH context from an EC key. - * (Used by clients and servers in place of the - * ServerKeyEchange for static ECDH: import ECDH parameters - * from a certificate's EC key information.) + * \brief This function sets up an ECDH context from an EC key. * - * \param ctx ECDH constext to set - * \param key EC key to use - * \param side Is it our key (1) or the peer's key (0) ? + * It is used by clients and servers in place of the + * ServerKeyEchange for static ECDH, and imports ECDH + * parameters from the EC key information of a certificate. * - * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * \param ctx The ECDH context to set up. + * \param key The EC key to use. + * \param side Defines the source of the key: + *
  • 1: Our key.
    • +
  • 0: The key of the peer.
+ * + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code + * on failure. + * + * \see ecp.h */ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side ); /** - * \brief Generate a public key and a TLS ClientKeyExchange payload. - * (Second function used by a TLS client for ECDH(E).) + * \brief This function generates a public key and a TLS + * ClientKeyExchange payload. * - * \param ctx ECDH context - * \param olen number of bytes actually written - * \param buf destination buffer - * \param blen size of destination buffer - * \param f_rng RNG function - * \param p_rng RNG parameter + * This is the second function used by a TLS client for ECDH(E) + * ciphersuites. * - * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * \param ctx The ECDH context. + * \param olen The number of Bytes written. + * \param buf The destination buffer. + * \param blen The size of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. + * + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code + * on failure. + * + * \see ecp.h */ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -178,30 +225,45 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, void *p_rng ); /** - * \brief Parse and process a TLS ClientKeyExchange payload. - * (Second function used by a TLS server for ECDH(E).) + * \brief This function parses and processes a TLS ClientKeyExchange + * payload. * - * \param ctx ECDH context - * \param buf start of input buffer - * \param blen length of input buffer + * This is the second function used by a TLS server for ECDH(E) + * ciphersuites. * - * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * \param ctx The ECDH context. + * \param buf The start of the input buffer. + * \param blen The length of the input buffer. + * + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code + * on failure. + * + * \see ecp.h */ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, const unsigned char *buf, size_t blen ); /** - * \brief Derive and export the shared secret. - * (Last function used by both TLS client en servers.) + * \brief This function derives and exports the shared secret. * - * \param ctx ECDH context - * \param olen number of bytes written - * \param buf destination buffer - * \param blen buffer length - * \param f_rng RNG function, see notes for \c mbedtls_ecdh_compute_shared() - * \param p_rng RNG parameter + * This is the last function used by both TLS client + * and servers. * - * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code + * \param ctx The ECDH context. + * \param olen The number of Bytes written. + * \param buf The destination buffer. + * \param blen The length of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. + * + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code + * on failure. + * + * \see ecp.h + * + * \note If \p f_rng is not NULL, it is used to implement + * countermeasures against potential elaborate timing + * attacks. For more information, see mbedtls_ecp_mul(). */ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, From bff87d905d127d166a0f169268ac580c372b872a Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 25 Jan 2018 21:58:53 +0000 Subject: [PATCH 0669/1059] Improve ECDSA documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. GitHub PR: #1318 --- include/mbedtls/ecdsa.h | 275 ++++++++++++++++++++++++---------------- 1 file changed, 168 insertions(+), 107 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 6c6ae294f9..aa23d67f99 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -1,10 +1,16 @@ /** * \file ecdsa.h * - * \brief Elliptic curve DSA + * \brief The Elliptic Curve Digital Signature Algorithm (ECDSA). + * + * ECDSA is defined in Standards for Efficient Cryptography Group (SECG): + * SEC1 Elliptic Curve Cryptography. + * The use of ECDSA for TLS is defined in RFC-4492: Elliptic Curve + * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). + * */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +25,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_ECDSA_H #define MBEDTLS_ECDSA_H @@ -28,7 +35,7 @@ #include "md.h" /* - * RFC 4492 page 20: + * RFC-4492 page 20: * * Ecdsa-Sig-Value ::= SEQUENCE { * r INTEGER, @@ -44,11 +51,11 @@ #if MBEDTLS_ECP_MAX_BYTES > 124 #error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN" #endif -/** Maximum size of an ECDSA signature in bytes */ +/** The maximal size of an ECDSA signature in Bytes. */ #define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) ) /** - * \brief ECDSA context structure + * \brief The ECDSA context structure. */ typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; @@ -57,25 +64,30 @@ extern "C" { #endif /** - * \brief Compute ECDSA signature of a previously hashed message + * \brief This function computes the ECDSA signature of a + * previously-hashed message. * - * \note The deterministic version is usually prefered. + * \note The deterministic version is usually preferred. * - * \param grp ECP group - * \param r First output integer - * \param s Second output integer - * \param d Private signing key - * \param buf Message hash - * \param blen Length of buf - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param grp The ECP group. + * \param r The first output integer. + * \param s The second output integer. + * \param d The private signing key. + * \param buf The message hash. + * \param blen The length of \p buf. + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. * * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * prescribed by SEC1 4.1.3 step 5. + * bitlength of the group order, then the hash is truncated + * as defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.3, step 5. * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX + * or \c MBEDTLS_MPI_XXX error code on failure. + * + * \see ecp.h */ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, @@ -83,23 +95,31 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /** - * \brief Compute ECDSA signature of a previously hashed message, - * deterministic version (RFC 6979). + * \brief This function computes the ECDSA signature of a + * previously-hashed message, deterministic version. + * For more information, see RFC-6979: Deterministic + * Usage of the Digital Signature Algorithm (DSA) and Elliptic + * Curve Digital Signature Algorithm (ECDSA). * - * \param grp ECP group - * \param r First output integer - * \param s Second output integer - * \param d Private signing key - * \param buf Message hash - * \param blen Length of buf - * \param md_alg MD algorithm used to hash the message + * \param grp The ECP group. + * \param r The first output integer. + * \param s The second output integer. + * \param d The private signing key. + * \param buf The message hash. + * \param blen The length of \p buf. + * \param md_alg The MD algorithm used to hash the message. * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as - * prescribed by SEC1 4.1.3 step 5. + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.3, step 5. * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \return \c 0 on success, + * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * error code on failure. + * + * \see ecp.h */ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, @@ -107,55 +127,73 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ /** - * \brief Verify ECDSA signature of a previously hashed message + * \brief This function verifies the ECDSA signature of a + * previously-hashed message. * - * \param grp ECP group - * \param buf Message hash - * \param blen Length of buf - * \param Q Public key to use for verification - * \param r First integer of the signature - * \param s Second integer of the signature + * \param grp The ECP group. + * \param buf The message hash. + * \param blen The length of \p buf. + * \param Q The public key to use for verification. + * \param r The first integer of the signature. + * \param s The second integer of the signature. * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as - * prescribed by SEC1 4.1.4 step 3. + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.4, step 3. * - * \return 0 if successful, - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \return \c 0 on success, + * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, + * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * error code on failure for any other reason. + * + * \see ecp.h */ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, const unsigned char *buf, size_t blen, const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s); /** - * \brief Compute ECDSA signature and write it to buffer, - * serialized as defined in RFC 4492 page 20. - * (Not thread-safe to use same context in multiple threads) + * \brief This function computes the ECDSA signature and writes it + * to a buffer, serialized as defined in RFC-4492: + * Elliptic Curve Cryptography (ECC) Cipher Suites for + * Transport Layer Security (TLS). * - * \note The deterministic version (RFC 6979) is used if - * MBEDTLS_ECDSA_DETERMINISTIC is defined. + * \warning It is not thread-safe to use the same context in + * multiple threads. * - * \param ctx ECDSA context - * \param md_alg Algorithm that was used to hash the message - * \param hash Message hash - * \param hlen Length of hash - * \param sig Buffer that will hold the signature - * \param slen Length of the signature written - * \param f_rng RNG function - * \param p_rng RNG parameter + * \note The deterministic version is used if + * #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more + * information, see RFC-6979: Deterministic Usage + * of the Digital Signature Algorithm (DSA) and Elliptic + * Curve Digital Signature Algorithm (ECDSA). * - * \note The "sig" buffer must be at least as large as twice the - * size of the curve used, plus 9 (eg. 73 bytes if a 256-bit - * curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe. + * \param ctx The ECDSA context. + * \param md_alg The message digest that was used to hash the message. + * \param hash The message hash. + * \param hlen The length of the hash. + * \param sig The buffer that holds the signature. + * \param slen The length of the signature written. + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. + * + * \note The \p sig buffer must be at least twice as large as the + * size of the curve used, plus 9. For example, 73 Bytes if + * a 256-bit curve is used. A buffer length of + * #MBEDTLS_ECDSA_MAX_LEN is always safe. * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as - * prescribed by SEC1 4.1.3 step 5. + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.3, step 5. * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or - * MBEDTLS_ERR_ASN1_XXX error code + * \return \c 0 on success, + * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or + * \c MBEDTLS_ERR_ASN1_XXX error code on failure. + * + * \see ecp.h */ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, @@ -171,31 +209,43 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t #define MBEDTLS_DEPRECATED #endif /** - * \brief Compute ECDSA signature and write it to buffer, - * serialized as defined in RFC 4492 page 20. - * Deterministic version, RFC 6979. - * (Not thread-safe to use same context in multiple threads) + * \brief This function computes an ECDSA signature and writes it to a buffer, + * serialized as defined in RFC-4492: Elliptic Curve Cryptography + * (ECC) Cipher Suites for Transport Layer Security (TLS). + * + * The deterministic version is defined in RFC-6979: + * Deterministic Usage of the Digital Signature Algorithm (DSA) and + * Elliptic Curve Digital Signature Algorithm (ECDSA). + * + * \warning It is not thread-safe to use the same context in + * multiple threads. + * * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 * - * \param ctx ECDSA context - * \param hash Message hash - * \param hlen Length of hash - * \param sig Buffer that will hold the signature - * \param slen Length of the signature written - * \param md_alg MD algorithm used to hash the message + * \param ctx The ECDSA context. + * \param hash The Message hash. + * \param hlen The length of the hash. + * \param sig The buffer that holds the signature. + * \param slen The length of the signature written. + * \param md_alg The MD algorithm used to hash the message. * - * \note The "sig" buffer must be at least as large as twice the - * size of the curve used, plus 9 (eg. 73 bytes if a 256-bit - * curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe. + * \note The \p sig buffer must be at least twice as large as the + * size of the curve used, plus 9. For example, 73 Bytes if a + * 256-bit curve is used. A buffer length of + * #MBEDTLS_ECDSA_MAX_LEN is always safe. * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as - * prescribed by SEC1 4.1.3 step 5. + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.3, step 5. * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or - * MBEDTLS_ERR_ASN1_XXX error code + * \return \c 0 on success, + * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or + * \c MBEDTLS_ERR_ASN1_XXX error code on failure. + * + * \see ecp.h */ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, @@ -206,63 +256,74 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ /** - * \brief Read and verify an ECDSA signature + * \brief This function reads and verifies an ECDSA signature. * - * \param ctx ECDSA context - * \param hash Message hash - * \param hlen Size of hash - * \param sig Signature to read and verify - * \param slen Size of sig + * \param ctx The ECDSA context. + * \param hash The message hash. + * \param hlen The size of the hash. + * \param sig The signature to read and verify. + * \param slen The size of \p sig. * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as - * prescribed by SEC1 4.1.4 step 3. + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.4, step 3. * - * \return 0 if successful, - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, - * MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than siglen, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code + * \return \c 0 on success, + * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, + * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is + * valid but its actual length is less than \p siglen, + * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX + * error code on failure for any other reason. + * + * \see ecp.h */ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen ); /** - * \brief Generate an ECDSA keypair on the given curve + * \brief This function generates an ECDSA keypair on the given curve. * - * \param ctx ECDSA context in which the keypair should be stored - * \param gid Group (elliptic curve) to use. One of the various - * MBEDTLS_ECP_DP_XXX macros depending on configuration. - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param ctx The ECDSA context to store the keypair in. + * \param gid The elliptic curve to use. One of the various + * \c MBEDTLS_ECP_DP_XXX macros depending on configuration. + * \param f_rng The RNG function. + * \param p_rng The RNG parameter. * - * \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code. + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on + * failure. + * + * \see ecp.h */ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Set an ECDSA context from an EC key pair + * \brief This function sets an ECDSA context from an EC key pair. * - * \param ctx ECDSA context to set - * \param key EC key to use + * \param ctx The ECDSA context to set. + * \param key The EC key to use. * - * \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code. + * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on + * failure. + * + * \see ecp.h */ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ); /** - * \brief Initialize context + * \brief This function initializes an ECDSA context. * - * \param ctx Context to initialize + * \param ctx The ECDSA context to initialize. */ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); /** - * \brief Free context + * \brief This function frees an ECDSA context. * - * \param ctx Context to free + * \param ctx The ECDSA context to free. */ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); From 44833d9597e854cad5eaac934b0b408ff074fe01 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 26 Jan 2018 08:41:09 +0000 Subject: [PATCH 0670/1059] Improve SHA-1 documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. GitHub PR: #1322 --- include/mbedtls/sha1.h | 100 ++++++++++++++++++++++------------------- 1 file changed, 54 insertions(+), 46 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 4d3a164018..700a348315 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -1,10 +1,10 @@ /** * \file sha1.h * - * \brief SHA-1 cryptographic hash function + * \brief The SHA-1 cryptographic hash function. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,7 +19,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SHA1_H #define MBEDTLS_SHA1_H @@ -49,68 +49,70 @@ extern "C" { #endif /** - * \brief SHA-1 context structure + * \brief The SHA-1 context structure. */ typedef struct { - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[5]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ + uint32_t total[2]; /*!< The number of Bytes processed. */ + uint32_t state[5]; /*!< The intermediate digest state. */ + unsigned char buffer[64]; /*!< The data block being processed. */ } mbedtls_sha1_context; /** - * \brief Initialize SHA-1 context + * \brief This function initializes a SHA-1 context. * - * \param ctx SHA-1 context to be initialized + * \param ctx The SHA-1 context to initialize. */ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); /** - * \brief Clear SHA-1 context + * \brief This function clears a SHA-1 context. * - * \param ctx SHA-1 context to be cleared + * \param ctx The SHA-1 context to clear. */ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); /** - * \brief Clone (the state of) a SHA-1 context + * \brief This function clones the state of a SHA-1 context. * - * \param dst The destination context - * \param src The context to be cloned + * \param dst The destination context. + * \param src The context to clone. */ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, const mbedtls_sha1_context *src ); /** - * \brief SHA-1 context setup + * \brief This function starts a SHA-1 checksum calculation. * - * \param ctx context to be initialized + * \param ctx The context to initialize. * - * \return 0 if successful + * \return \c 0 if successful */ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); /** - * \brief SHA-1 process buffer + * \brief This function feeds an input buffer into an ongoing SHA-1 + * checksum calculation. * - * \param ctx SHA-1 context - * \param input buffer holding the data - * \param ilen length of the input data + * \param ctx The SHA-1 context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. * - * \return 0 if successful + * \return \c 0 if successful */ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief SHA-1 final digest + * \brief This function finishes the SHA-1 operation, and writes + * the result to the output buffer. * - * \param ctx SHA-1 context - * \param output SHA-1 checksum result + * \param ctx The SHA-1 context. + * \param output The SHA-1 checksum result. * - * \return 0 if successful + * \return \c 0 if successful */ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ); @@ -119,9 +121,9 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, * \brief SHA-1 process data block (internal use only) * * \param ctx SHA-1 context - * \param data buffer holding one block of data + * \param data The data block being processed. * - * \return 0 if successful + * \return \c 0 if successful */ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); @@ -137,7 +139,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0 * - * \param ctx context to be initialized + * \param ctx The SHA-1 context to be initialized. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) @@ -150,9 +152,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( * * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0 * - * \param ctx SHA-1 context - * \param input buffer holding the data - * \param ilen length of the input data + * \param ctx The SHA-1 context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( mbedtls_sha1_context *ctx, @@ -167,8 +169,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( * * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0 * - * \param ctx SHA-1 context - * \param output SHA-1 checksum result + * \param ctx The SHA-1 context. + * \param output The SHA-1 checksum result. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, @@ -182,8 +184,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( * * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0 * - * \param ctx SHA-1 context - * \param data buffer holding one block of data + * \param ctx The SHA-1 context. + * \param data The data block being processed. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process( mbedtls_sha1_context *ctx, @@ -208,13 +210,19 @@ extern "C" { #endif /** - * \brief Output = SHA-1( input buffer ) + * \brief This function calculates the SHA-1 checksum of a buffer. * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-1 checksum result + * The function allocates the context, performs the + * calculation, and frees the context. * - * \return 0 if successful + * The SHA-1 result is calculated as + * output = SHA-1(input buffer). + * + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The SHA-1 checksum result. + * + * \return \c 0 if successful */ int mbedtls_sha1_ret( const unsigned char *input, size_t ilen, @@ -231,9 +239,9 @@ int mbedtls_sha1_ret( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0 * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-1 checksum result + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The SHA-1 checksum result. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, size_t ilen, @@ -246,9 +254,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, #endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** - * \brief Checkup routine + * \brief The SHA-1 checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_sha1_self_test( int verbose ); From 2f8163d3cdfcfdac65fd83e2784b994b467114fe Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 25 Jan 2018 21:55:14 +0000 Subject: [PATCH 0671/1059] Improve CTR-DRBG documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. - Add full standard name in file description. GitHub PR: #1316 --- include/mbedtls/ctr_drbg.h | 249 +++++++++++++++++++++---------------- library/error.c | 6 +- 2 files changed, 143 insertions(+), 112 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 01cd826a17..121575a51b 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -1,10 +1,13 @@ /** * \file ctr_drbg.h * - * \brief CTR_DRBG based on AES-256 (NIST SP 800-90) + * \brief CTR_DRBG is based on AES-256, as defined in NIST SP 800-90A: + * Recommendation for Random Number Generation Using Deterministic + * Random Bit Generators. + * */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +22,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_CTR_DRBG_H #define MBEDTLS_CTR_DRBG_H @@ -31,78 +35,95 @@ #endif #define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */ -#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< Too many random requested in single call. */ -#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< Input too large (Entropy + additional). */ -#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read/write error in file. */ +#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< The requested random buffer length is too big. */ +#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< The input (entropy + additional data) is too large. */ +#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */ -#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< Block size used by the cipher */ -#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< Key size used by the cipher */ -#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) -#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) - /**< The seed length (counter + AES key) */ +#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ +#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */ +#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ +#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */ /** * \name SECTION: Module settings * * The configuration options you can set for this module are in this section. - * Either change them in config.h or define them on the compiler command line. + * Either change them in config.h or define them using the compiler command + * line. * \{ */ #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) -#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 +/**< The amount of entropy used per seed by default: + *
  • 48 with SHA-512.
    • + *
  • 32 with SHA-256.
+ */ #else -#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 +/**< Amount of entropy used per seed by default: + *
  • 48 with SHA-512.
    • + *
  • 32 with SHA-256.
+ */ #endif #endif #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL) -#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 +/**< The interval before reseed is performed by default. */ #endif #if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT) -#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 +/**< The maximum number of additional input Bytes. */ #endif #if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST) -#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 +/**< The maximum number of requested Bytes per call. */ #endif #if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) -#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ +#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 +/**< The maximum size of seed or reseed buffer. */ #endif /* \} name SECTION: Module settings */ -#define MBEDTLS_CTR_DRBG_PR_OFF 0 /**< No prediction resistance */ -#define MBEDTLS_CTR_DRBG_PR_ON 1 /**< Prediction resistance enabled */ +#define MBEDTLS_CTR_DRBG_PR_OFF 0 +/**< Prediction resistance is disabled. */ +#define MBEDTLS_CTR_DRBG_PR_ON 1 +/**< Prediction resistance is enabled. */ #ifdef __cplusplus extern "C" { #endif /** - * \brief CTR_DRBG context structure + * \brief The CTR_DRBG context structure. */ typedef struct { - unsigned char counter[16]; /*!< counter (V) */ - int reseed_counter; /*!< reseed counter */ - int prediction_resistance; /*!< enable prediction resistance (Automatic - reseed before every random generation) */ - size_t entropy_len; /*!< amount of entropy grabbed on each - (re)seed */ - int reseed_interval; /*!< reseed interval */ + unsigned char counter[16]; /*!< The counter (V). */ + int reseed_counter; /*!< The reseed counter. */ + int prediction_resistance; /*!< This determines whether prediction + resistance is enabled, that is + whether to systematically reseed before + each random generation. */ + size_t entropy_len; /*!< The amount of entropy grabbed on each + seed or reseed operation. */ + int reseed_interval; /*!< The reseed interval. */ - mbedtls_aes_context aes_ctx; /*!< AES context */ + mbedtls_aes_context aes_ctx; /*!< The AES context. */ /* * Callbacks (Entropy) */ int (*f_entropy)(void *, unsigned char *, size_t); + /*!< The entropy callback function. */ - void *p_entropy; /*!< context for the entropy function */ + void *p_entropy; /*!< The context for the entropy function. */ #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; @@ -111,31 +132,32 @@ typedef struct mbedtls_ctr_drbg_context; /** - * \brief CTR_DRBG context initialization - * Makes the context ready for mbedtls_ctr_drbg_seed() or - * mbedtls_ctr_drbg_free(). + * \brief This function initializes the CTR_DRBG context, + * and prepares it for mbedtls_ctr_drbg_seed() + * or mbedtls_ctr_drbg_free(). * - * \param ctx CTR_DRBG context to be initialized + * \param ctx The CTR_DRBG context to initialize. */ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ); /** - * \brief CTR_DRBG initial seeding - * Seed and setup entropy source for future reseeds. + * \brief This function seeds and sets up the CTR_DRBG + * entropy source for future reseeds. * - * Note: Personalization data can be provided in addition to the more generic - * entropy source to make this instantiation as unique as possible. + * \note Personalization data can be provided in addition to the more generic + * entropy source, to make this instantiation as unique as possible. * - * \param ctx CTR_DRBG context to be seeded - * \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer - * length) - * \param p_entropy Entropy context - * \param custom Personalization data (Device specific identifiers) - * (Can be NULL) - * \param len Length of personalization data + * \param ctx The CTR_DRBG context to seed. + * \param f_entropy The entropy callback, taking as arguments the + * \p p_entropy context, the buffer to fill, and the + length of the buffer. + * \param p_entropy The entropy context. + * \param custom Personalization data, that is device-specific + identifiers. Can be NULL. + * \param len The length of the personalization data. * - * \return 0 if successful, or - * MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED + * \return \c 0 on success, or + * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, int (*f_entropy)(void *, unsigned char *, size_t), @@ -144,138 +166,147 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, size_t len ); /** - * \brief Clear CTR_CRBG context data + * \brief This function clears CTR_CRBG context data. * - * \param ctx CTR_DRBG context to clear + * \param ctx The CTR_DRBG context to clear. */ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ); /** - * \brief Enable / disable prediction resistance (Default: Off) + * \brief This function turns prediction resistance on or off. + * The default value is off. * - * Note: If enabled, entropy is used for ctx->entropy_len before each call! - * Only use this if you have ample supply of good entropy! + * \note If enabled, entropy is gathered at the beginning of + * every call to mbedtls_ctr_drbg_random_with_add(). + * Only use this if your entropy source has sufficient + * throughput. * - * \param ctx CTR_DRBG context - * \param resistance MBEDTLS_CTR_DRBG_PR_ON or MBEDTLS_CTR_DRBG_PR_OFF + * \param ctx The CTR_DRBG context. + * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF. */ void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance ); /** - * \brief Set the amount of entropy grabbed on each (re)seed - * (Default: MBEDTLS_CTR_DRBG_ENTROPY_LEN) + * \brief This function sets the amount of entropy grabbed on each + * seed or reseed. The default value is + * #MBEDTLS_CTR_DRBG_ENTROPY_LEN. * - * \param ctx CTR_DRBG context - * \param len Amount of entropy to grab + * \param ctx The CTR_DRBG context. + * \param len The amount of entropy to grab. */ void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, size_t len ); /** - * \brief Set the reseed interval - * (Default: MBEDTLS_CTR_DRBG_RESEED_INTERVAL) + * \brief This function sets the reseed interval. + * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL. * - * \param ctx CTR_DRBG context - * \param interval Reseed interval + * \param ctx The CTR_DRBG context. + * \param interval The reseed interval. */ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, int interval ); /** - * \brief CTR_DRBG reseeding (extracts data from entropy source) + * \brief This function reseeds the CTR_DRBG context, that is + * extracts data from the entropy source. * - * \param ctx CTR_DRBG context - * \param additional Additional data to add to state (Can be NULL) - * \param len Length of additional data + * \param ctx The CTR_DRBG context. + * \param additional Additional data to add to the state. Can be NULL. + * \param len The length of the additional data. * - * \return 0 if successful, or - * MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED + * \return \c 0 on success, or + * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len ); /** - * \brief CTR_DRBG update state + * \brief This function updates the state of the CTR_DRBG context. * - * \param ctx CTR_DRBG context - * \param additional Additional data to update state with - * \param add_len Length of additional data + * \param ctx The CTR_DRBG context. + * \param additional The data to update the state with. + * \param add_len Length of \p additional data. * - * \note If add_len is greater than MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, - * only the first MBEDTLS_CTR_DRBG_MAX_SEED_INPUT bytes are used, - * the remaining ones are silently discarded. + * \note If \p add_len is greater than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, + * only the first #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used. + * The remaining Bytes are silently discarded. */ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len ); /** - * \brief CTR_DRBG generate random with additional update input + * \brief This function updates a CTR_DRBG instance with additional + * data and uses it to generate random data. * - * Note: Automatically reseeds if reseed_counter is reached. + * \note The function automatically reseeds if the reseed counter is exceeded. * - * \param p_rng CTR_DRBG context - * \param output Buffer to fill - * \param output_len Length of the buffer - * \param additional Additional data to update with (Can be NULL) - * \param add_len Length of additional data + * \param p_rng The CTR_DRBG context. This must be a pointer to a + * #mbedtls_ctr_drbg_context structure. + * \param output The buffer to fill. + * \param output_len The length of the buffer. + * \param additional Additional data to update. Can be NULL. + * \param add_len The length of the additional data. * - * \return 0 if successful, or - * MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or - * MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG + * \return \c 0 on success, or + * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ int mbedtls_ctr_drbg_random_with_add( void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len ); /** - * \brief CTR_DRBG generate random + * \brief This function uses CTR_DRBG to generate random data. * - * Note: Automatically reseeds if reseed_counter is reached. + * \note The function automatically reseeds if the reseed counter is exceeded. * - * \param p_rng CTR_DRBG context - * \param output Buffer to fill - * \param output_len Length of the buffer + * \param p_rng The CTR_DRBG context. This must be a pointer to a + * #mbedtls_ctr_drbg_context structure. + * \param output The buffer to fill. + * \param output_len The length of the buffer. * - * \return 0 if successful, or - * MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or - * MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG + * \return \c 0 on success, or + * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len ); #if defined(MBEDTLS_FS_IO) /** - * \brief Write a seed file + * \brief This function writes a seed file. * - * \param ctx CTR_DRBG context - * \param path Name of the file + * \param ctx The CTR_DRBG context. + * \param path The name of the file. * - * \return 0 if successful, - * MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or - * MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED + * \return \c 0 on success, + * #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or + * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on + * failure. */ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); /** - * \brief Read and update a seed file. Seed is added to this - * instance + * \brief This function reads and updates a seed file. The seed + * is added to this instance. * - * \param ctx CTR_DRBG context - * \param path Name of the file + * \param ctx The CTR_DRBG context. + * \param path The name of the file. * - * \return 0 if successful, - * MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, - * MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or - * MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG + * \return \c 0 on success, + * #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, + * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure. */ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); #endif /* MBEDTLS_FS_IO */ /** - * \brief Checkup routine + * \brief The CTR_DRBG checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_ctr_drbg_self_test( int verbose ); diff --git a/library/error.c b/library/error.c index eaf75adb13..ac9909188d 100644 --- a/library/error.c +++ b/library/error.c @@ -658,11 +658,11 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG) ) - mbedtls_snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" ); + mbedtls_snprintf( buf, buflen, "CTR_DRBG - The requested random buffer length is too big" ); if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG) ) - mbedtls_snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" ); + mbedtls_snprintf( buf, buflen, "CTR_DRBG - The input (entropy + additional data) is too large" ); if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) ) - mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" ); + mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read or write error in file" ); #endif /* MBEDTLS_CTR_DRBG_C */ #if defined(MBEDTLS_DES_C) From 64feefb4a2a1a492b306b7c09c49d419ed7e62ca Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 25 Jan 2018 22:01:10 +0000 Subject: [PATCH 0672/1059] Improve message digest documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. GitHub PR: #1319 --- include/mbedtls/md.h | 349 ++++++++++++++++++++++++++----------------- 1 file changed, 216 insertions(+), 133 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 57c27a6f02..5e0376c05b 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -1,12 +1,12 @@ -/** + /** * \file md.h * - * \brief Generic message digest wrapper + * \brief The generic message-digest wrapper. * * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -21,8 +21,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_MD_H #define MBEDTLS_MD_H @@ -64,65 +65,79 @@ typedef enum { #endif /** - * Opaque struct defined in md_internal.h + * Opaque struct defined in md_internal.h. */ typedef struct mbedtls_md_info_t mbedtls_md_info_t; /** - * Generic message digest context. + * The generic message-digest context. */ typedef struct { - /** Information about the associated message digest */ + /** Information about the associated message digest. */ const mbedtls_md_info_t *md_info; - /** Digest-specific context */ + /** The digest-specific context. */ void *md_ctx; - /** HMAC part of the context */ + /** The HMAC part of the context. */ void *hmac_ctx; } mbedtls_md_context_t; /** - * \brief Returns the list of digests supported by the generic digest module. + * \brief This function returns the list of digests supported by the + * generic digest module. * - * \return a statically allocated array of digests, the last entry - * is 0. + * \return A statically allocated array of digests. Each element + * in the returned list is an integer belonging to the + * message-digest enumeration #mbedtls_md_type_t. + * The last entry is 0. */ const int *mbedtls_md_list( void ); /** - * \brief Returns the message digest information associated with the - * given digest name. + * \brief This function returns the message-digest information + * associated with the given digest name. * - * \param md_name Name of the digest to search for. + * \param md_name The name of the digest to search for. * - * \return The message digest information associated with md_name or - * NULL if not found. + * \return The message-digest information associated with \p md_name, + * or NULL if not found. */ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); /** - * \brief Returns the message digest information associated with the - * given digest type. + * \brief This function returns the message-digest information + * associated with the given digest type. * - * \param md_type type of digest to search for. + * \param md_type The type of digest to search for. * - * \return The message digest information associated with md_type or - * NULL if not found. + * \return The message-digest information associated with \p md_type, + * or NULL if not found. */ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); /** - * \brief Initialize a md_context (as NONE) - * This should always be called first. - * Prepares the context for mbedtls_md_setup() or mbedtls_md_free(). + * \brief This function initializes a message-digest context without + * binding it to a particular message-digest algorithm. + * + * This function should always be called first. It prepares the + * context for mbedtls_md_setup() for binding it to a + * message-digest algorithm. */ void mbedtls_md_init( mbedtls_md_context_t *ctx ); /** - * \brief Free and clear the internal structures of ctx. - * Can be called at any time after mbedtls_md_init(). - * Mandatory once mbedtls_md_setup() has been called. + * \brief This function clears the internal structure of \p ctx and + * frees any embedded internal structure, but does not free + * \p ctx itself. + * + * If you have called mbedtls_md_setup() on \p ctx, you must + * call mbedtls_md_free() when you are no longer using the + * context. + * Calling this function if you have previously + * called mbedtls_md_init() and nothing else is optional. + * You must not call this function if you have not called + * mbedtls_md_init(). */ void mbedtls_md_free( mbedtls_md_context_t *ctx ); @@ -133,220 +148,288 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); #define MBEDTLS_DEPRECATED #endif /** - * \brief Select MD to use and allocate internal structures. - * Should be called after mbedtls_md_init() or mbedtls_md_free(). + * \brief This function selects the message digest algorithm to use, + * and allocates internal structures. + * + * It should be called after mbedtls_md_init() or mbedtls_md_free(). * Makes it necessary to call mbedtls_md_free() later. * * \deprecated Superseded by mbedtls_md_setup() in 2.0.0 * - * \param ctx Context to set up. - * \param md_info Message digest to use. + * \param ctx The context to set up. + * \param md_info The information structure of the message-digest algorithm + * to use. * * \returns \c 0 on success, - * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, - * \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. + * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, + * #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. */ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ /** - * \brief Select MD to use and allocate internal structures. - * Should be called after mbedtls_md_init() or mbedtls_md_free(). - * Makes it necessary to call mbedtls_md_free() later. + * \brief This function selects the message digest algorithm to use, + * and allocates internal structures. * - * \param ctx Context to set up. - * \param md_info Message digest to use. - * \param hmac 0 to save some memory if HMAC will not be used, - * non-zero is HMAC is going to be used with this context. + * It should be called after mbedtls_md_init() or + * mbedtls_md_free(). Makes it necessary to call + * mbedtls_md_free() later. + * + * \param ctx The context to set up. + * \param md_info The information structure of the message-digest algorithm + * to use. + * \param hmac
  • 0: HMAC is not used. Saves some memory.
    • + *
  • non-zero: HMAC is used with this context.
* * \returns \c 0 on success, - * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, - * \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. + * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, or + * #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure. */ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); /** - * \brief Clone the state of an MD context + * \brief This function clones the state of an message-digest + * context. * - * \note The two contexts must have been setup to the same type - * (cloning from SHA-256 to SHA-512 make no sense). + * \note You must call mbedtls_md_setup() on \c dst before calling + * this function. * - * \warning Only clones the MD state, not the HMAC state! (for now) + * \note The two contexts must have the same type, + * for example, both are SHA-256. * - * \param dst The destination context - * \param src The context to be cloned + * \warning This function clones the message-digest state, not the + * HMAC state. + * + * \param dst The destination context. + * \param src The context to be cloned. * * \return \c 0 on success, - * \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. */ int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ); /** - * \brief Returns the size of the message digest output. + * \brief This function extracts the message-digest size from the + * message-digest information structure. * - * \param md_info message digest info + * \param md_info The information structure of the message-digest algorithm + * to use. * - * \return size of the message digest output in bytes. + * \return The size of the message-digest output in Bytes. */ unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); /** - * \brief Returns the type of the message digest output. + * \brief This function extracts the message-digest type from the + * message-digest information structure. * - * \param md_info message digest info + * \param md_info The information structure of the message-digest algorithm + * to use. * - * \return type of the message digest output. + * \return The type of the message digest. */ mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); /** - * \brief Returns the name of the message digest output. + * \brief This function extracts the message-digest name from the + * message-digest information structure. * - * \param md_info message digest info + * \param md_info The information structure of the message-digest algorithm + * to use. * - * \return name of the message digest output. + * \return The name of the message digest. */ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); /** - * \brief Prepare the context to digest a new message. - * Generally called after mbedtls_md_setup() or mbedtls_md_finish(). - * Followed by mbedtls_md_update(). + * \brief This function starts a message-digest computation. * - * \param ctx generic message digest context. + * You must call this function after setting up the context + * with mbedtls_md_setup(), and before passing data with + * mbedtls_md_update(). * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The generic message-digest context. + * + * \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); /** - * \brief Generic message digest process buffer - * Called between mbedtls_md_starts() and mbedtls_md_finish(). - * May be called repeatedly. + * \brief This function feeds an input buffer into an ongoing + * message-digest computation. * - * \param ctx Generic message digest context - * \param input buffer holding the datal - * \param ilen length of the input data + * You must call mbedtls_md_starts() before calling this + * function. You may call this function multiple times. + * Afterwards, call mbedtls_md_finish(). * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The generic message-digest context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * + * \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); /** - * \brief Generic message digest final digest - * Called after mbedtls_md_update(). - * Usually followed by mbedtls_md_free() or mbedtls_md_starts(). + * \brief This function finishes the digest operation, + * and writes the result to the output buffer. * - * \param ctx Generic message digest context - * \param output Generic message digest checksum result + * Call this function after a call to mbedtls_md_starts(), + * followed by any number of calls to mbedtls_md_update(). + * Afterwards, you may either clear the context with + * mbedtls_md_free(), or call mbedtls_md_starts() to reuse + * the context for another digest operation with the same + * algorithm. * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The generic message-digest context. + * \param output The buffer for the generic message-digest checksum result. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); /** - * \brief Output = message_digest( input buffer ) + * \brief This function calculates the message-digest of a buffer, + * with respect to a configurable message-digest algorithm + * in a single call. * - * \param md_info message digest info - * \param input buffer holding the data - * \param ilen length of the input data - * \param output Generic message digest checksum result + * The result is calculated as + * Output = message_digest(input buffer). * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param md_info The information structure of the message-digest algorithm + * to use. + * \param input The buffer holding the data. + * \param ilen The length of the input data. + * \param output The generic message-digest checksum result. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output ); #if defined(MBEDTLS_FS_IO) /** - * \brief Output = message_digest( file contents ) + * \brief This function calculates the message-digest checksum + * result of the contents of the provided file. * - * \param md_info message digest info - * \param path input file name - * \param output generic message digest checksum result + * The result is calculated as + * Output = message_digest(file contents). * - * \return 0 if successful, - * MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, - * MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL. + * \param md_info The information structure of the message-digest algorithm + * to use. + * \param path The input file name. + * \param output The generic message-digest checksum result. + * + * \return \c 0 on success, + * #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, or + * #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ); #endif /* MBEDTLS_FS_IO */ /** - * \brief Set HMAC key and prepare to authenticate a new message. - * Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish(). + * \brief This function sets the HMAC key and prepares to + * authenticate a new message. * - * \param ctx HMAC context - * \param key HMAC secret key - * \param keylen length of the HMAC key in bytes + * Call this function after mbedtls_md_setup(), to use + * the MD context for an HMAC calculation, then call + * mbedtls_md_hmac_update() to provide the input data, and + * mbedtls_md_hmac_finish() to get the HMAC value. * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The message digest context containing an embedded HMAC + * context. + * \param key The HMAC secret key. + * \param keylen The length of the HMAC key in Bytes. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ); /** - * \brief Generic HMAC process buffer. - * Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset() - * and mbedtls_md_hmac_finish(). - * May be called repeatedly. + * \brief This function feeds an input buffer into an ongoing HMAC + * computation. * - * \param ctx HMAC context - * \param input buffer holding the data - * \param ilen length of the input data + * Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset() + * before calling this function. + * You may call this function multiple times to pass the + * input piecewise. + * Afterwards, call mbedtls_md_hmac_finish(). * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The message digest context containing an embedded HMAC + * context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); /** - * \brief Output HMAC. - * Called after mbedtls_md_hmac_update(). - * Usually followed by mbedtls_md_hmac_reset(), - * mbedtls_md_hmac_starts(), or mbedtls_md_free(). + * \brief This function finishes the HMAC operation, and writes + * the result to the output buffer. * - * \param ctx HMAC context - * \param output Generic HMAC checksum result + * Call this function after mbedtls_md_hmac_starts() and + * mbedtls_md_hmac_update() to get the HMAC value. Afterwards + * you may either call mbedtls_md_free() to clear the context, + * or call mbedtls_md_hmac_reset() to reuse the context with + * the same HMAC key. * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The message digest context containing an embedded HMAC + * context. + * \param output The generic HMAC checksum result. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); /** - * \brief Prepare to authenticate a new message with the same key. - * Called after mbedtls_md_hmac_finish() and before - * mbedtls_md_hmac_update(). + * \brief This function prepares to authenticate a new message with + * the same key as the previous HMAC operation. * - * \param ctx HMAC context to be reset + * You may call this function after mbedtls_md_hmac_finish(). + * Afterwards call mbedtls_md_hmac_update() to pass the new + * input. * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * \param ctx The message digest context containing an embedded HMAC + * context. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); /** - * \brief Output = Generic_HMAC( hmac key, input buffer ) + * \brief This function calculates the full generic HMAC + * on the input buffer with the provided key. * - * \param md_info message digest info - * \param key HMAC secret key - * \param keylen length of the HMAC key in bytes - * \param input buffer holding the data - * \param ilen length of the input data - * \param output Generic HMAC-result + * The function allocates the context, performs the + * calculation, and frees the context. * - * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter - * verification fails. + * The HMAC result is calculated as + * output = generic HMAC(hmac key, input buffer). + * + * \param md_info The information structure of the message-digest algorithm + * to use. + * \param key The HMAC secret key. + * \param keylen The length of the HMAC secret key in Bytes. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The generic HMAC result. + * + * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if + * parameter verification fails. */ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, From 602285eac239fc94bd623be955f5eddb4036aaef Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 26 Jan 2018 11:00:39 +0000 Subject: [PATCH 0673/1059] Improve SHA-256 documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. - Align deprecated function descriptions with those of the superseding functions. GitHub PR: #1325 --- include/mbedtls/sha256.h | 158 ++++++++++++++++++++++++--------------- 1 file changed, 96 insertions(+), 62 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 5c5d07ad2b..a2b6e11644 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -1,10 +1,10 @@ /** * \file sha256.h * - * \brief SHA-224 and SHA-256 cryptographic hash function + * \brief The SHA-224 and SHA-256 cryptographic hash function. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,7 +19,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SHA256_H #define MBEDTLS_SHA256_H @@ -39,7 +39,6 @@ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif - #if !defined(MBEDTLS_SHA256_ALT) // Regular implementation // @@ -49,81 +48,94 @@ extern "C" { #endif /** - * \brief SHA-256 context structure + * \brief The SHA-256 context structure. + * + * The structure is used both for SHA-256 and for SHA-224 + * checksum calculations. The choice between these two is + * made in the call to mbedtls_sha256_starts_ret(). */ typedef struct { - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[8]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ - int is224; /*!< 0 => SHA-256, else SHA-224 */ + uint32_t total[2]; /*!< The number of Bytes processed. */ + uint32_t state[8]; /*!< The intermediate digest state. */ + unsigned char buffer[64]; /*!< The data block being processed. */ + int is224; /*!< Determines which function to use. +
  • 0: Use SHA-256.
    • +
  • 1: Use SHA-224.
*/ } mbedtls_sha256_context; /** - * \brief Initialize SHA-256 context + * \brief This function initializes a SHA-256 context. * - * \param ctx SHA-256 context to be initialized + * \param ctx The SHA-256 context to initialize. */ void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); /** - * \brief Clear SHA-256 context + * \brief This function clears a SHA-256 context. * - * \param ctx SHA-256 context to be cleared + * \param ctx The SHA-256 context to clear. */ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); /** - * \brief Clone (the state of) a SHA-256 context + * \brief This function clones the state of a SHA-256 context. * - * \param dst The destination context - * \param src The context to be cloned + * \param dst The destination context. + * \param src The context to clone. */ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ); /** - * \brief SHA-256 context setup + * \brief This function starts a SHA-224 or SHA-256 checksum + * calculation. * - * \param ctx context to be initialized - * \param is224 0 = use SHA256, 1 = use SHA224 + * \param ctx The context to initialize. + * \param is224 Determines which function to use. + *
  • 0: Use SHA-256.
    • + *
  • 1: Use SHA-224.
* - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); /** - * \brief SHA-256 process buffer + * \brief This function feeds an input buffer into an ongoing + * SHA-256 checksum calculation. * * \param ctx SHA-256 context * \param input buffer holding the data * \param ilen length of the input data * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief SHA-256 final digest + * \brief This function finishes the SHA-256 operation, and writes + * the result to the output buffer. * - * \param ctx SHA-256 context - * \param output SHA-224/256 checksum result + * \param ctx The SHA-256 context. + * \param output The SHA-224 or SHA-256 checksum result. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ); /** - * \brief SHA-256 process data block (internal use only) + * \brief This function processes a single data block within + * the ongoing SHA-256 computation. This function is for + * internal use only. * - * \param ctx SHA-256 context - * \param data buffer holding one block of data + * \param ctx The SHA-256 context. + * \param data The buffer holding one block of data. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); @@ -135,12 +147,14 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief SHA-256 context setup + * \brief This function starts a SHA-256 checksum calculation. * - * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0 + * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0. * - * \param ctx context to be initialized - * \param is224 0 = use SHA256, 1 = use SHA224 + * \param ctx The SHA-256 context to initialize. + * \param is224 Determines which function to use. + *
  • 0: Use SHA-256.
    • + *
  • 1: Use SHA-224.
*/ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, @@ -150,13 +164,14 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( } /** - * \brief SHA-256 process buffer + * \brief This function feeds an input buffer into an ongoing + * SHA-256 checksum calculation. * - * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0 + * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0. * - * \param ctx SHA-256 context - * \param input buffer holding the data - * \param ilen length of the input data + * \param ctx The SHA-256 context to initialize. + * \param input The buffer holding the data. + * \param ilen The length of the input data. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( mbedtls_sha256_context *ctx, @@ -167,12 +182,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( } /** - * \brief SHA-256 final digest + * \brief This function finishes the SHA-256 operation, and writes + * the result to the output buffer. * - * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0 + * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * - * \param ctx SHA-256 context - * \param output SHA-224/256 checksum result + * \param ctx The SHA-256 context. + * \param output The SHA-224or SHA-256 checksum result. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, @@ -182,12 +198,14 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( } /** - * \brief SHA-256 process data block (internal use only) + * \brief This function processes a single data block within + * the ongoing SHA-256 computation. This function is for + * internal use only. * - * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0 + * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0. * - * \param ctx SHA-256 context - * \param data buffer holding one block of data + * \param ctx The SHA-256 context. + * \param data The buffer holding one block of data. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( mbedtls_sha256_context *ctx, @@ -198,7 +216,6 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ - #ifdef __cplusplus } #endif @@ -212,14 +229,21 @@ extern "C" { #endif /** - * \brief Output = SHA-256( input buffer ) + * \brief This function calculates the SHA-224 or SHA-256 + * checksum of a buffer. * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-224/256 checksum result - * \param is224 0 = use SHA256, 1 = use SHA224 + * The function allocates the context, performs the + * calculation, and frees the context. * - * \return 0 if successful + * The SHA-256 result is calculated as + * output = SHA-256(input buffer). + * + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The SHA-224 or SHA-256 checksum result. + * \param is224 Determines which function to use. + *
  • 0: Use SHA-256.
    • + *
  • 1: Use SHA-224.
*/ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, @@ -232,15 +256,25 @@ int mbedtls_sha256_ret( const unsigned char *input, #else #define MBEDTLS_DEPRECATED #endif + /** - * \brief Output = SHA-256( input buffer ) + * \brief This function calculates the SHA-224 or SHA-256 checksum + * of a buffer. * - * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0 + * The function allocates the context, performs the + * calculation, and frees the context. * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-224/256 checksum result - * \param is224 0 = use SHA256, 1 = use SHA224 + * The SHA-256 result is calculated as + * output = SHA-256(input buffer). + * + * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0. + * + * \param input The buffer holding the data. + * \param ilen The length of the input data. + * \param output The SHA-224 or SHA-256 checksum result. + * \param is224 Determines which function to use. + *
  • 0: Use SHA-256.
    • + *
  • 1: Use SHA-224.
*/ MBEDTLS_DEPRECATED static inline void mbedtls_sha256( const unsigned char *input, @@ -255,9 +289,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256( #endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** - * \brief Checkup routine + * \brief The SHA-224 and SHA-256 checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_sha256_self_test( int verbose ); From 27ff120a6121528de9f9a726dfd80a209ee05a1a Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 26 Jan 2018 11:01:31 +0000 Subject: [PATCH 0674/1059] Improve SHA-512 documentation - Rephrase file/function/parameter/enum/define/error descriptions into full and clear sentences. - Make sure to adhere to the Arm writing guidelines. - Fix missing/incorrect Doxygen tags. - Standardize terminology used within the file. - Align deprecated function descriptions with those of the superseding functions. GitHub PR: #1326 --- include/mbedtls/sha512.h | 163 ++++++++++++++++++++++++--------------- 1 file changed, 99 insertions(+), 64 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 7453c44d4d..52ae204d44 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -1,10 +1,10 @@ /** * \file sha512.h * - * \brief SHA-384 and SHA-512 cryptographic hash function + * \brief The SHA-384 and SHA-512 cryptographic hash function. */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,7 +19,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_SHA512_H #define MBEDTLS_SHA512_H @@ -39,7 +39,6 @@ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif - #if !defined(MBEDTLS_SHA512_ALT) // Regular implementation // @@ -49,85 +48,97 @@ extern "C" { #endif /** - * \brief SHA-512 context structure + * \brief The SHA-512 context structure. + * + * The structure is used both for SHA-384 and for SHA-512 + * checksum calculations. The choice between these two is + * made in the call to mbedtls_sha512_starts_ret(). */ typedef struct { - uint64_t total[2]; /*!< number of bytes processed */ - uint64_t state[8]; /*!< intermediate digest state */ - unsigned char buffer[128]; /*!< data block being processed */ - int is384; /*!< 0 => SHA-512, else SHA-384 */ + uint64_t total[2]; /*!< The number of Bytes processed. */ + uint64_t state[8]; /*!< The intermediate digest state. */ + unsigned char buffer[128]; /*!< The data block being processed. */ + int is384; /*!< Determines which function to use. + *
  • 0: Use SHA-512.
    • + *
  • 1: Use SHA-384.
*/ } mbedtls_sha512_context; /** - * \brief Initialize SHA-512 context + * \brief This function initializes a SHA-512 context. * - * \param ctx SHA-512 context to be initialized + * \param ctx The SHA-512 context to initialize. */ void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); /** - * \brief Clear SHA-512 context + * \brief This function clears a SHA-512 context. * - * \param ctx SHA-512 context to be cleared + * \param ctx The SHA-512 context to clear. */ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); /** - * \brief Clone (the state of) a SHA-512 context + * \brief This function clones the state of a SHA-512 context. * - * \param dst The destination context - * \param src The context to be cloned + * \param dst The destination context. + * \param src The context to clone. */ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, const mbedtls_sha512_context *src ); /** - * \brief SHA-512 context setup + * \brief This function starts a SHA-384 or SHA-512 checksum + * calculation. * - * \param ctx context to be initialized - * \param is384 0 = use SHA512, 1 = use SHA384 + * \param ctx The SHA-512 context to initialize. + * \param is384 Determines which function to use. + *
  • 0: Use SHA-512.
    • + *
  • 1: Use SHA-384.
* - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); /** - * \brief SHA-512 process buffer + * \brief This function feeds an input buffer into an ongoing + * SHA-512 checksum calculation. * - * \param ctx SHA-512 context - * \param input buffer holding the data - * \param ilen length of the input data + * \param ctx The SHA-512 context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ); + const unsigned char *input, + size_t ilen ); /** - * \brief SHA-512 final digest + * \brief This function finishes the SHA-512 operation, and writes + * the result to the output buffer. This function is for + * internal use only. * - * \param ctx SHA-512 context - * \param output SHA-384/512 checksum result + * \param ctx The SHA-512 context. + * \param output The SHA-384 or SHA-512 checksum result. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ); /** - * \brief SHA-512 process data block (internal use only) + * \brief This function processes a single data block within + * the ongoing SHA-512 computation. * - * \param ctx SHA-512 context - * \param data buffer holding one block of data + * \param ctx The SHA-512 context. + * \param data The buffer holding one block of data. * - * \return 0 if successful + * \return \c 0 on success. */ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); - #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) @@ -135,12 +146,15 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief SHA-512 context setup + * \brief This function starts a SHA-384 or SHA-512 checksum + * calculation. * * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0 * - * \param ctx context to be initialized - * \param is384 0 = use SHA512, 1 = use SHA384 + * \param ctx The SHA-512 context to initialize. + * \param is384 Determines which function to use. + *
  • 0: Use SHA-512.
    • + *
  • 1: Use SHA-384.
*/ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, @@ -150,13 +164,14 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( } /** - * \brief SHA-512 process buffer + * \brief This function feeds an input buffer into an ongoing + * SHA-512 checksum calculation. * * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0 * - * \param ctx SHA-512 context - * \param input buffer holding the data - * \param ilen length of the input data + * \param ctx The SHA-512 context. + * \param input The buffer holding the data. + * \param ilen The length of the input data. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( mbedtls_sha512_context *ctx, @@ -167,12 +182,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( } /** - * \brief SHA-512 final digest + * \brief This function finishes the SHA-512 operation, and writes + * the result to the output buffer. * * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0 * - * \param ctx SHA-512 context - * \param output SHA-384/512 checksum result + * \param ctx The SHA-512 context. + * \param output The SHA-384 or SHA-512 checksum result. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, @@ -182,12 +198,14 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( } /** - * \brief SHA-512 process data block (internal use only) + * \brief This function processes a single data block within + * the ongoing SHA-512 computation. This function is for + * internal use only. * * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0 * - * \param ctx SHA-512 context - * \param data buffer holding one block of data + * \param ctx The SHA-512 context. + * \param data The buffer holding one block of data. */ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process( mbedtls_sha512_context *ctx, @@ -212,14 +230,23 @@ extern "C" { #endif /** - * \brief Output = SHA-512( input buffer ) + * \brief This function calculates the SHA-512 or SHA-384 + * checksum of a buffer. * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-384/512 checksum result - * \param is384 0 = use SHA512, 1 = use SHA384 + * The function allocates the context, performs the + * calculation, and frees the context. * - * \return 0 if successful + * The SHA-512 result is calculated as + * output = SHA-512(input buffer). + * + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * \param output The SHA-384 or SHA-512 checksum result. + * \param is384 Determines which function to use. + *
  • 0: Use SHA-512.
    • + *
  • 1: Use SHA-384.
+ * + * \return \c 0 on success. */ int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, @@ -233,14 +260,23 @@ int mbedtls_sha512_ret( const unsigned char *input, #define MBEDTLS_DEPRECATED #endif /** - * \brief Output = SHA-512( input buffer ) + * \brief This function calculates the SHA-512 or SHA-384 + * checksum of a buffer. + * + * The function allocates the context, performs the + * calculation, and frees the context. + * + * The SHA-512 result is calculated as + * output = SHA-512(input buffer). * * \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0 * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-384/512 checksum result - * \param is384 0 = use SHA512, 1 = use SHA384 + * \param input The buffer holding the data. + * \param ilen The length of the input data. + * \param output The SHA-384 or SHA-512 checksum result. + * \param is384 Determines which function to use. + *
  • 0: Use SHA-512.
    • + *
  • 1: Use SHA-384.
*/ MBEDTLS_DEPRECATED static inline void mbedtls_sha512( const unsigned char *input, @@ -253,11 +289,10 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512( #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ - -/** - * \brief Checkup routine + /** + * \brief The SHA-384 or SHA-512 checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_sha512_self_test( int verbose ); From 8dd16ab7c0e8c516f130260e001550761815832a Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 30 Jan 2018 15:24:42 +0000 Subject: [PATCH 0675/1059] doxygen: Disable JAVADOC_AUTOBRIEF Disable JAVADOC_AUTOBRIEF so that we can have periods in our brief descriptions. We always use '\brief' where we want a brief, so this won't hide any documentation previously used as a brief. --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index d5b3abe750..40fa056d85 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -165,7 +165,7 @@ SHORT_NAMES = NO # comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) -JAVADOC_AUTOBRIEF = YES +JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then Doxygen will # interpret the first line (until the first dot) of a Qt-style From 3b438d33c18cc6c9473027010945dce05eb5e1e3 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 2 Feb 2018 17:52:47 +0000 Subject: [PATCH 0676/1059] Update version to 2.7.0 --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- library/Makefile | 2 +- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index add75f7a26..641d5c4fb3 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.6.0 source code documentation + * @mainpage mbed TLS v2.7.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 40fa056d85..cbe0db4f2c 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.6.0" +PROJECT_NAME = "mbed TLS v2.7.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 8af6f01708..961be59c35 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 6 +#define MBEDTLS_VERSION_MINOR 7 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02060000 -#define MBEDTLS_VERSION_STRING "2.6.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.6.0" +#define MBEDTLS_VERSION_NUMBER 0x02070000 +#define MBEDTLS_VERSION_STRING "2.7.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index e02229d03c..02ccea8bc9 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -141,15 +141,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.6.0 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.0 SOVERSION 1) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.6.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.7.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.6.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.7.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/library/Makefile b/library/Makefile index 541d47fe9f..65a102f3a1 100644 --- a/library/Makefile +++ b/library/Makefile @@ -33,7 +33,7 @@ endif SOEXT_TLS=so.10 SOEXT_X509=so.0 -SOEXT_CRYPTO=so.0 +SOEXT_CRYPTO=so.1 DLEXT=so # OSX shared library extension: diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 1442a384c4..1aa4ffa754 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.6.0" +check_compiletime_version:"2.7.0" Check runtime library version -check_runtime_version:"2.6.0" +check_runtime_version:"2.7.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 55fc4e0c5af313f078d6a80d54ab448acb940dc6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 5 Feb 2018 01:09:13 +0000 Subject: [PATCH 0677/1059] Update ChangeLog with language and technical corrections To clarify and correct the ChangeLog. --- ChangeLog | 77 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 36 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f54aafe88..8db0215914 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,44 +1,46 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.7.0 branch released 2018-02-03 Security - * Fix buffer overflow in RSA-PSS verification when the hash is too - large for the key size. Found by Seth Terashima, Qualcomm Product - Security Initiative, Qualcomm Technologies Inc. - * Fix buffer overflow in RSA-PSS verification when the unmasked - data is all zeros. - * Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding - 64kB to the address of the SSL buffer wraps around. - * Fix a potential heap buffer overflow in mbedtls_ssl_write. When the (by + * Fix a heap corruption issue in the implementation of the truncated HMAC + extension. When the truncated HMAC extension is enabled and CBC is used, + sending a malicious application packet could be used to selectively corrupt + 6 bytes on the peer's heap, which could potentially lead to crash or remote + code execution. The issue could be triggered remotely from either side in + both TLS and DTLS. CVE-2018-0488 + * Fix a buffer overflow in RSA-PSS verification when the hash was too large + for the key size, which could potentially lead to crash or remote code + execution. Found by Seth Terashima, Qualcomm Product Security Initiative, + Qualcomm Technologies Inc. CVE-2018-0487 + * Fix buffer overflow in RSA-PSS verification when the unmasked data is all + zeros. + * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding + 64 KiB to the address of the SSL buffer and causing a wrap around. + * Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by default enabled) maximum fragment length extension is disabled in the config and the application data buffer passed to mbedtls_ssl_write is larger than the internal message buffer (16384 bytes by default), the latter overflows. The exploitability of this issue depends on whether the application layer can be forced into sending such large packets. The issue was independently reported by Tim Nordell via e-mail and by Florin Petriuc - and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707. - * Tighten should-be-constant-time memcmp against compiler optimizations. + and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. + Fixes #707. + * Add a provision to prevent compiler optimizations breaking the time + constancy of mbedtls_ssl_safer_memcmp(). * Ensure that buffers are cleared after use if they contain sensitive data. Changes were introduced in multiple places in the library. * Set PEM buffer to zero before freeing it, to avoid decoded private keys being leaked to memory after release. * Fix dhm_check_range() failing to detect trivial subgroups and potentially leaking 1 bit of the private key. Reported by prashantkspatil. - * Make mbedtls_mpi_read_binary constant-time with respect to - the input data. Previously, trailing zero bytes were detected - and omitted for the sake of saving memory, but potentially - leading to slight timing differences. - Reported by Marco Macchetti, Kudelski Group. + * Make mbedtls_mpi_read_binary() constant-time with respect to the input + data. Previously, trailing zero bytes were detected and omitted for the + sake of saving memory, but potentially leading to slight timing + differences. Reported by Marco Macchetti, Kudelski Group. * Wipe stack buffer temporarily holding EC private exponent after keypair generation. - * Fix heap corruption in implementation of truncated HMAC extension. - When the truncated HMAC extension is enabled and CBC is used, - sending a malicious application packet can be used to selectively - corrupt 6 bytes on the peer's heap, potentially leading to crash or - remote code execution. This can be triggered remotely from either - side in both TLS and DTLS. - * Fix a potential heap buffer overread in ALPN extension parsing + * Fix a potential heap buffer over-read in ALPN extension parsing (server-side). Could result in application crash, but only if an ALPN name larger than 16 bytes had been configured on the server. * Change default choice of DHE parameters from untrustworthy RFC 5114 @@ -69,11 +71,12 @@ Features mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). * Add support for alternative implementation of ECJPAKE, controlled by the new configuration flag MBEDTLS_ECJPAKE_ALT. + * Add mechanism to provide alternative implementation of the DHM module. API Changes * Extend RSA interface by multiple functions allowing structure- independent setup and export of RSA contexts. Most notably, - mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting + mbedtls_rsa_import() and mbedtls_rsa_complete() are introduced for setting up RSA contexts from partial key material and having them completed to the needs of the implementation automatically. This allows to setup private RSA contexts from keys consisting of N,D,E only, even if P,Q are needed for the @@ -91,7 +94,7 @@ API Changes New deprecations * Deprecate usage of RSA primitives with non-matching key-type - (e.g., signing with a public key). + (e.g. signing with a public key). * Direct manipulation of structure fields of RSA contexts is deprecated. Users are advised to use the extended RSA API instead. * Deprecate usage of message digest functions that return void @@ -104,8 +107,8 @@ New deprecations * Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc. Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN etc. - * Deprecate mbedtls_ssl_conf_dh_param for setting default DHE parameters - from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin + * Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters + from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() accepting DHM parameters in binary form, matching the new constants. Bugfix @@ -141,11 +144,11 @@ Bugfix * Don't print X.509 version tag for v1 CRT's, and omit extensions for non-v3 CRT's. * Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024 - * Fix net_would_block to avoid modification by errno through fcntl call. + * Fix net_would_block() to avoid modification by errno through fcntl() call. Found by nkolban. Fixes #845. - * Fix handling of handshake messages in mbedtls_ssl_read in case + * Fix handling of handshake messages in mbedtls_ssl_read() in case MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp. - * Add a check for invalid private parameters in mbedtls_ecdsa_sign. + * Add a check for invalid private parameters in mbedtls_ecdsa_sign(). Reported by Yolan Romailler. * Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64. * Fix incorrect unit in benchmark output. #850 @@ -154,7 +157,7 @@ Bugfix * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by MilenkoMitrovic, #1104 * Fix mbedtls_timing_alarm(0) on Unix and MinGW. - * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. + * Fix use of uninitialized memory in mbedtls_timing_get_timer() when reset=1. * Fix possible memory leaks in mbedtls_gcm_self_test(). * Added missing return code checks in mbedtls_aes_self_test(). * Fix issues in RSA key generation program programs/x509/rsa_genkey and the @@ -164,9 +167,10 @@ Bugfix * Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue. * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c. Found and fixed by Martijn de Milliano. - * Fix bug in cipher decryption with MBEDTLS_PADDING_ONE_AND_ZEROS that - sometimes accepted invalid padding. (Not used in TLS.) Found and fixed - by Micha Kraus. + * Fix an issue in the cipher decryption with the mode + MBEDTLS_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding. + Note, this padding mode is not used by the TLS protocol. Found and fixed by + Micha Kraus. * Fix the entropy.c module to not call mbedtls_sha256_starts() or mbedtls_sha512_starts() in the mbedtls_entropy_init() function. * Fix the entropy.c module to ensure that mbedtls_sha256_init() or @@ -174,9 +178,11 @@ Bugfix structure. Do not assume that zeroizing a context is a correct way to reset it. Found independently by ccli8 on Github. * In mbedtls_entropy_free(), properly free the message digest context. + * Fix status handshake status message in programs/ssl/dtls_client.c. Found + and fixed by muddog. Changes - * Extend cert_write example program by options to set the CRT version + * Extend cert_write example program by options to set the certificate version and the message digest. Further, allow enabling/disabling of authority identifier, subject identifier and basic constraints extensions. * Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In @@ -186,7 +192,6 @@ Changes * Only run AES-192 self-test if AES-192 is available. Fixes #963. * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. - * Add mechanism to provide alternative implementation of the DHM module. * Update all internal usage of deprecated message digest functions to the new ones with return codes. In particular, this modifies the mbedtls_md_info_t structure. Propagate errors from these functions From 85e1dcff6a90d7aa3bbf3abce64ac97b775fda64 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 6 Feb 2018 15:59:38 +0200 Subject: [PATCH 0678/1059] Fix handshake failure in suite B Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY` instead of `MBEDTLS_ECDSA` --- ChangeLog | 6 ++++++ library/x509_crt.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8db0215914..48529f3092 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix handshake failure in NIST suite b, where the key was determined as + MBEDTLS_ECKEY instead of MBEDTLS_ECDSA. + = mbed TLS 2.7.0 branch released 2018-02-03 Security diff --git a/library/x509_crt.c b/library/x509_crt.c index c6209fb40d..0e28dac01c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -133,7 +133,8 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), /* Only ECDSA */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ), + MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), #if defined(MBEDTLS_ECP_C) /* Only NIST P-256 and P-384 */ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | From 099e61df522ddc3e242c113a636111b5e9d55004 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 6 Feb 2018 17:34:27 +0200 Subject: [PATCH 0679/1059] Rephrase Changelog Rephrase Changelog to be more coherent to users --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 48529f3092..5945b7eae2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Fix handshake failure in NIST suite b, where the key was determined as - MBEDTLS_ECKEY instead of MBEDTLS_ECDSA. + * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates + with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. + In the context of SSL, this resulted in handshake failure. = mbed TLS 2.7.0 branch released 2018-02-03 From c15399843ef42a41d03374cf64de29a7716b7481 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 6 Feb 2018 18:47:17 +0200 Subject: [PATCH 0680/1059] Add some tests for different available profiles Add tests for suite b profile and for the next profile --- tests/suites/test_suite_x509parse.data | 20 ++++++++++++++++++++ tests/suites/test_suite_x509parse.function | 4 ++++ 2 files changed, 24 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d4cc11a08f..73ccead253 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -735,6 +735,26 @@ X509 Certificate verification #87 (Expired CA and invalid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" +X509 Certificate verification #88 (Suite B invalid, EC cert, RSA CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" + +X509 Certificate verification #89 (Suite B invalid, RSA cert, EC CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" + +X509 Certificate verification #90 (Suite B Valid, EC cert, EC CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" + +X509 Certificate verification #91 (next profile Invalid Cert SHA224 Digest) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" + +X509 Certificate verification #92 (next profile Valid Cert SHA256 Digest) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 0dfdd61c22..2a98771a7f 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -250,6 +250,10 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, if( strcmp( profile_str, "default" ) == 0 ) profile = &mbedtls_x509_crt_profile_default; + else if( strcmp( profile_str, "next" ) == 0 ) + profile = &mbedtls_x509_crt_profile_next; + else if( strcmp( profile_str, "suite_b" ) == 0 ) + profile = &mbedtls_x509_crt_profile_suiteb; else if( strcmp( profile_str, "compat" ) == 0 ) profile = &compat_profile; else From ffb6efd3834a3b0a48f4fa572fb7cb4f3236a4a0 Mon Sep 17 00:00:00 2001 From: Mathieu Briand Date: Wed, 7 Feb 2018 10:29:27 +0100 Subject: [PATCH 0681/1059] Fix doxygen documentation for CCM encryption Fix valid tag length values for mbedtls_ccm_encrypt_and_tag() function. Add valid value ranges for mbedtls_ccm_auth_decrypt() parameters. Signed-off-by: Mathieu Briand --- include/mbedtls/ccm.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 5a9ee4a1cd..630b7fdf6c 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -105,7 +105,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * Must be at least \p length Bytes wide. * \param tag The buffer holding the tag. * \param tag_len The length of the tag to generate in Bytes: - * 4, 6, 8, 10, 14 or 16. + * 4, 6, 8, 10, 12, 14 or 16. * * \note The tag is written to a separate buffer. To concatenate * the \p tag with the \p output, as done in RFC-3610: @@ -131,10 +131,13 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13. * \param add The additional data field. * \param add_len The length of additional data in Bytes. + * Must be less than 2^16 - 2^8. * \param input The buffer holding the input data. * \param output The buffer holding the output data. + * Must be at least \p length Bytes wide. * \param tag The buffer holding the tag. * \param tag_len The length of the tag in Bytes. + * 4, 6, 8, 10, 12, 14 or 16. * * \return 0 if successful and authenticated, or * #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. From 1072e5c7e59f18db27d56720072e0b5fcfa3573b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 7 Feb 2018 18:43:02 +0200 Subject: [PATCH 0682/1059] Update ChangeLog style Add dot at end of change in ChangeLog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f13982b623..2f17367137 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Allow comments in test data files. - * Add support for public keys encoded in PKCS#1 format + * Add support for public keys encoded in PKCS#1 format. Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. From 9566ff791337d6645943d1123e041b65149b3a99 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 7 Feb 2018 18:59:41 +0200 Subject: [PATCH 0683/1059] Fix minor issues raised in PR review 1. Style issues fixes - remove redundant spacing. 2. Remove depency of `MBEDTLS_RSA_C` in `pk_parse_public_keyfile_rsa()` tests, as the function itself is dependent on it. --- library/pkparse.c | 8 ++++---- tests/suites/test_suite_pkparse.data | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 41eeadf45e..cccc0b5963 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1325,16 +1325,16 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) return( ret ); - p = (unsigned char *) key; + p = (unsigned char *)key; ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); - if ( ret == 0 ) + if( ret == 0 ) { return( ret ); } mbedtls_pk_free( ctx ); - if ( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) + if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) { - return ( ret ); + return( ret ); } #endif /* MBEDTLS_RSA_C */ p = (unsigned char *) key; diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 32957266cc..e9f65c9c9e 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -110,11 +110,10 @@ Parse Public RSA Key #1 (PKCS#8 wrapped, DER) pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.der":0 Parse Public RSA Key #3 (PKCS#1 wrapped) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.pem":0 Parse Public RSA Key #4 (PKCS#1 wrapped, DER) -depends_on:MBEDTLS_RSA_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0 Parse Public EC Key #1 (RFC 5480, DER) From 12ccef276129a1ac4c2d003428a17e042a15d0a3 Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Wed, 20 Dec 2017 07:03:55 +0800 Subject: [PATCH 0684/1059] pkcs5v2: add support for additional hmacSHA algorithms Currently only SHA1 is supported as PRF algorithm for PBKDF2 (PKCS#5 v2.0). This means that keys encrypted and authenticated using another algorithm of the SHA family cannot be decrypted. This deficiency has become particularly incumbent now that PKIs created with OpenSSL1.1 are encrypting keys using hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default and even if v2 was forced, it would still use hmacSHA1). Enable support for all the digest algorithms of the SHA family for PKCS#5 v2.0. Signed-off-by: Antonio Quartulli --- ChangeLog | 7 +++++ include/mbedtls/oid.h | 18 ++++++++++++ library/oid.c | 45 ++++++++++++++++++++++++++++++ library/pkcs5.c | 4 +-- tests/suites/test_suite_pkcs5.data | 4 +-- 5 files changed, 73 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8db0215914..4189089d22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Features + * Extend PKCS#8 interface by introducing support for the entire SHA + algorithms family when encrypting private keys using PKCS#5 v2.0. + Submitted by Antonio Quartulli, OpenVPN Inc. + = mbed TLS 2.7.0 branch released 2018-02-03 Security diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index bf2ef5ece4..408645ece7 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -228,6 +228,14 @@ #define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ +#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */ + +#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */ + +#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */ + +#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */ + /* * Encryption algorithms */ @@ -514,6 +522,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg ); + +/** + * \brief Translate hmac algorithm OID into md_type + * + * \param oid OID to use + * \param md_hmac place to store message hmac algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac ); #endif /* MBEDTLS_MD_C */ /** diff --git a/library/oid.c b/library/oid.c index f13826ed74..edea950f8f 100644 --- a/library/oid.c +++ b/library/oid.c @@ -625,6 +625,51 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg) + +/* + * For HMAC digestAlgorithm + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_hmac; +} oid_md_hmac_t; + +static const oid_md_hmac_t oid_md_hmac[] = +{ +#if defined(MBEDTLS_SHA1_C) + { + { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" }, + MBEDTLS_MD_SHA1, + }, +#endif /* MBEDTLS_SHA1_C */ +#if defined(MBEDTLS_SHA256_C) + { + { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" }, + MBEDTLS_MD_SHA224, + }, + { + { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" }, + MBEDTLS_MD_SHA256, + }, +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA512_C) + { + { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" }, + MBEDTLS_MD_SHA384, + }, + { + { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" }, + MBEDTLS_MD_SHA512, + }, +#endif /* MBEDTLS_SHA512_C */ + { + { NULL, 0, NULL, NULL }, + MBEDTLS_MD_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) +FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_PKCS12_C) diff --git a/library/pkcs5.c b/library/pkcs5.c index e28d5a8473..95f44fa98b 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -96,11 +96,9 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 ) return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); - if( MBEDTLS_OID_CMP( MBEDTLS_OID_HMAC_SHA1, &prf_alg_oid ) != 0 ) + if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); - *md_type = MBEDTLS_MD_SHA1; - if( p != end ) return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index e609d62b41..4c2c0bb6ef 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -82,9 +82,9 @@ PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong) depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" -PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA1) +PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*) depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C -mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0208":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" +mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" PBES2 Decrypt (bad, PBKDF2 params extra data) depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C From e87e88575611df45006c0679176dbae37c2a8afc Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Wed, 31 Jan 2018 23:23:02 +0800 Subject: [PATCH 0685/1059] tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms Test vectors for SHA224,256,384 and 512 have been generated using Python's hashlib module by the following oneliner: import binascii, hashlib binascii.hexlify(hashlib.pbkdf2_hmac(ALGO, binascii.unhexlify('PASSWORD'), binascii.unhexlify('SALT'), ITER, KEYLEN))) where ALGO was 'sha224', 'sha256', 'sha384' and 'sha512' respectively. Values for PASSWORD, SALT, ITER and KEYLEN were copied from the existent test vectors for SHA1. For SHA256 we also have two test vectors coming from RFC7914 Sec 11. Signed-off-by: Antonio Quartulli --- tests/suites/test_suite_pkcs5.data | 88 ++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 4c2c0bb6ef..f3c421d0f9 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -18,6 +18,94 @@ PBKDF2 RFC 6070 Test Vector #6 (SHA1) depends_on:MBEDTLS_SHA1_C pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3" +PBKDF2 Python hashlib Test Vector #1 (SHA224) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":1:20:"3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e" + +PBKDF2 Python hashlib Test Vector #2 (SHA224) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":2:20:"93200ffa96c5776d38fa10abdf8f5bfc0054b971" + +PBKDF2 Python hashlib Test Vector #3 (SHA224) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":4096:20:"218c453bf90635bd0a21a75d172703ff6108ef60" + +PBKDF2 Python hashlib Test Vector #5 (SHA224) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"056c4ba438ded91fc14e0594e6f52b87e1f3690c0dc0fbc057" + +PBKDF2 Python hashlib Test Vector #6 (SHA224) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA224:"7061737300776f7264":"7361006c74":4096:16:"9b4011b641f40a2a500a31d4a392d15c" + +PBKDF2 RFC 7914 Sec 11 Test Vector #1 (SHA256) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA256:"706173737764":"73616c74":1:64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783" + +PBKDF2 RFC 7914 Sec 11 Test Vector #2 (SHA256) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA256:"50617373776f7264":"4e61436c":80000:64:"4ddcd8f60b98be21830cee5ef22701f9641a4418d04c0414aeff08876b34ab56a1d425a1225833549adb841b51c9b3176a272bdebba1d078478f62b397f33c8d" + +PBKDF2 Python hashlib Test Vector #1 (SHA256) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":1:20:"120fb6cffcf8b32c43e7225256c4f837a86548c9" + +PBKDF2 Python hashlib Test Vector #2 (SHA256) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":2:20:"ae4d0c95af6b46d32d0adff928f06dd02a303f8e" + +PBKDF2 Python hashlib Test Vector #3 (SHA256) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":4096:20:"c5e478d59288c841aa530db6845c4c8d962893a0" + +PBKDF2 Python hashlib Test Vector #5 (SHA256) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c" + +PBKDF2 Python hashlib Test Vector #6 (SHA256) +depends_on:MBEDTLS_SHA256_C +pbkdf2_hmac:MBEDTLS_MD_SHA256:"7061737300776f7264":"7361006c74":4096:16:"89b69d0516f829893c696226650a8687" + +PBKDF2 Python hashlib Test Vector #1 (SHA384) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":1:20:"c0e14f06e49e32d73f9f52ddf1d0c5c719160923" + +PBKDF2 Python hashlib Test Vector #2 (SHA384) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":2:20:"54f775c6d790f21930459162fc535dbf04a93918" + +PBKDF2 Python hashlib Test Vector #3 (SHA384) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":4096:20:"559726be38db125bc85ed7895f6e3cf574c7a01c" + +PBKDF2 Python hashlib Test Vector #5 (SHA384) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"819143ad66df9a552559b9e131c52ae6c5c1b0eed18f4d283b" + +PBKDF2 Python hashlib Test Vector #6 (SHA384) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA384:"7061737300776f7264":"7361006c74":4096:16:"a3f00ac8657e095f8e0823d232fc60b3" + +PBKDF2 Python hashlib Test Vector #1 (SHA512) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":1:20:"867f70cf1ade02cff3752599a3a53dc4af34c7a6" + +PBKDF2 Python hashlib Test Vector #2 (SHA512) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":2:20:"e1d9c16aa681708a45f5c7c4e215ceb66e011a2e" + +PBKDF2 Python hashlib Test Vector #3 (SHA512) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":4096:20:"d197b1b33db0143e018b12f3d1d1479e6cdebdcc" + +PBKDF2 Python hashlib Test Vector #5 (SHA512) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868" + +PBKDF2 Python hashlib Test Vector #6 (SHA512) +depends_on:MBEDTLS_SHA512_C +pbkdf2_hmac:MBEDTLS_MD_SHA512:"7061737300776f7264":"7361006c74":4096:16:"9d9e9c4cd21fe4be24d5b8244c759665" + PBES2 Decrypt (OK) depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" From bfa440e9fb0388f0cb1b5ec5a81820bc560e8be8 Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Wed, 31 Jan 2018 23:45:09 +0800 Subject: [PATCH 0686/1059] tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results Some unit tests for pbkdf2_hmac() have results longer than 99bytes when represented in hexadecimal form. For this reason extend the result array to accommodate longer strings. At the same time make memset() parametric to avoid bugs in the future. Signed-off-by: Antonio Quartulli --- tests/suites/test_suite_pkcs5.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 8fabec085c..3ad64805fd 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -14,7 +14,7 @@ void pbkdf2_hmac( int hash, char *hex_password_string, { unsigned char pw_str[100]; unsigned char salt_str[100]; - unsigned char dst_str[100]; + unsigned char dst_str[200]; mbedtls_md_context_t ctx; const mbedtls_md_info_t *info; @@ -24,9 +24,9 @@ void pbkdf2_hmac( int hash, char *hex_password_string, mbedtls_md_init( &ctx ); - memset(pw_str, 0x00, 100); - memset(salt_str, 0x00, 100); - memset(dst_str, 0x00, 100); + memset(pw_str, 0x00, sizeof(pw_str)); + memset(salt_str, 0x00, sizeof(salt_str)); + memset(dst_str, 0x00, sizeof(dst_str)); pw_len = unhexify( pw_str, hex_password_string ); salt_len = unhexify( salt_str, hex_salt_string ); From f476b9d98c2d3474ddd1f45dd9ff8c02ace9744b Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Thu, 1 Feb 2018 13:54:13 +0800 Subject: [PATCH 0687/1059] data_files/pkcs8-v2: add keys generated with PRF != SHA1 We now have support for the entire SHA family to be used as PRF in PKCS#5 v2.0, therefore we need to add new keys to test these new functionalities. This patch adds the new keys in `tests/data_files` and commands to generate them in `tests/data_files/Makefile`. Note that the pkcs8 command in OpenSSL 1.0 called with the -v2 argument generates keys using PKCS#5 v2.0 with SHA1 as PRF by default. (This behaviour has changed in OpenSSL 1.1, where the exact same command instead uses PKCS#5 v2.0 with SHA256) The new keys are generated by specifying different PRFs with -v2prf. Signed-off-by: Antonio Quartulli --- tests/data_files/Makefile | 248 +++++++++++++++++- ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der | Bin 0 -> 728 bytes ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem | 18 ++ ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der | Bin 0 -> 728 bytes ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem | 18 ++ ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der | Bin 0 -> 728 bytes ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem | 18 ++ ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der | Bin 0 -> 728 bytes ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem | 18 ++ ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der | Bin 0 -> 725 bytes ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem | 18 ++ ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der | Bin 0 -> 725 bytes ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem | 18 ++ ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der | Bin 0 -> 725 bytes ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem | 18 ++ ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der | Bin 0 -> 725 bytes ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem | 18 ++ ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der | Bin 0 -> 1312 bytes ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem | 30 +++ ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der | Bin 0 -> 1312 bytes ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem | 30 +++ ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der | Bin 0 -> 1312 bytes ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem | 30 +++ ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der | Bin 0 -> 1312 bytes ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem | 30 +++ ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der | Bin 0 -> 1309 bytes ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem | 30 +++ ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der | Bin 0 -> 1309 bytes ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem | 30 +++ ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der | Bin 0 -> 1309 bytes ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem | 30 +++ ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der | Bin 0 -> 1309 bytes ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem | 30 +++ ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der | Bin 0 -> 2464 bytes ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem | 54 ++++ ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der | Bin 0 -> 2464 bytes ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem | 54 ++++ ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der | Bin 0 -> 2464 bytes ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem | 54 ++++ ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der | Bin 0 -> 2464 bytes ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem | 54 ++++ ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der | Bin 0 -> 2461 bytes ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem | 54 ++++ ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der | Bin 0 -> 2461 bytes ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem | 54 ++++ ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der | Bin 0 -> 2461 bytes ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem | 54 ++++ ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der | Bin 0 -> 2461 bytes ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem | 54 ++++ 49 files changed, 1062 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d4aed678a4..049e8cf001 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -234,7 +234,7 @@ keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 ### -### PKCS8-v2 encoded, encrypted RSA keys +### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) ### ### 1024-bit @@ -294,6 +294,250 @@ keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pb keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des +### +### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 +### + +### 1024-bit +rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der +rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem +keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem + +rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der +rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem +keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem + +keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 + +### 2048-bit +rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der +rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem +keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der +rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem +keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem + +keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 + +### 4096-bit +rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der +rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem +keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem + +rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der +rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem +keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem + +keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 + +### +### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 +### + +### 1024-bit +rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der +rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem +keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem + +rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der +rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem +keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem + +keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 + +### 2048-bit +rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der +rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem +keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der +rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem +keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem + +keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 + +### 4096-bit +rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der +rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem +keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem + +rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der +rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem +keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem + +keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 + +### +### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 +### + +### 1024-bit +rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der +rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem +keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der +rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem +keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem + +keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 + +### 2048-bit +rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem + +keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 + +### 4096-bit +rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der +rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem +keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der +rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem +keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem + +keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 + +### +### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 +### + +### 1024-bit +rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der +rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem +keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem + +rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der +rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem +keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem + +keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 + +### 2048-bit +rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der +rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem +keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der +rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem +keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem + +keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 + +### 4096-bit +rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der +rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem +keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem + +rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der +rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem +keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem + +keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 + ### ### Rules to generate all RSA keys from a particular class ### @@ -308,7 +552,7 @@ keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 ### Generate PKCS8-v2 encrypted RSA keys -keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 +keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 ### Generate all RSA keys keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der new file mode 100644 index 0000000000000000000000000000000000000000..4d55a591130415c2fe32e3b9152471b3c9c5d8e5 GIT binary patch literal 728 zcmV;}0w?`2f&$bqP6i1ohDe6@4FLrWFhMXW1_>&LNQU&90UmRshQ@;Gp-Q= z0tf&w3gmBIG`st_(NFpncKNK%a4x_6kDwR@_XtXQZJaw z&-O|Gw}*kdOXWz?X4G$ni$U&XTx|*XzG*1wLqX9(kO!B{C}yEaZrh*7sIQd9BQ4L~ z>FQNEAJS!#FVi})RcG(;mRJk=1`X$GC7s#_d$|dO9wKINpuFejF;ZUh!`o7RzVf4- zDED92{rGHXHg9D~fY_MTe;XEKuWFx+)%p(fFL@p=s@cc_!DhFNnVt+67on=NrmJML zTQZ)H4u|aW*=RXuj~?R4TWH^pMJ{SlSubvRs{a^t=lMMx6@3W7C9tTra_+0Ru5hbi zT$X>L3G2mw|Bi?krWsj3OX!Lrhvv)Ptp_d>AjWj;J}aL{y4s*C15-%p?_p_jPB&kd zpOg8K9+rWxJ|TpR=dN|Hv6%xx-miqchQslXgpn{$lzoIhv|vjN<2XUbD+t)D@=b%e zhE2>`^{<~qC88w`Nu4!7t}XuS*!bA1?83YXwTf8QCXyvL$b41=gm1#1X&;~zCTC+3 zHF%Lau?Xce!O=JXfFCN!RPj;aoGd^Yr=b__;=-q8dTC9y!kv8b;~5Gpb(*b`+c^!a ze~opsFVK7Np4K$Y_;;5-JYd2}K=+`u8E!F(-LpZfnvy-Gea15iYN4aylyr$={Al^n z5e_js& literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem new file mode 100644 index 0000000000..b47b5e8f93 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIc1vbNC/8pHsCAggA +MAwGCCqGSIb3DQIIBQAwFAYIKoZIhvcNAwcECLMkF/Djhb0fBIICgAg/jv44TuAQ +yB+WMkHpvVS25ZLJabHUyHLS+vqhEkz2AqvJNETL/L6bIHRD1o4BJ8Fcrc339Bz+ +zuFHnK7JG0PzRKl9RcO/SY9lfLFNkXtyPxB6DtSXeYTV49NtAvWPV46LSBnMqnP5 +/Tkmk+sE3Lx+sBMqe/rpBeZM31fB9ShS9FgDGfE+ARvzcuQslYNazdT2KVeu+5Tp +qSN1lhAW18Dwo3r1IpnhWGZ5r66TEEunhGI+mX9GdkDhhFiHHn3tUPiWSh9UAPH2 +W59/c7sY0Rn5AmqeHu6F2b99ScRaLhkt6aFNnBAcnrjHhqZJOl4UOR7OGL3WlNjN +FXfCzJ3/+lA+NNEVWScb4xs6RNQRnJ9NHyfdSJuQQM/HXhaW1nSYoFS8nKDpenXA +8hb3gbrGeB0MybmpGtiR4MhJD7FWnH0uQsA4dOrrx2XYaPUBZGtqzvrIDmzO6jv1 +ixmuSyw7nZSYqT554tPT97oBRPHhQVdz7fGBEqxrBNJR1cQjS35Q3oes6jarzTsu +z8REC1QXZtgbWZvlm2m0iwKhQItqOfSnlNkL0IUJGUF8j3Ijz/fbNsfPOObpQCic +ARz1Mnq9ZaDMrvMMpJHcMhYe3y75zuv9WODuPl9vNVc7KRRWgqVDmBHYZqHh4M2w +T86WrEbnbNEHHPhXgSsaKYXvBD7zWocfQ3r2HEstHj9AmoqslxIDptqJv/8Lye9E +kbv+d48oEkStDIfa032Ha95zsMp7BuvWStwnOG2q5sCexNpQdw3Mp7Y2oejVKRS8 +Vc/icnFu35VxZLq/vBEFEDjzbCQ0ayk+GKYWyAxW7gsmWtSWDskv0WaJ0cNj5u2L ++BsyzY8Hw7s= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der new file mode 100644 index 0000000000000000000000000000000000000000..2ec275f143a9bcd1b9f17cb220140bbc17ff95d7 GIT binary patch literal 728 zcmV;}0w?`2f&$bqP6i1ohDe6@4FLrWFhMXW1_>&LNQU&90UlY;ErM%$%NVh z0tf&w3BtR;`W9zJI|G!laEfJ_H!|*Cm-l2p`RH`2!_XMk4~o3ci2pZXjycH4$nZ8@`B#winYFo=w5k1=PHeFC|u2{9HpVGXm74;h03D^Btq zw}#aR+nl}1Tf9g2a{N(3&_8HUW%kXeyx*A`wbj*LIZxfH? zfy0w}pa@HReT1;U6o{mzLHBc7uNX(_2ZKeJKpOk!3lRJydc{T1SasXspCP0zQiuzMvlc{bd^{DDb99*VW(syC- zj+=va7!K9qEc(s%pXdWKVsLROPWhR4g#cCO^4D>~l{?!>vVo*0FGvBUbh+8BbA&tO zGT~(mhpEUc$k*y}pr$PitycW1U4_TgQ9=0S8*?9_ifH%|O8nABYYVOM{tLTkXi<** zqq#Wjw;!j^jpSzrc-HM);*WEk|g`|wj^R%mzA~W(Xgiu+eaIEDbRLCEbnmQkY KfKkKkx^K4em|dj+ literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem new file mode 100644 index 0000000000..9593454837 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI9ROEj7BZDIsCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD8QzMKCoJNPBIICgG/g7EGQ8k7c +5j0huNkV3WdtH4a3b5w3xD5mzGy2LoTaM+iLdatb7JSA63v5KmWwYI9WDqGsbAfE +gApGcoAkXtb2FlnMOb1azjDHVkHkMGkINKD8LvwGEb5/eqW6Qk1GS6WH2q7IuruG +y77wsxkk2gLJcdO8+k0aLMZTQ5lyTm3d2ap2f5QA78NGo0n9zJJs6JAWsoXfdMZk +ShrYwJWaAYDlFVn3vne55mC54Omx1wCqNM+0kkTvbCS1U96FYNzbvIZe1gaULxAc +GkRIan8Mo5da+2jI0GZf6w9S5E3f8zi7lltGlfmcN4bMZR3fGwpAdPx7oW9j0GVc +162Dmn8SS9tgT2pWeDb1DjjabeSc5YzMIJpblMJM6KB4g2GpKhuWNtfHLIxR0M+7 +YTvmwE25L4Oq6bOzuM4lX8rp1fTqnOQDmXHIB7PO3w+kh2nxUwOoB/9nXNlkdUw6 +CbsKOr0MV98Ab8pTvwhZUm3UhHzONInDkHH5POHqqWc5XCfpW1fekUuOIkr3yPrt +F1lY0KBMq6FMcMm/aZDAaM6rB2yLzfe8ErtA7zwkfb3j44bYFFjo3WiaaBUnpmps +oAHdDqJMpsfs2sQeEa7jMb6dGUjlUU/3S+nf9cpQAH2spWbDMhM5Sewc9JpGDk4w +6KD9ICHr+FgT0sF8hTbBZifxAeuXuaq6r3LGaYNs6EvADC3MzSNu0dt2ZK4i804O +y3LSXX/5zVqSbmtQ6NW5oL0bAR4SP+QLCJtXYLI0n7WWJwesFokW3ZWgvOJe40gk +9oNQ8DyBRlK8ier9K/nyS0VVo6QGxPAKr2Th960ekBWleHr4UGnTUFM/iuTuOTJu +l6dmAeTEdaE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..106aa99de7e8238acfef03a40dcbf05d2d0123ff GIT binary patch literal 728 zcmV;}0w?`2f&$bqP6i1ohDe6@4FLrWFhMXW1_>&LNQU&90UkX_7#pQ_8xu$ z0tf&w3 zA|V}I@JRieAOg*4O-`E|X};Wd==p2=Gukmo@{-VwoIC^}vIldWf>tFnw|y6oFUJCO z{11~q6}Cu-nCOdEraPy&i(ccG&J%9Pug~%`0dZv=?0kn!+Q;Xzf2->zDt$v(b9_w` ztcela+b%f4^o#oy;PRS8?3T9jE&pS6OW?#H9mH@<>ML!$OJ;tkCJ*9+m{Q^pht^j+I(&+gr4XI=?`u+RO}{F`-`7Wz zW)x)LLDHHSQNtuS%Zh{9)u}!bJZpx3Bl~v8Jf<1ioZy($*cFLpKTZVdB=PhDX*8Ju z26GsqLIBec*>)8c&4f|FPozxFbPONn|4{5{EaA^$lw=gmLk?suJBxUKbvObA37wsj zscr1hm;{9%B3J7J>?kyiqbHZ#dMwhEzX_jq`3_VnAv1JVKDQk>P?BIm_Bkh(=uuZi ztJJ(K{|S^?MKK2!Xjom;`~YdX>T#3xt=q^QXGAoih*2x-M|T2A=^BF*+pd;ncvvPl zPQEM_V%TVnM<6WT6&%SB@Wk6Su8j$CFy4f(&k$e%y$MPK-k>GN`-?vj^PVcdGQD9A K`Vc1nEizwUwM>2h literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem new file mode 100644 index 0000000000..3baddefeac --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIwD3fpS8RxVkCAggA +MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECOmyF+CEzwvIBIICgPFC3z4bUVPM +EgLGuLP6CiDPSKuCx3VdAu5/G5WjjU+dDvEYDtOrVfbBpVhgGAYYuhXlI2bzoO2Z +RPZLwmaVZMUUPqHjNZHND0BPsHnb54Lyw+xnhIvipYpt7m3+swL9JUzbK4bImhzD +3UdVYaCwwnpnAcTy9gleqoQ2ikCX28Oc+bZ0VUUIX+KVbVOv3gNN4w5uTyUDRGgl +AW2E2IKoNNW8oQzZYatdSMMb4Qu09HRevWpUkB//XGrCcC8aAwynxHrz7hSrJYbt +SJVNsyl+djFRcKg8sudGUPua+mYWEecCs9/MVataWfpnT8hPtPUAQpyRpC9Yxa+c +yYfl+7jHvJk54Lw92P9YAb5k0T57+G7Fpxi6MaXn6FAMqFHY2dJO7cxsg41qkF6A +sc3nvcxAxj4gtCgV0d0vVLDjbgjcAevLbzOsJVDzB8y2i6V5l+2/ffV6DjjYO8Hb +jVl6psDscX4VfX1zkEIyTF2P77luZ1gvXuFDw3+y+HpUAAE11vvFH1hmj7RR7uH+ +Y1Y7gUvUA9KSvIStsSzfdcQwaZTMNdfUNkPzKHMVZJNQ2KYkv8F4QSA7qpC07Kt9 +4iCj+D+8nMxS9s2xsZo3lgksB3srmn6ryQimEcLb/cFWbkTSGAah81UOIVtNJT1l +Tmwv35rSTELD4YVWz7CHh9nE2JxeLg6WmtlzF5ALxi5L/grZUN8lx6jNeC8/O8fy +twXR/LD1xmAn6wxcxraqnctBqzknpOP3Eize7pCDpOJR0Z1WaHvULez8G2CedEo2 +SvU8YqnJ44ceom2V3wDS4+005Xq3zKDY6xL2htnDHd2vOPstGLfHxEppNpjBqa9A +qj22QdMCv58= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der new file mode 100644 index 0000000000000000000000000000000000000000..cb158b59e3855c228ad6bfcf280904f87a26e0d9 GIT binary patch literal 728 zcmV;}0w?`2f&$bqP6i1ohDe6@4FLrWFhMXW1_>&LNQU&90Ul3NPR|`k?;2c z0tf&w3Kb>NmbbK?H&T*kc>;_L^5E1>6idd%d5sG%| zDZwYjAm|0hRd0gw16$l`k1Z?vZ@~;cv39-n`z)-%13|*;?sd|gvrjh_kJLSBCpSo? zMj*=Z4?n5ExksT7)r<9OkywX%(UNCsP!}x5^hlR8W$ccUn-tk+11{q8R<^PB2fv_n z7nVy4-i@!(fwwZ25f3YZbXO;tjVNhgR3oU5T0#XD79l?^K+eW7+0enQiL~KbTY}|T0P%xntz|&oJ!dWqQPuT%>Z`MbtDMJUc+`iuUyYB-H z)`2$KMgBo(%iauwddm@l=e84 z=VkYcot@CDYnj?E+bt0GbS=jA6x5Nn$SV=`x^R#<7H-CJ2$e%G36D{w(MU?PnG=9N z`#n+hDbuR*x6ybM#bee~ncw3mm1o2i|LF(24cZ}=ca{#a&Djp;bVEQONL6XAz86%L z!`KG)EQ5Z}25(hkJfDzIoj9#R_cE_| K7fa|51{f%?KunPU literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem new file mode 100644 index 0000000000..95d946bc08 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQINtUwWQJ0GUACAggA +MAwGCCqGSIb3DQILBQAwFAYIKoZIhvcNAwcECADq8lFajhVgBIICgJfbFYo4Pk6o +m0FhCL1/6VwE8oNU8iRbzYLs+ZjpHDKKs72N97M6FkPgwYQmcLBiJgYDfk+otjIy +Sv2QOklnEi8Vu22c+5P7UQxbobSf26hGgRlvue9xwBWylnBj9VwvgUAhbKUKJDW2 +lcUryZBQM9vX3cpeJUN7DsRFA0gyYjuoNTm1+Y1G4UqZcQUJyIVqSHA/dKpitnhR +xRNP/IkkY4GxTE3VXSoOm9KecA72iAnBdzrO3yMx7PkWUotZolMXK//5eacginYw +dSQIZDCnodaC0ugH/7QuKbe3UUyMt9b/a7Fx6c8CiR3xA1sJt0N9xGK0M1+JFBqr +cewSxvF7I+IRRE6buo1S5rqzBTZFfGArvyklBKgC0UmSFu9B25HcQzrBEXMPneG7 +W736jjfwclwKwboCXt/gHJBM69Pf2Y/Otjf1HGFcly9D+P8SPq8dkBSp49Ua9RpH +gtXpaBiNZ9Q3DIXMu1U9wLYhYJZQxU+FQHuO4wGR7h1KdSzZCg84E/T232qDr1Rf +7vLo7OHsAtQGU1pZGGorlTcY8KKwdeyo9Qk31jIZf4DwLKu+Zk1zICHrE1kuwNVE +5dcIIKA86Pu4iw2i91At2GJbGJku9j173rSL4IHV4ESUKKoHMH2ncBfjcTtjBXXj +FyauFwU6qFo71WXRMGKZpZgRenK2Lyr8/e1g/nEbHDfqN9ntgDlJhqku6ROP1Jns +WzqnWRquSk93p0xDMZAXxUZSmCzGlBr5xPhCOmHp7YWZrLmKVdWXM/6MFWpj5KeW +raxqwtiL0gU5wkKUkIxvIrjp0PqtU2q2dzwoL0blAXKEqU4v1nMeW2qhY30qz/rT +wu95SzZgh+Q= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der new file mode 100644 index 0000000000000000000000000000000000000000..d29a1e69c87016dfda7bf260d80a2b721bc56b4a GIT binary patch literal 725 zcmV;`0xJD5f&$SnO9lxlhDe6@4FLrWFg`FT1_>&LNQU&90UkP{*EfDX^(&c z0tf&w3ikSmuYucgkjNL^8_S!!!$t@lKzZ?Q&su4^tGj(KiMcy z>AieN0cZCBzLh?3`5lJ>4Xn`;1P076HZM0eo8_)iy=}2^#s?jP&h{Kda%*s|8YAXv z3ZlN22OyP4pXH!J)4t_v*AP)N2P^=uJQssptRwPfN_%6W!`~LNHLS;V9IJ;Z!*ECt zHPO&r8X038Qj}R4x6NIxsXkE^B4<6&KoyP(KVlDmJCu%E?^R6XJ

@Ahzpo>#Fp}wVx$N+d`grh7@@H1X-X?X0p zcTKONM~r8UQm_u$9qOHK#&Ocph{A|0dlu#7>jc2e%Q6cF0huL-O#eMaxs`%R4ebij zDZi0yN9qz5fusDQ7QAc_{fPHfxL{98k^mNV6$JvY#47rNxC(JKc>ky>La82F?30r~ zJ#RZbJ)($aZW4a#Z3qB&+uvKB+?;R{x*ScKXtuIl zMj1@AKGu^{V~L&knK$FehRq>N8F;F(EolHwm{T_(6Tl0c*O46blK~GwijE)lzjng0 H>vXWe(bq*~ literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem new file mode 100644 index 0000000000..9fd035c5a2 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC0TBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIoN4P/1fEZkUCAggA +MAwGCCqGSIb3DQIIBQAwEQYFKw4DAgcECJntwhGUq6HXBIICgB4ql0o/M9lv7Px6 +DUZBn1QFddPrr0slxLK7CoR1gabr9FI91o+dpyejeLHF2VFUYY3F56Q7f0P0b6Fo ++OekgX1ySvsM5EPGZBopXaAnAaoiYuZRSfiLeauHHCC/eJx5SH58pwqy0rY4j2ND +U1dYB+AVsdpRVv/MOSn6MblqauywTo3rIleK8SsuywV7NqIDLb3CHWEkUQEHJoFB +NfNb51u3GETcrYWf49V1WCbftPHj6YHlsfmUwivGCieAnNckJvUXa2TTXq+tWpO3 +8ar1cRHCFZSgx2chTgY+S5KoXcSmTp1ilNb0XADQYyWGVH3FUo1BBVk+iwNWM6vA +d6yhtdAATsdaA8e26ehXsWDUV5OVxctgjX6NVem7hJJEmGxRLQIYfR1Z2bsJp/eG +ZiweIIhsSMyKQI1jTBV10VwX8M2ovffHfAmtxbZKGVPVLnxW+ilBy6YMR6viZW/1 +EPVKeKjqlgZkhLVBNgu9WsIeP0I+RvNPMaRE8j028NW71WGdgwJ4Qb+Z3687Ob9q +tgNwp32isZ0K99UX6fUj9sR+kEcF0yMaysE1PXJd56HNydftORdq9o0jetZadlE4 +WYEvIfUd6U4nHK6OcUsNVNLua0XB1hH+K1CcPgY6JV90apsE05fP6oncPwDQT25s +8wzGpitug30N8CtH/fS+4WjJo5qa8To/JZibg3KhufeRMYKLyflfV0cp7nMtdbtd +e1CI6KFhD+oBLzsSdG0BrwaSVfxsayQQGuz3FYx2NlcTRhgXeM13pmqmv/xoMYqE ++BC0kiRhZ0yIh7Xpzg/FZNjbuQpQvqbYmlqFdKsz6YjeKcqvGMI9iav9nRA+ag3Q +qUmDliI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der new file mode 100644 index 0000000000000000000000000000000000000000..7f576bd16f29b70f450f515fae3912e520ce9c3a GIT binary patch literal 725 zcmV;`0xJD5f&$SnO9lxlhDe6@4FLrWFg`FT1_>&LNQU&90UkwRi6VL+AS zhhqw|Y6L;U58(5&u~ZS60S>504z9S!{-M9I|A!jBMaw%2N7kZd`>oc`44(Ud>I6G; zeibpq4KDm<&+^zw+BcWtnoysd{27%KB|nx4Trc}bL@ae%6v!%VxZ=mr*2$k?B7Qzp z5C+baLOI{*NXzV%@KFqC3ug;8_PXsBJDorKG=IGuzIU#Y|Bn2lncj1;eBfq~KCX@m zw4sHXVhol~t_%5eb{tK`0eD4D*l?2!aIta^FMM7)jY#3WY4H%X{ZX%j3O|LGP5RN@ zPj`ms2R0J6m=kYE0`lyK3yOuoq_ABF+pB^CcJI1_Thx-l4H=`u=HH@Wr!sk###k~@ zNuSChRwe-0c$r7nB%33AZ2Dh8w_peNurm)7!?e4vzi6o=DR$r#9JYYw+sLM^pLKPc z4lmu{6VpwpCt1TN7qC}?meG0*p#LHQR302Jjkr)-F5KX+){F_eo4XpJb@HMnZ&>Xc zr?|pri~>0B*E@*w)@s;3CFCs!@6cX6U}3xB_*dL{`1ykbDm{tVi4dL=`NNV}+_3JR zoHdmN0snUCUlRP}bD|9gDrt(r3{}p{GB=mBv|Acg?N->SL(wvU^n(+-dT!A{Xds#UkpxB9O0-OH#+l5j^DZ*AG!&O!fuUj!Lm&5s4LU zu|O85j?wavhPw1Y)&xJwN>sd*&_1wTX_6>CATbRm|_{C%ldmM{qmbP#g0cFV5MA~xiBYr@N HjSb}5LornW literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem new file mode 100644 index 0000000000..22d39e3eb5 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC0TBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIDhZ7Qmf2HYACAggA +MAwGCCqGSIb3DQIJBQAwEQYFKw4DAgcECHj4bQ/zjLVVBIICgOZGVB9PiB/MTUYA +HdiMnbJ3ackg1x5NBk4Jxlae/4WWBX9Cg6uGMA5CP6XlzhlFSDji+L7+OatW51/A +0nREuJWAoAAlayQujwuXN5YWOHzlf8007IHzKQqGtRTjhgGSa5kddXzfYvqLVsdV +MAb+8UZgc+6wO0Ag27rEWjvx4HKUzS03sqVqF/Rl22oK0VMbVWU12PqLMMBpL6BA +19MKsKDe6yO4fRbipT3aJ0fv6RW6RESWAXc/9dG/P/0kEZXvi4OwR0dkT0s9m2D3 +7r9Z+0AK5uSRU/ftcYIf5ARvIOLltfNN0TUo58I+f7CTKCDLUQbEfDLsHNuGaAfA +YRLyZukS1fppZiog/JtwGQsIWMChxE4SVThmYhqJ4mCUA3I2SXKSaS4TMAPrEJm4 +onOG2NSgHQWdf9cHNMHeGj4Ey+qgDHMYUC49ScsZQecdd395j5T0znIJk4ysawGr +34vt8HIn6iCxp2ZbHzqLm1qeV2Lgme+G9IxJi9+UR+eL0BZdaCt6tdyF9/4HXXTz +hrcHC7vFVVe1HnK4B2AzO2uitGE3aEodRertqJbafWyOfip6Agjbx/Eu5IDFFrCU +KxgZxV4agc3/zjwmwapVEZdTr9pyP/6HBxIhhd0KEX9cVMauCcOA83U+iezBaZHS +frP3GVqBs+CzCx4nIXiCRacc/pf6tec9nL7mbrUtT+lQoCOPcJKcUAZyW305+5Nq +mGho5y6i+AsF1M1l/Ar2gUGMN9//VscombNMRFXUE2Q8yL5//gJRS1rN7U3w5dRI +3Bk6pbMp+RlbtzeS2zA9cuLGWtxvdblYCo90p2iam8zqfDKEZ4dFfJlPZvRw2hot +7BkFp/Q= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..4445235c8391ac6a9b16a1999cc4b6e422272567 GIT binary patch literal 725 zcmV;`0xJD5f&$SnO9lxlhDe6@4FLrWFg`FT1_>&LNQU&90UlQX*^4p%k*Oc z0tf&w3A z>|>be$lU!@4zr56BT&_O-^jC)e6^{yur#KJ&I_H5kRCr&a0jeSF>*4*?9%XO;qvQj zF83p9d2>=jYjsau9FbBHM3OpqPZjdgl2nAz8 z+`|7UV2DW+ zRI|Vj-Ua)H?0Pfk$fML{OA1%z%Xg{5QlqqQD|!j-!*7odE`)@pAi^Hlnsh|13uX>I zfOg3Tcl(U&i7&(av-rA)98lFo+We*&beP2|!k@F!QQe2zQ)aqJ{ox?)4OVx<|Hlpq zEru22&;q|QeE6@RvzG{Jr6#jLSN+VV>Lj(HqD0jxyY7bGbB7>^`9$87k$%2Bg6Y;8 zl#kCzeI5+pmtT{xdDiq5F+>}6iJsMH*usFLsjlC)K#p=r$Bp-xMsbgWtP1#WeEcr+T zl!~w?eMG~3_;u(660^;g)^bv;YsszqWyo9lU(?2b)_57(O3_0Eg2AtDvMN6ix4M&w ze|5Pw)p{&LNQU&90UmPfR3^TK>=w3 z0tf&w3!B1cCy9k1yIyRo$2Rqx`}d z#_Fb}F-5QZq!`>&U_Kfekbb!hBNTTL>y;s?48oi~UEPWFNm-NsM z_6~C`#+MiP*gANV86KKnJeWA3FDxPgvgdrT(-@*(u796YfE9hdXQ0yuuG<@`tXrMJ znfGAUB*JG{d#dLIVy}e z%wBOXoivu(V9*PVUP`T~MzOu_&)QT_lvRMg+c~}{ zG%AL>5LS1VkVzNs6J*GEU%%k)Js=g5)OGJM0-~boX$j;QG4Mo*(8S05z*A-!zy4`L zjv;x|ZLQ0D_8fHXT7o}Gw=qg*(w9ghtwwpF<*a>C9%ykwt4^NLsHvG<{qoxR3(lNN ze_yVEJPB>NOIW_Va+9rV*;vs`M%n|bWL6vJ1M@Np8J{-xV~?$f1x{U|k0=*sp2uS% z5CV3V*X2R@m&{b(*2ngpXRQDjU7^WLhzA#y9UjWS0)z-@x7@=%hZ)&OL_O`fs3CP9 HX^QSdO(Io5 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem new file mode 100644 index 0000000000..12725abe25 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC0TBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIEfr61PLRSswCAggA +MAwGCCqGSIb3DQILBQAwEQYFKw4DAgcECIis3kdV3MqyBIICgN8cVWWhMwix1YF1 +5atoT1U1EWGOUokVtb+oTlqJfMvnZeCHc6kYMwbWvTqga88AUhSssFL9WaXPb67a +BlhYYkijNdOcu7m0V331RWdzxGAYHHv6Zb+43+/a3fx0hYwWsAKBLKnYXbxAckA1 +NSuItKnyrWCprvhelNLJRBY3aJG9EeqjIeh0MLFMbIhFJosnB7oMliYVu4DxnMNq +JzWoiBHllgidjZm/vTTmfH9gL0ya6TwBgmj4gOvRu30P9wdBPxS7IZi0xj618SMm +eOSVdRpuxvX4gzQ0TuWTzFIRdhCFx5fL366tVca/YZ+9qRO5oOqAucVKWZ5zcMVp +yD1SOjMDP7x+3LBzIYAYb74kHol8ejIQM3IrO0nzANer5M/KWIRbXoDuyLzeiqrG +FbzpL/kAQ37L7o+GS6gyYgN0lQoZxlgTt4t1+DCNAMWh4xmFTNJgXB6a846u6c41 +K4GQrwOXGAr0pYdNg44fB5fqw+594VKxHEa+7MpMvzos4wsISkrCjbFRVCuO78HY +rwsD6pWtac02fg+8+a8cTmUXGkzoEKE80hTC0r1SO2w0RabyjTHxRQyZtcCgavkr +E6Avbabq3GDdxT4IpTI6LiDKFaRUpxMnTyToTlGzsi7sjELHDqgOw4/PbTeNeyJH +PPqoB71p9Djitpw0plUoO9MWQQPWB7ro3W0g+2lS1782wTk+9jWBDVdgDV8+FYJG +cr4GxoADHFOt2viKf+7cq5ZP8HxvLfHF4kULslea2AM+3yTQ5TTAahCbGOPVJgaA +tcqOZIGpIxk+aRceZRrKPerXRmZvRItbgZ+QUCw3kRxgzanOHB671jp+VORMFzJR +jhpl0rs= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der new file mode 100644 index 0000000000000000000000000000000000000000..56e17ea30dde27fecc6a96a819772e07593e7d20 GIT binary patch literal 1312 zcmV+*1>gEGf(0BfP6i1ohDe6@4FLrWFhMXW1_>&LNQU&90UjmEypNdV`bk0 z0tf&w3|i(fyyQD+flhtUi@@ zOulBXzC0ixz1cpN5PXcXr4JLCKKm`G6|Thzl|Va32%EQ8TA9n5w2P!yQULQDYCJb0 zwTi}BXu)Tk7wb#p#CaO!T&>Xis5 z0kn&or^6du;RKZ)tBHB`6a(_(;%<^GFn1L+qI87x}h!JuyxM#e}wH zvmAQM?DesX72Z2Wjt6BAe-Hxyb-YYQ?gG{eQFB1e6p*`uoW&Cxt}4`ZY5vG)Y?_0T z>`8XXOyg3u?B8cXhTQoD*8=q%lFY8IJn5pQIT)!AoT`+u*+M`B&P8u{Bkg;ch`~?C z3{ri(mM@^@-`DREhrIhkIdeavzr7*@isY2vKu8H%;c@Y zC6~YF0^rvw*gada|2#hE4px#%O{v1j(xJRQeQBh>ziw|MorlWMdO*1ulArXcosc8XMA)+L-F15~W2c76Csr)w)GRdF!WY zv7=1ydC~x0UVHwEtzpL=iM=aPJ|28)G>?=$$kU}{cBJH~GL+@&`#6}jEVTKRX7I7~ zV@gTeEG@Td=p<>XB!=11azoTHgGP^~aMA;&*&+fSinf%esvWzZ~IwF>=9C`Y2o~`^Evsey;6u-ib`*mS#+!ogg zo{WW|8$Ga)FvM(Yp!MPu9t zHXE1CH8a>^?)1=v!Dg_pp&!?Ypgqh+@(?Vw$~?@72-ZcipeE8#+ojr*nMfB;_7h{F z9F(F5%Q1ugWN{54m`BaHiZ?28N|F7C!_t=7#f#cQD33;AyVfA_;(n+j9gwiltUr66 z&d2$hO8?ug7q_Ju&{E%qiJfjJltFR1eI_%*sE|j(a<4<<>VdI#TZ08oQ;%Ukk!MVr zs%VlTie^!h86pQJ5xhMh#|$#5oHP$D1c+~I?<7PDI^-!ljaZY#7KqfI^-hX>pw*KP zN6pGAEt8=rEH4>kYmtEr%|eFU-lR`x52v)qFr^s0t{OgL_XD%8sBZ|NK4FFR^?sN< z{%1FU*v82^c4S!M9yXX8{wvGpVxGyv7Uho7?;Pz4V{b92LHg*LW}qvvH&4B|)wIXp WhoI(N_@%t?rO{Ptb=-5^4%Ic2`EcO? literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem new file mode 100644 index 0000000000..8ed64603f0 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIur3B1wRZWJ0CAggA +MAwGCCqGSIb3DQIIBQAwFAYIKoZIhvcNAwcECEnKPmr6wiNuBIIEyKNZuEXIk0Eo +AC7KnJWaEhSDsr4zte/uGDTeOGRVT6MreaWUH3i/zwHXsavEBsw9ksLYqxXsIeJ9 +jfbn24gxlnKC4NR/GyDaIUBnwGlCZKGxoteoXBDXbQTFGLeHKs0ABUqjLZaPKvNB +qt9wQS+zQ8I6zSQyslUfcDr3CZNgHADdmDFiKisAmT1pbtBgPgzmxLNSmx9C1qwG +ejuZ/SJ0YYAdRPkDh1p2yEiAIfRVFTgWcjltcd69yDk7huA/2VCxWJyVDCGrEnlm +UJyybUcXXofneBp/g0J3njaIbIftmYIC+763EKD/dqVIRXVxrkHyYcvZ2nVNUT73 +Uflk+JuHIjTO4jHXiPcaPdAEPLeB2D3Geq5ISYOvTzOeurfD16Y9hrN3IHi9gedm +JTcEPkAx2hcb19h74XlV5tcQ5ImsPgLRl0euODN07+nj14AFxCQhuoGx+Yj04NkK +dV/l1rLsbmLiqr4n+y5ezGr0GJARVinLCBehptzxaipXPzRW71IQSddbtlSl1rz5 +Npv0HlwGgwTacv7T0ZdWncaw0VjxjXAwHBD82fCiuH3qZAXEa0M4drxROeIncart +MIky9qIRjfImr3oh6GLxNBB3FEFFf+23CO+Qt3vrh0j8sVYn3cpbgHcqv0q4fca7 +Sq2okw4RjxcDHyLgWiR20tUkqJT8FYQr0u0Ay+LT2YVVO7+EQVqvlraQcOS4Fkfa +Vnggn6sdyhWWCV1rab0v81qZYBvRoUK/ynICKCbXaJ8d1mirdNGgs3FxpVAiUPZ6 +LYZ21Uwtj9OoeEQ06GPKq60xHjUmTsNiEkh31AIlSAgdsN/0+pUiD6f1lCWfiLUi +8MuFUDXqkqXAvnJW2/mKrLvcx7Ebm02rkNw7AdAnUnEx9BGxD1B0TVZtRid6mPSO +kXv7adNyBH7qoI9vGGQ1ptNRcNxhxqgGgtfwI+0mV6P6G8BJMl8urZYN8aAC7dJX +/k9EICTUcOU6nIyFFe8tk4kkcjdo9BNkgB4JjANT4ptR2w950tYVqDMHBm1eKPBC +bL3SnDDm4Cplsy7zAdUPsCe7/Zk3K2SJwUj/lDUTDGCTtq4RplfDEBWb218XWgA6 +rHgi9/EFH3YCZM8EiE9Mnx9UafdnfKhk3tm3I5nKo56C54os/EKL8W+lhXYdK9dz +peehTsjEQjF0/1OE0097XlCShP8E0bdluoFkD8mKYC7mGv0muJLuHdGMEaCKzKoS +LBKpZNYdOu2wlFfCkf8zSWO4eZYKbSUL88AoEM7A/kquQsQnb80FkciPFazlF9lb +ihxh3YD+TNH58zpYvqgOZkBflW4kKIYbyWOm+ARMq+eVph1aNKMdzeW7Gmf1Fab3 +SQmfuEBAfS8u5ghW3J57q8gSJSGB8bpYWAmNGGeQE2g8C6HTxJ34kU2HoFLo8a1/ +cqrExWl0/lkhwqc7PpvJbKIMxVOOXtVMrzG2XBCkfQSmtwwOqH1g6AZv+6sXyLZJ +PmvQ+R/23+eDqp/lymz0G6F6B10pldgqt5FHYxGaVEp7GIx6L+GtI6G2qGxpHJA9 +x//r3gdd21Fd6y7qHYOLO4fEYAe2sN0mJVjxFLsg9AhCzfxKEHsit5LMdTkGFRG0 +XGP/QsVNcWJaYyaKTXaTCQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der new file mode 100644 index 0000000000000000000000000000000000000000..847de7a637e15dbd40950541ff5fbfb251255f45 GIT binary patch literal 1312 zcmV+*1>gEGf(0BfP6i1ohDe6@4FLrWFhMXW1_>&LNQU&90Uj-fseZxA@*@Yn9f&|FNIhn)_E9dY` zp5IA#Zal1)@vtOnxxy;BbmTxQ01}Ya5+>nzV>(Y?(m7^?C(PU*LVhthb!rd)diuXobR$#L;YuS^BoIghj{H zEn9YWg1Wa+E_v&UR#FcbBMAnukZ4Vl9^*QH909)9s?-qcj+l^UdagC~OaLyC)A@md zG&J2;LsE11UN;oDeBuO8kUq&hLKP+(DgB0^y_Ey^ONH*xmNCx}Ysf!G?hMBJ7yqcAWCizgJWoN-W{(= zk(lvMO)sivA_$bAe}|ZVeFY+`uA(L=(_t5}AP^Bh(EsZ8Wc5cgBxb0($N7cz&EYt4 z9Kc}cAzv7@qm@QI*R4qMZS=XueMG_zJzEis5}~vhU6WJ(jYUmS+2crQL7YKPNSD<; zD0$b8=E9Qs^lx~Cc?&S~)GfdctPZ)cSw+!V$_?kKcl^#>Ibp%SDja~FOx3+pLF}Lj zN86_Ina&4$Gi#09V!d5CVbmJzg$lY1D22d>D*mU1N$b8>$fsuYO<_cMn1G++7_5Lr zxLf1hJp*TCQTL^)JA;7v!vlfyPZi7BS(%&}c!s!_D+LmR_aM(jK{pLCLIZ_{3MLIr z>)2?d7*)6Wh&tIXYzA0)6!*XAhHS{=W((4cvEbbYQWtQ>A!=pTkmUJ0(~U*5n=<){RKnXKo#T76sl9%Hq+Fxf#1W*x z!u3#41Xjq|RjA&9Djr_lG&1l2>Zsn(A-PaUYi6C@1I8%Be4S|>Twt^pV|_0k46~9w zAt}OlURULK9CoOGLrO?uHaI~YUKvgrj`arT;;S3Qg}dc0(_bwm!EbC%_ePy}RV~v8 zteUnd>et&;k#LV+oImtGO4|CAwSKp%ijHjH%W1D|;)oq~UD;^pbGkBe#}BKUZ-XBw z-iGPhfNjVuo|tnyQ&ZNfMX_yh#DZK6J^PCfq3!tE%&d6;^wR~GD04(0!s<&FnJ`p> z(;C%gz_UydfW0{phP-8F+D8eCkw(jJ14KTvYR`<~!NFsPFI|vr6#@X$GPw9O$V5p} zsM#|HO85Q|5_zwJ0hKVeCZ@8DS&j)Bwn=6EzzB1q_)mPVyMQvznrjxVb$1Da#N~L| zqz-x(5fA~guC~*oL3vH(klZA3%Jo>-LLv8^IfLN&2GiBX$D`*AX+byg01=u*lxU)% z;!V%n|Hicy17L=|*ipFp&dN6&#bKy&7*pVCaA#O#x*glfaI;w1V#Wg@H5HeLR>!kk W;TSo@PCc5A#R2q^wKv(pKESQ$cy#6f literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem new file mode 100644 index 0000000000..33a770e2fb --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIv/X98EPvjcYCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECO5EBOummZrzBIIEyG+qrKhGE4TX +ch9QUfLBhcklrpcd4xOF0FfwVfaO17gWAOp2Ukdm1MBof1fF2wU0hNG+dX+wIMhM +/MFZWx5J0PLULmAe+m5rEVqRVY13Kxa5UJ8W4oglXVfeRkTvyuWr0Ov8E4wrh193 +jmGXA+jAjMZaAgHWZzmHDX0NwEeoitkFEXJc3tt7WAaq93/QmtTYKH5eoae17M1o +yiSAxI1uNzHryPRt+6hp1z+sCAcniIe0fF6GrmkS9KcFzO99yehhrxyojiFPLSDr +Cfv8mWY7nUSFAW5UBR6KA6Ggp27FyKXKc/k9fvZzASJzyjxG90FHyIEdxw5KsWU5 +NAAO+P2Da8aX2xctAnKxY78cFB9Iu5RSCGc92pp+G7OcdFUjXsYXr9KEX9s5bObh +TuYGtepHEKLajFZ9JvhjQm/t2lYa0GGBNH5j1wwmfdIqZZR82mYgsgVVhyp8NC+Y +Yw7K/rjZDgpQYSrUHGxlPYoxZwAHvbTHuTuGI3N3mS6kK4Y2NY0OLQOrVnFGNT57 +ER2LK2PDUrk3tqTwpIcRKIqeMRayqNQ9MUsjjQ+v+yPcbwbZ78Ci2niq4vclq+84 +tReLs/JBo4WHfdtFdzCnIqLVx2K6mjkaGL5q7tKYQoDjHxaU7Rp8cqy4d3EFovZr +W15EZaFo70vsxN6Dkr7lkJdBbDbeQCdkTyL4sLimYKselKZZLUl/gKw2hCC8vfoU +Jjs7td4IQ0vhBtVT46PUdLnvxcqpGoYBMiVNlGYowP0ugd2MHISFeMYytSSq4Kqn +0OnbqG262WnuxXIufm86KTs9c/x1+ZTrAKrk6XarmbF8I7pB0jBjObZntGmZ05bF +vJgRUDAx9sheNwPPiIM/7ttCDoxU1escT+u4l675FkHMhZDUSLSRqVNvGmt/ES2F +c/dIq4iDGgG+MZP85S09ah5KKruDE7wvZdpA7NTWzSN/FL6JokU+GsaWGt32Hmia +OK8F/CRtUfHFUjLIk/+v5wzqYWqI3LjorXQSV9pWmtahp1cLQ5Wba9vsPP/Wvi+2 +m7FyBEJtgKP813YOND5ZG+NndlkUahwditGJ2XtpS4sDhFyQ50oQm6vVY3nxlkyi +7gcCE8xOI8ufFS7CBl12pFys5XS6htkmBbMSncOoNo7P1kuu/n+CcjCnWAY1iFsN +OkYOKDZlRdkbish4JqTe0LdRV2CcpGmDoZkMqAo/gacweT1OswgxPZqRAlaakDsk +0z+wy1wNgJlLF6Mhub1zT15e1Q+/wHUNsAcIRbEsq4vfSVn562/umqqVZleHUfoB +tAKAAIwee5aNB8fBcUFCqiNPFGnyuJdEy2QCu/xiFQ4M5EGGApPOoQpSCu40X8kx +tIsIihquALlL2nx7jPvBIpasKq9SRRg54VYp+5WQBVxUSAY9EsaRSuNrkTJTG88q +4WO5rHW3WFZOwfU2LGvjhz7SY+9H7B/A5aRuTuU9BkVnm5w9WtkS5pHU24WJ34MY +LESH1yE99OtvHuz5PwX1kcoYKdGnd6OeNkRLWl72GeTiU8bTJkB8SHx9Ol4kVTuH +fPsY/ekPh0rSuhj7L0kCTPJqU0+Xfl3rqWAKlpXLFzMKyIEhu9kGgGRAr7kB9ACL +ocX/IfJDcGRqP9cpBI04aA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..5a7c60fe590ee880278ade7eccfce546bcc15bd9 GIT binary patch literal 1312 zcmV+*1>gEGf(0BfP6i1ohDe6@4FLrWFhMXW1_>&LNQU&90UlC%Q{Y!e{4MB0{=p!!Yqp`4SQ-}}lNLuPKwhOY?4 zNglW(sA9M}h~_=5oZF#93sRm#*2yPC9uDw|YcQpYFOoKC&p$q=R#a)Yn*Y~BDjQ;i ztl!Rj%;X%O70|{{Jy3BrEE!5Phk^=SK$^5m1`c^)$7P!&w8b}nZ5vE}qvL1lZmvwv`y8B;S=UL> zp#b-&VoDtl$bAfs-#ugfavEEt`uf+&--8a*%{Tw7^MtF&DE&hv1Y zB#SWy(Y@HkuiN|T(JUSf7~a@&+}s8~Y*4^iw7kViBMZ*NE7zjTxNI|#@Tgh2x!TX! zxDy&XuvlX)NDh41tBC$?l!+{n(;v7;(fyuAN&kFctVSD)Y#L|jCe>XqK=yresc~Sg zry9JhHx94dW<|r{ZXwLA{lW|)+_h1LeARhVn0)scTU~2*7rm0M zCXn;#+nfmh+IQ0tkpFHsnMSWeSWPD3i0N0D%%AHXOAxVPR>H0(fNz(#{W$ew8oc7> z88W=rtj;XXJ+8+w(mo`E3h$=~`!Ap@eO*4m2I96#<75Wk9Cf{|e6dqGK1BwkT;mi@ zN=ba26A}HyQKuyDToTp#_rz3I&u{mxiw}FL!P_zzF){!BET`DK2lkze?DQAOI{nHG zo1M({SIN-61dN6!l)4f){?e$Ar?xi0(8>rsabWh1X{rsq z5BedQsX>-By{%>bzozQrMv)QJujxLL7WXy0Y+2F1LV^LrSGH3Lmf$ExGf)rjT7eTw zat0>n0yReol9_lmL)%T>?G6*UhJ;BNc~RHJHzKe2vw^upIpG zggLQu7)hglR)w`^@6^q4w-5;0X0K=&^^3fz%2_<0-4_cRedkp|TDC7kT<^YGDX3mx z+32gEGf(0BfP6i1ohDe6@4FLrWFhMXW1_>&LNQU&90UlZEa)UBEJ>CE z0tf&w3?Q7#nW7FGvSTouMJ{j%o&M$T>MSs zcZ!}KIi?eAOU>j>jhQ-B z)5|mQ!lazCs=^k+D3vqvP+~eqLD>usN8+AtsRx1Eh9-b1;;LaMF@J!1`SKwjwD$}k zBavcAJo>=Gob)=s8a}gVLt2g+Gb$FtL#Xv$(4=EI>)I&CJ`9zE-LV-ESyN8*8OaIo zwqqAwd9HyRy(t>uVE!)ICFeuGuv85pAxbmwj0dVWIH9XVPkL9%AJY|Q5LBDG6D3xj zhEkl#Mx>gT{p|@#kk*ON$;RyJv zbv{ZNi>zQ5{fEI^_DL(5$EF0@Of7O}pckuaes>^)4hfqJ$uYdE%>me4t12uq6pucY zc}M|SAh=>oq$r@f1Ktn-3my0Mzs2H%^=XR@mblzl0;vs%K*woV2e^T^br#G3sO~A# z^xP8P)2%*-WmlhU18jmM4-; zwCnS}(s5Ar0otJi9kYaA^3nA}-IIO_O|Fj#o}P1R4RTNdaPEpW4D1E(jqx_S=_^Z~ z1xRRQ;C^dJyBe2ez8)o3Ww6r;<;>0AUsZ-3{Z~jNQY16v8o;bQsll|LI9!L8jnQ1K zD{4UTV>%|krENZ8FAl|)r{`%v>uJU%y+waN<75Q>-W&LpI{rbfs@Uli^TvJj6Iv+T%4ulpF)iwC24CHc7wvNa@lTBXjZ zZm!=29rkWP5hvaLYVz-8)w;A3X2ehykybmqcbAQus+S7xCI)_2h=oc~P_%EJ1Kjgw6&fFs?n^yoI5O{t=X221qT(*^eRevWi4dbG%Ai@) zpg*UP;FRi~PX~}gv`HpYj~zPxMYG($FKO|1*I$}&I^ikkkz(#qNwEfJ3;_J z;j>9IS1%OL%GPwCha`M}Fb-FzzjNxu5#gjhBFMgj%{wc4NV1l)cFR*0@pvu_;6Z1T Wb#3`U=?D9U1ao!fEa9LXbvP}kJ8Uxm literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem new file mode 100644 index 0000000000..dd9897b3ad --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI9z8gVJbtqxwCAggA +MAwGCCqGSIb3DQILBQAwFAYIKoZIhvcNAwcECCQqQHRFeFdeBIIEyMJpY0A21GrC +pKBL07F7zOyuFIdwQT2f0wnL6lPWvUg02M2jlHCLDYlciCeUhE9fHUDA67814lvM +dlZ8KgCsp+2mqkoZB/hRvvS+ZdUqkwSI1J3Wt5hz4dKq0cebJWpDAcY/+031+zTU +9iCshfsWAGdlcAIBZOEXDwejNfIayp5cFKvQqg7kmED+KN71QmSVmVyKafh5m0SC +2Y3CoZTQ1982VImx4ZOfh+r86XNkrKLj3KYC1K6DR64Uwq2yLNoypTjdUig81ste +Dhqm+0YXVN4dxXCLF4desKWxN9v78VmCuHvYkRyunj9Q43GVp51cMQfFRBLWIqnB +OrT8k020lne0MxO1xju2sr3GWA4Wn6MLqrxSdfTq+P7ZYcSh2BchkDPslxi5gNPS +Hv5o28rkVW/K34UQw72Kur5JGMRNwJpye2rSPUbtLKb0z81nPzJMP+BCl9DttTr2 +zDkkn/AFBRuKH0uWrKv+9f7FDu4hxsdFFnLcD6kWlX/V37b5tYAcy9Atd7lykw8F +K8wAoYZHyzYaIR5otYV5XgjMcw+z9U+5t4ouXSYght88Y10Tq1IYnIx0I55KaV44 +uCdrptsKnXXWvIux8h8p/SUwvJOrECc/nYxyfS42diH3V3VGV78fw6n74nDOYnLK +ruIASg92TXUp3Qd8xdoiqdTfx8ZCgNy0mmrYycrP3cUciAYURuKWjjdTN++fk2Vx +Rw1KTFgTf0Z3dxEMIKDHHDiGUbO9cE8oEMWCv0YJ9n97suoIN3vOcifxG/93RE5M +1xe91IEY494/DdgsMqb0D4T0G5rbFHnNY8bTDKIDpvZKzcbnm9vnxPi7Q1S1kkJG +230apDz1Rln0AFO51SAVS8QoF5wP69cL9vrC5miVh3mwqkDVoHnLNpJrT1o/XcVR +Jl1j1t9lgFNJhVTltTPza4FydXRe2ZBCNKpDci1jFtD8KYZGOCc+PQtJ0Wtcx4qJ +KVGO52gUT+DSxmaKd+3RyG7MsDw1CPT8inHkACa2G+GGQvqukbjLppQDkvmUPkTa +fEotMYqnlvqznwiWURl962lyRJJsxClC6Q9R7Pe7pxohsthIHgZFMMuECenUdhYj +3TdqtKKdbShoF2SBnwYUVScH2VR2ZE8ZLlldNIA+WswG4x242NoemE76JC6DyUQN +WaxFLL813TmiLYtRq1QZsiqCqr2jRBMJA4cdCt4jMZXpLd8heviNtcPmf6uEpHV6 +VBQmun8dCQAUeCHKsrkOLnAcnrIl9gPlyR6qVAI8tnfs4IezjnvAh7+cN8cQ1AZw +xRvoAHJfR7GMT7Rp/GTLrSYU+swlnjrDLQ7DwZ6seOVyzmKo1zRjysQ7qF5m6ELp +hlu6ED1/VZZw2kSbv6BVzYmWHCGnuyl/n9zXImMR9vcM/uTogjc/38F4zBlSyz78 +wHy4EWMn2jWyRYYFfwwLvrxmU1IHkNUKYfaM6qeq7F8R7cqbZhZ1cCrAGcIhPrPy +ig7iEmTblRw+ARmY+cjUuJtbU/a38kEfCMIbKKnUg4vUnO6s2XCGG9TpmcLR1Ti/ +80tOsEuvg5ZJB3FFGHhSH1gDMAKQwCkcP4wbP/YhzBhq9WU24AA82RtOsFV4xjFV +ptyV+PmEpJl0DpDeIv0I+w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der new file mode 100644 index 0000000000000000000000000000000000000000..40026f98b436bb2da5a04dd12d8b9ca3ab7818cb GIT binary patch literal 1309 zcmV+&1>*WJf(02cO9lxlhDe6@4FLrWFg`FT1_>&LNQU&90Ukd<|>*gFq+f? z0tf&w3aL~@X%DZ6N zP*KA2!@$u20EKj011qhd)gn9IKhN+?3c~_}jfE=7_7<_ygXt~RWA{y^XHmauOn3K0 zrXj}9@bg6Ggpg~dN8H#_rJ7G3VO`yM7bZ~n7K5MB2Sln7Q8~ZsJBxZVBLC)3XJL}L zpTDE=34pJ&P!-2W9lEUPaDKKD7#tD1ANC@J(ZV@b2=PC9Z>Wpzii=S5f zO98X3IPwx%ms0<%o%Y^v_zQA3)6ugpv&rXno3g8-9-ma^Yr1?}1{j~Wk5;~#-F467 zr5^`U7J0C7gDPNy93E_pYx9T+aN8Q;h(&fX>IZoL@m`4QEgC*@_zaiE-D1>BvX=^F z8SgsOoFE$xU%=oU|MQ+_Ljd%3FmHIKS!Tb%Jt@yD@Fp0reIXp@M4m`G7pm zzPwq=YhEGOldcHx-pq<;n8-YvB*2ub^|BnE+K)m1pqTv&7&>**LC85)5poj=x(a~n zJ<0|2V73CIBhK1X2d0>Xkff2>Gordd=8C}=+GC+NX0Jkq-hTv~hvH9pQ-yCSE7lww z1DU10CT2b+TxBr&|4uThr4G5sGy9hnaEP#J+Mne9AWk`$2@d0c za?1g2PCB*VM4yhY(O7mjYkgBa#B{19y?iUFVa?|!xv!A^AzxViOu)&G)z_bhLFxVH zK`qR6c0|;GULiWjvq(q1^?n3ppX#Tw(@|$w_Dlpf;`7h3*kLb)7e3{wJFl<+p?R#n zrToXD!y*iuYZ7-bQ literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem new file mode 100644 index 0000000000..af4c4132ca --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFGTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQI/++dnhs4VZYCAggA +MAwGCCqGSIb3DQIIBQAwEQYFKw4DAgcECI5DLMkayM1pBIIEyEJHtZlUPIPn6DB6 +Z017kFJdaF29AqSatT5tukN862+b+0bGwoda5aR5lr4edgmmwMhR+1pTewsWyZK1 +xCYHwn0Jna1HXKRLfsoNdKCFPyvJkx9OdbNfop2uqbS/vrsriMKMloKV1KXUGqCI +zZ7BVEgfgH4hZu7cX5HH0tMw2/CzrC5OjMhFq/OyRe4retfACxN34WVAqMM4/N0S +S0ciNYR4C3vKu5+Nfk4R3GGMmmz1WejkYH0QMXFtq9IU8vbMUhAaBXIo7xwkAbQA +UJF5lurXLJELCIR1KQVEjfYCXViH2ZbhAZuk2BV0B8qIKhh9GhvL+y2nporiEhN4 +ddE7PdAmZPgi9vJ34+jY8E2UiXpXDkSr/8LpLRVQ/UISttARVkW49cOQ7oOV9hOB +R+0K9fyZWAJI7cZQSsuIPSO5DwDkXclWUFYaa9C0BcHRaz8ACkHu2vSF94LwG1th +WBvVvm9kTqznq2tNoAk18b4RKN2nVUkfhBJeR2GaJhzsshnpTo356kYNKpSUIm+S +4bg087Zovrsf0C+49mr+9uGNbDQ2EfG2BJ31faBJ4bwRNata7l3FvqlMLBFJEpUf +l2EIlr4qX9wfF9OnkmT0gGuuxwB9njCpe7XHbvjmvKalo9s9iP1z5rd9f6UPzDQh +XdV9pooBusM2Z/VjkrUxRdyurlewD+UQn2MLiRF7t4Rgx5+4g6nooIQlcV49JhEP +4Of5uDkWzHQ4G6TbffU/sd7THcwTp5wTot0BT2IPuP6qgLFRSQYwx5zplraVfTOm +GmXD8Y0I8DP3bymMVSuJWFQrSL/8X5b3snOhzF1J9o21NqetXY+YkGIZPfL80jUm +7ZRSsjz7A4M3MGhsD2i/gwGAUdkJ0kacdnBYCZjfvhEiMtyJhrtpRDT7pSFHCN4z +jCok/m94d+mPXcI7dSCfQ+4FUSMXDX6IKv7ivsoJ8wqI3YiR9cHdK+EZLWPKb0xE +I9Y1H93K9pQFlew3U7TzoFEJcee0JHlyM7JGShPQP/mPEoPsHTRoGjYwYp8OHEol +GAjRutyMS5/pEL3zqT0nWsr8rEEwtm8tpPKuMclPt/p2LCpVBVgTpuVF/Hfnr8Ab +teL2bpC/D0W0OOOMU3MlfU822vlm1gC5Yh+I/+b3jsgd4xH84PZUBGDLO5+Wrslw +f5BPuO/DHADonB+DeGqwSFol7zxqYWufdI1jb1YE5pWV7dO2e0vTD7463o6V907+ +Zfc4k7h5ohS/W+RGQDBM5lplssWcOPK5Rx8LpP/vXHFp6+EPnGJTFBg6I4fUYAZK +HbJAnLkjWjfy7F4AEBkx8jBjYyDqNx3r4WLMU5ds06C5nzG0usTpAtoJk6k3G/Hr +l/jMr/za+6TrtXyNBDGpZohgxP0wT4+hAMyLGymYnSWFlRVkkf0BANbtcJBszbAZ +EvNvJaCecjVw2ZsnLo+rapA5V87wR6Rzpc5Yh6IxLQs/pNOcl8S9HhC+EzwcErLk +J1LB5piJy64kLmzxC/wmJYvR5hY8GjMU8Q8cHOD5SVk0B87SOCt9LHuskl8j5/3/ +tLEjJ4T6nHSf8swXl4B2e0td8/5Cf6mnyqiuOyQK1yGhMjXbi6taYaxb2fNHBV68 +d6QDbGs8iCwGsp6ssw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der new file mode 100644 index 0000000000000000000000000000000000000000..e25b4fb9c308623d9c7bdb0b8bebb48501c6be46 GIT binary patch literal 1309 zcmV+&1>*WJf(02cO9lxlhDe6@4FLrWFg`FT1_>&LNQU&90Ulvi-eaBbXR%; z0tf&w3$K-B+F7cPWJD#?kWM*0`QxfEuJ=Z*u zC|lSMhVlY3Hn5v4*j}cM!PAx_5X3+D^h~1I0wJ##K?D}rnyNX*;Woy zm{sf;2>xr&cKE*%SzL~p`^1&0QVy1gzGJaJu$kM~j5xYDmOy07RHcHY=DlgENR?JS zn*N2@ks4L+r-%qLXI6|v^-_8DU-Wi1zO~P+*>vxFPq+sLr^M|utY-U(oh_Q$&QUd(h?*Tsu?7?y1C?DVtE(j85j@SzBbl*`Q6)zw5RoZD-M z!=PWIP~acCJU?y(9Fq!{AKtqi>U~m94P~v%u6QCdMtr#JU>x1O8KOn$-TKYl)>&3NG@$p=5-@&=JWhYCQ`kIQz z*EE{X^ug#30AM%0(ARhq(sv1pVsXEhU zT$306K}H$MTB*+QKBoEiG3yPFvCoh+hXs*}ZD6W!<-dia6~q;f>LoZ9*h1znHYd== z>fNa&m-*^rh&A4V_$8`!!6UdWa^MmxM%q*X=TL^mY{Z_^ T$p#g`9VgTVL$n0dF>&=Da_4?b literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem new file mode 100644 index 0000000000..717d3ffb64 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFGTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIkkRHl74lgxACAggA +MAwGCCqGSIb3DQIJBQAwEQYFKw4DAgcECAGUDJYAr+n6BIIEyOthlgMNgyfjvQd8 +ZqQYF52juYrlvEdk/NY2xlEfa7NKUdEBS6jvL0lHOaCcn0dRbykqs+Do9yiWsW2A +cQ5BLrie7C/IeZSaF90Dh90QUe/aFvE/1fBjwuSdLj6Rf12MRXxtyCJb0WkStrUB +Rgb6ReGUiUVz7fJu0ePZeNKqVtCa+LDenaUaqo82L7y05KLoQP+qrQb94UK2B6IS +xUSORehQZnf6dpoXHMS5CFCv4Lw/C2VusBIZnAhEVWm3MljxMycOJz27YMLXiczj +H//rm8BhZQ5X2jYTvo8S0BPgRXPnxasvIAYLbAFvK3KP0umX7THVoYsXpwBgphS3 +penm9HExXsyYLNbefq9jPL4LlatNDi2LAg1QOr30jxGC73xESbYsM1WYIB24RSNL +ZKyhINxxsqcSkvuce5dtShWXkqD7P0nUNzygT1uSD4AJEKOaDL/YtA4dsTt/LCT7 +Ct8w9TR2+QkQdxgZri1S9+jSmPQgcg0BobPMncysTjTyC59Oh9KPcJCThR4BXitz +cvocqt1CsiKiMGR51xHfMs+p06DwTTz2LRYiLdXco72D57O4lixOk5LqXF0qiBfV +mN7LTqBIvuYiK9aEBZ53HRRurAhrOWBJ/UxM/VYi+lyCAUBhRu9XI02g0HA2UrlX +9RnuB/a44Ce5mgQWdEYdQIkI7JB0Kj05ktWdiXeLCPtTG0ytfQ0Cv/EwbWCG2tu6 +PEEmayz3KqMR/Av9jqsnk2qU7kKqR7hySMfoTuaMGpjcxCpj3Lg6Tmo0Nrvn5svc +NNChDlrgwyp4dX5ub1bwYYzibG8x23+fKKkil7NqZ3gqZ5ecmgX5XiU6VdBCz2kJ +k1xGGiyt89+gDdmoc+HyjRTJgfChZWiI6EhV3LZOnMa0ZUpQiM4lmq0SlQ78zSmY +ZyqG9dSEFWg6BMrOUpZbuY63wjvrxSHrHLAbCTlI9BRkFhmfwiyJ90FfMBUjBt6w +yCPW2r5aFPIhngNS3EayJKhAwchGHN2XdfeDj9GFhWZAIQsXS8R7JuGDIug7+QMj +WL77m1jy0K4PiGf3lt7PVy8KOqbiOHyzYQsuAuuMD7NZdV4+dVzznTe3HbXLWtxj +itPFNuSudfFBotAWDV2yOF4B7XbcTw4CEGv9bVJoGatJdaubzidUHPJUozWYQX8K +cw0LqdR8yxMtHOc9FYyawLbQMzcMzt/lijS75iO+vspT9TYXxf9rC5yX8xlSHHa0 +jlgvjnTDyEsrUnGHk9kNe906GV42YDO9MUJPvUmlv6/bAKA5iWX2+Jo5rwIWk6sg +vW33g7NPMn0I0pwzaWDaLd1XNP3JpjODwkL/5n9F2x1+LsbPpuk48DOnXQi7MV0J +2ZWSSxZltTLpObG8mI4dWrh5DXeswJIIta4ki1lSyFLu+hMY+PUVozyd6GVd4T0o +cVepNU1rHqxvsLHVkMsixypHpZwnkQigrE8EYeuMZQKPq7luHwh1AkTASr3SJF0/ +uztq0vmtn/0+lg7rI0pW+oFAlscmcRMrcOCLaX/TkvgX1JvO5lspIjP6IdaXsYNJ +14GImtXxQaPgAtWJ48o/AzF8KPez98DfnmpXKBM0K/kK5OGuxHvNCJ3eTDYS6X8I +Sj6Qf6Z9cjwB2xRFkw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..6674c48a7ccdf918b248467c985a132cc019cc43 GIT binary patch literal 1309 zcmV+&1>*WJf(02cO9lxlhDe6@4FLrWFg`FT1_>&LNQU&90Ul&C~s*CLpu5b z0tf&w3`RdZJiQq1TSxeJ`1`tPC44q1#n zB4Ikf2R#QptSWJb{k~?9`?v9r=A6Y@SGm6wUAVI`=w)GOvpv5zzDqXi7r*5`j2mCI z2W{&nMa!N?dv0=htZ&CVoB_mTIW9?Z^W&hlq1WC1qJ<1$Dox$Th<}9#=TwZFDSVxfFqAkNy4$=0> zUA>azHFB{G{%zP~lZ*x5d-WCF(pXMp)|{m#U&=h(dAH z6ap!#3j#&@Rk!R2LNq+b!Dq1y3p@o$^Gw%`!Ou8vCSLa{zA93cix>}bdx-Znna zcBbSb!7XJLV(S{B+OR*ST2`copwC=$K_Mwy^h7%=sTr?sv6`Rwb2*^M+W=L~7?xC( zdYKroHA?SZ4E(4f?PrhwH^~d%8QAV(mU~;oD`6Ac>Iu-LREEUB}=6gXb;s>kZHsVWbHH?1J~r_?R1D>!h;4;Be@#2c2_<95#Kc@V#}x)iz?jEv|W> z`PT7i3zNSk+=i}kA$dRo5bn5cu|nHrttz`BN#ex@!xsJ3oslZ>@}Q}|M^37`wO=+K zJW^2-hsj=n3K>D@`ETj22xlmI`ksht4+YF?s#rV5z?&v(!Q1A`w@IlN5>7JzJ7*O8 z=&|77E`;(a=iShPpcRXJro1qdk+v$`>_O}B%Jta#h<@$-1ZZ`&)YHHxa(etD8!wRr z42#&%_`$iuJO7oJTOQzKbiB+xPe%fF)!6fIZLj^up4+}JIOlU-TK@Z|9(h{ZX1jWt zt7i{?Bm5=g?)ldWBg$jPug{-ngz%6Id6X0ScAQvH{69+w|I|aB%hvGb!dP*^dxktQ zSbB!qARZp;Ygqp1CNSA{(|+f4{{%z?0Xr)6ik>uT@NS_|;Dd)NE2nS4a7dl8bim!*WJf(02cO9lxlhDe6@4FLrWFg`FT1_>&LNQU&90Ul=q}f&OAA`jL z0tf&w39@EMx|aB7s_f z^JOy=u`ZcrMG9{?H&S)V<3~%sIblXjGf*k_RzbvNiUDYMFEcg{JI9A|tHT1v;vTxB^ z?+56}D_*G>dbXDTn2Ae$hg2R?36*cDQ!*iI&!Nwdh%s8l6v374{7i7EW0{3tQKlR; zJPM&dF7p)UH7w>GT&pai!4;7N+7(z;Lb#~oVCZsM=hotiA%;EFxmx4hYyNP9V9V20 zZ2IZ&ypmP)vmc%yv@1ka$8%axQ=qLgYZAUM#AVh)*vc;U%$g8>L=lFPQa0q(-EY6J^Cfg8A9Umyz>Xay%$_6w|$%5Bj>?h;c4bX<^P^}S-bakIzSn% zw=xp8#RT&N`7+-q|5QI3Cx=)1uIb%QA;Y*Chj}Y4oEr~@g-3APvtzSYp9=(<>hg(_A{Tp*{Cc-x~di~+6 zzXe2OeJA`^WUVS=yy1Y04F{e-6I_PJpfsiq9nX!2o<)P6uNGfL*ekEaEg`>P!HPUi z7gcY$F<%CmWgyznwjob-zzC`;+kqrn@satUiRF)Y2`D+QNFS4L2;j*Syi0ay7o_-P z8Ja#No+#IU?(g{hn$)4GhBKv;%hI_gL#g(N zFP}SDckbc}jmx#=4eUtDP%r+n>T&)=2V%=^*j34Ofv@e14-*V^5xh+Q$|q@uC_O^& zcLmB;t|S53wbcWqrQx(c+y8H@5&TmU_gMR02xz{R5Ozg11PA#cO0J00V?Pf8V&n;J z-HfOjv>ZYe@=h)))li=vDGdHwN+h?K7MUZ3CV(tq;$!oSvrKYQNMA{blk=X|HU%W! z8UCiX4@L8jsdhL3rYjN;(UItQi*(0_^>;?w5Oaq#Z3=KwN8llY=sW1u-4~7po;a^o z=s%BOtLLc9@%{$00&3+FE5$_k@=nzuDt!cCm_|u{DWYBGj7H-{D(> TNEhrykb)NZ27EFE-xwT~zU6qK literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem new file mode 100644 index 0000000000..15521d435d --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFGTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIzK6kx/qbJD8CAggA +MAwGCCqGSIb3DQILBQAwEQYFKw4DAgcECD74OAvJ1+LsBIIEyOekZ0qcxeX6hEYZ +4ONCHu41tmOKSvByGeUBZvenjJQ48AgTGYUXNoYri1ohnbQ3bcqiP0TUDfT4zRcQ +ZFZLuzAtwV8ZfZcYRCQ7kKxGfkciZJhjeHeuBy3moEbznzg9TEPCVzoOD+k3f6+W +7/bSycV7jk89CdaWU3FKU/W/RLZarpm99Uzat0Ecc2KOa/TckNTBvD9Ysj2j3D7Y +UmdmfUGORvwQhJG0mwv7OpkLFbFbYBehWp8/Fk5izJVdJs+77c2qiQvgeend1D41 +ZUBKtbKCoc3Inp83cSkl2XonncCUxBKLiWHAzZxhPiIHwZXGXHjCOUqbs/sXEogs +3HT5PHVQjqPGIbl5B8NYetelB1h1Udq4Py1VZqjLhZFH8q2SnjRxC9to4bXaiW9N +451NL5S8bJrcaun6E5cD74p32F8IOjR2Ojr3ofEFHQFVUFlLPY3gQ+IZs34hQBNR +QY75ffQDykZPBpLw0hIJkr1LoYfuEMdN0tPRRxYVO1lKAW0xbOAd0UEslFcsyXCY +oUnQP50nVpG44TI6bNfLj5y07EyMFo6vB/XiDXh9/Az8jIfsPeYOGIVMYFSnourw +3cjTPFrJnEQd8CHxjLLnB3ZeXIo4l03hZBy+qFOIF2Ezke0fmRtjO+OUVm8lAy2Z +J1wSTThBlsWX2/JOzh7kiWDipX0fN8sTGeepazxI8nNANX7ALcxwuLrjvPOmTxfX +ElpwebOvCxonwWR0C1gyZ0feOI8kh0dKwe0xi2fqxCwxWzPxN3EQZ+FtoUdtzPoF +7QRBFERPefUpO6214t1PgJMWvLjjCsOFy4tnF46nWI/r1XLOQlLP5cwAIXZlnSXz +ky6YqPm2OniXq5XqvyLOMy1RoLINJY1dhgBXFtC5I1ZQAmGJGmX9IxVjrRky9kKt +362X98edUUMMmW48L8RcyYOOVLpFewAmU/fr3qoUDjusOtC8O66J/V4vjI3G8Ve9 +kNLiPxQqbyfHHdbC2Pp6rXZXcl7L5FW/fc2YaZRqCuFpuGXZQ+SKrMXKY8oLa4tL +Emf4isvdlRQjuveXoebxPsoG9Ww3pz3nl7NQ40cnSxb1zxm/heQmAczPE0faDsOi +pGAQP7jAefh2XwJ6RWRqzyuA3bDWC7E4ASYODIJ1IAogMMOlg940hlmCXZ/8993C +aTncCQO10ibemZsWvD/X2+gL3LSgBi2Q6NjHqj4MPAe6yAOA2USc1GzwSW4WEpIg ++ttJpKZFnnnxzCfUU+pTz2ONGV7J5a50BiRLgslPawm0lbYl2BvjbSZJul9oqqy/ +7FI5Jy83OaHrqyMSRNKZbkPWy58zrhQNaiUaCrLE3C+hzj1k9BXrWm39AQM7olnp +T0yi7pivXYEff0/d8tClqQAzy0DnKEW58xQODxhFkZm70X0HkUABD3QObHb2DSjG +PE1XV9pXP/3pci+SFznuvn0p6CN3l+rIXW+pb6O4KW65go0LTo1evIuKTFjVtZyf +KqbgDrdu/Fd0KJJy7S2cg/i02x7TfcSJE8C3EDyyESpGegE8XAH2NEltO1yt0+/z +26d06Hr2livL87yVpzW8b4H1SlifZmPhy082InF65W1w4hAmmsWARfPmZUG0LWoG +6zRPj13ojxpLPr8kyw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der new file mode 100644 index 0000000000000000000000000000000000000000..52ac321438292452b55de644c0893a40c4027c22 GIT binary patch literal 2464 zcmV;R319Xwf(e{3P6i1ohDe6@4FLrWFhMXW1_>&LNQU&90UklbL~GWDau;{ z0tf&w3zf#JzW08QCe!zTM}0hvt-dVemYKeS*}+4Pf-99hgW*VS{j>!`s}UPPazuLYAkHk0 zILr@FnOj&vzVzQjdzQ@ z@fL7i4OAR%Vbflzi~)ImbHci-UwVS`ii)wW05t}MP@MxY_XyGXvBwF$emCEM{6bnE zjIiac2WhC;wExm$p7_BOPCQoqrLX~RkH0sKgf z{+J$5=LLmYFxW-hc^u!c&v#XCGp-cx7y#D;4NIB}RnHHdg5^Hjs2Q;2-vacONU$Ks zzP&6uD{QEbIAv$BCjUjjEEHdnqFXBoPn@=oPJ+A z^#VPmGiWA9e)b(qaOdBjncsedb(ad60h%yh6}RNM(5+__N6zIi z1;pBx6==3|7K}+3h3+LT5%#Q9pZpkuhM=9b(BsO14O}Czm{mj@f>BCh%POzPA9Y`! zTGbQwMc}0js(OTbyt6#!cuov~UVwD(hx*I)1?L{*K7)M^Y0xByZimF?Iy>X<_GHbN zK0y7(XI7i)#?=#G?1FemmDym2Tr|^v zni3PE8gQ2=?*-c@ToUQ**DGpxy+PZdCTQOYD=AFUcEj?J(R6KB@~j7S*FH~Tmj+Vg zdQUVe0G~8Zbc%?(!+NLin*)Z^kg1U_C@tfZ8{;}q(u z!YmUx`lxB9{EA5#Qm9?)5+^QoYyb_(B<2-F<%FuGC3%KGQmvcwazE-2{8<~J^`;p! z47S966~#RE#c1T!h;yI$K3@xbY-muv{~ixHEvAxb815HjxZBa(gQS*$&1K|VPBsR-KcYZt!f(K;3q%p zywGn5YY`%)Ym5NL$0~}W+kJ***=x2yFSR-~DPWiitJMRQ6SU&yWes_?@i?hGiv@v0 zI3ULah(n98eRi!@La3$E)-gAXF|o`fxkZ$<-8vUKhY+{f9C*cBiYr5drB~9o+>TjG zBH&aoljO2G7c=C_hnmgm!=k?%d9=74Vxku1kO9d@qgJt#iDp$eD{rUHY5ow6(G`FA zy0u@cwpRK}r{Uu}a!prlL~)q+`eLb^tKF@MIv1@OVlKKP2-zMy8a-WNLCs+|7<-?y zN#yo~M({67a7As?eCv;;5OZ@N#2C%W0RH#K2QeIZUV+1|&7?Ft!^(@(5MG!NTogj; zz$gF}B_r5$ZAAIf!2&`izQ?_Ikh}NVU)5*oGu#i_Gx%uRX?mTw~~UecHos#EO|b>Q-=QkU7!dNr!zGpW}3izmpL=eUvN<1kBEoyEhJDG zxseHOa2L3neHFTdhTg{?v>6*v-Qal(2g`^>@~SaTq?h|=#-{WBm8c7f{%cP|`F#!^ z0^4wN2c*qzuvm6&*PB7*>a+nmo6`lKJuZ5qhx3HfK=@!?pa53e*UtB-J#^nU?}V|R z4jxuxJYr|oBTI8K40q_lp9fi21YNyQ89U2mC}hn40V7{>?y5oHYE@kr5B+?_|8iX1 zKx4f2m;Ai^a;`f}E`D0dCvY;X)AdECJ?ys3maq>)s|+q^p@El$P6jSU*?|E{0(3kU zT*dM6I5bV(M_UTcV!9p`8{qHmiLmmj&D^KZ`2!!lDLF!htLmdgU@-}4e6YAPPO;Xn z#|`L26>OZq+i%xIbJX+Q9-MCUYi$p$A2Sd7GT46x)%`!XyB zkIJ}wnXT(?6Y4Wu_xDWEU!`NESjXG)FL z5lZ(XHGDt;V9JHKI~pkm-xQD4+vq>*JQlt?>Zw44J|}=NW1Mxg|G67(agp%7LhgsD z<&J|Q6&OYL71Vhbj^CT4uxK9Gw@|5SH;Y?ZgBtAV0De@nf9!s%w0Ah|4T2SFJcj&N zzmGj>@TM@V)ACL zC1l|@*EN;$KNF!e`N^)s=8|2sC-c>MN5tF;t zD|Cwzo~FHjCrs$>3Y`9?UM>Nk`y{cV!2r;1E%xqRN}`pAb*&)rs5E235D`gZ+^BlW zfZYY5R}kAz>JVB;8SCp6^!Jcd3?4D&_P_YlCX>|1{dLi-bJ#BZnd5D_2#(`=)9^hD e_tA4>9CWHIP~w&LNQU&90UmVz(!H58B4AL z0tf&w3s-a5SVRdRD=Xeh5N>IJa#WUH18q~G{; z({tM(Zr=U%4sK~~I`UQ&82?JM+ju4&SaLNfuOqqQBpk^+gv$$LlT}}}F_xnz^+R|? z00S@v70%z)0WOr80YU_FIK|Bc^nk7^F6wy2tYmYjyB5c^d})@N9Sgs0o-0U>$Tyca zyMidC;bmhz&9OgIKMD{}zeEym14MoB+SSQaui(T__SoI}<+3A)RbyWSljIuFk~QhS zGer8|y=u2UB@l`Q$X)X+E2mEj)w?&2^#gf!31;am#V6^;g?V@lDU3MjAA;0ZpIrS>Y96F4rpt zUMBkoI|ewF1!ugd4R)Su&I&=0$Q{VX|1=8bK!D?}Xb zhn_Dl=X6fh;+3P=8Os}H8c1QzOYAtlp(j`w^|}&Bhha7 z*F2{1R>F}N_r}Fodl(WKzcE#1hq>b{855s*$03XOy&;t?t$mZNBs`GlHBtv; zlph3dH3G1>C(pV`=YlO4c8-OxFErX<>I8ZfK*f2%b8iG{S%;e>@Q;t?k&@*v^9kt# zf1N^yO6YM|`uo4y87*Mj*pelH^SMAf4Y2_s%F7;`;GVJ?{POziy4Z172NTrlY2_OR zLsK8J$TU)c^M3HNoC`INjMincOJEmVJ}+H>2zI7BUl=D&>f%G?4mv@iX>F-6aDd2{ zy{Hco#fV9ku-x}dpWh^=AY=6|p=M3*z+S=~#aas12HbhC{#v#xm6fOYmdL9agsfe} zV{4lXghf64YsP8S1(0mvkuLly+Imr}Qxef}Rfy`nirD4vgdx;y;Rb;r5L37?n|L+U zD6JZBgpOl8$-Enu8HaY3I=iMM?6PrRUIywF0NosR?dHb;`fm(fzvV06Di&RF5R4t;H6JqBDG!Tg{S-spvzB-|oyp-?&3P?C;x~7q~6qI?3Hl_zP`0 zR!h`Su|rLR6v=1jTg7}{_iO9Q3Gz;O|=FLYon z)ED3W&ItYVOs??3Ni6X3zT*U-=r0}5Jw2`%P!SAjdrB{@Jc4b7bR}~2^eO;m!5L4X zVYnb_98(iY;v3Lfh?_1qp);gdT2j3OCyWq z720-moX6CbXbDNB8y_%RbdT<@J`8?4QoO8FOCiVv4Z}?L**U zLIt%rg3ZK9B1kk4iUoJZA-PQW5Y%}BiVt$>uW-Zq=7YXK83%@*%fh*h0o|7>a^eouG0ieqULf(}43SvZCDM@Jh~{Zq2u`WS7FcdM)wA-=g|l=K{^()0 zc_oif17?d=ni@lJuGFw9p)h#9lzp;VV@B}*%#@`l=MS0{p>o+h`9xHa+UFh_f%HNm z-VbQ>ZMl1$CNE7e#QqM_#piVJC3oE1Uz2@Lt^kF}3@TmYUSMt{QuV4_kr_eKUL2#p zGN?vnz=kNraDipK)mN`bkZNxqh74$EaPDsPZ3HI>Go0LXsW0A$X>b8e``5Ltm|kF$ z_&>x4jd8e#X0FVK5s053wS5F)nFP;pDlrc?U~=Ve`E61K@cTX|!ZCrP*nybmk|Em5 zWt8{iOCGsiT%pscYr1I=m-_HFeWbakzulj)4Fz%OF$Lkrdv=h^;eVBas%1Jl=fL4p zw~y(n3aK5`i0iHQ&PI55zP7XkRJ>(F<(CBMU8ZbHtPEOaQ)w0py-{SfUY_N=;g`)o z$RBu(Fxw<|Y5&25C~a6rMBF$#mGA44lJklb-7s$ZBbX-*l(`sljc)wJZ8ACqGQu2kZ9?G)PB0mr}($0n9#g^FLEr3SJtPz2}F^zukoRQ?KEqe5iinS5!Pe#TFJHY~KW83EI7~X|I1s zo2GHp-K+QD9$0z|Y`5skMq=v|NFF&yoo-(d8Io^2PBt;UAIEyGJ(maFtP_WR5Va4c zY}YJ#RCj0{-sk|14=?kiPJ{^63u(!(jYjvI0x eeJBLQnG4K@p@xW=*%a(SGm`(}4;`;~T>;)MrLfTe literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem new file mode 100644 index 0000000000..c3c0635ad2 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI/PTNX5reUuICAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNepsPdfwKiMBIIJSHRy7kOzfWTH +O9Lp0TcHFXh2dkB3d9v8HDTquWY5brLGRVquXKEJo7DOK3MY/0Kaq3/s2hmwsAtG +XzsC7nKuYfeAaL/vC4065g8LWxXoCczkwLyJ8wl+i5lB9UYZO7UQ17ZQOvQquvYA +KKqe+IxFBJP7QLpI+iSYh6RGoqltU2CVW6rnVpA6mB1J5fR/w913bfkq/F8eLD3k +HIiUvKf71zu9YZNX1eMo4kCQJh5gV83D0oXo18RRe7uzcBq9ZVs90oKSuMKArqKp ++yiawCBmzUU8NVelWfpfdTAxRDgIj+5EzLd/Y94MHeie0GCPk8V4uDuoqnT8z9mG +IQPRe1x5IYpK+/6hcvEj3SSJlW7WVOkKxQfaTTxNVhXaSnfCwIUfHO+gYvGjN0HX +6P9gF9+LNlnHRA0dCdHpGFlvw/N5TZ/rmFmzqxLGmuLfocbVmYG5t2lZtBb7oEnl +D3Yx7tk2GtKg5uWXCLN1tGf22syzyLsNuHoUFLce8QzIgW8MJbeTu29vBTV7YJRY +akmJDkl1SX8GmkbemxN7jSRGQD0c8vHjnGdVevoc4z011gL+bEhzJu+dGlbpzLB2 +VGmhptvc0iTHFHVzeYJhvRfdG60lB7P1/XbTUVmZ5bPsrW+FgGNr0Vs670csFXIS +khTIC15Ey3kvyuB9BNoYE2l/kKyd1FeHqS+ISHriG2KGHO44Bak62Ol10DBv1/ks +YV0/3AQes39hoxGSqrTXxAoJDa3kttRz4/7lyrTCjRZoB66FD/q+hV93rzBBwPCU +PWva8LxcsYmF3VAIIudxfW68CuV8oq8p8+pJ1JjdZ8uyr8j+YuuX60o0vHRQAr6v +n4/zph9ssbThv22pN64MbGkZGpfC1r/8SXqMdmEu8mjvwLiC+S6+CDdUkZB1jPYa +JX6oEcextSvIivTlMC3AAff1ZZLDjotlchu/Ky3/ugu9oNC6zhzPWug69aUctumO +ahXbhAOjswkTjBp0TPvsIIylTNDwWNEfB9q16Tfj3I0d3VKCZOaJM7iDll/rM8M/ +AWBJ0L4dDuhvsM2TjMzJ8p4JXaxfX9OjgR1+cuRe2YzQPUDBeOt+mz2SCjgOCW6j +r1k76ilGmUD1JQby8T8MScSp9H2zi3RIuaDVJwHMPu5KooUR8eF7w4cTqsS0FhdI +n91M+o0TDcOzOjmDj0vH2tP2HPMlqMOHUut+Tm0J9flTtxQoAlftPq3bXhFjT7Wp +ry8JPZuzQDUMdQvi2+J4yXnc0+ElWAdSkaqpEpkOekgY0lTj3W/+GuxPPPqAxLF5 +GaZ5fCLFJF/ioQ55J3cnChfZRXrlQw08zsQiLdCyFq4Tnbx6Hmgt48jKhPddvxhu +b/StlvaRV+UaMdlnl3Mr3DwWjwIVgOEe8/c6T0TA7rhlh2muoO4dT1t42stGQZAy +rB5PoKJwLtzoyQKdk+LCvgrrdLmIQmK0AB14OhEAoWwnOyz9XZ7QM7Zi2j/msZXj +ipmzwdxn2+Zfl4g83dn3pXy0+X8MugcXLUfgRtNEk6ZAk8P1PaQZtiOT2DS+Khuj +WvnalHKoNYSeOfq1MJJkZ5kG6wriJewXtyRZtyXolTW0WbKNpcs/EtHbPxCceONe +CcYPPXnnQQ4Fwl8jNxUUs9vO2uLXOs4yKPkwgX7KBmGIlYLBjM1isNhi88fVXBvd +RTLFblxlnRHhjQmBQaLdkWwR7hN3TwdcxtobaRw7w7A3Pg76ktY+Y1jAuqu3HqTi +q+k7dicH29LFKs/ry5dAFJPgpG9EHPVemS/PIMKHp0wRLlHmP5+LvdRgSNKLUoyy +wlz+aZJXKobk5MIcLRZRAm7KF/hHfwldLMybrzobwwteTl8MtvQYpHc1cqAFtqEd +V49YwFCX0SNQLOcdJZyRoltcftiINsnoTzOKDN4y4NaHpU69lO8AA9TUx1UyH83o +jGUGAtAHQwUwmwygr+NRzq+1OHGA1JKLLfdwGKct2SY2smicjnOOgjF/x0wiSwyo +HjuARsdR0pc9ancPQ0KnD/6eqc2AcHXiCFi/xu7rCTwsmO5crSXRL1U/5CF8K29g +olCXV8cS6X7gqyARQMHXWN0Qx4vN6TqT7vuzLaaiC8cYiiKvDo63GPyT6qRZ5uY4 +u05ZLr18xzRM4hjUbxZaDyefOkL1DE9CO3rJDGX6njSLh3IxSNQVXNh6lu0Tx8CC +HA1S3a8eR9Da/tBD8PLwaQ0xvpHHQWsdX58Nb3AFu+W+ee4NFq0ZrPqlhLpSOGRn +bW+U25YFdIMsO41VhafsFKSd+/l7VwJqOSZzMgxLEr3p9ASFBbuzQeDVWr0kMYum ++Wf6ISkwu/s7hpnMibSACV3x1Fawwie8vH8zH6rg1aw2AITfb5RuIdA3h0uX7r/o +6MTUEgy21T14z/KPDfhJ5jP6ZNuVzpQJGgQfAsJzPKVZg2DramRvgSvdLw+/LB7J +FedNAXSgdeSJyLiwy9glD+1dWVj7gc0cj+HBQzAwSMdwoX5E7Rk7UX0O0S7y1+Q6 +w+Gd8yxl4NDaM/5PH9TSKC5oroPot4qH+oTUw/y32Kl5TXfJvWHaKDcluIQyB+4Z +ABvuEaxz3NR3yI5Xe+KDtprRtfI9IK8p0tFVYpZfFUULzjK+JGKi8g1CcDnqIM+S +1HdSJP/qsMMlb1iL619nXhWqO/hcVZvIffhYzKZJFAurqcEkc393zxnxkiA1ZaY4 +1sCBLnQWsmLeSKQ3rmzr4iPlG34Is5GsuV57s6w6NvmU11BTFh91psdpJ0iQLJm0 +jrUvZCTShcaV+lAGkqvnx5AIbPdZYSec6/J7J0OpmSypEfXITXO0Ihr8c7LMzPmL +AIHef/8cqJqJnM0pIZcptrdya3OTItfjZbOJ39Zkm+Vs0h6rpkpn5sfTBPONYti+ +JnB9yq6lWqo2wW4p9pyE5XXWcABMeq0uPoGXrZPY9It/aPB9RUCxID020Ehz7J1B +Y4yZjEx3Vii+LAg+AykB/0FL1Xe4SIn1/ShmEzan2wPxt3oNdCF5+6t/hgU1z+zE +hwpGnZfL8aMTSk4U2q1SJs3MQk9BlTmbKsOvajN+Cj8ZLa0X2oHjEV4o5Qc4Ggs5 +EZ/BJxGBwOFWkN41XE2DUW5E4Kq3AYShVAqmq24KIh1rOxrXebzEdn9+Jt+VWz4s +WqDsuRKobaoDpFFCQBLvQA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der new file mode 100644 index 0000000000000000000000000000000000000000..5dec3c8b3c5da6dc9cc4009dce20a08b77d6898c GIT binary patch literal 2464 zcmV;R319Xwf(e{3P6i1ohDe6@4FLrWFhMXW1_>&LNQU&90UmJ`u9=H99wS! z0tf&w3My>{W-d$o+TFUy)b3zyHOu!WJ9_*et!Q-f`# zV~M7%bR4|Gp+SUQENPpvC)683y*njoZH809Mm>pTPr8+k{I+c~C$u_#k@+Zi(fM-? z18a0^mJfWK;VU&Mo%YDB+H1Gb)I}%m_a#BM4d7)>OVAPq)vN+pB4P02{WXFl0-si@ z!g^9qw;Ko_UD((nUzKH2sCtV(Z5@*str=tCPpJ$H7O_2=eE7d+R1bj3SA|!mk zW)c&)IO^1cLemc-?v<@FJmU-Nn11UOvL=%#&vnQ?Ol+s#5I=%x06i?gWF>G)Na;Gj zF@n~m@l@)GEbw|Q@Cqc_0>BXF&^J~TfKjY75SmVF7*cKkE+~(wMnkiLXo>(iqRyYd zVxxP>zo5y~I^1@(UM6!Uci`4%n2A-QHzJ`eIkvVzqECcDf{I-?6$wz$xO%gMVH?3? zVI<1{;bOgK%bDQ2-dy;&ebisdL38boEp#(kYXK*`+$gh32*ofYAGH)D2eboy;gCYQ zR6wZlT;(WRX+NxLhDOxsoJ0M!tI(kZB5fNj$sMm`rrJ2!L17z~D?|5!s~)^C;4zMH zb~})G|IfaaoZDu_Ch; zM-h9D$c0vsw{wmX(gT6S>fy-op3zc*QEw3s!nWFST?zD^XnMyD9Xns5ts7tIq8#$= zHCy&i0tmt$+wuq;Q&Fa-zj1-UYX$$?KvJfgMcE{cf0bQ}%FXa1YCP}3OF)g9jfM*c zaG_kNghpSTYm|GIEixk#}GdMx8BlPLBB*PZa#%E9U1ykj2HJh zLZ90RYvP^}j`1XC0N<7Omc6LZvb{@q*!pe2LU^fro)ooYt+zcutSj4FzQQt|o;Vy3 zK_#L^2pCRElbXkc>ENH?wlE=_pFqGp|AU@@-?nkHAoNiA|N7!rsLM=?z~EvdG8nON zP|vF{UHUJg^mysQ)iYBR`pjKYAdzNG=>>=p@v7QJuZd&d3i}|xyUr1;Gm~z9*1TD> z!Pnv8<>lr0x(8b=-JS|Tq?b7~=ZM){44&hM`5?z2^m?ri?HHx`2sNRtYpuY5lPzN> z(>eWl&O#%dNMBmJ25wS4{hQf9OO3B%+lVX4qH3< z(MjyTxZ*y`jNfSSphT2A1U?mru+69r#!rS>WZU{~=E~@_d4&duGTY=-t3m73FLdv< zGX73%ZDNRnfZ)6jiJBqLtP*^FL~m9sr2vI4;L~>o)V$wUn?^EH)x3=jPoXj7UjIKpK>>RyuP$ttA%8u*rA#$EpT% zs;MlhqdnnNUB`!Ekm3hbd^CxVbuVZggXWxxoZbf65P$`U3Z-osNFYhNNk~P^8<*|_ zcuL%0PvO#z^Ci*K+-7{Xf^N&+S~j=9HI&8On*D58b2?pgbxS!o9Z^P-&*dd_+hJ&; zz(pxf7;#Z9`V+5=zmmd|L2%BCTiI+m0ar5}qcKV0f1~?+9jE{AJ6Y-RNzSRbup05P zyKR$f;Q%wlI~0K6##3HFUjnaJQw{^hoCYes=uuur7qLW5X;1u*t?fq`?OcE5%lhQv zm`Q9zORjx1X}~c}ee4=U7rIL;9?Qhh-I!~~YTs^}bDJ)5m0rm*!>WfrbUOpyyGo;g z+%b&6f8{!|a;sJwgOL}!1dXp|r+#r21kcX_FI1f*Pb7qMK7|sSKITo+tlP+BvoUAm z{C?Z$T9%sr2o2HkA0$O-(Wb}cats95DH3NlV;`rDHu+S3$rF5JVjgJ8Yl1Q{$@9p_ zBI08vb}VMv&Y9?cbF=?l!8?Ct(3a2SJu8zbMl_u&&PX#CH?f5%NvH^3iha`=OuQ#O z#W^rlje@1;4bL>w#PaViN-$~^YxQ3MMVBgSo`?l>-uDViOV!AQdVyx~;Zwo~;Z(1L* zEo5cIIIjq(aov9Mw!e|09IZeLGVkwT{*p+v+63o!3n0s${VV;?U9z7thk@@;gVzoay}tBQfQ6I6#fn=)bdT`bT}sqTFPY3EEj1M%5_7U+EPOt43hQHojXPP-%i zl{-$?OCY=JQ~F(8uXt>748}t)K{tgujt`$u2IcgGK+szN`dGJva7Y&S>Hxe9HeDJz zh0QC`|Lg0(cJl15Qur44VjkZ`efjQx1&TPhiUZiymZAhj=qx45z*Ajgio?8&LNQU&90Uk%_7`Zhv z&G3*KQCUaP^_nbiXRyXwF1{7J$|(46Bi6`qs-HBYP%%u9TLjNk0gh2%I5HKdOTd@SNa`h?bkdAhW>elC+_8_&6lr6hv>hHY zYQR~q&90LS2>-LDdK$YG!*C}*I_p` zj)zkp6x`;*izL>$Rl}63A}nb|9)#8;kc|nL2gJ30lr$lc$=~ z=sWHrJ*vk!s6(~?ZLf5pFdH^5b%Cz9kVTcx_!Q_5H z+k%ioc0h`U!jAvP(;m#7@*Ln15h_nD4`}OY`&?9)7gBtYMrq#NKAI5_-`$6X^~sI4 z?8fGUrqK#+*CwsT%d6hVLXmn2;W#^p?siq_09kw}9ZkH_FdG}33ulA~9JDp9#Av%k zopVFS&2Uwd4{ab9Mfjav!s6tnq|mGK*6uvP@A^to3NV0OXAuokUT+%z|#}4K#-@n^tbC^Ap3gK5fg+2zQBe z8ijA~0(`ilp{j$_j2Kohx9>fx{T(ENq9p`^8p0MEY(T;oKZtY7B(br8a#IP+^+-fr zIgW%;pju#r!!*h6ZA+9*DA&dcYq^6A5S&c}53q;|LJD(|acETCOmADF)@_2QO{ADM z6A5<2v*7BC-6<{V=ax|LfF3O>Ht$NS5`%^oxxvjRzA&AS|2F!|(tNfc%ZK;W;AMRY z%j@BB%m#5Gt4ci?x?Q@|)(wW=rfZcrTu$ttWBX1M1CQeWrJ=|H?YCI(M4u9-#DxpG zPU-#&oXaBGXTK?-zL<)P>p3Q2VLHms%r5b5d2G1=9b(caZ|rY5%(d?}HAy6zO*w9# zm``)~ak5BOV@PP5$z&xN)=U{HOk!5Sr-S*>w5yIMmwy|-laIXVEnw=!`kuAkJzoK)ZN0u(?^*=NsQQ82qxz-$}7m!|}y0)u0vZIjeGCy*jQ7Fo#S6iSAKAG|Q zycuF}N^k480&ol97cEo$?*hVgJ}KP_d1dgNv<)f{WF^@^`CXeP3i4BVL`#<{?J^I~ zXj*okL~~->t++P6v^Xe2>rYkbCN}6=Sud! z#hHAWo+93u@*>{~5b){U_(3XoT#hjswYMH9P@@*-&~Y^0D&-+quN~E{>3(G9meErf z!B)fDxX!sVACJBHE|qCM+oj8Nt%!6*2MlQ+T3j~O3#wU@7@yz$q@@z|KcTZy{JM|0#r#{h&E2y||jJHB$&6W!7V?lIE3{C4um^ zLD%VqGQroR#cBJ>Fl}7z*?-_9F%CjK=Oy7W~{Q8%BHexLYW(j7D4G@b|tqKrh@U|pAv@{s~r|7 z@rFLBKMsW1Iy7`eMxXg8TH(meOn`iU&(6{Aloau}E;Im!l?r<)XhqZqk4L9ZRS}l? z9zWV!N4JCVzRnZq#|jS*?X4kHDH(m2-Rh&S0q*l*fx)}KkYW$7 zK13nR^$5}M_)bgmrZ(7BLcJZ)(Mhx}!N3zSjhPS6)CSM|z)ud%kMU8}F=dJ6mHi`m z&}{8LhaLY!T4X3Y^JfC5hExt@h+N!YG31jJ?3PMlMO)nkU#r~l_f zHsx_XEq1uA9O_(L0CG4GRV($yTKFPOqlrG&e$0EsB1>$4fq^9^5m!7hksbCBFvbax zzNH9pQ225`<0aT30qBOyD!q=ohSLyvqjcz5Tr~>||K>Ei?L3-?|7fpTmsO+1c?`^>&m2n{b%DWY9%DE#|2Tl0EG(RFvPc e{6Tu9c+Zhuq%Ff|0yiDFj-7}y3{5}ZgZP}Xt*&4I literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem new file mode 100644 index 0000000000..194a895275 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIoWPVdNPvfTECAggA +MAwGCCqGSIb3DQILBQAwFAYIKoZIhvcNAwcECLYc1CA1Gf4IBIIJSG4dPOE6vprB +zPJLrO1hdLj3za2tdK/QlDbqMScFUC2mXq5cJ9rwwa7AyKtL0U4Q1O07Vw5GB92L +FVbY4hIRC0XtutCwhqlr0kUaIqH/IjyY6jy62Keu5KYYvkjPMFBkYBQD1UA/BT48 ++yIPH/RSXbpKU6z1KaW9FiEtPoXfw7kxyXHIglAEQtPaN+aeEvpuDiRAN38SU8Ci +j+Ub7spft4D7X5oARaAgQCNuhO7Lr9FD4OuxhurWoiFb7NJPuwTr35PK6wWYfjwC +kpd4iRCAhi4cl1z0ZofSmTyS21lz7uc3xJy6ztVMqOo52mIr3lFHatpC75/c0L3d +Cwcz0UNvkMOR1u1Z5iZhoqsFaysrKeddM/6iBWP2osuz7lTZ7z95hgksBF1wnPSh +5goSu7ZVbYnsn3WZGVQyDKbCcz2BzPj/RLzSYwjrr48h0ROj1acvZTdfFVioiiKg +t0w97W5h6DgnDZO0/yiN5Q/GLD+Laizawu2HD8e8dlkaMCD3rEl4RL7iigh4Co+F +8Raw+UPma/rdHX1mZttnk/bkOrpNVcrEL+ZxmQFn5it0Vn+U75sNHem3c4A+Hhzj +JaQtCPwChYTb8AZmNw/vFrKkUtNpMILHB/1sBHS7TIo0sEXJwWDEtrPLJDLvhojv +JIIpGQmoCqDHZpsYLGqI/kHtWRl3jAXGmVlqkt+QgjbkDxxr7kSBAcqEouuFcKKa +m2My3XxGMJrOP8iWuWpZx1p77oQcpIoIvnF06eq66x1H1oJaqYTgn4W/WBd7qScv +ILCTh3ceWYCh5Co/S+MonwqM2Ppc7JWIVinnrpduFWbuvvB/sugrjEoSAFNh+cqT +jTxM8+1tAVv7xyuOdFbR3TgiUeEfsK6E1+1Y6YKsqtiXpYN9PMpaLg+Gbw4+5esx +z4Mn2JSsYSejohhSZikrUMHE3Z8RgxMn2WkQ3hMNjaFetD45xUTla2v5yRgYd7yr +AQK7Chej4wtLx6yi5sTaiebxrrAunL4jBe2JpBeYg3J2dJjjPDr9Ym+YSSoc3s90 ++yplLoPxszvMfFaEAKrBI2lm3kemij7chtzSNAnkW/x02yxKcgwriNGHppojUQR6 +j4Bf9kvfZX1opyA/JSysGRDj99FHop4E4lHriwFNWMfoYj63BKluQFfmsCOptokf +9W/nAw+XTSFu9ojlXTSPtlyn3jPsSflYtO3UjMJsm9DHuRA/ZLpQ7Q11pOvI0hqj +XfLuQ4dhDTHpFE7Lfla4tOwz/lAOSqeuqUfYKqa9heH/LlpUBbsAQM+XSLqh2cVE +M5FXvRTcqdU9yJlMVo5+Asq5iK1cb18e3BSgAaHloJ3UaxiOaR8Ad26ryZsjAQXk +vKlqGQ2nvYmn7i9z7hYcVZRbXnDYsyA7tFHSYLTDUlOjtC4YjdmnAjRojezRHUoz +l1bceyBUGSKASMF08fHdMu3U1ffvze/GYr+uj5XyR4gZn1w2lkVYCC0GWAYuwdD/ +4xVR1qxDb1trdui+FNS/ET6FzlMtHHEO9f/veEPV8hsIgAouUVncN0bW0GKS0Fsp +N72r3bNHfv8tE9W5HPF+/ATh6zD0InHqOyX2wc51wFWnSWdC00DluZl5KS5wPi3S +MsLsRK6STboeOXgr8MhsmASGX1yUBWEs/G6jLAUDexM3FCQgYWCgCdPnMKvtesXn +3qOhdi6On1BPqvATyXndyQ4D2SLYv1mJ6CLTPO7PTyuCWobL9Is+S+D923+CpuI+ +1POOKOLgex8sflOa4bSkpWo36JvQOOp6dXYJ+5IUlA1MZphgtKzInz+WYar2hdHR +o6fuGzdne79XZrKSveK9L0r3H3h4n5JEZ9A6cd8bDAiYQp6w5yl7vXU7P0NL9HwR +XiSGHaoHlRIOr4wbIqNTnX681hq62S8dPtajukz8QOhgOox/gLULgTpSDMXhTN1q +NV/Bft6+lU9+PC0Dye3YesJWykuQFt2hM3Og4eWB9Ha/ACsGmzbgTAMtNLCD0Mud +m2DYCO/GpUDL6dDHJDzB2qBao5zSq+zoeYpP7d9Qs4amVxFwenLPf90BI0IV+D8N +0kh6rh9e1j/rmPv1qKzj2WvTqdBWmqOZvU5TBwAozeRI58JoSRiQLs1DfZ9o6V2H +bRvmVxdPHTryevrFqL8jEMypBNgB+A9x5VzhnD3y1z7rxKr4+7WW3Yu60EP5irVa +EjoKBE2hoGCuFfLGJn4xkpOzjN12SVGzL8NfXRtbkC8IBsOr13njFLNVLwzy7EwA +LFM9QN04KV6Z9AEX8d92NqT7w/9Su2ZgFe5aPTlPW/23uwL4o41U+FFrZU53/Pyu +e3vNy1AAh4INqP0urpy9Gnp4LP/u/AwrbdzmvJt8yjnKk03AaKNjNgFuprdplvqY +9TUFlr7sCf/TQ4w3BTZYI1VQNrduur5FwZblI9Q6obGunMPy3IYGeV6CcCchYkXp +u9vbe4hFFrsPlpOz5DHZT/5gI0g1ZYFJq+H73Ku78syDrWHiTGYJinj1s+Aceiak +J0sId66GMtunyojveJOUwfxliIKXUn37TqH8HLjEYk09Uy1yXBZVLaMhXIShGMs2 +aSL3nXv2KmGDGSFTBto1R69DPsHsb/oVDLUwgF5xyZFum2UE+D17mCK1RMczsWFz ++RIHc5SYwipdn1jBfJa/r3Gg7l7bM6/Fy2oAdrhcdB2oPV9cXF/Afyfu1yyXZfVu +Z6MWhorqZGvJ7HY+G5JFxumubE3u2x1EkrqAaFIjDc7NQQwHKxGyMTKg9I04WQew +8wcbSuvCcI4NVt9HMy0fR5+3QkSeZnoKI6CwqRqLEsexNO6N6l3V7dFgDUOFqe1b +Yl/81bS6b072jskkIsbFXTn76S95G3UYrEiYdn22+6KPLyOWQLczmVvztdVh6sOw +WRoiKYXdW2UnO2AYOXCQyUxUjW06m6BJ8F0NLJ3HVuJazKouF7iZsLpHBzI8luNz +VF4t0NLX60wv5G0AZLivVmVAadB4JIyT17ufud6sH0oSyVRid42zfBNzfn7L9rIv +vmjfhI7SeoT2MsE7l/QtQy9hJFSh+DpdWw2taJmxP210qXA8tgGgLjDqHJ+k0wvE +laqHGOzY4J/y4OPsGN2fiW8nRCoravNz26Ff9PZ0S35WJ46qxcMH3pIfxvIdtXZS +HESFHzL1ejv9Y4y0O56l+w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der new file mode 100644 index 0000000000000000000000000000000000000000..efd8b5c98f282ee9beb9b90e6e0a7d2691da2cbc GIT binary patch literal 2461 zcmV;O31apzf(e;0O9lxlhDe6@4FLrWFg`FT1_>&LNQU&90Uk-v=6{XhaepS z0tf&w3qza|(a(0bR?ZJnY} zN6F@+l55rJg-#c$rPi z=yIaX<5XFGv!|JOrBl5rc`BgKoIp~j5=JqvEyv{PEt;0M5@Nqf&FO5|)Q8S8HMWv9 zhl~IlZsZABy#lHnHYXqr+Q>>KZs<3J81;!Lq)Rt0r1soU1|8L}B2p-vS@olXX79F% z9~&GBNZGiiCWHjT){6D340&%VByy=N#5;V==>Zrp!I?uW8vid8t`h*$cXJ05`hRbF zF1Ir?E2?Flf&KMZne5M+gA4Vqxpe0q>x0?Fn4@sf(T1sbZlnOgT+G ze>9vpEXD(hQbFAN-*~#;&h&|OHrH!t%%*&}X9rNW6Llsni!?nj8W+A$%V4JQ<2D31 z&wJ`cVEO)VkFH$yU^X4ZaB|qWxVCEn{jL8`z!;`;)o_;xm%`n96hV0sw4X|I%!}%H z)k^k7JFSy2anEqQ@E*3Y-YP05<`{w42Zke&PF~=FfElbCF-g5dR_rm#g=s5940s__ zZaStFnrA=Vg4PtMNHe72&e4%2-bZ7%8FTlGkl&A{X!zd$scMbBdDD@4kO`Yn`lNBf zgVHrdNW5b0Jg-u!sTdb5Nn;0kFkLs$^beC6Xf&5I$f31zU0;Xx!OcO%`#r@|I;fsH z5g$tY$%?MCE4PU)WyIXw17{|q{6n?IL6F1xa|g;h3x5Xj3JFK}8zMu)J7a?tRTjEx z!YZxfvU8}jZyI_yEZD;Fdhj^fz>Iq}n4Gi%vpZ+7X3pVBJN9P&kjH^st6Z<)_lQqKv?7)fEOYk{)$f!w zl48Yz2+-nCbk{MLrH3|`s3-e1z}t&|ay<~_0dQs^{OG?j?}DB%6A z_ICIKn)qHn@*(szTgUOIH9Y1U;*j#hyYx|cxJW(~JlW-6jEVQGI3Ydt7Ue4RB5cl+ zV$BDSESQm|B~I_kCk#VB*o|9##M1{```2@nq)q)zU!Wi-f2a&r5Be<}GSJi}JiD*xv zlRUpuq6z6!2eI8`^J55?n^n=(C=7s@!mCw7JQLNjY<1(L5N!azdQ>IyKkK~dal9EY9!)i?tCj^f zmW$O%DN3#4om0=}NLSt3Ql%*``;$d?_ZpLsAwK4pY|n{h(Zt4-tb9>$|2#+9hbEsLbt+ zyqH1j9Ud4d84i(RK&tzIrGW`#Zsmhq7+vGF(H@u{BWGvrmo>J@C+=7i)a@_E?(Ld? zhIHnb9tJAGXPTeUEG!jQ#z!v-60>)zL|uhYrjba9?Db66Q^6(r+`WJRXVcq5?)!V` z8C%^=%FGnvW%e@jm$-Fci zIv$|XW!2!FDv$nscT94!1WJezs?Qjhg6)8BF6;`2*P>%1^X1zvR1E#CDz|if*5deP z_G;wu2;-m2i7cCZEe58Y)Km1Rc&1E+P<{b|WT^R$}h+0KASd$24A+c#qi?7VN z8~(N+s5u$NoPnpyHJ^WweCFHZw}~2r^_V`VcWqQDq%y%AWZ}i*+HKmmjb!$24A6(K zfIkcL>&~~2t2LJbl!5N6JjS)!g?nz%F?U2%9W>o6#NWs+Ew||o$=UL5QL|vQaqlUTi zn||nh%w6Wn_FQtNUAJ#4x&qzkS?@V4vKhBFmeJVZ`x^g7ehw>OJ`K51=RGHYa$%XC0u~@mo{@ zQnu8wE9=)p$6pLq>;0yIarD;!8OnLCw`XbG>G$6J=uo+1YDT}DMTA^5k(lGsj8Gd$ z7Td{+9a^@rosAa;-T7+9{MQz6D&01tH+zY$;!U$jyvKb+aC@K+)fyoiLH4~m0Dhbk z;!xrEU)vs;b9g~qTI@kgV8+8+t*9$cpCFh({szEZ@s|lh9J61Pe50P~Exc5TejXKu zHvn8$ZhIj|o20Fic5J*cm(BE1_g9(>aF^@*(dB}huc`CTnIpmK!&{K7z z2@ni;9W;wYsC_0bVc0@T9a9;xqq_dVgBT!ODqO{#O&tJ z=nMX79Fd(BNtD_anv21Q_ERM3$n}H0{GfregQRsub=|oc34^1E1-Qk+Bua}}9)_M$ zAP1{i;0_sVwG|t~L25LK?UfI-q+ubx*MXPCTHN`NP$&<^;0;!UgRcWsVKpZHa~tv9 bPsEJav4jTW#X4ZBiEWB47NnWeA!0cUWns1? literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem new file mode 100644 index 0000000000..16b13a450a --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJmTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIVI1x10/M7+ACAggA +MAwGCCqGSIb3DQIIBQAwEQYFKw4DAgcECPtdOOUMWuSbBIIJSAksArEUkFkTphQT +0c8tc3j45tJKHXFXhtt4V4pX26Ydh4cjenAveKvrawKhmpSW7O0n6A81nwwOxUH5 +VaPDrA20Uz61+S5BbC8bDa7U6IhA2g6nr5qERb9rCl4eUvm3RWyzEqbLeiUER1Rw +XrxiMva7wIZhZJNMdq5Bb9yhI1XMLlowf2WvNJGCgGC4aKbr1hp3AqJ3O79iRckF +XP0fyLt5u8CSU/1NWGAUkQbnqAXYpE0gN7tzDLbBcAyRet7njaplj0XaZlOdOofT +JQ8db7bavSGe7PeGjC2EZUNElgbHUbb2P31rNN76YR6JqN9cvj8gCGV1DETjEbgY +theTtptT7/f7UWzR2xrts1iieYRy0luPo5xPOa4UDvbYcHtUVgSkrblw4A0Id9R2 +8dRN8pW/7GPeaV6eqgUYVrqx76zVu8l7QtiZuA05tH2eVrTsMe9DnsvFV/kZIVpb +8fnkokxp5OZOIIsUxIQdA4fxHA5k3Dw6/0bXVgYHXJTpdIlA8yHFgAkOFkhi9Wl0 ++d02COhFQUMB8vqsHc61aFAvKTMwMIs8/ui34rTSBnBLsmMQlNxgNzc14Dz3fGcj +LU1lHosX+l9M+vEtiMD+lp3szj7b2+o1apc41L38CWo8XXVLyZ2lmQSHXz+PRWSl +afjR1chBzlulvELqIMZkjsBazv4jHJOD7Alwcg9pb/i0QqFTbZzDyRmHW2Vfjn7f +ZzfXZvnW0KLjH4BvRiSpkum/9PbXxQnxryMC36MHmEFUS2vwi5UUjSM9Ak1sdeUH +b3D00kcERPREb8Pru9+aqK7fBmV+QTAhG5UqJ1E+Zx1YZp5791At4oC7udTud7eE +n/1zKs1JWh/u8QZkLzHBkBZDIaRSCN6E/zSDmx4VjwCRv08fJK1ChkJJKs6mtCSA +mQ5noc1kqy8Osaj56FpOxV6Jgr6vpEO7vYpBnQ0DGU5lkE1ij3puyaODR0CMgWXO +DdoYWW1F53Sewu9MSpSf0/AZZZ4S2lQGhsH7Kfco/hXKV+/9Sj/8Mw82MDVojPvT +vCc23ORArMRzWFItdDR0jkFVj3sV3csjvjG7/uuRtnapHqqhwiNbfRYoW8cL0y3O +NO5179OE8Xmo0hHKYaDs3Nr+3dnFwQJ9HEJnKrH5MM2G1qUFknBYFqYEkmCXO87G +ZtEIywtFEGElGymGWWhlg6tJxEcObN8sNHf0hqv7kH/jN6JuEFLQlfLz1b20XNka +3rv5WKj7lMrpII9agGO7VR+zbpJ2RYv0a4N+D46SZGIoWKjravmrMzFhXju54HMR +OKrL06njAoRE0TfpqGzv3InPJg7L8Bb9FtXMdficQ8BM5f62b7u8xcce7VLyhz+6 +1cboaTywfD9mbGteysdoooFihVThc49/DPSi01jqZ4PE937tGDlt5GWFiIOaobF/ +zfWxJq3BWA1LaVj44r9P4jORcP0fWvabcgzlD7vewvSk7cp+g8fGYipN8t4oqynp +DGXYVCTzckllwNnVlCRcOpwYgdaz/2dEMqh4UH5bPI86Lu2J6Mr9iTuQ3CL967Lg +hEVmb7HTO2Tr5mnAIkAUveJbLXqPGynh6d3k39m56h5DyPKDPBidjkXFnLlSJwO4 +RPoAyVB3JOMEJ5Am/pXauj7NXErNTKRuWVQVspszi6ycoaiPGfXWYypZXy9W6hJ9 +NWif4SKTpVVYBWH39YXBfyHwnSHeggsvUpmVzRldXuLRags82i4bVd6AjXZRQLfg +SuvH/RPshm1CUwt+TArl6FM9MjdIOQM/8YUbyk/BcZsdM9ChHa+1soMXAhjz59ge +T19BzvZWeDIuw9uatqSL/QWAENQcKalo1zFphkFLkHCQnvs3+cwPLo8AP9ES1W4G +4KyiO+5e/04XqFDOg2iRYoaHEhM0zGTJpU9TDJQ1AQAmHj8TJ4eL6s5OaSzWN3dP +C4d4V9Ay2y4VFNacVuOTAI945+yi6GN+63sL4FB723Jkruma9vhOhqGht5WOltXl +yBjcMFmxhsvk9yErnPN/lUIpvy/BlAfPkTmSzTcam/ZfCOgIfFarbR5Hahynf6u4 +x2ECWJtELt5jhxs1gnepZRh71WJbjo25SJO/PSI13uMhd0cBIlhu0iiVtGzucgeU +PzUC6PO1gB2WgkFXaF839TO/dVpgbK2sBjRUjzqnYs+YMSVwiNY8gc2VAnXQu+oV +NdNaPEF79JTp14Tq0rmhcjczdVQ7gCNUD5g8ehovAkp6DkKCoMmbKgagP9MnKrhS +0tkaZwpLxRYiz7vZJhZvz1i64C7auy90fJxVAmsl0sC97dWsbcLaQoIKuwfn0kO8 +q2Rx4xRMixI5uoWDYamNL5RAo1nmsvCQCWO/E5pKzEyykFZfQ+iX5/cFgjXmMBcJ +1PRRrQcHvtAV51GhPXxPnskltHDUEV1xovYGH0yk20NZPEIVLf2OVGpcQICDzLyB +IwxufeHMkakAcQO1ngz6czBMMPFhEqaTBDafybw94ObpVrpjO8bEuj96nmFh5hc0 +o/dnMsU8q7syRIinjZTMcvwYLE1C6BSdY0j9TwDdFvH0IhmPaKgCxgoKuyiS2UtD +G8JPZI9ymOKMnzaqLc5F56j2LSsOIf1o6svHWG2nGGCLCMgLaDCl1rkVYOhQ56Bf +/a/iPfzkz1IYCO6zvq7AfImGHS7HLCk2Iusc2Oicf3fpjJ8TuMDwgUauGx9RKN2b +znBUQeI1d6PWflz/Xl1L8GTDc/YI344axYvi3F9HND+gcOEpfcw8jxy/yMYHv2RT +S4bGyRodGrVZDg7AjFyzLuwapM+GS09Qxdr/4cdEzLT+cuD+K9NsOr/TSvZD7YO8 +09yVbXWBIHOXoVKPz8PSg6bb+Wzk73btacNRgaWlqa2EhT2g5pwSAcDwrTqN9GG7 +0MiyEsWd2uCET8LBXmLPC4U0iHg85X0jC/fdM7xpRAKayuh5omYwyxxunZhAZ18H +1meJbao8mCqDopih6HYgDbH3sQvk2BUIr0wX3MC7ITLAiIiziJdvXWYaIrDf+y61 +gCf+0REpAKV0uaH1/PkOp7vmjeOHdUdSOOSH5AkyqBt4jNJDwi2yth3XJoyH+b+6 +XGuzvCFDuwIZa9PPsAXkg7lb7+n9L0LSddUChVZQ0NVirNRGTek8p8Y8SYPJZHk3 +ZuoG/kXvaiCSaP0ceg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der new file mode 100644 index 0000000000000000000000000000000000000000..460fec89132938172b51bcda4afe83ff843b8ba8 GIT binary patch literal 2461 zcmV;O31apzf(e;0O9lxlhDe6@4FLrWFg`FT1_>&LNQU&90UlMC7T~- z0tf&w3m^ zr{$Ny<8nj!Dy|+OMn1|Tfj5Kt8v1!R>8tFWkk1%`k{$+jJwWLE!b$8Q~K0H zLeVxt1Xfn!o$8L0nVDazUfw+BDV+jxV&!KN_6@Ots=_;Z8oXyP_^zw_K3U!phj8*nLi{uN+8jd8#Un}>(PjCf=iWdK2Z~1_-g|RS{1&jyVuVsi18)tP+MYt$6)!{l zKt>1~pp=WLhh9OOnkL{`EXTded^;Ro3*qBWUAd&Y&}Gblmm@eNz4dgNW$O=e*g%A4 zt1o!xM0xK!m%=q^P@;tmL|pHyt(1$PLen1Z&w&M#!_ zlgeR1`VeamsHnMcl~LB9J}gPwV3+6*W4OGW6=YP@)n?(LXO$Pw9Gi0Wdc|6?`@kNt zCNkv1RoRM59jck$`dyr5${^i~(*OES#5nj8o)mY)V}2tCT?VFMALJ>lb&fUQQyX;F zZUAPCVNAad-3!xP&u>g{wx3Fb-q-Sg6mGy|qC&mxOYam(-4@;R?c0hqD9 zO6MD6+|}v0dy;mrCESA4QW>m9XwrY6c61O!j;Wa|F~M(g>PR?KJjTnL2D=4L8U(l! z4U7x&nHQo&AqHMSG$9f1k%@Gu8Vb`2>*^wdPp$=fS#RZCSF=^SiPuxD0Ne|;gzh<0 z4hK-UxiXa{g$B#ULzkBnAwf42=YbA8#uba_?UTU>xpOGgW0iQP|7=t?pFqX1vI~yX zcfdoigQ0!*Opc4mq5XWM%;lA=Vkq~<86o5oy?Ql59@FS|O#s?tmSKxR)3JD!2` z7dH;12VEQ7eC;cWj<_#tDpE*ke+}amX0jQ>gwl8ml>Kt8!I3Z$4LFkH_Rk_r4pjwY zMR7YR8`s0w;BbBQ1vGmB8MZ~Q10j;!heK5nPuvdG)X%zXiddXyJmpcHit<{AS|+D8F^GAuIo?DzWfVOS*%ZQ6Pg z{kBW-yPtcvg7lNh$njs!Lpl)1TE@1+wW5147#p7oh1$+ALPIViwIBHNyZ~5eOy&+sHdl*NCTcc2E@xd zAHRhIEw0P?FQI;Iq2>k9jb5wY9wI<<$0xri5-wTqL3&qa17m&AvkvqndSJ+dj!!G* z3lByR2w_4+XtOO4>V4teZs;XoL@F%Q!{(ixqMm_3PJy%BjKsR^_G;&xn>}(+fdli1a-K_oS&n!GJ^BjM+A7{p%SMoATeuGtI?(>Kj zlQ*&t-+m`AHr)|}s?4K=st1?{4)<6SXZ4@OvrPKxZ*~rUHD&MGUh~q$I)LZwJ63l& zOSWAmv2(QCOa-TfY)t-IxMMj4Iiz3Om+I8a(LL-&L(x4W7qLGWX|il4UN<&2HV1pS zB^3wb&n8*n^jdti(%o4^Bp_n2+=iuTnPGV`8|jxa|{zvvjbv zh4sbJ;`yqBsW1dbdFgXakvDsgk1|ag&!*JcAg4HnElNvu-UpVSU`-0*f>n+B0M{O| zpa-}W0%WU9Ho<8k3Ysf5R0d4UVwh&0rDN6WcV7`cCG6D1YnGFx3RIApWD%U zDUYyT@0RBo=DDY7oyWM`5BP+U7eR#!!(PNL12=-#~|5N@V3#v#*YRB!+=0but}DD zy5J|UFnjv*=TFLYTH~ZSF+wsdOL={Y}evgU$Q&azcts*kzx|{BN*FOkUC*lrZ z{|1K!Nvs>OV@5@D9xqC-cFx?h4ShjdAbr~RH~=)*1rCb>5TS(^6!u?n{Tg6LJ&qmR zmYQ6IaJwRFtnG&=XeT4j#W|G_F%w|jod%*MWbChhRZLx|y|>>g4I#9&jT4RP<`(Pj zR(y<=q5(MFA(M8qnqX_>je7uNSq&LNQU&90Ukfd>gP-s=TEF z0tf&w30);2uZtdzVR%lF|5+^1Ie)Q>mP}jD37A4&q{Ceq4xYuW}hgDbkYhu`>sDV&R0mxH^D5EWY z>Or*S)JU(x(v5xkx$%vxbV<)CTU51)MokvMq6|c>qzO@iqE$Tv81MLuZHC!i7g)th zIEQ7kEbXEQ0Nwu6!6tXUDj-Bg@31jn^H$G?0!=;7_qG#!52_G#D43`TPi`o(OulDx zRziR{fvxn{2DsZBGn64SvK*1t+Rba~?rTdazZ3bEest6c%Xu%?I(JS5zMwIkT7~pG zAl%GWa%Zp}Rh+l`2MVOPuo@Oi$NTEpN@xL9jB^m7D*exI0!0fC$%mc=T?nUMiY;`L z|4zU=XnWGiZ6*SI^2492&nXl}V-@t}k+g@dq<0t-0vI7Uw?5|b33iGs4d%h=Zx{l@ z)~_y_iB;@rnp~UY^O{V%=oDMZ#5QjU88b_iv;cBc^U9tkjJIJoSVqX1>WbDffT_aa z+u}U-*}c@Cz*`l9*|b`xK*Wj*Km4$W`w1qj!q$lt|BiKXc$G|co5Znj5``bt&M!s`I{f9lz)l3Jq{Dq@lY0u_%^FhtIfmIPQ#40k%yo})zsi2ph z8$z3d-v(&w>upisv8wgje(_ShU;ilVWDsUnr+^AnZx;tolGM93S(r)+XAzRzr|>N@ zxX*7YFD0ZcE~|mKjMX2z3&Y0J6uT`I z7RGc%!A!vK;~&D9zk73rClHV3Mq=|yAc|axf7pNTu0T;ubz)OeQV=%htfmi#kT$lw zBnxenh@wx7X?A-<0KLI8LVt`wiN%IV37nAf5Zar9Gu@gd?}pTwl0H*(`hJT>?2T_$ z1&}gpP5Yx#&o}~3Ou-RykhS>If|LNfHfsWFc1{Y@H_-Q~)w~l}x$i}GuS|4nWk;hCL5LisY(R7Y4qR_nD z!)AE{qFb0FrJ`0)?MJalV-E>cql>pW1tV9g0CA;Qynwns_5*9@Dw{Nik$1tTkUdPD zrGw7iiXZe;OG05~Ku7jqu^a(cW8hk6Pl6TNK@=W}PJnzMpV>9Lz_foLrFHP<8Pxi0 zT`E+}d1c9(VdkRO54p1i+bwmw?`QQuAD$q}zl)K$B2UZKhc%1!erjcgmr~K~gknh2 zqqA|1QfBjw7`qn%2q#t~)hk|moU*91EgJaH?pm#%k&PYftMU+izn*n>h+ztS6VMfI zNk-z=1{UMC<SgC3F(j=WC&uGQaW{VylKhrPfqkE-X z;2!W1J8dVUH(kPyso;W^FVCrOsc3aSfqURL{nH2%`~TUaPTs|I&#}=SVSZiRH$&(x z{2w0dHlt`Pi+9L)T4bl+lIQ#i#X`rXM}8#t#$f_tVit_dxt7XG*c)ERxan~^o3?G7 zEcNW=ivfl9!&#emEvC%)FjV3*Ekm6Rmr8z{@5Qjz>fLCY1f+UH_KowCO;vB{7N!=g zD*eVFOCin5s?mNQLuVh1sbW_tNrUO1iZ$iwL5%j zC5iNZ43BagH@LzsQPj)!B6>uot$`D$LA5%bCqXOz59l>6qRY%aNUar!#ww;JA}sAA z#`6YmNf`aqW^z=QGa^6{CC$C5Us0DX9UczYDBoY<1*dJ5BxYrOH@|?{F9mKl!JL0R zM>otoFFHDwVB%Z~gJd3!fvj*6I&cPU>X_UF|Bh^bjCc`I&Ip%q8~y0rLA(%rfBL_L zSkW^vynN>2`|*}Zvu^MrRL@Kv4QzSk0@H?(bhmu}A$?gzh#o76wkV#0TW`;ulf;w8 zXch*qyx;M{LumP{X{M%K>##@n?+x?NPWj+WG*acS87=!v?*X-eyRZ>Eu`5Lrlq4p^et6}_Ru bSm+*sM*?^b>6&LNQU&90Ul(W|R5lgs$ZR z0tf&w3k)74gr*hPTEhw{;BX20s@JZrB34{{>hzz6}L% zn=6JPWzl%~B<=c31?speFn)D$ySTX%YM957Z6{@w5vEA20k*sIxu1$MacjPW$G31g zejJgxhd0Cnhlu!+=uWfKQeAHN$ zcTZ!Ul7NNHk4T)<2xYGAV>FC~%@dT=>}4&)c{Hgdnw^Bwe&QSu-(I)|;B*`;g+VA% zey#CjaTQ@IJ7tMpr3?{~Oa5^AF2=_(YFKTb^IGqZoA4iIrgFQ-z+RPG!mZ}xOUOvA zZz+(f(bIqpVwCoq_Uv6RAHGZOfC6WI#4M47-5}Z?5VKw}G&WI(W0>RzuEKES6;Q^e zFjcwtwQ|sr6En*jH8902xfWY9*_-&}-dG_ka&MJVEhSKwrTX_G%bMzAkOXBV{MzDu z#p)u@#1YI*Io9aPfByxjf>E`5A=3wfCR@BGrvU@1we*9Gbucy7A+|Q$pVrO`5t9hx z{Jq`F=d}hO!b1_3)8ft}7r2F!Es&Ee@9Nxy-~J{cQLt`S<$*n;OKk2?T@#>I7DsTU z%Fr&Gl)y^6roi|$0{YmoU6!CBulUPw2y+7@CxHPXRw-R(4aSL_eOlkqji1iCu1!O7 zdhC6+NWhWRT}Z3`2*UWZ_^y@Q2xY>pi)VmmQUZyiG{}+MGHHncbldKsP?0wivxS&p zyS_d0l%Dlb4<$FOa`oKsWq=NtzJVQ>s#7JY@)_mG~KzpeQp}osE}>?WJMK@w8|-nKT7dH zadk$qwvG?MOf0cC7_$rc6jF{6!+_ebroQ6@(hQ_E6jp%}G)J#HLFQDr) zhW5J$3w(_V;Z%~w@8AkTn!OQ2<`6b3kMK}clbYTWib|ab2L>OJZk*tbk0a^t8y`yJ zK%crYXUyz2cum?wrpHGW6;Q!GCPA(4ea%BKQ=mXqHb=m9Oiidje|EhSQUJ-r#!Ihi zZTp&EGtgV)D4Qf>&}J6aatRZ3wP0aH)VOwu0Pv}WGt^u$f5z z==k{eE1HQ0^Ly3LF>XFveeD~JC0RbSOIb_f0oOK!h<%!8G<&8u?di&u!3=)^8f+Ml zxPr=%pH51S5~G5~{GQLi=x9}=OMLR!QVw|?!y-o_IP7*Ai5MueNf9OfpDHnk{JGGL z&Qm*rEqf=+eslMhE+A!+f4TvJjs+Y_Xf;*;5xt^L#{YapFWIA|LPp#bUag#>!TY>^*TMtt zk?98H(g*P#YRRe~Q70%WIAiPa&gT-|A^SDjATGQ1p_YB?f-QVpq~)%D^>$S6H3fQpqQSsfamy}q76!;AI z0QG(~giSZJPQFXF{php`+t*9zgWI?Vx%=;`RrQSax^ZI&7F7t$ppS&C_+sCJ>oz`- zX@hzR+FLDQsAkYuZzV`GE&<4AYP4)#=7Et2 zMxZSqibR)W41AiE*wB!*c3*_9$7P!zmzYu}0D!_;2PTa-qjF33hGckuOb3#ew1)MA z(B|ZF-s**H5a6YD%G;kvt91O-%WKlA z%*MIn#x@?&K4sQ;9Xu6&SMv(Zsw~iUe%({MKrsVIU6Fu+@v4p)O3{%p38BNL$9;BA zAA3sa6JSR^L9Q3ximkDIXeg)FV#u}`Iw%N|Uc5hD#G3bK?UED>wmRTGUpls$xn*{Q zfW`kY3}$wC!L*A@0@|>f;K1lyeEhuE6YuXPn;UVaRV%BffvmygLr%0+4}zlheoIpj zLA!UpkGnDS>pKLg%PMd)SDgywWFxmRDKD~BJIXbC{Y z8#-7M-24LT)M2hXILppKsC$}OletU_bUe-ik7Tr%cNV~g%uNh7 zaOaA>H^9#y_=))N)jcWW5RKryzTA#F#8}mNyF!$d7~chQc!Ly^NMdv&_d_0A5}J8c=av|2P_8(+3S@>2dl^&Sxl?;brbK7^=SCO#K3DIk@NAW z45y?~VN+OWLNj2|GIuECiB7Bv_e(}|CpLm&kocOJEbkch$K5D5tZYy3ehkxEXTs34 zBMDQ@Q;ToXBv8dqvklzjqf^4-G2oj`43QU)t~jk?^AaY8(a(4WQWdTwSQNqbi_Pdx zzJNjWuQHByvS(i`6|M~3%YkC^Evw*RZk@1{N*3RR*nLB!_{y_s{=~DoTp5)iEa<=H bj>dCj?&mAXi&F{ARYpAz$k=4#E_aPOF5T4# literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem new file mode 100644 index 0000000000..11504a6c95 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJmTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIGOnVLKvKgHACAggA +MAwGCCqGSIb3DQILBQAwEQYFKw4DAgcECIGG28/TJRaGBIIJSFh6ZJN8xJaH30k1 +rH+L1DyTH4CELsRd164RoqfUq8rp6+XcNG/S41PdI3efK28iyLx85AcqFArqHHUM +7yGA6vmuSVz39ZXdu1CVMi7OQ4dTdg3KBXaz96cnyZ1EsoruibQDn6mQq1D0LG1u +5phVLsnfQLDiOFUFm6X4q9FdJj6NUJdOY5XRJZEu6q3wEmVXDfL7zYXJl2gZuiGO +eDp/d0IVcYFd1od0V8qI90nWPCeZziMcnR8wAloV2p8xiqHuVhV/4+I53ENqbqxo +v+0aObO3JsaxLVML6JGhabd2k1v3QAZLawMVGBNa/7IEOBVeD4j6VSiZPdKN473i +oXxRsya6HqCD4kx+zbofbL4dEZliLDmISoHRl9ipQfr1+Y//JYhEf6gLzmdFqP3q +N92+rVwdRWfmVdIsgdLiinJWO1xZ1dUnWvGOYZNjurGVHqv2IrDBd8FDjl/yMU6z +osnOynXspoSA53kQ46ZvArln8QGzWt1bD466nu86dXOkrfbAmS59VaNY4Y1D033l +p+d94eEjRwFUsQbRWv8mvb+KPn+nYcWZFNCg2RhTUKnU0Od1SHY5f9jfGFUyobYp +/tg6eizo7T+rU9PZoTkGnCf1qOwNPpbSh5FcLVajeDiYokoyc17VQJcc1xzKeIOs +tcU7kK/jA1GofCVhH3S1OPYqdjGvvoTVAYyXH3SuH04a8UJvFsRl8XdTNYOyecqi +tH17PADDa2UTvKE2dLhxxVUoO9dZVeEorNiFWCQ/rsl5M1eT9KXh2lvZRM+Yxo3+ +NPP1/CGa5sDYx9aZQPoJc6aTJicmqx/srRtMR/RuwBUUH/1AENHdNLBL2IPfYjsL +xKU/ox62cs2sCIywkBkR9WHPTqaU7HU6rlD8phinfljA5rMj3P3zrNk8XqfHNTpV +BVA2Eczf1HNizvLxE3+vp/eGYCecuLfnqwRj5zAjiYPcy8s1vETDkXSWdc9vQf2c +zky7tdAMS2WLFIulBIqYFDhicdlp9LTaeUOiwNIbPLVMzKy8zzW3UhMXyVi9EBCt +IDhkUTdaLmiHB0F14NISRK6/isa4Vfe+/Z9ML/z9iFm8eC6LMy+/YgWZD0vYIwow +JKHuEuuUuDR7gkHgZ/cvjMsyOI26uiW/W8qfAk7OR/qlZXMgWCQTgVBEcgmZio8U +BcVDRPKFqLCKOINQ4poxt45Ez+xRlYdwExPnSRD7ZMFPYcUllO+S72JYGsYdGs60 +i529HgXKp/bS+1JKK/zxQmjApZ5kWGmc7kAUU76zprd7NKmdpWv1nbDJBtNU1bmW +nzE/GXyNMYVGuxGnu/9scKSRATLzvLXtviRKoZVFm+6m7gR8J4GVSu8TxaXlYxg9 +NR+UujQJeoChR2dHvAZXc5g3j9rjQXZYlMm6M5rq0CbMlfeAFSwyG3Gm6D/cRxJg +MHPaU7HpeZL5r7rJwNfUt/c/cuQ5C8CadgTgDd1NW50uEUoJh3QGE2K3Jq+0wG9h +sk72lnVzH0bnMbJDXEV1btrs2qnnSots74+8F24gQb9PRQliuk50LGNddgrGoSgB +b9eaBl7cgcy7T1XUv4I+aEW+sfa8bGBffIF2nk3oCrkW9Sbdeh8qSE9uthewpGvK +WxBhCn6zUryHmt5ppiC6JrHJridCSu4RNbYL2umAM4DNh4lE5rBvFrCHaqet7hdy +wheQGRQnRzNru5alCxfNWXXuOp9naFmF5RFDWvSXukn8qfxzRcjMhvNS+z21O9nK +LPRaX9AICLGC+1C++Ka4pjVJVT/WhElXVap313Oj/Rc6KvRCdGpqMLVxPIrPFvbj +vzNFa/YEU3RK/wjO6/kQPtlcfwMzZFkDHMWiYMCUoi6Dpvze/mKSTA9G9lmc+/BF +sgqLZM7yltTmiGKQUDSlUOs08ZmPw1+HSOu2DZKWQ+2XoHSMih5ezu7GZ0xvUt4T +BHV95sRDCAvUywGTIPhx5xa+gICVeL97DOUCS+Y+WJYmeSlZ5r+dyg2V7+CX+qjr +ENMpouV8bIMpN05qXez8MuO4vJdDDsjqxq+y5kwN/ugb+DOq5okeRIaWRPWdyceT +NCayiE+5nnfdPMQAAJqZ/LGSx09fyamJqhcG3RJosFfrVPjj7aASUWi1BFjxIe1L +3fFSU9UDh9hfJczZx+hNKb56vhgrO+DaIbDMNMQqh6C2zdCirBT6M1NXhWvHKjkj +/MNyLBwnCWTUZ7gufn/0MAr1DaeoE6TzcwDCpW6ntXF9tG7L4DVbA8Cqy+M0HnQL +Pi2BCh4KrRiV1G4N8xDDCQw6IkfKRGGO6wCJ1HTnA2xmKqCzE2Ul8S/3+aEEpRNT +3FrcrEi+nzAkzBBkPcHaxayx3mR00Wv/mwcI7SoYKKfuidESQy+VBAHqekTmSELw +YRTdrXTKNWYlyms7pKMOgdqZAhFVOYxKBVaiuUeOGtvCNZ2qf7TOG/pT3nqTAbAg +UeP7kvf2BaYlKoFog3uvRypcWLomQqY6hwvWW7IwquHwxeFdCHHeNrr9CoBrF2lz +Z162/inTRzSbUhjumhLGEiJSzZyrEErjBjF5jE07TioEgmnXyCFWoc4nBnZ2+KXb +J7/QWMsCJwb/CsvQxegd8X6SwLDfH/28py+UAqSTi/HA2GY/68Q3PQ17V7fyg5l0 +h6FShhYOKmForUNwqn2TwGPH+0swtOU2fKFq0NMHPSvta6U0wpaRZMCojw8AV3y+ +lUdKesz2siioxfeIxhD1Rm1KZ5p1N/FgyAEu6wpWj8okQjxRiGe+GQLheQpsL/ZW +HsljSq73o9v/F7xNE9xqIxEGnUDYIAQCX47CiQOTTR9Lz6N/t36Eew1+KjiI4Xda +VCu207ipFQPpNkvc13z2NWC/4NeRQg82LCYep4y+ZblcyqLqvMwOhJro2Kxoe1e1 +rv1Mwzd0ShUosb/2CChCRdirLJFXaXzm+PzBZoCyJEWcSxi56By58jh6H+XeUxCj +0fl7eXLHb4sv8kf7P0KJGCxNY7ik3TLJjncsA9gLmFAeRcYWKq5SuSEW3DmfDSXZ +CC1pSsvFBvV60ZFm2r96xqFHKFHOb15qm9DBXphr870nZQB7+QgRwp+jd+xdXUDS +PelVGau5uoRN2tFPNvoeGyww9lkuNAJWK4U+LdLwHsQOUIKTf1rgwz5C077omOh4 +3u+3zMTCMRDNhiJb3g== +-----END ENCRYPTED PRIVATE KEY----- From 8d7d1ea9f6df2b26eedfa699cd85b1d3aea054ba Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Thu, 1 Feb 2018 14:03:36 +0800 Subject: [PATCH 0688/1059] tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1 Extend the pkparse test suite with the newly created keys encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being SHA224, 256, 384 and 512. Signed-off-by: Antonio Quartulli --- tests/suites/test_suite_pkparse.data | 576 +++++++++++++++++++++++++++ 1 file changed, 576 insertions(+) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 416f9dfe44..1bf0627048 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -362,6 +362,582 @@ Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0 + +Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0 + +Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 + +Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0 + +Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0 + +Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 + +Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0 + +Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0 + +Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 + +Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0 + +Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0 + +Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 + +Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #62.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #62.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #63 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #63.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #63.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTest":0 + +Parse RSA Key #65.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #65.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #66 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTest":0 + +Parse RSA Key #66.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #66.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0 + +Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #69.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #69.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #70 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #70.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #70.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0 + +Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTest":0 + +Parse RSA Key #72.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #72.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #73 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTest":0 + +Parse RSA Key #73.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #73.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0 + +Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTest":0 + +Parse RSA Key #88.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #88.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #89 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTest":0 + +Parse RSA Key #89.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #89.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0 + +Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTest":0 + +Parse RSA Key #91.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #91.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #92 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTest":0 + +Parse RSA Key #92.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #92.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0 + +Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTest":0 + +Parse RSA Key #94.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #94.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #95 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTest":0 + +Parse RSA Key #95.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #95.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0 + +Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTest":0 + +Parse RSA Key #97.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #97.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #98 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTest":0 + +Parse RSA Key #98.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #98.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0 + +Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0 From 129f50838bf14f4e1319f06f41c827fae9cc4b73 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 8 Feb 2018 14:25:36 +0000 Subject: [PATCH 0689/1059] dhm: Fix typo in RFC 5114 constants We accidentally named the constant MBEDTLS_DHM_RFC5114_MODP_P instead of MBEDTLS_DHM_RFC5114_MODP_2048_P. Fixes #1358 --- include/mbedtls/dhm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index da2e66b111..00fafd8d16 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -372,7 +372,7 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t; * in RFC-5114: Additional Diffie-Hellman Groups for Use with * IETF Standards. */ -#define MBEDTLS_DHM_RFC5114_MODP_P \ +#define MBEDTLS_DHM_RFC5114_MODP_2048_P \ MBEDTLS_DEPRECATED_STRING_CONSTANT( \ "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \ "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \ From 8d6d8c84b1387b2ff8f3650652334dc0f33d35d0 Mon Sep 17 00:00:00 2001 From: Paul Sokolovsky Date: Sat, 10 Feb 2018 11:11:41 +0200 Subject: [PATCH 0690/1059] ctr_drbg: Typo fix in the file description comment. Signed-off-by: Paul Sokolovsky --- library/ctr_drbg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index c2310cb579..ff532a0134 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -19,7 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ /* - * The NIST SP 800-90 DRBGs are described in the following publucation. + * The NIST SP 800-90 DRBGs are described in the following publication. * * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf */ From 5daa76537a848dea1b7771cde0bdd2fcbabaa2df Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 Feb 2018 14:10:24 +0100 Subject: [PATCH 0691/1059] Add ChangeLog entry for PR #1165 --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db0215914..c9075b789a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.7.x branch released 2018-xx-xx + +Changes + * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. + = mbed TLS 2.7.0 branch released 2018-02-03 Security From 27b0754501b2a78964bdb1d1b1be90419590f9da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 Feb 2018 14:07:48 +0100 Subject: [PATCH 0692/1059] Add ChangeLog entries for PR #1168 and #1362 --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db0215914..f3e1cfc4ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.7.x branch released 2018-xx-xx + +Bugfix + * Fix the name of a DHE parameter that was accidentally changed in 2.7.0. + Fixes #1358. + +Changes + * Fix tag lengths and value ranges in the documentation of CCM encryption. + Contributed by Mathieu Briand. + = mbed TLS 2.7.0 branch released 2018-02-03 Security From 2235bd677a9f4a2e2a81d154a9933d3c6aeedc82 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 Feb 2018 15:47:46 +0100 Subject: [PATCH 0693/1059] Style fix in ChangeLog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ab1ed29231..d77e284cc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -113,7 +113,7 @@ Changes * Only run AES-192 self-test if AES-192 is available. Fixes #963. * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. - * Removed support for the library reference configuration for picocoin. + * Remove support for the library reference configuration for picocoin. = mbed TLS 2.6.0 branch released 2017-08-10 From 1d80a67869810d5cc07d9d2f55625cf3cc1378d4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 Feb 2018 11:33:30 +0100 Subject: [PATCH 0694/1059] Note in the changelog that this fixes an interoperability issue. Fixes #1339 --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4189089d22..01e2a73866 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Extend PKCS#8 interface by introducing support for the entire SHA algorithms family when encrypting private keys using PKCS#5 v2.0. - Submitted by Antonio Quartulli, OpenVPN Inc. + This allows reading encrypted PEM files produced by software that + uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli, + OpenVPN Inc. Fixes #1339 = mbed TLS 2.7.0 branch released 2018-02-03 From 3dabd6a145fc8807a8c02de60d5fe876faa01a56 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 Feb 2018 17:19:41 +0100 Subject: [PATCH 0695/1059] Add issue number to ChangeLog Resolves #1122 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2f17367137..14e09825be 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Allow comments in test data files. - * Add support for public keys encoded in PKCS#1 format. + * Add support for public keys encoded in PKCS#1 format. #1122 Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. From 200b24fdf8a9d686e46e3e4d2d87638fd84303df Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Feb 2018 16:40:11 +0100 Subject: [PATCH 0696/1059] Mention in ChangeLog that this fixes #1351 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 5945b7eae2..1838ccf12b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. - In the context of SSL, this resulted in handshake failure. + In the context of SSL, this resulted in handshake failure. #1351 = mbed TLS 2.7.0 branch released 2018-02-03 From 5fa987647ad08367253daf5c28df40184407b626 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 20 Feb 2018 10:03:59 +0100 Subject: [PATCH 0697/1059] Have Visual Studio handle linking to mbedTLS.lib internally Fixes #1347 --- visualc/VS2010/aescrypt2.vcxproj | 7 ++++--- visualc/VS2010/benchmark.vcxproj | 7 ++++--- visualc/VS2010/cert_app.vcxproj | 7 ++++--- visualc/VS2010/cert_req.vcxproj | 7 ++++--- visualc/VS2010/cert_write.vcxproj | 7 ++++--- visualc/VS2010/crl_app.vcxproj | 7 ++++--- visualc/VS2010/crypt_and_hash.vcxproj | 7 ++++--- visualc/VS2010/dh_client.vcxproj | 7 ++++--- visualc/VS2010/dh_genprime.vcxproj | 7 ++++--- visualc/VS2010/dh_server.vcxproj | 7 ++++--- visualc/VS2010/dtls_client.vcxproj | 7 ++++--- visualc/VS2010/dtls_server.vcxproj | 7 ++++--- visualc/VS2010/ecdh_curve25519.vcxproj | 7 ++++--- visualc/VS2010/ecdsa.vcxproj | 7 ++++--- visualc/VS2010/gen_entropy.vcxproj | 7 ++++--- visualc/VS2010/gen_key.vcxproj | 7 ++++--- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 7 ++++--- visualc/VS2010/gen_random_havege.vcxproj | 7 ++++--- visualc/VS2010/generic_sum.vcxproj | 7 ++++--- visualc/VS2010/hello.vcxproj | 7 ++++--- visualc/VS2010/key_app.vcxproj | 7 ++++--- visualc/VS2010/key_app_writer.vcxproj | 7 ++++--- visualc/VS2010/md5sum.vcxproj | 7 ++++--- visualc/VS2010/mini_client.vcxproj | 7 ++++--- visualc/VS2010/mpi_demo.vcxproj | 7 ++++--- visualc/VS2010/pem2der.vcxproj | 7 ++++--- visualc/VS2010/pk_decrypt.vcxproj | 7 ++++--- visualc/VS2010/pk_encrypt.vcxproj | 7 ++++--- visualc/VS2010/pk_sign.vcxproj | 7 ++++--- visualc/VS2010/pk_verify.vcxproj | 7 ++++--- visualc/VS2010/req_app.vcxproj | 7 ++++--- visualc/VS2010/rsa_decrypt.vcxproj | 7 ++++--- visualc/VS2010/rsa_encrypt.vcxproj | 7 ++++--- visualc/VS2010/rsa_genkey.vcxproj | 7 ++++--- visualc/VS2010/rsa_sign.vcxproj | 7 ++++--- visualc/VS2010/rsa_sign_pss.vcxproj | 7 ++++--- visualc/VS2010/rsa_verify.vcxproj | 7 ++++--- visualc/VS2010/rsa_verify_pss.vcxproj | 7 ++++--- visualc/VS2010/selftest.vcxproj | 7 ++++--- visualc/VS2010/sha1sum.vcxproj | 7 ++++--- visualc/VS2010/sha2sum.vcxproj | 7 ++++--- visualc/VS2010/ssl_cert_test.vcxproj | 7 ++++--- visualc/VS2010/ssl_client1.vcxproj | 7 ++++--- visualc/VS2010/ssl_client2.vcxproj | 7 ++++--- visualc/VS2010/ssl_fork_server.vcxproj | 7 ++++--- visualc/VS2010/ssl_mail_client.vcxproj | 7 ++++--- visualc/VS2010/ssl_server.vcxproj | 7 ++++--- visualc/VS2010/ssl_server2.vcxproj | 7 ++++--- visualc/VS2010/strerror.vcxproj | 7 ++++--- visualc/VS2010/udp_proxy.vcxproj | 7 ++++--- 50 files changed, 200 insertions(+), 150 deletions(-) diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index 644ef751b3..db387f979e 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index 2655c657c1..934c844388 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index e73b5eb2a9..fef0efe6d3 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index d378271df5..7d8694bfe2 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index 39a3239fc2..8891d8aefa 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index d4055982e6..c51caef540 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index 35d4a7b9b8..99199d965f 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index 4774caed85..b2fae8093d 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index ae8754c0b9..d9c19009a9 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index ee219971dd..6f87cb8b05 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj index 4b55587f2c..60715fe298 100644 --- a/visualc/VS2010/dtls_client.vcxproj +++ b/visualc/VS2010/dtls_client.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj index 114412d373..8789d7feab 100644 --- a/visualc/VS2010/dtls_server.vcxproj +++ b/visualc/VS2010/dtls_server.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj index 092be1714f..1120111f19 100644 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 786b838d57..3718c9f272 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index 00905666d8..4c57655b27 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index c7ee53f57c..a07e1aacc3 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index 78da2dfcb1..11740c448b 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 7e638e3c54..01253ceefb 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index b6438610a3..0f2ecb43ca 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index e0692d9e25..c986b07bed 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index 47e1b29367..f96a0b052b 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index c434baeb6c..0e4af3a589 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/md5sum.vcxproj b/visualc/VS2010/md5sum.vcxproj index 02fae33d12..6f20e57e74 100644 --- a/visualc/VS2010/md5sum.vcxproj +++ b/visualc/VS2010/md5sum.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -96,7 +97,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -116,7 +117,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -140,7 +141,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index 4dbeb9d623..b5567bdfe5 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index dfb68eb9c1..d68bc75b37 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 3823107e84..507c79a4d9 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 9b689bf8f5..5ccaf4f1e9 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index c58c1d9543..d5ef208d8e 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index 4b22d3e214..d21f17a414 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 6d9654c6ab..637ddd6f5e 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 5c6870ce1f..3ffcea5944 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index fb3f4441c7..9e1d0a20ea 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 779c020cdc..c3b03716c9 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index 756b597b45..e6b5060000 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index cf15c70450..c1147c3c2f 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index 67246d12fe..adfee6d9cf 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index 8aa85cb3f8..bb44b4f9df 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index a046fe2127..7781aa51aa 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index ae85181b09..12ff76d70f 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/sha1sum.vcxproj b/visualc/VS2010/sha1sum.vcxproj index f0b927d659..2c3674b45f 100644 --- a/visualc/VS2010/sha1sum.vcxproj +++ b/visualc/VS2010/sha1sum.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -96,7 +97,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -116,7 +117,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -140,7 +141,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/sha2sum.vcxproj b/visualc/VS2010/sha2sum.vcxproj index 030bebbf9e..b1afb674d7 100644 --- a/visualc/VS2010/sha2sum.vcxproj +++ b/visualc/VS2010/sha2sum.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -96,7 +97,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -116,7 +117,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -140,7 +141,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_cert_test.vcxproj b/visualc/VS2010/ssl_cert_test.vcxproj index 158f2366ae..b8f014e367 100644 --- a/visualc/VS2010/ssl_cert_test.vcxproj +++ b/visualc/VS2010/ssl_cert_test.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index 390593085d..4ac158224a 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index 4fcb6adb70..1d44fa783c 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index 389097684d..922a9953ee 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index e85cfcbf81..a9b01d0d56 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index cf2b258aa2..ae28e1839a 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index 5cac05ef99..d06e0628ef 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 927942ffea..d7ec570d63 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj index e1135b9c78..30ae55e999 100644 --- a/visualc/VS2010/udp_proxy.vcxproj +++ b/visualc/VS2010/udp_proxy.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) From c5d08f8ea53d1f793c3a209ebe374f3b33ae3a96 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 21 Feb 2018 13:32:39 +0000 Subject: [PATCH 0698/1059] Add ChangeLog entry for PR #1384 --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 708ecad7e8..f44bbeddbf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,7 @@ Bugfix * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. In the context of SSL, this resulted in handshake failure. #1351 + * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 8db3efbc76243971adcae0d5abe439bc3af931f9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Feb 2018 19:16:20 +0100 Subject: [PATCH 0699/1059] Add missing MBEDTLS_DEPRECATED_REMOVED guards Add missing MBEDTLS_DEPRECATED_REMOVED guards around the definitions of mbedtls_aes_decrypt and mbedtls_aes_encrypt. This fixes the build under -Wmissing-prototypes -Werror. Fixes #1388 --- ChangeLog | 2 ++ library/aes.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5f49c0beb7..9a61ec31dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Bugfix * Fix the name of a DHE parameter that was accidentally changed in 2.7.0. Fixes #1358. * Fix test_suite_pk to work on 64-bit ILP32 systems. #849 + * Don't define mbedtls_aes_decrypt and mbedtls_aes_encrypt under + MBEDTLS_DEPRECATED_REMOVED. #1388 Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. diff --git a/library/aes.c b/library/aes.c index dba4a5f578..3d2eac82dd 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,12 +765,14 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { mbedtls_internal_aes_encrypt( ctx, input, output ); } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /* * AES-ECB block decryption @@ -831,12 +833,14 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { mbedtls_internal_aes_decrypt( ctx, input, output ); } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /* * AES-ECB block encryption/decryption From 041039f81e61191581f5112bb8e9d27a95d3d873 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Mon, 19 Feb 2018 15:28:08 +0000 Subject: [PATCH 0700/1059] MD: Make deprecated functions not inline In 2.7.0, we replaced a number of MD functions with deprecated inline versions. This causes ABI compatibility issues, as the functions are no longer guaranteed to be callable when built into a shared library. Instead, deprecate the functions without also inlining them, to help maintain ABI backwards compatibility. --- include/mbedtls/md2.h | 44 ++++++++------------------------ include/mbedtls/md4.h | 46 ++++++++-------------------------- include/mbedtls/md5.h | 46 ++++++++-------------------------- include/mbedtls/ripemd160.h | 43 ++++++++----------------------- include/mbedtls/sha1.h | 46 ++++++++-------------------------- include/mbedtls/sha256.h | 50 ++++++++++--------------------------- include/mbedtls/sha512.h | 49 ++++++++++-------------------------- library/md2.c | 40 +++++++++++++++++++++++++++++ library/md4.c | 41 ++++++++++++++++++++++++++++++ library/md5.c | 41 ++++++++++++++++++++++++++++++ library/ripemd160.c | 41 ++++++++++++++++++++++++++++++ library/sha1.c | 41 ++++++++++++++++++++++++++++++ library/sha256.c | 43 +++++++++++++++++++++++++++++++ library/sha512.c | 43 +++++++++++++++++++++++++++++++ 14 files changed, 370 insertions(+), 244 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 2ff3f171a3..0fd8b5afcc 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -39,11 +39,6 @@ #define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if !defined(MBEDTLS_MD2_ALT) // Regular implementation // @@ -187,11 +182,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( - mbedtls_md2_context *ctx ) -{ - mbedtls_md2_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx ); /** * \brief MD2 process buffer @@ -207,13 +198,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( - mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md2_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD2 final digest @@ -228,12 +215,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( - mbedtls_md2_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md2_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx, + unsigned char output[16] ); /** * \brief MD2 process data block (internal use only) @@ -247,11 +230,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2_process( - mbedtls_md2_context *ctx ) -{ - mbedtls_internal_md2_process( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -304,12 +283,9 @@ int mbedtls_md2_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md2_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index a2ab57f078..23fa95e46a 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -40,11 +40,6 @@ #define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if !defined(MBEDTLS_MD4_ALT) // Regular implementation // @@ -188,11 +183,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( - mbedtls_md4_context *ctx ) -{ - mbedtls_md4_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx ); /** * \brief MD4 process buffer @@ -208,13 +199,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( - mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md4_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD4 final digest @@ -229,12 +216,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( - mbedtls_md4_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md4_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx, + unsigned char output[16] ); /** * \brief MD4 process data block (internal use only) @@ -249,12 +232,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4_process( - mbedtls_md4_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_md4_process( ctx, data ); -} +MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -309,12 +288,9 @@ int mbedtls_md4_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md4_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index d49391f811..06ea4c5d44 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -43,11 +43,6 @@ // Regular implementation // -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #ifdef __cplusplus extern "C" { #endif @@ -188,11 +183,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( - mbedtls_md5_context *ctx ) -{ - mbedtls_md5_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx ); /** * \brief MD5 process buffer @@ -208,13 +199,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( - mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md5_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD5 final digest @@ -229,12 +216,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( - mbedtls_md5_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md5_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx, + unsigned char output[16] ); /** * \brief MD5 process data block (internal use only) @@ -249,12 +232,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5_process( - mbedtls_md5_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_md5_process( ctx, data ); -} +MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -309,12 +288,9 @@ int mbedtls_md5_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md5_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index c21868b185..3a8b50a621 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -35,11 +35,6 @@ #define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if !defined(MBEDTLS_RIPEMD160_ALT) // Regular implementation // @@ -139,11 +134,8 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, * * \param ctx context to be initialized */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( - mbedtls_ripemd160_context *ctx ) -{ - mbedtls_ripemd160_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts( + mbedtls_ripemd160_context *ctx ); /** * \brief RIPEMD-160 process buffer @@ -154,13 +146,10 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( * \param input buffer holding the data * \param ilen length of the input data */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( +MBEDTLS_DEPRECATED void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, const unsigned char *input, - size_t ilen ) -{ - mbedtls_ripemd160_update_ret( ctx, input, ilen ); -} + size_t ilen ); /** * \brief RIPEMD-160 final digest @@ -170,12 +159,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( * \param ctx RIPEMD-160 context * \param output RIPEMD-160 checksum result */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( +MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ) -{ - mbedtls_ripemd160_finish_ret( ctx, output ); -} + unsigned char output[20] ); /** * \brief RIPEMD-160 process data block (internal use only) @@ -185,12 +171,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( * \param ctx RIPEMD-160 context * \param data buffer holding one block of data */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process( +MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_ripemd160_process( ctx, data ); -} + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -235,13 +218,9 @@ int mbedtls_ripemd160_ret( const unsigned char *input, * \param ilen length of the input data * \param output RIPEMD-160 checksum result */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160( - const unsigned char *input, - size_t ilen, - unsigned char output[20] ) -{ - mbedtls_ripemd160_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index e4f8650216..05540cde12 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -39,11 +39,6 @@ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if !defined(MBEDTLS_SHA1_ALT) // Regular implementation // @@ -190,11 +185,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( - mbedtls_sha1_context *ctx ) -{ - mbedtls_sha1_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); /** * \brief SHA-1 process buffer @@ -210,13 +201,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( - mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha1_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-1 final digest @@ -231,12 +218,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( - mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ - mbedtls_sha1_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, + unsigned char output[20] ); /** * \brief SHA-1 process data block (internal use only) @@ -251,12 +234,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process( - mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha1_process( ctx, data ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -317,12 +296,9 @@ int mbedtls_sha1_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) -{ - mbedtls_sha1_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index a2b6e11644..ffb16c277a 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -35,10 +35,6 @@ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif #if !defined(MBEDTLS_SHA256_ALT) // Regular implementation // @@ -156,12 +152,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, *
  • 0: Use SHA-256.
    • *
  • 1: Use SHA-224.
*/ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( - mbedtls_sha256_context *ctx, - int is224 ) -{ - mbedtls_sha256_starts_ret( ctx, is224 ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, + int is224 ); /** * \brief This function feeds an input buffer into an ongoing @@ -173,13 +165,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( * \param input The buffer holding the data. * \param ilen The length of the input data. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( - mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha256_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the SHA-256 operation, and writes @@ -190,12 +178,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( * \param ctx The SHA-256 context. * \param output The SHA-224or SHA-256 checksum result. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( - mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ - mbedtls_sha256_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, + unsigned char output[32] ); /** * \brief This function processes a single data block within @@ -207,12 +191,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( * \param ctx The SHA-256 context. * \param data The buffer holding one block of data. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( - mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha256_process( ctx, data ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -276,14 +256,10 @@ int mbedtls_sha256_ret( const unsigned char *input, *
  • 0: Use SHA-256.
    • *
  • 1: Use SHA-224.
*/ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256( - const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ) -{ - mbedtls_sha256_ret( input, ilen, output, is224 ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 52ae204d44..8404a2d599 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -35,10 +35,6 @@ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif #if !defined(MBEDTLS_SHA512_ALT) // Regular implementation // @@ -156,12 +152,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, *
  • 0: Use SHA-512.
    • *
  • 1: Use SHA-384.
*/ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( - mbedtls_sha512_context *ctx, - int is384 ) -{ - mbedtls_sha512_starts_ret( ctx, is384 ); -} +MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, + int is384 ); /** * \brief This function feeds an input buffer into an ongoing @@ -173,13 +165,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( * \param input The buffer holding the data. * \param ilen The length of the input data. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( - mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha512_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the SHA-512 operation, and writes @@ -190,12 +178,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( * \param ctx The SHA-512 context. * \param output The SHA-384 or SHA-512 checksum result. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( - mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ - mbedtls_sha512_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, + unsigned char output[64] ); /** * \brief This function processes a single data block within @@ -207,12 +191,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( * \param ctx The SHA-512 context. * \param data The buffer holding one block of data. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process( +MBEDTLS_DEPRECATED void mbedtls_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ - mbedtls_internal_sha512_process( ctx, data ); -} + const unsigned char data[128] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -278,14 +259,10 @@ int mbedtls_sha512_ret( const unsigned char *input, *
  • 0: Use SHA-512.
    • *
  • 1: Use SHA-384.
*/ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512( - const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ) -{ - mbedtls_sha512_ret( input, ilen, output, is384 ); -} +MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/md2.c b/library/md2.c index 5028e8c586..b88aa406af 100644 --- a/library/md2.c +++ b/library/md2.c @@ -115,6 +115,13 @@ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ) return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2_starts( mbedtls_md2_context *ctx ) +{ + mbedtls_md2_starts_ret( ctx ); +} +#endif + #if !defined(MBEDTLS_MD2_PROCESS_ALT) int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) { @@ -151,6 +158,13 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) return( 0 ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2_process( mbedtls_md2_context *ctx ) +{ + mbedtls_internal_md2_process( ctx ); +} +#endif #endif /* !MBEDTLS_MD2_PROCESS_ALT */ /* @@ -187,6 +201,15 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2_update( mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md2_update_ret( ctx, input, ilen ); +} +#endif + /* * MD2 final digest */ @@ -214,6 +237,14 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2_finish( mbedtls_md2_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md2_finish_ret( ctx, output ); +} +#endif + #endif /* !MBEDTLS_MD2_ALT */ /* @@ -243,6 +274,15 @@ exit: return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md2( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md2_ret( input, ilen, output ); +} +#endif + #if defined(MBEDTLS_SELF_TEST) /* diff --git a/library/md4.c b/library/md4.c index 34a4b0e24e..ba704f58e8 100644 --- a/library/md4.c +++ b/library/md4.c @@ -111,6 +111,13 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4_starts( mbedtls_md4_context *ctx ) +{ + mbedtls_md4_starts_ret( ctx ); +} +#endif + #if !defined(MBEDTLS_MD4_PROCESS_ALT) int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ) @@ -217,6 +224,14 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, return( 0 ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4_process( mbedtls_md4_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_internal_md4_process( ctx, data ); +} +#endif #endif /* !MBEDTLS_MD4_PROCESS_ALT */ /* @@ -273,6 +288,15 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4_update( mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md4_update_ret( ctx, input, ilen ); +} +#endif + static const unsigned char md4_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -318,6 +342,14 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4_finish( mbedtls_md4_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md4_finish_ret( ctx, output ); +} +#endif + #endif /* !MBEDTLS_MD4_ALT */ /* @@ -347,6 +379,15 @@ exit: return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md4( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md4_ret( input, ilen, output ); +} +#endif + #if defined(MBEDTLS_SELF_TEST) /* diff --git a/library/md5.c b/library/md5.c index 8872dc467d..8440ebffcf 100644 --- a/library/md5.c +++ b/library/md5.c @@ -110,6 +110,13 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5_starts( mbedtls_md5_context *ctx ) +{ + mbedtls_md5_starts_ret( ctx ); +} +#endif + #if !defined(MBEDTLS_MD5_PROCESS_ALT) int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) @@ -236,6 +243,14 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, return( 0 ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5_process( mbedtls_md5_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_internal_md5_process( ctx, data ); +} +#endif #endif /* !MBEDTLS_MD5_PROCESS_ALT */ /* @@ -289,6 +304,15 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5_update( mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md5_update_ret( ctx, input, ilen ); +} +#endif + static const unsigned char md5_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -332,6 +356,14 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5_finish( mbedtls_md5_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md5_finish_ret( ctx, output ); +} +#endif + #endif /* !MBEDTLS_MD5_ALT */ /* @@ -361,6 +393,15 @@ exit: return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_md5( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md5_ret( input, ilen, output ); +} +#endif + #if defined(MBEDTLS_SELF_TEST) /* * RFC 1321 test vectors diff --git a/library/ripemd160.c b/library/ripemd160.c index b85b117c6a..2ba48b7fdb 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -112,6 +112,13 @@ int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ) return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) +{ + mbedtls_ripemd160_starts_ret( ctx ); +} +#endif + #if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT) /* * Process one block @@ -295,6 +302,14 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, return( 0 ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_internal_ripemd160_process( ctx, data ); +} +#endif #endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */ /* @@ -349,6 +364,15 @@ int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_ripemd160_update_ret( ctx, input, ilen ); +} +#endif + static const unsigned char ripemd160_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -395,6 +419,14 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, + unsigned char output[20] ) +{ + mbedtls_ripemd160_finish_ret( ctx, output ); +} +#endif + #endif /* ! MBEDTLS_RIPEMD160_ALT */ /* @@ -424,6 +456,15 @@ exit: return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_ripemd160( const unsigned char *input, + size_t ilen, + unsigned char output[20] ) +{ + mbedtls_ripemd160_ret( input, ilen, output ); +} +#endif + #if defined(MBEDTLS_SELF_TEST) /* * Test vectors from the RIPEMD-160 paper and diff --git a/library/sha1.c b/library/sha1.c index 8432eba8bd..1f29a0fbf8 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -111,6 +111,13 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) +{ + mbedtls_sha1_starts_ret( ctx ); +} +#endif + #if !defined(MBEDTLS_SHA1_PROCESS_ALT) int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) @@ -270,6 +277,14 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, return( 0 ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_internal_sha1_process( ctx, data ); +} +#endif #endif /* !MBEDTLS_SHA1_PROCESS_ALT */ /* @@ -322,6 +337,15 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha1_update( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha1_update_ret( ctx, input, ilen ); +} +#endif + static const unsigned char sha1_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -365,6 +389,14 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, + unsigned char output[20] ) +{ + mbedtls_sha1_finish_ret( ctx, output ); +} +#endif + #endif /* !MBEDTLS_SHA1_ALT */ /* @@ -394,6 +426,15 @@ exit: return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha1( const unsigned char *input, + size_t ilen, + unsigned char output[20] ) +{ + mbedtls_sha1_ret( input, ilen, output ); +} +#endif + #if defined(MBEDTLS_SELF_TEST) /* * FIPS-180-1 test vectors diff --git a/library/sha256.c b/library/sha256.c index abcd64d134..f39bcbab6c 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -135,6 +135,14 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, + int is224 ) +{ + mbedtls_sha256_starts_ret( ctx, is224 ); +} +#endif + #if !defined(MBEDTLS_SHA256_PROCESS_ALT) static const uint32_t K[] = { @@ -238,6 +246,14 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, return( 0 ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha256_process( mbedtls_sha256_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_internal_sha256_process( ctx, data ); +} +#endif #endif /* !MBEDTLS_SHA256_PROCESS_ALT */ /* @@ -290,6 +306,15 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha256_update( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha256_update_ret( ctx, input, ilen ); +} +#endif + static const unsigned char sha256_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -339,6 +364,14 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, + unsigned char output[32] ) +{ + mbedtls_sha256_finish_ret( ctx, output ); +} +#endif + #endif /* !MBEDTLS_SHA256_ALT */ /* @@ -369,6 +402,16 @@ exit: return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha256( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ) +{ + mbedtls_sha256_ret( input, ilen, output, is224 ); +} +#endif + #if defined(MBEDTLS_SELF_TEST) /* * FIPS-180-2 test vectors diff --git a/library/sha512.c b/library/sha512.c index c99b6da950..97cee07c56 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -149,6 +149,14 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, + int is384 ) +{ + mbedtls_sha512_starts_ret( ctx, is384 ); +} +#endif + #if !defined(MBEDTLS_SHA512_PROCESS_ALT) /* @@ -269,6 +277,14 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, return( 0 ); } + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha512_process( mbedtls_sha512_context *ctx, + const unsigned char data[128] ) +{ + mbedtls_internal_sha512_process( ctx, data ); +} +#endif #endif /* !MBEDTLS_SHA512_PROCESS_ALT */ /* @@ -320,6 +336,15 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha512_update( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha512_update_ret( ctx, input, ilen ); +} +#endif + static const unsigned char sha512_padding[128] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -375,6 +400,14 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, return( 0 ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, + unsigned char output[64] ) +{ + mbedtls_sha512_finish_ret( ctx, output ); +} +#endif + #endif /* !MBEDTLS_SHA512_ALT */ /* @@ -405,6 +438,16 @@ exit: return( ret ); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +void mbedtls_sha512( const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ) +{ + mbedtls_sha512_ret( input, ilen, output, is384 ); +} +#endif + #if defined(MBEDTLS_SELF_TEST) /* From bb2565cf1229ee3bda2963b9e309c4a2aaf64d22 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Feb 2018 17:59:40 +0100 Subject: [PATCH 0701/1059] Add ChangeLog entry for PR #1382 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 708ecad7e8..d87782464c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ Changes Contributed by Mathieu Briand. * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. * Remove support for the library reference configuration for picocoin. + * MD functions deprecated in 2.7.0 are no longer inline, to provide + a migration path for those depending on the library's ABI. = mbed TLS 2.7.0 branch released 2018-02-03 From 0cb770973c734d51a78b0ae85c48279704107b09 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 22 Feb 2018 12:11:15 +0000 Subject: [PATCH 0702/1059] Add LinkLibraryDependencies to VS2010 app template Add mbedTLS.vcxproj to the VS2010 application template so that the next time we auto-generate the application project files, the LinkLibraryDependencies for mbedTLS.vcxproj are maintained. Fixes #1347 --- scripts/data_files/vs2010-app-template.vcxproj | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index 806130a10a..de18f9d85d 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -24,6 +24,7 @@ {46cf2d25-6a36-4189-b59c-e4815388e554} + true @@ -100,7 +101,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -120,7 +121,7 @@ Console true NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -144,7 +145,7 @@ true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies);mbedTLS.lib + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) From 4bbaeb4ffafb57ca8e7901995ae274b05be4572b Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 22 Feb 2018 04:29:04 -0800 Subject: [PATCH 0703/1059] Add guard to out_left to avoid negative values return error when f_send return a value greater than out_left --- ChangeLog | 2 ++ library/ssl_tls.c | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index 708ecad7e8..d82600c074 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ Changes Contributed by Mathieu Briand. * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. * Remove support for the library reference configuration for picocoin. + * Add guard to validate that out_left can not be negative. Raised by + samoconnor in #1245. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 617dedb1b0..1de5eaab69 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2469,6 +2469,12 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); + if( (size_t)ret > ssl->out_left ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned value greater than out left size" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + ssl->out_left -= ret; } From 04f9bd028f7c687888f339dcd7b895315a460c03 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Feb 2018 15:22:44 +0100 Subject: [PATCH 0704/1059] Note incompatibility of truncated HMAC extension in ChangeLog The change in the truncated HMAC extension aligns Mbed TLS with the standard, but breaks interoperability with previous versions. Indicate this in the ChangeLog, as well as how to restore the old behavior. --- ChangeLog | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index a15bdd1532..635b509c35 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,19 +2,21 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Default behavior changes + * The truncated HMAC extension now conforms to RFC 6066. This means + that when both sides of a TLS connection negotiate the truncated + HMAC extension, Mbed TLS can now interoperate with other + compliant implementations, but this breaks interoperability with + prior versions of Mbed TLS. To restore the old behavior, enable + the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in + config.h. Found by Andreas Walz (ivESK, Offenburg University of + Applied Sciences). + Security - * Fix heap corruption in implementation of truncated HMAC extension. - When the truncated HMAC extension is enabled and CBC is used, - sending a malicious application packet can be used to selectively - corrupt 6 bytes on the peer's heap, potentially leading to crash or - remote code execution. This can be triggered remotely from either - side in both TLS and DTLS. - * Fix implementation of truncated HMAC extension leading to - compatibility problems with non Mbed TLS peers and allowing - an offline 2^80 brute force attack on the HMAC key of a single, - uninterrupted (excluding session resumption) connection. - Found by Andreas Walz (ivESK, Offenburg University of Applied - Sciences). + * Fix implementation of the truncated HMAC extension. The previous + implementation allowed an offline 2^80 brute force attack on the + HMAC key of a single, uninterrupted connection (with no + resumption of the session). Features * Allow comments in test data files. From e80cd463efcf8388dfa929affcfefa9b7f8e0218 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 22 Feb 2018 15:02:47 +0000 Subject: [PATCH 0705/1059] Adapt version_features.c --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index 5cbe8aca37..22e84b52e3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -435,6 +435,9 @@ static const char *features[] = { #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) "MBEDTLS_SSL_TRUNCATED_HMAC", #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) + "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT", +#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */ #if defined(MBEDTLS_THREADING_ALT) "MBEDTLS_THREADING_ALT", #endif /* MBEDTLS_THREADING_ALT */ From 060fe37496eba7703af6cd70ae3b8dfe50719ea0 Mon Sep 17 00:00:00 2001 From: ILUXONCHIK Date: Sun, 25 Feb 2018 20:59:09 +0000 Subject: [PATCH 0706/1059] fix typo in pem.c --- library/pem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pem.c b/library/pem.c index c09651f4a2..30ae35b7c4 100644 --- a/library/pem.c +++ b/library/pem.c @@ -403,7 +403,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases. * - * Use that as heurisitic to try detecting password mismatchs. + * Use that as a heuristic to try to detect password mismatches. */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { From 1bf6123fca97a9a35c2f403ab0c96495f9580db6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Feb 2018 08:37:52 +0100 Subject: [PATCH 0707/1059] Add attribution for #1351 report --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 13203a5cf8..68fb6f5e96 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,7 +32,8 @@ Bugfix * Fix test_suite_pk to work on 64-bit ILP32 systems. #849 * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. - In the context of SSL, this resulted in handshake failure. #1351 + In the context of SSL, this resulted in handshake failure. Reported by + daniel in the Mbed TLS forum. #1351 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 Changes From 41efbaabc9abe692c1ba1f3aa25d8e26f7765620 Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Thu, 30 Nov 2017 11:37:55 +0000 Subject: [PATCH 0708/1059] ARIA cipher implementation --- include/mbedtls/aria.h | 237 ++++++++++++++ library/aria.c | 706 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 943 insertions(+) create mode 100644 include/mbedtls/aria.h create mode 100644 library/aria.c diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h new file mode 100644 index 0000000000..fc8ca98d7b --- /dev/null +++ b/include/mbedtls/aria.h @@ -0,0 +1,237 @@ +/** + * \file aria.h + * + * \brief ARIA block cipher + * + * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_ARIA_H +#define MBEDTLS_ARIA_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include +#include + +#define MBEDTLS_ARIA_ENCRYPT 1 +#define MBEDTLS_ARIA_DECRYPT 0 + +#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ +#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ + +#if !defined(MBEDTLS_ARIA_ALT) +// Regular implementation +// + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief ARIA context structure + */ + +typedef struct +{ + int nr; // rounds: nr = 12, 14, or 16 + uint32_t rk[17][4]; // nr+1 round keys (+1 for final) +} +mbedtls_aria_context; + +/** + * \brief Initialize ARIA context + * + * \param ctx ARIA context to be initialized + */ +void mbedtls_aria_init( mbedtls_aria_context *ctx ); + +/** + * \brief Clear ARIA context + * + * \param ctx ARIA context to be cleared + */ +void mbedtls_aria_free( mbedtls_aria_context *ctx ); + +/** + * \brief ARIA key schedule (encryption) + * + * \param ctx ARIA context to be initialized + * \param key encryption key + * \param keybits must be 128, 192 or 256 + * + * \return 0 if successful, or MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + */ +int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, const unsigned char *key, + unsigned int keybits ); + +/** + * \brief ARIA key schedule (decryption) + * + * \param ctx ARIA context to be initialized + * \param key decryption key + * \param keybits must be 128, 192 or 256 + * + * \return 0 if successful, or MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + */ +int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key, + unsigned int keybits ); + +/** + * \brief ARIA-ECB block encryption/decryption + * + * \param ctx ARIA context + * \param mode MBEDTLS_ARIA_ENCRYPT or MBEDTLS_ARIA_DECRYPT + * \param input 16-byte input block + * \param output 16-byte output block + * + * \return 0 if successful + */ +int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16] ); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) +/** + * \brief ARIA-CBC buffer encryption/decryption + * Length should be a multiple of the block + * size (16 bytes) + * + * \note Upon exit, the content of the IV is updated so that you can + * call the function same function again on the following + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If on the other hand you need to retain the contents of the + * IV, you should either save it manually or use the cipher + * module instead. + * + * \param ctx ARIA context + * \param mode MBEDTLS_ARIA_ENCRYPT or MBEDTLS_ARIA_DECRYPT + * \param length length of the input data + * \param iv initialization vector (updated after use) + * \param input buffer holding the input data + * \param output buffer holding the output data + * + * \return 0 if successful, or + * MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + */ +int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) +/** + * \brief ARIA-CFB128 buffer encryption/decryption + * + * Note: Due to the nature of CFB you should use the same key schedule for + * both encryption and decryption. So a context initialized with + * mbedtls_aria_setkey_enc() for both MBEDTLS_ARIA_ENCRYPT and CAMELLIE_DECRYPT. + * + * \note Upon exit, the content of the IV is updated so that you can + * call the function same function again on the following + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If on the other hand you need to retain the contents of the + * IV, you should either save it manually or use the cipher + * module instead. + * + * \param ctx ARIA context + * \param mode MBEDTLS_ARIA_ENCRYPT or MBEDTLS_ARIA_DECRYPT + * \param length length of the input data + * \param iv_off offset in IV (updated after use) + * \param iv initialization vector (updated after use) + * \param input buffer holding the input data + * \param output buffer holding the output data + * + * \return 0 if successful, or + * MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + */ +int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) +/** + * \brief ARIA-CTR buffer encryption/decryption + * + * Warning: You have to keep the maximum use of your counter in mind! + * + * Note: Due to the nature of CTR you should use the same key schedule for + * both encryption and decryption. So a context initialized with + * mbedtls_aria_setkey_enc() for both MBEDTLS_ARIA_ENCRYPT and MBEDTLS_ARIA_DECRYPT. + * + * \param ctx ARIA context + * \param length The length of the data + * \param nc_off The offset in the current stream_block (for resuming + * within current cipher stream). The offset pointer to + * should be 0 at the start of a stream. + * \param nonce_counter The 128-bit nonce and counter. + * \param stream_block The saved stream-block for resuming. Is overwritten + * by the function. + * \param input The input data stream + * \param output The output data stream + * + * \return 0 if successful + */ +int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ); +#endif /* MBEDTLS_CIPHER_MODE_CTR */ + +#ifdef __cplusplus +} +#endif + +#else /* MBEDTLS_ARIA_ALT */ +#include "aria_alt.h" +#endif /* MBEDTLS_ARIA_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mbedtls_aria_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* aria.h */ diff --git a/library/aria.c b/library/aria.c new file mode 100644 index 0000000000..0eb22ecc8f --- /dev/null +++ b/library/aria.c @@ -0,0 +1,706 @@ +/* + * ARIA implementation + * + * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_ARIA_C) + +#include "mbedtls/aria.h" + +#include + +#if defined(MBEDTLS_SELF_TEST) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_printf printf +#endif /* MBEDTLS_PLATFORM_C */ +#endif /* MBEDTLS_SELF_TEST */ + +#if !defined(MBEDTLS_ARIA_ALT) + +// 32-bit integer manipulation macros (little endian) + +#ifndef GET_UINT32_LE +#define GET_UINT32_LE(n,b,i) \ +{ \ + (n) = ( (uint32_t) (b)[(i) ] ) \ + | ( (uint32_t) (b)[(i) + 1] << 8 ) \ + | ( (uint32_t) (b)[(i) + 2] << 16 ) \ + | ( (uint32_t) (b)[(i) + 3] << 24 ); \ +} +#endif + +#ifndef PUT_UINT32_LE +#define PUT_UINT32_LE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ + (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ + (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ + (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ +} +#endif + +// FLIP1 modifies byte order ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits +#define ARIA_FLIP1(x) (((x) >> 16) ^ ((x) << 16)) + +// FLIP2 modifies byte order ( A B C D ) -> ( B A D C ), swap pairs of bytes +#define ARIA_FLIP2(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8)) + +// Affine Transform A +// (ra, rb, rc, rd) = state in/out +// (ta, tb, tc) = temporary variables + +#define ARIA_A( ra, rb, rc, rd, ta, tb, tc ) { \ + ta = rb; \ + rb = ra; \ + ra = ARIA_FLIP1( ta ); \ + tb = ARIA_FLIP1( rd ); \ + rd = ARIA_FLIP2( rc ); \ + rc = ARIA_FLIP2( tb ); \ + ta ^= rd; \ + tc = ARIA_FLIP1( rb ); \ + ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \ + tb ^= ARIA_FLIP1( rd ); \ + tc ^= ARIA_FLIP2( ra ); \ + rb ^= ta ^ tb; \ + tb = ARIA_FLIP1( tb ) ^ ta; \ + ra ^= ARIA_FLIP2( tb ); \ + ta = ARIA_FLIP1( ta ); \ + rd ^= ARIA_FLIP2( ta ) ^ tc; \ + tc = ARIA_FLIP1( tc ); \ + rc ^= ARIA_FLIP2( tc ) ^ ta; \ +} + + +// ARIA Round function ( Substitution Layer SLx + Affine Transform A ) +// (ra, rb, rc, rd) = state in/out +// (sa, sb, sc, sd) = 256 8-bit S-Boxes +// (ta, tb, tc) = temporary variables + +#define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd, ta, tb, tc ) { \ + ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ \ + (((uint32_t) sd[ rb >> 24]) << 8) ^ \ + (((uint32_t) sa[ rb & 0xFF]) << 16) ^ \ + (((uint32_t) sb[(rb >> 8) & 0xFF]) << 24); \ + rb = ( (uint32_t) sa[ ra & 0xFF]) ^ \ + (((uint32_t) sb[(ra >> 8) & 0xFF]) << 8) ^ \ + (((uint32_t) sc[(ra >> 16) & 0xFF]) << 16) ^ \ + (((uint32_t) sd[ ra >> 24]) << 24); \ + ra = ta; \ + ta = ( (uint32_t) sd[ rd >> 24]) ^ \ + (((uint32_t) sc[(rd >> 16) & 0xFF]) << 8) ^ \ + (((uint32_t) sb[(rd >> 8) & 0xFF]) << 16) ^ \ + (((uint32_t) sa[ rd & 0xFF]) << 24); \ + rd = ( (uint32_t) sb[(rc >> 8) & 0xFF]) ^ \ + (((uint32_t) sa[ rc & 0xFF]) << 8) ^ \ + (((uint32_t) sd[ rc >> 24]) << 16) ^ \ + (((uint32_t) sc[(rc >> 16) & 0xFF]) << 24); \ + rc = ta; \ + ta = ARIA_FLIP1( ra ) ^ rd; \ + tc = ARIA_FLIP1( rb ); \ + ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \ + tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd ); \ + tc ^= ARIA_FLIP2( ra ); \ + rb ^= ta^ tb; \ + tb = ARIA_FLIP1( tb ) ^ ta; \ + ra ^= ARIA_FLIP2( tb ); \ + ta = ARIA_FLIP1( ta ); \ + rd ^= ARIA_FLIP2( ta ) ^ tc; \ + tc = ARIA_FLIP1( tc ); \ + rc ^= ARIA_FLIP2( tc ) ^ ta; \ +} + +// S-Boxes + +static const uint8_t aria_sb1[0x100] = +{ + 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, + 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, + 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, + 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, + 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, + 0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, + 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x00, 0xED, + 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, + 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, + 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, + 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC, + 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, + 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, + 0xDE, 0x5E, 0x0B, 0xDB, 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, + 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D, + 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, + 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, + 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, + 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11, + 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, + 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, + 0xB0, 0x54, 0xBB, 0x16 +}; + +static const uint8_t aria_sb2[0x100] = +{ + 0xE2, 0x4E, 0x54, 0xFC, 0x94, 0xC2, 0x4A, 0xCC, 0x62, 0x0D, 0x6A, 0x46, + 0x3C, 0x4D, 0x8B, 0xD1, 0x5E, 0xFA, 0x64, 0xCB, 0xB4, 0x97, 0xBE, 0x2B, + 0xBC, 0x77, 0x2E, 0x03, 0xD3, 0x19, 0x59, 0xC1, 0x1D, 0x06, 0x41, 0x6B, + 0x55, 0xF0, 0x99, 0x69, 0xEA, 0x9C, 0x18, 0xAE, 0x63, 0xDF, 0xE7, 0xBB, + 0x00, 0x73, 0x66, 0xFB, 0x96, 0x4C, 0x85, 0xE4, 0x3A, 0x09, 0x45, 0xAA, + 0x0F, 0xEE, 0x10, 0xEB, 0x2D, 0x7F, 0xF4, 0x29, 0xAC, 0xCF, 0xAD, 0x91, + 0x8D, 0x78, 0xC8, 0x95, 0xF9, 0x2F, 0xCE, 0xCD, 0x08, 0x7A, 0x88, 0x38, + 0x5C, 0x83, 0x2A, 0x28, 0x47, 0xDB, 0xB8, 0xC7, 0x93, 0xA4, 0x12, 0x53, + 0xFF, 0x87, 0x0E, 0x31, 0x36, 0x21, 0x58, 0x48, 0x01, 0x8E, 0x37, 0x74, + 0x32, 0xCA, 0xE9, 0xB1, 0xB7, 0xAB, 0x0C, 0xD7, 0xC4, 0x56, 0x42, 0x26, + 0x07, 0x98, 0x60, 0xD9, 0xB6, 0xB9, 0x11, 0x40, 0xEC, 0x20, 0x8C, 0xBD, + 0xA0, 0xC9, 0x84, 0x04, 0x49, 0x23, 0xF1, 0x4F, 0x50, 0x1F, 0x13, 0xDC, + 0xD8, 0xC0, 0x9E, 0x57, 0xE3, 0xC3, 0x7B, 0x65, 0x3B, 0x02, 0x8F, 0x3E, + 0xE8, 0x25, 0x92, 0xE5, 0x15, 0xDD, 0xFD, 0x17, 0xA9, 0xBF, 0xD4, 0x9A, + 0x7E, 0xC5, 0x39, 0x67, 0xFE, 0x76, 0x9D, 0x43, 0xA7, 0xE1, 0xD0, 0xF5, + 0x68, 0xF2, 0x1B, 0x34, 0x70, 0x05, 0xA3, 0x8A, 0xD5, 0x79, 0x86, 0xA8, + 0x30, 0xC6, 0x51, 0x4B, 0x1E, 0xA6, 0x27, 0xF6, 0x35, 0xD2, 0x6E, 0x24, + 0x16, 0x82, 0x5F, 0xDA, 0xE6, 0x75, 0xA2, 0xEF, 0x2C, 0xB2, 0x1C, 0x9F, + 0x5D, 0x6F, 0x80, 0x0A, 0x72, 0x44, 0x9B, 0x6C, 0x90, 0x0B, 0x5B, 0x33, + 0x7D, 0x5A, 0x52, 0xF3, 0x61, 0xA1, 0xF7, 0xB0, 0xD6, 0x3F, 0x7C, 0x6D, + 0xED, 0x14, 0xE0, 0xA5, 0x3D, 0x22, 0xB3, 0xF8, 0x89, 0xDE, 0x71, 0x1A, + 0xAF, 0xBA, 0xB5, 0x81 +}; + +static const uint8_t aria_is1[0x100] = +{ + 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, + 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, + 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32, + 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, + 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, + 0x6D, 0x8B, 0xD1, 0x25, 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 0x6C, 0x70, 0x48, 0x50, + 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, + 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, + 0xB8, 0xB3, 0x45, 0x06, 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, + 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 0x3A, 0x91, 0x11, 0x41, + 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, + 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, + 0x1C, 0x75, 0xDF, 0x6E, 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, + 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 0xFC, 0x56, 0x3E, 0x4B, + 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, + 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, + 0x27, 0x80, 0xEC, 0x5F, 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, + 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 0xA0, 0xE0, 0x3B, 0x4D, + 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, + 0x55, 0x21, 0x0C, 0x7D +}; + +static const uint8_t aria_is2[0x100] = +{ + 0x30, 0x68, 0x99, 0x1B, 0x87, 0xB9, 0x21, 0x78, 0x50, 0x39, 0xDB, 0xE1, + 0x72, 0x09, 0x62, 0x3C, 0x3E, 0x7E, 0x5E, 0x8E, 0xF1, 0xA0, 0xCC, 0xA3, + 0x2A, 0x1D, 0xFB, 0xB6, 0xD6, 0x20, 0xC4, 0x8D, 0x81, 0x65, 0xF5, 0x89, + 0xCB, 0x9D, 0x77, 0xC6, 0x57, 0x43, 0x56, 0x17, 0xD4, 0x40, 0x1A, 0x4D, + 0xC0, 0x63, 0x6C, 0xE3, 0xB7, 0xC8, 0x64, 0x6A, 0x53, 0xAA, 0x38, 0x98, + 0x0C, 0xF4, 0x9B, 0xED, 0x7F, 0x22, 0x76, 0xAF, 0xDD, 0x3A, 0x0B, 0x58, + 0x67, 0x88, 0x06, 0xC3, 0x35, 0x0D, 0x01, 0x8B, 0x8C, 0xC2, 0xE6, 0x5F, + 0x02, 0x24, 0x75, 0x93, 0x66, 0x1E, 0xE5, 0xE2, 0x54, 0xD8, 0x10, 0xCE, + 0x7A, 0xE8, 0x08, 0x2C, 0x12, 0x97, 0x32, 0xAB, 0xB4, 0x27, 0x0A, 0x23, + 0xDF, 0xEF, 0xCA, 0xD9, 0xB8, 0xFA, 0xDC, 0x31, 0x6B, 0xD1, 0xAD, 0x19, + 0x49, 0xBD, 0x51, 0x96, 0xEE, 0xE4, 0xA8, 0x41, 0xDA, 0xFF, 0xCD, 0x55, + 0x86, 0x36, 0xBE, 0x61, 0x52, 0xF8, 0xBB, 0x0E, 0x82, 0x48, 0x69, 0x9A, + 0xE0, 0x47, 0x9E, 0x5C, 0x04, 0x4B, 0x34, 0x15, 0x79, 0x26, 0xA7, 0xDE, + 0x29, 0xAE, 0x92, 0xD7, 0x84, 0xE9, 0xD2, 0xBA, 0x5D, 0xF3, 0xC5, 0xB0, + 0xBF, 0xA4, 0x3B, 0x71, 0x44, 0x46, 0x2B, 0xFC, 0xEB, 0x6F, 0xD5, 0xF6, + 0x14, 0xFE, 0x7C, 0x70, 0x5A, 0x7D, 0xFD, 0x2F, 0x18, 0x83, 0x16, 0xA5, + 0x91, 0x1F, 0x05, 0x95, 0x74, 0xA9, 0xC1, 0x5B, 0x4A, 0x85, 0x6D, 0x13, + 0x07, 0x4F, 0x4E, 0x45, 0xB2, 0x0F, 0xC9, 0x1C, 0xA6, 0xBC, 0xEC, 0x73, + 0x90, 0x7B, 0xCF, 0x59, 0x8F, 0xA1, 0xF9, 0x2D, 0xF2, 0xB1, 0x00, 0x94, + 0x37, 0x9F, 0xD0, 0x2E, 0x9C, 0x6E, 0x28, 0x3F, 0x80, 0xF0, 0x3D, 0xD3, + 0x25, 0x8A, 0xB5, 0xE7, 0x42, 0xB3, 0xC7, 0xEA, 0xF7, 0x4C, 0x11, 0x33, + 0x03, 0xA2, 0xAC, 0x60 +}; +// FO and FE are helpers for key schedule + +// r = FO( p, k ) ^ x + +static void aria_fo( uint32_t r[4], + const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) +{ + uint32_t a, b, c, d; + uint32_t t, u, v; + + a = p[0] ^ k[0]; + b = p[1] ^ k[1]; + c = p[2] ^ k[2]; + d = p[3] ^ k[3]; + + ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2, t, u, v ); + + r[0] = a ^ x[0]; + r[1] = b ^ x[1]; + r[2] = c ^ x[2]; + r[3] = d ^ x[3]; +} + +// r = FE( p, k ) ^ x + +static void aria_fe(uint32_t r[4], + const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) +{ + uint32_t a, b, c, d; + uint32_t t, u, v; + + a = p[0] ^ k[0]; + b = p[1] ^ k[1]; + c = p[2] ^ k[2]; + d = p[3] ^ k[3]; + + ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2, t, u, v ); + + r[0] = a ^ x[0]; + r[1] = b ^ x[1]; + r[2] = c ^ x[2]; + r[3] = d ^ x[3]; +} + +// Big endian 128-bit rotation: d = a ^ (b <<< n), used only in key setup. +// This is relatively slow since our implementation is geared towards +// little-endian targets and stores state in that order. + +static void aria_rot128(uint32_t r[4], const uint32_t a[4], + const uint32_t b[4], int n) +{ + int i, j, n1, n2; + uint32_t t, u; + + j = (n >> 5) & 3; // word offset + n1 = n & 0x1F; // bit offsets + n2 = 32 - n1; // n1 should be nonzero! + t = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); // big endian + for( i = 0; i < 4; i++ ) + { + j = (j + 1) & 3; // get next word, big endian + u = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); + t <<= n1; // rotate + if (n2 < 32) // intel rotate 32 bits = 0 bits.. + t |= u >> n2; + t = ARIA_FLIP1( ARIA_FLIP2( t ) ); // back to little endian + r[i] = a[i] ^ t; // store + t = u; // move to next word + } +} + +// Set encryption key + +int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, + const unsigned char *key, unsigned int keybits) +{ + // round constant masks + const uint32_t rc[3][4] = + { + { 0xB7C17C51, 0x940A2227, 0xE8AB13FE, 0xE06E9AFA }, + { 0xCC4AB16D, 0x20C8219E, 0xD5B128FF, 0xB0E25DEF }, + { 0x1D3792DB, 0x70E92621, 0x75972403, 0x0EC9E804 } + }; + + int i; + uint32_t w[4][4], *w2; + + if (keybits != 128 && keybits != 192 && keybits != 256) + return MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH; + + // W0 = KL + GET_UINT32_LE( w[0][0], key, 0 ); // copy key to W0 | W1 + GET_UINT32_LE( w[0][1], key, 4 ); + GET_UINT32_LE( w[0][2], key, 8 ); + GET_UINT32_LE( w[0][3], key, 12 ); + + memset(w[1], 0, 16); + if( keybits >= 192 ) + { + GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key + GET_UINT32_LE( w[1][1], key, 20 ); + } + if( keybits == 256 ) + { + GET_UINT32_LE( w[1][2], key, 24 ); // 256 bit key + GET_UINT32_LE( w[1][3], key, 28 ); + } + + i = (keybits - 128) >> 6; // index: 0, 1, 2 + ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16 + + aria_fo( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR + i = i < 2 ? i + 1 : 0; + aria_fe( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0 + i = i < 2 ? i + 1 : 0; + aria_fo( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1 + + for( i = 0; i < 4; i++ ) // create round keys + { + w2 = w[(i + 1) & 3]; + aria_rot128( ctx->rk[i ], w[i], w2, -19); + aria_rot128( ctx->rk[i + 4], w[i], w2, -31); + aria_rot128( ctx->rk[i + 8], w[i], w2, 61); + aria_rot128( ctx->rk[i + 12], w[i], w2, 31); + } + aria_rot128( ctx->rk[16], w[0], w[1], 19 ); + + return 0; +} + +// Set decryption key + +int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, + const unsigned char *key, unsigned int keybits) +{ + int i, j, k, ret; + uint32_t t, u, v; + + ret = mbedtls_aria_setkey_enc( ctx, key, keybits ); + if( ret != 0 ) + return ret; + + // flip the order of round keys + for( i = 0, j = ctx->nr; i < j; i++, j-- ) + { + for( k = 0; k < 4; k++ ) + { + t = ctx->rk[i][k]; + ctx->rk[i][k] = ctx->rk[j][k]; + ctx->rk[j][k] = t; + } + } + + // apply affine transform to middle keys + for (i = 1; i < ctx->nr; i++ ) + { + ARIA_A( ctx->rk[i][0], ctx->rk[i][1], ctx->rk[i][2], ctx->rk[i][3], + t, u, v ); + } + + return 0; +} + +// Encrypt a block + +int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16] ) +{ + int i; + + uint32_t a, b, c, d; + uint32_t t, u, v; + + ( (void) mode ); + + GET_UINT32_LE( a, input, 0 ); + GET_UINT32_LE( b, input, 4 ); + GET_UINT32_LE( c, input, 8 ); + GET_UINT32_LE( d, input, 12 ); + + i = 0; + while (1) + { + a ^= ctx->rk[i][0]; + b ^= ctx->rk[i][1]; + c ^= ctx->rk[i][2]; + d ^= ctx->rk[i][3]; + i++; + ARIA_SLA( a, b, c, d, + aria_sb1, aria_sb2, aria_is1, aria_is2, t, u, v ); + + a ^= ctx->rk[i][0]; + b ^= ctx->rk[i][1]; + c ^= ctx->rk[i][2]; + d ^= ctx->rk[i][3]; + i++; + if (i >= ctx->nr) + break; + + ARIA_SLA( a, b, c, d, + aria_is1, aria_is2, aria_sb1, aria_sb2, t, u, v ); + } + + // final substitution + + a = ctx->rk[i][0] ^ + ( (uint32_t) aria_is1[ a & 0xFF]) ^ + (((uint32_t) aria_is2[(a >> 8) & 0xFF]) << 8) ^ + (((uint32_t) aria_sb1[(a >> 16) & 0xFF]) << 16) ^ + (((uint32_t) aria_sb2[ a >> 24 ]) << 24); + + b = ctx->rk[i][1] ^ + ( (uint32_t) aria_is1[ b & 0xFF]) ^ + (((uint32_t) aria_is2[(b >> 8) & 0xFF]) << 8) ^ + (((uint32_t) aria_sb1[(b >> 16) & 0xFF]) << 16) ^ + (((uint32_t) aria_sb2[ b >> 24 ]) << 24); + + c = ctx->rk[i][2] ^ + ( (uint32_t) aria_is1[ c & 0xFF]) ^ + (((uint32_t) aria_is2[(c >> 8) & 0xFF]) << 8) ^ + (((uint32_t) aria_sb1[(c >> 16) & 0xFF]) << 16) ^ + (((uint32_t) aria_sb2[ c >> 24 ]) << 24); + + d = ctx->rk[i][3] ^ + ( (uint32_t) aria_is1[ d & 0xFF]) ^ + (((uint32_t) aria_is2[(d >> 8) & 0xFF]) << 8) ^ + (((uint32_t) aria_sb1[(d >> 16) & 0xFF]) << 16) ^ + (((uint32_t) aria_sb2[ d >> 24 ]) << 24); + + PUT_UINT32_LE( a, output, 0 ); + PUT_UINT32_LE( b, output, 4 ); + PUT_UINT32_LE( c, output, 8 ); + PUT_UINT32_LE( d, output, 12 ); + + return 0; +} + + + +#if defined(MBEDTLS_CIPHER_MODE_CBC) +/* + * ARIA-CBC buffer encryption/decryption + */ +int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + int i; + unsigned char temp[16]; + + if( length % 16 ) + return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); + + if( mode == MBEDTLS_ARIA_DECRYPT ) + { + while( length > 0 ) + { + memcpy( temp, input, 16 ); + mbedtls_aria_crypt_ecb( ctx, mode, input, output ); + + for( i = 0; i < 16; i++ ) + output[i] = (unsigned char)( output[i] ^ iv[i] ); + + memcpy( iv, temp, 16 ); + + input += 16; + output += 16; + length -= 16; + } + } + else + { + while( length > 0 ) + { + for( i = 0; i < 16; i++ ) + output[i] = (unsigned char)( input[i] ^ iv[i] ); + + mbedtls_aria_crypt_ecb( ctx, mode, output, output ); + memcpy( iv, output, 16 ); + + input += 16; + output += 16; + length -= 16; + } + } + + return( 0 ); +} +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) +/* + * ARIA-CFB128 buffer encryption/decryption + */ +int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) +{ + int c; + size_t n = *iv_off; + + if( mode == MBEDTLS_ARIA_DECRYPT ) + { + while( length-- ) + { + if( n == 0 ) + mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, iv, iv ); + + c = *input++; + *output++ = (unsigned char)( c ^ iv[n] ); + iv[n] = (unsigned char) c; + + n = ( n + 1 ) & 0x0F; + } + } + else + { + while( length-- ) + { + if( n == 0 ) + mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, iv, iv ); + + iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + + n = ( n + 1 ) & 0x0F; + } + } + + *iv_off = n; + + return( 0 ); +} +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) +/* + * ARIA-CTR buffer encryption/decryption + */ +int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ) +{ + int c, i; + size_t n = *nc_off; + + while( length-- ) + { + if( n == 0 ) { + mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, nonce_counter, + stream_block ); + + for( i = 16; i > 0; i-- ) + if( ++nonce_counter[i - 1] != 0 ) + break; + } + c = *input++; + *output++ = (unsigned char)( c ^ stream_block[n] ); + + n = ( n + 1 ) & 0x0F; + } + + *nc_off = n; + + return( 0 ); +} +#endif /* MBEDTLS_CIPHER_MODE_CTR */ +#endif /* !MBEDTLS_ARIA_ALT */ + +#if defined(MBEDTLS_SELF_TEST) + +/* + * Checkup routine + */ + +int mbedtls_aria_self_test( int verbose ) +{ + // ECB test vectors from RFC 5794 + + const uint8_t aria_ecb_test_key[32] = // test key + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 128 bit + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, // 192 bit + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F // 256 bit + }; + const uint8_t aria_ecb_test_pt[16] = // plaintext + { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // same for all + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF // key sizes + }; + const uint8_t aria_ecb_test_ct[3][16] = // ciphertext + { + { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit + 0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 } + , + { 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit + 0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 } + , + { 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit + 0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC } + }; + + int i; + uint8_t blk[16]; + mbedtls_aria_context ctx; + + for( i = 0; i < 3; i++ ) + { + // test encryption + if( verbose ) + printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i); + + mbedtls_aria_setkey_enc( &ctx, aria_ecb_test_key, 128 + 64 * i ); + mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, + aria_ecb_test_pt, blk ); + + if( memcmp( blk, aria_ecb_test_ct[i], 16 ) != 0 ) + { + if( verbose ) + printf( "failed\n" ); + return( 1 ); + } + if( verbose ) + printf( "passed\n" ); + + // test decryption + + if( verbose ) + printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i); + + mbedtls_aria_setkey_dec( &ctx, aria_ecb_test_key, 128 + 64 * i ); + mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, + aria_ecb_test_ct[i], blk ); + + if (memcmp( blk, aria_ecb_test_pt, 16 ) != 0) + { + if( verbose ) + printf( "failed\n" ); + return( 1 ); + } + if( verbose ) + printf( "passed\n" ); + } + printf("\n"); + + return( 0 ); +} + +#endif /* MBEDTLS_SELF_TEST */ + +#endif /* MBEDTLS_ARIA_C */ From 259fa60f6c430d8bd670afeba63a5c6a8df2c85d Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Thu, 30 Nov 2017 15:48:37 +0000 Subject: [PATCH 0709/1059] ARIA test vectors for CBC CFB CTR modes --- library/aria.c | 312 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 257 insertions(+), 55 deletions(-) diff --git a/library/aria.c b/library/aria.c index 0eb22ecc8f..da31f09d71 100644 --- a/library/aria.c +++ b/library/aria.c @@ -19,7 +19,6 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -623,80 +622,283 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, #if defined(MBEDTLS_SELF_TEST) +// Basic ARIA ECB test vectors from RFC 5794 + +static const uint8_t aria_test1_ecb_key[32] = // test key +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 128 bit + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, // 192 bit + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F // 256 bit +}; + +static const uint8_t aria_test1_ecb_pt[16] = // plaintext +{ + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // same for all + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF // key sizes +}; + +static const uint8_t aria_test1_ecb_ct[3][16] = // ciphertext +{ + { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit + 0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 }, + { 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit + 0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 }, + { 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit + 0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC } +}; + +// Mode tests from "Test Vectors for ARIA" Version 1.0 +// http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf + +#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \ + defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_CTR)) + +static const uint8_t aria_test2_key[32] = +{ + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 128 bit + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 192 bit + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff // 256 bit +}; + +static const uint8_t aria_test2_iv[16] = +{ + 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, // same for all + 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 +}; + +static const uint8_t aria_test2_pt[48] = +{ + 0x11, 0x11, 0x11, 0x11, 0xaa, 0xaa, 0xaa, 0xaa, // same for all + 0x11, 0x11, 0x11, 0x11, 0xbb, 0xbb, 0xbb, 0xbb, + 0x11, 0x11, 0x11, 0x11, 0xcc, 0xcc, 0xcc, 0xcc, + 0x11, 0x11, 0x11, 0x11, 0xdd, 0xdd, 0xdd, 0xdd, + 0x22, 0x22, 0x22, 0x22, 0xaa, 0xaa, 0xaa, 0xaa, + 0x22, 0x22, 0x22, 0x22, 0xbb, 0xbb, 0xbb, 0xbb, +}; + +#endif /* defined(MBEDTLS_CIPHER_MODE_CBC) || \ + defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_CTR) */ + +#if defined(MBEDTLS_CIPHER_MODE_CBC) +static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertxt +{ + { 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key + 0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34, + 0xfa, 0xdf, 0x9f, 0xb2, 0x31, 0x51, 0xe9, 0x64, + 0x5f, 0xba, 0x75, 0x01, 0x8b, 0xdb, 0x15, 0x38, + 0xb5, 0x33, 0x34, 0x63, 0x4b, 0xbf, 0x7d, 0x4c, + 0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15 }, + { 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c, // 192-bit key + 0x67, 0x2a, 0x82, 0x62, 0x64, 0xea, 0x78, 0x5f, + 0x4e, 0x4f, 0x7f, 0x78, 0x0d, 0xc7, 0xf3, 0xf1, + 0xe0, 0x96, 0x2b, 0x80, 0x90, 0x23, 0x86, 0xd5, + 0x14, 0xe9, 0xc3, 0xe7, 0x72, 0x59, 0xde, 0x92, + 0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e }, + { 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1, // 256-bit key + 0x55, 0xfd, 0xd2, 0x8d, 0xbc, 0x34, 0xe1, 0xab, + 0x7b, 0x9b, 0x42, 0x43, 0x2a, 0xd8, 0xb2, 0xef, + 0xb9, 0x6e, 0x23, 0xb1, 0x3f, 0x0a, 0x6e, 0x52, + 0xf3, 0x61, 0x85, 0xd5, 0x0a, 0xd0, 0x02, 0xc5, + 0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b } +}; +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) +static const uint8_t aria_test2_cfb_ct[3][48] = // CFB ciphertxt +{ + { 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key + 0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00, + 0xc0, 0x7c, 0x21, 0xe6, 0x37, 0x0f, 0x41, 0x3a, + 0x5d, 0x13, 0x25, 0x00, 0xa6, 0x82, 0x85, 0x01, + 0x7c, 0x61, 0xb4, 0x34, 0xc7, 0xb7, 0xca, 0x96, + 0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b }, + { 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54, // 192-bit key + 0x94, 0xd2, 0x73, 0x61, 0x29, 0x64, 0x0f, 0x5c, + 0x4d, 0x87, 0xa9, 0xa2, 0x13, 0x66, 0x4c, 0x94, + 0x48, 0x47, 0x7c, 0x6e, 0xcc, 0x20, 0x13, 0x59, + 0x8d, 0x97, 0x66, 0x95, 0x2d, 0xd8, 0xc3, 0x86, + 0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b }, + { 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2, // 256-bit key + 0x58, 0x8d, 0x4a, 0x7f, 0x09, 0x00, 0x96, 0x35, + 0xf2, 0x8b, 0xb9, 0x3d, 0x8c, 0x31, 0xf8, 0x70, + 0xec, 0x1e, 0x0b, 0xdb, 0x08, 0x2b, 0x66, 0xfa, + 0x40, 0x2d, 0xd9, 0xc2, 0x02, 0xbe, 0x30, 0x0c, + 0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1 } +}; +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) +static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertxt +{ + { 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key + 0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1, + 0x14, 0x97, 0xe2, 0xa3, 0x45, 0x19, 0xde, 0xa1, + 0x56, 0x9e, 0x91, 0xe5, 0xb5, 0xcc, 0xae, 0x2f, + 0xf3, 0xbf, 0xa1, 0xbf, 0x97, 0x5f, 0x45, 0x71, + 0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3 }, + { 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19, // 192-bit key + 0xba, 0x7a, 0xf3, 0x76, 0x0a, 0x6e, 0xd1, 0xce, + 0xf4, 0xd1, 0x99, 0x26, 0x3e, 0x99, 0x9d, 0xde, + 0x14, 0x08, 0x2d, 0xbb, 0xa7, 0x56, 0x0b, 0x79, + 0xa4, 0xc6, 0xb4, 0x56, 0xb8, 0x70, 0x7d, 0xce, + 0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf }, + { 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17, // 256-bit key + 0x21, 0x17, 0x8b, 0x99, 0xc0, 0xa1, 0xf1, 0xb2, + 0xf0, 0x69, 0x40, 0x25, 0x3f, 0x7b, 0x30, 0x89, + 0xe2, 0xa3, 0x0e, 0xa8, 0x6a, 0xa3, 0xc8, 0x8f, + 0x59, 0x40, 0xf0, 0x5a, 0xd7, 0xee, 0x41, 0xd7, + 0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1 } +}; +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + /* * Checkup routine */ +#define ARIA_SELF_TEST_IF_FAIL \ + { \ + if( verbose ) \ + printf( "failed\n" ); \ + return( 1 ); \ + } else { \ + if( verbose ) \ + printf( "passed\n" ); \ + } + int mbedtls_aria_self_test( int verbose ) { - // ECB test vectors from RFC 5794 - - const uint8_t aria_ecb_test_key[32] = // test key - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 128 bit - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, // 192 bit - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F // 256 bit - }; - const uint8_t aria_ecb_test_pt[16] = // plaintext - { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // same for all - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF // key sizes - }; - const uint8_t aria_ecb_test_ct[3][16] = // ciphertext - { - { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit - 0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 } - , - { 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit - 0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 } - , - { 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit - 0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC } - }; - int i; uint8_t blk[16]; mbedtls_aria_context ctx; +#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \ + defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_CTR)) + size_t j; + uint8_t buf[48], iv[16]; +#endif + + // Test set 1 for( i = 0; i < 3; i++ ) { - // test encryption + // test ECB encryption if( verbose ) printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i); - - mbedtls_aria_setkey_enc( &ctx, aria_ecb_test_key, 128 + 64 * i ); + mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, - aria_ecb_test_pt, blk ); - - if( memcmp( blk, aria_ecb_test_ct[i], 16 ) != 0 ) - { - if( verbose ) - printf( "failed\n" ); - return( 1 ); - } - if( verbose ) - printf( "passed\n" ); - - // test decryption + aria_test1_ecb_pt, blk ); + if( memcmp( blk, aria_test1_ecb_ct[i], 16 ) != 0 ) + ARIA_SELF_TEST_IF_FAIL; + // test ECB decryption if( verbose ) printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i); - - mbedtls_aria_setkey_dec( &ctx, aria_ecb_test_key, 128 + 64 * i ); + mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, - aria_ecb_test_ct[i], blk ); - - if (memcmp( blk, aria_ecb_test_pt, 16 ) != 0) - { - if( verbose ) - printf( "failed\n" ); - return( 1 ); - } - if( verbose ) - printf( "passed\n" ); + aria_test1_ecb_ct[i], blk ); + if (memcmp( blk, aria_test1_ecb_pt, 16 ) != 0) + ARIA_SELF_TEST_IF_FAIL; } - printf("\n"); + if( verbose ) + printf("\n"); + + // Test set 2 + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + for( i = 0; i < 3; i++ ) + { + // Test CBC encryption + if( verbose ) + printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i); + mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); + memcpy( iv, aria_test2_iv, 16 ); + memset( buf, 0x55, sizeof(buf) ); + mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, + aria_test2_pt, buf ); + if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 ) + ARIA_SELF_TEST_IF_FAIL; + + // Test CBC decryption + if( verbose ) + printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i); + mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i ); + memcpy( iv, aria_test2_iv, 16 ); + memset( buf, 0xAA, sizeof(buf) ); + mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, + aria_test2_cbc_ct[i], buf ); + if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) + ARIA_SELF_TEST_IF_FAIL; + } + if( verbose ) + printf("\n"); + +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) + for( i = 0; i < 3; i++ ) + { + // Test CFB encryption + if( verbose ) + printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i); + mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); + memcpy( iv, aria_test2_iv, 16 ); + memset( buf, 0x55, sizeof(buf) ); + j = 0; + mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, + aria_test2_pt, buf ); + if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ) + ARIA_SELF_TEST_IF_FAIL; + + // Test CFB decryption + if( verbose ) + printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i); + mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); + memcpy( iv, aria_test2_iv, 16 ); + memset( buf, 0xAA, sizeof(buf) ); + j = 0; + mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, + iv, aria_test2_cfb_ct[i], buf ); + if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) + ARIA_SELF_TEST_IF_FAIL; + } + if( verbose ) + printf("\n"); +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) + for( i = 0; i < 3; i++ ) + { + // Test CTR encryption + if( verbose ) + printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i); + mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); + memset( iv, 0, 16 ); // IV = 0 + memset( buf, 0x55, sizeof(buf) ); + j = 0; + mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, + aria_test2_pt, buf ); + if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ) + ARIA_SELF_TEST_IF_FAIL; + + // Test CTR decryption + if( verbose ) + printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i); + mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); + memset( iv, 0, 16 ); // IV = 0 + memset( buf, 0xAA, sizeof(buf) ); + j = 0; + mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, + aria_test2_ctr_ct[i], buf ); + if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) + ARIA_SELF_TEST_IF_FAIL; + } + if( verbose ) + printf("\n"); +#endif /* MBEDTLS_CIPHER_MODE_CTR */ return( 0 ); } From 3c0b53b2b0c88e289e6d5831e9c6d9b3c1c73b42 Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Thu, 30 Nov 2017 16:00:34 +0000 Subject: [PATCH 0710/1059] ARIA build integration --- include/mbedtls/config.h | 9 +++++++++ include/mbedtls/error.h | 1 + library/CMakeLists.txt | 1 + library/Makefile | 1 + library/aria.c | 28 +++++++++++++++------------- library/error.c | 11 +++++++++++ library/version_features.c | 3 +++ programs/test/selftest.c | 4 ++++ scripts/generate_errors.pl | 2 +- 9 files changed, 46 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1c98558ebc..8c217544bb 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1797,6 +1797,15 @@ */ #define MBEDTLS_CAMELLIA_C +/** + * \def MBEDTLS_ARIA_C + * + * Enable the ARIA block cipher. + * + * Module: library/aria.c + */ +#define MBEDTLS_ARIA_C + /** * \def MBEDTLS_CCM_C * diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8b4d3a8755..5bdb6bb4a3 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -63,6 +63,7 @@ * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 11 0x0042-0x0052 0x0043-0x0045 + * ARIA 1 0x005C-0x005E * ASN1 7 0x0060-0x006C * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 02ccea8bc9..96992c1489 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -6,6 +6,7 @@ set(src_crypto aes.c aesni.c arc4.c + aria.c asn1parse.c asn1write.c base64.c diff --git a/library/Makefile b/library/Makefile index 65a102f3a1..6420281808 100644 --- a/library/Makefile +++ b/library/Makefile @@ -47,6 +47,7 @@ endif OBJS_CRYPTO= aes.o aesni.o arc4.o \ asn1parse.o asn1write.o base64.o \ bignum.o blowfish.o camellia.o \ + aria.o \ ccm.o cipher.o cipher_wrap.o \ cmac.o ctr_drbg.o des.o \ dhm.o ecdh.o ecdsa.o \ diff --git a/library/aria.c b/library/aria.c index da31f09d71..9121d8fb23 100644 --- a/library/aria.c +++ b/library/aria.c @@ -651,10 +651,8 @@ static const uint8_t aria_test1_ecb_ct[3][16] = // ciphertext // Mode tests from "Test Vectors for ARIA" Version 1.0 // http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf -#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \ - defined(MBEDTLS_CIPHER_MODE_CFB) || \ +#if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \ defined(MBEDTLS_CIPHER_MODE_CTR)) - static const uint8_t aria_test2_key[32] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 128 bit @@ -663,12 +661,6 @@ static const uint8_t aria_test2_key[32] = 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff // 256 bit }; -static const uint8_t aria_test2_iv[16] = -{ - 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, // same for all - 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 -}; - static const uint8_t aria_test2_pt[48] = { 0x11, 0x11, 0x11, 0x11, 0xaa, 0xaa, 0xaa, 0xaa, // same for all @@ -678,10 +670,15 @@ static const uint8_t aria_test2_pt[48] = 0x22, 0x22, 0x22, 0x22, 0xaa, 0xaa, 0xaa, 0xaa, 0x22, 0x22, 0x22, 0x22, 0xbb, 0xbb, 0xbb, 0xbb, }; +#endif -#endif /* defined(MBEDTLS_CIPHER_MODE_CBC) || \ - defined(MBEDTLS_CIPHER_MODE_CFB) || \ - defined(MBEDTLS_CIPHER_MODE_CTR) */ +#if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)) +static const uint8_t aria_test2_iv[16] = +{ + 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, // same for CBC, CFB + 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 // CTR has zero IV +}; +#endif #if defined(MBEDTLS_CIPHER_MODE_CBC) static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertxt @@ -774,10 +771,15 @@ int mbedtls_aria_self_test( int verbose ) int i; uint8_t blk[16]; mbedtls_aria_context ctx; + +#if (defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_CTR)) + size_t j; +#endif + #if (defined(MBEDTLS_CIPHER_MODE_CBC) || \ defined(MBEDTLS_CIPHER_MODE_CFB) || \ defined(MBEDTLS_CIPHER_MODE_CTR)) - size_t j; uint8_t buf[48], iv[16]; #endif diff --git a/library/error.c b/library/error.c index 0292480aee..16680775fb 100644 --- a/library/error.c +++ b/library/error.c @@ -65,6 +65,10 @@ #include "mbedtls/camellia.h" #endif +#if defined(MBEDTLS_ARIA_C) +#include "mbedtls/aria.h" +#endif + #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" #endif @@ -642,6 +646,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ +#if defined(MBEDTLS_ARIA_C) + if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) ) + mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) + mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); +#endif /* MBEDTLS_ARIA_C */ + #if defined(MBEDTLS_CCM_C) if( use_ret == -(MBEDTLS_ERR_CCM_BAD_INPUT) ) mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to the function" ); diff --git a/library/version_features.c b/library/version_features.c index da47e3d753..3b1319ef11 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -525,6 +525,9 @@ static const char *features[] = { #if defined(MBEDTLS_CAMELLIA_C) "MBEDTLS_CAMELLIA_C", #endif /* MBEDTLS_CAMELLIA_C */ +#if defined(MBEDTLS_ARIA_C) + "MBEDTLS_ARIA_C", +#endif /* MBEDTLS_ARIA_C */ #if defined(MBEDTLS_CCM_C) "MBEDTLS_CCM_C", #endif /* MBEDTLS_CCM_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 72a37342fd..019071ba40 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -44,6 +44,7 @@ #include "mbedtls/des.h" #include "mbedtls/aes.h" #include "mbedtls/camellia.h" +#include "mbedtls/aria.h" #include "mbedtls/base64.h" #include "mbedtls/bignum.h" #include "mbedtls/rsa.h" @@ -225,6 +226,9 @@ const selftest_t selftests[] = #if defined(MBEDTLS_CAMELLIA_C) {"camellia", mbedtls_camellia_self_test}, #endif +#if defined(MBEDTLS_ARIA_C) + {"aria", mbedtls_aria_self_test}, +#endif #if defined(MBEDTLS_CTR_DRBG_C) {"ctr_drbg", mbedtls_ctr_drbg_self_test}, #endif diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 59618d4aa7..95ec51211a 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -29,7 +29,7 @@ if( @ARGV ) { my $error_format_file = $data_dir.'/error.fmt'; -my @low_level_modules = qw( AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH +my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH CAMELLIA CCM CMAC CTR_DRBG DES ENTROPY GCM HMAC_DRBG MD2 MD4 MD5 NET OID PADLOCK PBKDF2 RIPEMD160 From 6ba68d4a3b421a6b6a2f38a72a7a00ff3ebd598d Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Fri, 1 Dec 2017 14:26:21 +0000 Subject: [PATCH 0711/1059] ARIA init and free --- library/aria.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/library/aria.c b/library/aria.c index 9121d8fb23..0e2c23a259 100644 --- a/library/aria.c +++ b/library/aria.c @@ -125,7 +125,7 @@ ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \ tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd ); \ tc ^= ARIA_FLIP2( ra ); \ - rb ^= ta^ tb; \ + rb ^= ta ^ tb; \ tb = ARIA_FLIP1( tb ) ^ ta; \ ra ^= ARIA_FLIP2( tb ); \ ta = ARIA_FLIP1( ta ); \ @@ -478,7 +478,19 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, return 0; } +void mbedtls_aria_init( mbedtls_aria_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_aria_context ) ); +} +void mbedtls_aria_free( mbedtls_aria_context *ctx ) +{ + if( ctx == NULL ) + return; + + // compiler can't remove this since this is not a static function + memset( ctx, 0, sizeof( mbedtls_aria_context ) ); +} #if defined(MBEDTLS_CIPHER_MODE_CBC) /* @@ -772,9 +784,8 @@ int mbedtls_aria_self_test( int verbose ) uint8_t blk[16]; mbedtls_aria_context ctx; -#if (defined(MBEDTLS_CIPHER_MODE_CFB) || \ - defined(MBEDTLS_CIPHER_MODE_CTR)) - size_t j; +#if (defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_CTR)) + size_t j; #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) || \ From 8df81e029f0f1be2dda67b97ed56739d3a1a34d7 Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Fri, 1 Dec 2017 14:26:40 +0000 Subject: [PATCH 0712/1059] Test suite for ARIA --- tests/CMakeLists.txt | 1 + tests/Makefile | 5 + tests/suites/test_suite_aria.data | 95 ++++++++ tests/suites/test_suite_aria.function | 318 ++++++++++++++++++++++++++ 4 files changed, 419 insertions(+) create mode 100644 tests/suites/test_suite_aria.data create mode 100644 tests/suites/test_suite_aria.function diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 16e19a9275..c85d3a2d8f 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -104,6 +104,7 @@ add_test_suite(version) add_test_suite(xtea) add_test_suite(x509parse) add_test_suite(x509write) +add_test_suite(aria) # Make data_files available in an out-of-source build if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) diff --git a/tests/Makefile b/tests/Makefile index 4787f25085..1e9b8aa473 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -50,6 +50,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \ test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \ test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \ + test_suite_aria$(EXEXT) \ test_suite_cmac$(EXEXT) \ test_suite_cipher.aes$(EXEXT) \ test_suite_cipher.arc4$(EXEXT) test_suite_cipher.ccm$(EXEXT) \ @@ -437,6 +438,10 @@ test_suite_version$(EXEXT): test_suite_version.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test_suite_aria$(EXEXT): test_suite_aria.c $(DEP) + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + clean: ifndef WINDOWS rm -f $(APPS) *.c diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data new file mode 100644 index 0000000000..46c6eccc23 --- /dev/null +++ b/tests/suites/test_suite_aria.data @@ -0,0 +1,95 @@ +ARIA-128-ECB Encrypt - RFC 5794 +aria_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"00112233445566778899aabbccddeeff":"d718fbd6ab644c739da95f3be6451778":0 + +ARIA-128-ECB Decrypt - RFC 5794 +aria_decrypt_ecb:"000102030405060708090a0b0c0d0e0f":"d718fbd6ab644c739da95f3be6451778":"00112233445566778899aabbccddeeff":0 + +ARIA-192-ECB Encrypt - RFC 5794 +aria_encrypt_ecb:"000102030405060708090a0b0c0d0e0f1011121314151617":"00112233445566778899aabbccddeeff":"26449c1805dbe7aa25a468ce263a9e79":0 + +ARIA-192-ECB Decrypt - RFC 5794 +aria_decrypt_ecb:"000102030405060708090a0b0c0d0e0f1011121314151617":"26449c1805dbe7aa25a468ce263a9e79":"00112233445566778899aabbccddeeff":0 + +ARIA-256-ECB_Encrypt - RFC 5794 +aria_encrypt_ecb:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"00112233445566778899aabbccddeeff":"f92bd7c79fb72e2f2b8f80c1972d24fc":0 + +ARIA-256-ECB_Decrypt - RFC 5794 +aria_decrypt_ecb:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"f92bd7c79fb72e2f2b8f80c1972d24fc":"00112233445566778899aabbccddeeff":0 + +ARIA-128-ECB Decrypt - RFC 5794 +aria_decrypt_ecb:"000102030405060708090a0b0c0d0e0f":"d718fbd6ab644c739da95f3be6451778":"00112233445566778899aabbccddeeff":0 + +ARIA-192-ECB Decrypt - RFC 5794 +aria_decrypt_ecb:"000102030405060708090a0b0c0d0e0f1011121314151617":"26449c1805dbe7aa25a468ce263a9e79":"00112233445566778899aabbccddeeff":0 + +ARIA-256-ECB Decrypt - RFC 5794 +aria_decrypt_ecb:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"f92bd7c79fb72e2f2b8f80c1972d24fc":"00112233445566778899aabbccddeeff":0 + +ARIA-128-ECB Encrypt - Official Test Vectors 1.0 +aria_encrypt_ecb:"00112233445566778899aabbccddeeff":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"c6ecd08e22c30abdb215cf74e2075e6e29ccaac63448708d331b2f816c51b17d9e133d1528dbf0af5787c7f3a3f5c2bf6b6f345907a3055612ce072ff54de7d788424da6e8ccfe8172b391be499354165665ba7864917000a6eeb2ecb4a698edfc7887e7f556377614ab0a282293e6d884dbb84206cdb16ed1754e77a1f243fd086953f752cc1e46c7c794ae85537dcaec8dd721f55c93b6edfe2adea43873e8":0 + +ARIA-128-ECB Decrypt - Official Test Vectors 1.0 +aria_decrypt_ecb:"00112233445566778899aabbccddeeff":"c6ecd08e22c30abdb215cf74e2075e6e29ccaac63448708d331b2f816c51b17d9e133d1528dbf0af5787c7f3a3f5c2bf6b6f345907a3055612ce072ff54de7d788424da6e8ccfe8172b391be499354165665ba7864917000a6eeb2ecb4a698edfc7887e7f556377614ab0a282293e6d884dbb84206cdb16ed1754e77a1f243fd086953f752cc1e46c7c794ae85537dcaec8dd721f55c93b6edfe2adea43873e8":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-192-ECB Encrypt - Official Test Vectors 1.0 +aria_encrypt_ecb:"00112233445566778899aabbccddeeff0011223344556677":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"8d1470625f59ebacb0e55b534b3e462b5f23d33bff78f46c3c15911f4a21809aaccad80b4bda915aa9dae6bcebe06a6c83f77fd5391acfe61de2f646b5d447edbfd5bb49b12fbb9145b227895a757b2af1f7188734863d7b8b6ede5a5b2f06a0a233c8523d2db778fb31b0e311f32700152f33861e9d040c83b5eb40cd88ea49975709dc629365a189f78a3ec40345fc6a5a307a8f9a4413091e007eca5645a0":0 + +ARIA-192-ECB Decrypt - Official Test Vectors 1.0 +aria_decrypt_ecb:"00112233445566778899aabbccddeeff0011223344556677":"8d1470625f59ebacb0e55b534b3e462b5f23d33bff78f46c3c15911f4a21809aaccad80b4bda915aa9dae6bcebe06a6c83f77fd5391acfe61de2f646b5d447edbfd5bb49b12fbb9145b227895a757b2af1f7188734863d7b8b6ede5a5b2f06a0a233c8523d2db778fb31b0e311f32700152f33861e9d040c83b5eb40cd88ea49975709dc629365a189f78a3ec40345fc6a5a307a8f9a4413091e007eca5645a0":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-256-ECB Encrypt - Official Test Vectors 1.0 +aria_encrypt_ecb:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"58a875e6044ad7fffa4f58420f7f442d8e191016f28e79aefc01e204773280d7018e5f7a938ec30711719953bae86542cd7ebc752474c1a5f6eaaace2a7e29462ee7dfa5afdb84177ead95ccd4b4bb6e1ed17b9534cff0a5fc2941429cfee2ee49c7adbeb7e9d1b0d2a8531d942079596a27ed79f5b1dd13ecd604b07a48885a3afa0627a0e4e60a3c703af292f1baa77b702f16c54aa74bc727ea95c7468b00":0 + +ARIA-256-ECB Decrypt - Official Test Vectors 1.0 +aria_decrypt_ecb:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"58a875e6044ad7fffa4f58420f7f442d8e191016f28e79aefc01e204773280d7018e5f7a938ec30711719953bae86542cd7ebc752474c1a5f6eaaace2a7e29462ee7dfa5afdb84177ead95ccd4b4bb6e1ed17b9534cff0a5fc2941429cfee2ee49c7adbeb7e9d1b0d2a8531d942079596a27ed79f5b1dd13ecd604b07a48885a3afa0627a0e4e60a3c703af292f1baa77b702f16c54aa74bc727ea95c7468b00":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-128-CBC Encrypt - Official Test Vectors 1.0 +aria_encrypt_cbc:"00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"49d61860b14909109cef0d22a9268134fadf9fb23151e9645fba75018bdb1538b53334634bbf7d4cd4b5377033060c155fe3948ca75de1031e1d85619e0ad61eb419a866b3c2dbfd10a4ed18b22149f75897f0b8668b0c1c542c687778835fb7cd46e45f85eaa7072437dd9fa6793d6f8d4ccefc4eb1ac641ac1bd30b18c6d64c49bca137eb21c2e04da62712ca2b4f540c57112c38791852cfac7a5d19ed83a":0 + +ARIA-128-CBC Decrypt - Official Test Vectors 1.0 +aria_decrypt_cbc:"00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"49d61860b14909109cef0d22a9268134fadf9fb23151e9645fba75018bdb1538b53334634bbf7d4cd4b5377033060c155fe3948ca75de1031e1d85619e0ad61eb419a866b3c2dbfd10a4ed18b22149f75897f0b8668b0c1c542c687778835fb7cd46e45f85eaa7072437dd9fa6793d6f8d4ccefc4eb1ac641ac1bd30b18c6d64c49bca137eb21c2e04da62712ca2b4f540c57112c38791852cfac7a5d19ed83a":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-192-CBC Encrypt - Official Test Vectors 1.0 +aria_encrypt_cbc:"00112233445566778899aabbccddeeff0011223344556677":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"afe6cf23974b533c672a826264ea785f4e4f7f780dc7f3f1e0962b80902386d514e9c3e77259de92dd1102ffab086c1ea52a71260db5920a83295c25320e421147ca45d532f327b856ea947cd2196ae2e040826548b4c891b0ed0ca6e714dbc4631998d548110d666b3d54c2a091955c6f05beb4f62309368696c9791fc4c551564a2637f194346ec45fbca6c72a5b4612e208d531d6c34cc5c64eac6bd0cf8c":0 + +ARIA-192-CBC Decrypt - Official Test Vectors 1.0 +aria_decrypt_cbc:"00112233445566778899aabbccddeeff0011223344556677":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"afe6cf23974b533c672a826264ea785f4e4f7f780dc7f3f1e0962b80902386d514e9c3e77259de92dd1102ffab086c1ea52a71260db5920a83295c25320e421147ca45d532f327b856ea947cd2196ae2e040826548b4c891b0ed0ca6e714dbc4631998d548110d666b3d54c2a091955c6f05beb4f62309368696c9791fc4c551564a2637f194346ec45fbca6c72a5b4612e208d531d6c34cc5c64eac6bd0cf8c":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-256-CBC Encrypt - Official Test Vectors 1.0 +aria_encrypt_cbc:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"523a8a806ae621f155fdd28dbc34e1ab7b9b42432ad8b2efb96e23b13f0a6e52f36185d50ad002c5f601bee5493f118b243ee2e313642bffc3902e7b2efd9a12fa682edd2d23c8b9c5f043c18b17c1ec4b5867918270fbec1027c19ed6af833da5d620994668ca22f599791d292dd6273b2959082aafb7a996167cce1eec5f0cfd15f610d87e2dda9ba68ce1260ca54b222491418374294e7909b1e8551cd8de":0 + +ARIA-256-CBC Decrypt - Official Test Vectors 1.0 +aria_decrypt_cbc:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"523a8a806ae621f155fdd28dbc34e1ab7b9b42432ad8b2efb96e23b13f0a6e52f36185d50ad002c5f601bee5493f118b243ee2e313642bffc3902e7b2efd9a12fa682edd2d23c8b9c5f043c18b17c1ec4b5867918270fbec1027c19ed6af833da5d620994668ca22f599791d292dd6273b2959082aafb7a996167cce1eec5f0cfd15f610d87e2dda9ba68ce1260ca54b222491418374294e7909b1e8551cd8de":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-128-CTR Encrypt - Official Test Vectors 1.0 +aria_encrypt_ctr:"00112233445566778899aabbccddeeff":"00000000000000000000000000000000":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"ac5d7de805a0bf1c57c854501af60fa11497e2a34519dea1569e91e5b5ccae2ff3bfa1bf975f4571f48be191613546c3911163c085f871f0e7ae5f2a085b81851c2a3ddf20ecb8fa51901aec8ee4ba32a35dab67bb72cd9140ad188a967ac0fbbdfa94ea6cce47dcf8525ab5a814cfeb2bb60ee2b126e2d9d847c1a9e96f9019e3e6a7fe40d3829afb73db1cc245646addb62d9b907baaafbe46a73dbc131d3d":0 + +ARIA-192-CTR Encrypt - Official Test Vectors 1.0 +aria_encrypt_ctr:"00112233445566778899aabbccddeeff0011223344556677":"00000000000000000000000000000000":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"08625ca8fe569c19ba7af3760a6ed1cef4d199263e999dde14082dbba7560b79a4c6b456b8707dce751f9854f18893dfdb3f4e5afa539733e6f1e70b98ba37891f8f81e95df8efc26c7ce043504cb18958b865e4e316cd2aa1c97f31bf23dc046ef326b95a692a191ba0f2a41c5fe9ae070f236ff7078e703b42666caafbdd20bad74ac4c20c0f46c7ca24c151716575c947da16c90cfe1bf217a41cfebe7531":0 + +ARIA-192-CTR Decrypt - Official Test Vectors 1.0 +aria_decrypt_ctr:"00112233445566778899aabbccddeeff0011223344556677":"00000000000000000000000000000000":"08625ca8fe569c19ba7af3760a6ed1cef4d199263e999dde14082dbba7560b79a4c6b456b8707dce751f9854f18893dfdb3f4e5afa539733e6f1e70b98ba37891f8f81e95df8efc26c7ce043504cb18958b865e4e316cd2aa1c97f31bf23dc046ef326b95a692a191ba0f2a41c5fe9ae070f236ff7078e703b42666caafbdd20bad74ac4c20c0f46c7ca24c151716575c947da16c90cfe1bf217a41cfebe7531":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-256-CTR Encrypt - Official Test Vectors 1.0 +aria_encrypt_ctr:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"00000000000000000000000000000000":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"30026c329666141721178b99c0a1f1b2f06940253f7b3089e2a30ea86aa3c88f5940f05ad7ee41d71347bb7261e348f18360473fdf7d4e7723bffb4411cc13f6cdd89f3bc7b9c768145022c7a74f14d7c305cd012a10f16050c23f1ae5c23f45998d13fbaa041e51619577e0772764896a5d4516d8ffceb3bf7e05f613edd9a60cdcedaff9cfcaf4e00d445a54334f73ab2cad944e51d266548e61c6eb0aa1cd":0 + +ARIA-256-CTR Decrypt - Official Test Vectors 1.0 +aria_decrypt_ctr:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"00000000000000000000000000000000":"30026c329666141721178b99c0a1f1b2f06940253f7b3089e2a30ea86aa3c88f5940f05ad7ee41d71347bb7261e348f18360473fdf7d4e7723bffb4411cc13f6cdd89f3bc7b9c768145022c7a74f14d7c305cd012a10f16050c23f1ae5c23f45998d13fbaa041e51619577e0772764896a5d4516d8ffceb3bf7e05f613edd9a60cdcedaff9cfcaf4e00d445a54334f73ab2cad944e51d266548e61c6eb0aa1cd":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-128-CFB128 Encrypt - Official Test Vectors 1.0 +aria_encrypt_cfb128:"00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"3720e53ba7d615383406b09f0a05a200c07c21e6370f413a5d132500a68285017c61b434c7b7ca9685a51071861e4d4bb873b599b479e2d573dddeafba89f812ac6a9e44d554078eb3be94839db4b33da3f59c063123a7ef6f20e10579fa4fd239100ca73b52d4fcafeadee73f139f78f9b7614c2b3b9dbe010f87db06a89a9435f79ce8121431371f4e87b984e0230c22a6dacb32fc42dcc6accef33285bf11":0 + +ARIA-128-CFB128 Decrypt - Official Test Vectors 1.0 +aria_decrypt_cfb128:"00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"3720e53ba7d615383406b09f0a05a200c07c21e6370f413a5d132500a68285017c61b434c7b7ca9685a51071861e4d4bb873b599b479e2d573dddeafba89f812ac6a9e44d554078eb3be94839db4b33da3f59c063123a7ef6f20e10579fa4fd239100ca73b52d4fcafeadee73f139f78f9b7614c2b3b9dbe010f87db06a89a9435f79ce8121431371f4e87b984e0230c22a6dacb32fc42dcc6accef33285bf11":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-192-CFB128 Encrypt - Official Test Vectors 1.0 +aria_encrypt_cfb128:"00112233445566778899aabbccddeeff0011223344556677":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"4171f7192bf4495494d2736129640f5c4d87a9a213664c9448477c6ecc2013598d9766952dd8c3868f17e36ef66fd84bfa45d1593d2d6ee3ea2115047d710d4fb66187caa3a315b3c8ea2d313962edcfe5a3e2028d5ba9a09fd5c65c19d3440e477f0cab0628ec6902c73ee02f1afee9f80115be7b9df82d1e28228e28581a20560e195cbb9e2b327bf56fd2d0ae5502e42c13e9b4015d4da42dc859252e7da4":0 + +ARIA-192-CFB128 Decrypt - Official Test Vectors 1.0 +aria_decrypt_cfb128:"00112233445566778899aabbccddeeff0011223344556677":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"4171f7192bf4495494d2736129640f5c4d87a9a213664c9448477c6ecc2013598d9766952dd8c3868f17e36ef66fd84bfa45d1593d2d6ee3ea2115047d710d4fb66187caa3a315b3c8ea2d313962edcfe5a3e2028d5ba9a09fd5c65c19d3440e477f0cab0628ec6902c73ee02f1afee9f80115be7b9df82d1e28228e28581a20560e195cbb9e2b327bf56fd2d0ae5502e42c13e9b4015d4da42dc859252e7da4":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 + +ARIA-256-CFB128 Encrypt - Official Test Vectors 1.0 +aria_encrypt_cfb128:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":"26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be":0 + +ARIA-256-CFB128 Decrypt - Official Test Vectors 1.0 +aria_decrypt_cfb128:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0 diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function new file mode 100644 index 0000000000..2c3e347322 --- /dev/null +++ b/tests/suites/test_suite_aria.function @@ -0,0 +1,318 @@ +/* BEGIN_HEADER */ +#include "mbedtls/aria.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_ARIA_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, + char *hex_dst_string, int setkey_result ) +{ + unsigned char key_str[1000]; + unsigned char src_str[1000]; + unsigned char dst_str[1000]; + unsigned char output[1000]; + mbedtls_aria_context ctx; + int key_len, data_len, i; + + memset( key_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + mbedtls_aria_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + data_len = unhexify( src_str, hex_src_string ); + + TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result ); + if( setkey_result == 0 ) + { + for( i = 0; i < data_len; i += 16 ) + { + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, src_str + i, output + i ) == 0 ); + } + hexify( dst_str, output, data_len ); + + TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + } + +exit: + mbedtls_aria_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, + char *hex_dst_string, int setkey_result ) +{ + unsigned char key_str[1000]; + unsigned char src_str[1000]; + unsigned char dst_str[1000]; + unsigned char output[1000]; + mbedtls_aria_context ctx; + int key_len, data_len, i; + + memset( key_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + mbedtls_aria_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + data_len = unhexify( src_str, hex_src_string ); + + TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result ); + if( setkey_result == 0 ) + { + for( i = 0; i < data_len; i += 16 ) + { + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, + src_str + i, output + i ) == 0 ); + } + hexify( dst_str, output, data_len ); + + TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + } + +exit: + mbedtls_aria_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ +void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, + char *hex_src_string, char *hex_dst_string, + int cbc_result ) +{ + unsigned char key_str[1000]; + unsigned char iv_str[1000]; + unsigned char src_str[1000]; + unsigned char dst_str[1000]; + unsigned char output[1000]; + mbedtls_aria_context ctx; + int key_len, data_len; + + memset( key_str, 0x00, 1000 ); + memset( iv_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + mbedtls_aria_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + unhexify( iv_str, hex_iv_string ); + data_len = unhexify( src_str, hex_src_string ); + + mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, + data_len, iv_str, src_str, output) == cbc_result ); + if( cbc_result == 0 ) + { + hexify( dst_str, output, data_len ); + + TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + } + +exit: + mbedtls_aria_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ +void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, + char *hex_src_string, char *hex_dst_string, + int cbc_result ) +{ + unsigned char key_str[1000]; + unsigned char iv_str[1000]; + unsigned char src_str[1000]; + unsigned char dst_str[1000]; + unsigned char output[1000]; + mbedtls_aria_context ctx; + int key_len, data_len; + + memset( key_str, 0x00, 1000 ); + memset( iv_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + mbedtls_aria_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + unhexify( iv_str, hex_iv_string ); + data_len = unhexify( src_str, hex_src_string ); + + mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, + data_len, iv_str, src_str, output ) == cbc_result ); + if( cbc_result == 0 ) + { + hexify( dst_str, output, data_len ); + + TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + } + +exit: + mbedtls_aria_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ +void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, + char *hex_src_string, char *hex_dst_string, + int result ) +{ + unsigned char key_str[1000]; + unsigned char iv_str[1000]; + unsigned char src_str[1000]; + unsigned char dst_str[1000]; + unsigned char output[1000]; + mbedtls_aria_context ctx; + size_t iv_offset = 0; + int key_len, data_len; + + memset( key_str, 0x00, 1000 ); + memset( iv_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + mbedtls_aria_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + unhexify( iv_str, hex_iv_string ); + data_len = unhexify( src_str, hex_src_string ); + + mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, + data_len, &iv_offset, iv_str, src_str, output ) == result ); + hexify( dst_str, output, data_len ); + + TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + +exit: + mbedtls_aria_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ +void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, + char *hex_src_string, char *hex_dst_string, + int result ) +{ + unsigned char key_str[1000]; + unsigned char iv_str[1000]; + unsigned char src_str[1000]; + unsigned char dst_str[1000]; + unsigned char output[1000]; + mbedtls_aria_context ctx; + size_t iv_offset = 0; + int key_len, data_len; + + memset( key_str, 0x00, 1000 ); + memset( iv_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + mbedtls_aria_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + unhexify( iv_str, hex_iv_string ); + data_len = unhexify( src_str, hex_src_string ); + + mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, + data_len, &iv_offset, iv_str, src_str, output ) == result ); + hexify( dst_str, output, data_len ); + + TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + +exit: + mbedtls_aria_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ +void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, + char *hex_src_string, char *hex_dst_string, + int result ) +{ + unsigned char key_str[1000]; + unsigned char iv_str[1000]; + unsigned char src_str[1000]; + unsigned char dst_str[1000]; + unsigned char output[1000]; + unsigned char blk[16]; + mbedtls_aria_context ctx; + size_t iv_offset = 0; + int key_len, data_len; + + memset( key_str, 0x00, 1000 ); + memset( iv_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + mbedtls_aria_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + unhexify( iv_str, hex_iv_string ); + data_len = unhexify( src_str, hex_src_string ); + + mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, + &iv_offset, iv_str, blk, src_str, output ) == result ); + hexify( dst_str, output, data_len ); + + TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + +exit: + mbedtls_aria_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ +void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, + char *hex_src_string, char *hex_dst_string, + int result ) +{ + unsigned char key_str[1000]; + unsigned char iv_str[1000]; + unsigned char src_str[1000]; + unsigned char dst_str[1000]; + unsigned char output[1000]; + unsigned char blk[16]; + mbedtls_aria_context ctx; + size_t iv_offset = 0; + int key_len, data_len; + + memset( key_str, 0x00, 1000 ); + memset( iv_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + mbedtls_aria_init( &ctx ); + + key_len = unhexify( key_str, hex_key_string ); + unhexify( iv_str, hex_iv_string ); + data_len = unhexify( src_str, hex_src_string ); + + mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, + &iv_offset, iv_str, blk, src_str, output ) == result ); + hexify( dst_str, output, data_len ); + + TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + +exit: + mbedtls_aria_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ +void aria_selftest() +{ + TEST_ASSERT( mbedtls_aria_self_test( 1 ) == 0 ); +} +/* END_CASE */ From 0fb47fe71f58902b255bde29a794bfd68f08dd34 Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Fri, 1 Dec 2017 15:41:38 +0000 Subject: [PATCH 0713/1059] MBEDTLS_ARIA_ALT added as a feature --- include/mbedtls/config.h | 2 ++ library/version_features.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8c217544bb..3369620fbb 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -271,6 +271,7 @@ */ //#define MBEDTLS_AES_ALT //#define MBEDTLS_ARC4_ALT +//#define MBEDTLS_ARIA_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_CCM_ALT @@ -288,6 +289,7 @@ //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT //#define MBEDTLS_XTEA_ALT + /* * When replacing the elliptic curve module, pleace consider, that it is * implemented with two .c files: diff --git a/library/version_features.c b/library/version_features.c index 3b1319ef11..61088168c2 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -90,6 +90,9 @@ static const char *features[] = { #if defined(MBEDTLS_ARC4_ALT) "MBEDTLS_ARC4_ALT", #endif /* MBEDTLS_ARC4_ALT */ +#if defined(MBEDTLS_ARIA_ALT) + "MBEDTLS_ARIA_ALT", +#endif /* MBEDTLS_ARIA_ALT */ #if defined(MBEDTLS_BLOWFISH_ALT) "MBEDTLS_BLOWFISH_ALT", #endif /* MBEDTLS_BLOWFISH_ALT */ From 07478d6f309d1a82f753b300fb05eb3c68df1958 Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Fri, 1 Dec 2017 16:20:15 +0000 Subject: [PATCH 0714/1059] something to do with whitespaces --- library/error.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/library/error.c b/library/error.c index 16680775fb..0e0cc51fc8 100644 --- a/library/error.c +++ b/library/error.c @@ -49,6 +49,10 @@ #include "mbedtls/arc4.h" #endif +#if defined(MBEDTLS_ARIA_C) +#include "mbedtls/aria.h" +#endif + #if defined(MBEDTLS_BASE64_C) #include "mbedtls/base64.h" #endif @@ -65,10 +69,6 @@ #include "mbedtls/camellia.h" #endif -#if defined(MBEDTLS_ARIA_C) -#include "mbedtls/aria.h" -#endif - #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" #endif @@ -585,6 +585,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" ); #endif /* MBEDTLS_ARC4_C */ +#if defined(MBEDTLS_ARIA_C) + if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) ) + mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) + mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); +#endif /* MBEDTLS_ARIA_C */ + #if defined(MBEDTLS_ASN1_PARSE_C) if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) ) mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" ); @@ -646,13 +653,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ -#if defined(MBEDTLS_ARIA_C) - if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" ); - if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); -#endif /* MBEDTLS_ARIA_C */ - #if defined(MBEDTLS_CCM_C) if( use_ret == -(MBEDTLS_ERR_CCM_BAD_INPUT) ) mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to the function" ); From c06e1014e1ee7cbf45346bf71ecfefcd48ad5ead Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Thu, 7 Dec 2017 11:51:13 +0000 Subject: [PATCH 0715/1059] ARIA ciphersuites for TLS 1.2 --- include/mbedtls/cipher.h | 19 ++ include/mbedtls/ssl_ciphersuites.h | 57 ++++- library/cipher_wrap.c | 392 +++++++++++++++++++++++++++++ library/ssl_ciphersuites.c | 385 +++++++++++++++++++++++++++- library/ssl_tls.c | 10 +- 5 files changed, 856 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index d1f4efef8e..fec259f7aa 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -84,6 +84,7 @@ typedef enum { MBEDTLS_CIPHER_ID_CAMELLIA, MBEDTLS_CIPHER_ID_BLOWFISH, MBEDTLS_CIPHER_ID_ARC4, + MBEDTLS_CIPHER_ID_ARIA, } mbedtls_cipher_id_t; /** @@ -143,6 +144,24 @@ typedef enum { MBEDTLS_CIPHER_CAMELLIA_128_CCM, MBEDTLS_CIPHER_CAMELLIA_192_CCM, MBEDTLS_CIPHER_CAMELLIA_256_CCM, + MBEDTLS_CIPHER_ARIA_128_ECB, + MBEDTLS_CIPHER_ARIA_192_ECB, + MBEDTLS_CIPHER_ARIA_256_ECB, + MBEDTLS_CIPHER_ARIA_128_CBC, + MBEDTLS_CIPHER_ARIA_192_CBC, + MBEDTLS_CIPHER_ARIA_256_CBC, + MBEDTLS_CIPHER_ARIA_128_CFB128, + MBEDTLS_CIPHER_ARIA_192_CFB128, + MBEDTLS_CIPHER_ARIA_256_CFB128, + MBEDTLS_CIPHER_ARIA_128_CTR, + MBEDTLS_CIPHER_ARIA_192_CTR, + MBEDTLS_CIPHER_ARIA_256_CTR, + MBEDTLS_CIPHER_ARIA_128_GCM, + MBEDTLS_CIPHER_ARIA_192_GCM, + MBEDTLS_CIPHER_ARIA_256_GCM, + MBEDTLS_CIPHER_ARIA_128_CCM, + MBEDTLS_CIPHER_ARIA_192_CCM, + MBEDTLS_CIPHER_ARIA_256_CCM, } mbedtls_cipher_type_t; /** Supported cipher modes. */ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 545468a510..5223f02e08 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -169,6 +169,61 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */ +#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C +#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D +#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 0xC03E +#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 0xC03F +#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 0xC040 +#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 0xC041 +#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 0xC042 +#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 0xC043 +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 +#define MBEDTLS_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 0xC046 +#define MBEDTLS_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 0xC047 +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F +#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 +#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 +#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 0xC054 +#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 0xC055 +#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0xC056 +#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0xC057 +#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 0xC058 +#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 0xC059 +#define MBEDTLS_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 0xC05A +#define MBEDTLS_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 0xC05B +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 +#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 +#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 +#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A +#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F +#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 +#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 + #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */ @@ -267,7 +322,7 @@ typedef enum { defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED #endif diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index dc76af8ff4..47851e9c02 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -45,6 +45,10 @@ #include "mbedtls/camellia.h" #endif +#if defined(MBEDTLS_ARIA_C) +#include "mbedtls/aria.h" +#endif + #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" #endif @@ -822,6 +826,363 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = { #endif /* MBEDTLS_CAMELLIA_C */ +#if defined(MBEDTLS_ARIA_C) + +static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output ) +{ + return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, operation, input, + output ); +} + +#if defined(MBEDTLS_CIPHER_MODE_CBC) +static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, + size_t length, unsigned char *iv, + const unsigned char *input, unsigned char *output ) +{ + return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv, + input, output ); +} +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) +static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output ) +{ + return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length, + iv_off, iv, input, output ); +} +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) +static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output ) +{ + return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off, + nonce_counter, stream_block, input, output ); +} +#endif /* MBEDTLS_CIPHER_MODE_CTR */ + +static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key, + unsigned int key_bitlen ) +{ + return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen ); +} + +static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key, + unsigned int key_bitlen ) +{ + return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen ); +} + +static void * aria_ctx_alloc( void ) +{ + mbedtls_aria_context *ctx; + ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) ); + + if( ctx == NULL ) + return( NULL ); + + mbedtls_aria_init( ctx ); + + return( ctx ); +} + +static void aria_ctx_free( void *ctx ) +{ + mbedtls_aria_free( (mbedtls_aria_context *) ctx ); + mbedtls_free( ctx ); +} + +static const mbedtls_cipher_base_t aria_info = { + MBEDTLS_CIPHER_ID_ARIA, + aria_crypt_ecb_wrap, +#if defined(MBEDTLS_CIPHER_MODE_CBC) + aria_crypt_cbc_wrap, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) + aria_crypt_cfb128_wrap, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) + aria_crypt_ctr_wrap, +#endif +#if defined(MBEDTLS_CIPHER_MODE_STREAM) + NULL, +#endif + aria_setkey_enc_wrap, + aria_setkey_dec_wrap, + aria_ctx_alloc, + aria_ctx_free +}; + +static const mbedtls_cipher_info_t aria_128_ecb_info = { + MBEDTLS_CIPHER_ARIA_128_ECB, + MBEDTLS_MODE_ECB, + 128, + "ARIA-128-ECB", + 16, + 0, + 16, + &aria_info +}; + +static const mbedtls_cipher_info_t aria_192_ecb_info = { + MBEDTLS_CIPHER_ARIA_192_ECB, + MBEDTLS_MODE_ECB, + 192, + "ARIA-192-ECB", + 16, + 0, + 16, + &aria_info +}; + +static const mbedtls_cipher_info_t aria_256_ecb_info = { + MBEDTLS_CIPHER_ARIA_256_ECB, + MBEDTLS_MODE_ECB, + 256, + "ARIA-256-ECB", + 16, + 0, + 16, + &aria_info +}; + +#if defined(MBEDTLS_CIPHER_MODE_CBC) +static const mbedtls_cipher_info_t aria_128_cbc_info = { + MBEDTLS_CIPHER_ARIA_128_CBC, + MBEDTLS_MODE_CBC, + 128, + "ARIA-128-CBC", + 16, + 0, + 16, + &aria_info +}; + +static const mbedtls_cipher_info_t aria_192_cbc_info = { + MBEDTLS_CIPHER_ARIA_192_CBC, + MBEDTLS_MODE_CBC, + 192, + "ARIA-192-CBC", + 16, + 0, + 16, + &aria_info +}; + +static const mbedtls_cipher_info_t aria_256_cbc_info = { + MBEDTLS_CIPHER_ARIA_256_CBC, + MBEDTLS_MODE_CBC, + 256, + "ARIA-256-CBC", + 16, + 0, + 16, + &aria_info +}; +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) +static const mbedtls_cipher_info_t aria_128_cfb128_info = { + MBEDTLS_CIPHER_ARIA_128_CFB128, + MBEDTLS_MODE_CFB, + 128, + "ARIA-128-CFB128", + 16, + 0, + 16, + &aria_info +}; + +static const mbedtls_cipher_info_t aria_192_cfb128_info = { + MBEDTLS_CIPHER_ARIA_192_CFB128, + MBEDTLS_MODE_CFB, + 192, + "ARIA-192-CFB128", + 16, + 0, + 16, + &aria_info +}; + +static const mbedtls_cipher_info_t aria_256_cfb128_info = { + MBEDTLS_CIPHER_ARIA_256_CFB128, + MBEDTLS_MODE_CFB, + 256, + "ARIA-256-CFB128", + 16, + 0, + 16, + &aria_info +}; +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) +static const mbedtls_cipher_info_t aria_128_ctr_info = { + MBEDTLS_CIPHER_ARIA_128_CTR, + MBEDTLS_MODE_CTR, + 128, + "ARIA-128-CTR", + 16, + 0, + 16, + &aria_info +}; + +static const mbedtls_cipher_info_t aria_192_ctr_info = { + MBEDTLS_CIPHER_ARIA_192_CTR, + MBEDTLS_MODE_CTR, + 192, + "ARIA-192-CTR", + 16, + 0, + 16, + &aria_info +}; + +static const mbedtls_cipher_info_t aria_256_ctr_info = { + MBEDTLS_CIPHER_ARIA_256_CTR, + MBEDTLS_MODE_CTR, + 256, + "ARIA-256-CTR", + 16, + 0, + 16, + &aria_info +}; +#endif /* MBEDTLS_CIPHER_MODE_CTR */ + +#if defined(MBEDTLS_GCM_C) +static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key, + unsigned int key_bitlen ) +{ + return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, + key, key_bitlen ); +} + +static const mbedtls_cipher_base_t gcm_aria_info = { + MBEDTLS_CIPHER_ID_ARIA, + NULL, +#if defined(MBEDTLS_CIPHER_MODE_CBC) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_STREAM) + NULL, +#endif + gcm_aria_setkey_wrap, + gcm_aria_setkey_wrap, + gcm_ctx_alloc, + gcm_ctx_free, +}; + +static const mbedtls_cipher_info_t aria_128_gcm_info = { + MBEDTLS_CIPHER_ARIA_128_GCM, + MBEDTLS_MODE_GCM, + 128, + "ARIA-128-GCM", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &gcm_aria_info +}; + +static const mbedtls_cipher_info_t aria_192_gcm_info = { + MBEDTLS_CIPHER_ARIA_192_GCM, + MBEDTLS_MODE_GCM, + 192, + "ARIA-192-GCM", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &gcm_aria_info +}; + +static const mbedtls_cipher_info_t aria_256_gcm_info = { + MBEDTLS_CIPHER_ARIA_256_GCM, + MBEDTLS_MODE_GCM, + 256, + "ARIA-256-GCM", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &gcm_aria_info +}; +#endif /* MBEDTLS_GCM_C */ + +#if defined(MBEDTLS_CCM_C) +static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key, + unsigned int key_bitlen ) +{ + return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, + key, key_bitlen ); +} + +static const mbedtls_cipher_base_t ccm_aria_info = { + MBEDTLS_CIPHER_ID_ARIA, + NULL, +#if defined(MBEDTLS_CIPHER_MODE_CBC) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) + NULL, +#endif +#if defined(MBEDTLS_CIPHER_MODE_STREAM) + NULL, +#endif + ccm_aria_setkey_wrap, + ccm_aria_setkey_wrap, + ccm_ctx_alloc, + ccm_ctx_free, +}; + +static const mbedtls_cipher_info_t aria_128_ccm_info = { + MBEDTLS_CIPHER_ARIA_128_CCM, + MBEDTLS_MODE_CCM, + 128, + "ARIA-128-CCM", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aria_info +}; + +static const mbedtls_cipher_info_t aria_192_ccm_info = { + MBEDTLS_CIPHER_ARIA_192_CCM, + MBEDTLS_MODE_CCM, + 192, + "ARIA-192-CCM", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aria_info +}; + +static const mbedtls_cipher_info_t aria_256_ccm_info = { + MBEDTLS_CIPHER_ARIA_256_CCM, + MBEDTLS_MODE_CCM, + 256, + "ARIA-256-CCM", + 12, + MBEDTLS_CIPHER_VARIABLE_IV_LEN, + 16, + &ccm_aria_info +}; +#endif /* MBEDTLS_CCM_C */ + +#endif /* MBEDTLS_ARIA_C */ + #if defined(MBEDTLS_DES_C) static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, @@ -1427,6 +1788,37 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = #endif #endif /* MBEDTLS_CAMELLIA_C */ +#if defined(MBEDTLS_ARIA_C) + { MBEDTLS_CIPHER_ARIA_128_ECB, &aria_128_ecb_info }, + { MBEDTLS_CIPHER_ARIA_192_ECB, &aria_192_ecb_info }, + { MBEDTLS_CIPHER_ARIA_256_ECB, &aria_256_ecb_info }, +#if defined(MBEDTLS_CIPHER_MODE_CBC) + { MBEDTLS_CIPHER_ARIA_128_CBC, &aria_128_cbc_info }, + { MBEDTLS_CIPHER_ARIA_192_CBC, &aria_192_cbc_info }, + { MBEDTLS_CIPHER_ARIA_256_CBC, &aria_256_cbc_info }, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) + { MBEDTLS_CIPHER_ARIA_128_CFB128, &aria_128_cfb128_info }, + { MBEDTLS_CIPHER_ARIA_192_CFB128, &aria_192_cfb128_info }, + { MBEDTLS_CIPHER_ARIA_256_CFB128, &aria_256_cfb128_info }, +#endif +#if defined(MBEDTLS_CIPHER_MODE_CTR) + { MBEDTLS_CIPHER_ARIA_128_CTR, &aria_128_ctr_info }, + { MBEDTLS_CIPHER_ARIA_192_CTR, &aria_192_ctr_info }, + { MBEDTLS_CIPHER_ARIA_256_CTR, &aria_256_ctr_info }, +#endif +#if defined(MBEDTLS_GCM_C) + { MBEDTLS_CIPHER_ARIA_128_GCM, &aria_128_gcm_info }, + { MBEDTLS_CIPHER_ARIA_192_GCM, &aria_192_gcm_info }, + { MBEDTLS_CIPHER_ARIA_256_GCM, &aria_256_gcm_info }, +#endif +#if defined(MBEDTLS_CCM_C) + { MBEDTLS_CIPHER_ARIA_128_CCM, &aria_128_ccm_info }, + { MBEDTLS_CIPHER_ARIA_192_CCM, &aria_192_ccm_info }, + { MBEDTLS_CIPHER_ARIA_256_CCM, &aria_256_ccm_info }, +#endif +#endif /* MBEDTLS_ARIA_C */ + #if defined(MBEDTLS_DES_C) { MBEDTLS_CIPHER_DES_ECB, &des_ecb_info }, { MBEDTLS_CIPHER_DES_EDE_ECB, &des_ede_ecb_info }, diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 95e6163ccc..9734ec0791 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -47,7 +47,7 @@ * 1. By key exchange: * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK * 2. By key length and cipher: - * AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES + * AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-256 > 3DES * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 * 4. By hash function used when relevant * 5. By key exchange/auth again: EC > non-EC @@ -81,6 +81,14 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + /* All ARIA-256 ephemeral suites */ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, + MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, + MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, + /* All AES-128 ephemeral suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, @@ -105,6 +113,14 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + /* All ARIA-128 ephemeral suites */ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, + MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, + MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, + /* All remaining >= 128-bit ephemeral suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, @@ -194,12 +210,16 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, @@ -211,6 +231,8 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, + MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_PSK_WITH_AES_128_CCM, @@ -219,6 +241,8 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, + MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1688,6 +1712,365 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_DES_C */ #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */ +#if defined(MBEDTLS_ARIA_C) + +#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS-RSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS-RSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS-RSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS-RSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS-PSK-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS-PSK-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS-PSK-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS-PSK-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) + +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, + "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, + "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) + { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif +#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) + { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 }, +#endif + +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ + +#endif /* MBEDTLS_ARIA_C */ + + { 0, "", MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, 0, 0, 0, 0, 0 } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ff52104ff4..2ff04c5fcd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1269,7 +1269,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) ) + ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) ) #define SSL_SOME_MODES_USE_MAC #endif @@ -1470,7 +1470,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) + ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) if( mode == MBEDTLS_MODE_CBC ) { int ret; @@ -1586,7 +1586,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_CIPHER_MODE_CBC && - ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ + ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -1730,7 +1730,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) + ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) if( mode == MBEDTLS_MODE_CBC ) { /* @@ -1942,7 +1942,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_CIPHER_MODE_CBC && - ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */ + ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); From 841192ba88c22c24b3e45429ffbf998f40e6b469 Mon Sep 17 00:00:00 2001 From: "Markku-Juhani O. Saarinen" Date: Thu, 7 Dec 2017 12:36:55 +0000 Subject: [PATCH 0716/1059] fixed a macro to uppercase for a test script (.._TLS_DH_anon_WITH.. -> _DH_ANON_WITH_) --- include/mbedtls/ssl_ciphersuites.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5223f02e08..05f2d65577 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -179,8 +179,8 @@ extern "C" { #define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 0xC043 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 -#define MBEDTLS_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 0xC046 -#define MBEDTLS_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 0xC047 +#define MBEDTLS_TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 0xC046 +#define MBEDTLS_TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 0xC047 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A @@ -199,8 +199,8 @@ extern "C" { #define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0xC057 #define MBEDTLS_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 0xC058 #define MBEDTLS_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 0xC059 -#define MBEDTLS_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 0xC05A -#define MBEDTLS_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 0xC05B +#define MBEDTLS_TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 0xC05A +#define MBEDTLS_TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 0xC05B #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E From 392c2d2524a23e53739d2974ed417966ecfc0f7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 15 Feb 2018 11:06:14 +0100 Subject: [PATCH 0717/1059] compat.sh: run 1.2-only tests with DTLS too --- tests/compat.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 672bdab784..8323904671 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -687,7 +687,7 @@ add_mbedtls_ciphersuites() ;; "RSA") - if [ "$MODE" = "tls1_2" ]; + if [ `minor_ver "$MODE"` -ge 3 ] then M_CIPHERS="$M_CIPHERS \ TLS-RSA-WITH-AES-128-CCM \ @@ -715,7 +715,7 @@ add_mbedtls_ciphersuites() TLS-RSA-PSK-WITH-NULL-SHA \ " fi - if [ "$MODE" = "tls1_2" ]; + if [ `minor_ver "$MODE"` -ge 3 ] then M_CIPHERS="$M_CIPHERS \ TLS-PSK-WITH-AES-128-CCM \ From a0e47088d867953bb0b8c029bffac91aa4c2a8a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 15 Feb 2018 11:07:58 +0100 Subject: [PATCH 0718/1059] compat.sh: add self-interop tests for ARIA suites --- tests/compat.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index 8323904671..ba44cdb5fb 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -682,6 +682,10 @@ add_mbedtls_ciphersuites() TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ + TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \ " fi ;; @@ -698,6 +702,14 @@ add_mbedtls_ciphersuites() TLS-RSA-WITH-AES-256-CCM-8 \ TLS-DHE-RSA-WITH-AES-128-CCM-8 \ TLS-DHE-RSA-WITH-AES-256-CCM-8 \ + TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \ " fi ;; @@ -726,6 +738,14 @@ add_mbedtls_ciphersuites() TLS-PSK-WITH-AES-256-CCM-8 \ TLS-DHE-PSK-WITH-AES-128-CCM-8 \ TLS-DHE-PSK-WITH-AES-256-CCM-8 \ + TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \ + TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \ + TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \ + TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \ + TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ + TLS-PSK-WITH-ARIA-256-CBC-SHA384 \ + TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ + TLS-PSK-WITH-ARIA-128-CBC-SHA256 \ " fi ;; From 7299dfd86bd09b658a1dad6809b790af9cd35995 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 15 Feb 2018 11:43:55 +0100 Subject: [PATCH 0719/1059] compat.sh: add ARIA interop tests with OpenSSL Disabled by default, needs OpenSSL >= 1.1.1 - tested locally with 1.1.1-pre1 Local version of OpenSSL was compiled with: ./config --prefix=$HOME/usr/openssl-1.1.1-pre1 -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' make make install With OpenSSL 1.1.1-pre1, two ciphersuites were incorrectly skipped, but this has since been fixed in OpenSSL master, see: https://github.com/openssl/openssl/issues/5406 --- tests/compat.sh | 64 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 53 insertions(+), 11 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index ba44cdb5fb..63c1636edb 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -53,7 +53,12 @@ MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2" VERIFIES="NO YES" TYPES="ECDSA RSA PSK" FILTER="" -EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) +# exclude: +# - NULL: excluded from our default config +# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions +# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) +# - ARIA: requires OpenSSL >= 1.1.1 +EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA' VERBOSE="" MEMCHECK=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" @@ -226,6 +231,9 @@ reset_ciphersuites() G_CIPHERS="" } +# Ciphersuites that can be used with all peers. +# Since we currently have three possible peers, each ciphersuite should appear +# three times: in each peer's list (with the name that this peer uses). add_common_ciphersuites() { case $TYPE in @@ -422,6 +430,12 @@ add_common_ciphersuites() esac } +# Ciphersuites usable only with Mbed TLS and OpenSSL +# Each ciphersuite should appear two times, once with its OpenSSL name, once +# with its Mbed TLS name. +# +# NOTE: for some reason RSA-PSK doesn't work with OpenSSL, +# so RSA-PSK ciphersuites need to go in other sections. add_openssl_ciphersuites() { case $TYPE in @@ -451,12 +465,16 @@ add_openssl_ciphersuites() TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ " O_CIPHERS="$O_CIPHERS \ ECDH-ECDSA-AES128-SHA256 \ ECDH-ECDSA-AES256-SHA384 \ ECDH-ECDSA-AES128-GCM-SHA256 \ ECDH-ECDSA-AES256-GCM-SHA384 \ + ECDHE-ECDSA-ARIA256-GCM-SHA384 \ + ECDHE-ECDSA-ARIA128-GCM-SHA256 \ " fi ;; @@ -470,13 +488,42 @@ add_openssl_ciphersuites() DES-CBC-SHA \ EDH-RSA-DES-CBC-SHA \ " + if [ `minor_ver "$MODE"` -ge 3 ] + then + M_CIPHERS="$M_CIPHERS \ + TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \ + " + O_CIPHERS="$O_CIPHERS \ + ECDHE-ARIA256-GCM-SHA384 \ + DHE-RSA-ARIA256-GCM-SHA384 \ + ECDHE-ARIA128-GCM-SHA256 \ + DHE-RSA-ARIA128-GCM-SHA256 \ + " + fi ;; "PSK") + if [ `minor_ver "$MODE"` -ge 3 ] + then + M_CIPHERS="$M_CIPHERS \ + TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ + TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ + " + O_CIPHERS="$O_CIPHERS \ + PSK-ARIA256-GCM-SHA384 \ + PSK-ARIA128-GCM-SHA256 \ + " + fi ;; esac } +# Ciphersuites usable only with Mbed TLS and GnuTLS +# Each ciphersuite should appear two times, once with its GnuTLS name, once +# with its Mbed TLS name. add_gnutls_ciphersuites() { case $TYPE in @@ -661,6 +708,9 @@ add_gnutls_ciphersuites() esac } +# Ciphersuites usable only with Mbed TLS (not currently supported by another +# peer usable in this script). This provide only very rudimentaty testing, as +# this is not interop testing, but it's better than nothing. add_mbedtls_ciphersuites() { case $TYPE in @@ -682,9 +732,7 @@ add_mbedtls_ciphersuites() TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ - TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \ TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \ - TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \ " fi @@ -702,12 +750,8 @@ add_mbedtls_ciphersuites() TLS-RSA-WITH-AES-256-CCM-8 \ TLS-DHE-RSA-WITH-AES-128-CCM-8 \ TLS-DHE-RSA-WITH-AES-256-CCM-8 \ - TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ - TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \ TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \ - TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ - TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \ TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \ TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \ " @@ -738,14 +782,12 @@ add_mbedtls_ciphersuites() TLS-PSK-WITH-AES-256-CCM-8 \ TLS-DHE-PSK-WITH-AES-128-CCM-8 \ TLS-DHE-PSK-WITH-AES-256-CCM-8 \ - TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \ - TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \ TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \ - TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-PSK-WITH-ARIA-256-CBC-SHA384 \ - TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ TLS-PSK-WITH-ARIA-128-CBC-SHA256 \ + TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \ + TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \ " fi ;; From 4db944c5f4beea927c23bb1ed5d6989a8eafe707 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Feb 2018 10:19:56 +0100 Subject: [PATCH 0720/1059] Don't declare unsupported ciphersuites Removed DSS, static DH, DH_anon --- include/mbedtls/ssl_ciphersuites.h | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 05f2d65577..6d11d4b146 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -171,16 +171,8 @@ extern "C" { #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D -#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 0xC03E -#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 0xC03F -#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 0xC040 -#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 0xC041 -#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 0xC042 -#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 0xC043 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 -#define MBEDTLS_TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 0xC046 -#define MBEDTLS_TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 0xC047 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A @@ -193,14 +185,6 @@ extern "C" { #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 -#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 0xC054 -#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 0xC055 -#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0xC056 -#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0xC057 -#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 0xC058 -#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 0xC059 -#define MBEDTLS_TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 0xC05A -#define MBEDTLS_TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 0xC05B #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E From 9decaf57b74619060a91f457b1e48bce639f5afb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Feb 2018 10:21:52 +0100 Subject: [PATCH 0721/1059] Document Aria suites as TLS 1.2-only --- include/mbedtls/ssl_ciphersuites.h | 76 +++++++++++++++--------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 6d11d4b146..13f84a4353 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -169,44 +169,44 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 +#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ +#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ +#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */ +#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ +#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */ From af37f0f68f314bcb315ecbf8e51996dff48b050d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Feb 2018 11:03:40 +0100 Subject: [PATCH 0722/1059] Add remaining ARIA suites to priority list Those suites were defined in ciphersuite_definitions[] but not included in ciphersuite_preference[] which meant they couldn't be negotiated unless explicitly added by the user. Add them so that they're usable by default like any other suite. --- library/ssl_ciphersuites.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 9734ec0791..2e9a0fd792 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -47,7 +47,7 @@ * 1. By key exchange: * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK * 2. By key length and cipher: - * AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-256 > 3DES + * AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 * 4. By hash function used when relevant * 5. By key exchange/auth again: EC > non-EC @@ -137,6 +137,9 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, + MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, + MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, @@ -148,6 +151,9 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, + MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, + MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, @@ -177,6 +183,14 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + /* All ARIA-256 suites */ + MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, + MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, + MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, + MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, + /* All AES-128 suites */ MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_RSA_WITH_AES_128_CCM, @@ -199,6 +213,14 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + /* All ARIA-128 suites */ + MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, + MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, + MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, + MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, + /* All remaining >= 128-bit suites */ MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, From bba64067bf584d76625e6719f6d3991c9d480704 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Feb 2018 11:58:44 +0100 Subject: [PATCH 0723/1059] compat.sh: add remaining ARIA suites --- tests/compat.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index 63c1636edb..93e6b3a6d6 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -493,14 +493,18 @@ add_openssl_ciphersuites() M_CIPHERS="$M_CIPHERS \ TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-RSA-WITH-ARIA-256-GCM-SHA384 \ TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-RSA-WITH-ARIA-128-GCM-SHA256 \ " O_CIPHERS="$O_CIPHERS \ ECDHE-ARIA256-GCM-SHA384 \ DHE-RSA-ARIA256-GCM-SHA384 \ + ARIA256-GCM-SHA384 \ ECDHE-ARIA128-GCM-SHA256 \ DHE-RSA-ARIA128-GCM-SHA256 \ + ARIA128-GCM-SHA256 \ " fi ;; @@ -509,10 +513,14 @@ add_openssl_ciphersuites() if [ `minor_ver "$MODE"` -ge 3 ] then M_CIPHERS="$M_CIPHERS \ + TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ + TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \ TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ " O_CIPHERS="$O_CIPHERS \ + DHE-PSK-ARIA256-GCM-SHA384 \ + DHE-PSK-ARIA128-GCM-SHA256 \ PSK-ARIA256-GCM-SHA384 \ PSK-ARIA128-GCM-SHA256 \ " @@ -734,6 +742,10 @@ add_mbedtls_ciphersuites() TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \ + TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \ + TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \ + TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \ " fi ;; @@ -754,6 +766,8 @@ add_mbedtls_ciphersuites() TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \ TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \ TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \ + TLS-RSA-WITH-ARIA-256-CBC-SHA384 \ + TLS-RSA-WITH-ARIA-128-CBC-SHA256 \ " fi ;; @@ -788,6 +802,10 @@ add_mbedtls_ciphersuites() TLS-PSK-WITH-ARIA-128-CBC-SHA256 \ TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \ TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \ + TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \ + TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \ + TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \ + TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \ " fi ;; From 6b3689237d51b7542f8ccc92cdbde18eff33da53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Feb 2018 12:02:07 +0100 Subject: [PATCH 0724/1059] Add compat.sh ARIA run to all.sh Warning: needs OpenSSL >= 1.1.1-pre1 installed and environment variable OPENSSL_NEXT pointing to it. --- scripts/output_env.sh | 5 +++++ tests/scripts/all.sh | 13 ++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 1afaac33e4..19b7c061f9 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -81,6 +81,11 @@ if [ -n "${OPENSSL_LEGACY+set}" ]; then echo fi +if [ -n "${OPENSSL_NEXT+set}" ]; then + print_version "$OPENSSL_NEXT" "version" "openssl next version not found!" + echo +fi + : ${GNUTLS_CLI:=gnutls-cli} print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1" echo diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d5fc12d0ac..764fa2c261 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -101,6 +101,7 @@ YOTTA=1 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} : ${OPENSSL_LEGACY:="$OPENSSL"} +: ${OPENSSL_NEXT:="$OPENSSL"} : ${GNUTLS_CLI:="gnutls-cli"} : ${GNUTLS_SERV:="gnutls-serv"} : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} @@ -141,6 +142,7 @@ Tool path options: --gnutls-legacy-serv= GnuTLS server executable to use for legacy tests. --openssl= OpenSSL executable to use for most tests. --openssl-legacy= OpenSSL executable to use for legacy tests e.g. SSLv3. + --openssl-next= OpenSSL executable to use for recent things like ARIA EOF } @@ -268,6 +270,10 @@ while [ $# -gt 0 ]; do shift OPENSSL_LEGACY="$1" ;; + --openssl-next) + shift + OPENSSL_NEXT="$1" + ;; --out-of-source-dir) shift OUT_OF_SOURCE_DIR="$1" @@ -397,6 +403,7 @@ echo "FORCE: $FORCE" echo "SEED: ${SEED-"UNSET"}" echo "OPENSSL: $OPENSSL" echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" +echo "OPENSSL_NEXT: $OPENSSL_NEXT" echo "GNUTLS_CLI: $GNUTLS_CLI" echo "GNUTLS_SERV: $GNUTLS_SERV" echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" @@ -419,7 +426,8 @@ export GNUTLS_SERV="$GNUTLS_SERV" [ ! -z ${SEED+set} ] && export SEED # Make sure the tools we need are available. -check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ +check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ + "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" if [ $RUN_ARMCC -ne 0 ]; then @@ -547,6 +555,9 @@ if_build_succeeded tests/ssl-opt.sh -f Default msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' +msg "test: compat.sh ARIA" +if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA' + msg "test/build: curves.pl (gcc)" # ~ 4 min cleanup cmake -D CMAKE_BUILD_TYPE:String=Debug . From 442f03b9e1f8c5452f66a1ab315a41c5dcf3bb39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Feb 2018 13:56:54 +0100 Subject: [PATCH 0725/1059] cmake: keep test list in alphabetic order --- tests/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index c85d3a2d8f..8c9ba45e48 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -49,6 +49,7 @@ add_test_suite(aes aes.cbc) add_test_suite(aes aes.cfb) add_test_suite(aes aes.rest) add_test_suite(arc4) +add_test_suite(aria) add_test_suite(asn1write) add_test_suite(base64) add_test_suite(blowfish) @@ -104,7 +105,6 @@ add_test_suite(version) add_test_suite(xtea) add_test_suite(x509parse) add_test_suite(x509write) -add_test_suite(aria) # Make data_files available in an out-of-source build if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) From a6d639e553aae26e487f0cddb0c0605f46fa614c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Feb 2018 13:45:44 +0100 Subject: [PATCH 0726/1059] aria: improve some comments & internal names --- include/mbedtls/error.h | 2 +- library/aria.c | 28 +++++++++++++++++++--------- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 5bdb6bb4a3..b65c25cb37 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -63,7 +63,7 @@ * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 11 0x0042-0x0052 0x0043-0x0045 - * ARIA 1 0x005C-0x005E + * ARIA 2 0x005C-0x005E * ASN1 7 0x0060-0x006C * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C diff --git a/library/aria.c b/library/aria.c index 0e2c23a259..a9a2c25112 100644 --- a/library/aria.c +++ b/library/aria.c @@ -19,6 +19,12 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* + * This implementation is based on the following standards: + * [1] http://210.104.33.10/ARIA/doc/ARIA-specification-e.pdf + * [2] https://tools.ietf.org/html/rfc5794 + */ + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -96,10 +102,14 @@ } -// ARIA Round function ( Substitution Layer SLx + Affine Transform A ) -// (ra, rb, rc, rd) = state in/out -// (sa, sb, sc, sd) = 256 8-bit S-Boxes -// (ta, tb, tc) = temporary variables +/* ARIA Round function ( Substitution Layer SLx + Affine Transform A ) + * (ra, rb, rc, rd) = state in/out + * (sa, sb, sc, sd) = 256 8-bit S-Boxes (see below) + * (ta, tb, tc) = temporary variables + * + * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1-then-A. + * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2-then-A. + */ #define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd, ta, tb, tc ) { \ ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ \ @@ -243,7 +253,7 @@ static const uint8_t aria_is2[0x100] = // r = FO( p, k ) ^ x -static void aria_fo( uint32_t r[4], +static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) { uint32_t a, b, c, d; @@ -264,7 +274,7 @@ static void aria_fo( uint32_t r[4], // r = FE( p, k ) ^ x -static void aria_fe(uint32_t r[4], +static void aria_fe_xor(uint32_t r[4], const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) { uint32_t a, b, c, d; @@ -350,11 +360,11 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, i = (keybits - 128) >> 6; // index: 0, 1, 2 ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16 - aria_fo( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR + aria_fo_xor( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR i = i < 2 ? i + 1 : 0; - aria_fe( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0 + aria_fe_xor( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0 i = i < 2 ? i + 1 : 0; - aria_fo( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1 + aria_fo_xor( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1 for( i = 0; i < 4; i++ ) // create round keys { From e1ad7491c5dee991f5855092d9b6a64c7bfb4084 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Feb 2018 13:59:05 +0100 Subject: [PATCH 0727/1059] aria: clean up interface of internal macros --- library/aria.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/library/aria.c b/library/aria.c index a9a2c25112..4c4f3bb182 100644 --- a/library/aria.c +++ b/library/aria.c @@ -78,9 +78,9 @@ // Affine Transform A // (ra, rb, rc, rd) = state in/out -// (ta, tb, tc) = temporary variables -#define ARIA_A( ra, rb, rc, rd, ta, tb, tc ) { \ +#define ARIA_A( ra, rb, rc, rd ) { \ + uint32_t ta, tb, tc; \ ta = rb; \ rb = ra; \ ra = ARIA_FLIP1( ta ); \ @@ -105,13 +105,13 @@ /* ARIA Round function ( Substitution Layer SLx + Affine Transform A ) * (ra, rb, rc, rd) = state in/out * (sa, sb, sc, sd) = 256 8-bit S-Boxes (see below) - * (ta, tb, tc) = temporary variables * * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1-then-A. * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2-then-A. */ -#define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd, ta, tb, tc ) { \ +#define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd ) { \ + uint32_t ta, tb, tc; \ ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ \ (((uint32_t) sd[ rb >> 24]) << 8) ^ \ (((uint32_t) sa[ rb & 0xFF]) << 16) ^ \ @@ -257,14 +257,13 @@ static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) { uint32_t a, b, c, d; - uint32_t t, u, v; a = p[0] ^ k[0]; b = p[1] ^ k[1]; c = p[2] ^ k[2]; d = p[3] ^ k[3]; - ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2, t, u, v ); + ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -278,14 +277,13 @@ static void aria_fe_xor(uint32_t r[4], const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) { uint32_t a, b, c, d; - uint32_t t, u, v; a = p[0] ^ k[0]; b = p[1] ^ k[1]; c = p[2] ^ k[2]; d = p[3] ^ k[3]; - ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2, t, u, v ); + ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -385,7 +383,6 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits) { int i, j, k, ret; - uint32_t t, u, v; ret = mbedtls_aria_setkey_enc( ctx, key, keybits ); if( ret != 0 ) @@ -396,7 +393,7 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, { for( k = 0; k < 4; k++ ) { - t = ctx->rk[i][k]; + uint32_t t = ctx->rk[i][k]; ctx->rk[i][k] = ctx->rk[j][k]; ctx->rk[j][k] = t; } @@ -404,10 +401,7 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, // apply affine transform to middle keys for (i = 1; i < ctx->nr; i++ ) - { - ARIA_A( ctx->rk[i][0], ctx->rk[i][1], ctx->rk[i][2], ctx->rk[i][3], - t, u, v ); - } + ARIA_A( ctx->rk[i][0], ctx->rk[i][1], ctx->rk[i][2], ctx->rk[i][3] ); return 0; } @@ -422,7 +416,6 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, int i; uint32_t a, b, c, d; - uint32_t t, u, v; ( (void) mode ); @@ -439,8 +432,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; i++; - ARIA_SLA( a, b, c, d, - aria_sb1, aria_sb2, aria_is1, aria_is2, t, u, v ); + ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); a ^= ctx->rk[i][0]; b ^= ctx->rk[i][1]; @@ -450,8 +442,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, if (i >= ctx->nr) break; - ARIA_SLA( a, b, c, d, - aria_is1, aria_is2, aria_sb1, aria_sb2, t, u, v ); + ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); } // final substitution From 9cc89248fe2773c611b996e2499f4f6327cb90a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Feb 2018 09:44:29 +0100 Subject: [PATCH 0728/1059] aria: use unsigned type for bit count --- library/aria.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/library/aria.c b/library/aria.c index 4c4f3bb182..6f76538cfa 100644 --- a/library/aria.c +++ b/library/aria.c @@ -296,21 +296,22 @@ static void aria_fe_xor(uint32_t r[4], // little-endian targets and stores state in that order. static void aria_rot128(uint32_t r[4], const uint32_t a[4], - const uint32_t b[4], int n) + const uint32_t b[4], uint8_t n) { - int i, j, n1, n2; + uint8_t i, j; uint32_t t, u; - j = (n >> 5) & 3; // word offset - n1 = n & 0x1F; // bit offsets - n2 = 32 - n1; // n1 should be nonzero! + const uint8_t n1 = n & 0x1F; // bit offset + const uint8_t n2 = 32 - n1; // reverse bit offset + + j = (n >> 5) & 3; // initial word offset t = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); // big endian for( i = 0; i < 4; i++ ) { j = (j + 1) & 3; // get next word, big endian u = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); t <<= n1; // rotate - if (n2 < 32) // intel rotate 32 bits = 0 bits.. + if (n2 < 32) // rotate 32 bits = 0 bits.. t |= u >> n2; t = ARIA_FLIP1( ARIA_FLIP2( t ) ); // back to little endian r[i] = a[i] ^ t; // store @@ -367,10 +368,10 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, for( i = 0; i < 4; i++ ) // create round keys { w2 = w[(i + 1) & 3]; - aria_rot128( ctx->rk[i ], w[i], w2, -19); - aria_rot128( ctx->rk[i + 4], w[i], w2, -31); - aria_rot128( ctx->rk[i + 8], w[i], w2, 61); - aria_rot128( ctx->rk[i + 12], w[i], w2, 31); + aria_rot128( ctx->rk[i ], w[i], w2, 128 - 19 ); + aria_rot128( ctx->rk[i + 4], w[i], w2, 128 - 31 ); + aria_rot128( ctx->rk[i + 8], w[i], w2, 61 ); + aria_rot128( ctx->rk[i + 12], w[i], w2, 31 ); } aria_rot128( ctx->rk[16], w[0], w[1], 19 ); From c76ceb677bfd86a73ccaa585c11b8f5122599d77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Feb 2018 09:50:17 +0100 Subject: [PATCH 0729/1059] aria: move conditional outside of loop --- library/aria.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/library/aria.c b/library/aria.c index 6f76538cfa..9b5febc26a 100644 --- a/library/aria.c +++ b/library/aria.c @@ -291,7 +291,7 @@ static void aria_fe_xor(uint32_t r[4], r[3] = d ^ x[3]; } -// Big endian 128-bit rotation: d = a ^ (b <<< n), used only in key setup. +// Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup. // This is relatively slow since our implementation is geared towards // little-endian targets and stores state in that order. @@ -301,18 +301,17 @@ static void aria_rot128(uint32_t r[4], const uint32_t a[4], uint8_t i, j; uint32_t t, u; - const uint8_t n1 = n & 0x1F; // bit offset - const uint8_t n2 = 32 - n1; // reverse bit offset + const uint8_t n1 = n % 32; // bit offset + const uint8_t n2 = n1 ? 32 - n1 : 0; // reverse bit offset - j = (n >> 5) & 3; // initial word offset + j = (n / 32) % 4; // initial word offset t = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); // big endian for( i = 0; i < 4; i++ ) { - j = (j + 1) & 3; // get next word, big endian + j = (j + 1) % 4; // get next word, big endian u = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); t <<= n1; // rotate - if (n2 < 32) // rotate 32 bits = 0 bits.. - t |= u >> n2; + t |= u >> n2; t = ARIA_FLIP1( ARIA_FLIP2( t ) ); // back to little endian r[i] = a[i] ^ t; // store t = u; // move to next word From 56453937a15d8de5e64a61158feb67cee87ee0b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Feb 2018 10:08:31 +0100 Subject: [PATCH 0730/1059] aria: use mbedtls_zeroize() --- library/aria.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/aria.c b/library/aria.c index 9b5febc26a..5a5222f6af 100644 --- a/library/aria.c +++ b/library/aria.c @@ -48,6 +48,11 @@ #if !defined(MBEDTLS_ARIA_ALT) +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; +} + // 32-bit integer manipulation macros (little endian) #ifndef GET_UINT32_LE @@ -489,8 +494,7 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ) if( ctx == NULL ) return; - // compiler can't remove this since this is not a static function - memset( ctx, 0, sizeof( mbedtls_aria_context ) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_aria_context ) ); } #if defined(MBEDTLS_CIPHER_MODE_CBC) From a41ecdabedb6387c6ef50d0c5955a3b1d600e8c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Feb 2018 10:33:26 +0100 Subject: [PATCH 0731/1059] aria: closer to usual comment style We're not absolutely consistent in the rest of the library, but we tend to use C99-style comments less often. Change to use C89-style comments everywhere except for end-of-line comments --- library/aria.c | 122 +++++++++++++++++++++++++++---------------------- 1 file changed, 68 insertions(+), 54 deletions(-) diff --git a/library/aria.c b/library/aria.c index 5a5222f6af..6857e99261 100644 --- a/library/aria.c +++ b/library/aria.c @@ -53,7 +53,9 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } -// 32-bit integer manipulation macros (little endian) +/* + * 32-bit integer manipulation macros (little endian) + */ #ifndef GET_UINT32_LE #define GET_UINT32_LE(n,b,i) \ @@ -75,16 +77,17 @@ static void mbedtls_zeroize( void *v, size_t n ) { } #endif -// FLIP1 modifies byte order ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits +/* modify byte order: ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits */ #define ARIA_FLIP1(x) (((x) >> 16) ^ ((x) << 16)) -// FLIP2 modifies byte order ( A B C D ) -> ( B A D C ), swap pairs of bytes +/* modify byte order ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes */ #define ARIA_FLIP2(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8)) -// Affine Transform A -// (ra, rb, rc, rd) = state in/out - -#define ARIA_A( ra, rb, rc, rd ) { \ +/* + * Affine Transform A + * (ra, rb, rc, rd) = state in/out + */ +#define ARIA_A( ra, rb, rc, rd ) { \ uint32_t ta, tb, tc; \ ta = rb; \ rb = ra; \ @@ -107,14 +110,14 @@ static void mbedtls_zeroize( void *v, size_t n ) { } -/* ARIA Round function ( Substitution Layer SLx + Affine Transform A ) +/* + * ARIA Round function ( Substitution Layer SLx + Affine Transform A ) * (ra, rb, rc, rd) = state in/out * (sa, sb, sc, sd) = 256 8-bit S-Boxes (see below) * * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1-then-A. * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2-then-A. */ - #define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd ) { \ uint32_t ta, tb, tc; \ ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ \ @@ -149,8 +152,9 @@ static void mbedtls_zeroize( void *v, size_t n ) { rc ^= ARIA_FLIP2( tc ) ^ ta; \ } -// S-Boxes - +/* + * S-Boxes + */ static const uint8_t aria_sb1[0x100] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, @@ -254,10 +258,10 @@ static const uint8_t aria_is2[0x100] = 0x25, 0x8A, 0xB5, 0xE7, 0x42, 0xB3, 0xC7, 0xEA, 0xF7, 0x4C, 0x11, 0x33, 0x03, 0xA2, 0xAC, 0x60 }; -// FO and FE are helpers for key schedule - -// r = FO( p, k ) ^ x +/* + * Helper for key schedule: r = FO( p, k ) ^ x + */ static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) { @@ -276,8 +280,9 @@ static void aria_fo_xor( uint32_t r[4], r[3] = d ^ x[3]; } -// r = FE( p, k ) ^ x - +/* + * Helper for key schedule: r = FE( p, k ) ^ x + */ static void aria_fe_xor(uint32_t r[4], const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) { @@ -296,10 +301,12 @@ static void aria_fe_xor(uint32_t r[4], r[3] = d ^ x[3]; } -// Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup. -// This is relatively slow since our implementation is geared towards -// little-endian targets and stores state in that order. - +/* + * Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup. + * + * We chose to store bytes into 32-bit words in little-endian format (see + * GET/PUT_UINT32_LE) so we need to reverse bytes here. + */ static void aria_rot128(uint32_t r[4], const uint32_t a[4], const uint32_t b[4], uint8_t n) { @@ -323,12 +330,13 @@ static void aria_rot128(uint32_t r[4], const uint32_t a[4], } } -// Set encryption key - +/* + * Set encryption key + */ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits) { - // round constant masks + /* round constant masks */ const uint32_t rc[3][4] = { { 0xB7C17C51, 0x940A2227, 0xE8AB13FE, 0xE06E9AFA }, @@ -342,8 +350,8 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, if (keybits != 128 && keybits != 192 && keybits != 256) return MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH; - // W0 = KL - GET_UINT32_LE( w[0][0], key, 0 ); // copy key to W0 | W1 + /* Copy key to W0 (and potential remainder to W1) */ + GET_UINT32_LE( w[0][0], key, 0 ); GET_UINT32_LE( w[0][1], key, 4 ); GET_UINT32_LE( w[0][2], key, 8 ); GET_UINT32_LE( w[0][3], key, 12 ); @@ -382,8 +390,9 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, return 0; } -// Set decryption key - +/* + * Set decryption key + */ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -393,7 +402,7 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, if( ret != 0 ) return ret; - // flip the order of round keys + /* flip the order of round keys */ for( i = 0, j = ctx->nr; i < j; i++, j-- ) { for( k = 0; k < 4; k++ ) @@ -404,15 +413,16 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, } } - // apply affine transform to middle keys + /* apply affine transform to middle keys */ for (i = 1; i < ctx->nr; i++ ) ARIA_A( ctx->rk[i][0], ctx->rk[i][1], ctx->rk[i][2], ctx->rk[i][3] ); return 0; } -// Encrypt a block - +/* + * Encrypt a block + */ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, int mode, const unsigned char input[16], @@ -450,8 +460,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); } - // final substitution - + /* final substitution */ a = ctx->rk[i][0] ^ ( (uint32_t) aria_is1[ a & 0xFF]) ^ (((uint32_t) aria_is2[(a >> 8) & 0xFF]) << 8) ^ @@ -484,11 +493,13 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, return 0; } +/* Initialize context */ void mbedtls_aria_init( mbedtls_aria_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_aria_context ) ); } +/* Clear context */ void mbedtls_aria_free( mbedtls_aria_context *ctx ) { if( ctx == NULL ) @@ -639,8 +650,9 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, #if defined(MBEDTLS_SELF_TEST) -// Basic ARIA ECB test vectors from RFC 5794 - +/* + * Basic ARIA ECB test vectors from RFC 5794 + */ static const uint8_t aria_test1_ecb_key[32] = // test key { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 128 bit @@ -665,9 +677,10 @@ static const uint8_t aria_test1_ecb_ct[3][16] = // ciphertext 0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC } }; -// Mode tests from "Test Vectors for ARIA" Version 1.0 -// http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf - +/* + * Mode tests from "Test Vectors for ARIA" Version 1.0 + * http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf + */ #if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \ defined(MBEDTLS_CIPHER_MODE_CTR)) static const uint8_t aria_test2_key[32] = @@ -769,10 +782,6 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertxt }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ -/* - * Checkup routine - */ - #define ARIA_SELF_TEST_IF_FAIL \ { \ if( verbose ) \ @@ -783,6 +792,9 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertxt printf( "passed\n" ); \ } +/* + * Checkup routine + */ int mbedtls_aria_self_test( int verbose ) { int i; @@ -799,11 +811,12 @@ int mbedtls_aria_self_test( int verbose ) uint8_t buf[48], iv[16]; #endif - // Test set 1 - + /* + * Test set 1 + */ for( i = 0; i < 3; i++ ) { - // test ECB encryption + /* test ECB encryption */ if( verbose ) printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); @@ -812,7 +825,7 @@ int mbedtls_aria_self_test( int verbose ) if( memcmp( blk, aria_test1_ecb_ct[i], 16 ) != 0 ) ARIA_SELF_TEST_IF_FAIL; - // test ECB decryption + /* test ECB decryption */ if( verbose ) printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i); mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); @@ -824,12 +837,13 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf("\n"); - // Test set 2 - + /* + * Test set 2 + */ #if defined(MBEDTLS_CIPHER_MODE_CBC) for( i = 0; i < 3; i++ ) { - // Test CBC encryption + /* Test CBC encryption */ if( verbose ) printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); @@ -840,7 +854,7 @@ int mbedtls_aria_self_test( int verbose ) if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_IF_FAIL; - // Test CBC decryption + /* Test CBC decryption */ if( verbose ) printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i); mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i ); @@ -859,7 +873,7 @@ int mbedtls_aria_self_test( int verbose ) #if defined(MBEDTLS_CIPHER_MODE_CFB) for( i = 0; i < 3; i++ ) { - // Test CFB encryption + /* Test CFB encryption */ if( verbose ) printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); @@ -871,7 +885,7 @@ int mbedtls_aria_self_test( int verbose ) if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_IF_FAIL; - // Test CFB decryption + /* Test CFB decryption */ if( verbose ) printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); @@ -890,7 +904,7 @@ int mbedtls_aria_self_test( int verbose ) #if defined(MBEDTLS_CIPHER_MODE_CTR) for( i = 0; i < 3; i++ ) { - // Test CTR encryption + /* Test CTR encryption */ if( verbose ) printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); @@ -902,7 +916,7 @@ int mbedtls_aria_self_test( int verbose ) if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ) ARIA_SELF_TEST_IF_FAIL; - // Test CTR decryption + /* Test CTR decryption */ if( verbose ) printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); From 62e813ca62a19fa6eaf8014edaa32fc6daa440ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Feb 2018 10:47:47 +0100 Subject: [PATCH 0732/1059] Add aria to benchmark program --- programs/test/benchmark.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 2864caf842..f548c1d7e1 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -54,21 +54,26 @@ int main( void ) #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" + #include "mbedtls/arc4.h" #include "mbedtls/des.h" #include "mbedtls/aes.h" +#include "mbedtls/aria.h" #include "mbedtls/blowfish.h" #include "mbedtls/camellia.h" #include "mbedtls/gcm.h" #include "mbedtls/ccm.h" #include "mbedtls/cmac.h" + #include "mbedtls/havege.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/hmac_drbg.h" + #include "mbedtls/rsa.h" #include "mbedtls/dhm.h" #include "mbedtls/ecdsa.h" #include "mbedtls/ecdh.h" + #include "mbedtls/error.h" #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) @@ -229,7 +234,7 @@ typedef struct { char md4, md5, ripemd160, sha1, sha256, sha512, arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac, - camellia, blowfish, + aria, camellia, blowfish, havege, ctr_drbg, hmac_drbg, rsa, dhm, ecdsa, ecdh; } todo_list; @@ -282,6 +287,8 @@ int main( int argc, char *argv[] ) todo.aes_cmac = 1; else if( strcmp( argv[i], "des3_cmac" ) == 0 ) todo.des3_cmac = 1; + else if( strcmp( argv[i], "aria" ) == 0 ) + todo.aria = 1; else if( strcmp( argv[i], "camellia" ) == 0 ) todo.camellia = 1; else if( strcmp( argv[i], "blowfish" ) == 0 ) @@ -498,6 +505,28 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_AES_C */ +#if defined(MBEDTLS_ARIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) + if( todo.aria ) + { + int keysize; + mbedtls_aria_context aria; + mbedtls_aria_init( &aria ); + for( keysize = 128; keysize <= 256; keysize += 64 ) + { + mbedtls_snprintf( title, sizeof( title ), "ARIA-CBC-%d", keysize ); + + memset( buf, 0, sizeof( buf ) ); + memset( tmp, 0, sizeof( tmp ) ); + mbedtls_aria_setkey_enc( &aria, tmp, keysize ); + + TIME_AND_TSC( title, + mbedtls_aria_crypt_cbc( &aria, MBEDTLS_ARIA_ENCRYPT, + BUFSIZE, tmp, buf, buf ) ); + } + mbedtls_aria_free( &aria ); + } +#endif + #if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.camellia ) { From 8c76a9489e0a947dbf59e22f77ceae5414ed8c34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Feb 2018 12:03:22 +0100 Subject: [PATCH 0733/1059] aria: turn macro into static inline function Besides documenting types better and so on, this give the compiler more room to optimise either for size or performance. Here are some before/after measurements of: - size of aria.o in bytes (less is better) - instruction count for the selftest function (less is better) with various -O flags. Before: O aria.o ins s 10896 37,256 2 11176 37,199 3 12248 27,752 After: O aria.o ins s 8784 41,408 2 11112 37,001 3 13096 27,438 The new version allows the compiler to reach smaller size with -Os while maintaining (actually slightly improving) performance with -O2 and -O3. Measurements were done on x86_64 (but since this is mainly about inlining code, this should transpose well to other platforms) using the following helper program and script, after disabling CBC, CFB and CTR in config.h, in order to focus on the core functions. ==> st.c <== #include "mbedtls/aria.h" int main( void ) { return mbedtls_aria_self_test( 0 ); } ==> p.sh <== #!/bin/sh set -eu ccount () { ( valgrind --tool=callgrind --dump-line=no --callgrind-out-file=/dev/null --collect-atstart=no --toggle-collect=main $1 ) 2>&1 | sed -n -e 's/.*refs: *\([0-9,]*\)/\1/p' } printf "O\taria.o\tins\n" for O in s 2 3; do GCC="gcc -Wall -Wextra -Werror -Iinclude" $GCC -O$O -c library/aria.c $GCC -O1 st.c aria.o -o st ./st SIZE=$( du -b aria.o | cut -f1 ) INS=$( ccount ./st ) printf "$O\t$SIZE\t$INS\n" done --- library/aria.c | 87 +++++++++++++++++++++++++++++--------------------- 1 file changed, 51 insertions(+), 36 deletions(-) diff --git a/library/aria.c b/library/aria.c index 6857e99261..b71cc38451 100644 --- a/library/aria.c +++ b/library/aria.c @@ -118,38 +118,53 @@ static void mbedtls_zeroize( void *v, size_t n ) { * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1-then-A. * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2-then-A. */ -#define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd ) { \ - uint32_t ta, tb, tc; \ - ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ \ - (((uint32_t) sd[ rb >> 24]) << 8) ^ \ - (((uint32_t) sa[ rb & 0xFF]) << 16) ^ \ - (((uint32_t) sb[(rb >> 8) & 0xFF]) << 24); \ - rb = ( (uint32_t) sa[ ra & 0xFF]) ^ \ - (((uint32_t) sb[(ra >> 8) & 0xFF]) << 8) ^ \ - (((uint32_t) sc[(ra >> 16) & 0xFF]) << 16) ^ \ - (((uint32_t) sd[ ra >> 24]) << 24); \ - ra = ta; \ - ta = ( (uint32_t) sd[ rd >> 24]) ^ \ - (((uint32_t) sc[(rd >> 16) & 0xFF]) << 8) ^ \ - (((uint32_t) sb[(rd >> 8) & 0xFF]) << 16) ^ \ - (((uint32_t) sa[ rd & 0xFF]) << 24); \ - rd = ( (uint32_t) sb[(rc >> 8) & 0xFF]) ^ \ - (((uint32_t) sa[ rc & 0xFF]) << 8) ^ \ - (((uint32_t) sd[ rc >> 24]) << 16) ^ \ - (((uint32_t) sc[(rc >> 16) & 0xFF]) << 24); \ - rc = ta; \ - ta = ARIA_FLIP1( ra ) ^ rd; \ - tc = ARIA_FLIP1( rb ); \ - ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \ - tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd ); \ - tc ^= ARIA_FLIP2( ra ); \ - rb ^= ta ^ tb; \ - tb = ARIA_FLIP1( tb ) ^ ta; \ - ra ^= ARIA_FLIP2( tb ); \ - ta = ARIA_FLIP1( ta ); \ - rd ^= ARIA_FLIP2( ta ) ^ tc; \ - tc = ARIA_FLIP1( tc ); \ - rc ^= ARIA_FLIP2( tc ) ^ ta; \ +static inline void aria_sla( uint32_t *a, uint32_t *b, + uint32_t *c, uint32_t *d, + const uint8_t sa[0x100], const uint8_t sb[0x100], + const uint8_t sc[0x100], const uint8_t sd[0x100] ) +{ + uint32_t ra, rb, rc, rd, ta, tb, tc; + + ra = *a; + rb = *b; + rc = *c; + rd = *d; + + ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ + (((uint32_t) sd[ rb >> 24]) << 8) ^ + (((uint32_t) sa[ rb & 0xFF]) << 16) ^ + (((uint32_t) sb[(rb >> 8) & 0xFF]) << 24); + rb = ( (uint32_t) sa[ ra & 0xFF]) ^ + (((uint32_t) sb[(ra >> 8) & 0xFF]) << 8) ^ + (((uint32_t) sc[(ra >> 16) & 0xFF]) << 16) ^ + (((uint32_t) sd[ ra >> 24]) << 24); + ra = ta; + ta = ( (uint32_t) sd[ rd >> 24]) ^ + (((uint32_t) sc[(rd >> 16) & 0xFF]) << 8) ^ + (((uint32_t) sb[(rd >> 8) & 0xFF]) << 16) ^ + (((uint32_t) sa[ rd & 0xFF]) << 24); + rd = ( (uint32_t) sb[(rc >> 8) & 0xFF]) ^ + (((uint32_t) sa[ rc & 0xFF]) << 8) ^ + (((uint32_t) sd[ rc >> 24]) << 16) ^ + (((uint32_t) sc[(rc >> 16) & 0xFF]) << 24); + rc = ta; + ta = ARIA_FLIP1( ra ) ^ rd; + tc = ARIA_FLIP1( rb ); + ta = ARIA_FLIP2( ta ) ^ tc ^ rc; + tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd ); + tc ^= ARIA_FLIP2( ra ); + rb ^= ta ^ tb; + tb = ARIA_FLIP1( tb ) ^ ta; + ra ^= ARIA_FLIP2( tb ); + ta = ARIA_FLIP1( ta ); + rd ^= ARIA_FLIP2( ta ) ^ tc; + tc = ARIA_FLIP1( tc ); + rc ^= ARIA_FLIP2( tc ) ^ ta; + + *a = ra; + *b = rb; + *c = rc; + *d = rd; } /* @@ -272,7 +287,7 @@ static void aria_fo_xor( uint32_t r[4], c = p[2] ^ k[2]; d = p[3] ^ k[3]; - ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); + aria_sla( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -293,7 +308,7 @@ static void aria_fe_xor(uint32_t r[4], c = p[2] ^ k[2]; d = p[3] ^ k[3]; - ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); + aria_sla( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -447,7 +462,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; i++; - ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); + aria_sla( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); a ^= ctx->rk[i][0]; b ^= ctx->rk[i][1]; @@ -457,7 +472,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, if (i >= ctx->nr) break; - ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); + aria_sla( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); } /* final substitution */ From 64744f88b60c8654884b99afa707cc32edbf4488 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Feb 2018 12:35:19 +0100 Subject: [PATCH 0734/1059] aria: define SLA() as sl(a()) This decreases the size with -Os by nearly 1k while not hurting performance too much with -O2 and -O3 Before: O aria.o ins s 8784 41,408 2 11112 37,001 3 13096 27,438 After: O aria.o ins s 7976 43,865 2 10520 37,631 3 13040 28,146 (See previous commit for measurement details.) --- library/aria.c | 165 +++++++++++++++++++------------------------------ 1 file changed, 63 insertions(+), 102 deletions(-) diff --git a/library/aria.c b/library/aria.c index b71cc38451..dc2192afe9 100644 --- a/library/aria.c +++ b/library/aria.c @@ -84,87 +84,62 @@ static void mbedtls_zeroize( void *v, size_t n ) { #define ARIA_FLIP2(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8)) /* - * Affine Transform A + * ARIA Affine Transform * (ra, rb, rc, rd) = state in/out */ -#define ARIA_A( ra, rb, rc, rd ) { \ - uint32_t ta, tb, tc; \ - ta = rb; \ - rb = ra; \ - ra = ARIA_FLIP1( ta ); \ - tb = ARIA_FLIP1( rd ); \ - rd = ARIA_FLIP2( rc ); \ - rc = ARIA_FLIP2( tb ); \ - ta ^= rd; \ - tc = ARIA_FLIP1( rb ); \ - ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \ - tb ^= ARIA_FLIP1( rd ); \ - tc ^= ARIA_FLIP2( ra ); \ - rb ^= ta ^ tb; \ - tb = ARIA_FLIP1( tb ) ^ ta; \ - ra ^= ARIA_FLIP2( tb ); \ - ta = ARIA_FLIP1( ta ); \ - rd ^= ARIA_FLIP2( ta ) ^ tc; \ - tc = ARIA_FLIP1( tc ); \ - rc ^= ARIA_FLIP2( tc ) ^ ta; \ +static inline void aria_a( uint32_t *a, uint32_t *b, + uint32_t *c, uint32_t *d ) +{ + uint32_t ta, tb, tc; + ta = *b; + *b = *a; + *a = ARIA_FLIP1( ta ); + tb = ARIA_FLIP1( *d ); + *d = ARIA_FLIP2( *c ); + *c = ARIA_FLIP2( tb ); + ta ^= *d; + tc = ARIA_FLIP1( *b ); + ta = ARIA_FLIP2( ta ) ^ tc ^ *c; + tb ^= ARIA_FLIP1( *d ); + tc ^= ARIA_FLIP2( *a ); + *b ^= ta ^ tb; + tb = ARIA_FLIP1( tb ) ^ ta; + *a ^= ARIA_FLIP2( tb ); + ta = ARIA_FLIP1( ta ); + *d ^= ARIA_FLIP2( ta ) ^ tc; + tc = ARIA_FLIP1( tc ); + *c ^= ARIA_FLIP2( tc ) ^ ta; } - /* - * ARIA Round function ( Substitution Layer SLx + Affine Transform A ) - * (ra, rb, rc, rd) = state in/out + * ARIA Substitution Layer SL1 / SL2 + * (a, b, c, d) = state in/out * (sa, sb, sc, sd) = 256 8-bit S-Boxes (see below) * - * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1-then-A. - * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2-then-A. + * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1 + * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2 */ -static inline void aria_sla( uint32_t *a, uint32_t *b, - uint32_t *c, uint32_t *d, - const uint8_t sa[0x100], const uint8_t sb[0x100], - const uint8_t sc[0x100], const uint8_t sd[0x100] ) +static inline void aria_sl( uint32_t *a, uint32_t *b, + uint32_t *c, uint32_t *d, + const uint8_t sa[0x100], const uint8_t sb[0x100], + const uint8_t sc[0x100], const uint8_t sd[0x100] ) { - uint32_t ra, rb, rc, rd, ta, tb, tc; - - ra = *a; - rb = *b; - rc = *c; - rd = *d; - - ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ - (((uint32_t) sd[ rb >> 24]) << 8) ^ - (((uint32_t) sa[ rb & 0xFF]) << 16) ^ - (((uint32_t) sb[(rb >> 8) & 0xFF]) << 24); - rb = ( (uint32_t) sa[ ra & 0xFF]) ^ - (((uint32_t) sb[(ra >> 8) & 0xFF]) << 8) ^ - (((uint32_t) sc[(ra >> 16) & 0xFF]) << 16) ^ - (((uint32_t) sd[ ra >> 24]) << 24); - ra = ta; - ta = ( (uint32_t) sd[ rd >> 24]) ^ - (((uint32_t) sc[(rd >> 16) & 0xFF]) << 8) ^ - (((uint32_t) sb[(rd >> 8) & 0xFF]) << 16) ^ - (((uint32_t) sa[ rd & 0xFF]) << 24); - rd = ( (uint32_t) sb[(rc >> 8) & 0xFF]) ^ - (((uint32_t) sa[ rc & 0xFF]) << 8) ^ - (((uint32_t) sd[ rc >> 24]) << 16) ^ - (((uint32_t) sc[(rc >> 16) & 0xFF]) << 24); - rc = ta; - ta = ARIA_FLIP1( ra ) ^ rd; - tc = ARIA_FLIP1( rb ); - ta = ARIA_FLIP2( ta ) ^ tc ^ rc; - tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd ); - tc ^= ARIA_FLIP2( ra ); - rb ^= ta ^ tb; - tb = ARIA_FLIP1( tb ) ^ ta; - ra ^= ARIA_FLIP2( tb ); - ta = ARIA_FLIP1( ta ); - rd ^= ARIA_FLIP2( ta ) ^ tc; - tc = ARIA_FLIP1( tc ); - rc ^= ARIA_FLIP2( tc ) ^ ta; - - *a = ra; - *b = rb; - *c = rc; - *d = rd; + *a = ( (uint32_t) sa[ *a & 0xFF]) ^ + (((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^ + (((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^ + (((uint32_t) sd[ *a >> 24 ]) << 24); + *b = ( (uint32_t) sa[ *b & 0xFF]) ^ + (((uint32_t) sb[(*b >> 8) & 0xFF]) << 8) ^ + (((uint32_t) sc[(*b >> 16) & 0xFF]) << 16) ^ + (((uint32_t) sd[ *b >> 24 ]) << 24); + *c = ( (uint32_t) sa[ *c & 0xFF]) ^ + (((uint32_t) sb[(*c >> 8) & 0xFF]) << 8) ^ + (((uint32_t) sc[(*c >> 16) & 0xFF]) << 16) ^ + (((uint32_t) sd[ *c >> 24 ]) << 24); + *d = ( (uint32_t) sa[ *d & 0xFF]) ^ + (((uint32_t) sb[(*d >> 8) & 0xFF]) << 8) ^ + (((uint32_t) sc[(*d >> 16) & 0xFF]) << 16) ^ + (((uint32_t) sd[ *d >> 24 ]) << 24); } /* @@ -287,7 +262,8 @@ static void aria_fo_xor( uint32_t r[4], c = p[2] ^ k[2]; d = p[3] ^ k[3]; - aria_sla( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); + aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); + aria_a( &a, &b, &c, &d ); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -308,7 +284,8 @@ static void aria_fe_xor(uint32_t r[4], c = p[2] ^ k[2]; d = p[3] ^ k[3]; - aria_sla( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); + aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); + aria_a( &a, &b, &c, &d ); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -430,7 +407,7 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, /* apply affine transform to middle keys */ for (i = 1; i < ctx->nr; i++ ) - ARIA_A( ctx->rk[i][0], ctx->rk[i][1], ctx->rk[i][2], ctx->rk[i][3] ); + aria_a( &ctx->rk[i][0], &ctx->rk[i][1], &ctx->rk[i][2], &ctx->rk[i][3] ); return 0; } @@ -462,43 +439,27 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; i++; - aria_sla( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); + + aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); + aria_a( &a, &b, &c, &d ); a ^= ctx->rk[i][0]; b ^= ctx->rk[i][1]; c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; i++; + + aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); if (i >= ctx->nr) break; - - aria_sla( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); + aria_a( &a, &b, &c, &d ); } - /* final substitution */ - a = ctx->rk[i][0] ^ - ( (uint32_t) aria_is1[ a & 0xFF]) ^ - (((uint32_t) aria_is2[(a >> 8) & 0xFF]) << 8) ^ - (((uint32_t) aria_sb1[(a >> 16) & 0xFF]) << 16) ^ - (((uint32_t) aria_sb2[ a >> 24 ]) << 24); - - b = ctx->rk[i][1] ^ - ( (uint32_t) aria_is1[ b & 0xFF]) ^ - (((uint32_t) aria_is2[(b >> 8) & 0xFF]) << 8) ^ - (((uint32_t) aria_sb1[(b >> 16) & 0xFF]) << 16) ^ - (((uint32_t) aria_sb2[ b >> 24 ]) << 24); - - c = ctx->rk[i][2] ^ - ( (uint32_t) aria_is1[ c & 0xFF]) ^ - (((uint32_t) aria_is2[(c >> 8) & 0xFF]) << 8) ^ - (((uint32_t) aria_sb1[(c >> 16) & 0xFF]) << 16) ^ - (((uint32_t) aria_sb2[ c >> 24 ]) << 24); - - d = ctx->rk[i][3] ^ - ( (uint32_t) aria_is1[ d & 0xFF]) ^ - (((uint32_t) aria_is2[(d >> 8) & 0xFF]) << 8) ^ - (((uint32_t) aria_sb1[(d >> 16) & 0xFF]) << 16) ^ - (((uint32_t) aria_sb2[ d >> 24 ]) << 24); + /* final key mixing */ + a ^= ctx->rk[i][0]; + b ^= ctx->rk[i][1]; + c ^= ctx->rk[i][2]; + d ^= ctx->rk[i][3]; PUT_UINT32_LE( a, output, 0 ); PUT_UINT32_LE( b, output, 4 ); From 35ad891aee79b94b5aa179bcf149c86e50a74dbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Feb 2018 11:59:16 +0100 Subject: [PATCH 0735/1059] aria: internal names closer to standard document --- library/aria.c | 50 +++++++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/library/aria.c b/library/aria.c index dc2192afe9..19172f8475 100644 --- a/library/aria.c +++ b/library/aria.c @@ -77,11 +77,19 @@ static void mbedtls_zeroize( void *v, size_t n ) { } #endif -/* modify byte order: ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits */ -#define ARIA_FLIP1(x) (((x) >> 16) ^ ((x) << 16)) +/* + * modify byte order ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes + * + * This is submatrix P1 in [1] Appendix B.1 + */ +#define ARIA_P1(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8)) -/* modify byte order ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes */ -#define ARIA_FLIP2(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8)) +/* + * modify byte order: ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits + * + * This is submatrix P2 in [1] Appendix B.1 + */ +#define ARIA_P2(x) (((x) >> 16) ^ ((x) << 16)) /* * ARIA Affine Transform @@ -93,22 +101,22 @@ static inline void aria_a( uint32_t *a, uint32_t *b, uint32_t ta, tb, tc; ta = *b; *b = *a; - *a = ARIA_FLIP1( ta ); - tb = ARIA_FLIP1( *d ); - *d = ARIA_FLIP2( *c ); - *c = ARIA_FLIP2( tb ); + *a = ARIA_P2( ta ); + tb = ARIA_P2( *d ); + *d = ARIA_P1( *c ); + *c = ARIA_P1( tb ); ta ^= *d; - tc = ARIA_FLIP1( *b ); - ta = ARIA_FLIP2( ta ) ^ tc ^ *c; - tb ^= ARIA_FLIP1( *d ); - tc ^= ARIA_FLIP2( *a ); + tc = ARIA_P2( *b ); + ta = ARIA_P1( ta ) ^ tc ^ *c; + tb ^= ARIA_P2( *d ); + tc ^= ARIA_P1( *a ); *b ^= ta ^ tb; - tb = ARIA_FLIP1( tb ) ^ ta; - *a ^= ARIA_FLIP2( tb ); - ta = ARIA_FLIP1( ta ); - *d ^= ARIA_FLIP2( ta ) ^ tc; - tc = ARIA_FLIP1( tc ); - *c ^= ARIA_FLIP2( tc ) ^ ta; + tb = ARIA_P2( tb ) ^ ta; + *a ^= ARIA_P1( tb ); + ta = ARIA_P2( ta ); + *d ^= ARIA_P1( ta ) ^ tc; + tc = ARIA_P2( tc ); + *c ^= ARIA_P1( tc ) ^ ta; } /* @@ -309,14 +317,14 @@ static void aria_rot128(uint32_t r[4], const uint32_t a[4], const uint8_t n2 = n1 ? 32 - n1 : 0; // reverse bit offset j = (n / 32) % 4; // initial word offset - t = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); // big endian + t = ARIA_P2( ARIA_P1( b[j] ) ); // big endian for( i = 0; i < 4; i++ ) { j = (j + 1) % 4; // get next word, big endian - u = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); + u = ARIA_P2( ARIA_P1( b[j] ) ); t <<= n1; // rotate t |= u >> n2; - t = ARIA_FLIP1( ARIA_FLIP2( t ) ); // back to little endian + t = ARIA_P2( ARIA_P1( t ) ); // back to little endian r[i] = a[i] ^ t; // store t = u; // move to next word } From f205a012b84e5e06df624841c57158bb1fed0268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Feb 2018 14:10:23 +0100 Subject: [PATCH 0736/1059] aria: comment implementation of A transform The line-by-line comments were generated using the following Python 3 script: #!/usr/bin/python3 class Atom: def __init__(self, val): self.v = val def __str__(self): return self.v def p1(self): v = self.v return Atom(v[1] + v[0] + v[3] + v[2]) def p2(self): v = self.v return Atom(v[2] + v[3] + v[0] + v[1]) def __xor__(self, other): return Sum(self.tuple() + other.tuple()) def tuple(self): return (self,) class Sum: def __init__(self, terms): self.t = terms assert(type(terms) == tuple) for t in terms: assert(type(t) == Atom) def __str__(self): return '+'.join(sorted((str(t) for t in self.t), key=lambda v: int(v, 16))) def p1(self): return Sum(tuple(t.p1() for t in self.t)) def p2(self): return Sum(tuple(t.p2() for t in self.t)) def tuple(self): return self.t def __xor__(self, other): return Sum(self.t + other.tuple()) class LoggingDict(dict): def __setitem__(self, key, val): print(key, '=', val) dict.__setitem__(self, key, val) def set(self, key, val): dict.__setitem__(self, key, val) env = LoggingDict() env.set('ra', Atom('0123')) env.set('rb', Atom('4567')) env.set('rc', Atom('89ab')) env.set('rd', Atom('cdef')) env.set('ARIA_P1', lambda x: x.p1()) env.set('ARIA_P2', lambda x: x.p2()) code = """ ta = rb; rb = ra; ra = ARIA_P2( ta ); tb = ARIA_P2( rd ); rd = ARIA_P1( rc ); rc = ARIA_P1( tb ); ta ^= rd; tc = ARIA_P2( rb ); ta = ARIA_P1( ta ) ^ tc ^ rc; tb ^= ARIA_P2( rd ); tc ^= ARIA_P1( ra ); rb ^= ta ^ tb; tb = ARIA_P2( tb ) ^ ta; ra ^= ARIA_P1( tb ); ta = ARIA_P2( ta ); rd ^= ARIA_P1( ta ) ^ tc; tc = ARIA_P2( tc ); rc ^= ARIA_P1( tc ) ^ ta; """ exec(code, env) --- library/aria.c | 59 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/library/aria.c b/library/aria.c index 19172f8475..4c59d70c7e 100644 --- a/library/aria.c +++ b/library/aria.c @@ -78,7 +78,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { #endif /* - * modify byte order ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes + * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes * * This is submatrix P1 in [1] Appendix B.1 */ @@ -93,30 +93,49 @@ static void mbedtls_zeroize( void *v, size_t n ) { /* * ARIA Affine Transform - * (ra, rb, rc, rd) = state in/out + * (a, b, c, d) = state in/out + * + * If we denote the first by of input by 0, ..., the last byte by f, + * then inputs are: a = 0123, b = 4567, c = 89ab, d = cdef. + * + * Reading [1] 2.4 or [2] 2.4.3 in colums and performing simple + * rearrangements on adjacent pairs, output is: + * + * a = 3210 + 4545 + 6767 + 88aa + 99bb + dccd + effe + * = 3210 + 4567 + 6745 + 89ab + 98ba + dcfe + efcd + * b = 0101 + 2323 + 5476 + 8998 + baab + ecec + ffdd + * = 0123 + 2301 + 5476 + 89ab + ba98 + efcd + fedc + * c = 0022 + 1133 + 4545 + 7667 + ab89 + dcdc + fefe + * = 0123 + 1032 + 4567 + 7654 + ab89 + dcfe + fedc + * d = 1001 + 2332 + 6644 + 7755 + 9898 + baba + cedf + * = 1032 + 2301 + 6745 + 7654 + 98ba + ba98 + cdef + * + * Note: another presentation of the A transform can be found as the first + * half of App. B.1 in [1] in terms of 4-byte operators P1, P2, P3 and P4. + * The implementation below uses only P1 and P2 as they are sufficient. */ static inline void aria_a( uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d ) { uint32_t ta, tb, tc; - ta = *b; - *b = *a; - *a = ARIA_P2( ta ); - tb = ARIA_P2( *d ); - *d = ARIA_P1( *c ); - *c = ARIA_P1( tb ); - ta ^= *d; - tc = ARIA_P2( *b ); - ta = ARIA_P1( ta ) ^ tc ^ *c; - tb ^= ARIA_P2( *d ); - tc ^= ARIA_P1( *a ); - *b ^= ta ^ tb; - tb = ARIA_P2( tb ) ^ ta; - *a ^= ARIA_P1( tb ); - ta = ARIA_P2( ta ); - *d ^= ARIA_P1( ta ) ^ tc; - tc = ARIA_P2( tc ); - *c ^= ARIA_P1( tc ) ^ ta; + ta = *b; // 4567 + *b = *a; // 0123 + *a = ARIA_P2( ta ); // 6745 + tb = ARIA_P2( *d ); // efcd + *d = ARIA_P1( *c ); // 98ba + *c = ARIA_P1( tb ); // fedc + ta ^= *d; // 4567+98ba + tc = ARIA_P2( *b ); // 2301 + ta = ARIA_P1( ta ) ^ tc ^ *c; // 2301+5476+89ab+fedc + tb ^= ARIA_P2( *d ); // ba98+efcd + tc ^= ARIA_P1( *a ); // 2301+7654 + *b ^= ta ^ tb; // 0123+2301+5476+89ab+ba98+efcd+fedc OUT + tb = ARIA_P2( tb ) ^ ta; // 2301+5476+89ab+98ba+cdef+fedc + *a ^= ARIA_P1( tb ); // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT + ta = ARIA_P2( ta ); // 0123+7654+ab89+dcfe + *d ^= ARIA_P1( ta ) ^ tc; // 1032+2301+6745+7654+98ba+ba98+cdef OUT + tc = ARIA_P2( tc ); // 0123+5476 + *c ^= ARIA_P1( tc ) ^ ta; // 0123+1032+4567+7654+ab89+dcfe+fedc OUT } /* From cac5008b177f1b46d0769c42528a6eb9863ecb6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Feb 2018 15:23:03 +0100 Subject: [PATCH 0737/1059] aria: define P3 macro This will allow to replace it with an optimised implementation later --- library/aria.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/library/aria.c b/library/aria.c index 4c59d70c7e..72bcc6acea 100644 --- a/library/aria.c +++ b/library/aria.c @@ -91,6 +91,13 @@ static void mbedtls_zeroize( void *v, size_t n ) { */ #define ARIA_P2(x) (((x) >> 16) ^ ((x) << 16)) +/* + * modify byte order: ( A B C D ) -> ( D C B A ), i.e. change endianness + * + * This is submatrix P3 in [1] Appendix B.1 + */ +#define ARIA_P3(x) ARIA_P2( ARIA_P1 ( x ) ) + /* * ARIA Affine Transform * (a, b, c, d) = state in/out @@ -336,14 +343,14 @@ static void aria_rot128(uint32_t r[4], const uint32_t a[4], const uint8_t n2 = n1 ? 32 - n1 : 0; // reverse bit offset j = (n / 32) % 4; // initial word offset - t = ARIA_P2( ARIA_P1( b[j] ) ); // big endian + t = ARIA_P3( b[j] ); // big endian for( i = 0; i < 4; i++ ) { j = (j + 1) % 4; // get next word, big endian - u = ARIA_P2( ARIA_P1( b[j] ) ); + u = ARIA_P3( b[j] ); t <<= n1; // rotate t |= u >> n2; - t = ARIA_P2( ARIA_P1( t ) ); // back to little endian + t = ARIA_P3( t ); // back to little endian r[i] = a[i] ^ t; // store t = u; // move to next word } From fb0e4f0d1a34bc7eca5b87169925c5c086db6c35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Feb 2018 16:08:40 +0100 Subject: [PATCH 0738/1059] aria: optimise byte perms on Intel (A similar commit for Arm follows.) Use specific instructions for moving bytes around in a word. This speeds things up, and as a side-effect, slightly lowers code size. ARIA_P3 (aka reverse byte order) is now 1 instruction on x86, which speeds up key schedule. (Clang 3.8 finds this but GCC 5.4 doesn't.) I couldn't find an Intel equivalent of ARM's ret16 (aka ARIA_P1), so I made it two instructions, which is still much better than the code generated with the previous mask-shift-or definition, and speeds up en/decryption. (Neither Clang 3.8 nor GCC 5.4 find this.) Before: O aria.o ins s 7976 43,865 2 10520 37,631 3 13040 28,146 After: O aria.o ins s 7768 33,497 2 9816 28,268 3 11432 20,829 For measurement method, see previous commit: "aria: turn macro into static inline function" --- library/aria.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/library/aria.c b/library/aria.c index 72bcc6acea..f6ad7f126b 100644 --- a/library/aria.c +++ b/library/aria.c @@ -81,13 +81,26 @@ static void mbedtls_zeroize( void *v, size_t n ) { * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes * * This is submatrix P1 in [1] Appendix B.1 + * + * Common compilers fail to translate this to minimal number of instructions, + * so let's provide asm versions for common platforms with C fallback. */ +#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) +#if defined(__i386__) || defined(__amd64__) || defined( __x86_64__) +/* I couldn't find an Intel equivalent of ret16, so two instructions */ +#define ARIA_P1(x) ARIA_P2( ARIA_P3( x ) ) +#endif +#endif /* MBEDTLS_HAVE_ASM && GNUC */ +#if !defined(ARIA_P1) #define ARIA_P1(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8)) +#endif /* * modify byte order: ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits * * This is submatrix P2 in [1] Appendix B.1 + * + * Common compilers will translate this to a single instruction. */ #define ARIA_P2(x) (((x) >> 16) ^ ((x) << 16)) @@ -95,8 +108,23 @@ static void mbedtls_zeroize( void *v, size_t n ) { * modify byte order: ( A B C D ) -> ( D C B A ), i.e. change endianness * * This is submatrix P3 in [1] Appendix B.1 + * + * Some compilers fail to translate this to a single instruction, + * so let's provide asm versions for common platforms with C fallback. */ +#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) +#if defined(__i386__) || defined(__amd64__) || defined( __x86_64__) +static inline uint32_t aria_p3( uint32_t x ) +{ + asm( "bswap %0" : "=r" (x) : "0" (x) ); + return( x ); +} +#define ARIA_P3 aria_p3 +#endif +#endif /* MBEDTLS_HAVE_ASM && GNUC */ +#if !defined(ARIA_P3) #define ARIA_P3(x) ARIA_P2( ARIA_P1 ( x ) ) +#endif /* * ARIA Affine Transform From 377b2b624d5a5d894965236f0ae7fe8d09813a44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Feb 2018 10:22:26 +0100 Subject: [PATCH 0739/1059] aria: optimize byte perms on Arm Use specific instructions for moving bytes around in a word. This speeds things up, and as a side-effect, slightly lowers code size. ARIA_P3 and ARIA_P1 are now 1 single-cycle instruction each (those instructions are available in all architecture versions starting from v6-M). Note: ARIA_P3 was already translated to a single instruction by Clang 3.8 and armclang 6.5, but not arm-gcc 5.4 nor armcc 5.06. ARIA_P2 is already efficiently translated to the minimal number of instruction (1 in ARM mode, 2 in thumb mode) by all tested compilers Manually compiled and inspected generated code with the following compilers: arm-gcc 5.4, clang 3.8, armcc 5.06 (with and without --gnu), armclang 6.5. Size reduction (arm-none-eabi-gcc -march=armv6-m -mthumb -Os): 5288 -> 5044 B Effect on executing time of self-tests on a few boards: FRDM-K64F (Cortex-M4): 444 -> 385 us (-13%) LPC1768 (Cortex-M3): 488 -> 432 us (-11%) FRDM-KL64Z (Cortex-M0): 1429 -> 1134 us (-20%) Measured using a config.h with no cipher mode and the following program with aria.c and aria.h copy-pasted to the online compiler: #include "mbed.h" #include "aria.h" int main() { Timer t; t.start(); int ret = mbedtls_aria_self_test(0); t.stop(); printf("ret = %d; time = %d us\n", ret, t.read_us()); } --- library/aria.c | 56 ++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/library/aria.c b/library/aria.c index f6ad7f126b..1d1daa18af 100644 --- a/library/aria.c +++ b/library/aria.c @@ -85,11 +85,33 @@ static void mbedtls_zeroize( void *v, size_t n ) { * Common compilers fail to translate this to minimal number of instructions, * so let's provide asm versions for common platforms with C fallback. */ -#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) -#if defined(__i386__) || defined(__amd64__) || defined( __x86_64__) +#if defined(MBEDTLS_HAVE_ASM) +#if defined(__arm__) +/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ +#if defined(__GNUC__) && \ + ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) +static inline uint32_t aria_p1( uint32_t x ) +{ + uint32_t r; + asm( "rev16 %0, %1" : "=l" (r) : "l" (x) ); + return( r ); +} +#define ARIA_P1 aria_p1 +#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 +static __inline uint32_t aria_p1( uint32_t x ) +{ + uint32_t r; + __asm( "rev16 r, x" ); + return( r ); +} +#define ARIA_P1 aria_p1 +#endif +#endif /* arm */ +#if defined(__GNUC__) && \ + defined(__i386__) || defined(__amd64__) || defined( __x86_64__) /* I couldn't find an Intel equivalent of ret16, so two instructions */ #define ARIA_P1(x) ARIA_P2( ARIA_P3( x ) ) -#endif +#endif /* x86 gnuc */ #endif /* MBEDTLS_HAVE_ASM && GNUC */ #if !defined(ARIA_P1) #define ARIA_P1(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8)) @@ -112,15 +134,37 @@ static void mbedtls_zeroize( void *v, size_t n ) { * Some compilers fail to translate this to a single instruction, * so let's provide asm versions for common platforms with C fallback. */ -#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) -#if defined(__i386__) || defined(__amd64__) || defined( __x86_64__) +#if defined(MBEDTLS_HAVE_ASM) +#if defined(__arm__) +/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ +#if defined(__GNUC__) && \ + ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) +static inline uint32_t aria_p3( uint32_t x ) +{ + uint32_t r; + asm( "rev %0, %1" : "=l" (r) : "l" (x) ); + return( r ); +} +#define ARIA_P3 aria_p3 +#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 +static __inline uint32_t aria_p3( uint32_t x ) +{ + uint32_t r; + __asm( "rev r, x" ); + return( r ); +} +#define ARIA_P3 aria_p3 +#endif +#endif /* arm */ +#if defined(__GNUC__) && \ + defined(__i386__) || defined(__amd64__) || defined( __x86_64__) static inline uint32_t aria_p3( uint32_t x ) { asm( "bswap %0" : "=r" (x) : "0" (x) ); return( x ); } #define ARIA_P3 aria_p3 -#endif +#endif /* x86 gnuc */ #endif /* MBEDTLS_HAVE_ASM && GNUC */ #if !defined(ARIA_P3) #define ARIA_P3(x) ARIA_P2( ARIA_P1 ( x ) ) From 26b54fabaf5b9a7f5859910df7d6d6366e89f822 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Feb 2018 12:20:20 +0100 Subject: [PATCH 0740/1059] aria: document optional asm usage in config.h --- include/mbedtls/config.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3369620fbb..ed69f14b17 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -48,10 +48,14 @@ * Requires support for asm() in compiler. * * Used in: + * library/aria.c * library/timing.c - * library/padlock.c * include/mbedtls/bn_mul.h * + * Required by: + * MBEDTLS_AESNI_C + * MBEDTLS_PADLOCK_C + * * Comment to disable the use of assembly code. */ #define MBEDTLS_HAVE_ASM From 2268b967cbbe7f8fd8fb555d5cbe8fc64a35a254 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Feb 2018 12:22:36 +0100 Subject: [PATCH 0741/1059] aria: disable by default in config.h --- include/mbedtls/config.h | 5 +++-- tests/compat.sh | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ed69f14b17..e342e4ce90 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1806,11 +1806,12 @@ /** * \def MBEDTLS_ARIA_C * - * Enable the ARIA block cipher. + * Enable the ARIA block cipher (and TLS ciphersuites that use it, if other + * requirements for them are met too). * * Module: library/aria.c */ -#define MBEDTLS_ARIA_C +//#define MBEDTLS_ARIA_C /** * \def MBEDTLS_CCM_C diff --git a/tests/compat.sh b/tests/compat.sh index 93e6b3a6d6..0a863fa487 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -57,7 +57,7 @@ FILTER="" # - NULL: excluded from our default config # - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) -# - ARIA: requires OpenSSL >= 1.1.1 +# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1 EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA' VERBOSE="" MEMCHECK=0 From 08d1e91ca938b00bdad07889b1b4fae4ff350e8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Feb 2018 12:43:35 +0100 Subject: [PATCH 0742/1059] aria: add ChangeLog entry --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 68fb6f5e96..b24afbbe68 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Features + * Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites + (RFC 6209). Disabled by default, see MBEDTLS_ARIA_C in config.h + = mbed TLS 2.7.x branch released 2018-xx-xx Default behavior changes From 525168c7ef7842c9611e728b900e9870a1f701db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Feb 2018 10:47:02 +0100 Subject: [PATCH 0743/1059] aria: expand config.h entry: ciphersuites & caller --- include/mbedtls/config.h | 46 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e342e4ce90..59bb3bd9eb 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1806,10 +1806,52 @@ /** * \def MBEDTLS_ARIA_C * - * Enable the ARIA block cipher (and TLS ciphersuites that use it, if other - * requirements for them are met too). + * Enable the ARIA block cipher. * * Module: library/aria.c + * Caller: library/cipher.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * + * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ //#define MBEDTLS_ARIA_C From fdd43543291ff2547cb0b495157f06846bd2b5a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Feb 2018 10:49:02 +0100 Subject: [PATCH 0744/1059] config.h: SSL no longer uses ciphers directly --- include/mbedtls/config.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 59bb3bd9eb..0a35e6ec2f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1585,7 +1585,7 @@ * Enable the AES block cipher. * * Module: library/aes.c - * Caller: library/ssl_tls.c + * Caller: library/cipher.c * library/pem.c * library/ctr_drbg.c * @@ -1660,7 +1660,7 @@ * Enable the ARCFOUR stream cipher. * * Module: library/arc4.c - * Caller: library/ssl_tls.c + * Caller: library/cipher.c * * This module enables the following ciphersuites (if other requisites are * enabled as well): @@ -1754,7 +1754,7 @@ * Enable the Camellia block cipher. * * Module: library/camellia.c - * Caller: library/ssl_tls.c + * Caller: library/cipher.c * * This module enables the following ciphersuites (if other requisites are * enabled as well): @@ -1941,7 +1941,7 @@ * * Module: library/des.c * Caller: library/pem.c - * library/ssl_tls.c + * library/cipher.c * * This module enables the following ciphersuites (if other requisites are * enabled as well): From 4231e7f46fe49e29f718a694375bd67671491d3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Feb 2018 10:54:31 +0100 Subject: [PATCH 0745/1059] Fix some whitespace and other style issues In addition to whitespace: - wrapped a few long lines - added parenthesis to return statements --- include/mbedtls/aria.h | 50 +++++++++--------- include/mbedtls/ssl_ciphersuites.h | 76 +++++++++++++-------------- library/aria.c | 62 +++++++++++----------- tests/suites/test_suite_aria.function | 41 +++++++++------ 4 files changed, 120 insertions(+), 109 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index fc8ca98d7b..1617bf1676 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -81,8 +81,9 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ); * * \return 0 if successful, or MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH */ -int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, + const unsigned char *key, + unsigned int keybits ); /** * \brief ARIA key schedule (decryption) @@ -93,8 +94,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, const unsigned char *key * * \return 0 if successful, or MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH */ -int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, + const unsigned char *key, + unsigned int keybits ); /** * \brief ARIA-ECB block encryption/decryption @@ -107,9 +109,9 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key * \return 0 if successful */ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); + int mode, + const unsigned char input[16], + unsigned char output[16] ); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -136,11 +138,11 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH */ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -171,12 +173,12 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, * MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH */ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -203,12 +205,12 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * \return 0 if successful */ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ #ifdef __cplusplus diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 13f84a4353..7d5eba0916 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -169,44 +169,44 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ +#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ +#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */ +#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ +#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */ +#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */ +#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ +#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */ diff --git a/library/aria.c b/library/aria.c index 1d1daa18af..41ed7599a0 100644 --- a/library/aria.c +++ b/library/aria.c @@ -56,9 +56,8 @@ static void mbedtls_zeroize( void *v, size_t n ) { /* * 32-bit integer manipulation macros (little endian) */ - #ifndef GET_UINT32_LE -#define GET_UINT32_LE(n,b,i) \ +#define GET_UINT32_LE( n, b, i ) \ { \ (n) = ( (uint32_t) (b)[(i) ] ) \ | ( (uint32_t) (b)[(i) + 1] << 8 ) \ @@ -68,7 +67,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { #endif #ifndef PUT_UINT32_LE -#define PUT_UINT32_LE(n,b,i) \ +#define PUT_UINT32_LE( n, b, i ) \ { \ (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ @@ -431,8 +430,8 @@ static void aria_rot128(uint32_t r[4], const uint32_t a[4], /* * Set encryption key */ -int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, - const unsigned char *key, unsigned int keybits) +int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, + const unsigned char *key, unsigned int keybits ) { /* round constant masks */ const uint32_t rc[3][4] = @@ -446,7 +445,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, uint32_t w[4][4], *w2; if (keybits != 128 && keybits != 192 && keybits != 256) - return MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH; + return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH ); /* Copy key to W0 (and potential remainder to W1) */ GET_UINT32_LE( w[0][0], key, 0 ); @@ -485,20 +484,20 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, } aria_rot128( ctx->rk[16], w[0], w[1], 19 ); - return 0; + return( 0 ); } /* * Set decryption key */ -int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, - const unsigned char *key, unsigned int keybits) +int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, + const unsigned char *key, unsigned int keybits ) { int i, j, k, ret; ret = mbedtls_aria_setkey_enc( ctx, key, keybits ); if( ret != 0 ) - return ret; + return( ret ); /* flip the order of round keys */ for( i = 0, j = ctx->nr; i < j; i++, j-- ) @@ -513,9 +512,12 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, /* apply affine transform to middle keys */ for (i = 1; i < ctx->nr; i++ ) - aria_a( &ctx->rk[i][0], &ctx->rk[i][1], &ctx->rk[i][2], &ctx->rk[i][3] ); + { + aria_a( &ctx->rk[i][0], &ctx->rk[i][1], + &ctx->rk[i][2], &ctx->rk[i][3] ); + } - return 0; + return( 0 ); } /* @@ -572,7 +574,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, PUT_UINT32_LE( c, output, 8 ); PUT_UINT32_LE( d, output, 12 ); - return 0; + return( 0 ); } /* Initialize context */ @@ -595,11 +597,11 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ) * ARIA-CBC buffer encryption/decryption */ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) { int i; unsigned char temp[16]; @@ -649,12 +651,12 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, * ARIA-CFB128 buffer encryption/decryption */ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output ) { int c; size_t n = *iv_off; @@ -697,12 +699,12 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * ARIA-CTR buffer encryption/decryption */ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ) { int c, i; size_t n = *nc_off; diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 2c3e347322..d3d8ebeead 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -27,12 +27,14 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, key_len = unhexify( key_str, hex_key_string ); data_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result ); + TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ) + == setkey_result ); if( setkey_result == 0 ) { for( i = 0; i < data_len; i += 16 ) { - TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, src_str + i, output + i ) == 0 ); + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, + src_str + i, output + i ) == 0 ); } hexify( dst_str, output, data_len ); @@ -55,16 +57,17 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, mbedtls_aria_context ctx; int key_len, data_len, i; - memset( key_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, 1000 ); + memset( src_str, 0x00, 1000 ); + memset( dst_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); data_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result ); + TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ) + == setkey_result ); if( setkey_result == 0 ) { for( i = 0; i < data_len; i += 16 ) @@ -107,8 +110,9 @@ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, data_len = unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, - data_len, iv_str, src_str, output) == cbc_result ); + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len, + iv_str, src_str, output ) + == cbc_result ); if( cbc_result == 0 ) { hexify( dst_str, output, data_len ); @@ -146,8 +150,9 @@ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, data_len = unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, - data_len, iv_str, src_str, output ) == cbc_result ); + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, data_len, + iv_str, src_str, output ) + == cbc_result ); if( cbc_result == 0 ) { hexify( dst_str, output, data_len ); @@ -187,7 +192,8 @@ void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, - data_len, &iv_offset, iv_str, src_str, output ) == result ); + data_len, &iv_offset, iv_str, + src_str, output ) == result ); hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -224,7 +230,8 @@ void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, - data_len, &iv_offset, iv_str, src_str, output ) == result ); + data_len, &iv_offset, iv_str, + src_str, output ) == result ); hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -261,8 +268,8 @@ void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, data_len = unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, - &iv_offset, iv_str, blk, src_str, output ) == result ); + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, + blk, src_str, output ) == result ); hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -299,8 +306,8 @@ void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, data_len = unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, - &iv_offset, iv_str, blk, src_str, output ) == result ); + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, + blk, src_str, output ) == result ); hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); From 5bd15cbfa09bc85b77c905ebff0bd5b57bab3888 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 28 Feb 2018 04:30:59 -0800 Subject: [PATCH 0746/1059] Avoid wraparound for ssl->in_left Add check to avoid wraparound for ssl->in_left --- library/ssl_tls.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1de5eaab69..0d0660e6ff 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2422,6 +2422,14 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); + // At this point ret value is positive, verify that adding ret + // value to ssl->in_left doesn't cause a wraparound + if (ssl->in_left + (size_t)ret < ssl->in_left) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "wraparound happened over in_left value" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + ssl->in_left += ret; } } From 693a1d9ca703c902058ad00f6ecedf39f329c855 Mon Sep 17 00:00:00 2001 From: itayzafrir Date: Mon, 26 Feb 2018 12:02:10 +0200 Subject: [PATCH 0747/1059] Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig. Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig. --- ChangeLog | 2 ++ tests/suites/test_suite_pk.function | 14 +++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 13203a5cf8..716567b04d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ Bugfix with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. In the context of SSL, this resulted in handshake failure. #1351 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 + * In test_suite_pk pass valid parameters when testing for hash length + overflow. #1179 Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2180f5c8e8..421227f5e8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -417,11 +417,15 @@ exit: void pk_rsa_overflow( ) { mbedtls_pk_context pk; - size_t hash_len = SIZE_MAX; + size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX; + unsigned char hash[50], sig[100]; if( SIZE_MAX <= UINT_MAX ) return; + memset( hash, 0x2a, sizeof hash ); + memset( sig, 0, sizeof sig ); + mbedtls_pk_init( &pk ); TEST_ASSERT( mbedtls_pk_setup( &pk, @@ -429,14 +433,14 @@ void pk_rsa_overflow( ) #if defined(MBEDTLS_PKCS1_V21) TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk, - MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) == + MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* MBEDTLS_PKCS1_V21 */ - TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len, - NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len, + sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0, + TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len, rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); exit: From 5aa4e3b1d0d13f7a5a265d469860b26a2110052a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Feb 2018 11:55:49 +0100 Subject: [PATCH 0748/1059] aria: align documentation on AES --- include/mbedtls/aria.h | 219 +++++++++++++++++++++++++---------------- 1 file changed, 136 insertions(+), 83 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 1617bf1676..67c747ef7e 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -3,7 +3,13 @@ * * \brief ARIA block cipher * - * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * The ARIA algorithm is a symmetric block cipher that can encrypt and + * decrypt information. It is defined by the Korean Agency for + * Technology and Standards (KATS) in KS X 1213:2004 (in + * Korean, but see http://210.104.33.10/ARIA/index-e.html in English) + * and also described by the IETF in RFC 5794. + */ +/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -33,8 +39,8 @@ #include #include -#define MBEDTLS_ARIA_ENCRYPT 1 -#define MBEDTLS_ARIA_DECRYPT 0 +#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */ +#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ #define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ @@ -48,65 +54,85 @@ extern "C" { #endif /** - * \brief ARIA context structure + * \brief The ARIA context-type definition. */ typedef struct { - int nr; // rounds: nr = 12, 14, or 16 - uint32_t rk[17][4]; // nr+1 round keys (+1 for final) + int nr; /*!< The number of rounds (12, 14 or 16) */ + uint32_t rk[17][4]; /*!< The ARIA round keys. */ } mbedtls_aria_context; /** - * \brief Initialize ARIA context + * \brief This function initializes the specified ARIA context. * - * \param ctx ARIA context to be initialized + * It must be the first API called before using + * the context. + * + * \param ctx The ARIA context to initialize. */ void mbedtls_aria_init( mbedtls_aria_context *ctx ); /** - * \brief Clear ARIA context + * \brief This function releases and clears the specified ARIA context. * - * \param ctx ARIA context to be cleared + * \param ctx The ARIA context to clear. */ void mbedtls_aria_free( mbedtls_aria_context *ctx ); /** - * \brief ARIA key schedule (encryption) + * \brief This function sets the encryption key. * - * \param ctx ARIA context to be initialized - * \param key encryption key - * \param keybits must be 128, 192 or 256 + * \param ctx The ARIA context to which the key should be bound. + * \param key The encryption key. + * \param keybits The size of data passed in bits. Valid options are: + *
  • 128 bits
    • + *
  • 192 bits
    • + *
  • 256 bits
* - * \return 0 if successful, or MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + * \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + * on failure. */ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits ); /** - * \brief ARIA key schedule (decryption) + * \brief This function sets the decryption key. * - * \param ctx ARIA context to be initialized - * \param key decryption key - * \param keybits must be 128, 192 or 256 + * \param ctx The ARIA context to which the key should be bound. + * \param key The decryption key. + * \param keybits The size of data passed. Valid options are: + *
  • 128 bits
    • + *
  • 192 bits
    • + *
  • 256 bits
* - * \return 0 if successful, or MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure. */ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits ); /** - * \brief ARIA-ECB block encryption/decryption + * \brief This function performs an ARIA single-block encryption or + * decryption operation. * - * \param ctx ARIA context - * \param mode MBEDTLS_ARIA_ENCRYPT or MBEDTLS_ARIA_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block + * It performs the operation defined in the \p mode parameter + * (encrypt or decrypt), on the input data buffer defined in + * the \p input parameter. * - * \return 0 if successful + * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or + * mbedtls_aes_setkey_dec() must be called before the first + * call to this API with the same context. + * + * \param ctx The ARIA context to use for encryption or decryption. + * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or + * #MBEDTLS_ARIA_DECRYPT. + * \param input The 16-Byte buffer holding the input data. + * \param output The 16-Byte buffer holding the output data. + + * \return \c 0 on success. */ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, int mode, @@ -115,62 +141,83 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CBC) /** - * \brief ARIA-CBC buffer encryption/decryption - * Length should be a multiple of the block - * size (16 bytes) + * \brief This function performs an ARIA-CBC encryption or decryption operation + * on full blocks. * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. + * It performs the operation defined in the \p mode + * parameter (encrypt/decrypt), on the input data buffer defined in + * the \p input parameter. * - * \param ctx ARIA context - * \param mode MBEDTLS_ARIA_ENCRYPT or MBEDTLS_ARIA_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * It can be called as many times as needed, until all the input + * data is processed. mbedtls_aes_init(), and either + * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called + * before the first call to this API with the same context. * - * \return 0 if successful, or - * MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + * \note This function operates on aligned blocks, that is, the input size + * must be a multiple of the ARIA block size of 16 Bytes. + * + * \note Upon exit, the content of the IV is updated so that you can + * call the same function again on the next + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If you need to retain the contents of the IV, you should + * either save it manually or use the cipher module instead. + * + * + * \param ctx The ARIA context to use for encryption or decryption. + * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or + * #MBEDTLS_ARIA_DECRYPT. + * \param length The length of the input data in Bytes. This must be a + * multiple of the block size (16 Bytes). + * \param iv Initialization vector (updated after use). + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + * on failure. */ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, int mode, size_t length, - unsigned char iv[16], + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) /** - * \brief ARIA-CFB128 buffer encryption/decryption + * \brief This function performs an ARIA-CFB128 encryption or decryption + * operation. * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aria_setkey_enc() for both MBEDTLS_ARIA_ENCRYPT and CAMELLIE_DECRYPT. + * It performs the operation defined in the \p mode + * parameter (encrypt or decrypt), on the input data buffer + * defined in the \p input parameter. * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. + * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), + * regardless of whether you are performing an encryption or decryption + * operation, that is, regardless of the \p mode parameter. This is + * because CFB mode uses the same key schedule for encryption and + * decryption. * - * \param ctx ARIA context - * \param mode MBEDTLS_ARIA_ENCRYPT or MBEDTLS_ARIA_DECRYPT - * \param length length of the input data - * \param iv_off offset in IV (updated after use) - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data + * \note Upon exit, the content of the IV is updated so that you can + * call the same function again on the next + * block(s) of data and get the same result as if it was + * encrypted in one call. This allows a "streaming" usage. + * If you need to retain the contents of the + * IV, you must either save it manually or use the cipher + * module instead. * - * \return 0 if successful, or - * MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + * + * \param ctx The ARIA context to use for encryption or decryption. + * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or + * #MBEDTLS_ARIA_DECRYPT. + * \param length The length of the input data. + * \param iv_off The offset in IV (updated after use). + * \param iv The initialization vector (updated after use). + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * + * \return \c 0 on success. */ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, int mode, @@ -183,26 +230,32 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, #if defined(MBEDTLS_CIPHER_MODE_CTR) /** - * \brief ARIA-CTR buffer encryption/decryption + * \brief This function performs an ARIA-CTR encryption or decryption + * operation. * - * Warning: You have to keep the maximum use of your counter in mind! + * This function performs the operation defined in the \p mode + * parameter (encrypt/decrypt), on the input data buffer + * defined in the \p input parameter. * - * Note: Due to the nature of CTR you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aria_setkey_enc() for both MBEDTLS_ARIA_ENCRYPT and MBEDTLS_ARIA_DECRYPT. + * Due to the nature of CTR, you must use the same key schedule + * for both encryption and decryption operations. Therefore, you + * must use the context initialized with mbedtls_aes_setkey_enc() + * for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT. * - * \param ctx ARIA context - * \param length The length of the data - * \param nc_off The offset in the current stream_block (for resuming - * within current cipher stream). The offset pointer to - * should be 0 at the start of a stream. - * \param nonce_counter The 128-bit nonce and counter. - * \param stream_block The saved stream-block for resuming. Is overwritten - * by the function. - * \param input The input data stream - * \param output The output data stream + * \warning You must keep the maximum use of your counter in mind. * - * \return 0 if successful + * \param ctx The ARIA context to use for encryption or decryption. + * \param length The length of the input data. + * \param nc_off The offset in the current \p stream_block, for + * resuming within the current cipher stream. The + * offset pointer should be 0 at the start of a stream. + * \param nonce_counter The 128-bit nonce and counter. + * \param stream_block The saved stream block for resuming. This is + * overwritten by the function. + * \param input The buffer holding the input data. + * \param output The buffer holding the output data. + * + * \return \c 0 on success. */ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, size_t length, @@ -226,9 +279,9 @@ extern "C" { #endif /** - * \brief Checkup routine + * \brief Checkup routine. * - * \return 0 if successful, or 1 if the test failed + * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_aria_self_test( int verbose ); From 22997b7200575a94e77a87b2aa45cdfceb289494 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Feb 2018 12:29:41 +0100 Subject: [PATCH 0749/1059] block ciphers: improve CTR nonce warning --- include/mbedtls/aes.h | 19 ++++++++++++++++++- include/mbedtls/aria.h | 19 ++++++++++++++++++- include/mbedtls/blowfish.h | 19 ++++++++++++++++++- include/mbedtls/camellia.h | 21 +++++++++++++++++++-- 4 files changed, 73 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 46016dcb7f..27be761687 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -300,7 +300,24 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * must use the context initialized with mbedtls_aes_setkey_enc() * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT. * - * \warning You must keep the maximum use of your counter in mind. + * \warning You must never reuse a nonce value with the same key. Doing so + * would void the encryption for the two messages encrypted with + * the same nonce and key. + * + * There are two common strategies for managing nonces with CTR: + * + * 1. Use a counter starting at 0 or a random value. With this + * strategy, this function will increment the counter for you, so + * you only need to preserve the \p nonce_counter buffer between + * calls. With this strategy, you must not encrypt more than + * 2**128 blocks of data. + * 2. Use a randomly-generated \p nonce_counter for each call. + * With this strategy, you need to ensure the nonce is generated + * in an unbiased way and you must not encrypt more than 2**64 + * block of data. + * + * Note that for both stategies, the limit is in number of blocks + * and that an AES block is 16 bytes. * * \param ctx The AES context to use for encryption or decryption. * \param length The length of the input data. diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 67c747ef7e..5724308600 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -242,7 +242,24 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * must use the context initialized with mbedtls_aes_setkey_enc() * for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT. * - * \warning You must keep the maximum use of your counter in mind. + * \warning You must never reuse a nonce value with the same key. Doing so + * would void the encryption for the two messages encrypted with + * the same nonce and key. + * + * There are two common strategies for managing nonces with CTR: + * + * 1. Use a counter starting at 0 or a random value. With this + * strategy, this function will increment the counter for you, so + * you only need to preserve the \p nonce_counter buffer between + * calls. With this strategy, you must not encrypt more than + * 2**128 blocks of data. + * 2. Use a randomly-generated \p nonce_counter for each call. + * With this strategy, you need to ensure the nonce is generated + * in an unbiased way and you must not encrypt more than 2**64 + * block of data. + * + * Note that for both stategies, the limit is in number of blocks + * and that an ARIA block is 16 bytes. * * \param ctx The ARIA context to use for encryption or decryption. * \param length The length of the input data. diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index c0ef5a04cc..4b4916e03a 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -170,7 +170,24 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, /** * \brief Blowfish-CTR buffer encryption/decryption * - * Warning: You have to keep the maximum use of your counter in mind! + * \warning You must never reuse a nonce value with the same key. Doing so + * would void the encryption for the two messages encrypted with + * the same nonce and key. + * + * There are two common strategies for managing nonces with CTR: + * + * 1. Use a counter starting at 0 or a random value. With this + * strategy, this function will increment the counter for you, so + * you only need to preserve the \p nonce_counter buffer between + * calls. With this strategy, you must not encrypt more than + * 2**64 blocks of data. + * 2. Use a randomly-generated \p nonce_counter for each call. + * With this strategy, you need to ensure the nonce is generated + * in an unbiased way and you must not encrypt more than 2**32 + * block of data. + * + * Note that for both stategies, the limit is in number of blocks + * and that a Blowfish block is 8 bytes. * * \param ctx Blowfish context * \param length The length of the data diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index cf07629d9b..1b138fc9e7 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -183,12 +183,29 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, /** * \brief CAMELLIA-CTR buffer encryption/decryption * - * Warning: You have to keep the maximum use of your counter in mind! - * * Note: Due to the nature of CTR you should use the same key schedule for * both encryption and decryption. So a context initialized with * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT. * + * \warning You must never reuse a nonce value with the same key. Doing so + * would void the encryption for the two messages encrypted with + * the same nonce and key. + * + * There are two common strategies for managing nonces with CTR: + * + * 1. Use a counter starting at 0 or a random value. With this + * strategy, this function will increment the counter for you, so + * you only need to preserve the \p nonce_counter buffer between + * calls. With this strategy, you must not encrypt more than + * 2**128 blocks of data. + * 2. Use a randomly-generated \p nonce_counter for each call. + * With this strategy, you need to ensure the nonce is generated + * in an unbiased way and you must not encrypt more than 2**64 + * block of data. + * + * Note that for both stategies, the limit is in number of blocks + * and that a CAMELLIA block is 16 bytes. + * * \param ctx CAMELLIA context * \param length The length of the data * \param nc_off The offset in the current stream_block (for resuming From c0bb66f47ea6101ba077f7a037ebd52a85574c45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Feb 2018 12:38:04 +0100 Subject: [PATCH 0750/1059] aria: improve compiler inline compatibility --- library/aria.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/aria.c b/library/aria.c index 41ed7599a0..a9b88713d6 100644 --- a/library/aria.c +++ b/library/aria.c @@ -48,6 +48,11 @@ #if !defined(MBEDTLS_ARIA_ALT) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; @@ -97,7 +102,7 @@ static inline uint32_t aria_p1( uint32_t x ) } #define ARIA_P1 aria_p1 #elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 -static __inline uint32_t aria_p1( uint32_t x ) +static inline uint32_t aria_p1( uint32_t x ) { uint32_t r; __asm( "rev16 r, x" ); @@ -146,7 +151,7 @@ static inline uint32_t aria_p3( uint32_t x ) } #define ARIA_P3 aria_p3 #elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 -static __inline uint32_t aria_p3( uint32_t x ) +static inline uint32_t aria_p3( uint32_t x ) { uint32_t r; __asm( "rev r, x" ); From f3a46a9b4f1a710f522c0a17c51c3d079b43b0a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Feb 2018 12:38:21 +0100 Subject: [PATCH 0751/1059] aria: fix some typos in comments --- library/aria.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/aria.c b/library/aria.c index a9b88713d6..f6d1c54986 100644 --- a/library/aria.c +++ b/library/aria.c @@ -181,7 +181,7 @@ static inline uint32_t aria_p3( uint32_t x ) * If we denote the first by of input by 0, ..., the last byte by f, * then inputs are: a = 0123, b = 4567, c = 89ab, d = cdef. * - * Reading [1] 2.4 or [2] 2.4.3 in colums and performing simple + * Reading [1] 2.4 or [2] 2.4.3 in columns and performing simple * rearrangements on adjacent pairs, output is: * * a = 3210 + 4545 + 6767 + 88aa + 99bb + dccd + effe @@ -800,7 +800,7 @@ static const uint8_t aria_test2_iv[16] = #endif #if defined(MBEDTLS_CIPHER_MODE_CBC) -static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertxt +static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertext { { 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key 0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34, @@ -824,7 +824,7 @@ static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertxt #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static const uint8_t aria_test2_cfb_ct[3][48] = // CFB ciphertxt +static const uint8_t aria_test2_cfb_ct[3][48] = // CFB ciphertext { { 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key 0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00, @@ -848,7 +848,7 @@ static const uint8_t aria_test2_cfb_ct[3][48] = // CFB ciphertxt #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertxt +static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext { { 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key 0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1, From 3c80009615d4cf266f21d7d0c635208279c55880 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 09:02:16 +0100 Subject: [PATCH 0752/1059] aria: add error codes for hw implementations --- include/mbedtls/aria.h | 2 ++ include/mbedtls/error.h | 2 +- library/error.c | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 5724308600..69518eec0e 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -44,6 +44,8 @@ #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ #define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ +#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */ +#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */ #if !defined(MBEDTLS_ARIA_ALT) // Regular implementation diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index b65c25cb37..30c4972f89 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -63,7 +63,7 @@ * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 11 0x0042-0x0052 0x0043-0x0045 - * ARIA 2 0x005C-0x005E + * ARIA 4 0x0058-0x005E * ASN1 7 0x0060-0x006C * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C diff --git a/library/error.c b/library/error.c index 0e0cc51fc8..56d7f2a171 100644 --- a/library/error.c +++ b/library/error.c @@ -590,6 +590,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" ); if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) ) + mbedtls_snprintf( buf, buflen, "ARIA - Feature not available. For example, an unsupported ARIA key size" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "ARIA - ARIA hardware accelerator failed" ); #endif /* MBEDTLS_ARIA_C */ #if defined(MBEDTLS_ASN1_PARSE_C) From 5ad88b6d0d5096383df3be046a846e85ffc53a8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 09:20:47 +0100 Subject: [PATCH 0753/1059] aria: define constants for block size and max rounds --- include/mbedtls/aria.h | 17 ++++++----- library/aria.c | 66 +++++++++++++++++++++--------------------- 2 files changed, 43 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 69518eec0e..bcbc03da5a 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -42,6 +42,9 @@ #define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */ #define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ +#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */ +#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ + #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ #define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ #define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */ @@ -58,11 +61,11 @@ extern "C" { /** * \brief The ARIA context-type definition. */ - typedef struct { int nr; /*!< The number of rounds (12, 14 or 16) */ - uint32_t rk[17][4]; /*!< The ARIA round keys. */ + /*! The ARIA round keys. */ + uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4]; } mbedtls_aria_context; @@ -138,8 +141,8 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, */ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, int mode, - const unsigned char input[16], - unsigned char output[16] ); + const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -225,7 +228,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, int mode, size_t length, size_t *iv_off, - unsigned char iv[16], + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -279,8 +282,8 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, size_t length, size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], + unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ diff --git a/library/aria.c b/library/aria.c index f6d1c54986..f1bde78853 100644 --- a/library/aria.c +++ b/library/aria.c @@ -530,8 +530,8 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, */ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, int mode, - const unsigned char input[16], - unsigned char output[16] ) + const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ) { int i; @@ -604,46 +604,46 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ) int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, int mode, size_t length, - unsigned char iv[16], + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output ) { int i; - unsigned char temp[16]; + unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; - if( length % 16 ) + if( length % MBEDTLS_ARIA_BLOCKSIZE ) return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); if( mode == MBEDTLS_ARIA_DECRYPT ) { while( length > 0 ) { - memcpy( temp, input, 16 ); + memcpy( temp, input, MBEDTLS_ARIA_BLOCKSIZE ); mbedtls_aria_crypt_ecb( ctx, mode, input, output ); - for( i = 0; i < 16; i++ ) + for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ ) output[i] = (unsigned char)( output[i] ^ iv[i] ); - memcpy( iv, temp, 16 ); + memcpy( iv, temp, MBEDTLS_ARIA_BLOCKSIZE ); - input += 16; - output += 16; - length -= 16; + input += MBEDTLS_ARIA_BLOCKSIZE; + output += MBEDTLS_ARIA_BLOCKSIZE; + length -= MBEDTLS_ARIA_BLOCKSIZE; } } else { while( length > 0 ) { - for( i = 0; i < 16; i++ ) + for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ ) output[i] = (unsigned char)( input[i] ^ iv[i] ); mbedtls_aria_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, 16 ); + memcpy( iv, output, MBEDTLS_ARIA_BLOCKSIZE ); - input += 16; - output += 16; - length -= 16; + input += MBEDTLS_ARIA_BLOCKSIZE; + output += MBEDTLS_ARIA_BLOCKSIZE; + length -= MBEDTLS_ARIA_BLOCKSIZE; } } @@ -659,7 +659,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, int mode, size_t length, size_t *iv_off, - unsigned char iv[16], + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output ) { @@ -706,8 +706,8 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, size_t length, size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], + unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], const unsigned char *input, unsigned char *output ) { @@ -720,7 +720,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, nonce_counter, stream_block ); - for( i = 16; i > 0; i-- ) + for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- ) if( ++nonce_counter[i - 1] != 0 ) break; } @@ -750,13 +750,13 @@ static const uint8_t aria_test1_ecb_key[32] = // test key 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F // 256 bit }; -static const uint8_t aria_test1_ecb_pt[16] = // plaintext +static const uint8_t aria_test1_ecb_pt[MBEDTLS_ARIA_BLOCKSIZE] = // plaintext { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // same for all 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF // key sizes }; -static const uint8_t aria_test1_ecb_ct[3][16] = // ciphertext +static const uint8_t aria_test1_ecb_ct[3][MBEDTLS_ARIA_BLOCKSIZE] = // ciphertext { { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit 0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 }, @@ -792,7 +792,7 @@ static const uint8_t aria_test2_pt[48] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)) -static const uint8_t aria_test2_iv[16] = +static const uint8_t aria_test2_iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, // same for CBC, CFB 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 // CTR has zero IV @@ -887,7 +887,7 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext int mbedtls_aria_self_test( int verbose ) { int i; - uint8_t blk[16]; + uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; #if (defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_CTR)) @@ -897,7 +897,7 @@ int mbedtls_aria_self_test( int verbose ) #if (defined(MBEDTLS_CIPHER_MODE_CBC) || \ defined(MBEDTLS_CIPHER_MODE_CFB) || \ defined(MBEDTLS_CIPHER_MODE_CTR)) - uint8_t buf[48], iv[16]; + uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE]; #endif /* @@ -911,7 +911,7 @@ int mbedtls_aria_self_test( int verbose ) mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, aria_test1_ecb_pt, blk ); - if( memcmp( blk, aria_test1_ecb_ct[i], 16 ) != 0 ) + if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) ARIA_SELF_TEST_IF_FAIL; /* test ECB decryption */ @@ -920,7 +920,7 @@ int mbedtls_aria_self_test( int verbose ) mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, aria_test1_ecb_ct[i], blk ); - if (memcmp( blk, aria_test1_ecb_pt, 16 ) != 0) + if (memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0) ARIA_SELF_TEST_IF_FAIL; } if( verbose ) @@ -936,7 +936,7 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, 16 ); + memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); memset( buf, 0x55, sizeof(buf) ); mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, aria_test2_pt, buf ); @@ -947,7 +947,7 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i); mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, 16 ); + memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); memset( buf, 0xAA, sizeof(buf) ); mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, aria_test2_cbc_ct[i], buf ); @@ -966,7 +966,7 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, 16 ); + memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); memset( buf, 0x55, sizeof(buf) ); j = 0; mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, @@ -978,7 +978,7 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, 16 ); + memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); memset( buf, 0xAA, sizeof(buf) ); j = 0; mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, @@ -997,7 +997,7 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memset( iv, 0, 16 ); // IV = 0 + memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0 memset( buf, 0x55, sizeof(buf) ); j = 0; mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, @@ -1009,7 +1009,7 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memset( iv, 0, 16 ); // IV = 0 + memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0 memset( buf, 0xAA, sizeof(buf) ); j = 0; mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, From 7fc08795c1fa8f3d667a19abfd7bf58e5b237285 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 09:33:20 +0100 Subject: [PATCH 0754/1059] aria: more whitespace fixes --- library/aria.c | 68 +++++++++++++++++++++++++------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/library/aria.c b/library/aria.c index f1bde78853..c7cdb97909 100644 --- a/library/aria.c +++ b/library/aria.c @@ -234,19 +234,19 @@ static inline void aria_sl( uint32_t *a, uint32_t *b, const uint8_t sa[0x100], const uint8_t sb[0x100], const uint8_t sc[0x100], const uint8_t sd[0x100] ) { - *a = ( (uint32_t) sa[ *a & 0xFF]) ^ + *a = ( (uint32_t) sa[ *a & 0xFF] ) ^ (((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^ (((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^ (((uint32_t) sd[ *a >> 24 ]) << 24); - *b = ( (uint32_t) sa[ *b & 0xFF]) ^ + *b = ( (uint32_t) sa[ *b & 0xFF] ) ^ (((uint32_t) sb[(*b >> 8) & 0xFF]) << 8) ^ (((uint32_t) sc[(*b >> 16) & 0xFF]) << 16) ^ (((uint32_t) sd[ *b >> 24 ]) << 24); - *c = ( (uint32_t) sa[ *c & 0xFF]) ^ + *c = ( (uint32_t) sa[ *c & 0xFF] ) ^ (((uint32_t) sb[(*c >> 8) & 0xFF]) << 8) ^ (((uint32_t) sc[(*c >> 16) & 0xFF]) << 16) ^ (((uint32_t) sd[ *c >> 24 ]) << 24); - *d = ( (uint32_t) sa[ *d & 0xFF]) ^ + *d = ( (uint32_t) sa[ *d & 0xFF] ) ^ (((uint32_t) sb[(*d >> 8) & 0xFF]) << 8) ^ (((uint32_t) sc[(*d >> 16) & 0xFF]) << 16) ^ (((uint32_t) sd[ *d >> 24 ]) << 24); @@ -362,8 +362,8 @@ static const uint8_t aria_is2[0x100] = /* * Helper for key schedule: r = FO( p, k ) ^ x */ -static void aria_fo_xor( uint32_t r[4], - const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) +static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], + const uint32_t k[4], const uint32_t x[4] ) { uint32_t a, b, c, d; @@ -384,8 +384,8 @@ static void aria_fo_xor( uint32_t r[4], /* * Helper for key schedule: r = FE( p, k ) ^ x */ -static void aria_fe_xor(uint32_t r[4], - const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] ) +static void aria_fe_xor( uint32_t r[4], const uint32_t p[4], + const uint32_t k[4], const uint32_t x[4] ) { uint32_t a, b, c, d; @@ -409,8 +409,8 @@ static void aria_fe_xor(uint32_t r[4], * We chose to store bytes into 32-bit words in little-endian format (see * GET/PUT_UINT32_LE) so we need to reverse bytes here. */ -static void aria_rot128(uint32_t r[4], const uint32_t a[4], - const uint32_t b[4], uint8_t n) +static void aria_rot128( uint32_t r[4], const uint32_t a[4], + const uint32_t b[4], uint8_t n ) { uint8_t i, j; uint32_t t, u; @@ -449,7 +449,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, int i; uint32_t w[4][4], *w2; - if (keybits != 128 && keybits != 192 && keybits != 256) + if( keybits != 128 && keybits != 192 && keybits != 256 ) return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH ); /* Copy key to W0 (and potential remainder to W1) */ @@ -458,7 +458,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, GET_UINT32_LE( w[0][2], key, 8 ); GET_UINT32_LE( w[0][3], key, 12 ); - memset(w[1], 0, 16); + memset( w[1], 0, 16 ); if( keybits >= 192 ) { GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key @@ -516,7 +516,7 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, } /* apply affine transform to middle keys */ - for (i = 1; i < ctx->nr; i++ ) + for( i = 1; i < ctx->nr; i++ ) { aria_a( &ctx->rk[i][0], &ctx->rk[i][1], &ctx->rk[i][2], &ctx->rk[i][3] ); @@ -545,7 +545,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, GET_UINT32_LE( d, input, 12 ); i = 0; - while (1) + while( 1 ) { a ^= ctx->rk[i][0]; b ^= ctx->rk[i][1]; @@ -563,7 +563,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, i++; aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); - if (i >= ctx->nr) + if( i >= ctx->nr ) break; aria_a( &a, &b, &c, &d ); } @@ -907,7 +907,7 @@ int mbedtls_aria_self_test( int verbose ) { /* test ECB encryption */ if( verbose ) - printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i); + printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, aria_test1_ecb_pt, blk ); @@ -916,15 +916,15 @@ int mbedtls_aria_self_test( int verbose ) /* test ECB decryption */ if( verbose ) - printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i); + printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i ); mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, aria_test1_ecb_ct[i], blk ); - if (memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0) + if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) ARIA_SELF_TEST_IF_FAIL; } if( verbose ) - printf("\n"); + printf( "\n" ); /* * Test set 2 @@ -934,10 +934,10 @@ int mbedtls_aria_self_test( int verbose ) { /* Test CBC encryption */ if( verbose ) - printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i); + printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0x55, sizeof(buf) ); + memset( buf, 0x55, sizeof( buf ) ); mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, aria_test2_pt, buf ); if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 ) @@ -945,17 +945,17 @@ int mbedtls_aria_self_test( int verbose ) /* Test CBC decryption */ if( verbose ) - printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i); + printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i ); mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i ); memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0xAA, sizeof(buf) ); + memset( buf, 0xAA, sizeof( buf ) ); mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, aria_test2_cbc_ct[i], buf ); if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) ARIA_SELF_TEST_IF_FAIL; } if( verbose ) - printf("\n"); + printf( "\n" ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -964,10 +964,10 @@ int mbedtls_aria_self_test( int verbose ) { /* Test CFB encryption */ if( verbose ) - printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i); + printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0x55, sizeof(buf) ); + memset( buf, 0x55, sizeof( buf ) ); j = 0; mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, aria_test2_pt, buf ); @@ -976,10 +976,10 @@ int mbedtls_aria_self_test( int verbose ) /* Test CFB decryption */ if( verbose ) - printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i); + printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0xAA, sizeof(buf) ); + memset( buf, 0xAA, sizeof( buf ) ); j = 0; mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, iv, aria_test2_cfb_ct[i], buf ); @@ -987,7 +987,7 @@ int mbedtls_aria_self_test( int verbose ) ARIA_SELF_TEST_IF_FAIL; } if( verbose ) - printf("\n"); + printf( "\n" ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -995,10 +995,10 @@ int mbedtls_aria_self_test( int verbose ) { /* Test CTR encryption */ if( verbose ) - printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i); + printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0 - memset( buf, 0x55, sizeof(buf) ); + memset( buf, 0x55, sizeof( buf ) ); j = 0; mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, aria_test2_pt, buf ); @@ -1007,10 +1007,10 @@ int mbedtls_aria_self_test( int verbose ) /* Test CTR decryption */ if( verbose ) - printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i); + printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0 - memset( buf, 0xAA, sizeof(buf) ); + memset( buf, 0xAA, sizeof( buf ) ); j = 0; mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, aria_test2_ctr_ct[i], buf ); @@ -1018,7 +1018,7 @@ int mbedtls_aria_self_test( int verbose ) ARIA_SELF_TEST_IF_FAIL; } if( verbose ) - printf("\n"); + printf( "\n" ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ return( 0 ); From 906bc90b301762ccd5bde86f825b33dce96bfc3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 09:39:01 +0100 Subject: [PATCH 0755/1059] aria: number of rounds is non-negative --- include/mbedtls/aria.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index bcbc03da5a..b3617505d3 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -63,7 +63,7 @@ extern "C" { */ typedef struct { - int nr; /*!< The number of rounds (12, 14 or 16) */ + unsigned char nr; /*!< The number of rounds (12, 14 or 16) */ /*! The ARIA round keys. */ uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4]; } From d82d79154cc0683e18d370fd98814a33905d98e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 09:43:21 +0100 Subject: [PATCH 0756/1059] aria: fix more whitespace --- tests/suites/test_suite_aria.function | 28 +++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index d3d8ebeead..38fc7e3d78 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -9,7 +9,7 @@ /* BEGIN_CASE */ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, - char *hex_dst_string, int setkey_result ) + char *hex_dst_string, int setkey_result ) { unsigned char key_str[1000]; unsigned char src_str[1000]; @@ -48,7 +48,7 @@ exit: /* BEGIN_CASE */ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, - char *hex_dst_string, int setkey_result ) + char *hex_dst_string, int setkey_result ) { unsigned char key_str[1000]; unsigned char src_str[1000]; @@ -87,8 +87,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, - int cbc_result ) + char *hex_src_string, char *hex_dst_string, + int cbc_result ) { unsigned char key_str[1000]; unsigned char iv_str[1000]; @@ -127,8 +127,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, - int cbc_result ) + char *hex_src_string, char *hex_dst_string, + int cbc_result ) { unsigned char key_str[1000]; unsigned char iv_str[1000]; @@ -167,8 +167,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, - int result ) + char *hex_src_string, char *hex_dst_string, + int result ) { unsigned char key_str[1000]; unsigned char iv_str[1000]; @@ -205,8 +205,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, - int result ) + char *hex_src_string, char *hex_dst_string, + int result ) { unsigned char key_str[1000]; unsigned char iv_str[1000]; @@ -243,8 +243,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, - int result ) + char *hex_src_string, char *hex_dst_string, + int result ) { unsigned char key_str[1000]; unsigned char iv_str[1000]; @@ -281,8 +281,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, - int result ) + char *hex_src_string, char *hex_dst_string, + int result ) { unsigned char key_str[1000]; unsigned char iv_str[1000]; From 8abc34988165be7aaca736d8f016c9025e4f40c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 10:02:47 +0100 Subject: [PATCH 0757/1059] aria: rationalize buffer sizes in test functions --- include/mbedtls/aria.h | 5 +- tests/suites/test_suite_aria.function | 169 ++++++++++++++------------ 2 files changed, 92 insertions(+), 82 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index b3617505d3..2eed2f974a 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -42,8 +42,9 @@ #define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */ #define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ -#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */ -#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ +#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */ +#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ +#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */ #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ #define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 38fc7e3d78..b363406063 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -1,5 +1,14 @@ /* BEGIN_HEADER */ #include "mbedtls/aria.h" + +/* Maxium size of data used by test vectors + * WARNING: to be adapted if and when adding larger test cases */ +#define ARIA_MAX_DATASIZE 160 + +/* Maximum sizes of hexified things */ +#define ARIA_MAX_KEY_STR ( 2 * MBEDTLS_ARIA_MAX_KEYSIZE + 1 ) +#define ARIA_BLOCK_STR ( 2 * MBEDTLS_ARIA_BLOCKSIZE + 1 ) +#define ARIA_MAX_DATA_STR ( 2 * ARIA_MAX_DATASIZE + 1 ) /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -11,17 +20,17 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, char *hex_dst_string, int setkey_result ) { - unsigned char key_str[1000]; - unsigned char src_str[1000]; - unsigned char dst_str[1000]; - unsigned char output[1000]; + unsigned char key_str[ARIA_MAX_KEY_STR]; + unsigned char src_str[ARIA_MAX_DATA_STR]; + unsigned char dst_str[ARIA_MAX_DATA_STR]; + unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; int key_len, data_len, i; - memset( key_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); @@ -31,7 +40,7 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, == setkey_result ); if( setkey_result == 0 ) { - for( i = 0; i < data_len; i += 16 ) + for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) { TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, src_str + i, output + i ) == 0 ); @@ -50,17 +59,17 @@ exit: void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, char *hex_dst_string, int setkey_result ) { - unsigned char key_str[1000]; - unsigned char src_str[1000]; - unsigned char dst_str[1000]; - unsigned char output[1000]; + unsigned char key_str[ARIA_MAX_KEY_STR]; + unsigned char src_str[ARIA_MAX_DATA_STR]; + unsigned char dst_str[ARIA_MAX_DATA_STR]; + unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; int key_len, data_len, i; - memset( key_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); @@ -70,7 +79,7 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, == setkey_result ); if( setkey_result == 0 ) { - for( i = 0; i < data_len; i += 16 ) + for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) { TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, src_str + i, output + i ) == 0 ); @@ -90,19 +99,19 @@ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) { - unsigned char key_str[1000]; - unsigned char iv_str[1000]; - unsigned char src_str[1000]; - unsigned char dst_str[1000]; - unsigned char output[1000]; + unsigned char key_str[ARIA_MAX_KEY_STR]; + unsigned char iv_str[ARIA_BLOCK_STR]; + unsigned char src_str[ARIA_MAX_DATA_STR]; + unsigned char dst_str[ARIA_MAX_DATA_STR]; + unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; int key_len, data_len; - memset( key_str, 0x00, 1000 ); - memset( iv_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); @@ -130,19 +139,19 @@ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) { - unsigned char key_str[1000]; - unsigned char iv_str[1000]; - unsigned char src_str[1000]; - unsigned char dst_str[1000]; - unsigned char output[1000]; + unsigned char key_str[ARIA_MAX_KEY_STR]; + unsigned char iv_str[ARIA_BLOCK_STR]; + unsigned char src_str[ARIA_MAX_DATA_STR]; + unsigned char dst_str[ARIA_MAX_DATA_STR]; + unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; int key_len, data_len; - memset( key_str, 0x00, 1000 ); - memset( iv_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); @@ -170,20 +179,20 @@ void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int result ) { - unsigned char key_str[1000]; - unsigned char iv_str[1000]; - unsigned char src_str[1000]; - unsigned char dst_str[1000]; - unsigned char output[1000]; + unsigned char key_str[ARIA_MAX_KEY_STR]; + unsigned char iv_str[ARIA_BLOCK_STR]; + unsigned char src_str[ARIA_MAX_DATA_STR]; + unsigned char dst_str[ARIA_MAX_DATA_STR]; + unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; int key_len, data_len; - memset( key_str, 0x00, 1000 ); - memset( iv_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); @@ -208,20 +217,20 @@ void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int result ) { - unsigned char key_str[1000]; - unsigned char iv_str[1000]; - unsigned char src_str[1000]; - unsigned char dst_str[1000]; - unsigned char output[1000]; + unsigned char key_str[ARIA_MAX_KEY_STR]; + unsigned char iv_str[ARIA_BLOCK_STR]; + unsigned char src_str[ARIA_MAX_DATA_STR]; + unsigned char dst_str[ARIA_MAX_DATA_STR]; + unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; int key_len, data_len; - memset( key_str, 0x00, 1000 ); - memset( iv_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); @@ -246,21 +255,21 @@ void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int result ) { - unsigned char key_str[1000]; - unsigned char iv_str[1000]; - unsigned char src_str[1000]; - unsigned char dst_str[1000]; - unsigned char output[1000]; - unsigned char blk[16]; + unsigned char key_str[ARIA_MAX_KEY_STR]; + unsigned char iv_str[ARIA_BLOCK_STR]; + unsigned char src_str[ARIA_MAX_DATA_STR]; + unsigned char dst_str[ARIA_MAX_DATA_STR]; + unsigned char output[ARIA_MAX_DATASIZE]; + unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; int key_len, data_len; - memset( key_str, 0x00, 1000 ); - memset( iv_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); @@ -284,21 +293,21 @@ void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int result ) { - unsigned char key_str[1000]; - unsigned char iv_str[1000]; - unsigned char src_str[1000]; - unsigned char dst_str[1000]; - unsigned char output[1000]; - unsigned char blk[16]; + unsigned char key_str[ARIA_MAX_KEY_STR]; + unsigned char iv_str[ARIA_BLOCK_STR]; + unsigned char src_str[ARIA_MAX_DATA_STR]; + unsigned char dst_str[ARIA_MAX_DATA_STR]; + unsigned char output[ARIA_MAX_DATASIZE]; + unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; int key_len, data_len; - memset( key_str, 0x00, 1000 ); - memset( iv_str, 0x00, 1000 ); - memset( src_str, 0x00, 1000 ); - memset( dst_str, 0x00, 1000 ); - memset( output, 0x00, 1000 ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); key_len = unhexify( key_str, hex_key_string ); From 2078725feb3cb741a7d9224a3349421efbc9e64a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 10:37:47 +0100 Subject: [PATCH 0758/1059] aria: check arm arch version for asm rev and rev16 are only supported from v6 (all profiles) and up. arm-none-eabi-gcc picks a lower architecture version by default, which means before this commit it would fail to build (assembler error) unless you manually specified -march=armv6-m -mthumb or similar, which broke all.sh. Source for version-checking macros: - GCC/Clang: use the -E -dM - = 6000000 ) + ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \ + __ARM_ARCH >= 6 static inline uint32_t aria_p1( uint32_t x ) { uint32_t r; @@ -101,7 +102,8 @@ static inline uint32_t aria_p1( uint32_t x ) return( r ); } #define ARIA_P1 aria_p1 -#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 +#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \ + ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 ) static inline uint32_t aria_p1( uint32_t x ) { uint32_t r; @@ -139,10 +141,11 @@ static inline uint32_t aria_p1( uint32_t x ) * so let's provide asm versions for common platforms with C fallback. */ #if defined(MBEDTLS_HAVE_ASM) -#if defined(__arm__) +#if defined(__arm__) /* rev available from v6 up */ /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(__GNUC__) && \ - ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) + ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \ + __ARM_ARCH >= 6 static inline uint32_t aria_p3( uint32_t x ) { uint32_t r; @@ -150,7 +153,8 @@ static inline uint32_t aria_p3( uint32_t x ) return( r ); } #define ARIA_P3 aria_p3 -#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 +#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \ + ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 ) static inline uint32_t aria_p3( uint32_t x ) { uint32_t r; From 21662148f71fd622e9533ae9a11f9f19085b526f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 11:27:14 +0100 Subject: [PATCH 0759/1059] aria: improve compiler compat by using __asm gcc --std=c99 doesn't like the shorter "asm" (this broke all.sh) --- library/aria.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/aria.c b/library/aria.c index 7a43d416b0..55efd9a529 100644 --- a/library/aria.c +++ b/library/aria.c @@ -98,7 +98,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { static inline uint32_t aria_p1( uint32_t x ) { uint32_t r; - asm( "rev16 %0, %1" : "=l" (r) : "l" (x) ); + __asm( "rev16 %0, %1" : "=l" (r) : "l" (x) ); return( r ); } #define ARIA_P1 aria_p1 @@ -149,7 +149,7 @@ static inline uint32_t aria_p1( uint32_t x ) static inline uint32_t aria_p3( uint32_t x ) { uint32_t r; - asm( "rev %0, %1" : "=l" (r) : "l" (x) ); + __asm( "rev %0, %1" : "=l" (r) : "l" (x) ); return( r ); } #define ARIA_P3 aria_p3 @@ -168,7 +168,7 @@ static inline uint32_t aria_p3( uint32_t x ) defined(__i386__) || defined(__amd64__) || defined( __x86_64__) static inline uint32_t aria_p3( uint32_t x ) { - asm( "bswap %0" : "=r" (x) : "0" (x) ); + __asm( "bswap %0" : "=r" (x) : "0" (x) ); return( x ); } #define ARIA_P3 aria_p3 From f6b787cbcc7944b3974aae896d4547c7d2847ea8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 13:48:21 +0100 Subject: [PATCH 0760/1059] Fix typo in documentation (CTR warning) --- include/mbedtls/aes.h | 2 +- include/mbedtls/aria.h | 2 +- include/mbedtls/blowfish.h | 2 +- include/mbedtls/camellia.h | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 27be761687..22eb116b84 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -314,7 +314,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * 2. Use a randomly-generated \p nonce_counter for each call. * With this strategy, you need to ensure the nonce is generated * in an unbiased way and you must not encrypt more than 2**64 - * block of data. + * blocks of data. * * Note that for both stategies, the limit is in number of blocks * and that an AES block is 16 bytes. diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 2eed2f974a..0c4960b1b2 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -262,7 +262,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * 2. Use a randomly-generated \p nonce_counter for each call. * With this strategy, you need to ensure the nonce is generated * in an unbiased way and you must not encrypt more than 2**64 - * block of data. + * blocks of data. * * Note that for both stategies, the limit is in number of blocks * and that an ARIA block is 16 bytes. diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 4b4916e03a..f4e8afcb6e 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -184,7 +184,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * 2. Use a randomly-generated \p nonce_counter for each call. * With this strategy, you need to ensure the nonce is generated * in an unbiased way and you must not encrypt more than 2**32 - * block of data. + * blocks of data. * * Note that for both stategies, the limit is in number of blocks * and that a Blowfish block is 8 bytes. diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 1b138fc9e7..74e09615bf 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -201,7 +201,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * 2. Use a randomly-generated \p nonce_counter for each call. * With this strategy, you need to ensure the nonce is generated * in an unbiased way and you must not encrypt more than 2**64 - * block of data. + * blocks of data. * * Note that for both stategies, the limit is in number of blocks * and that a CAMELLIA block is 16 bytes. From 977dc36b1455a764de6657bbb61e935dfcdc1991 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 13:51:52 +0100 Subject: [PATCH 0761/1059] aria test suite: uniformize line wrapping --- tests/suites/test_suite_aria.function | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index b363406063..a662047cd9 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -43,7 +43,8 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) { TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, - src_str + i, output + i ) == 0 ); + src_str + i, output + i ) + == 0 ); } hexify( dst_str, output, data_len ); @@ -82,7 +83,8 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) { TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, - src_str + i, output + i ) == 0 ); + src_str + i, output + i ) + == 0 ); } hexify( dst_str, output, data_len ); @@ -202,7 +204,8 @@ void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len, &iv_offset, iv_str, - src_str, output ) == result ); + src_str, output ) + == result ); hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -240,7 +243,8 @@ void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, data_len, &iv_offset, iv_str, - src_str, output ) == result ); + src_str, output ) + == result ); hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -278,7 +282,8 @@ void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, - blk, src_str, output ) == result ); + blk, src_str, output ) + == result ); hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -316,7 +321,8 @@ void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, - blk, src_str, output ) == result ); + blk, src_str, output ) + == result ); hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); From 366e1b046457f2e9d1c62fab6c32669e04a3fe11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 1 Mar 2018 14:48:10 +0100 Subject: [PATCH 0762/1059] aria: fix comment on aria_a function The new version of the comment has been generated by the following python3 script, when the first constant is copy-pasted from RFC 5794 2.4.3. #!/usr/bin/python3 RFC_A = """ y0 = x3 ^ x4 ^ x6 ^ x8 ^ x9 ^ x13 ^ x14, y1 = x2 ^ x5 ^ x7 ^ x8 ^ x9 ^ x12 ^ x15, y2 = x1 ^ x4 ^ x6 ^ x10 ^ x11 ^ x12 ^ x15, y3 = x0 ^ x5 ^ x7 ^ x10 ^ x11 ^ x13 ^ x14, y4 = x0 ^ x2 ^ x5 ^ x8 ^ x11 ^ x14 ^ x15, y5 = x1 ^ x3 ^ x4 ^ x9 ^ x10 ^ x14 ^ x15, y6 = x0 ^ x2 ^ x7 ^ x9 ^ x10 ^ x12 ^ x13, y7 = x1 ^ x3 ^ x6 ^ x8 ^ x11 ^ x12 ^ x13, y8 = x0 ^ x1 ^ x4 ^ x7 ^ x10 ^ x13 ^ x15, y9 = x0 ^ x1 ^ x5 ^ x6 ^ x11 ^ x12 ^ x14, y10 = x2 ^ x3 ^ x5 ^ x6 ^ x8 ^ x13 ^ x15, y11 = x2 ^ x3 ^ x4 ^ x7 ^ x9 ^ x12 ^ x14, y12 = x1 ^ x2 ^ x6 ^ x7 ^ x9 ^ x11 ^ x12, y13 = x0 ^ x3 ^ x6 ^ x7 ^ x8 ^ x10 ^ x13, y14 = x0 ^ x3 ^ x4 ^ x5 ^ x9 ^ x11 ^ x14, y15 = x1 ^ x2 ^ x4 ^ x5 ^ x8 ^ x10 ^ x15. """ matrix = [] for l in RFC_A.split('\n')[1:-1]: rhs = l.split('=')[1][:-1] row = tuple(hex(int(t[2:]))[2:] for t in rhs.split('^')) matrix.append(row) out = {} out['a'] = tuple(''.join(w) for w in zip(*(matrix[0:4]))) out['b'] = tuple(''.join(w) for w in zip(*(matrix[4:8]))) out['c'] = tuple(''.join(w) for w in zip(*(matrix[8:12]))) out['d'] = tuple(''.join(w) for w in zip(*(matrix[12:]))) out2 = {} for o, r in out.items(): row = list(r) for i in range(len(r) - 1): w1 = row[i] if len(set(w1)) == 2: w2 = row[i+1] nw1 = nw2 = '' for j in range(len(w1)): if w1[j] in nw1: nw1 += w2[j] nw2 += w1[j] else: nw1 += w1[j] nw2 += w2[j] row[i] = nw1 row[i+1] = nw2 out2[o] = row for o in 'abcd': print(o, '=', ' + '.join(out[o])) print(' ', '=', ' + '.join(out2[o])) --- library/aria.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/aria.c b/library/aria.c index 55efd9a529..fdc2137fe9 100644 --- a/library/aria.c +++ b/library/aria.c @@ -190,11 +190,11 @@ static inline uint32_t aria_p3( uint32_t x ) * * a = 3210 + 4545 + 6767 + 88aa + 99bb + dccd + effe * = 3210 + 4567 + 6745 + 89ab + 98ba + dcfe + efcd - * b = 0101 + 2323 + 5476 + 8998 + baab + ecec + ffdd + * b = 0101 + 2323 + 5476 + 8998 + baab + eecc + ffdd * = 0123 + 2301 + 5476 + 89ab + ba98 + efcd + fedc - * c = 0022 + 1133 + 4545 + 7667 + ab89 + dcdc + fefe + * c = 0022 + 1133 + 4554 + 7667 + ab89 + dcdc + fefe * = 0123 + 1032 + 4567 + 7654 + ab89 + dcfe + fedc - * d = 1001 + 2332 + 6644 + 7755 + 9898 + baba + cedf + * d = 1001 + 2332 + 6644 + 7755 + 9898 + baba + cdef * = 1032 + 2301 + 6745 + 7654 + 98ba + ba98 + cdef * * Note: another presentation of the A transform can be found as the first From 7deee20cd26d0b54e025f86a0d8727bf865991ae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 25 Sep 2017 10:46:20 +0100 Subject: [PATCH 0763/1059] Add ChangeLog entry for previous security fix Fixes #825 --- ChangeLog | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 68fb6f5e96..4ee9ea8c30 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,22 +1,18 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.7.x branch released 2018-xx-xx - -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). += mbed TLS x.x.x branch released xxxx-xx-xx Security * Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix a bug in the X.509 module potentially leading to a buffer overread + during CRT verification or to invalid or omitted checks for certificate + validity. The former can be triggered remotely, while the latter requires + a non DER-compliant certificate correctly signed by a trusted CA, or a + trusted CA with a non DER-compliant certificate. Found by luocm on GitHub. + Fixes #825. Features * Extend PKCS#8 interface by introducing support for the entire SHA @@ -44,6 +40,16 @@ Changes * MD functions deprecated in 2.7.0 are no longer inline, to provide a migration path for those depending on the library's ABI. +Default behavior changes + * The truncated HMAC extension now conforms to RFC 6066. This means + that when both sides of a TLS connection negotiate the truncated + HMAC extension, Mbed TLS can now interoperate with other + compliant implementations, but this breaks interoperability with + prior versions of Mbed TLS. To restore the old behavior, enable + the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in + config.h. Found by Andreas Walz (ivESK, Offenburg University of + Applied Sciences). + = mbed TLS 2.7.0 branch released 2018-02-03 Security From f5bb78183a2a9d8fe3ca5adb154ea7d48ddba28a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Mar 2018 12:48:53 +0100 Subject: [PATCH 0764/1059] Fix MSVC warnings library\x509_crt.c(2137): warning C4267: 'function' : conversion from 'size_t' to 'int', possible loss of data library\x509_crt.c(2265): warning C4267: 'function' : conversion from 'size_t' to 'int', possible loss of data --- library/x509_crt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5625b94d03..30ec120a29 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2009,8 +2009,8 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, int *parent_is_trusted, - int path_cnt, - int self_cnt ) + size_t path_cnt, + size_t self_cnt ) { mbedtls_x509_crt *parent; @@ -2096,7 +2096,7 @@ static int x509_crt_verify_chain( mbedtls_x509_crt *parent; int parent_is_trusted = 0; int child_is_trusted = 0; - int self_cnt = 0; + size_t self_cnt = 0; child = crt; *chain_len = 0; @@ -2262,7 +2262,7 @@ static int x509_crt_merge_flags_with_cb( cur_flags = ver_chain[i-1].flags; if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, i-1, &cur_flags ) ) != 0 ) + if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, (int) i-1, &cur_flags ) ) != 0 ) return( ret ); *flags |= cur_flags; From ce5673cbe651c42d32062cc73ab53d2513928e31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Mar 2018 09:54:10 +0100 Subject: [PATCH 0765/1059] Add reference to github issue in compat.sh --- tests/compat.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/compat.sh b/tests/compat.sh index 0a863fa487..b914386bb4 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -435,7 +435,8 @@ add_common_ciphersuites() # with its Mbed TLS name. # # NOTE: for some reason RSA-PSK doesn't work with OpenSSL, -# so RSA-PSK ciphersuites need to go in other sections. +# so RSA-PSK ciphersuites need to go in other sections, see +# https://github.com/ARMmbed/mbedtls/issues/1419 add_openssl_ciphersuites() { case $TYPE in From 8c661b90c71c60a25767c2c5e586750caabc1fc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Mar 2018 10:00:00 +0100 Subject: [PATCH 0766/1059] Fix section order in the ChangeLog --- ChangeLog | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4ee9ea8c30..a319cf2644 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Default behavior changes + * The truncated HMAC extension now conforms to RFC 6066. This means + that when both sides of a TLS connection negotiate the truncated + HMAC extension, Mbed TLS can now interoperate with other + compliant implementations, but this breaks interoperability with + prior versions of Mbed TLS. To restore the old behavior, enable + the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in + config.h. Found by Andreas Walz (ivESK, Offenburg University of + Applied Sciences). + Security * Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the @@ -40,16 +50,6 @@ Changes * MD functions deprecated in 2.7.0 are no longer inline, to provide a migration path for those depending on the library's ABI. -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). - = mbed TLS 2.7.0 branch released 2018-02-03 Security From 05c00ed8b228ef632a299259650faed18f8d960b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 6 Mar 2018 11:33:06 +0100 Subject: [PATCH 0767/1059] Fix some more MSVC size_t -> int warnings --- library/x509_crt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 30ec120a29..4c959b0fa1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1957,8 +1957,8 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, int top, - int path_cnt, - int self_cnt ) + size_t path_cnt, + size_t self_cnt ) { mbedtls_x509_crt *parent, *badtime_parent = NULL; @@ -1970,7 +1970,7 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, /* +1 because stored max_pathlen is 1 higher that the actual value */ if( parent->max_pathlen > 0 && - parent->max_pathlen < 1 + path_cnt - self_cnt ) + (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) { continue; } From cf092b2ccf6fe88ec7b6e075aa89d93cadaa059a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 6 Mar 2018 14:23:38 +0000 Subject: [PATCH 0768/1059] Deprecate support for record compression --- ChangeLog | 4 ++++ include/mbedtls/check_config.h | 8 ++++++++ include/mbedtls/config.h | 3 +++ 3 files changed, 15 insertions(+) diff --git a/ChangeLog b/ChangeLog index 68fb6f5e96..75a8f1186a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,10 @@ Features OpenVPN Inc. Fixes #1339 * Add support for public keys encoded in PKCS#1 format. #1122 +New deprecations + * Deprecate support for record compression (configuration option + MBEDTLS_ZLIB_SUPPORT). + Bugfix * Fix the name of a DHE parameter that was accidentally changed in 2.7.0. Fixes #1358. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index be80332963..655612e201 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -66,6 +66,14 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif +#if defined(MBEDTLS_ZLIB_SUPPORT) && defined(MBEDTLS_DEPRECATED_WARNING) +#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will likely be removed in a future version of the library" +#endif + +#if defined(MBEDTLS_ZLIB_SUPPORT) && defined(MBEDTLS_DEPRECATED_REMOVED) +#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set" +#endif + #if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_AESNI_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1c98558ebc..05f67fa3c0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1541,6 +1541,9 @@ * * \note Currently compression can't be used with DTLS. * + * \deprecated This feature is deprecated and will likely be removed + * in a future version of the library. + * * Used in: library/ssl_tls.c * library/ssl_cli.c * library/ssl_srv.c From b2b29d52592b1c632f0b4b79f7c11c74f0798459 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Mon, 21 Aug 2017 15:58:12 +0100 Subject: [PATCH 0769/1059] Add end-of-buffer check to prevent heap-buffer-overflow Dereference of *p should not happen when it points past the end of the buffer. Internal reference: IOTSSL-1663 --- library/pkparse.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index b4def4f914..89a0c5dbfd 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -181,6 +181,9 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, { int ret; + if ( end - *p < 1 ) + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + /* Tag may be either OID or SEQUENCE */ params->tag = **p; if( params->tag != MBEDTLS_ASN1_OID From 7b2e85dd7ccb4c253df76ac0517841874bf72e17 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Wed, 30 Aug 2017 21:10:42 +0100 Subject: [PATCH 0770/1059] Use both applicable error codes and a proper coding style --- library/pkparse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 89a0c5dbfd..6e22ce4f7d 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -182,7 +182,8 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, int ret; if ( end - *p < 1 ) - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_OUT_OF_DATA ); /* Tag may be either OID or SEQUENCE */ params->tag = **p; From 90da97d587b1eef67a6742605c891a086f7fb710 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Thu, 31 Aug 2017 12:57:35 +0100 Subject: [PATCH 0771/1059] Add test case found through fuzzing to pkparse test suite --- tests/suites/test_suite_pkparse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 416f9dfe44..e420fb04e2 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -486,3 +486,6 @@ pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100": Key ASN1 (RSAPrivateKey, values present, check_privkey fails) pk_parse_key_rsa:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Key ASN1 (heap-buffer-overflow, unchecked access of tag) +pk_parse_key_rsa:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT From 52895b2b2e2328d0cebdba102ea2f57136ec7175 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Tue, 5 Sep 2017 17:00:54 +0100 Subject: [PATCH 0772/1059] Add Changelog entry --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db0215914..f835e4aa71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix a heap-buffer-overflow during private key parsing. Found through + fuzzing. + = mbed TLS 2.7.0 branch released 2018-02-03 Security From cf79312a6d3688637b6e2dbaf35b7c319fa8e02c Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Thu, 7 Sep 2017 16:33:44 +0100 Subject: [PATCH 0773/1059] Update changelog entry --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f835e4aa71..64361bed9b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Fix a heap-buffer-overflow during private key parsing. Found through - fuzzing. + * Fix a 1-byte heap buffer overflow (read-only) during private key parsing. + Found through fuzz testing. = mbed TLS 2.7.0 branch released 2018-02-03 From bb50113123df6b4d53f28cee14df23ff04a4a710 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Thu, 7 Sep 2017 16:44:06 +0100 Subject: [PATCH 0774/1059] Rename test and update dependencies --- tests/suites/test_suite_pkparse.data | 25 +++++++++++++++--------- tests/suites/test_suite_pkparse.function | 4 ++-- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index e420fb04e2..932d8907b6 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -467,25 +467,32 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MB pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 Key ASN1 (Incorrect first tag) -pk_parse_key_rsa:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +pk_parse_key:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, incorrect version tag) -pk_parse_key_rsa:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, version tag missing) -pk_parse_key_rsa:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, invalid version) -pk_parse_key_rsa:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, correct version, incorrect tag) -pk_parse_key_rsa:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, values present, length mismatch) -pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, values present, check_privkey fails) -pk_parse_key_rsa:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +depends_on:MBEDTLS_RSA_C +pk_parse_key:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Key ASN1 (heap-buffer-overflow, unchecked access of tag) -pk_parse_key_rsa:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +Key ASN1 (ECPrivateKey, empty parameters) +depends_on:MBEDTLS_ECP_C +pk_parse_key:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 4f1a616061..59f7877fc6 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -113,8 +113,8 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ -void pk_parse_key_rsa( char *key_data, char *result_str, int result ) +/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */ +void pk_parse_key( char *key_data, char *result_str, int result ) { mbedtls_pk_context pk; unsigned char buf[2000]; From 22797fcc57a59321d2cc18d37bac43c44474edb2 Mon Sep 17 00:00:00 2001 From: Sanne Wouda Date: Fri, 8 Sep 2017 10:58:37 +0100 Subject: [PATCH 0775/1059] Remove redundant dependency --- tests/suites/test_suite_pkparse.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 59f7877fc6..94d25e7eb0 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -113,7 +113,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE */ void pk_parse_key( char *key_data, char *result_str, int result ) { mbedtls_pk_context pk; From e57d7438b02e05abfbc81078575f62c9fa5d5b22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 7 Mar 2018 10:00:57 +0100 Subject: [PATCH 0776/1059] Improve documentation of some internal functions --- library/x509_crt.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index 4c959b0fa1..24222d67c3 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1953,6 +1953,19 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * way we select the correct one is by checking the signature (as we don't * rely on key identifier extensions). (This is one way users might choose to * handle key rollover, another relies on self-issued certs, see [SIRO].) + * + * Arguments: + * - [in] child: certificate for which we're looking for a parent + * - [in] candidates: chained list of potential parents + * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top + * of the chain, 0 otherwise + * - [in] path_cnt: number of intermediates seen so far + * - [in] self_cnt: number of self-signed intermediates seen so far + * (will never be greater than path_cnt) + * + * Return value: + * - the first suitable parent found (see above regarding time-validity) + * - NULL if no suitable parent was found */ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, @@ -2005,6 +2018,19 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child, * * Searches in trusted CAs first, and return the first suitable parent found * (see find_parent_in() for definition of suitable). + * + * Arguments: + * - [in] child: certificate for which we're looking for a parent, followed + * by a chain of possible intermediates + * - [in] trust_ca: locally trusted CAs + * - [out] 1 if parent was found in trust_ca, 0 if found in provided chain + * - [in] path_cnt: number of intermediates seen so far + * - [in] self_cnt: number of self-signed intermediates seen so far + * (will always be no greater than path_cnt) + * + * Return value: + * - the first suitable parent found (see find_parent_in() for "suitable") + * - NULL if no suitable parent was found */ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, From e494e20f0c39499badb1a52eaafea23d2f7b02db Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 8 Mar 2018 13:26:12 +0000 Subject: [PATCH 0777/1059] Move and reword deprecation warning/error on compression support --- include/mbedtls/check_config.h | 8 -------- include/mbedtls/config.h | 4 ++-- include/mbedtls/ssl.h | 9 +++++++++ 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 655612e201..be80332963 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -66,14 +66,6 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif -#if defined(MBEDTLS_ZLIB_SUPPORT) && defined(MBEDTLS_DEPRECATED_WARNING) -#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will likely be removed in a future version of the library" -#endif - -#if defined(MBEDTLS_ZLIB_SUPPORT) && defined(MBEDTLS_DEPRECATED_REMOVED) -#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set" -#endif - #if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_AESNI_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 05f67fa3c0..d47e9c7aff 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1541,8 +1541,8 @@ * * \note Currently compression can't be used with DTLS. * - * \deprecated This feature is deprecated and will likely be removed - * in a future version of the library. + * \deprecated This feature is deprecated and will be removed + * in the next major revision of the library. * * Used in: library/ssl_tls.c * library/ssl_cli.c diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 51e843ae24..a679717225 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -49,6 +49,15 @@ #endif #if defined(MBEDTLS_ZLIB_SUPPORT) + +#if defined(MBEDTLS_DEPRECATED_WARNING) +#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library" +#endif + +#if defined(MBEDTLS_DEPRECATED_REMOVED) +#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set" +#endif + #include "zlib.h" #endif From 6f486a6fb5c7311a8d07913778b53f128ec37cd8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 8 Mar 2018 13:31:44 +0000 Subject: [PATCH 0778/1059] Fix merge error --- tests/scripts/all.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 140a90f096..e60530fd78 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -881,8 +881,5 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup -<<<<<<< HEAD -======= final_report ->>>>>>> development-restricted From 1ed45ea36b345327d4f6af0344fc0518b22872fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Mar 2018 18:16:45 +0100 Subject: [PATCH 0779/1059] Refer to X.690 by number It's easier to identify and find by number than by its very wordy title, especially as there was a typo in the title. --- include/mbedtls/asn1.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 75b7b3dfbc..86b50e6c84 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -90,9 +90,8 @@ /* * Bit masks for each of the components of an ASN.1 tag as specified in - * Information technnology - ASN.1 encoding rules: Specification of Basic - * Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished - * encoding rules (DER) Section 8.1.2.2: + * ITU X.690 (08/2015), section 8.1 "General rules for encoding", + * paragraph 8.1.2.2: * * Bit 8 7 6 5 1 * +-------+-----+------------+ From e61514d70d3987fa750c3e3a63d7e19c6444d2b6 Mon Sep 17 00:00:00 2001 From: Brendan Shanks Date: Thu, 8 Mar 2018 17:40:56 -0800 Subject: [PATCH 0780/1059] benchmark: Fix incompatibility with C89 compilers Initializing arrays using non-constant expressions is not permitted in C89, and was causing errors when compiling with Metrowerks CodeWarrior (for classic MacOS) in C89 mode. Clang also produces a warning when compiling with '-Wc99-extensions': test/benchmark.c:670:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions] const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; ^~~~~~~~~~ test/benchmark.c:674:42: warning: initializer for aggregate is not a compile-time constant [-Wc99-extensions] const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 }; ^~~~~~~~~~ Declaring the arrays as 'static' makes them constant expressions. fixes #1353 --- programs/test/benchmark.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 2864caf842..1945b30d97 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -658,13 +658,13 @@ int main( int argc, char *argv[] ) if( todo.dhm ) { int dhm_sizes[] = { 2048, 3072 }; - const unsigned char dhm_P_2048[] = + static const unsigned char dhm_P_2048[] = MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - const unsigned char dhm_P_3072[] = + static const unsigned char dhm_P_3072[] = MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN; - const unsigned char dhm_G_2048[] = + static const unsigned char dhm_G_2048[] = MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - const unsigned char dhm_G_3072[] = + static const unsigned char dhm_G_3072[] = MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN; const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; From 7c2dd5890f945006d838089220c92e66cc1fba66 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 1 Mar 2018 14:53:49 +0000 Subject: [PATCH 0781/1059] Add script for ABI compatibility checking --- scripts/abi_check.py | 233 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100755 scripts/abi_check.py diff --git a/scripts/abi_check.py b/scripts/abi_check.py new file mode 100755 index 0000000000..0f063a3f35 --- /dev/null +++ b/scripts/abi_check.py @@ -0,0 +1,233 @@ +#!/usr/bin/env python3 + +# This script is a small wrapper around the abi-compliance-checker and +# abi-dumper tools, applying them to compare the ABI and API of the library +# files from two different Git revisions within an Mbed TLS repository. +# The results of the comparison are formatted as HTML and stored at +# a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, +# and 2 if there is an error while running the script. +# Note: must be run from Mbed TLS root. + +import os +import sys +import traceback +import shutil +import subprocess +import argparse +import logging +import tempfile + + +class AbiChecker(object): + + def __init__(self, report_dir, old_rev, new_rev, keep_all_reports): + self.repo_path = "." + self.log = None + self.setup_logger() + self.report_dir = os.path.abspath(report_dir) + self.keep_all_reports = keep_all_reports + self.should_keep_report_dir = os.path.isdir(self.report_dir) + self.old_rev = old_rev + self.new_rev = new_rev + self.mbedtls_modules = ["libmbedcrypto", "libmbedtls", "libmbedx509"] + self.old_dumps = {} + self.new_dumps = {} + self.git_command = "git" + self.make_command = "make" + + def check_repo_path(self): + if not __file__ == os.path.join(".", "scripts", "abi_check.py"): + raise Exception("Must be run from Mbed TLS root") + + def setup_logger(self): + self.log = logging.getLogger() + self.log.setLevel(logging.INFO) + self.log.addHandler(logging.StreamHandler()) + + def check_abi_tools_are_installed(self): + for command in ["abi-dumper", "abi-compliance-checker"]: + if not shutil.which(command): + raise Exception("{} not installed, aborting".format(command)) + + def get_clean_worktree_for_git_revision(self, git_rev): + self.log.info( + "Checking out git worktree for revision {}".format(git_rev) + ) + git_worktree_path = tempfile.mkdtemp() + worktree_process = subprocess.Popen( + [self.git_command, "worktree", "add", git_worktree_path, git_rev], + cwd=self.repo_path, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + worktree_output, _ = worktree_process.communicate() + self.log.info(worktree_output.decode("utf-8")) + if worktree_process.returncode != 0: + raise Exception("Checking out worktree failed, aborting") + return git_worktree_path + + def build_shared_libraries(self, git_worktree_path): + my_environment = os.environ.copy() + my_environment["CFLAGS"] = "-g -Og" + my_environment["SHARED"] = "1" + make_process = subprocess.Popen( + self.make_command, + env=my_environment, + cwd=git_worktree_path, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + make_output, _ = make_process.communicate() + self.log.info(make_output.decode("utf-8")) + if make_process.returncode != 0: + raise Exception("make failed, aborting") + + def get_abi_dumps_from_shared_libraries(self, git_ref, git_worktree_path): + abi_dumps = {} + for mbed_module in self.mbedtls_modules: + output_path = os.path.join( + self.report_dir, "{}-{}.dump".format(mbed_module, git_ref) + ) + abi_dump_command = [ + "abi-dumper", + os.path.join( + git_worktree_path, "library", mbed_module + ".so"), + "-o", output_path, + "-lver", git_ref + ] + abi_dump_process = subprocess.Popen( + abi_dump_command, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + abi_dump_output, _ = abi_dump_process.communicate() + self.log.info(abi_dump_output.decode("utf-8")) + if abi_dump_process.returncode != 0: + raise Exception("abi-dumper failed, aborting") + abi_dumps[mbed_module] = output_path + return abi_dumps + + def cleanup_worktree(self, git_worktree_path): + shutil.rmtree(git_worktree_path) + worktree_process = subprocess.Popen( + [self.git_command, "worktree", "prune"], + cwd=self.repo_path, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + worktree_output, _ = worktree_process.communicate() + self.log.info(worktree_output.decode("utf-8")) + if worktree_process.returncode != 0: + raise Exception("Worktree cleanup failed, aborting") + + def get_abi_dump_for_ref(self, git_rev): + git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev) + self.build_shared_libraries(git_worktree_path) + abi_dumps = self.get_abi_dumps_from_shared_libraries( + git_rev, git_worktree_path + ) + self.cleanup_worktree(git_worktree_path) + return abi_dumps + + def get_abi_compatibility_report(self): + compatibility_report = "" + compliance_return_code = 0 + for mbed_module in self.mbedtls_modules: + output_path = os.path.join( + self.report_dir, "{}-{}-{}.html".format( + mbed_module, self.old_rev, self.new_rev + ) + ) + abi_compliance_command = [ + "abi-compliance-checker", + "-l", mbed_module, + "-old", self.old_dumps[mbed_module], + "-new", self.new_dumps[mbed_module], + "-strict", + "-report-path", output_path + ] + abi_compliance_process = subprocess.Popen( + abi_compliance_command, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + abi_compliance_output, _ = abi_compliance_process.communicate() + self.log.info(abi_compliance_output.decode("utf-8")) + if abi_compliance_process.returncode == 0: + compatibility_report += ( + "No compatibility issues for {}\n".format(mbed_module) + ) + if not self.keep_all_reports: + os.remove(output_path) + elif abi_compliance_process.returncode == 1: + compliance_return_code = 1 + self.should_keep_report_dir = True + compatibility_report += ( + "Compatibility issues found for {}, " + "for details see {}\n".format(mbed_module, output_path) + ) + else: + raise Exception( + "abi-compliance-checker failed with a return code of {}," + " aborting".format(abi_compliance_process.returncode) + ) + os.remove(self.old_dumps[mbed_module]) + os.remove(self.new_dumps[mbed_module]) + if not self.should_keep_report_dir and not self.keep_all_reports: + os.rmdir(self.report_dir) + self.log.info(compatibility_report) + return compliance_return_code + + def check_for_abi_changes(self): + self.check_repo_path() + self.check_abi_tools_are_installed() + self.old_dumps = self.get_abi_dump_for_ref(self.old_rev) + self.new_dumps = self.get_abi_dump_for_ref(self.new_rev) + return self.get_abi_compatibility_report() + + +def run_main(): + try: + parser = argparse.ArgumentParser( + description=( + "This script is a small wrapper around the " + "abi-compliance-checker and abi-dumper tools, applying them " + "to compare the ABI and API of the library files from two " + "different Git revisions within an Mbed TLS repository." + " The results of the comparison are formatted as HTML and" + " stored at a configurable location. Returns 0 on success, " + "1 on ABI/API non-compliance, and 2 if there is an error " + "while running the script. # Note: must be run from " + "Mbed TLS root." + ) + ) + parser.add_argument( + "-r", "--report_dir", type=str, default="reports", + help="directory where reports are stored, default is reports", + ) + parser.add_argument( + "-k", "--keep_all_reports", action="store_true", + help="keep all reports, even if there are no compatibility issues", + ) + parser.add_argument( + "-o", "--old_rev", type=str, help="revision for old version", + required=True + ) + parser.add_argument( + "-n", "--new_rev", type=str, help="revision for new version", + required=True + ) + abi_args = parser.parse_args() + abi_check = AbiChecker( + abi_args.report_dir, abi_args.old_rev, + abi_args.new_rev, abi_args.keep_all_reports + ) + return_code = abi_check.check_for_abi_changes() + sys.exit(return_code) + except Exception as error: + traceback.print_exc(error) + sys.exit(2) + + +if __name__ == "__main__": + run_main() From 9c4f4038ddbf0b3999649385846a0b66623b6cbc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 May 2017 14:46:36 +0200 Subject: [PATCH 0782/1059] Add changelog entry --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 13de8672c7..b729d6c7c8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released 2017-xx-xx + +Changes + * Clarify the documentation of mbedtls_ssl_setup. + = mbed TLS 2.4.2 branch released 2017-03-08 Security From 08af538ec90af91d530d34ddc129d386f68ebe8e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 11 Mar 2018 00:15:56 +0100 Subject: [PATCH 0783/1059] Fix grammar in ChangeLog entry --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 716567b04d..13adfb590d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,7 +34,7 @@ Bugfix with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. In the context of SSL, this resulted in handshake failure. #1351 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 - * In test_suite_pk pass valid parameters when testing for hash length + * In test_suite_pk, pass valid parameters when testing for hash length overflow. #1179 Changes From 3f1b89d251bd654c77cd61ddf3aac64ebee9be21 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 11 Mar 2018 00:35:39 +0100 Subject: [PATCH 0784/1059] This fixes #664 --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6dab645dc3..40aa075b6a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -91,9 +91,9 @@ Bugfix freeing an RSA context and several MPI's without proper initialization beforehand. * Fix setting version TLSv1 as minimal version, even if TLS 1 - is not enabled. Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` - and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead - of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1` + is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION + and MBEDTLS_SSL_MIN_MINOR_VERSION instead of + MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664 Changes * Extend cert_write example program by options to set the CRT version From b21a085baeaec8c3c3288b98096c24b279231b01 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Mar 2018 14:24:36 +0100 Subject: [PATCH 0785/1059] Show build modes in code font This clarifies that it's the string to type and not just some description of it. --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 2c6cc62a05..a2c3c6f21e 100644 --- a/README.md +++ b/README.md @@ -110,14 +110,14 @@ To configure CMake for building shared libraries, use: There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific: -- Release. This generates the default code without any unnecessary information in the binary files. -- Debug. This generates debug information and disables optimization of the code. -- Coverage. This generates code coverage information in addition to debug information. -- ASan. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) -- ASanDbg. Same as ASan but slower, with debug information and better stack traces. -- MemSan. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64. -- MemSanDbg. Same as MemSan but slower, with debug information, better stack traces and origin tracking. -- Check. This activates the compiler warnings that depend on optimization and treats all warnings as errors. +- `Release`. This generates the default code without any unnecessary information in the binary files. +- `Debug`. This generates debug information and disables optimization of the code. +- `Coverage`. This generates code coverage information in addition to debug information. +- `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) +- `ASanDbg`. Same as ASan but slower, with debug information and better stack traces. +- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64. +- `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking. +- `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors. Switching build modes in CMake is simple. For debug mode, enter at the command line: From 147b28ec3f93673c82cb6e430b34020348abcced Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Mar 2018 15:26:59 +0100 Subject: [PATCH 0786/1059] Fix remaining issues found by depend-pkalgs --- tests/suites/test_suite_x509parse.data | 6 +++--- tests/suites/test_suite_x509write.function | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a26b7ad06b..e2dc3c9e0f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -776,11 +776,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP19 x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" X509 Certificate verification #94 (Suite B invalid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" X509 Certificate verification #95 (Suite B Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 Certificate verification #96 (next profile Invalid Cert SHA224 Digest) @@ -788,7 +788,7 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" X509 Certificate verification callback: bad name diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index ca76e861d4..62f82e8a05 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -130,6 +130,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, issuer_pwd ) == 0 ); +#if defined(MBEDTLS_RSA_C) /* For RSA PK contexts, create a copy as an alternative RSA context. */ if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA ) { @@ -141,6 +142,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, key = &issuer_key_alt; } +#else + (void) rsa_alt; +#endif TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 ); From 88a8dcb38ef7576840a06d98d3e92356008c1997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Mar 2018 15:49:35 +0100 Subject: [PATCH 0787/1059] Fix remaining issues found by depend-hashes --- tests/suites/test_suite_x509parse.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index e2dc3c9e0f..8642eb6609 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -784,11 +784,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 Certificate verification #96 (next profile Invalid Cert SHA224 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" X509 Certificate verification callback: bad name From 3ff4a074af5f188c4d7c8ab1ae57bd1d50dd11d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Mar 2018 23:54:20 +0100 Subject: [PATCH 0788/1059] Fix ChangeLog style. Fix #918 --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 000084b775..edf3eb39af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,9 @@ -mbed TLS ChangeLog (Sorted per branch, date) +mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Bugfix - * Log correct number of ciphersuites used in Client Hello message. Fix for #918. + * Log correct number of ciphersuites used in Client Hello message. #918 = mbed TLS 2.6.0 branch released 2017-08-10 From 6dc4a319884d03d967bb00eac3b0d81e7a3d66e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Mar 2018 00:13:06 +0100 Subject: [PATCH 0789/1059] Add ChangeLog entry. Fixes #678 --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index f96786d72a..984ab030e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Use (void) when defining functions with no parameters. Contributed by + Joris Aerts. #678 + = mbed TLS 2.4.0 branch released 2016-10-17 Security From 127c5affce7b419afc9eb9f4a5c37ecdf3498e67 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 12 Mar 2018 15:44:31 +0000 Subject: [PATCH 0790/1059] Add copyright to abi_check script --- scripts/abi_check.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 0f063a3f35..f9fb7f65d6 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,5 +1,11 @@ #!/usr/bin/env python3 - +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2018, Arm Limited, All Rights Reserved +# +# Purpose +# # This script is a small wrapper around the abi-compliance-checker and # abi-dumper tools, applying them to compare the ABI and API of the library # files from two different Git revisions within an Mbed TLS repository. From a1098f81c252b317ad34ea978aea2bc47760b215 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 11:28:49 +0100 Subject: [PATCH 0791/1059] Add bounds check before signature length read --- library/ssl_cli.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 2534346a49..279a127ba2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2478,6 +2478,14 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) /* * Read signature */ + + if( p > end - 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } sig_len = ( p[0] << 8 ) | p[1]; p += 2; From 027f84c69f4ef30c0693832a6c396ef19e563ca1 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 11:29:24 +0100 Subject: [PATCH 0792/1059] Prevent arithmetic overflow on bounds check --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 279a127ba2..df6abc389e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2489,7 +2489,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) sig_len = ( p[0] << 8 ) | p[1]; p += 2; - if( end != p + sig_len ) + if( p != end - sig_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, From 740b218386083dc708ce98ccc94a63a95cd5629e Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 11:31:14 +0100 Subject: [PATCH 0793/1059] Add bounds check before length read --- library/ssl_cli.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 2534346a49..585750ef2e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2057,6 +2057,12 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * * opaque psk_identity_hint<0..2^16-1>; */ + if( (*p) > end - 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " + "(psk_identity_hint length)" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } len = (*p)[0] << 8 | (*p)[1]; *p += 2; From 5224a7544c95552553e2e6be0b4a789956a6464e Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 11:31:38 +0100 Subject: [PATCH 0794/1059] Prevent arithmetic overflow on bounds check --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 585750ef2e..759a4562a1 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2066,7 +2066,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( (*p) + len > end ) + if( (*p) > end - len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " "(psk_identity_hint length)" ) ); From 62dcbaf567e9f015fc533d2ef29c39ee9271527b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 10:54:43 +0000 Subject: [PATCH 0795/1059] Improve crediting in ChangeLog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 6b0fe3ba5e..b6f61fa710 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,7 +9,8 @@ Bugfix returned when unexpected messages were being discarded, ignoring that further messages could potentially already be pending to be processed in the internal buffers; these cases lead to deadlocks in case - event-driven I/O was used. Found by Hubert Mis. + event-driven I/O was used. + Found and reported by Hubert Mis in #772. API changes * Add function mbedtls_net_poll to public API allowing to wait for a From 6a33f59f76092fe86094b71ec4a47cfff481d65b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 11:38:46 +0000 Subject: [PATCH 0796/1059] Add tests for event-driven I/O in DTLS to ssl-opt.sh --- tests/ssl-opt.sh | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 34aa43f99f..4c6512142f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2527,6 +2527,47 @@ run_test "Event-driven I/O: session-id resume" \ -C "mbedtls_ssl_handshake returned" \ -c "Read from server: .* bytes read" +run_test "Event-driven I/O, DTLS: basic handshake" \ + "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 event=1 tickets=0" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: client auth" \ + "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ + "$P_CLI dtls=1 event=1 tickets=0" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: ticket" \ + "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ + "$P_CLI dtls=1 event=1 tickets=1" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: ticket + client auth" \ + "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ + "$P_CLI dtls=1 event=1 tickets=1" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ + "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ + "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: ticket + resume" \ + "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ + "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \ + 0 \ + -c "Read from server: .* bytes read" + +run_test "Event-driven I/O, DTLS: session-id resume" \ + "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ + "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ + 0 \ + -c "Read from server: .* bytes read" # Tests for version negotiation run_test "Version check: all -> 1.2" \ From ddc3ebbc3f698a6db77da59805c3a02f891454e0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 11:39:09 +0000 Subject: [PATCH 0797/1059] Exemplify use of `mbedtls_ssl_check_pending` in `ssl_server2.c` --- programs/ssl/ssl_server2.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c3321d13a1..74a1142719 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2417,21 +2417,37 @@ data_exchange: while( 1 ) { + /* Without the call to `mbedtls_ssl_check_pending`, it might + * happen that the client sends application data in the same + * datagram as the Finished message concluding the handshake. + * In this case, the application data would be ready to be + * processed while the underlying transport wouldn't signal + * any further incoming data. + * + * See the test 'Event-driven I/O: session-id resume, UDP packing' + * in tests/ssl-opt.sh. + */ + + /* For event-driven IO, wait for socket to become available */ + if( mbedtls_ssl_check_pending( &ssl ) == 0 && + opt.event == 1 /* level triggered IO */ ) + { +#if defined(MBEDTLS_TIMING_C) + idle( &client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ ); +#else + idle( &client_fd, MBEDTLS_ERR_SSL_WANT_READ ); +#endif + } + ret = mbedtls_ssl_read( &ssl, buf, len ); + /* Note that even if `mbedtls_ssl_check_pending` returns true, + * it can happen that the subsequent call to `mbedtls_ssl_read` + * returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages + * might be discarded (e.g. because they are retransmissions). */ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) break; - - /* For event-driven IO, wait for socket to become available */ - if( opt.event == 1 /* level triggered IO */ ) - { -#if defined(MBEDTLS_TIMING_C) - idle( &client_fd, &timer, ret ); -#else - idle( &client_fd, ret ); -#endif - } } if( ret <= 0 ) From bc6c1101399a31058cf93b3f31be65a8d11e4bb2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 11:39:40 +0000 Subject: [PATCH 0798/1059] Add test to ssl-opt.sh demonstrating the need for ssl_check_pending --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4c6512142f..4afc527a1d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2568,6 +2568,19 @@ run_test "Event-driven I/O, DTLS: session-id resume" \ "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ 0 \ -c "Read from server: .* bytes read" + +# This test demonstrates the need for the mbedtls_ssl_check_pending function. +# During session resumption, the client will send its ApplicationData record +# within the same datagram as the Finished messages. In this situation, the +# server MUST NOT idle on the underlying transport after handshake completion, +# because the ApplicationData request has already been queued internally. +run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ + -p "$P_PXY pack=10" \ + "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ + "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ + 0 \ + -c "Read from server: .* bytes read" + # Tests for version negotiation run_test "Version check: all -> 1.2" \ From ccbd8a4bbbb8b44c4eb241e8ad474e4c8fbf97ca Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 13 Mar 2018 07:52:09 -0400 Subject: [PATCH 0799/1059] Add a missing bracket in ifdef for __cplusplus --- include/mbedtls/rsa_internal.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index bcb3c9401d..12e0f6b486 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -213,4 +213,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *DP, const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); +#ifdef __cplusplus +} +#endif + #endif /* rsa_internal.h */ From 1ba8a3fc55575cae21c39971c325e7f124e7f234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 13 Mar 2018 13:27:14 +0100 Subject: [PATCH 0800/1059] Yet another dependency issue (PKCS1_V15) Found by running: CC=clang cmake -D CMAKE_BUILD_TYPE="Check" tests/scripts/depend-pkalgs.pl (Also tested with same command but CC=gcc) Another PR will address improving all.sh and/or the depend-xxx.pl scripts themselves to catch this kind of thing. --- library/rsa.c | 2 ++ tests/suites/test_suite_rsa.function | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 6526978e26..7075f131f8 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -75,6 +75,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } +#if defined(MBEDTLS_PKCS1_V15) /* constant-time buffer comparison */ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) { @@ -88,6 +89,7 @@ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) return( diff ); } +#endif /* MBEDTLS_PKCS1_V15 */ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 953c6338f9..fd632dad6a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -122,7 +122,6 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, char *input_N, int radix_E, char *input_E, char *result_hex_str ) { - int res; unsigned char message_str[1000]; unsigned char hash_result[1000]; unsigned char output[1000]; @@ -167,6 +166,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) { + int res; memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); @@ -203,7 +203,6 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, char *input_N, int radix_E, char *input_E, char *result_hex_str, int correct ) { - int res; unsigned char message_str[1000]; unsigned char hash_result[1000]; unsigned char result_str[1000]; @@ -240,6 +239,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) { + int res; int ok; size_t olen; From b6f880b63bc6afd192bd280fc178484b77cf710b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 13 Mar 2018 12:48:37 +0000 Subject: [PATCH 0801/1059] Revert whitespace change to ease merging --- programs/ssl/ssl_client2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 289920cbdd..3d03269e64 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -661,8 +661,7 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "request_size" ) == 0 ) { opt.request_size = atoi( q ); - if( opt.request_size < 0 || - opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) goto usage; } else if( strcmp( p, "ca_file" ) == 0 ) From fd3e4fbae75049810379e0845580402502629d68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 13 Mar 2018 11:53:30 +0100 Subject: [PATCH 0802/1059] x509: CRL: reject unsupported critical extensions --- ChangeLog | 2 + library/x509_crl.c | 57 ++++++++++++++++++++++++-- tests/data_files/Makefile | 3 ++ tests/data_files/crl-idp.pem | 12 ++++++ tests/data_files/test-ca.opensslconf | 9 ++++ tests/suites/test_suite_x509parse.data | 4 ++ 6 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 tests/data_files/crl-idp.pem diff --git a/ChangeLog b/ChangeLog index cfe27f3eb9..0b3dacd1fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Security implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix CRL parsing to reject CRLs containing unsupported critical + extensions. Found by Falko Strenzke and Evangelos Karatsiolis. Features * Extend PKCS#8 interface by introducing support for the entire SHA diff --git a/library/x509_crl.c b/library/x509_crl.c index 0bb7236bd1..b0f39d428b 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -95,17 +95,23 @@ static int x509_crl_get_version( unsigned char **p, } /* - * X.509 CRL v2 extensions (no extensions parsed yet.) + * X.509 CRL v2 extensions + * + * We currently don't parse any extension's content, but we do check that the + * list of extensions is well-formed and abort on critical extensions (that + * are unsupported as we don't support any extension so far) */ static int x509_get_crl_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext ) { int ret; - size_t len = 0; - /* Get explicit tag */ - if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 ) + /* + * crlExtensions [0] EXPLICIT Extensions OPTIONAL + * -- if present, version MUST be v2 + */ + if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 ) { if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) return( 0 ); @@ -115,11 +121,54 @@ static int x509_get_crl_ext( unsigned char **p, while( *p < end ) { + /* + * Extension ::= SEQUENCE { + * extnID OBJECT IDENTIFIER, + * critical BOOLEAN DEFAULT FALSE, + * extnValue OCTET STRING } + */ + int is_critical = 0; + const unsigned char *end_ext_data; + size_t len; + + /* Get enclosing sequence tag */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + end_ext_data = *p + len; + + /* Get OID (currently ignored) */ + if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, + MBEDTLS_ASN1_OID ) ) != 0 ) + { + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + } *p += len; + + /* Get optional critical */ + if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, + &is_critical ) ) != 0 && + ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) + { + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + } + + /* Data should be octet string type */ + if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, + MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + /* Ignore data so far and just check its length */ + *p += len; + if( *p != end_ext_data ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + /* Abort on (unsupported) critical extensions */ + if( is_critical ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); } if( *p != end ) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 0380633df1..46d134f951 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -46,6 +46,9 @@ test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@ all_final += test-ca-sha256.crt +crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) + $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ + cli_crt_key_file_rsa = cli-rsa.key cli_crt_extensions_file = cli.opensslconf diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/crl-idp.pem new file mode 100644 index 0000000000..a229e7d6d9 --- /dev/null +++ b/tests/data_files/crl-idp.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBszCBnAIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE +ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDA3 +MzE0OFoXDTI4MDMxNDA3MzE0OFqgLTArMCkGA1UdHAEB/wQfMB2gG6AZhhdodHRw +Oi8vcGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEAs/vp1Ybq9Lj/ +YM+O2uBqhRNdt494GYSYcZcltbQDwLgDwsFQ9S+q5zBtanhxiF3C6dyDoWS6xyY3 +dkdO9kK2YAQLNaFBCsKRrI9vGKuF5/1uIr0a8cQcqVzyRI9uK0KgGEk9/APGtqob +nj/nt2ryGC+yEh20FmvwFn1vN5xaWK3uUIJCNDTZe+KQn150iAU/mWZG2xDdSXgm +JtpTrY6toBgTwDGyus2wIDvAF6rBc1lRoR0BPuTR1fcUPMvr8jceZqG+xuH+vmkU +j1B4Tu+K27ZmZMlhltfgwLzcgH9Ee1TgWPN2QqMzeZW/vNMyIIvWAWk2cFyCJj6r +16/9upL64w== +-----END X509 CRL----- diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index 12835dfa54..6ca6613303 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -11,3 +11,12 @@ commonName = PolarSSL Test CA subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true + +[test_ca] +database = /dev/null + +[crl_ext_idp] +issuingDistributionPoint=critical, @idpdata + +[idpdata] +fullname=URI:http://pki.example.com/ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 73ccead253..71049c751a 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -202,6 +202,10 @@ X509 CRL Malformed Input (trailing spaces at end of file) depends_on:MBEDTLS_PEM_PARSE_C mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT +X509 CRL Unsupported critical extension (issuingDistributionPoint) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + X509 CSR Information RSA with MD4 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" From 00bbf572afc5558026a65ccb1000023bd1ce872d Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:14:13 +0100 Subject: [PATCH 0803/1059] Update change log --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index dfd34bf69a..6e497bc1da 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Security implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause + a crash on invalid input. Features * Extend PKCS#8 interface by introducing support for the entire SHA @@ -44,6 +46,8 @@ Bugfix Nick Wilson on issue #355 * In test_suite_pk, pass valid parameters when testing for hash length overflow. #1179 + * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange() + that could cause a key exchange to fail on valid data. Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 7fa1ae70c85e847fcd5e434b1417c8dc4cc62c72 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 13 Mar 2018 17:17:38 +0100 Subject: [PATCH 0804/1059] Add Changelog entry --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index dfd34bf69a..585c81a1e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Security implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a + crash on invalid input. Features * Extend PKCS#8 interface by introducing support for the entire SHA @@ -44,6 +46,8 @@ Bugfix Nick Wilson on issue #355 * In test_suite_pk, pass valid parameters when testing for hash length overflow. #1179 + * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that + could cause a key exchange to fail on valid data. Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 0bdb050b2deffce65f728a7622a388c00a474e82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 14 Mar 2018 11:34:29 +0100 Subject: [PATCH 0805/1059] x509: CRL: add tests for malformed extensions This covers all lines added in the previous commit. Coverage was tested using: make CFLAGS='--coverage -g3 -O0' (cd tests && ./test_suite_x509parse) make lcov firefox Coverage/index.html # then visual check Test data was generated by taking a copy of tests/data_files/crl-idp.pem, encoding it as hex, and then manually changing the values of some bytes to achieve the desired errors, using https://lapo.it/asn1js/ for help in locating the desired bytes. --- tests/suites/test_suite_x509parse.data | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 71049c751a..755c91dd85 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1218,6 +1218,21 @@ x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b060355040 X509 CRL ASN1 (invalid version overflow) x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH + +X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From a63305d134a2223477b4bfc46774518467b687d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 14 Mar 2018 12:23:56 +0100 Subject: [PATCH 0806/1059] x509: CRL: add tests for non-critical extension The 'critical' boolean can be set to false in two ways: - by leaving it implicit (test data generated by openssl) - by explicitly setting it to false (generated by hand) --- tests/data_files/Makefile | 4 ++++ tests/data_files/test-ca.opensslconf | 3 +++ tests/suites/test_suite_x509parse.data | 7 +++++++ 3 files changed, 14 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 46d134f951..59516bab86 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -48,6 +48,10 @@ all_final += test-ca-sha256.crt crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ +all_final += crl-idp.pem +crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) + $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ +all_final += crl-idpnc.pem cli_crt_key_file_rsa = cli-rsa.key cli_crt_extensions_file = cli.opensslconf diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index 6ca6613303..571d96ee4e 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -18,5 +18,8 @@ database = /dev/null [crl_ext_idp] issuingDistributionPoint=critical, @idpdata +[crl_ext_idp_nc] +issuingDistributionPoint=@idpdata + [idpdata] fullname=URI:http://pki.example.com/ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 755c91dd85..57d2448b65 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -206,6 +206,10 @@ X509 CRL Unsupported critical extension (issuingDistributionPoint) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +X509 CRL Unsupported non-critical extension (issuingDistributionPoint) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 + X509 CSR Information RSA with MD4 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" @@ -1233,6 +1237,9 @@ x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060 X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) +x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From 47a98d4e2c198e68538192ab72cbd0a2850dbb54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 14 Mar 2018 14:08:57 +0100 Subject: [PATCH 0807/1059] fixup previous commit: add forgotten file --- tests/data_files/crl-idpnc.pem | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 tests/data_files/crl-idpnc.pem diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/crl-idpnc.pem new file mode 100644 index 0000000000..0ebe480ee6 --- /dev/null +++ b/tests/data_files/crl-idpnc.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBsDCBmQIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE +ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDEx +MTQzNloXDTI4MDMxNDExMTQzNlqgKjAoMCYGA1UdHAQfMB2gG6AZhhdodHRwOi8v +cGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEACsszsNwAMkmUrbti +H1wpWN3LIb32MTZkBWZeFWWQ1MyzSFslgnOcu6tesJuTQJVJMGCSXZv7jkVHeeiK +x+BAoHCrR2aRVPbmiaP43Qp/dFOOfHVMM/VVWmuEYuCQaCAeVLQgGbgAYHE9aHQN +vBg8m7NJ95av2svLHMFIhirZlKWsAXM+aCyzoudEIhrP4Ppwt01SCtDl5gyg1Gkd +B3wuOckjTk0xwXdlOSMH9o0SD2fkc41AFDqOZTK2NTQzNChDNFbKXl8sr9SavJCm +k72l7wNJs6UOEhQMygyXEvqp8JbIi9JI+3TD4z4wUt0EnPkw0U48grLXFhjwBLWi +cxyjQQ== +-----END X509 CRL----- From 7b6582b63196bd18f5dccdcaebd9a6bd97858aa3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 09:37:27 +0000 Subject: [PATCH 0808/1059] Kill server and proxy via SIGQUIT in ssl-opt.sh SIGKILL interferes with memory checking in valgrind. --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4afc527a1d..8f64e54238 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -449,7 +449,7 @@ run_test() { kill $SRV_PID sleep 0.01 if kill -0 $SRV_PID >/dev/null 2>&1; then - kill -KILL $SRV_PID + kill -3 $SRV_PID wait $SRV_PID fi @@ -457,7 +457,7 @@ run_test() { kill $PXY_PID >/dev/null 2>&1 sleep 0.01 if kill -0 $PXY_PID >/dev/null 2>&1; then - kill -KILL $PXY_PID + kill -3 $PXY_PID wait $PXY_PID fi fi From 8d83218b702e78e1b403a8a3c2bb0abd9bd2a51a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 10:14:19 +0000 Subject: [PATCH 0809/1059] Increase UDP record packing time in ssl-opt.sh The UDP tests involving the merging of multiple records into single datagrams accumulate records for 10ms, which can be less than the total flight preparation time if e.g. the tests are being run with valgrind. This commit increases the packing time for the relevant tests from 10ms to 50ms. --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8f64e54238..a1155e8d0a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2575,7 +2575,7 @@ run_test "Event-driven I/O, DTLS: session-id resume" \ # server MUST NOT idle on the underlying transport after handshake completion, # because the ApplicationData request has already been queued internally. run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ - -p "$P_PXY pack=10" \ + -p "$P_PXY pack=50" \ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \ 0 \ @@ -3832,7 +3832,7 @@ run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ -c "HTTP/1.0 200 OK" run_test "DTLS proxy: multiple records in same datagram" \ - -p "$P_PXY pack=10" \ + -p "$P_PXY pack=50" \ "$P_SRV dtls=1 debug_level=2" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ @@ -3840,7 +3840,7 @@ run_test "DTLS proxy: multiple records in same datagram" \ -s "next record in same datagram" run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ - -p "$P_PXY pack=10 duplicate=1" \ + -p "$P_PXY pack=50 duplicate=1" \ "$P_SRV dtls=1 debug_level=2" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ From adfa64f0c4d99db9cf08ad927843c564209e8506 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 11:35:07 +0000 Subject: [PATCH 0810/1059] Abort idle-loop in ssl_server2 if sockets gets invalid Previously, the idling loop in ssl_server2 didn't check whether the underlying call to mbedtls_net_poll signalled that the socket became invalid. This had the consequence that during idling, the server couldn't be terminated through a SIGTERM, as the corresponding handler would only close the sockets and expect the remainder of the program to shutdown gracefully as a consequence of this. This was subsequently attempted to be fixed through a change in ssl-opt.sh by terminating the server through a KILL signal, which however lead to other problems when the latter was run under valgrind. This commit changes the idling loop in ssl_server2 and ssl_client2 to obey the return code of mbedtls_net_poll and gracefully shutdown if an error occurs, e.g. because the socket was closed. As a consequence, the server termination via a KILL signal in ssl-opt.sh is no longer necessary, with the previous `kill; wait` pattern being sufficient. The commit reverts the corresponding change. --- programs/ssl/ssl_client2.c | 22 +++++++++++++++------- programs/ssl/ssl_server2.c | 22 +++++++++++++++------- tests/ssl-opt.sh | 12 ++---------- 3 files changed, 32 insertions(+), 24 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 3d03269e64..023c0c5d12 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -444,16 +444,17 @@ static int ssl_sig_hashes_for_test[] = { * (Used in event-driven IO mode). */ #if !defined(MBEDTLS_TIMING_C) -void idle( mbedtls_net_context *fd, +int idle( mbedtls_net_context *fd, int idle_reason ) { #else -void idle( mbedtls_net_context *fd, +int idle( mbedtls_net_context *fd, mbedtls_timing_delay_context *timer, int idle_reason ) { #endif + int ret; int poll_type = 0; if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) @@ -477,12 +478,17 @@ void idle( mbedtls_net_context *fd, #endif /* MBEDTLS_TIMING_C */ /* Check if underlying transport became available */ - if( poll_type != 0 && - mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) + if( poll_type != 0 ) { - break; + ret = mbedtls_net_poll( fd, poll_type, 0 ); + if( ret < 0 ) + return( ret ); + if( ret == poll_type ) + break; } } + + return( 0 ); } int main( int argc, char *argv[] ) @@ -1506,10 +1512,12 @@ int main( int argc, char *argv[] ) if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &server_fd, &timer, ret ); + ret = idle( &server_fd, &timer, ret ); #else - idle( &server_fd, ret ); + ret = idle( &server_fd, ret ); #endif + if( ret != 0 ) + goto exit; } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 74a1142719..e296339720 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -846,16 +846,17 @@ static int ssl_sig_hashes_for_test[] = { * (Used in event-driven IO mode). */ #if !defined(MBEDTLS_TIMING_C) -void idle( mbedtls_net_context *fd, +int idle( mbedtls_net_context *fd, int idle_reason ) { #else -void idle( mbedtls_net_context *fd, +int idle( mbedtls_net_context *fd, mbedtls_timing_delay_context *timer, int idle_reason ) { #endif + int ret; int poll_type = 0; if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) @@ -879,12 +880,17 @@ void idle( mbedtls_net_context *fd, #endif /* MBEDTLS_TIMING_C */ /* Check if underlying transport became available */ - if( poll_type != 0 && - mbedtls_net_poll( fd, poll_type, 0 ) == poll_type ) + if( poll_type != 0 ) { - break; + ret = mbedtls_net_poll( fd, poll_type, 0 ); + if( ret < 0 ) + return( ret ); + if( ret == poll_type ) + break; } } + + return( 0 ); } int main( int argc, char *argv[] ) @@ -2205,10 +2211,12 @@ handshake: if( opt.event == 1 /* level triggered IO */ ) { #if defined(MBEDTLS_TIMING_C) - idle( &client_fd, &timer, ret ); + ret = idle( &client_fd, &timer, ret ); #else - idle( &client_fd, ret ); + ret = idle( &client_fd, ret ); #endif + if( ret != 0 ) + goto reset; } } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a1155e8d0a..1682a8476f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -447,19 +447,11 @@ run_test() { # terminate the server (and the proxy) kill $SRV_PID - sleep 0.01 - if kill -0 $SRV_PID >/dev/null 2>&1; then - kill -3 $SRV_PID - wait $SRV_PID - fi + wait $SRV_PID if [ -n "$PXY_CMD" ]; then kill $PXY_PID >/dev/null 2>&1 - sleep 0.01 - if kill -0 $PXY_PID >/dev/null 2>&1; then - kill -3 $PXY_PID - wait $PXY_PID - fi + wait $PXY_PID fi # retry only on timeouts From 9ac640326b5ec7bf1140cc542a91b61d10ba2d51 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 12:19:31 +0000 Subject: [PATCH 0811/1059] Don't exit mbedtls_net_poll on interruption of select If the select UNIX system call is interrupted by a signal handler, it is not automatically restarted but returns EINTR. This commit modifies the use of select in mbedtls_net_poll from net_sockets.c to retry the select call in this case. --- library/net_sockets.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 2d1c1082ab..e63e496b9e 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -470,8 +470,11 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) tv.tv_sec = timeout / 1000; tv.tv_usec = ( timeout % 1000 ) * 1000; - ret = select( fd + 1, &read_fds, &write_fds, NULL, - timeout == (uint32_t) -1 ? NULL : &tv ); + do + { + ret = select( fd + 1, &read_fds, &write_fds, NULL, + timeout == (uint32_t) -1 ? NULL : &tv ); + } while( ret == EINTR ); if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); From 9b2b66ebd250e63e51c87d9b75fd67bad4e1e8f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 12:21:15 +0000 Subject: [PATCH 0812/1059] Minor style corrections Move function block brace outside conditional compilation to not confuse some editors, and correct indentation. --- programs/ssl/ssl_client2.c | 9 ++++----- programs/ssl/ssl_server2.c | 10 ++++------ 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 023c0c5d12..232dc6445c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -445,14 +445,13 @@ static int ssl_sig_hashes_for_test[] = { */ #if !defined(MBEDTLS_TIMING_C) int idle( mbedtls_net_context *fd, - int idle_reason ) -{ + int idle_reason ) #else int idle( mbedtls_net_context *fd, - mbedtls_timing_delay_context *timer, - int idle_reason ) -{ + mbedtls_timing_delay_context *timer, + int idle_reason ) #endif +{ int ret; int poll_type = 0; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e296339720..3a6b9dcf14 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -847,15 +847,13 @@ static int ssl_sig_hashes_for_test[] = { */ #if !defined(MBEDTLS_TIMING_C) int idle( mbedtls_net_context *fd, - int idle_reason ) -{ + int idle_reason ) #else int idle( mbedtls_net_context *fd, - mbedtls_timing_delay_context *timer, - int idle_reason ) -{ + mbedtls_timing_delay_context *timer, + int idle_reason ) #endif - +{ int ret; int poll_type = 0; From a6f430f5778c606b15e16dc5843d5519c78a3ae3 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 15 Mar 2018 10:12:06 +0000 Subject: [PATCH 0813/1059] Fix current directory check --- scripts/abi_check.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index f9fb7f65d6..98d8be422b 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# This file is part of mbed TLS (https://tls.mbed.org) +# This file is part of Mbed TLS (https://tls.mbed.org) # # Copyright (c) 2018, Arm Limited, All Rights Reserved # @@ -42,7 +42,9 @@ class AbiChecker(object): self.make_command = "make" def check_repo_path(self): - if not __file__ == os.path.join(".", "scripts", "abi_check.py"): + current_dir = os.path.realpath('.') + root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) + if current_dir != root_dir: raise Exception("Must be run from Mbed TLS root") def setup_logger(self): @@ -230,8 +232,8 @@ def run_main(): ) return_code = abi_check.check_for_abi_changes() sys.exit(return_code) - except Exception as error: - traceback.print_exc(error) + except Exception: + traceback.print_exc() sys.exit(2) From 80e06d77d95329c1a43e7d9dba73e289bdeec1ec Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 14:41:55 +0000 Subject: [PATCH 0814/1059] Use WSAEINTR instead of EINTR on Windows --- library/net_sockets.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index e63e496b9e..96cfa35cdb 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -474,7 +474,13 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) { ret = select( fd + 1, &read_fds, &write_fds, NULL, timeout == (uint32_t) -1 ? NULL : &tv ); - } while( ret == EINTR ); + } +#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ + !defined(EFI32) + while( ret == WSAEINTR ); +#else + while( ret == EINTR ); +#endif if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); From ef52796537c89bfb06d4eb5daecab7d013a57749 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 15 Mar 2018 15:49:24 +0000 Subject: [PATCH 0815/1059] Fix missing return statement ssl_server2 idling Also, introduce MBEDTLS_EINTR locally in net_sockets.c for the platform-dependent return code macro used by the `select` call to indicate that the poll was interrupted by a signal handler: On Unix, the corresponding macro is EINTR, while on Windows, it's WSAEINTR. --- library/net_sockets.c | 11 +++++------ programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 96cfa35cdb..10b5456be6 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -45,6 +45,8 @@ #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) +#define MBEDTLS_EINTR WSAEINTR + #ifdef _WIN32_WINNT #undef _WIN32_WINNT #endif @@ -82,6 +84,8 @@ static int wsa_init_done = 0; #include #include +#define MBEDTLS_EINTR EINTR + #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* Some MS functions want int and MSVC warns if we pass size_t, @@ -475,12 +479,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) ret = select( fd + 1, &read_fds, &write_fds, NULL, timeout == (uint32_t) -1 ? NULL : &tv ); } -#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ - !defined(EFI32) - while( ret == WSAEINTR ); -#else - while( ret == EINTR ); -#endif + while( ret == MBEDTLS_EINTR ); if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 232dc6445c..58f12c9862 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -462,7 +462,7 @@ int idle( mbedtls_net_context *fd, poll_type = MBEDTLS_NET_POLL_READ; #if !defined(MBEDTLS_TIMING_C) else - return; + return( 0 ); #endif while( 1 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3a6b9dcf14..ed38a321b8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -863,7 +863,7 @@ int idle( mbedtls_net_context *fd, poll_type = MBEDTLS_NET_POLL_READ; #if !defined(MBEDTLS_TIMING_C) else - return; + return( 0 ); #endif while( 1 ) From a4cbfa3ea2a0b19b77a0639630fa99fac22b3793 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 16 Mar 2018 15:42:54 +0000 Subject: [PATCH 0816/1059] Add clarity to use of the rsa_internal.h interface Added additional clarification to the use of the rsa_internal.h interface and as and when it can be used by whom. Policy hasn't changed, but it needed to be clearer who can and can't use it and it's level of support. --- include/mbedtls/rsa_internal.h | 56 +++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index bcb3c9401d..2e2efa3712 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -2,6 +2,37 @@ * \file rsa_internal.h * * \brief Context-independent RSA helper functions + * + * This module declares some RSA-related helper functions useful when + * implementing the RSA interface. These functions are provided in a separate + * compilation unit in order to make it easy for designers of alternative RSA + * implementations to use them in their own code, as it is conceived that the + * functionality they provide will be necessary for most complete + * implementations. + * + * End-users of Mbed TLS who are not providing their own alternative RSA + * implementations should not use these functions directly, and should instead + * use only the functions declared in rsa.h. + * + * The interface provided by this module will be maintained through LTS (Long + * Term Support) branches of Mbed TLS, but may otherwise be subject to change, + * and must be considered an internal interface of the library. + * + * There are two classes of helper functions: + * + * (1) Parameter-generating helpers. These are: + * - mbedtls_rsa_deduce_primes + * - mbedtls_rsa_deduce_private_exponent + * - mbedtls_rsa_deduce_crt + * Each of these functions takes a set of core RSA parameters and + * generates some other, or CRT related parameters. + * + * (2) Parameter-checking helpers. These are: + * - mbedtls_rsa_validate_params + * - mbedtls_rsa_validate_crt + * They take a set of core or CRT related RSA parameters and check their + * validity. + * */ /* * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved @@ -21,31 +52,6 @@ * * This file is part of mbed TLS (https://tls.mbed.org) * - * - * This file declares some RSA-related helper functions useful when - * implementing the RSA interface. They are public and provided in a - * separate compilation unit in order to make it easy for designers of - * alternative RSA implementations to use them in their code, as it is - * conceived that the functionality they provide will be necessary - * for most complete implementations. - * - * End-users of Mbed TLS not intending to re-implement the RSA functionality - * are not expected to get into the need of making use of these functions directly, - * but instead should be able to use the functions declared in rsa.h. - * - * There are two classes of helper functions: - * (1) Parameter-generating helpers. These are: - * - mbedtls_rsa_deduce_primes - * - mbedtls_rsa_deduce_private_exponent - * - mbedtls_rsa_deduce_crt - * Each of these functions takes a set of core RSA parameters - * and generates some other, or CRT related parameters. - * (2) Parameter-checking helpers. These are: - * - mbedtls_rsa_validate_params - * - mbedtls_rsa_validate_crt - * They take a set of core or CRT related RSA parameters - * and check their validity. - * */ #ifndef MBEDTLS_RSA_INTERNAL_H From 8be0e6db41b4a085e90cb03983f99d3a5158d450 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 16 Mar 2018 16:25:12 +0000 Subject: [PATCH 0817/1059] Update version to 2.8.0 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 882dbb5771..e0b016dfb5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.7.x branch released 2018-xx-xx += mbed TLS 2.8.0 branch released 2018-03-16 Default behavior changes * The truncated HMAC extension now conforms to RFC 6066. This means diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 641d5c4fb3..7952cbcbdb 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.7.0 source code documentation + * @mainpage mbed TLS v2.8.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index cbe0db4f2c..3592af2dae 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.7.0" +PROJECT_NAME = "mbed TLS v2.8.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 961be59c35..c3ee649f5c 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 7 +#define MBEDTLS_VERSION_MINOR 8 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02070000 -#define MBEDTLS_VERSION_STRING "2.7.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0" +#define MBEDTLS_VERSION_NUMBER 0x02080000 +#define MBEDTLS_VERSION_STRING "2.8.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 02ccea8bc9..7742c22d25 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -141,15 +141,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.0 SOVERSION 1) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.8.0 SOVERSION 1) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.7.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.8.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.7.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.8.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 1aa4ffa754..79cc751ec9 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.7.0" +check_compiletime_version:"2.8.0" Check runtime library version -check_runtime_version:"2.7.0" +check_runtime_version:"2.8.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From c9f4d6d44899a26f001c28b93e86cf7d6452e693 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 19 Mar 2018 09:23:13 +0000 Subject: [PATCH 0818/1059] Correct error.c --- library/error.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/error.c b/library/error.c index c426424677..63cabb1f91 100644 --- a/library/error.c +++ b/library/error.c @@ -440,7 +440,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) ) mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) ) - mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signalling that further message-processing should be done" ); + mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) From ea7dbbe0de008c1844f8f48fde08542e6a222fcc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Mar 2018 23:25:21 +0100 Subject: [PATCH 0819/1059] Replace MBEDTLS_EINTR by IS_EINTR check-names.sh reserves the prefix MBEDTLS_ for macros defined in config.h so this name (or check-names.sh) had to change. This is also more flexible because it allows for platforms that don't have an EINTR equivalent or have multiple such values. --- library/net_sockets.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 10b5456be6..6ce9eee7b5 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -45,7 +45,7 @@ #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ !defined(EFI32) -#define MBEDTLS_EINTR WSAEINTR +#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR ) #ifdef _WIN32_WINNT #undef _WIN32_WINNT @@ -84,7 +84,7 @@ static int wsa_init_done = 0; #include #include -#define MBEDTLS_EINTR EINTR +#define IS_EINTR( ret ) ( ( ret ) == EINTR ) #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ @@ -479,7 +479,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) ret = select( fd + 1, &read_fds, &write_fds, NULL, timeout == (uint32_t) -1 ? NULL : &tv ); } - while( ret == MBEDTLS_EINTR ); + while( IS_EINTR( ret ) ); if( ret < 0 ) return( MBEDTLS_ERR_NET_POLL_FAILED ); From bc145f797843a75756bfe0a0328d249e0a769cb5 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 20 Mar 2018 11:19:50 +0100 Subject: [PATCH 0820/1059] Correct buffer size check Further in the code the next field from the binary buffer is read. The check contained an off by one error. --- library/ssl_cli.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5367fdd0ac..c96c812e40 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2662,7 +2662,17 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; n = cert_type_len; - if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) + /* + * In the subsequent code there are two paths that make read from buf: + * * the length of the signature algorithms field (if minor version of + * SSL is 3), + * * distinguished name length otherwise. + * Both reach at most the index: + * ...hdr_len + 2 + n, + * therefore the buffer length at this point must be greater than that + * regardless of the actual code path. + */ + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, From bc231cc9b0cecf9723e9e12a6de2cc78f847e1b6 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 20 Mar 2018 14:09:53 +0100 Subject: [PATCH 0821/1059] Add a missing buffer size check --- library/ssl_cli.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c96c812e40..e4b2c993f0 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2687,9 +2687,32 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); #if defined(MBEDTLS_DEBUG_C) - unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; + unsigned char* sig_alg; size_t i; +#endif + /* + * The farthes access in buf is in the loop few lines below: + * sig_alg[i + 1], + * where: + * sig_alg = buf + ...hdr_len + 3 + n, + * max(i) = sig_alg_len - 1. + * Therefore the farthest access is: + * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1], + * which reduces to: + * buf[...hdr_len + 3 + n + sig_alg_len], + * which is one less than we need the buf to be. + */ + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + } + +#if defined(MBEDTLS_DEBUG_C) + sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; for( i = 0; i < sig_alg_len; i += 2 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d" From c0b13f7f0c845b1ef348dd82e0f5790e6c07ebc9 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Tue, 20 Mar 2018 14:10:15 +0100 Subject: [PATCH 0822/1059] Update change log --- ChangeLog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index cfe27f3eb9..d2e9842d63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,12 @@ Security implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + * Fix buffer length assertion in the ssl_parse_certificate_request() + function which leads to an arbitrary overread of the message buffer. The + overreads could occur upon receiving a message malformed at the point + where an optional signature algorithms list is expected in the cases of + the signature algorithms section being too short. In the debug builds + the overread data is printed to the standard output. Features * Extend PKCS#8 interface by introducing support for the entire SHA @@ -47,6 +53,9 @@ Bugfix * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found by Guido Vranken. #639 * Log correct number of ciphersuites used in Client Hello message. #918 + * Fix buffer length assertions in the ssl_parse_certificate_request() + function which leads to a potential one byte overread of the message + buffer. Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 262329603d3527d732dab76a68ed759e9aeeb3a0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 08:35:07 +0100 Subject: [PATCH 0823/1059] all.sh: with --no-armcc, don't call armcc from output_env.sh When not running armcc, don't try to invoke armcc at all, not even to report its version. --- scripts/output_env.sh | 14 ++++++++------ tests/scripts/all.sh | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 1afaac33e4..e9ad8c5d7a 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -47,13 +47,15 @@ print_version() print_version "uname" "-a" "" echo -: ${ARMC5_CC:=armcc} -print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2" -echo +if [ "${RUN_ARMCC:-1}" -ne 0 ]; then + : "${ARMC5_CC:=armcc}" + print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2" + echo -: ${ARMC6_CC:=armclang} -print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2" -echo + : "${ARMC6_CC:=armclang}" + print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2" + echo +fi print_version "arm-none-eabi-gcc" "--version" "gcc-arm not found!" "head -n 1" echo diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 67b22cdbd7..1f8877609e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,7 +447,7 @@ msg "info: output_env.sh" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ - ARMC6_CC="$ARMC6_CC" scripts/output_env.sh + ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh msg "test: recursion.pl" # < 1s tests/scripts/recursion.pl library/*.c From 8a244c90a8b2fe9f34a53593115765b306f4691e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 08:39:32 +0100 Subject: [PATCH 0824/1059] all.sh: option parsing: reduce vertical spread Only whitespace changes. --- tests/scripts/all.sh | 87 ++++++++++---------------------------------- 1 file changed, 19 insertions(+), 68 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f8877609e..ffef9ed3cb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -214,74 +214,25 @@ check_tools() while [ $# -gt 0 ]; do case "$1" in - --armcc) - RUN_ARMCC=1 - ;; - --armc5-bin-dir) - shift - ARMC5_BIN_DIR="$1" - ;; - --armc6-bin-dir) - shift - ARMC6_BIN_DIR="$1" - ;; - --force|-f) - FORCE=1 - ;; - --gnutls-cli) - shift - GNUTLS_CLI="$1" - ;; - --gnutls-legacy-cli) - shift - GNUTLS_LEGACY_CLI="$1" - ;; - --gnutls-legacy-serv) - shift - GNUTLS_LEGACY_SERV="$1" - ;; - --gnutls-serv) - shift - GNUTLS_SERV="$1" - ;; - --help|-h) - usage - exit - ;; - --keep-going|-k) - KEEP_GOING=1 - ;; - --memory|-m) - MEMORY=1 - ;; - --no-armcc) - RUN_ARMCC=0 - ;; - --no-yotta) - YOTTA=0 - ;; - --openssl) - shift - OPENSSL="$1" - ;; - --openssl-legacy) - shift - OPENSSL_LEGACY="$1" - ;; - --out-of-source-dir) - shift - OUT_OF_SOURCE_DIR="$1" - ;; - --release-test|-r) - RELEASE=1 - ;; - --seed|-s) - shift - SEED="$1" - ;; - --yotta) - YOTTA=1 - ;; + --armcc) RUN_ARMCC=1;; + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + --force|-f) FORCE=1;; + --gnutls-cli) shift; GNUTLS_CLI="$1";; + --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; + --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; + --gnutls-serv) shift; GNUTLS_SERV="$1";; + --help|-h) usage; exit;; + --keep-going|-k) KEEP_GOING=1;; + --memory|-m) MEMORY=1;; + --no-armcc) RUN_ARMCC=0;; + --no-yotta) YOTTA=0;; + --openssl) shift; OPENSSL="$1";; + --openssl-legacy) shift; OPENSSL_LEGACY="$1";; + --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --release-test|-r) RELEASE=1;; + --seed|-s) shift; SEED="$1";; + --yotta) YOTTA=1;; *) echo >&2 "Unknown option: $1" echo >&2 "Run $0 --help for usage." From 38d816586523b2258cb4d4c783a29d339efdf437 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 08:40:26 +0100 Subject: [PATCH 0825/1059] all.sh: add opposites to all boolean options All options can now be overridden by a subsequent option, e.g. "all.sh --foo --no-foo" is equivalent to "all.sh --no-foo". This allows making wrapper scripts with default options and occasionally overriding those options when running the wrapper script. --- tests/scripts/all.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ffef9ed3cb..557c7bfcfc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -94,7 +94,6 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 KEEP_GOING=0 -RELEASE=0 RUN_ARMCC=1 YOTTA=1 @@ -126,8 +125,12 @@ General options: -m|--memory Additional optional memory tests. --armcc Run ARM Compiler builds (on by default). --no-armcc Skip ARM Compiler builds. + --no-force Refuse to overwrite modified files (default). + --no-keep-going Stop at the first error (default). + --no-memory No additional memory tests (default). --no-yotta Skip yotta module build. --out-of-source-dir= Directory used for CMake out-of-source build tests. + --random-seed Use a random seed value for randomized tests (default). -r|--release-test Run this script in release mode. This fixes the seed value to 1. -s|--seed Integer seed value to use for this test run. --yotta Build yotta module (on by default). @@ -226,11 +229,15 @@ while [ $# -gt 0 ]; do --keep-going|-k) KEEP_GOING=1;; --memory|-m) MEMORY=1;; --no-armcc) RUN_ARMCC=0;; + --no-force) FORCE=0;; + --no-keep-going) KEEP_GOING=0;; + --no-memory) MEMORY=0;; --no-yotta) YOTTA=0;; --openssl) shift; OPENSSL="$1";; --openssl-legacy) shift; OPENSSL_LEGACY="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; - --release-test|-r) RELEASE=1;; + --random-seed) unset SEED;; + --release-test|-r) SEED=1;; --seed|-s) shift; SEED="$1";; --yotta) YOTTA=1;; *) @@ -337,11 +344,6 @@ if_build_succeeded () { fi } -if [ $RELEASE -eq 1 ]; then - # Fix the seed value to 1 to ensure that the tests are deterministic. - SEED=1 -fi - msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" @@ -367,7 +369,9 @@ export GNUTLS_CLI="$GNUTLS_CLI" export GNUTLS_SERV="$GNUTLS_SERV" # Avoid passing --seed flag in every call to ssl-opt.sh -[ ! -z ${SEED+set} ] && export SEED +if [ -n "${SEED-}" ]; then + export SEED +fi # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ From 5ff2ee51e9d9a2be2294b447021a0d2ef0f0fc1d Mon Sep 17 00:00:00 2001 From: Mitsuhiro Nakamura Date: Tue, 20 Feb 2018 11:58:19 +0900 Subject: [PATCH 0826/1059] Fix dylib linking --- library/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/Makefile b/library/Makefile index 65a102f3a1..39b5267a2c 100644 --- a/library/Makefile +++ b/library/Makefile @@ -103,9 +103,9 @@ libmbedtls.so: libmbedtls.$(SOEXT_TLS) echo " LN $@ -> $<" ln -sf $< $@ -libmbedtls.dylib: $(OBJS_TLS) +libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib echo " LD $@" - $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS) + $(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS) libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll echo " LD $@" @@ -126,9 +126,9 @@ libmbedx509.so: libmbedx509.$(SOEXT_X509) echo " LN $@ -> $<" ln -sf $< $@ -libmbedx509.dylib: $(OBJS_X509) +libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib echo " LD $@" - $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) + $(CC) -dynamiclib -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509) libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll echo " LD $@" From 8e0e16032d6dc4f0ff8f72a0a3f2eb6e1153710c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 21 Mar 2018 11:15:08 +0000 Subject: [PATCH 0827/1059] Add ChangeLog entry for dylib builds using Makefile --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db0215914..a9e3c32034 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix dynamic library building process with Makefile on Mac OS X. Fixed by + mnacamura. + = mbed TLS 2.7.0 branch released 2018-02-03 Security From 84052570355bb5608248f162b622068b7b9eaa7c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 12:12:47 +0100 Subject: [PATCH 0828/1059] Support out-of-tree testing with CMake Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh and compat.sh) works in out-of-tree builds. --- CMakeLists.txt | 30 ++++++++++++++++++++++++++++++ include/CMakeLists.txt | 6 ++++++ tests/CMakeLists.txt | 27 ++++++--------------------- 3 files changed, 42 insertions(+), 21 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ca4cba2165..df03dd6073 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -56,6 +56,30 @@ set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" FORCE) +# Create a symbolic link from ${base_name} in the binary directory +# to the corresponding path in the source directory. +function(link_to_source base_name) + # Get OS dependent path to use in `execute_process` + file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${base_name}" link) + file(TO_NATIVE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}" target) + + if (NOT EXISTS ${link}) + if (CMAKE_HOST_UNIX) + set(command ln -s ${target} ${link}) + else() + set(command cmd.exe /c mklink /j ${link} ${target}) + endif() + + execute_process(COMMAND ${command} + RESULT_VARIABLE result + ERROR_VARIABLE output) + + if (NOT ${result} EQUAL 0) + message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}") + endif() + endif() +endfunction(link_to_source) + string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") if(CMAKE_COMPILER_IS_GNUCC) @@ -164,3 +188,9 @@ if(ENABLE_TESTING) ) endif(UNIX) endif() + +# Make scripts and data files needed for testing available in an +# out-of-source build. +if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) + link_to_source(scripts) +endif() diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 985a3530b9..3081b2678b 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -9,3 +9,9 @@ if(INSTALL_MBEDTLS_HEADERS) PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endif(INSTALL_MBEDTLS_HEADERS) + +# Make scripts and data files needed for testing available in an +# out-of-source build. +if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) + link_to_source(mbedtls) +endif() diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 16e19a9275..9fd4916bbd 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -105,26 +105,11 @@ add_test_suite(xtea) add_test_suite(x509parse) add_test_suite(x509write) -# Make data_files available in an out-of-source build +# Make scripts and data files needed for testing available in an +# out-of-source build. if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - # Get OS dependent path to use in `execute_process` - file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/data_files" link) - file(TO_NATIVE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/data_files" target) - - if (NOT EXISTS ${link}) - if (CMAKE_HOST_UNIX) - set(command ln -s ${target} ${link}) - else() - set(command cmd.exe /c mklink /j ${link} ${target}) - endif() - - execute_process(COMMAND ${command} - RESULT_VARIABLE result - ERROR_VARIABLE output) - - if (NOT ${result} EQUAL 0) - message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}") - endif() - endif() + link_to_source(compat.sh) + link_to_source(data_files) + link_to_source(scripts) + link_to_source(ssl-opt.sh) endif() - From 31b07e283321b1470c31466d10ca8a8099b73bba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 12:15:06 +0100 Subject: [PATCH 0829/1059] all.sh: be more conservative when cleaning up CMake artefacts Only delete things that we expect to find, to avoid deleting other things that people might have lying around in their build tree. Explicitly skip .git to avoid e.g. accidentally matching a branch name. --- tests/scripts/all.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b559af8e18..7caebd5dc1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -149,7 +149,13 @@ cleanup() { command make clean - find . -name yotta -prune -o -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} \+ + # Remove CMake artefacts + find . -name .git -prune -o -name yotta -prune -o \ + -iname CMakeFiles -exec rm -rf {} \+ -o \ + \( -iname cmake_install.cmake -o \ + -iname CTestTestfile.cmake -o \ + -iname CMakeCache.txt \) -exec rm {} \+ + # Recover files overwritten by in-tree CMake builds rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile From a71d64c74fccffb1affe07cda551f6d073c88a88 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 12:16:57 +0100 Subject: [PATCH 0830/1059] all.sh: fix cleanup happening during an out-of-tree build --- tests/scripts/all.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7caebd5dc1..00dc9ca2ee 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -147,6 +147,10 @@ EOF # remove built files as well as the cmake cache/config cleanup() { + if [ -n "${MBEDTLS_ROOT_DIR+set}" ]; then + cd "$MBEDTLS_ROOT_DIR" + fi + command make clean # Remove CMake artefacts @@ -857,6 +861,7 @@ msg "test: cmake 'out-of-source' build" make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" +unset MBEDTLS_ROOT_DIR From 0114ffc76bc4ff85b665e27cd180bd2e80968a77 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 12:17:20 +0100 Subject: [PATCH 0831/1059] all.sh: Verify out-of-tree testing with CMake Run a test case in ssl-opt.sh to validate that testing works in an out-of-tree CMake build. --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 00dc9ca2ee..cbf4837e6d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -859,6 +859,17 @@ make msg "test: cmake 'out-of-source' build" make test +# Test an SSL option that requires an auxiliary script in test/scripts/. +# Also ensure that there are no error messages such as +# "No such file or directory", which would indicate that some required +# file is missing (ssl-opt.sh tolerates the absence of some files so +# may exit with status 0 but emit errors). +if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err +if [ -s ssl-opt.err ]; then + cat ssl-opt.err >&2 + record_status [ ! -s ssl-opt.err ] + rm ssl-opt.err +fi cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" unset MBEDTLS_ROOT_DIR From 316b162ac34456bb36e7f8cef37bd6a50f191048 Mon Sep 17 00:00:00 2001 From: junyeonLEE Date: Wed, 20 Dec 2017 16:29:30 +0900 Subject: [PATCH 0832/1059] Separate psk and psk_identity buffers free Sometimes, psk_identity buffer can't released because psk buffer is NULL. So, separate it. --- library/ssl_tls.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 236e52d767..036876cb07 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7741,10 +7741,14 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) if( conf->psk != NULL ) { mbedtls_zeroize( conf->psk, conf->psk_len ); - mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); mbedtls_free( conf->psk ); - mbedtls_free( conf->psk_identity ); conf->psk_len = 0; + } + + if( conf->psk_identity != NULL ) + { + mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); + mbedtls_free( conf->psk_identity ); conf->psk_identity_len = 0; } #endif From 27e8a120b2401dbe9d8aec479d7a203cb3143398 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Wed, 21 Mar 2018 14:24:11 +0000 Subject: [PATCH 0833/1059] Assign NULL after freeing psk and psk_identity --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 036876cb07..3802e230e9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7742,6 +7742,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) { mbedtls_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); + conf->psk = NULL; conf->psk_len = 0; } @@ -7749,6 +7750,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) { mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); mbedtls_free( conf->psk_identity ); + conf->psk_identity = NULL; conf->psk_identity_len = 0; } #endif From 1e7059fedd6d397f1ee09f5d0bb53c2148b5d6e0 Mon Sep 17 00:00:00 2001 From: Kevin Luty Date: Wed, 21 Mar 2018 10:01:38 -0500 Subject: [PATCH 0834/1059] Adding requested changes --- programs/pkey/pk_sign.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 5cc190eee9..dc5641805c 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -100,7 +100,7 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { - mbedtls_printf( " failed\n ! Could not open '%s'\n", argv[1] ); + mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] ); goto exit; } @@ -133,6 +133,7 @@ int main( int argc, char *argv[] ) if( ( f = fopen( filename, "wb+" ) ) == NULL ) { + ret = 1; mbedtls_printf( " failed\n ! Could not create %s\n\n", filename ); goto exit; } From 13f7fb372e3a03a13f797489c13a1ec218678ec0 Mon Sep 17 00:00:00 2001 From: Gergely Budai Date: Wed, 23 Aug 2017 14:23:58 +0200 Subject: [PATCH 0835/1059] Do not define and initialize global mutexes on configurations that do not use them. --- include/mbedtls/threading.h | 4 ++++ library/threading.c | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 58e6db2f3a..aeea5d0e1a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -96,8 +96,12 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); /* * Global mutexes */ +#if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/threading.c b/library/threading.c index 07586756f2..f1c37245c7 100644 --- a/library/threading.c +++ b/library/threading.c @@ -111,8 +111,12 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_lock = mutex_lock; mbedtls_mutex_unlock = mutex_unlock; +#if defined(MBEDTLS_FS_IO) mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); +#endif } /* @@ -120,8 +124,12 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * */ void mbedtls_threading_free_alt( void ) { +#if defined(MBEDTLS_FS_IO) mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); +#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -131,7 +139,11 @@ void mbedtls_threading_free_alt( void ) #ifndef MUTEX_INIT #define MUTEX_INIT #endif +#if defined(MBEDTLS_FS_IO) mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; +#endif #endif /* MBEDTLS_THREADING_C */ From 70ad8397259f96f53104929b0c416f6617280b69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 16:28:41 +0100 Subject: [PATCH 0836/1059] Clarify the behavior of bignum resize and copy functions --- include/mbedtls/bignum.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3bf02a7ee1..31383b1eb5 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -204,6 +204,8 @@ void mbedtls_mpi_free( mbedtls_mpi *X ); /** * \brief Enlarge to the specified number of limbs * + * This function does nothing if the MPI is already large enough. + * * \param X MPI to grow * \param nblimbs The target number of limbs * @@ -215,19 +217,23 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); /** * \brief Resize down, keeping at least the specified number of limbs * + * If \c X is smaller than \c nblimbs, it is resized up + * instead. + * * \param X MPI to shrink * \param nblimbs The minimum number of limbs to keep * * \return 0 if successful, * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * (this can only happen when resizing up). */ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); /** * \brief Copy the contents of Y into X * - * \param X Destination MPI - * \param Y Source MPI + * \param X Destination MPI. It is enlarged if necessary. + * \param Y Source MPI. * * \return 0 if successful, * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed From 4e4be7cf623803865d4259f6c3a11414b6565221 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 16:29:03 +0100 Subject: [PATCH 0837/1059] Optimize unnecessary zeorizing in mbedtls_mpi_copy Based on a contribution by Alexey Skalozub (https://github.com/ARMmbed/mbedtls/pull/405). --- ChangeLog | 6 ++++++ library/bignum.c | 12 +++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8db0215914..25f52c8040 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Changes + * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution + by Alexey Skalozub. + = mbed TLS 2.7.0 branch released 2018-02-03 Security diff --git a/library/bignum.c b/library/bignum.c index d27c130bcb..e57e6af179 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -184,7 +184,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) */ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) { - int ret; + int ret = 0; size_t i; if( X == Y ) @@ -203,9 +203,15 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) X->s = Y->s; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) ); + if( X->n < i ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) ); + } + else + { + memset( X->p + i, 0, ( X->n - i ) * ciL ); + } - memset( X->p, 0, X->n * ciL ); memcpy( X->p, Y->p, i * ciL ); cleanup: From d49ab3ee60290b00f952e9d1aca364385c0d6e78 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 17:03:44 +0100 Subject: [PATCH 0838/1059] Add ChangeLog entry. Fixes #1353 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 68fb6f5e96..b88048d217 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,8 @@ Bugfix In the context of SSL, this resulted in handshake failure. Reported by daniel in the Mbed TLS forum. #1351 * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 + * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. + #1353 Changes * Fix tag lengths and value ranges in the documentation of CCM encryption. From 768bbaf0c183f26377d7a06086a494d1fe98c408 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 21 Mar 2018 15:05:12 +0000 Subject: [PATCH 0839/1059] Add ChangeLog entry for redundant mutex initialization optimizations --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index cfe27f3eb9..e90ffd8167 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Do not define global mutexes around readdir() and gmtime() in + configurations where the feature is disabled. Found and fixed by Gergely + Budai. + = mbed TLS 2.7.x branch released 2018-xx-xx Default behavior changes From b8788059196c901a263d4dc510c737fd009e47a4 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 22 Mar 2018 02:40:43 -0700 Subject: [PATCH 0840/1059] Verify that f_send and f_recv send and receive the expected length Verify that f_send and f_recv send and receive the expected length --- ChangeLog | 5 +++-- library/ssl_tls.c | 12 +++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index d82600c074..71f69ee208 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,8 +23,9 @@ Changes Contributed by Mathieu Briand. * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. * Remove support for the library reference configuration for picocoin. - * Add guard to validate that out_left can not be negative. Raised by - samoconnor in #1245. + * Verify that when (f_send, f_recv and f_recv_timeout) send or receive + more than the required length an error is returned. Raised by + Sam O'Connor in #1245. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0d0660e6ff..2bd720410a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2422,11 +2422,11 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - // At this point ret value is positive, verify that adding ret - // value to ssl->in_left doesn't cause a wraparound - if (ssl->in_left + (size_t)ret < ssl->in_left) + if ( (size_t)ret > len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "wraparound happened over in_left value" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "f_recv returned %d bytes but only %zu were requested", + ret, len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2479,7 +2479,9 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned value greater than out left size" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "f_send returned %d bytes but only %zu bytes were sent", + ret, ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } From bc30c5fec289ec3c10508a759e4f6a9cbaaeb05b Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 22 Mar 2018 10:24:06 +0000 Subject: [PATCH 0841/1059] Add change log entry for mbedtls_ssl_config_free() fix --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index cfe27f3eb9..28ae0b3703 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Changes + * Fix possible memory leak in mbedtls_ssl_config_free(). + by junyeonLEE + = mbed TLS 2.7.x branch released 2018-xx-xx Default behavior changes From 4d58881f521ed5e4fbcbda1d33aadc59c44432fa Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 22 Mar 2018 12:04:25 +0000 Subject: [PATCH 0842/1059] Clarify bug scenario in Changlog --- ChangeLog | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 28ae0b3703..7a710bdb8c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,9 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx -Changes +Bugfix * Fix possible memory leak in mbedtls_ssl_config_free(). - by junyeonLEE + This can occur only if the user doesn't use mbedtls_ssl_conf_psk() and + instead incorrectly manipulates conf->psk and/or conf->psk_identity + directly. Fix submitted by junyeonLEE. = mbed TLS 2.7.x branch released 2018-xx-xx From bdfc14e4a3a4538ccffc8f09313cbbd70ea14669 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 22 Mar 2018 12:17:36 +0000 Subject: [PATCH 0843/1059] Add reference to original PR in Changelog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7a710bdb8c..13dda4db5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,7 @@ Bugfix * Fix possible memory leak in mbedtls_ssl_config_free(). This can occur only if the user doesn't use mbedtls_ssl_conf_psk() and instead incorrectly manipulates conf->psk and/or conf->psk_identity - directly. Fix submitted by junyeonLEE. + directly. Found and fix submitted by junyeonLEE in #1220. = mbed TLS 2.7.x branch released 2018-xx-xx From d9d5c554382306b9b9f856746d253c2e3b742ea2 Mon Sep 17 00:00:00 2001 From: Kevin Luty Date: Thu, 22 Mar 2018 09:56:26 -0500 Subject: [PATCH 0844/1059] Assign error return value for failed write --- programs/pkey/pk_sign.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index dc5641805c..06ad3ee225 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -140,6 +140,7 @@ int main( int argc, char *argv[] ) if( fwrite( buf, 1, olen, f ) != olen ) { + ret = 1; mbedtls_printf( "failed\n ! fwrite failed\n\n" ); fclose( f ); goto exit; From 9b9cc616ca13b23f76e10726e19ffa463ce3cb92 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Mar 2018 17:03:45 +0100 Subject: [PATCH 0845/1059] Add ChangeLog entry --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b6..1deddfe89d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Changes + * Support cmake build where Mbed TLS is a subproject. Fix + contributed independently by Matthieu Volat and Arne Schwabe. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From 58afc39dd701280d84643f8699e88d5e8d2be1c9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Mar 2018 21:33:28 +0100 Subject: [PATCH 0846/1059] Add ChangeLog entry --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 71aa605671..29d81f7247 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x branch += mbed TLS 2.x.x branch released xxxx-xx-xx Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three @@ -14,6 +14,7 @@ Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. + * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. = mbed TLS 2.2.1 released 2016-01-05 From 88c6df1ce8cb5b553e1f8f1f24c41b473a73db03 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Mar 2018 21:48:28 +0100 Subject: [PATCH 0847/1059] Add ChangeLog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index fbc24cf737..fe7a3f3744 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,8 @@ Bugfix in RFC 6347 Section 4.3.1. This could cause the execution of the renegotiation routines at unexpected times when the protocol is DTLS. Found by wariua. #687 + * Fix spurious uninitialized variable warning in cmac.c. Fix independently + contributed by Brian J Murray and David Brown. = mbed TLS 2.4.1 branch released 2016-12-13 From d2df936e67e395e5f9ab0bcf059a8c0040f0a6da Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Fri, 16 Feb 2018 13:11:04 -0800 Subject: [PATCH 0848/1059] Fix parsing of PKCS#8 encoded Elliptic Curve keys. The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER -- implicitCurve NULL -- specifiedCurve SpecifiedECDomain } ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL } Because of the two optional fields, there are 4 possible variants that need to be parsed: no optional fields, only parameters, only public key, and both optional fields. Previously mbedTLS was unable to parse keys with "only parameters". Also, only "only public key" was tested. There was a test for "no optional fields", but it was labelled incorrectly as SEC.1 and not run because of a great renaming mixup. --- ChangeLog | 7 ++ library/pkparse.c | 3 + tests/data_files/Makefile | 79 ++++++++++++++++++ .../{ec_prv.noopt.der => ec_prv.pk8nopub.der} | Bin tests/data_files/ec_prv.pk8nopub.pem | 4 + tests/data_files/ec_prv.pk8nopubparam.der | Bin 0 -> 79 bytes tests/data_files/ec_prv.pk8nopubparam.pem | 4 + tests/data_files/ec_prv.pk8param.der | Bin 0 -> 150 bytes tests/data_files/ec_prv.pk8param.pem | 5 ++ tests/suites/test_suite_pkparse.data | 28 ++++++- 10 files changed, 126 insertions(+), 4 deletions(-) rename tests/data_files/{ec_prv.noopt.der => ec_prv.pk8nopub.der} (100%) create mode 100644 tests/data_files/ec_prv.pk8nopub.pem create mode 100644 tests/data_files/ec_prv.pk8nopubparam.der create mode 100644 tests/data_files/ec_prv.pk8nopubparam.pem create mode 100644 tests/data_files/ec_prv.pk8param.der create mode 100644 tests/data_files/ec_prv.pk8param.pem diff --git a/ChangeLog b/ChangeLog index e0b016dfb5..b2bee2bae0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxx-xx-xx + +Bugfix + * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was + unable to parse keys with only the optional parameters field of the + ECPrivateKey structure. Found by jethrogb, fixed in #1379. + = mbed TLS 2.8.0 branch released 2018-03-16 Default behavior changes diff --git a/library/pkparse.c b/library/pkparse.c index 9022db2f93..5ad5edf849 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -861,7 +861,10 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, mbedtls_ecp_keypair_free( eck ); return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); } + } + if( p != end ) + { /* * Is 'publickey' present? If not, or if we can't read it (eg because it * is compressed), create it from the private key. diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 59516bab86..f9832a0148 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -578,7 +578,86 @@ keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 key ### Generate all RSA keys keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 +################################################################ +#### Generate various EC keys +################################################################ +### +### PKCS8 encoded +### + +ec_prv.pk8.der: + $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER +all_final += ec_prv.pk8.der + +# ### Instructions for creating `ec_prv.pk8nopub.der`, +# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from +# ### `ec_prv.pk8.der`. +# +# These instructions assume you are familiar with ASN.1 DER encoding and can +# use a hex editor to manipulate DER. +# +# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: +# +# PrivateKeyInfo ::= SEQUENCE { +# version Version, +# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, +# privateKey PrivateKey, +# attributes [0] IMPLICIT Attributes OPTIONAL +# } +# +# AlgorithmIdentifier ::= SEQUENCE { +# algorithm OBJECT IDENTIFIER, +# parameters ANY DEFINED BY algorithm OPTIONAL +# } +# +# ECParameters ::= CHOICE { +# namedCurve OBJECT IDENTIFIER +# -- implicitCurve NULL +# -- specifiedCurve SpecifiedECDomain +# } +# +# ECPrivateKey ::= SEQUENCE { +# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), +# privateKey OCTET STRING, +# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, +# publicKey [1] BIT STRING OPTIONAL +# } +# +# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following +# fields: +# +# * privateKeyAlgorithm namedCurve +# * privateKey.parameters NOT PRESENT +# * privateKey.publicKey PRESENT +# * attributes NOT PRESENT +# +# # ec_prv.pk8nopub.der +# +# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. +# +# # ec_prv.pk8nopubparam.der +# +# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as +# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. +# +# # ec_prv.pk8param.der +# +# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as +# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. + +ec_prv.pk8.pem: ec_prv.pk8.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_prv.pk8.pem +ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_prv.pk8nopub.pem +ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_prv.pk8nopubparam.pem +ec_prv.pk8param.pem: ec_prv.pk8param.der + $(OPENSSL) pkey -in $< -inform DER -out $@ +all_final += ec_prv.pk8param.pem ################################################################ ### Generate certificates for CRT write check tests diff --git a/tests/data_files/ec_prv.noopt.der b/tests/data_files/ec_prv.pk8nopub.der similarity index 100% rename from tests/data_files/ec_prv.noopt.der rename to tests/data_files/ec_prv.pk8nopub.der diff --git a/tests/data_files/ec_prv.pk8nopub.pem b/tests/data_files/ec_prv.pk8nopub.pem new file mode 100644 index 0000000000..0ec527205e --- /dev/null +++ b/tests/data_files/ec_prv.pk8nopub.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDH78XUX+cxmTPQ1hVkYbu3VvBc9c82 +EyGKaGvkAo1Pkw== +-----END PRIVATE KEY----- diff --git a/tests/data_files/ec_prv.pk8nopubparam.der b/tests/data_files/ec_prv.pk8nopubparam.der new file mode 100644 index 0000000000000000000000000000000000000000..70d30fb81a8ccf94a72a1bcb48a35fc455eae481 GIT binary patch literal 79 zcmXr;WnyG75N2c7YV$Z}%f!gW0cJ2Wva=W)7&0+3vM3yXfAmWHbHka&7p{q>B<|iG Z_95o$c{5?fu8iy_Ouhb-7jPjo0RVjE8Gir( literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_prv.pk8nopubparam.pem b/tests/data_files/ec_prv.pk8nopubparam.pem new file mode 100644 index 0000000000..5c910c9ad0 --- /dev/null +++ b/tests/data_files/ec_prv.pk8nopubparam.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDH78XUX+cxmTPQ1hVkYbu3VvBc9c82 +EyGKaGvkAo1Pk6AKBggqhkjOPQMBBw== +-----END PRIVATE KEY----- diff --git a/tests/data_files/ec_prv.pk8param.der b/tests/data_files/ec_prv.pk8param.der new file mode 100644 index 0000000000000000000000000000000000000000..8bbaa3a8b3a0ebf0a0839d4bf9498f7163600c25 GIT binary patch literal 150 zcmXqLoXo_?U?9xKuGQvo&X$RhjRVYJW@KlnG$?0cWMok|{{HBd_~(W*jW1jiO-bCn zJ?ulw*Yjq=id`AmPndfBCokYaXjul;z{G0p=sHBxz%dQ`KI7`k*H u-(Pz+_Jzqdxs#SpO;_sQD|c{WHb0UU?VDO Date: Thu, 22 Mar 2018 22:26:03 +0100 Subject: [PATCH 0849/1059] all.sh --keep-going: properly handle multiple-builds scripts In keep-going mode, if a multiple-builds script fails, record its status and keep going. --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a309272a0f..2dfd39e861 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -492,7 +492,7 @@ msg "test: ssl-opt.sh (ASan build)" # ~ 1 min if_build_succeeded tests/ssl-opt.sh msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s -if_build_succeeded tests/scripts/test-ref-configs.pl +record_status tests/scripts/test-ref-configs.pl msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min make @@ -565,19 +565,19 @@ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_ msg "test/build: curves.pl (gcc)" # ~ 4 min cleanup -tests/scripts/curves.pl +record_status tests/scripts/curves.pl msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min cleanup -tests/scripts/depends-hashes.pl +record_status tests/scripts/depends-hashes.pl msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min cleanup -tests/scripts/depends-pkalgs.pl +record_status tests/scripts/depends-pkalgs.pl msg "test/build: key-exchanges (gcc)" # ~ 1 min cleanup -tests/scripts/key-exchanges.pl +record_status tests/scripts/key-exchanges.pl msg "build: Unix make, -Os (gcc)" # ~ 30s cleanup From 1cfa2d0e198e2b45c7b63d774dee119189643076 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Mar 2018 00:55:57 +0100 Subject: [PATCH 0850/1059] Add missing dependencies in test_suite_x509parse Found by depends-hashes.pl and depends-pkgalgs.pl. --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 9cf80bbf39..8db07bdc3c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1299,21 +1299,27 @@ X509 CRL ASN1 (invalid version overflow) x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 X509 CRT parse path #2 (one cert) From 51d9394fdf93c24615cb41f36eeb9bbfe17ed72d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Mar 2018 01:42:44 +0100 Subject: [PATCH 0851/1059] Add changelog entries for improved testing Fixes #1040 --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0ae1af0f63..0a01c55c97 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,16 @@ Security trusted CA with a non DER-compliant certificate. Found by luocm on GitHub. Fixes #825. +Bugfix + * Add missing dependencies in test suites that led to build failures + in configurations that omit certain hashes or public-key algorithms. + Fixes #1040. + +Changes + * Improve testing in configurations that omit certain hashes or + public-key algorithms. Includes contributions by Gert van Dijk. + * Improve negative testing of X.509 parsing. + = mbed TLS 2.8.0 branch released 2018-03-16 Default behavior changes From b2f09c32658668d0d79469ed32c86b6836a4beb1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 21 Mar 2018 12:38:00 +0100 Subject: [PATCH 0852/1059] Support out-of-tree testing with CMake: add ChangeLog entry. Fixes #1193 --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db0215914..5d8673373a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x branch released xxxx-xx-xx + +Changes + * Support TLS testing in out-of-source builds using cmake. Fixes #1193. + = mbed TLS 2.7.0 branch released 2018-02-03 Security From be038366eab275e7157f979b2d57fc0da00eab3e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Mar 2018 17:12:46 +0100 Subject: [PATCH 0853/1059] Fix some comments regarding what files are symlinked --- CMakeLists.txt | 3 +-- include/CMakeLists.txt | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index df03dd6073..8b26e6e7c7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -189,8 +189,7 @@ if(ENABLE_TESTING) endif(UNIX) endif() -# Make scripts and data files needed for testing available in an -# out-of-source build. +# Make scripts needed for testing available in an out-of-source build. if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) link_to_source(scripts) endif() diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 3081b2678b..1b581a54dd 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -10,8 +10,7 @@ if(INSTALL_MBEDTLS_HEADERS) endif(INSTALL_MBEDTLS_HEADERS) -# Make scripts and data files needed for testing available in an -# out-of-source build. +# Make config.h available in an out-of-source build. ssl-opt.sh requires it. if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) link_to_source(mbedtls) endif() From 8d54c069f6688d1ee9891f659857090cefda568d Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Fri, 23 Mar 2018 18:34:35 +0000 Subject: [PATCH 0854/1059] Use correct version of snprintf on Windows platform.h defines MBEDTLS_PLATFORM_STD_SNPRINTF based on _WIN32. But while defining macro mbedtls_snprintf it sets it to STD C snprintf that is deprecated on Windows. --- include/mbedtls/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index ed10775848..2e21f03387 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -210,7 +210,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, #if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) #define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO #else -#define mbedtls_snprintf snprintf +#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF #endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */ #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ From 5cb1f09ab46ea19e1df78af86fbb19f3de6f8ef4 Mon Sep 17 00:00:00 2001 From: Ivan Krylov Date: Sat, 24 Mar 2018 18:48:04 +0300 Subject: [PATCH 0855/1059] slight rewording requested by reviewer (#758) --- include/mbedtls/net_sockets.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index f09f8bf3bf..38ec91b2e4 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -120,7 +120,7 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char * \param client_ip Will contain the client IP address, can be NULL * \param buf_size Size of the client_ip buffer * \param ip_len Will receive the size of the client IP written, - * can be NULL if client_ip == NULL + * can be NULL if client_ip is null * * \return 0 if successful, or * MBEDTLS_ERR_NET_ACCEPT_FAILED, or From 873f15d70d4bbdefa87c847bfe36b183320a8872 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 25 Mar 2018 23:47:15 +0100 Subject: [PATCH 0856/1059] Make DLEXT var configurable in library/Makefile --- library/Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/Makefile b/library/Makefile index 65a102f3a1..633038efcf 100644 --- a/library/Makefile +++ b/library/Makefile @@ -35,9 +35,8 @@ SOEXT_TLS=so.10 SOEXT_X509=so.0 SOEXT_CRYPTO=so.1 -DLEXT=so -# OSX shared library extension: -# DLEXT=dylib +# Set DLEXT=dylib to compile as a shared library for Mac OS X +DLEXT ?= so # Windows shared library extension: ifdef WINDOWS_BUILD From ceed91b72c307d6aa27afb770e38786d27651b96 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 25 Mar 2018 23:48:39 +0100 Subject: [PATCH 0857/1059] Allow overriding ar param prefix in library/Makefile --- library/Makefile | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/library/Makefile b/library/Makefile index 633038efcf..39bc24d78e 100644 --- a/library/Makefile +++ b/library/Makefile @@ -38,6 +38,10 @@ SOEXT_CRYPTO=so.1 # Set DLEXT=dylib to compile as a shared library for Mac OS X DLEXT ?= so +# Set AR_DASH= (empty string) to use an ar implentation that does not accept +# the - prefix for command line options (e.g. llvm-ar) +AR_DASH ?= - + # Windows shared library extension: ifdef WINDOWS_BUILD DLEXT=dll @@ -90,9 +94,9 @@ shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT) # tls libmbedtls.a: $(OBJS_TLS) echo " AR $@" - $(AR) -rc $@ $(OBJS_TLS) + $(AR) $(AR_DASH)rc $@ $(OBJS_TLS) echo " RL $@" - $(AR) -s $@ + $(AR) $(AR_DASH)s $@ libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so echo " LD $@" @@ -113,9 +117,9 @@ libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll # x509 libmbedx509.a: $(OBJS_X509) echo " AR $@" - $(AR) -rc $@ $(OBJS_X509) + $(AR) $(AR_DASH)rc $@ $(OBJS_X509) echo " RL $@" - $(AR) -s $@ + $(AR) $(AR_DASH)s $@ libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so echo " LD $@" @@ -136,9 +140,9 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll # crypto libmbedcrypto.a: $(OBJS_CRYPTO) echo " AR $@" - $(AR) -rc $@ $(OBJS_CRYPTO) + $(AR) $(AR_DASH)rc $@ $(OBJS_CRYPTO) echo " RL $@" - $(AR) -s $@ + $(AR) $(AR_DASH)s $@ libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO) echo " LD $@" From ea5a8a418b4fe4b463a5cc0a08e2193a38105950 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 25 Mar 2018 23:57:09 +0100 Subject: [PATCH 0858/1059] Add ChangeLog entry for library/makefile changes --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index c0759b2b25..4985bcc1a6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,10 @@ Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. * Support cmake build where Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and Arne Schwabe. + * Allow configuring the prefix operator for the archiver tool when compiling + the library using the makefile. Found and fixed by Alex Hixon. + * Allow configuring the shared library extension by setting the DLEXT + variable when using the project makefile. = mbed TLS 2.8.0 branch released 2018-03-16 From e4f2736b42656bc62e3e48faf79f91140ab83ce8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 Mar 2018 12:29:30 +0200 Subject: [PATCH 0859/1059] Add ChangeLog entry --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0a857ba767..634e29cdc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Improve the documentation of mbedtls_net_accept(). Contributed by aitap. + = mbed TLS 2.4.1 branch released 2016-12-13 Changes From 5ad7aea5688081a6217b9f491befb521f37ee71b Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 26 Mar 2018 12:00:09 +0100 Subject: [PATCH 0860/1059] Update aes.h Minor documentation improvements: Standardized brief file description. Split returns. Minor fixes. --- include/mbedtls/aes.h | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 46016dcb7f..c82d39a402 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -1,7 +1,9 @@ /** * \file aes.h * - * \brief The Advanced Encryption Standard (AES) specifies a FIPS-approved + * \brief This file contains AES definitions and functions. + * + * The Advanced Encryption Standard (AES) specifies a FIPS-approved * cryptographic algorithm that can be used to protect electronic * data. * @@ -12,6 +14,7 @@ * techniques -- Encryption algorithms -- Part 2: Asymmetric * ciphers. */ + /* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * @@ -112,8 +115,8 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); *
  • 192 bits
    • *
  • 256 bits
    • * - * \return \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH - * on failure. + * \return \c 0 on success. + * #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -128,7 +131,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, *
  • 192 bits
    • *
  • 256 bits
    • * - * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -192,7 +196,8 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * \param input The buffer holding the input data. * \param output The buffer holding the output data. * - * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH + * \return \c 0 on success. + * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH * on failure. */ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, @@ -313,7 +318,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * \param input The buffer holding the input data. * \param output The buffer holding the output data. * - * \return \c 0 on success. + * \return \c 0 on success. */ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, size_t length, @@ -406,7 +411,8 @@ extern "C" { /** * \brief Checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_aes_self_test( int verbose ); From 4ee9d24c904cab2c3540bf9f240efe768bd11703 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 26 Mar 2018 17:18:44 +0100 Subject: [PATCH 0861/1059] Update ccm.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. --- include/mbedtls/ccm.h | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 630b7fdf6c..93ec157d88 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -1,8 +1,10 @@ /** * \file ccm.h * - * \brief CCM combines Counter mode encryption with CBC-MAC authentication - * for 128-bit block ciphers. + * \brief This file contains CCM definitions and functions. + * + * CCM combines Counter mode encryption with CBC-MAC authentication + * for 128-bit block ciphers. * * Input to CCM includes the following elements: *
    • Payload - data that is both authenticated and encrypted.
      • @@ -75,7 +77,8 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \param key The encryption key. * \param keybits The key size in bits. This must be acceptable by the cipher. * - * \return \c 0 on success, or a cipher-specific error code. + * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, @@ -93,6 +96,13 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); /** * \brief This function encrypts a buffer using CCM. * + * + * \note The tag is written to a separate buffer. To concatenate + * the \p tag with the \p output, as done in RFC-3610: + * Counter with CBC-MAC (CCM), use + * \p tag = \p output + \p length, and make sure that the + * output buffer is at least \p length + \p tag_len wide. + * * \param ctx The CCM context to use for encryption. * \param length The length of the input data in Bytes. * \param iv Initialization vector (nonce). @@ -107,12 +117,6 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \param tag_len The length of the tag to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * - * \note The tag is written to a separate buffer. To concatenate - * the \p tag with the \p output, as done in RFC-3610: - * Counter with CBC-MAC (CCM), use - * \p tag = \p output + \p length, and make sure that the - * output buffer is at least \p length + \p tag_len wide. - * * \return \c 0 on success. */ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, @@ -139,8 +143,8 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param tag_len The length of the tag in Bytes. * 4, 6, 8, 10, 12, 14 or 16. * - * \return 0 if successful and authenticated, or - * #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. + * \return 0 if successful and authenticated. + * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, @@ -164,7 +168,8 @@ extern "C" { /** * \brief The CCM checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_ccm_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ From 02f73a6b555c7784bd90ef25baecb4dbc3528c17 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 26 Mar 2018 18:02:32 +0100 Subject: [PATCH 0862/1059] Update cipher.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Added missing documentation in lines 99-159 (values in enums) - need to be verified. *lines 79+80 and 97+98 - verify descriptions + what is the difference here between none and null? *lines 177-187 - seems to be an enum without a name? --- include/mbedtls/cipher.h | 297 ++++++++++++++++++++------------------- 1 file changed, 156 insertions(+), 141 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index d1f4efef8e..000d18fdc6 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -1,7 +1,7 @@ /** * \file cipher.h * - * \brief The generic cipher wrapper. + * \brief Thif file contains the generic cipher wrapper. * * \author Adriaan de Jong */ @@ -69,93 +69,93 @@ extern "C" { #endif /** - * \brief An enumeration of supported ciphers. + * \brief Supported cipher types. * * \warning ARC4 and DES are considered weak ciphers and their use - * constitutes a security risk. We recommend considering stronger - * ciphers instead. + * constitutes a security risk. We recommend you consider using + * stronger ciphers instead. */ typedef enum { - MBEDTLS_CIPHER_ID_NONE = 0, - MBEDTLS_CIPHER_ID_NULL, - MBEDTLS_CIPHER_ID_AES, - MBEDTLS_CIPHER_ID_DES, - MBEDTLS_CIPHER_ID_3DES, - MBEDTLS_CIPHER_ID_CAMELLIA, - MBEDTLS_CIPHER_ID_BLOWFISH, - MBEDTLS_CIPHER_ID_ARC4, + MBEDTLS_CIPHER_ID_NONE = 0, /**< None. */ + MBEDTLS_CIPHER_ID_NULL, /**< NULL.*/ + MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ + MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ + MBEDTLS_CIPHER_ID_3DES, /**< The 3DES cipher. */ + MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ + MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ + MBEDTLS_CIPHER_ID_ARC4, /**< The ARC4 cipher. */ } mbedtls_cipher_id_t; /** - * \brief An enumeration of supported (cipher, mode) pairs. + * \brief Supported {cipher type, cipher mode} pairs. * * \warning ARC4 and DES are considered weak ciphers and their use * constitutes a security risk. We recommend considering stronger * ciphers instead. */ typedef enum { - MBEDTLS_CIPHER_NONE = 0, - MBEDTLS_CIPHER_NULL, - MBEDTLS_CIPHER_AES_128_ECB, - MBEDTLS_CIPHER_AES_192_ECB, - MBEDTLS_CIPHER_AES_256_ECB, - MBEDTLS_CIPHER_AES_128_CBC, - MBEDTLS_CIPHER_AES_192_CBC, - MBEDTLS_CIPHER_AES_256_CBC, - MBEDTLS_CIPHER_AES_128_CFB128, - MBEDTLS_CIPHER_AES_192_CFB128, - MBEDTLS_CIPHER_AES_256_CFB128, - MBEDTLS_CIPHER_AES_128_CTR, - MBEDTLS_CIPHER_AES_192_CTR, - MBEDTLS_CIPHER_AES_256_CTR, - MBEDTLS_CIPHER_AES_128_GCM, - MBEDTLS_CIPHER_AES_192_GCM, - MBEDTLS_CIPHER_AES_256_GCM, - MBEDTLS_CIPHER_CAMELLIA_128_ECB, - MBEDTLS_CIPHER_CAMELLIA_192_ECB, - MBEDTLS_CIPHER_CAMELLIA_256_ECB, - MBEDTLS_CIPHER_CAMELLIA_128_CBC, - MBEDTLS_CIPHER_CAMELLIA_192_CBC, - MBEDTLS_CIPHER_CAMELLIA_256_CBC, - MBEDTLS_CIPHER_CAMELLIA_128_CFB128, - MBEDTLS_CIPHER_CAMELLIA_192_CFB128, - MBEDTLS_CIPHER_CAMELLIA_256_CFB128, - MBEDTLS_CIPHER_CAMELLIA_128_CTR, - MBEDTLS_CIPHER_CAMELLIA_192_CTR, - MBEDTLS_CIPHER_CAMELLIA_256_CTR, - MBEDTLS_CIPHER_CAMELLIA_128_GCM, - MBEDTLS_CIPHER_CAMELLIA_192_GCM, - MBEDTLS_CIPHER_CAMELLIA_256_GCM, - MBEDTLS_CIPHER_DES_ECB, - MBEDTLS_CIPHER_DES_CBC, - MBEDTLS_CIPHER_DES_EDE_ECB, - MBEDTLS_CIPHER_DES_EDE_CBC, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_CIPHER_DES_EDE3_CBC, - MBEDTLS_CIPHER_BLOWFISH_ECB, - MBEDTLS_CIPHER_BLOWFISH_CBC, - MBEDTLS_CIPHER_BLOWFISH_CFB64, - MBEDTLS_CIPHER_BLOWFISH_CTR, - MBEDTLS_CIPHER_ARC4_128, - MBEDTLS_CIPHER_AES_128_CCM, - MBEDTLS_CIPHER_AES_192_CCM, - MBEDTLS_CIPHER_AES_256_CCM, - MBEDTLS_CIPHER_CAMELLIA_128_CCM, - MBEDTLS_CIPHER_CAMELLIA_192_CCM, - MBEDTLS_CIPHER_CAMELLIA_256_CCM, + MBEDTLS_CIPHER_NONE = 0, /**< None. */ + MBEDTLS_CIPHER_NULL, /**< NULL. */ + MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */ + MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */ + MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */ + MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */ + MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */ + MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */ + MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */ + MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */ + MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */ + MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */ + MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */ + MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */ + MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */ + MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */ + MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */ + MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */ + MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */ + MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */ + MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */ + MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */ + MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */ + MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */ + MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */ + MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */ + MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */ + MBEDTLS_CIPHER_ARC4_128, /**< ARC4 cipher with 128-bit mode. */ + MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ + MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ + MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */ + MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */ } mbedtls_cipher_type_t; /** Supported cipher modes. */ typedef enum { - MBEDTLS_MODE_NONE = 0, - MBEDTLS_MODE_ECB, - MBEDTLS_MODE_CBC, - MBEDTLS_MODE_CFB, - MBEDTLS_MODE_OFB, /* Unused! */ - MBEDTLS_MODE_CTR, - MBEDTLS_MODE_GCM, - MBEDTLS_MODE_STREAM, - MBEDTLS_MODE_CCM, + MBEDTLS_MODE_NONE = 0, /**< None. */ + MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */ + MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */ + MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */ + MBEDTLS_MODE_OFB, /**< Unused. */ + MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */ + MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */ + MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */ + MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */ } mbedtls_cipher_mode_t; /** Supported cipher padding types. */ @@ -163,8 +163,8 @@ typedef enum { MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */ MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */ MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */ - MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible). */ - MBEDTLS_PADDING_NONE, /**< never pad (full blocks only). */ + MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */ + MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */ } mbedtls_cipher_padding_t; /** Type of operation. */ @@ -228,7 +228,8 @@ typedef struct { */ unsigned int iv_size; - /** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */ + /** Flags to set. For example, if the cipher + supports variable IV sizes or variable key sizes. */ int flags; /** The block size, in Bytes. */ @@ -299,7 +300,8 @@ const int *mbedtls_cipher_list( void ); * \param cipher_name Name of the cipher to search for. * * \return The cipher information structure associated with the - * given \p cipher_name, or NULL if not found. + * given \p cipher_name. + * \return NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); @@ -325,7 +327,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher * \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC. * * \return The cipher information structure associated with the - * given \p cipher_id, or NULL if not found. + * given \p cipher_id. + * \return NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, int key_bitlen, @@ -352,9 +355,9 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * \param ctx The context to initialize. May not be NULL. * \param cipher_info The cipher to use. * - * \return \c 0 on success, - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure, - * #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure. + * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the * cipher-specific context failed. * * \internal Currently, the function also clears the structure. @@ -368,8 +371,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in * * \param ctx The context of the cipher. Must be initialized. * - * \return The size of the blocks of the cipher, or zero if \p ctx - * has not been initialized. + * \return The size of the blocks of the cipher. + * \return 0 if \p ctx has not been initialized. */ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) { @@ -385,8 +388,8 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c * * \param ctx The context of the cipher. Must be initialized. * - * \return The mode of operation, or #MBEDTLS_MODE_NONE if - * \p ctx has not been initialized. + * \return The mode of operation. + * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized. */ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) { @@ -402,9 +405,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * * \param ctx The context of the cipher. Must be initialized. * - * \return
      • If no IV has been set: the recommended IV size. - * 0 for ciphers not using IV or nonce.
        • - *
      • If IV has already been set: the actual size.
      + * \return The recommended IV size, if no IV has been set. + * 0 for ciphers not using IV or nonce. + * \return The actual size, if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { @@ -422,8 +425,8 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct * * \param ctx The context of the cipher. Must be initialized. * - * \return The type of the cipher, or #MBEDTLS_CIPHER_NONE if - * \p ctx has not been initialized. + * \return The type of the cipher. + * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized. */ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx ) { @@ -439,8 +442,8 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe * * \param ctx The context of the cipher. Must be initialized. * - * \return The name of the cipher, or NULL if \p ctx has not - * been not initialized. + * \return The name of the cipher. + * \return NULL if \p ctx has not been not initialized. */ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) { @@ -455,8 +458,8 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_ * * \param ctx The context of the cipher. Must be initialized. * - * \return The key length of the cipher in bits, or - * #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been + * \return The key length of the cipher in bits. + * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been * initialized. */ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx ) @@ -473,7 +476,8 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t * \param ctx The context of the cipher. Must be initialized. * * \return The type of operation: #MBEDTLS_ENCRYPT or - * #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx + * #MBEDTLS_DECRYPT. + * \return #MBEDTLS_OPERATION_NONE if \p ctx * has not been initialized. */ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) @@ -495,9 +499,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci * \param operation The operation that the key will be used for: * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails, or a cipher-specific - * error code. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * parameter verification fails. + * \return A cipher-specific error code. */ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation ); @@ -512,9 +517,10 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k * \param ctx The generic cipher context. * \param mode The padding mode. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE - * if the selected padding mode is not supported, or - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE + * if the selected padding mode is not supported. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode * does not support padding. */ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ); @@ -524,15 +530,16 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph * \brief This function sets the initialization vector (IV) * or nonce. * + * \note Some ciphers do not use IVs nor nonce. For these + * ciphers, this function has no effect. + * * \param ctx The generic cipher context. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. * - * \returns \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA - * - * \note Some ciphers do not use IVs nor nonce. For these - * ciphers, this function has no effect. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on failure. */ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ); @@ -542,7 +549,8 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, * * \param ctx The generic cipher context. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); @@ -557,7 +565,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); * \param ad The additional data to use. * \param ad_len the Length of \p ad. * - * \return \c 0 on success, or a specific error code on failure. + * \return \c 0 on success. + * \return A specific error code on failure. */ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len ); @@ -573,6 +582,11 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * Exception: For MBEDTLS_MODE_ECB, expects a single block * in size. For example, 16 Bytes for AES. * + * \note If the underlying cipher is GCM, all calls to this + * function, except the last one before + * mbedtls_cipher_finish(). Must have \p ilen as a + * multiple of the block_size. + * * \param ctx The generic cipher context. * \param input The buffer holding the input data. * \param ilen The length of the input data. @@ -582,16 +596,12 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * \param olen The length of the output data, to be updated with the * actual number of Bytes written. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails, - * #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an - * unsupported mode for a cipher, or a cipher-specific - * error code. - * - * \note If the underlying cipher is GCM, all calls to this - * function, except the last one before - * mbedtls_cipher_finish(). Must have \p ilen as a - * multiple of the block_size. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an + * unsupported mode for a cipher. + * \return A cipher-specific error code. */ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ); @@ -606,13 +616,15 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * \param output The buffer to write data to. Needs block_size available. * \param olen The length of the data written to the \p output buffer. * - * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails, - * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption - * expected a full block but was not provided one, - * #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding - * while decrypting, or a cipher-specific error code - * on failure for any other reason. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if + * parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption + * expected a full block but was not provided one. + * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding + * while decrypting. + * \return A cipher-specific error code on failure for any other + * reason. */ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ); @@ -627,7 +639,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, * \param tag The buffer to write the tag to. * \param tag_len The length of the tag to write. * - * \return \c 0 on success, or a specific error code on failure. + * \return \c 0 on success. + * \return A specific error code on failure. */ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len ); @@ -641,7 +654,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, * \param tag The buffer holding the tag. * \param tag_len The length of the tag to check. * - * \return \c 0 on success, or a specific error code on failure. + * \return \c 0 on success. + * \return A specific error code on failure. */ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len ); @@ -667,13 +681,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * \note Some ciphers do not use IVs nor nonce. For these * ciphers, use \p iv = NULL and \p iv_len = 0. * - * \returns \c 0 on success, or - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption - * expected a full block but was not provided one, or - * #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding - * while decrypting, or a cipher-specific error code on - * failure for any other reason. + * expected a full block but was not provided one. + * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding + * while decrypting. + * \return A cipher-specific error code on failure for any other + * reason. */ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -699,9 +714,9 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * \param tag The buffer for the authentication tag. * \param tag_len The desired length of the authentication tag. * - * \returns \c 0 on success, or - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * a cipher-specific error code. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. + * \return A cipher-specific error code. */ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -713,6 +728,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, /** * \brief The generic autenticated decryption (AEAD) function. * + * \note If the data is not authentic, then the output buffer + * is zeroed out to prevent the unauthentic plaintext being + * used, making this interface safer. + * * \param ctx The generic cipher context. * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. * \param iv_len The IV length for ciphers with variable-size IV. @@ -728,14 +747,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * \param tag The buffer holding the authentication tag. * \param tag_len The length of the authentication tag. * - * \returns \c 0 on success, or - * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic, - * or a cipher-specific error code on failure for any other reason. - * - * \note If the data is not authentic, then the output buffer - * is zeroed out to prevent the unauthentic plaintext being - * used, making this interface safer. + * \returns \c 0 on success. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. + * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. + * \return A cipher-specific error code on failure for any other reason. */ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, From f4659efedcb5a0d2e77dc1617f5ba8c26cd5d6e0 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Mon, 26 Mar 2018 22:11:24 +0100 Subject: [PATCH 0863/1059] Document config restrictions of psk fields --- include/mbedtls/ssl.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5ee9e9d977..d0c367771a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -673,10 +673,18 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) - unsigned char *psk; /*!< pre-shared key */ - size_t psk_len; /*!< length of the pre-shared key */ - unsigned char *psk_identity; /*!< identity for PSK negotiation */ - size_t psk_identity_len;/*!< length of identity */ + unsigned char *psk; /*!< pre-shared key. This field should + only be set via + mbedtls_ssl_conf_psk() */ + size_t psk_len; /*!< length of the pre-shared key. This + field should only be set via + mbedtls_ssl_conf_psk() */ + unsigned char *psk_identity; /*!< identity for PSK negotiation. This + field should only be set via + mbedtls_ssl_conf_psk() */ + size_t psk_identity_len;/*!< length of identity. This field should + only be set via + mbedtls_ssl_conf_psk() */ #endif #if defined(MBEDTLS_SSL_ALPN) From 02facfb4d9a176f68bdaf8251160e52bf85a8258 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 10:26:56 +0100 Subject: [PATCH 0864/1059] Update cipher.h --- include/mbedtls/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 000d18fdc6..216771517a 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -1,7 +1,7 @@ /** * \file cipher.h * - * \brief Thif file contains the generic cipher wrapper. + * \brief This file contains the generic cipher wrapper. * * \author Adriaan de Jong */ From 8c154935f6d0a5630b03cce267db298054aa00af Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 10:45:16 +0100 Subject: [PATCH 0865/1059] Update cmac.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Please verify RFC in file description. --- include/mbedtls/cmac.h | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 628c9daba2..b9c6f22104 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -1,8 +1,10 @@ /** * \file cmac.h * - * \brief The Cipher-based Message Authentication Code (CMAC) Mode for - * Authentication. + * \brief This file contains CMAC definitions and functions. + * + * The Cipher-based Message Authentication Code (CMAC) Mode for + * Authentication is defined in RFC-4493: The AES-CMAC Algorithm. */ /* * Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -38,9 +40,9 @@ extern "C" { #define MBEDTLS_DES3_BLOCK_SIZE 8 #if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* The longest block used by CMAC is that of AES. */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */ #else -#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* The longest block used by CMAC is that of 3DES. */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */ #endif #if !defined(MBEDTLS_CMAC_ALT) @@ -67,16 +69,15 @@ struct mbedtls_cmac_context_t * Must be called with an initialized cipher context. * * \param ctx The cipher context used for the CMAC operation, initialized - * as one of the following types:
        - *
      • MBEDTLS_CIPHER_AES_128_ECB
        • - *
      • MBEDTLS_CIPHER_AES_192_ECB
        • - *
      • MBEDTLS_CIPHER_AES_256_ECB
        • - *
      • MBEDTLS_CIPHER_DES_EDE3_ECB
      + * as one of the following types: MBEDTLS_CIPHER_AES_128_ECB, + * MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB, + * or MBEDTLS_CIPHER_DES_EDE3_ECB. * \param key The CMAC key. * \param keybits The length of the CMAC key in bits. * Must be supported by the cipher. * - * \return \c 0 on success, or a cipher-specific error code. + * \returns \c 0 on success. + * \returns A cipher-specific error code on failure. */ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, const unsigned char *key, size_t keybits ); @@ -93,8 +94,9 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA - * if parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * if parameter verification fails. */ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -110,7 +112,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, * \param ctx The cipher context used for the CMAC operation. * \param output The output buffer for the CMAC checksum result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, @@ -126,7 +129,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, * * \param ctx The cipher context used for the CMAC operation. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); @@ -149,7 +153,8 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); * \param ilen The length of the input data. * \param output The buffer for the generic CMAC result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, @@ -196,7 +201,8 @@ extern "C" { /** * \brief The CMAC checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_cmac_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ From c9474ebdbb4e42d2411220cf3a50306703be5e0d Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 10:58:22 +0100 Subject: [PATCH 0866/1059] Update ctr_drbg.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Suggest to specify issue for each return code, where multiple failure return codes are listed. --- include/mbedtls/ctr_drbg.h | 53 +++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 121575a51b..5f611dd018 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -1,9 +1,11 @@ /** * \file ctr_drbg.h * - * \brief CTR_DRBG is based on AES-256, as defined in NIST SP 800-90A: - * Recommendation for Random Number Generation Using Deterministic - * Random Bit Generators. + * \brief This file contains CTR_DRBG definitions and functions. + * + * CTR_DRBG is based on AES-256, as defined in NIST SP 800-90A: + * Recommendation for Random Number Generation Using Deterministic + * Random Bit Generators. * */ /* @@ -156,8 +158,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ); identifiers. Can be NULL. * \param len The length of the personalization data. * - * \return \c 0 on success, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, int (*f_entropy)(void *, unsigned char *, size_t), @@ -216,22 +218,24 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, * \param additional Additional data to add to the state. Can be NULL. * \param len The length of the additional data. * - * \return \c 0 on success, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len ); /** - * \brief This function updates the state of the CTR_DRBG context. + * \brief This function updates the state of the CTR_DRBG context. * - * \param ctx The CTR_DRBG context. - * \param additional The data to update the state with. - * \param add_len Length of \p additional data. + * \note If \p add_len is greater than + * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first + * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used. + * The remaining Bytes are silently discarded. + * + * \param ctx The CTR_DRBG context. + * \param additional The data to update the state with. + * \param add_len Length of \p additional data. * - * \note If \p add_len is greater than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, - * only the first #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used. - * The remaining Bytes are silently discarded. */ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len ); @@ -249,8 +253,8 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, * \param additional Additional data to update. Can be NULL. * \param add_len The length of the additional data. * - * \return \c 0 on success, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ int mbedtls_ctr_drbg_random_with_add( void *p_rng, @@ -267,8 +271,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, * \param output The buffer to fill. * \param output_len The length of the buffer. * - * \return \c 0 on success, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ int mbedtls_ctr_drbg_random( void *p_rng, @@ -281,8 +285,8 @@ int mbedtls_ctr_drbg_random( void *p_rng, * \param ctx The CTR_DRBG context. * \param path The name of the file. * - * \return \c 0 on success, - * #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on * failure. */ @@ -295,9 +299,9 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char * \param ctx The CTR_DRBG context. * \param path The name of the file. * - * \return \c 0 on success, - * #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or + * \return \c 0 on success. + * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure. */ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); @@ -306,7 +310,8 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char /** * \brief The CTR_DRBG checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_ctr_drbg_self_test( int verbose ); From 6899328bf85fa6d89814d8df73b9e20cc96cd0a2 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 11:12:25 +0100 Subject: [PATCH 0867/1059] Update ecdh.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *p_rng descriptions changed from "parameter" to "context". *Removed bullets from parameter descriptions. --- include/mbedtls/ecdh.h | 119 +++++++++++++++++++++-------------------- 1 file changed, 61 insertions(+), 58 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 99cfde00d0..70455e8c74 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -1,10 +1,11 @@ /** * \file ecdh.h * - * \brief The Elliptic Curve Diffie-Hellman (ECDH) protocol APIs. - * - * ECDH is an anonymous key agreement protocol allowing two parties to - * establish a shared secret over an insecure channel. Each party must have an + * \brief This file contains ECDH definitions and functions. + * + * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous + * key agreement protocol allowing two parties to establish a shared + * secret over an insecure channel. Each party must have an * elliptic-curve public–private key pair. * * For more information, see NIST SP 800-56A Rev. 2: Recommendation for @@ -40,14 +41,12 @@ extern "C" { #endif /** - * Defines the source of the imported EC key: - *
      • Our key.
        • - *
      • The key of the peer.
      + * Defines the source of the imported EC key. */ typedef enum { - MBEDTLS_ECDH_OURS, - MBEDTLS_ECDH_THEIRS, + MBEDTLS_ECDH_OURS, /**< Our key. */ + MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */ } mbedtls_ecdh_side; /** @@ -75,16 +74,18 @@ mbedtls_ecdh_context; * implemented during the ECDH key exchange. The second core * computation is performed by mbedtls_ecdh_compute_shared(). * + * \see ecp.h + * * \param grp The ECP group. * \param d The destination MPI (private key). * \param Q The destination point (public key). * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or * \c MBEDTLS_MPI_XXX error code on failure. * - * \see ecp.h */ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), @@ -97,21 +98,22 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * implemented during the ECDH key exchange. The first core * computation is performed by mbedtls_ecdh_gen_public(). * - * \param grp The ECP group. - * \param z The destination MPI (shared secret). - * \param Q The public key from another party. - * \param d Our secret exponent (private key). - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or - * \c MBEDTLS_MPI_XXX error code on failure. - * * \see ecp.h * * \note If \p f_rng is not NULL, it is used to implement * countermeasures against potential elaborate timing * attacks. For more information, see mbedtls_ecp_mul(). + * + * \param grp The ECP group. + * \param z The destination MPI (shared secret). + * \param Q The public key from another party. + * \param d Our secret exponent (private key). + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or + * \c MBEDTLS_MPI_XXX error code on failure. */ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, @@ -139,21 +141,21 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); * This is the first function used by a TLS server for ECDHE * ciphersuites. * + * \note This function assumes that the ECP group (grp) of the + * \p ctx context has already been properly set, + * for example, using mbedtls_ecp_group_load(). + * + * \see ecp.h + * * \param ctx The ECDH context. * \param olen The number of characters written. * \param buf The destination buffer. * \param blen The length of the destination buffer. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \note This function assumes that the ECP group (grp) of the - * \p ctx context has already been properly set, - * for example, using mbedtls_ecp_group_load(). - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -167,14 +169,15 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, * This is the first function used by a TLS client for ECDHE * ciphersuites. * + * \see ecp.h + * * \param ctx The ECDH context. * \param buf The pointer to the start of the input buffer. * \param end The address for one Byte past the end of the buffer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * - * \see ecp.h */ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end ); @@ -186,16 +189,16 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * ServerKeyEchange for static ECDH, and imports ECDH * parameters from the EC key information of a certificate. * + * \see ecp.h + * * \param ctx The ECDH context to set up. * \param key The EC key to use. - * \param side Defines the source of the key: - *
      • 1: Our key.
        • -
      • 0: The key of the peer.
      + * \param side Defines the source of the key: 1: Our key, or + * 0: The key of the peer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * - * \see ecp.h */ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side ); @@ -207,17 +210,17 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypai * This is the second function used by a TLS client for ECDH(E) * ciphersuites. * + * \see ecp.h + * * \param ctx The ECDH context. * \param olen The number of Bytes written. * \param buf The destination buffer. * \param blen The size of the destination buffer. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, @@ -231,14 +234,14 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, * This is the second function used by a TLS server for ECDH(E) * ciphersuites. * + * \see ecp.h + * * \param ctx The ECDH context. * \param buf The start of the input buffer. * \param blen The length of the input buffer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, const unsigned char *buf, size_t blen ); @@ -249,21 +252,21 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * This is the last function used by both TLS client * and servers. * + * \note If \p f_rng is not NULL, it is used to implement + * countermeasures against potential elaborate timing + * attacks. For more information, see mbedtls_ecp_mul(). + * + * \see ecp.h + * * \param ctx The ECDH context. * \param olen The number of Bytes written. * \param buf The destination buffer. * \param blen The length of the destination buffer. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code - * on failure. - * - * \see ecp.h - * - * \note If \p f_rng is not NULL, it is used to implement - * countermeasures against potential elaborate timing - * attacks. For more information, see mbedtls_ecp_mul(). + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, From 817297fcd73e214cd5079d970725d1d4a9462b58 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 11:30:14 +0100 Subject: [PATCH 0868/1059] Update ecdsa.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *p_rng descriptions changed from "parameter" to "context". --- include/mbedtls/ecdsa.h | 179 ++++++++++++++++++++-------------------- 1 file changed, 91 insertions(+), 88 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index aa23d67f99..99c6d2e527 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -1,9 +1,10 @@ /** * \file ecdsa.h * - * \brief The Elliptic Curve Digital Signature Algorithm (ECDSA). + * \brief This file contains ECDSA definitions and functions. * - * ECDSA is defined in Standards for Efficient Cryptography Group (SECG): + * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in + * Standards for Efficient Cryptography Group (SECG): * SEC1 Elliptic Curve Cryptography. * The use of ECDSA for TLS is defined in RFC-4492: Elliptic Curve * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). @@ -69,6 +70,14 @@ extern "C" { * * \note The deterministic version is usually preferred. * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated + * as defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.3, step 5. + * + * \see ecp.h + * * \param grp The ECP group. * \param r The first output integer. * \param s The second output integer. @@ -76,18 +85,11 @@ extern "C" { * \param buf The message hash. * \param blen The length of \p buf. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated - * as defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX * or \c MBEDTLS_MPI_XXX error code on failure. - * - * \see ecp.h */ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, @@ -97,10 +99,19 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, /** * \brief This function computes the ECDSA signature of a * previously-hashed message, deterministic version. + * * For more information, see RFC-6979: Deterministic * Usage of the Digital Signature Algorithm (DSA) and Elliptic * Curve Digital Signature Algorithm (ECDSA). * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.3, step 5. + * + * \see ecp.h + * * \param grp The ECP group. * \param r The first output integer. * \param s The second output integer. @@ -109,17 +120,9 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, * \param blen The length of \p buf. * \param md_alg The MD algorithm used to hash the message. * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \return \c 0 on success, - * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * \return \c 0 on success. + * \return or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. - * - * \see ecp.h */ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, @@ -130,6 +133,14 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * \brief This function verifies the ECDSA signature of a * previously-hashed message. * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.4, step 3. + * + * \see ecp.h + * * \param grp The ECP group. * \param buf The message hash. * \param blen The length of \p buf. @@ -137,18 +148,10 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * \param r The first integer of the signature. * \param s The second integer of the signature. * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.4, step 3. - * - * \return \c 0 on success, - * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, - * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure for any other reason. - * - * \see ecp.h */ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, const unsigned char *buf, size_t blen, @@ -169,15 +172,6 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, * of the Digital Signature Algorithm (DSA) and Elliptic * Curve Digital Signature Algorithm (ECDSA). * - * \param ctx The ECDSA context. - * \param md_alg The message digest that was used to hash the message. - * \param hash The message hash. - * \param hlen The length of the hash. - * \param sig The buffer that holds the signature. - * \param slen The length of the signature written. - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. - * * \note The \p sig buffer must be at least twice as large as the * size of the curve used, plus 9. For example, 73 Bytes if * a 256-bit curve is used. A buffer length of @@ -189,11 +183,20 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, * (SECG): SEC1 Elliptic Curve Cryptography      , section * 4.1.3, step 5. * - * \return \c 0 on success, - * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or - * \c MBEDTLS_ERR_ASN1_XXX error code on failure. - * * \see ecp.h + * + * \param ctx The ECDSA context. + * \param md_alg The message digest that was used to hash the message. + * \param hash The message hash. + * \param hlen The length of the hash. + * \param sig The buffer that holds the signature. + * \param slen The length of the signature written. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or + * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, @@ -209,26 +212,17 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t #define MBEDTLS_DEPRECATED #endif /** - * \brief This function computes an ECDSA signature and writes it to a buffer, - * serialized as defined in RFC-4492: Elliptic Curve Cryptography - * (ECC) Cipher Suites for Transport Layer Security (TLS). + * \brief This function computes an ECDSA signature and writes + * it to a buffer, serialized as defined in RFC-4492: + * Elliptic Curve Cryptography (ECC) Cipher Suites for + * Transport Layer Security (TLS). * - * The deterministic version is defined in RFC-6979: - * Deterministic Usage of the Digital Signature Algorithm (DSA) and - * Elliptic Curve Digital Signature Algorithm (ECDSA). + * The deterministic version is defined in RFC-6979: + * Deterministic Usage of the Digital Signature Algorithm (DSA) + * and Elliptic Curve Digital Signature Algorithm (ECDSA). * * \warning It is not thread-safe to use the same context in * multiple threads. - - * - * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 - * - * \param ctx The ECDSA context. - * \param hash The Message hash. - * \param hlen The length of the hash. - * \param sig The buffer that holds the signature. - * \param slen The length of the signature written. - * \param md_alg The MD algorithm used to hash the message. * * \note The \p sig buffer must be at least twice as large as the * size of the curve used, plus 9. For example, 73 Bytes if a @@ -241,11 +235,20 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t * (SECG): SEC1 Elliptic Curve Cryptography, section * 4.1.3, step 5. * - * \return \c 0 on success, - * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or - * \c MBEDTLS_ERR_ASN1_XXX error code on failure. - * * \see ecp.h + * + * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 + * + * \param ctx The ECDSA context. + * \param hash The Message hash. + * \param hlen The length of the hash. + * \param sig The buffer that holds the signature. + * \param slen The length of the signature written. + * \param md_alg The MD algorithm used to hash the message. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or + * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, @@ -258,26 +261,26 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, /** * \brief This function reads and verifies an ECDSA signature. * - * \param ctx The ECDSA context. - * \param hash The message hash. - * \param hlen The size of the hash. - * \param sig The signature to read and verify. - * \param slen The size of \p sig. - * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated as * defined in Standards for Efficient Cryptography Group * (SECG): SEC1 Elliptic Curve Cryptography, section * 4.1.4, step 3. * - * \return \c 0 on success, - * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, - * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than \p siglen, - * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX - * error code on failure for any other reason. - * * \see ecp.h + * + * \param ctx The ECDSA context. + * \param hash The message hash. + * \param hlen The size of the hash. + * \param sig The signature to read and verify. + * \param slen The size of \p sig. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. + * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is + * valid but its actual length is less than \p siglen. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX + * error code on failure for any other reason. */ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, @@ -286,16 +289,16 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, /** * \brief This function generates an ECDSA keypair on the given curve. * + * \see ecp.h + * * \param ctx The ECDSA context to store the keypair in. * \param gid The elliptic curve to use. One of the various * \c MBEDTLS_ECP_DP_XXX macros depending on configuration. * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on - * failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); @@ -303,13 +306,13 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, /** * \brief This function sets an ECDSA context from an EC key pair. * + * \see ecp.h + * * \param ctx The ECDSA context to set. * \param key The EC key to use. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on - * failure. - * - * \see ecp.h + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ); From d8c4f61d266a70e07f8fe2a7e51aa967e324aa19 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 11:43:04 +0100 Subject: [PATCH 0869/1059] Update gcm.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Suggest to specify issue for each return code, where multiple failure return codes are listed. --- include/mbedtls/gcm.h | 61 +++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 1e5a507a26..88408c2cf4 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -1,9 +1,11 @@ /** * \file gcm.h * - * \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined - * in D. McGrew, J. Viega, The Galois/Counter Mode of Operation - * (GCM), Natl. Inst. Stand. Technol. + * \brief This file contains GCM definitions and functions. + * + * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined + * in D. McGrew, J. Viega, The Galois/Counter Mode of Operation + * (GCM), Natl. Inst. Stand. Technol. * * For more information on GCM, see NIST SP 800-38D: Recommendation for * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. @@ -91,7 +93,8 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); *
    • 192 bits
      • *
    • 256 bits
    * - * \return \c 0 on success, or a cipher specific error code. + * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, mbedtls_cipher_id_t cipher, @@ -101,15 +104,16 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, /** * \brief This function performs GCM encryption or decryption of a buffer. * - * \note For encryption, the output buffer can be the same as the input buffer. - * For decryption, the output buffer cannot be the same as input buffer. - * If the buffers overlap, the output buffer must trail at least 8 Bytes - * behind the input buffer. + * \note For encryption, the output buffer can be the same as the + * input buffer. For decryption, the output buffer cannot be + * the same as input buffer. If the buffers overlap, the output + * buffer must trail at least 8 Bytes behind the input buffer. * * \param ctx The GCM context to use for encryption or decryption. * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or * #MBEDTLS_GCM_DECRYPT. - * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param length The length of the input data. This must be a multiple of + * 16 except in the last call before mbedtls_gcm_finish(). * \param iv The initialization vector. * \param iv_len The length of the IV. * \param add The buffer holding the additional data. @@ -137,12 +141,13 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * \brief This function performs a GCM authenticated decryption of a * buffer. * - * \note For decryption, the output buffer cannot be the same as input buffer. - * If the buffers overlap, the output buffer must trail at least 8 Bytes - * behind the input buffer. + * \note For decryption, the output buffer cannot be the same as + * input buffer. If the buffers overlap, the output buffer + * must trail at least 8 Bytes behind the input buffer. * * \param ctx The GCM context. - * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param length The length of the input data. This must be a multiple + * of 16 except in the last call before mbedtls_gcm_finish(). * \param iv The initialization vector. * \param iv_len The length of the IV. * \param add The buffer holding the additional data. @@ -152,8 +157,8 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * \param input The buffer holding the input data. * \param output The buffer for holding the output data. * - * \return 0 if successful and authenticated, or - * #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. + * \return 0 if successful and authenticated. + * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. */ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t length, @@ -175,10 +180,12 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, * #MBEDTLS_GCM_DECRYPT. * \param iv The initialization vector. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data, or NULL if \p add_len is 0. - * \param add_len The length of the additional data. If 0, \p add is NULL. + * \param add The buffer holding the additional data, or NULL + * if \p add_len is 0. + * \param add_len The length of the additional data. If 0, + * \p add is NULL. * - * \return \c 0 on success. + * \return \c 0 on success. */ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, int mode, @@ -195,16 +202,18 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, * Bytes. Only the last call before calling * mbedtls_gcm_finish() can be less than 16 Bytes. * - * \note For decryption, the output buffer cannot be the same as input buffer. - * If the buffers overlap, the output buffer must trail at least 8 Bytes - * behind the input buffer. + * \note For decryption, the output buffer cannot be the same as + * input buffer. If the buffers overlap, the output buffer + * must trail at least 8 Bytes behind the input buffer. * * \param ctx The GCM context. - * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param length The length of the input data. This must be a multiple of + * 16 except in the last call before mbedtls_gcm_finish(). * \param input The buffer holding the input data. * \param output The buffer for holding the output data. * - * \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, size_t length, @@ -222,7 +231,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * \param tag The buffer for holding the tag. * \param tag_len The length of the tag to generate. Must be at least four. * - * \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, unsigned char *tag, @@ -251,7 +261,8 @@ extern "C" { /** * \brief The GCM checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_gcm_self_test( int verbose ); From 8c9c794518d27ef538308493666557a4807b7f74 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 11:52:58 +0100 Subject: [PATCH 0870/1059] Update md.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. --- include/mbedtls/md.h | 99 ++++++++++++++++++++++++-------------------- 1 file changed, 54 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 06538c3827..df2ab630b8 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -1,7 +1,7 @@ /** * \file md.h * - * \brief The generic message-digest wrapper. + * \brief This file contains the generic message-digest wrapper. * * \author Adriaan de Jong */ @@ -46,7 +46,7 @@ extern "C" { #endif /** - * \brief Enumeration of supported message digests + * \brief Supported message digests. * * \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and * their use constitutes a security risk. We recommend considering @@ -54,16 +54,16 @@ extern "C" { * */ typedef enum { - MBEDTLS_MD_NONE=0, - MBEDTLS_MD_MD2, - MBEDTLS_MD_MD4, - MBEDTLS_MD_MD5, - MBEDTLS_MD_SHA1, - MBEDTLS_MD_SHA224, - MBEDTLS_MD_SHA256, - MBEDTLS_MD_SHA384, - MBEDTLS_MD_SHA512, - MBEDTLS_MD_RIPEMD160, + MBEDTLS_MD_NONE=0, /**< None. */ + MBEDTLS_MD_MD2, /**< The MD2 message digest. */ + MBEDTLS_MD_MD4, /**< The MD4 message digest. */ + MBEDTLS_MD_MD5, /**< The MD5 message digest. */ + MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ + MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ + MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ + MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ + MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ + MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ } mbedtls_md_type_t; #if defined(MBEDTLS_SHA512_C) @@ -119,8 +119,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); * * \param md_type The type of digest to search for. * - * \return The message-digest information associated with \p md_type, - * or NULL if not found. + * \return The message-digest information associated with \p md_type. + * \return NULL if the associated message-digest information is not found. */ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); @@ -168,9 +168,9 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * \param md_info The information structure of the message-digest algorithm * to use. * - * \returns \c 0 on success, - * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, - * #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * \returns #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. */ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED @@ -187,12 +187,12 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ * \param ctx The context to set up. * \param md_info The information structure of the message-digest algorithm * to use. - * \param hmac
    • 0: HMAC is not used. Saves some memory.
      • - *
    • non-zero: HMAC is used with this context.
    + * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory), + * or non-zero: HMAC is used with this context. * - * \returns \c 0 on success, - * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, or - * #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * \returns #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure. */ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); @@ -212,8 +212,8 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf * \param dst The destination context. * \param src The context to be cloned. * - * \return \c 0 on success, - * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. */ int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ); @@ -260,8 +260,9 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); * * \param ctx The generic message-digest context. * - * \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); @@ -277,8 +278,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -296,8 +298,9 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si * \param ctx The generic message-digest context. * \param output The buffer for the generic message-digest checksum result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); @@ -315,8 +318,9 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \param ilen The length of the input data. * \param output The generic message-digest checksum result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output ); @@ -334,9 +338,9 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si * \param path The input file name. * \param output The generic message-digest checksum result. * - * \return \c 0 on success, - * #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, or - * #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. + * \return \c 0 on success. + * \returns #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ); @@ -356,8 +360,9 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, * \param key The HMAC secret key. * \param keylen The length of the HMAC key in Bytes. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ); @@ -377,8 +382,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -397,8 +403,9 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu * context. * \param output The generic HMAC checksum result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); @@ -413,8 +420,9 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); * \param ctx The message digest context containing an embedded HMAC * context. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); @@ -436,8 +444,9 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * \param ilen The length of the input data. * \param output The generic HMAC result. * - * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if - * parameter verification fails. + * \returns \c 0 on success. + * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification + * fails. */ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, From e8b5b99159bb6da2ce5bf88769758ea6c155bf42 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 12:19:47 +0100 Subject: [PATCH 0871/1059] Update rsa.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *p_rng descriptions changed from "parameter" to "context". --- include/mbedtls/rsa.h | 684 +++++++++++++++++++++--------------------- 1 file changed, 343 insertions(+), 341 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 5548f3c127..711329c520 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1,11 +1,12 @@ /** * \file rsa.h * - * \brief The RSA public-key cryptosystem. + * \brief This file contains RSA definitions and functions. * - * For more information, see Public-Key Cryptography Standards (PKCS) - * #1 v1.5: RSA Encryption and Public-Key Cryptography Standards - * (PKCS) #1 v2.1: RSA Cryptography Specifications. + * The RSA public-key cryptosystem is defined in Public-Key + * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption + * and Public-Key Cryptography Standards (PKCS) #1 v2.1: + * RSA Cryptography Specifications. * */ /* @@ -63,8 +64,8 @@ #define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */ #define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */ -#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS-1 v1.5 encoding. */ -#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS-1 v2.1 encoding. */ +#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ +#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ #define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */ #define MBEDTLS_RSA_CRYPT 2 /**< Identifier for RSA encryption and decryption operations. */ @@ -96,24 +97,24 @@ typedef struct int ver; /*!< Always 0.*/ size_t len; /*!< The size of \p N in Bytes. */ - mbedtls_mpi N; /*!< The public modulus. */ - mbedtls_mpi E; /*!< The public exponent. */ + mbedtls_mpi N; /*!< The public modulus. */ + mbedtls_mpi E; /*!< The public exponent. */ - mbedtls_mpi D; /*!< The private exponent. */ - mbedtls_mpi P; /*!< The first prime factor. */ - mbedtls_mpi Q; /*!< The second prime factor. */ + mbedtls_mpi D; /*!< The private exponent. */ + mbedtls_mpi P; /*!< The first prime factor. */ + mbedtls_mpi Q; /*!< The second prime factor. */ - mbedtls_mpi DP; /*!< \p D % (P - 1) */ - mbedtls_mpi DQ; /*!< \p D % (Q - 1) */ - mbedtls_mpi QP; /*!< 1 / (Q % P) */ + mbedtls_mpi DP; /*!< \p D % (P - 1) */ + mbedtls_mpi DQ; /*!< \p D % (Q - 1) */ + mbedtls_mpi QP; /*!< 1 / (Q % P) */ - mbedtls_mpi RN; /*!< cached R^2 mod \p N */ + mbedtls_mpi RN; /*!< cached R^2 mod \p N */ - mbedtls_mpi RP; /*!< cached R^2 mod \p P */ - mbedtls_mpi RQ; /*!< cached R^2 mod \p Q */ + mbedtls_mpi RP; /*!< cached R^2 mod \p P */ + mbedtls_mpi RQ; /*!< cached R^2 mod \p Q */ - mbedtls_mpi Vi; /*!< The cached blinding value. */ - mbedtls_mpi Vf; /*!< The cached un-blinding value. */ + mbedtls_mpi Vi; /*!< The cached blinding value. */ + mbedtls_mpi Vf; /*!< The cached un-blinding value. */ int padding; /*!< Selects padding mode: #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and @@ -134,12 +135,6 @@ mbedtls_rsa_context; * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP * encryption scheme and the RSASSA-PSS signature scheme. * - * \param ctx The RSA context to initialize. - * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or - * #MBEDTLS_RSA_PKCS_V21. - * \param hash_id The hash identifier of #mbedtls_md_type_t type, if - * \p padding is #MBEDTLS_RSA_PKCS_V21. - * * \note The \p hash_id parameter is ignored when using * #MBEDTLS_RSA_PKCS_V15 padding. * @@ -153,6 +148,12 @@ mbedtls_rsa_context; * encryption. For PSS signatures, it is always used for * making signatures, but can be overriden for verifying them. * If set to #MBEDTLS_MD_NONE, it is always overriden. + * + * \param ctx The RSA context to initialize. + * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or + * #MBEDTLS_RSA_PKCS_V21. + * \param hash_id The hash identifier of #mbedtls_md_type_t type, if + * \p padding is #MBEDTLS_RSA_PKCS_V21. */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, @@ -162,13 +163,6 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * \brief This function imports a set of core parameters into an * RSA context. * - * \param ctx The initialized RSA context to store the parameters in. - * \param N The RSA modulus, or NULL. - * \param P The first prime factor of \p N, or NULL. - * \param Q The second prime factor of \p N, or NULL. - * \param D The private exponent, or NULL. - * \param E The public exponent, or NULL. - * * \note This function can be called multiple times for successive * imports, if the parameters are not simultaneously present. * @@ -184,7 +178,15 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * \note The imported parameters are copied and need not be preserved * for the lifetime of the RSA context being set up. * - * \return \c 0 on success, or a non-zero error code on failure. + * \param ctx The initialized RSA context to store the parameters in. + * \param N The RSA modulus, or NULL. + * \param P The first prime factor of \p N, or NULL. + * \param Q The second prime factor of \p N, or NULL. + * \param D The private exponent, or NULL. + * \param E The public exponent, or NULL. + * + * \return \c 0 on success. + * \return A non-zero error code on failure. */ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, @@ -195,6 +197,21 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * \brief This function imports core RSA parameters, in raw big-endian * binary format, into an RSA context. * + * \note This function can be called multiple times for successive + * imports, if the parameters are not simultaneously present. + * + * Any sequence of calls to this function should be followed + * by a call to mbedtls_rsa_complete(), which checks and + * completes the provided information to a ready-for-use + * public or private RSA key. + * + * \note See mbedtls_rsa_complete() for more information on which + * parameters are necessary to set up a private or public + * RSA key. + * + * \note The imported parameters are copied and need not be preserved + * for the lifetime of the RSA context being set up. + * * \param ctx The initialized RSA context to store the parameters in. * \param N The RSA modulus, or NULL. * \param N_len The Byte length of \p N, ignored if \p N == NULL. @@ -207,22 +224,8 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * \param E The public exponent, or NULL. * \param E_len The Byte length of \p E, ignored if \p E == NULL. * - * \note This function can be called multiple times for successive - * imports, if the parameters are not simultaneously present. - * - * Any sequence of calls to this function should be followed - * by a call to mbedtls_rsa_complete(), which checks and - * completes the provided information to a ready-for-use - * public or private RSA key. - * - * \note See mbedtls_rsa_complete() for more information on which - * parameters are necessary to set up a private or public - * RSA key. - * - * \note The imported parameters are copied and need not be preserved - * for the lifetime of the RSA context being set up. - * - * \return \c 0 on success, or a non-zero error code on failure. + * \return \c 0 on success. + * \return A non-zero error code on failure. */ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char const *N, size_t N_len, @@ -250,17 +253,18 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * the RSA context can be used for RSA operations without * the risk of failure or crash. * - * \param ctx The initialized RSA context holding imported parameters. - * - * \return \c 0 on success, or #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the - * attempted derivations failed. - * * \warning This function need not perform consistency checks * for the imported parameters. In particular, parameters that * are not needed by the implementation might be silently * discarded and left unchecked. To check the consistency * of the key material, see mbedtls_rsa_check_privkey(). * + * \param ctx The initialized RSA context holding imported parameters. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations + * failed. + * */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); @@ -292,11 +296,11 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * \param D The MPI to hold the private exponent, or NULL. * \param E The MPI to hold the public exponent, or NULL. * - * \return \c 0 on success, - * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the * requested parameters cannot be done due to missing - * functionality or because of security policies, - * or a non-zero return code on any other failure. + * functionality or because of security policies. + * \return A non-zero return code on any other failure. * */ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, @@ -324,6 +328,9 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * If the function fails due to an unsupported operation, * the RSA context stays intact and remains usable. * + * \note The length fields are ignored if the corresponding + * buffer pointers are NULL. + * * \param ctx The initialized RSA context. * \param N The Byte array to store the RSA modulus, or NULL. * \param N_len The size of the buffer for the modulus. @@ -338,14 +345,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * \param E The Byte array to hold the public exponent, or NULL. * \param E_len The size of the buffer for the public exponent. * - * \note The length fields are ignored if the corresponding - * buffer pointers are NULL. - * - * \return \c 0 on success, - * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the * requested parameters cannot be done due to missing - * functionality or because of security policies, - * or a non-zero return code on any other failure. + * functionality or because of security policies. + * \return A non-zero return code on any other failure. */ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, @@ -357,16 +361,17 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, /** * \brief This function exports CRT parameters of a private RSA key. * + * \note Alternative RSA implementations not using CRT-parameters + * internally can implement this function based on + * mbedtls_rsa_deduce_opt(). + * * \param ctx The initialized RSA context. * \param DP The MPI to hold D modulo P-1, or NULL. * \param DQ The MPI to hold D modulo Q-1, or NULL. * \param QP The MPI to hold modular inverse of Q modulo P, or NULL. * - * \return \c 0 on success, non-zero error code otherwise. - * - * \note Alternative RSA implementations not using CRT-parameters - * internally can implement this function based on - * mbedtls_rsa_deduce_opt(). + * \return \c 0 on success. + * \return A non-zero error code on failure. * */ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, @@ -397,17 +402,17 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); /** * \brief This function generates an RSA keypair. * - * \param ctx The RSA context used to hold the key. - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. - * \param nbits The size of the public key in bits. - * \param exponent The public exponent. For example, 65537. - * * \note mbedtls_rsa_init() must be called before this function, * to set up the RSA context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - on failure. + * \param ctx The RSA context used to hold the key. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * \param nbits The size of the public key in bits. + * \param exponent The public exponent. For example, 65537. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -424,8 +429,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * * \param ctx The RSA context to check. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); @@ -434,11 +439,6 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * \brief This function checks if a context contains an RSA private key * and perform basic consistency checks. * - * \param ctx The RSA context to check. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code on - * failure. - * * \note The consistency checks performed by this function not only * ensure that mbedtls_rsa_private() can be called successfully * on the given context, but that the various parameters are @@ -465,6 +465,11 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * user to ensure the trustworthiness of the source of his RSA * parameters, which goes beyond what is effectively checkable * by the library. + * + * \param ctx The RSA context to check. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); @@ -476,8 +481,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * \param pub The RSA context holding the public key. * \param prv The RSA context holding the private key. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); @@ -485,13 +490,6 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, /** * \brief This function performs an RSA public key operation. * - * \param ctx The RSA context. - * \param input The input buffer. - * \param output The output buffer. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note This function does not handle message padding. * * \note Make sure to set \p input[0] = 0 or ensure that @@ -499,6 +497,13 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, * * \note The input and output buffers must be large * enough. For example, 128 Bytes if RSA-1024 is used. + * + * \param ctx The RSA context. + * \param input The input buffer. + * \param output The output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, const unsigned char *input, @@ -507,15 +512,6 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, /** * \brief This function performs an RSA private key operation. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for blinding. - * \param p_rng The RNG parameter. - * \param input The input buffer. - * \param output The output buffer. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The input and output buffers must be large * enough. For example, 128 Bytes if RSA-1024 is used. * @@ -530,6 +526,15 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * Future versions of the library may enforce the presence * of a PRNG. * + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for blinding. + * \param p_rng The RNG context. + * \param input The input buffer. + * \param output The output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. + * */ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -544,30 +549,29 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 encryption * operation using the \p mode from the context. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 - * encoding, and #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param ilen The length of the plaintext. - * \param input The buffer holding the data to encrypt. - * \param output The buffer used to hold the ciphertext. + * \note The input and output buffers must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 + * encoding, and #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ilen The length of the plaintext. + * \param input The buffer holding the data to encrypt. + * \param output The buffer used to hold the ciphertext. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The input and output buffers must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -580,29 +584,29 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for padding and - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param ilen The length of the plaintext. - * \param input The buffer holding the data to encrypt. - * \param output The buffer used to hold the ciphertext. + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \note The output buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for padding and + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param ilen The length of the plaintext. + * \param input The buffer holding the data to encrypt. + * \param output The buffer used to hold the ciphertext. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The output buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -615,10 +619,22 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 OAEP encryption * operation (RSAES-OAEP-ENCRYPT). * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \note The output buffer must be as large as the size + * of ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PUBLIC. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1 * encoding and #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param label The buffer holding the custom label to use. * \param label_len The length of the label. @@ -626,20 +642,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \param input The buffer holding the data to encrypt. * \param output The buffer used to hold the ciphertext. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The output buffer must be as large as the size - * of ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -657,27 +661,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 decryption * operation using the \p mode from the context. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer used to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N (for example, * 128 Bytes if RSA-1024 is used) to be able to hold an @@ -687,6 +670,28 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \note The input buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer used to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. + */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -700,27 +705,10 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 decryption * operation (RSAES-PKCS1-v1_5-DECRYPT). * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N, for example, * 128 Bytes if RSA-1024 is used, to be able to hold an @@ -730,6 +718,24 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \note The input buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. + * */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -740,31 +746,12 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t output_max_len ); /** - * \brief This function performs a PKCS#1 v2.1 OAEP decryption - * operation (RSAES-OAEP-DECRYPT). + * \brief This function performs a PKCS#1 v2.1 OAEP decryption + * operation (RSAES-OAEP-DECRYPT). * - * \param ctx The RSA context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param label The buffer holding the custom label to use. - * \param label_len The length of the label. - * \param olen The length of the plaintext. - * \param input The buffer holding the encrypted data. - * \param output The buffer to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N, for @@ -776,6 +763,25 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \note The input buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param label The buffer holding the custom label to use. + * \param label_len The length of the label. + * \param olen The length of the plaintext. + * \param input The buffer holding the encrypted data. + * \param output The buffer to hold the plaintext. + * \param output_max_len The maximum length of the output buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -794,35 +800,35 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 * signature using the \p mode from the context. * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer to hold the ciphertext. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 if the signing operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_sign() for details on * \p md_alg and \p hash_id. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer to hold the ciphertext. + * + * \return \c 0 if the signing operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -837,9 +843,21 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 signature * operation (RSASSA-PKCS1-v1_5-SIGN). * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. @@ -847,21 +865,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \param hash The buffer holding the message digest. * \param sig The buffer to hold the ciphertext. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 if the signing operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 if the signing operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -876,30 +881,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 PSS signature * operation (RSASSA-PSS-SIGN). * - * \param ctx The RSA context. - * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for - * #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer to hold the ciphertext. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 if the signing operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -909,6 +894,25 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography * Specifications it is advised to keep both hashes the * same. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PRIVATE. + * + * \param ctx The RSA context. + * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for + * #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer to hold the ciphertext. + * + * \return \c 0 if the signing operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -926,35 +930,34 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * This is the generic wrapper for performing a PKCS#1 * verification using the mode from the context. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer holding the ciphertext. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 if the verify operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and * \p hash_id. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * set to #MBEDTLS_RSA_PUBLIC. + * + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer holding the ciphertext. + * + * \return \c 0 if the verify operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -969,9 +972,21 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * + * \note The \p sig buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * set to #MBEDTLS_RSA_PUBLIC. + * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. @@ -979,21 +994,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \param hash The buffer holding the message digest. * \param sig The buffer holding the ciphertext. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * - * \return \c 0 if the verify operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * - * \note The \p sig buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \return \c 0 if the verify operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1011,29 +1013,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * The hash function for the MGF mask generating function * is that specified in the RSA context. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param sig The buffer holding the ciphertext. - * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PUBLIC. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PRIVATE and might instead * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return \c 0 if the verify operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -1044,6 +1027,24 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Specifications it is advised to keep both hashes the * same. If \p hash_id in the RSA context is unset, * the \p md_alg from the function call is used. + * + * \deprecated It is deprecated and discouraged to call this function + * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library + * are likely to remove the \p mode argument and have it + * implicitly set to #MBEDTLS_RSA_PUBLIC. + * + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param sig The buffer holding the ciphertext. + * + * \return \c 0 if the verify operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1061,27 +1062,27 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * The hash function for the MGF mask generating function * is that specified in \p mgf1_hash_id. * - * \param ctx The RSA public key context. - * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. - * \param p_rng The RNG parameter. - * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. - * \param md_alg The message-digest algorithm used to hash the original data. - * Use #MBEDTLS_MD_NONE for signing raw data. - * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE. - * \param hash The buffer holding the message digest. - * \param mgf1_hash_id The message digest used for mask generation. - * \param expected_salt_len The length of the salt used in padding. Use - * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. - * \param sig The buffer holding the ciphertext. - * - * \return \c 0 if the verify operation was successful, - * or an \c MBEDTLS_ERR_RSA_XXX error code - * on failure. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \note The \p hash_id in the RSA context is ignored. + * + * \param ctx The RSA public key context. + * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. + * \param p_rng The RNG context. + * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE. + * \param md_alg The message-digest algorithm used to hash the original data. + * Use #MBEDTLS_MD_NONE for signing raw data. + * \param hashlen The length of the message digest. Only used if \p md_alg is + * #MBEDTLS_MD_NONE. + * \param hash The buffer holding the message digest. + * \param mgf1_hash_id The message digest used for mask generation. + * \param expected_salt_len The length of the salt used in padding. Use + * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length. + * \param sig The buffer holding the ciphertext. + * + * \return \c 0 if the verify operation was successful. + * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1100,8 +1101,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, * \param dst The destination context. * \param src The source context. * - * \return \c 0 on success, - * #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); @@ -1127,7 +1128,8 @@ extern "C" { /** * \brief The RSA checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_rsa_self_test( int verbose ); From 8274142e45bb14a116a55f11388c099c3981b91f Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 12:49:48 +0100 Subject: [PATCH 0872/1059] Update sha1.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Applied previous function documentation improvements to depracated functions. --- include/mbedtls/sha1.h | 140 ++++++++++++++++++++++------------------- 1 file changed, 75 insertions(+), 65 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 05540cde12..4a43c01015 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -1,7 +1,10 @@ /** * \file sha1.h * - * \brief The SHA-1 cryptographic hash function. + * \brief This file contains SHA-1 definitions and functions. + * + * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in + * FIPS 180-4: Secure Hash Standard (SHS). * * \warning SHA-1 is considered a weak message digest and its use constitutes * a security risk. We recommend considering stronger message @@ -66,37 +69,37 @@ mbedtls_sha1_context; /** * \brief This function initializes a SHA-1 context. * - * \param ctx The SHA-1 context to initialize. - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context to initialize. + * */ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); /** * \brief This function clears a SHA-1 context. * - * \param ctx The SHA-1 context to clear. - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context to clear. + * */ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); /** * \brief This function clones the state of a SHA-1 context. * - * \param dst The destination context. - * \param src The context to clone. - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param dst The destination context. + * \param src The context to clone. + * */ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, const mbedtls_sha1_context *src ); @@ -104,14 +107,14 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /** * \brief This function starts a SHA-1 checksum calculation. * - * \param ctx The context to initialize. - * - * \return \c 0 if successful - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The context to initialize. + * + * \return \c 0 on success. + * */ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); @@ -119,16 +122,15 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * \brief This function feeds an input buffer into an ongoing SHA-1 * checksum calculation. * - * \param ctx The SHA-1 context. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. - * - * \return \c 0 if successful - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * + * \return \c 0 on success. */ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, @@ -138,31 +140,30 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * \brief This function finishes the SHA-1 operation, and writes * the result to the output buffer. * - * \param ctx The SHA-1 context. - * \param output The SHA-1 checksum result. - * - * \return \c 0 if successful - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context. + * \param output The SHA-1 checksum result. + * + * \return \c 0 on success. */ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ); /** - * \brief SHA-1 process data block (internal use only) - * - * \param ctx SHA-1 context - * \param data The data block being processed. - * - * \return \c 0 if successful + * \brief SHA-1 process data block (internal use only). * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \param ctx The SHA-1 context. + * \param data The data block being processed. + * + * \return \c 0 on success. + * */ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); @@ -174,65 +175,67 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief SHA-1 context setup - * - * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0 - * - * \param ctx The SHA-1 context to be initialized. + * \brief This function starts a SHA-1 checksum calculation. * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0. + * + * \param ctx The context to initialize. + * */ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); /** - * \brief SHA-1 process buffer - * - * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0 - * - * \param ctx The SHA-1 context. - * \param input The buffer holding the input data. - * \param ilen The length of the input data. + * \brief This function feeds an input buffer into an ongoing SHA-1 + * checksum calculation. * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0. + * + * \param ctx The SHA-1 context. + * \param input The buffer holding the input data. + * \param ilen The length of the input data. + * */ MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief SHA-1 final digest - * - * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0 - * - * \param ctx The SHA-1 context. - * \param output The SHA-1 checksum result. + * \brief This function finishes the SHA-1 operation, and writes + * the result to the output buffer. * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0. + * + * \param ctx The SHA-1 context. + * \param output The SHA-1 checksum result. + * */ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ); /** - * \brief SHA-1 process data block (internal use only) - * - * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0 - * - * \param ctx The SHA-1 context. - * \param data The data block being processed. + * \brief SHA-1 process data block (internal use only). * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0. + * + * \param ctx The SHA-1 context. + * \param data The data block being processed. + * */ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); @@ -261,15 +264,15 @@ extern "C" { * The SHA-1 result is calculated as * output = SHA-1(input buffer). * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * * \param input The buffer holding the input data. * \param ilen The length of the input data. * \param output The SHA-1 checksum result. * - * \return \c 0 if successful - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. + * \return \c 0 on success. * */ int mbedtls_sha1_ret( const unsigned char *input, @@ -283,7 +286,17 @@ int mbedtls_sha1_ret( const unsigned char *input, #define MBEDTLS_DEPRECATED #endif /** - * \brief Output = SHA-1( input buffer ) +* \brief This function calculates the SHA-1 checksum of a buffer. + * + * The function allocates the context, performs the + * calculation, and frees the context. + * + * The SHA-1 result is calculated as + * output = SHA-1(input buffer). + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. * * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0 * @@ -291,10 +304,6 @@ int mbedtls_sha1_ret( const unsigned char *input, * \param ilen The length of the input data. * \param output The SHA-1 checksum result. * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * */ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, size_t ilen, @@ -306,12 +315,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, /** * \brief The SHA-1 checkup routine. * - * \return \c 0 on success, or \c 1 on failure. - * * \warning SHA-1 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * + * \return \c 0 on success. + * \return \c 1 on failure. + * */ int mbedtls_sha1_self_test( int verbose ); From bde68b48d4a4754096bf6ddf873c2a363db182b1 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 12:59:13 +0100 Subject: [PATCH 0873/1059] Update sha256.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *Removed bullets from parameter descriptions. --- include/mbedtls/sha256.h | 47 ++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index ffb16c277a..7affb1be84 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -1,7 +1,10 @@ /** * \file sha256.h * - * \brief The SHA-224 and SHA-256 cryptographic hash function. + * \brief This file contains SHA-224 and SHA-256 definitions and functions. + * + * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic + * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS). */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -55,9 +58,8 @@ typedef struct uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[64]; /*!< The data block being processed. */ - int is224; /*!< Determines which function to use. -
    • 0: Use SHA-256.
      • -
    • 1: Use SHA-224.
    */ + int is224; /*!< Determines which function to use: + 0: Use SHA-256, or 1: Use SHA-224. */ } mbedtls_sha256_context; @@ -89,9 +91,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * calculation. * * \param ctx The context to initialize. - * \param is224 Determines which function to use. - *
    • 0: Use SHA-256.
      • - *
    • 1: Use SHA-224.
    + * \param is224 Determines which function to use: + * 0: Use SHA-256, or 1: Use SHA-224. * * \return \c 0 on success. */ @@ -101,9 +102,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \brief This function feeds an input buffer into an ongoing * SHA-256 checksum calculation. * - * \param ctx SHA-256 context - * \param input buffer holding the data - * \param ilen length of the input data + * \param ctx The SHA-256 context to initialize. + * \param input The buffer holding the data. + * \param ilen The length of the input data. * * \return \c 0 on success. */ @@ -143,14 +144,15 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief This function starts a SHA-256 checksum calculation. + * \brief This function starts a SHA-224 or SHA-256 checksum + * calculation. + * * * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0. * - * \param ctx The SHA-256 context to initialize. - * \param is224 Determines which function to use. - *
    • 0: Use SHA-256.
      • - *
    • 1: Use SHA-224.
    + * \param ctx The context to initialize. + * \param is224 Determines which function to use: + * 0: Use SHA-256, or 1: Use SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); @@ -176,7 +178,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0. * * \param ctx The SHA-256 context. - * \param output The SHA-224or SHA-256 checksum result. + * \param output The SHA-224 or SHA-256 checksum result. */ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); @@ -221,9 +223,8 @@ extern "C" { * \param input The buffer holding the input data. * \param ilen The length of the input data. * \param output The SHA-224 or SHA-256 checksum result. - * \param is224 Determines which function to use. - *
    • 0: Use SHA-256.
      • - *
    • 1: Use SHA-224.
    + * \param is224 Determines which function to use: + * 0: Use SHA-256, or 1: Use SHA-224. */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, @@ -252,9 +253,8 @@ int mbedtls_sha256_ret( const unsigned char *input, * \param input The buffer holding the data. * \param ilen The length of the input data. * \param output The SHA-224 or SHA-256 checksum result. - * \param is224 Determines which function to use. - *
    • 0: Use SHA-256.
      • - *
    • 1: Use SHA-224.
    + * \param is224 Determines which function to use: + * 0: Use SHA-256, or 1: Use SHA-224. */ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, size_t ilen, @@ -267,7 +267,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, /** * \brief The SHA-224 and SHA-256 checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_sha256_self_test( int verbose ); From 1a6275ad6269c4c511a31c62da2fe5f9b217ec2e Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 13:03:42 +0100 Subject: [PATCH 0874/1059] Update sha512.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Removed bullets from parameter descriptions. --- include/mbedtls/sha512.h | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 8404a2d599..ee88fcf31f 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -1,7 +1,9 @@ /** * \file sha512.h + * \brief This file contains SHA-384 and SHA-512 definitions and functions. * - * \brief The SHA-384 and SHA-512 cryptographic hash function. + * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic + * hash functions are defined in FIPS 180-4: Secure Hash Standard (SHS). */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -55,9 +57,8 @@ typedef struct uint64_t total[2]; /*!< The number of Bytes processed. */ uint64_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[128]; /*!< The data block being processed. */ - int is384; /*!< Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    */ + int is384; /*!< Determines which function to use: + 0: Use SHA-512, or 1: Use SHA-384. */ } mbedtls_sha512_context; @@ -89,9 +90,8 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * calculation. * * \param ctx The SHA-512 context to initialize. - * \param is384 Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    + * \param is384 Determines which function to use: + * 0: Use SHA-512, or 1: Use SHA-384. * * \return \c 0 on success. */ @@ -148,9 +148,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0 * * \param ctx The SHA-512 context to initialize. - * \param is384 Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    + * \param is384 Determines which function to use: + * 0: Use SHA-512, or 1: Use SHA-384. */ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); @@ -159,7 +158,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, * \brief This function feeds an input buffer into an ongoing * SHA-512 checksum calculation. * - * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0 + * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0. * * \param ctx The SHA-512 context. * \param input The buffer holding the data. @@ -173,7 +172,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, * \brief This function finishes the SHA-512 operation, and writes * the result to the output buffer. * - * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0 + * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0. * * \param ctx The SHA-512 context. * \param output The SHA-384 or SHA-512 checksum result. @@ -186,7 +185,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, * the ongoing SHA-512 computation. This function is for * internal use only. * - * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0 + * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0. * * \param ctx The SHA-512 context. * \param data The buffer holding one block of data. @@ -223,9 +222,8 @@ extern "C" { * \param input The buffer holding the input data. * \param ilen The length of the input data. * \param output The SHA-384 or SHA-512 checksum result. - * \param is384 Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    + * \param is384 Determines which function to use: + * 0: Use SHA-512, or 1: Use SHA-384. * * \return \c 0 on success. */ @@ -255,9 +253,8 @@ int mbedtls_sha512_ret( const unsigned char *input, * \param input The buffer holding the data. * \param ilen The length of the input data. * \param output The SHA-384 or SHA-512 checksum result. - * \param is384 Determines which function to use. - *
    • 0: Use SHA-512.
      • - *
    • 1: Use SHA-384.
    + * \param is384 Determines which function to use: + * 0: Use SHA-512, or 1: Use SHA-384. */ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, size_t ilen, @@ -269,7 +266,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, /** * \brief The SHA-384 or SHA-512 checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_sha512_self_test( int verbose ); From 4bca2b0ccd33a8c31b691d7514ee18e6e9d4acca Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 27 Mar 2018 13:12:52 +0100 Subject: [PATCH 0875/1059] Update platform.h Minor documentation improvements: *Standardized file brief description. *Reordered tags within documentation blocks so that params and returns are last in block. *Some minor rephrasing. --- include/mbedtls/platform.h | 55 ++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index ed10775848..65ae85c190 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -1,7 +1,8 @@ /** * \file platform.h * - * \brief The Mbed TLS platform abstraction layer. + * \brief This file contains the definitions and functions of the + * Mbed TLS platform abstraction layer. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -102,7 +103,7 @@ extern "C" { /* \} name SECTION: Module settings */ /* - * The function pointers for calloc and free + * The function pointers for calloc and free. */ #if defined(MBEDTLS_PLATFORM_MEMORY) #if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \ @@ -116,7 +117,8 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size ); extern void (*mbedtls_free)( void *ptr ); /** - * \brief This function allows configuring custom memory-management functions. + * \brief This function allows configuring custom + * memory-management functions. * * \param calloc_func The \c calloc function implementation. * \param free_func The \c free function implementation. @@ -140,7 +142,8 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); /** - * \brief This function allows configuring a custom \p fprintf function pointer. + * \brief This function allows configuring a custom + * \p fprintf function pointer. * * \param fprintf_func The \c fprintf function implementation. * @@ -163,8 +166,8 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char extern int (*mbedtls_printf)( const char *format, ... ); /** - * \brief This function allows configuring a custom \c printf function - * pointer. + * \brief This function allows configuring a custom \c printf + * function pointer. * * \param printf_func The \c printf function implementation. * @@ -197,12 +200,12 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ); extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); /** - * \brief This function allows configuring a custom \c snprintf function - * pointer. + * \brief This function allows configuring a custom + * \c snprintf function pointer. * * \param snprintf_func The \c snprintf function implementation. * - * \return \c 0 on success. + * \return \c 0 on success. */ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, const char * format, ... ) ); @@ -221,12 +224,12 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, extern void (*mbedtls_exit)( int status ); /** - * \brief This function allows configuring a custom \c exit function - * pointer. + * \brief This function allows configuring a custom + * \c exit function pointer. * * \param exit_func The \c exit function implementation. * - * \return \c 0 on success. + * \return \c 0 on success. */ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #else @@ -302,7 +305,7 @@ int mbedtls_platform_set_nv_seed( * setup or teardown operations. */ typedef struct { - char dummy; /**< Placeholder member, as empty structs are not portable. */ + char dummy; /**< A placeholder member, as empty structs are not portable. */ } mbedtls_platform_context; @@ -311,33 +314,33 @@ mbedtls_platform_context; #endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** - * \brief This function performs any platform initialization operations. + * \brief This function performs any platform-specific initialization operations. + * + * \note This function should be called before any other library functions. + * + * Its implementation is platform-specific, and unless + * platform-specific code is provided, it does nothing. + * + * \note The usage and necessity of this function is dependent on the platform. * * \param ctx The Mbed TLS context. * * \return \c 0 on success. - * - * \note This function is intended to allow platform-specific initialization, - * and should be called before any other library functions. Its - * implementation is platform-specific, and unless - * platform-specific code is provided, it does nothing. - * - * Its use and whether it is necessary to call it is dependent on the - * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** * \brief This function performs any platform teardown operations. * - * \param ctx The Mbed TLS context. - * * \note This function should be called after every other Mbed TLS module * has been correctly freed using the appropriate free function. + * * Its implementation is platform-specific, and unless * platform-specific code is provided, it does nothing. * - * Its use and whether it is necessary to call it is dependent on the - * platform. + * \note The usage and necessity of this function is dependent on the platform. + * + * \param ctx The Mbed TLS context. + * */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From de420a47b63d838403f029b80b9490e574300fad Mon Sep 17 00:00:00 2001 From: Deomid Ryabkov Date: Sun, 27 Nov 2016 14:50:06 +0000 Subject: [PATCH 0876/1059] Fix some test deps * Cert revocation tests require `MBEDTLS_HAVE_TIME_DATE`. * Verison features tests require... well, `MBEDTLS_VERSION_FEATURES`, actually. Fixes https://github.com/ARMmbed/mbedtls/issues/1475 --- tests/suites/test_suite_version.function | 2 +- tests/suites/test_suite_x509parse.data | 58 ++++++++++++------------ 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function index 37144ca405..a4847f92c5 100644 --- a/tests/suites/test_suite_version.function +++ b/tests/suites/test_suite_version.function @@ -64,7 +64,7 @@ void check_runtime_version( char *version_str ) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_VERSION_FEATURES */ void check_feature( char *feature, int result ) { int check = mbedtls_version_check_feature( feature ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 8db07bdc3c..406cf59313 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -364,47 +364,47 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED: mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1 X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #2 (Revoked Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #2a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #4 (Valid Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 Certificate verification #4a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #5 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #6 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #7 (Revoked Cert, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 Certificate verification #8 (Valid Cert) @@ -412,19 +412,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #8a (Expired Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #8b (Future Cert) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #8c (Expired Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #8d (Future Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #9 (Not trusted Cert) @@ -540,7 +540,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #35 (Revoked, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest) @@ -652,7 +652,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C: x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) @@ -712,19 +712,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED: x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #77 (multiple CRLs, revoked) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #78 (multiple CRLs, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #79 (multiple CRLs, revoked by future) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 Certificate verification #80 (multiple CRLs, first future, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 Certificate verification #81 (multiple CRLs, none relevant) @@ -748,11 +748,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED: x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 Certificate verification #86 (Not yet valid CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 Certificate verification #87 (Expired CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 Certificate verification #88 (Spurious cert in the chain) @@ -808,7 +808,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n" X509 Certificate verification callback: trusted EE cert, expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: simple @@ -816,11 +816,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 Certificate verification callback: simple, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: simple, root expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two trusted roots @@ -848,15 +848,15 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 Certificate verification callback: intermediate ca, int expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: intermediate ca, root expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 Certificate verification callback: two intermediates From 783cb06e051b2d3f992147b1fbc8d103cbb80286 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Mar 2018 16:49:04 +0100 Subject: [PATCH 0877/1059] Remove duplicate test in all.sh --- tests/scripts/all.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 49b1653bda..d0dc8d67c3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -462,12 +462,6 @@ cleanup make SHARED=1 all check fi -if uname -a | grep -F Linux >/dev/null; then -msg "build/test: make shared" # ~ 40s -cleanup -make SHARED=1 all check -fi - if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup From 4c1dc3c2a4144696752091116c86279e24f148dd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Mar 2018 16:52:03 +0100 Subject: [PATCH 0878/1059] Improve documentation of MBEDTLS_AES_ROM_TABLES --- include/mbedtls/config.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 94e3efbc01..65d6ba8a22 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -386,9 +386,10 @@ * Uncomment this macro to use precomputed AES tables stored in ROM. * Comment this macro to generate AES tables in RAM at runtime. * - * Tradeoff: Using precomputed ROM tables reduces the time to setup - * an AES context but comes at the cost of additional ~8kb ROM use - * (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used). + * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb + * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the + * the time to setup an AES context. It comes at the cost of additional + * ~8kb ROM use (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used). * * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * From 98a678674bb8e922de057c3652f2173ca0372605 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Mar 2018 17:10:09 +0100 Subject: [PATCH 0879/1059] Adapt changes to all.sh to work with --keep-going mode --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d0dc8d67c3..3441ae048a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -432,7 +432,7 @@ msg "build: default config with AES_FEWER_TABLES enabled" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES -CC=gcc CFLAGS='-Werror -Wall -Wextra' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES" make test @@ -441,7 +441,7 @@ msg "build: default config with AES_ROM_TABLES enabled" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_ROM_TABLES -CC=gcc CFLAGS='-Werror -Wall -Wextra' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra' msg "test: AES_ROM_TABLES" make test @@ -451,7 +451,7 @@ cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_AES_FEWER_TABLES scripts/config.pl set MBEDTLS_AES_ROM_TABLES -CC=gcc CFLAGS='-Werror -Wall -Wextra' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" make test From 79e7789d4468ab12ee3ff4acdc3a9e7fe4238db0 Mon Sep 17 00:00:00 2001 From: Andy Leiserson Date: Fri, 28 Apr 2017 20:01:49 -0700 Subject: [PATCH 0880/1059] return plaintext data faster on unpadded decryption --- library/cipher.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index ff0327380c..7369f48230 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -325,8 +325,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * If there is not enough data for a full block, cache it. */ - if( ( ctx->operation == MBEDTLS_DECRYPT && + if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && ilen <= block_size - ctx->unprocessed_len ) || + ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && + ilen < block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && ilen < block_size - ctx->unprocessed_len ) ) { @@ -372,9 +374,17 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; } + /* Encryption: only cache partial blocks + * Decryption w/ padding: always keep at least one whole block + * Decryption w/o padding: only cache partial blocks + */ copy_len = ilen % block_size; - if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) + if( copy_len == 0 && + ctx->operation == MBEDTLS_DECRYPT && + NULL != ctx->add_padding) + { copy_len = block_size; + } memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len ); From d1b1788b40ef8dd5e3393a32eea439a68f9fc6a1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 19:14:24 +0100 Subject: [PATCH 0881/1059] Improve ChangeLog for DLEXT and AR_DASH changes --- ChangeLog | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4985bcc1a6..cd6ca5557f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,10 +10,11 @@ Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. * Support cmake build where Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and Arne Schwabe. - * Allow configuring the prefix operator for the archiver tool when compiling - the library using the makefile. Found and fixed by Alex Hixon. + * Add an option in the makefile to support ar utilities where the operation + letter must not be prefixed by '-', such as LLVM. Found and fixed by + Alex Hixon. * Allow configuring the shared library extension by setting the DLEXT - variable when using the project makefile. + environment variable when using the project makefiles. = mbed TLS 2.8.0 branch released 2018-03-16 From 420f0ccdfd97fdba2047c3f219a3dfbdc5c2f6a0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 19:17:21 +0100 Subject: [PATCH 0882/1059] Make DLEXT var configurable in programs and tests makefiles --- programs/Makefile | 2 +- tests/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 443689b1bc..25f184f8c3 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -35,7 +35,7 @@ ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif else -DLEXT=so +DLEXT ?= so EXEXT= SHARED_SUFFIX= endif diff --git a/tests/Makefile b/tests/Makefile index 4787f25085..d85617fdca 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -35,7 +35,7 @@ ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif else -DLEXT=so +DLEXT ?= so EXEXT= SHARED_SUFFIX= endif From 79db933fb605e5d3594a42c162b7a6eb9f3de3a7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 19:57:58 +0100 Subject: [PATCH 0883/1059] Fix shared library lookup on Mac OS X when running tests --- tests/scripts/run-test-suites.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 1f73a545e7..7e2974bbcd 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -41,6 +41,7 @@ die "$0: no test suite found\n" unless @suites; # in case test suites are linked dynamically $ENV{'LD_LIBRARY_PATH'} = '../library'; +$ENV{'DYLD_LIBRARY_PATH'} = '../library'; my $prefix = $^O eq "MSWin32" ? '' : './'; From 8a0dfacb58d7a3600f66b319bdc0661fb19ad5a9 Mon Sep 17 00:00:00 2001 From: Marcos Del Sol Vives Date: Sun, 6 Nov 2016 12:22:25 +0100 Subject: [PATCH 0884/1059] Compile PBES2 in PKCS5 only if ASN1 is enabled --- library/pkcs5.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/library/pkcs5.c b/library/pkcs5.c index 95f44fa98b..6a5128a849 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -38,11 +38,13 @@ #if defined(MBEDTLS_PKCS5_C) #include "mbedtls/pkcs5.h" +#include + +#if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" #include "mbedtls/oid.h" - -#include +#endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -51,6 +53,22 @@ #define mbedtls_printf printf #endif +#if !defined(MBEDTLS_ASN1_PARSE_C) +int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output ) +{ + ((void) pbe_params); + ((void) mode); + ((void) pwd); + ((void) pwdlen); + ((void) data); + ((void) datalen); + ((void) output); + return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); +} +#else static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, int *keylen, mbedtls_md_type_t *md_type ) @@ -211,6 +229,7 @@ exit: return( ret ); } +#endif /* MBEDTLS_ASN1_PARSE_C */ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, From af9a486b0138709bea86b53c116faa457d96754f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 20:53:07 +0100 Subject: [PATCH 0885/1059] Fix coding style in pkcs5.c preprocessor directives --- library/pkcs5.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/pkcs5.c b/library/pkcs5.c index 6a5128a849..440a174b5b 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -38,13 +38,14 @@ #if defined(MBEDTLS_PKCS5_C) #include "mbedtls/pkcs5.h" -#include #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" #include "mbedtls/oid.h" -#endif +#endif /* MBEDTLS_ASN1_PARSE_C */ + +#include #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" From 576d47470468759739fd086a026208eb294892cb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 20:53:56 +0100 Subject: [PATCH 0886/1059] Fix test dependencies of pkcs5 pbs2 on asn1 parse --- tests/suites/test_suite_pkcs5.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 3ad64805fd..98546cb731 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -46,7 +46,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */ void mbedtls_pkcs5_pbes2( int params_tag, char *params_hex, char *pw_hex, char *data_hex, int ref_ret, char *ref_out_hex ) { From cb47a79e0422c3cda9c3915076dc4a11fa756acf Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Mar 2018 21:19:50 +0100 Subject: [PATCH 0887/1059] Add ChangeLog entry for PBES2 when ASN1 disabled --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index c0759b2b25..77f3f85071 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. * Support cmake build where Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and Arne Schwabe. + * Provide an empty implementation of mbedtls_pkcs5_pbes2() when + MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 + without PBES2. Fixed by Marcos Del Sol Vives. = mbed TLS 2.8.0 branch released 2018-03-16 From f69ad5a898fae494992d974f4f3a245ea3e30afd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Mar 2018 23:08:53 +0200 Subject: [PATCH 0888/1059] Add ChangeLog entry Fixes #1299. Fixes #1475. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 453364454e..b6e8929787 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,9 @@ Bugfix * Add missing dependencies in test suites that led to build failures in configurations that omit certain hashes or public-key algorithms. Fixes #1040. + * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and + MBEDTLS_VERSION_FEATURES in test suites. Contributed by Deomid Ryabkov. + Fixes #1299, #1475. Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. From 6c563fa7cd97a2d4af5424bc562c591ec55758a5 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 27 Mar 2018 19:16:17 -0700 Subject: [PATCH 0889/1059] Add tests for "return plaintext data faster on unpadded decryption" --- ChangeLog | 2 + tests/suites/test_suite_cipher.aes.data | 514 ++++++++++--------- tests/suites/test_suite_cipher.arc4.data | 22 +- tests/suites/test_suite_cipher.blowfish.data | 66 +-- tests/suites/test_suite_cipher.camellia.data | 110 ++-- tests/suites/test_suite_cipher.des.data | 66 +-- tests/suites/test_suite_cipher.function | 25 +- tests/suites/test_suite_cipher.gcm.data | 96 ++-- tests/suites/test_suite_cipher.null.data | 20 +- 9 files changed, 483 insertions(+), 438 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5f5fdd27c3..49eaef7447 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,8 @@ Changes * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. + * Return plaintext data sooner on unpadded decryption. Contributed by Andy + Leiserson. #1180 = mbed TLS 2.8.0 branch released 2018-03-16 diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 4a878ecc8c..e8e9a155c2 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -2,765 +2,789 @@ Decrypt empty buffer depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 dec_empty_buf: -AES Encrypt and decrypt 0 bytes +AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:-1 -AES Encrypt and decrypt 1 byte +AES-128 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:-1 -AES Encrypt and decrypt 2 bytes +AES-128 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:-1 -AES Encrypt and decrypt 7 bytes +AES-128 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:-1 -AES Encrypt and decrypt 8 bytes +AES-128 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:-1 -AES Encrypt and decrypt 9 bytes +AES-128 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:-1 -AES Encrypt and decrypt 15 bytes +AES-128 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:-1 -AES Encrypt and decrypt 16 bytes +AES-128 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:-1 -AES Encrypt and decrypt 17 bytes +AES-128 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:-1 -AES Encrypt and decrypt 31 bytes +AES-128 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:-1 -AES Encrypt and decrypt 33 bytes +AES-128 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:-1 -AES Encrypt and decrypt 47 bytes +AES-128 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:-1 -AES Encrypt and decrypt 48 bytes +AES-128 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:-1 -AES Encrypt and decrypt 49 bytes +AES-128 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:-1 -AES Encrypt and decrypt 0 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 0 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 1 byte with one and zeros padding +AES-128 CBC - Encrypt and decrypt 1 byte with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 2 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 2 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 7 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 7 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 8 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 8 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 9 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 9 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 15 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 15 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 16 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 16 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 17 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 17 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 31 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 31 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 32 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 32 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 33 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 33 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 47 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 47 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 48 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 48 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 49 bytes with one and zeros padding +AES-128 CBC - Encrypt and decrypt 49 bytes with one and zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS -AES Encrypt and decrypt 0 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 0 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 1 byte with zeros and len padding +AES-128 CBC - Encrypt and decrypt 1 byte with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 2 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 2 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 7 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 7 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 8 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 8 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 9 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 9 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 15 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 15 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 16 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 16 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 17 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 17 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 31 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 31 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 32 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 32 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 33 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 33 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 47 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 47 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 48 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 48 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 49 bytes with zeros and len padding +AES-128 CBC - Encrypt and decrypt 49 bytes with zeros and len padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN -AES Encrypt and decrypt 0 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 0 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 1 byte with zeros padding +AES-128 CBC - Encrypt and decrypt 1 byte with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 2 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 2 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 7 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 7 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 8 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 8 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 9 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 9 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 15 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 15 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 16 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 16 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 17 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 17 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 31 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 31 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 32 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 32 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 33 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 33 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 47 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 47 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 48 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 48 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 49 bytes with zeros padding +AES-128 CBC - Encrypt and decrypt 49 bytes with zeros padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ZEROS -AES Encrypt and decrypt 0 bytes with no padding +AES-128 CBC - Encrypt and decrypt 0 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_NONE -AES Encrypt and decrypt 16 bytes with no padding +AES-128 CBC - Encrypt and decrypt 16 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_NONE -AES Encrypt and decrypt 32 bytes with no padding +AES-128 CBC - Encrypt and decrypt 32 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_NONE -AES Encrypt and decrypt 48 bytes with no padding +AES-128 CBC - Encrypt and decrypt 48 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_NONE -AES Try encrypting 1 bytes with no padding +AES-128 CBC - Try encrypting 1 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 2 bytes with no padding +AES-128 CBC - Try encrypting 2 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 7 bytes with no padding +AES-128 CBC - Try encrypting 7 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 8 bytes with no padding +AES-128 CBC - Try encrypting 8 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:8:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 9 bytes with no padding +AES-128 CBC - Try encrypting 9 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 15 bytes with no padding +AES-128 CBC - Try encrypting 15 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 17 bytes with no padding +AES-128 CBC - Try encrypting 17 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 31 bytes with no padding +AES-128 CBC - Try encrypting 31 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 33 bytes with no padding +AES-128 CBC - Try encrypting 33 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 47 bytes with no padding +AES-128 CBC - Try encrypting 47 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Try encrypting 49 bytes with no padding +AES-128 CBC - Try encrypting 49 bytes with no padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -AES Encrypt and decrypt 0 bytes in multiple parts +AES-128 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-128 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-128 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32 -AES Encrypt and decrypt 0 bytes +AES-128 CBC - Encrypt and decrypt 0 bytes in multiple parts with no padding +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0:MBEDTLS_PADDING_NONE:0:0:0:0 + +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0:MBEDTLS_PADDING_NONE:16:0:16:0 + +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16:MBEDTLS_PADDING_NONE:0:16:0:16 + +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 3 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15:MBEDTLS_PADDING_NONE:0:16:0:16 + +AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 4 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1:MBEDTLS_PADDING_NONE:0:16:0:16 + +AES-128 CBC - Encrypt and decrypt 32 bytes in multiple parts with no padding 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16:MBEDTLS_PADDING_NONE:16:16:16:16 + +AES-128 CFB - Encrypt and decrypt 0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:0:-1 -AES Encrypt and decrypt 1 byte +AES-128 CFB - Encrypt and decrypt 1 byte depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:1:-1 -AES Encrypt and decrypt 2 bytes +AES-128 CFB - Encrypt and decrypt 2 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:2:-1 -AES Encrypt and decrypt 7 bytes +AES-128 CFB - Encrypt and decrypt 7 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:7:-1 -AES Encrypt and decrypt 8 bytes +AES-128 CFB - Encrypt and decrypt 8 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:8:-1 -AES Encrypt and decrypt 9 bytes +AES-128 CFB - Encrypt and decrypt 9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:9:-1 -AES Encrypt and decrypt 15 bytes +AES-128 CFB - Encrypt and decrypt 15 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:15:-1 -AES Encrypt and decrypt 16 bytes +AES-128 CFB - Encrypt and decrypt 16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:16:-1 -AES Encrypt and decrypt 17 bytes +AES-128 CFB - Encrypt and decrypt 17 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:17:-1 -AES Encrypt and decrypt 31 bytes +AES-128 CFB - Encrypt and decrypt 31 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:31:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CFB - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:32:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CFB - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:33:-1 -AES Encrypt and decrypt 47 bytes +AES-128 CFB - Encrypt and decrypt 47 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:47:-1 -AES Encrypt and decrypt 48 bytes +AES-128 CFB - Encrypt and decrypt 48 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:48:-1 -AES Encrypt and decrypt 49 bytes +AES-128 CFB - Encrypt and decrypt 49 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:49:-1 -AES Encrypt and decrypt 0 bytes in multiple parts +AES-128 CFB - Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:0:-1:1:0:1:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-128 CFB - Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:1:-1:0:1:0:1 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:0:-1:16:0:16:0 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:16:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:15:-1:1:15:1:15 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:1:-1:15:1:15:1 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:7:-1:15:7:15:7 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:6:-1:16:6:16:6 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 23 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:17:6:-1:17:6:17:6 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-128 CFB - Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:16:-1:16:16:16:16 -AES Encrypt and decrypt 0 bytes +AES-128 CTR - Encrypt and decrypt 0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:0:-1 -AES Encrypt and decrypt 1 byte +AES-128 CTR - Encrypt and decrypt 1 byte depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:1:-1 -AES Encrypt and decrypt 2 bytes +AES-128 CTR - Encrypt and decrypt 2 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:2:-1 -AES Encrypt and decrypt 7 bytes +AES-128 CTR - Encrypt and decrypt 7 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:7:-1 -AES Encrypt and decrypt 8 bytes +AES-128 CTR - Encrypt and decrypt 8 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:8:-1 -AES Encrypt and decrypt 9 bytes +AES-128 CTR - Encrypt and decrypt 9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:9:-1 -AES Encrypt and decrypt 15 bytes +AES-128 CTR - Encrypt and decrypt 15 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:15:-1 -AES Encrypt and decrypt 16 bytes +AES-128 CTR - Encrypt and decrypt 16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:16:-1 -AES Encrypt and decrypt 17 bytes +AES-128 CTR - Encrypt and decrypt 17 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:17:-1 -AES Encrypt and decrypt 31 bytes +AES-128 CTR - Encrypt and decrypt 31 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:31:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CTR - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:32:-1 -AES Encrypt and decrypt 32 bytes +AES-128 CTR - Encrypt and decrypt 32 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:33:-1 -AES Encrypt and decrypt 47 bytes +AES-128 CTR - Encrypt and decrypt 47 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:47:-1 -AES Encrypt and decrypt 48 bytes +AES-128 CTR - Encrypt and decrypt 48 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:48:-1 -AES Encrypt and decrypt 49 bytes +AES-128 CTR - Encrypt and decrypt 49 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:49:-1 -AES Encrypt and decrypt 0 bytes in multiple parts +AES-128 CTR - Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:0:-1:1:0:1:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-128 CTR - Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:1:-1:0:1:0:1 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:0:-1:16:0:16:0 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:16:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:15:-1:1:15:1:15 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:1:-1:15:1:15:1 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:7:-1:15:7:15:7 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:6:-1:16:6:16:6 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 23 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:17:6:-1:17:6:17:6 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-128 CTR - Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:16:-1:16:16:16:16 -AES Encrypt and decrypt 0 bytes +AES-192 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:0:-1 -AES Encrypt and decrypt 1 byte +AES-192 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:1:-1 -AES Encrypt and decrypt 2 bytes +AES-192 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:2:-1 -AES Encrypt and decrypt 7 bytes +AES-192 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:7:-1 -AES Encrypt and decrypt 8 bytes +AES-192 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:8:-1 -AES Encrypt and decrypt 9 bytes +AES-192 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:9:-1 -AES Encrypt and decrypt 15 bytes +AES-192 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:15:-1 -AES Encrypt and decrypt 16 bytes +AES-192 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:16:-1 -AES Encrypt and decrypt 17 bytes +AES-192 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:17:-1 -AES Encrypt and decrypt 31 bytes +AES-192 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:31:-1 -AES Encrypt and decrypt 32 bytes +AES-192 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:32:-1 -AES Encrypt and decrypt 33 bytes +AES-192 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:33:-1 -AES Encrypt and decrypt 47 bytes +AES-192 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:47:-1 -AES Encrypt and decrypt 48 bytes +AES-192 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:48:-1 -AES Encrypt and decrypt 49 bytes +AES-192 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:49:-1 -AES Encrypt and decrypt 0 bytes in multiple parts +AES-192 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1:-1:0:0:0:0 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0:-1:16:0:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1:-1:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7:-1:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6:-1:16:0:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6:-1:16:0:16:0 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-192 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:-1:16:16:0:32 -AES Encrypt and decrypt 0 bytes +AES-256 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:-1 -AES Encrypt and decrypt 1 byte +AES-256 CBC - Encrypt and decrypt 1 byte with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:1:-1 -AES Encrypt and decrypt 2 bytes +AES-256 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:2:-1 -AES Encrypt and decrypt 7 bytes +AES-256 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:7:-1 -AES Encrypt and decrypt 8 bytes +AES-256 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:8:-1 -AES Encrypt and decrypt 9 bytes +AES-256 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:9:-1 -AES Encrypt and decrypt 15 bytes +AES-256 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:15:-1 -AES Encrypt and decrypt 16 bytes +AES-256 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:16:-1 -AES Encrypt and decrypt 17 bytes +AES-256 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:17:-1 -AES Encrypt and decrypt 31 bytes +AES-256 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:31:-1 -AES Encrypt and decrypt 32 bytes +AES-256 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:32:-1 -AES Encrypt and decrypt 33 bytes +AES-256 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:33:-1 -AES Encrypt and decrypt 47 bytes +AES-256 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:47:-1 -AES Encrypt and decrypt 48 bytes +AES-256 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:48:-1 -AES Encrypt and decrypt 49 bytes +AES-256 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:49:-1 -AES Encrypt and decrypt 0 bytes in multiple parts +AES-256 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0:-1:0:0:0:0 -AES Encrypt and decrypt 1 bytes in multiple parts 2 +AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1:-1:0:0:0:0 -AES Encrypt and decrypt 16 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0:-1:16:0:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 2 +AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 3 +AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15:-1:0:16:0:16 -AES Encrypt and decrypt 16 bytes in multiple parts 4 +AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1:-1:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7:-1:0:16:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6:-1:16:0:0:16 -AES Encrypt and decrypt 22 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6:-1:16:0:16:0 -AES Encrypt and decrypt 32 bytes in multiple parts 1 +AES-256 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16:-1:16:16:0:32 AES Decrypt test vector #0 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data index 1dd23110dd..6e69b811f3 100644 --- a/tests/suites/test_suite_cipher.arc4.data +++ b/tests/suites/test_suite_cipher.arc4.data @@ -60,44 +60,44 @@ enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:49:-1 ARC4 Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:0:-1:0:0:0:0 ARC4 Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:0:-1:1:0:1:0 ARC4 Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:1:-1:0:1:0:1 ARC4 Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:0:-1:16:0:16:0 ARC4 Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:16:-1:0:16:0:16 ARC4 Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:15:-1:1:15:1:15 ARC4 Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:1:-1:15:1:15:1 ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:7:-1:15:7:15:7 ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:6:-1:16:6:16:6 ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:17:6:-1:17:6:17:6 ARC4 Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:16:-1:16:16:16:16 diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data index 9be846dadc..b94bc4704e 100644 --- a/tests/suites/test_suite_cipher.blowfish.data +++ b/tests/suites/test_suite_cipher.blowfish.data @@ -300,47 +300,47 @@ enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIP BLOWFISH Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:1:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0:-1:16:0:8:8 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1:-1:8:8:8:8 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:7:-1:8:8:8:8 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:6:-1:16:0:8:8 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:17:6:-1:16:0:16:0 BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:16:-1:16:16:8:24 BLOWFISH Encrypt and decrypt 0 bytes depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB @@ -404,47 +404,47 @@ enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:49:-1 BLOWFISH Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:0:-1:1:0:1:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:1:-1:0:1:0:1 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:0:-1:16:0:16:0 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:16:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:15:-1:1:15:1:15 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:1:-1:15:1:15:1 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:7:-1:15:7:15:7 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:6:-1:16:6:16:6 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:17:6:-1:17:6:17:6 BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:16:-1:16:16:16:16 BLOWFISH Encrypt and decrypt 0 bytes depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR @@ -508,47 +508,47 @@ enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:49:-1 BLOWFISH Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:0:-1:1:0:1:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:1:-1:0:1:0:1 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:0:-1:16:0:16:0 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:16:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:15:-1:1:15:1:15 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:1:-1:15:1:15:1 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:7:-1:15:7:15:7 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:6:-1:16:6:16:6 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:17:6:-1:17:6:17:6 BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:16:-1:16:16:16:16 BLOWFISH CBC Encrypt and decrypt 7 bytes, 192-bits key depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data index b89b70def5..e6342da2bf 100644 --- a/tests/suites/test_suite_cipher.camellia.data +++ b/tests/suites/test_suite_cipher.camellia.data @@ -300,47 +300,47 @@ enc_fail:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16:-1:16:16:0:32 CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB @@ -404,47 +404,47 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:"CAMELLIA-128-CFB128":128:49:-1 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:0:-1:1:0:1:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:1:-1:0:1:0:1 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:0:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:15:-1:1:15:1:15 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:1:-1:15:1:15:1 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:7:-1:15:7:15:7 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:6:-1:16:6:16:6 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:17:6:-1:17:6:17:6 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:16:-1:16:16:16:16 CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR @@ -508,47 +508,47 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CTR:"CAMELLIA-128-CTR":128:49:-1 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:0:-1:1:0:1:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:1:-1:0:1:0:1 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:0:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:15:-1:1:15:1:15 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:1:-1:15:1:15:1 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:7:-1:15:7:15:7 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:6:-1:16:6:16:6 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:17:6:-1:17:6:17:6 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:16:-1:16:16:16:16 CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -612,47 +612,47 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_CBC:"CAMELLIA-192-CBC":192:49:-1 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16:-1:16:16:0:32 CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -716,44 +716,44 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:"CAMELLIA-256-CBC":256:49:-1 CAMELLIA Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1:-1:0:0:0:0 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7:-1:0:16:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6:-1:16:0:0:16 CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:-1:16:0:16:0 CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:-1:16:16:0:32 diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index 3aac934b0b..ba9020eab2 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -300,47 +300,47 @@ enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:49:MBEDTLS_ERR_CIPHER_FU DES Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0:-1:0:0:0:0 DES Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0:-1:0:0:0:0 DES Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1:-1:0:0:0:0 DES Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0:-1:16:0:8:8 DES Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16:-1:0:16:0:16 DES Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15:-1:0:16:0:16 DES Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1:-1:8:8:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7:-1:8:8:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6:-1:16:0:8:8 DES Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6:-1:16:0:16:0 DES Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16:-1:16:16:8:24 DES Encrypt and decrypt 0 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -404,47 +404,47 @@ enc_dec_buf:MBEDTLS_CIPHER_DES_EDE_CBC:"DES-EDE-CBC":128:49:-1 DES3 Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0:-1:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0:-1:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1:-1:0:0:0:0 DES3 Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0:-1:16:0:8:8 DES3 Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16:-1:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15:-1:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1:-1:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7:-1:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6:-1:16:0:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6:-1:16:0:16:0 DES3 Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16:-1:16:16:8:24 DES3 Encrypt and decrypt 0 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 @@ -508,47 +508,47 @@ enc_dec_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:"DES-EDE3-CBC":192:49:-1 DES3 Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0:-1:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0:-1:0:0:0:0 DES3 Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1:-1:0:0:0:0 DES3 Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0:-1:16:0:8:8 DES3 Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16:-1:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15:-1:0:16:0:16 DES3 Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1:-1:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7:-1:8:8:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6:-1:16:0:8:8 DES3 Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6:-1:16:0:16:0 DES3 Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16:-1:16:16:8:24 DES ECB Encrypt test vector (OpenSSL) #1 depends_on:MBEDTLS_DES_C diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 1073524383..8f1109ee84 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -358,7 +358,9 @@ exit: /* BEGIN_CASE */ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, - int second_length_val ) + int second_length_val, int pad_mode, + int first_encrypt_output_len, int second_encrypt_output_len, + int first_decrypt_output_len, int second_decrypt_output_len ) { size_t first_length = first_length_val; size_t second_length = second_length_val; @@ -398,6 +400,16 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) ); TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) ); +#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) + if( -1 != pad_mode ) + { + TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) ); + TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) ); + } +#else + (void) pad_mode; +#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ + TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) ); @@ -414,8 +426,10 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, /* encode length number of bytes from inbuf */ TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) ); + TEST_ASSERT( (size_t)first_encrypt_output_len == outlen ); totaloutlen = outlen; TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) ); + TEST_ASSERT( (size_t)second_encrypt_output_len == outlen ); totaloutlen += outlen; TEST_ASSERT( totaloutlen == length || ( totaloutlen % block_size == 0 && @@ -430,15 +444,20 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, totaloutlen <= length + block_size ) ); /* decode the previously encoded string */ - TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, totaloutlen, decbuf, &outlen ) ); + second_length = totaloutlen - first_length; + TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) ); + TEST_ASSERT( (size_t)first_decrypt_output_len == outlen ); totaloutlen = outlen; + TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) ); + TEST_ASSERT( (size_t)second_decrypt_output_len == outlen ); + totaloutlen += outlen; TEST_ASSERT( totaloutlen == length || ( totaloutlen % block_size == 0 && totaloutlen < length && totaloutlen + block_size >= length ) ); - TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) ); + TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) ); totaloutlen += outlen; TEST_ASSERT( totaloutlen == length ); diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data index b0ccbe8719..0efed5848b 100644 --- a/tests/suites/test_suite_cipher.gcm.data +++ b/tests/suites/test_suite_cipher.gcm.data @@ -60,35 +60,35 @@ enc_dec_buf:MBEDTLS_CIPHER_AES_128_GCM:"AES-128-GCM":128:49:-1 AES 128 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:0:-1:0:0:0:0 AES 128 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:1:0:-1:1:0:1:0 AES 128 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:1:-1:0:1:0:1 AES 128 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:0:-1:16:0:16:0 AES 128 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:16:-1:0:16:0:16 AES 128 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:6:-1:16:6:16:6 AES 128 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:22:-1:0:22:0:22 AES 128 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:16:-1:16:16:16:16 AES 128 GCM Decrypt test vector #1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C @@ -188,35 +188,35 @@ enc_dec_buf:MBEDTLS_CIPHER_AES_192_GCM:"AES-192-GCM":192:49:-1 AES 192 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:0:-1:0:0:0:0 AES 192 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:1:0:-1:1:0:1:0 AES 192 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:1:-1:0:1:0:1 AES 192 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:0:-1:16:0:16:0 AES 192 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:16:-1:0:16:0:16 AES 192 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:6:-1:16:6:16:6 AES 192 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:22:-1:0:22:0:22 AES 192 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:16:-1:16:16:16:16 AES 192 GCM Decrypt test vector #1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C @@ -304,35 +304,35 @@ enc_dec_buf:MBEDTLS_CIPHER_AES_256_GCM:"AES-256-GCM":256:49:-1 AES 256 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:0:-1:0:0:0:0 AES 256 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:1:0:-1:1:0:1:0 AES 256 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:1:-1:0:1:0:1 AES 256 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:0:-1:16:0:16:0 AES 256 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:16:-1:0:16:0:16 AES 256 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:6:-1:16:6:16:6 AES 256 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:22:-1:0:22:0:22 AES 256 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:16:-1:16:16:16:16 AES 128 GCM Decrypt test vector #0 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C @@ -428,35 +428,35 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:"CAMELLIA-128-GCM":128:49:-1 CAMELLIA 128 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:0:-1:0:0:0:0 CAMELLIA 128 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:1:0:-1:1:0:1:0 CAMELLIA 128 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:1:-1:0:1:0:1 CAMELLIA 128 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:0:-1:16:0:16:0 CAMELLIA 128 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:16:-1:0:16:0:16 CAMELLIA 128 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:6:-1:16:6:16:6 CAMELLIA 128 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:22:-1:0:22:0:22 CAMELLIA 128 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:16:-1:16:16:16:16 CAMELLIA 128 GCM Decrypt test vector #1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C @@ -540,35 +540,35 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_192_GCM:"CAMELLIA-192-GCM":192:49:-1 CAMELLIA 192 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:0:-1:0:0:0:0 CAMELLIA 192 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:1:0:-1:1:0:1:0 CAMELLIA 192 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:1:-1:0:1:0:1 CAMELLIA 192 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:0:-1:16:0:16:0 CAMELLIA 192 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:16:-1:0:16:0:16 CAMELLIA 192 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:6:-1:16:6:16:6 CAMELLIA 192 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:22:-1:0:22:0:22 CAMELLIA 192 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:16:-1:16:16:16:16 CAMELLIA 192 GCM Decrypt test vector #1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C @@ -652,35 +652,35 @@ enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_256_GCM:"CAMELLIA-256-GCM":256:49:-1 CAMELLIA 256 GCM Encrypt and decrypt 0 bytes in multiple parts depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:0:-1:0:0:0:0 CAMELLIA 256 GCM Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:1:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:1:0:-1:1:0:1:0 CAMELLIA 256 GCM Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:1 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:1:-1:0:1:0:1 CAMELLIA 256 GCM Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:0 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:0:-1:16:0:16:0 CAMELLIA 256 GCM Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:16:-1:0:16:0:16 CAMELLIA 256 GCM Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:6 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:6:-1:16:6:16:6 CAMELLIA 256 GCM Encrypt and decrypt 22 bytes in multiple parts 2 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:22 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:22:-1:0:22:0:22 CAMELLIA 256 GCM Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:16 +enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:16:-1:16:16:16:16 CAMELLIA 256 GCM Decrypt test vector #1 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C diff --git a/tests/suites/test_suite_cipher.null.data b/tests/suites/test_suite_cipher.null.data index c65e970a7d..371b30677f 100644 --- a/tests/suites/test_suite_cipher.null.data +++ b/tests/suites/test_suite_cipher.null.data @@ -56,40 +56,40 @@ enc_dec_buf:MBEDTLS_CIPHER_NULL:"NULL":0:49:-1 NULL Encrypt and decrypt 1 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:0:-1:1:0:1:0 NULL Encrypt and decrypt 1 bytes in multiple parts 2 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:1:-1:0:1:0:1 NULL Encrypt and decrypt 16 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:0: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:0:-1:16:0:16:0 NULL Encrypt and decrypt 16 bytes in multiple parts 2 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:16:-1:0:16:0:16 NULL Encrypt and decrypt 16 bytes in multiple parts 3 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:15: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:15:-1:1:15:1:15 NULL Encrypt and decrypt 16 bytes in multiple parts 4 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:1: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:1:-1:15:1:15:1 NULL Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:7: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:7:-1:15:7:15:7 NULL Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:6:-1:16:6:16:6 NULL Encrypt and decrypt 22 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:17:6: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:17:6:-1:17:6:17:6 NULL Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:MBEDTLS_CIPHER_NULL_CIPHER -enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:16: +enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:16:-1:16:16:16:16 From 71830318d3e9000395d6178fbb0c6d0088b2f73e Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Wed, 28 Mar 2018 09:48:29 +0100 Subject: [PATCH 0890/1059] Rephrase Changelog entry Bugfix->Changes --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 13dda4db5f..024854d60b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,9 +2,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x.x branch released xxxx-xx-xx -Bugfix - * Fix possible memory leak in mbedtls_ssl_config_free(). - This can occur only if the user doesn't use mbedtls_ssl_conf_psk() and +Changes + * Harden mbedtls_ssl_config_free() against misuse, so that it doesn't + leak memory in case the user doesn't use mbedtls_ssl_conf_psk() and instead incorrectly manipulates conf->psk and/or conf->psk_identity directly. Found and fix submitted by junyeonLEE in #1220. From 54fc34ea683167260ec5df3dc94a7c544b08325c Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Mon, 16 May 2016 15:15:45 +0100 Subject: [PATCH 0891/1059] Include order of Curve25519 base point in curve data --- include/mbedtls/ecp.h | 2 +- library/ecp_curves.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b00ba4da87..d8c68233dc 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -144,7 +144,7 @@ typedef struct mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */ mbedtls_ecp_point G; /*!< generator of the (sub)group used */ - mbedtls_mpi N; /*!< 1. the order of G, or 2. unused */ + mbedtls_mpi N; /*!< the order of G */ size_t pbits; /*!< number of bits in P */ size_t nbits; /*!< number of bits in 1. P, or 2. private keys */ unsigned int h; /*!< internal: 1 if the constants are static */ diff --git a/library/ecp_curves.c b/library/ecp_curves.c index df5ac3eea5..5b38a87722 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -670,6 +670,11 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) ); grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + /* N = 2^252 + 27742317777372353535851937790883648493 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16, + "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); + /* Y intentionaly not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); From fff308e2faa9d3ae489bd8c285162267bb05d570 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Mar 2018 11:13:05 +0200 Subject: [PATCH 0892/1059] Add a ChangeLog entry for Curve22519 N --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 453364454e..6f56fae510 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,9 @@ Changes * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. + * Add the order of the base point as N in the mbedtls_ecp_group structure + for Curve25519 (other curves had it already). Contributed by Nicholas + Wilson #481 = mbed TLS 2.8.0 branch released 2018-03-16 From 18b78435dc3883ad0aae000662a28f74ccfd7375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Mar 2018 11:14:06 +0200 Subject: [PATCH 0893/1059] Fix a typo in a comment --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 5b38a87722..f7860fdbcf 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -675,7 +675,7 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); - /* Y intentionaly not set, since we use x/z coordinates. + /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); From 6a92ce6fd96a97f53483d48a7a475952d203a1f1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 28 Mar 2018 11:42:05 +0100 Subject: [PATCH 0894/1059] Improve documentation of MBEDTLS_AES_FEWER_TABLES in config.h --- include/mbedtls/config.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 65d6ba8a22..d453f25e66 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -388,8 +388,10 @@ * * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the - * the time to setup an AES context. It comes at the cost of additional - * ~8kb ROM use (resp. ~2kb if \c MBEDTLS_AES_FEWER_TABLES below is used). + * initialization time before the first AES operation can be performed. + * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c + * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded + * performance if ROM access is slower than RAM access. * * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. * From 065ecf587f3bf1fc59df46e4e1c1adb01074c1b8 Mon Sep 17 00:00:00 2001 From: Ivan Krylov Date: Wed, 28 Mar 2018 16:19:18 +0300 Subject: [PATCH 0895/1059] Changelog: use my real name (#758) --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 634e29cdc5..70094e06b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,7 +3,7 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Changes - * Improve the documentation of mbedtls_net_accept(). Contributed by aitap. + * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. = mbed TLS 2.4.1 branch released 2016-12-13 From 52aecb9a7f57b63e56a8adde7baf75c9b60f5050 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 28 Mar 2018 23:41:40 -0700 Subject: [PATCH 0896/1059] Check whether INT_MAX larger than SIZE_MAX scenario Check whether INT_MAX larger than SIZE_MAX scenario --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2bd720410a..a3515e1dc8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2422,7 +2422,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - if ( (size_t)ret > len ) + if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_recv returned %d bytes but only %zu were requested", @@ -2477,7 +2477,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); - if( (size_t)ret > ssl->out_left ) + if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned %d bytes but only %zu bytes were sent", From 19d1373bb9d4cf581b65b4b82306bcd73e4a3242 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 29 Mar 2018 11:04:20 +0100 Subject: [PATCH 0897/1059] Enable SSL test scripts to dump logs on stdout --- tests/compat.sh | 2 +- tests/ssl-opt.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 672bdab784..34e38f10f6 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -1087,7 +1087,7 @@ run_client() { cp $CLI_OUT c-cli-${TESTS}.log echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" - if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then + if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then echo " ! server output:" cat c-srv-${TESTS}.log echo " ! ===================================================" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2d6b71af02..9fde54a6b6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -231,7 +231,7 @@ fail() { fi echo " ! outputs saved to o-XXX-${TESTS}.log" - if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then + if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then echo " ! server output:" cat o-srv-${TESTS}.log echo " ! ========================================================" From a357f1a6caa11703bc63459af17bdac05277572d Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 29 Mar 2018 08:17:15 -0400 Subject: [PATCH 0898/1059] Move changelog entry to bugfix from changes --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 49eaef7447..1b00537557 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,8 @@ Bugfix Fixes #1040. * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. #1353 + * Return plaintext data sooner on unpadded decryption, as stated in + mbedtls_cipher_update documentation. Contributed by Andy Leiserson. #1180 Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. @@ -26,8 +28,6 @@ Changes * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. - * Return plaintext data sooner on unpadded decryption. Contributed by Andy - Leiserson. #1180 = mbed TLS 2.8.0 branch released 2018-03-16 From 08f3ef1861478587211971494541a6b0e97cfdc7 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Tue, 10 Nov 2015 13:10:01 +0000 Subject: [PATCH 0899/1059] Basic support for Curve448, similar to the current level of support for Curve25519 --- include/mbedtls/config.h | 1 + include/mbedtls/ecp.h | 3 +- library/ecp.c | 24 ++++-- library/ecp_curves.c | 128 ++++++++++++++++++++++++++++++- library/version_features.c | 3 + programs/test/benchmark.c | 91 +++++++++++++--------- tests/suites/test_suite_ecp.data | 4 + 7 files changed, 209 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 48c32d4aa8..9585e69225 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -609,6 +609,7 @@ #define MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_ECP_DP_CURVE448_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b00ba4da87..710fc3a6ba 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -72,7 +72,8 @@ typedef enum MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */ MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */ MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */ - MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */ + MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */ + MBEDTLS_ECP_DP_CURVE448, /*!< Curve448 */ MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */ MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */ MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */ diff --git a/library/ecp.c b/library/ecp.c index b41baef27a..92a188b665 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -26,6 +26,7 @@ * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf * RFC 4492 for the related TLS structures and constants + * RFC 7748 for the Curve448 and Curve25519 curve definitions * * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf * @@ -99,7 +100,8 @@ static unsigned long add_count, dbl_count, mul_count; #define ECP_SHORTWEIERSTRASS #endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ + defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define ECP_MONTGOMERY #endif @@ -1852,6 +1854,8 @@ cleanup: static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) { /* [Curve25519 p. 5] Just check X is the correct number of bytes */ + /* Allow any public value, if it's too big then we'll just reduce it mod p + * (RFC 7748 sec. 5 para. 3). */ if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) return( MBEDTLS_ERR_ECP_INVALID_KEY ); @@ -1887,14 +1891,18 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi * #if defined(ECP_MONTGOMERY) if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) { - /* see [Curve25519] page 5 */ + /* see RFC 7748 sec. 5 para. 5 */ if( mbedtls_mpi_get_bit( d, 0 ) != 0 || mbedtls_mpi_get_bit( d, 1 ) != 0 || - mbedtls_mpi_get_bit( d, 2 ) != 0 || mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ return( MBEDTLS_ERR_ECP_INVALID_KEY ); else - return( 0 ); + + /* see [Curve25519] page 5 */ + if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 ) + return( MBEDTLS_ERR_ECP_INVALID_KEY ); + + return( 0 ); } #endif /* ECP_MONTGOMERY */ #if defined(ECP_SHORTWEIERSTRASS) @@ -1941,10 +1949,14 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, else MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) ); - /* Make sure the last three bits are unset */ + /* Make sure the last two bits are unset for Curve448, three bits for + Curve25519 */ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); + if( grp->nbits == 254 ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); + } } else #endif /* ECP_MONTGOMERY */ diff --git a/library/ecp_curves.c b/library/ecp_curves.c index df5ac3eea5..58630e3d0f 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -627,6 +627,9 @@ static int ecp_mod_p521( mbedtls_mpi * ); #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) static int ecp_mod_p255( mbedtls_mpi * ); #endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +static int ecp_mod_p448( mbedtls_mpi * ); +#endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static int ecp_mod_p192k1( mbedtls_mpi * ); #endif @@ -687,6 +690,52 @@ cleanup: } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +/* + * Specialized function for creating the Curve448 group + */ +static int ecp_use_curve448( mbedtls_ecp_group *grp ) +{ + mbedtls_mpi Ns; + int ret; + + mbedtls_mpi_init( &Ns ); + + /* Actually ( A + 2 ) / 4 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) ); + + /* P = 2^448 - 2^224 - 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); + grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + + /* Y intentionally not set, since we use x/z coordinates. + * This is used as a marker to identify Montgomery curves! */ + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); + mbedtls_mpi_free( &grp->G.Y ); + + /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16, + "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) ); + + /* Actually, the required msb for private keys */ + grp->nbits = 447; + +cleanup: + mbedtls_mpi_free( &Ns ); + if( ret != 0 ) + mbedtls_ecp_group_free( grp ); + + return( ret ); +} +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + /* * Set a group using well-known domain parameters */ @@ -767,6 +816,12 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) return( ecp_use_curve25519( grp ) ); #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + case MBEDTLS_ECP_DP_CURVE448: + grp->modp = ecp_mod_p448; + return( ecp_use_curve448( grp ) ); +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + default: mbedtls_ecp_group_free( grp ); return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); @@ -1176,7 +1231,7 @@ static int ecp_mod_p255( mbedtls_mpi *N ) M.s = 1; M.n = N->n - ( P255_WIDTH - 1 ); if( M.n > P255_WIDTH + 1 ) - M.n = P255_WIDTH + 1; + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); M.p = Mp; memset( Mp, 0, sizeof Mp ); memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); @@ -1197,6 +1252,77 @@ cleanup: } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + +/* Size of p448 in terms of mbedtls_mpi_uint */ +#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) ) + +/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */ +#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) ) +#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) ) +#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) ) +#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 ) + +/* + * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 + * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return + * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference + * implementation of Curve448, which uses its own special 56-bit limbs rather + * than a generic bignum library. We could squeeze some extra speed out on + * 32-bit machines by splitting N up into 32-bit limbs and doing the + * arithmetic using the limbs directly as we do for the NIST primes above, + * but for 64-bit targets it should use half the number of operations if we do + * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. + */ +static int ecp_mod_p448( mbedtls_mpi *N ) +{ + int ret; + size_t i; + mbedtls_mpi M, Q; + mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; + + if( N->n <= P448_WIDTH ) + return( 0 ); + + /* M = A1 */ + M.s = 1; + M.n = N->n - ( P448_WIDTH ); + if( M.n > P448_WIDTH ) + /* Shouldn't be called with N larger than 2^896! */ + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + M.p = Mp; + memset( Mp, 0, sizeof( Mp ) ); + memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) ); + + /* N = A0 */ + for( i = P448_WIDTH; i < N->n; i++ ) + N->p[i] = 0; + + /* N += A1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); + + /* Q = B1, N += B1 */ + Q = M; + Q.p = Qp; + memcpy( Qp, Mp, sizeof( Qp ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) ); + + /* M = (B0 + B1) * 2^224, N += M */ + if( sizeof( mbedtls_mpi_uint ) > 4 ) + Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS ); + for( i = P224_WIDTH_MAX; i < M.n; ++i ) + Mp[i] = 0; + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) ); + M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); + +cleanup: + return( ret ); +} +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) diff --git a/library/version_features.c b/library/version_features.c index 1b06ff322f..a452caf5e9 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -309,6 +309,9 @@ static const char *features[] = { #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) "MBEDTLS_ECP_DP_CURVE25519_ENABLED", #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + "MBEDTLS_ECP_DP_CURVE448_ENABLED", +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ #if defined(MBEDTLS_ECP_NIST_OPTIM) "MBEDTLS_ECP_NIST_OPTIM", #endif /* MBEDTLS_ECP_NIST_OPTIM */ diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 1945b30d97..cecf3e363c 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -766,9 +766,16 @@ int main( int argc, char *argv[] ) if( todo.ecdh ) { mbedtls_ecdh_context ecdh; -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) mbedtls_mpi z; + const mbedtls_ecp_curve_info montgomery_curve_list[] = { +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + { MBEDTLS_ECP_DP_CURVE25519, 0, 0, "Curve25519" }, #endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + { MBEDTLS_ECP_DP_CURVE448, 0, 0, "Curve448" }, +#endif + { MBEDTLS_ECP_DP_NONE, 0, 0, 0 } + }; const mbedtls_ecp_curve_info *curve_info; size_t olen; @@ -797,27 +804,32 @@ int main( int argc, char *argv[] ) mbedtls_ecdh_free( &ecdh ); } - /* Curve25519 needs to be handled separately */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - mbedtls_ecdh_init( &ecdh ); - mbedtls_mpi_init( &z ); - - if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 ) + /* Montgomery curves need to be handled separately */ + for ( curve_info = montgomery_curve_list; + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++ ) { - mbedtls_exit( 1 ); + mbedtls_ecdh_init( &ecdh ); + mbedtls_mpi_init( &z ); + + if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || + mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 ) + { + mbedtls_exit( 1 ); + } + + mbedtls_snprintf( title, sizeof(title), "ECDHE-%s", + curve_info->name ); + TIME_PUBLIC( title, "handshake", + ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, + myrand, NULL ); + ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, + myrand, NULL ) ); + + mbedtls_ecdh_free( &ecdh ); + mbedtls_mpi_free( &z ); } - TIME_PUBLIC( "ECDHE-Curve25519", "handshake", - ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, - myrand, NULL ); - ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, - myrand, NULL ) ); - - mbedtls_ecdh_free( &ecdh ); - mbedtls_mpi_free( &z ); -#endif - for( curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) @@ -843,26 +855,31 @@ int main( int argc, char *argv[] ) mbedtls_ecdh_free( &ecdh ); } - /* Curve25519 needs to be handled separately */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - mbedtls_ecdh_init( &ecdh ); - mbedtls_mpi_init( &z ); - - if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, - myrand, NULL ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 ) + /* Montgomery curves need to be handled separately */ + for ( curve_info = montgomery_curve_list; + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++) { - mbedtls_exit( 1 ); + mbedtls_ecdh_init( &ecdh ); + mbedtls_mpi_init( &z ); + + if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || + mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, + myrand, NULL ) != 0 || + mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 ) + { + mbedtls_exit( 1 ); + } + + mbedtls_snprintf( title, sizeof(title), "ECDH-%s", + curve_info->name ); + TIME_PUBLIC( title, "handshake", + ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, + myrand, NULL ) ); + + mbedtls_ecdh_free( &ecdh ); + mbedtls_mpi_free( &z ); } - - TIME_PUBLIC( "ECDH-Curve25519", "handshake", - ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, - myrand, NULL ) ); - - mbedtls_ecdh_free( &ecdh ); - mbedtls_mpi_free( &z ); -#endif } #endif diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index a43e7d75dd..8e9d9fa49a 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -330,6 +330,10 @@ ECP test vectors Curve25519 depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"057E23EA9F1CBE8A27168F6E696A791DE61DD3AF7ACD4EEACC6E7BA514FDA863":"47DC3D214174820E1154B49BC6CDB2ABD45EE95817055D255AA35831B70D3260":"6EB89DA91989AE37C7EAC7618D9E5C4951DBA1D73C285AE1CD26A855020EEF04":"61450CD98E36016B58776A897A9F0AEF738B99F09468B8D6B8511184D53494AB" +ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE448:"eb7298a5c0d8c29a1dab27f1a6826300917389449741a974f5bac9d98dc298d46555bce8bae89eeed400584bb046cf75579f51d125498f98":"a01fc432e5807f17530d1288da125b0cd453d941726436c8bbd9c5222c3da7fa639ce03db8d23b274a0721a1aed5227de6e3b731ccf7089b":"ad997351b6106f36b0d1091b929c4c37213e0d2b97e85ebb20c127691d0dad8f1d8175b0723745e639a3cb7044290b99e0e2a0c27a6a301c":"0936f37bc6c1bd07ae3dec7ab5dc06a73ca13242fb343efc72b9d82730b445f3d4b0bd077162a46dcfec6f9b590bfcbcf520cdb029a8b73e":"9d874a5137509a449ad5853040241c5236395435c36424fd560b0cb62b281d285275a740ce32a22dd1740f4aa9161cec95ccc61a18f4ff07" + ECP test vectors secp192k1 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD" From eea1c4ee5a054c77c901d5dafc560483101c4fe8 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 29 Mar 2018 16:05:44 +0100 Subject: [PATCH 0900/1059] Improve documentation of mbedtls_ssl_write() --- ChangeLog | 2 ++ include/mbedtls/ssl.h | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index aaf34fcef9..c3db587717 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,8 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. + * Improve the documentation of mbedtls_ssl_write(). Suggested by + Paul Sokolovsky in #1356. = mbed TLS 2.8.0 branch released 2018-03-16 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f7a1a013dd..e1d64b9ced 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2537,7 +2537,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, * it must be called later with the *same* arguments, - * until it returns a positive value. + * until it returns a positive value. When the function returns + * MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial + * data in the output buffer, however this is not yet sent. * * \note If the requested length is greater than the maximum * fragment length (either the built-in limit or the one set From 5114d3e4e1cb6e5a71ceafa56dd7da5f9182f9d9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 30 Mar 2018 07:12:15 +0200 Subject: [PATCH 0901/1059] Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that this indicates that a valid signature is present, unlike other error codes. See https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705 --- include/mbedtls/ecdsa.h | 4 ++-- include/mbedtls/ecp.h | 2 +- include/mbedtls/pk.h | 12 ++++++------ library/ecdsa.c | 3 +++ library/pk_wrap.c | 5 +++++ 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index aa23d67f99..ff6efbc3ff 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -272,8 +272,8 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, * * \return \c 0 on success, * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, - * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than \p siglen, + * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. * diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b00ba4da87..7b8ffff44e 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -36,7 +36,7 @@ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ -#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ +#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */ #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ #if !defined(MBEDTLS_ECP_ALT) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 1059bdaa5b..ee06b2fd20 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -63,7 +63,7 @@ #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */ #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ -#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */ +#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */ #define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */ #ifdef __cplusplus @@ -269,8 +269,8 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); * \param sig_len Signature length * * \return 0 on success (signature is valid), - * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than sig_len, + * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or a specific error code. * * \note For RSA keys, the default padding type is PKCS#1 v1.5. @@ -300,10 +300,10 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \param sig_len Signature length * * \return 0 on success (signature is valid), - * MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be + * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be * used for this type of signatures, - * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than sig_len, + * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or a specific error code. * * \note If hash_len is 0, then the length associated with md_alg diff --git a/library/ecdsa.c b/library/ecdsa.c index 826fefe5c6..17a88bdd29 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -400,6 +400,9 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, &ctx->Q, &r, &s ) ) != 0 ) goto cleanup; + /* At this point we know that the buffer starts with a valid signature. + * Return 0 if the buffer just contains the signature, and a specific + * error code if the valid signature is followed by more data. */ if( p != end ) ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH; diff --git a/library/pk_wrap.c b/library/pk_wrap.c index a4bb35fc8f..5446e23507 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -93,6 +93,11 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); + /* The buffer contains a valid signature followed by extra data. + * We have a special error code for that so that so that callers can + * use mbedtls_pk_verify() to check "Does the buffer start with a + * valid signature?" and not just "Does the buffer contain a valid + * signature?". */ if( sig_len > rsa_len ) return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); From cc78ac46e79d5c5ea6850c9f56483ea94a2a646b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 30 Mar 2018 18:52:10 +0200 Subject: [PATCH 0902/1059] Update error.c --- library/error.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/error.c b/library/error.c index 0292480aee..b173c7e8ef 100644 --- a/library/error.c +++ b/library/error.c @@ -266,7 +266,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) ) mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); + mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" ); if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" ); #endif /* MBEDTLS_ECP_C */ @@ -333,7 +333,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) ) - mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" ); + mbedtls_snprintf( buf, buflen, "PK - The buffer contains a valid signature followed by more data" ); if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" ); #endif /* MBEDTLS_PK_C */ From 039fd128349e3f19d80aa60ea228a2498a8fbc44 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 19 Mar 2018 19:06:08 +0100 Subject: [PATCH 0903/1059] Robustness fix in mbedtls_ssl_derive_keys In mbedtls_ssl_derive_keys, don't call mbedtls_md_hmac_starts in ciphersuites that don't use HMAC. This doesn't change the behavior of the code, but avoids relying on an uncaught error when attempting to start an HMAC operation that hadn't been initialized. --- library/ssl_tls.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3802e230e9..a5b9d63f5c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -855,8 +855,13 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) { - mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); - mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); + /* For HMAC-based ciphersuites, initialize the HMAC transforms. + For AEAD-based ciphersuites, there is nothing to do here. */ + if( mac_key_len != 0 ) + { + mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); + mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); + } } else #endif From c96ccf4b3f2fc0c1336390cae25e4852d4d3411a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 31 Mar 2018 22:57:03 +0200 Subject: [PATCH 0904/1059] Add ChangeLog entry to credit independent contribution Also: fixes #1437 --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index aaf34fcef9..0293e49dd5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,9 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. + * Improve robustness of mbedtls_ssl_derive_keys against the use of + HMAC functions with non-HMAC ciphersuites. Independently contributed + by Jiayuan Chen in #1377. Fixes #1437. = mbed TLS 2.8.0 branch released 2018-03-16 From 4045c7442189b42157f1a8e885a33db87d33ad89 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Apr 2018 12:25:48 +0200 Subject: [PATCH 0905/1059] Minor changelog improvement --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1b00537557..a87d4cdba4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,8 +18,8 @@ Bugfix Fixes #1040. * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. #1353 - * Return plaintext data sooner on unpadded decryption, as stated in - mbedtls_cipher_update documentation. Contributed by Andy Leiserson. #1180 + * Return plaintext data sooner on unpadded CBC decryption, as stated in + the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. From 092bf3dd3898e67b9dff2bb5d4f2aa289a827135 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Apr 2018 12:43:48 +0200 Subject: [PATCH 0906/1059] Add original PR reference --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 25f52c8040..8a3f0af042 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Changes * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution - by Alexey Skalozub. + by Alexey Skalozub in #405. = mbed TLS 2.7.0 branch released 2018-02-03 From b2aacec417d74f68d1eb01581e353b6623df706e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 18 May 2017 16:53:08 +0300 Subject: [PATCH 0907/1059] Take Cryptographic API outside the XXX_ALT check The cryptographic API should not be related to whether or not there is alternative implementation. The API should be same for regular implementation, and for alternative implementation, so it is defined outside of the XXX_ALT precompilation check in the cryptographic API header --- ChangeLog | 3 +++ include/mbedtls/aes.h | 24 ++++++++---------------- include/mbedtls/arc4.h | 24 ++++++++---------------- include/mbedtls/blowfish.h | 16 ++++++++-------- include/mbedtls/camellia.h | 24 ++++++++---------------- include/mbedtls/des.h | 23 ++++++++--------------- include/mbedtls/md2.h | 24 ++++++++---------------- include/mbedtls/md4.h | 24 ++++++++---------------- include/mbedtls/md5.h | 24 ++++++++---------------- include/mbedtls/ripemd160.h | 24 ++++++++---------------- include/mbedtls/sha1.h | 24 ++++++++---------------- include/mbedtls/sha256.h | 23 ++++++++--------------- include/mbedtls/sha512.h | 24 ++++++++---------------- include/mbedtls/xtea.h | 24 ++++++++---------------- 14 files changed, 107 insertions(+), 198 deletions(-) diff --git a/ChangeLog b/ChangeLog index aaf34fcef9..4249de7666 100644 --- a/ChangeLog +++ b/ChangeLog @@ -135,6 +135,9 @@ Changes * Clarify the documentation of mbedtls_ssl_setup. * Use (void) when defining functions with no parameters. Contributed by Joris Aerts. #678 + * Put the Cryptographic API outside of the XXX_ALT macro check, so + alternative header file will not need to redefined the same API, + and to force alternative implementer to use the same API. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 46016dcb7f..9043ddac41 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -59,14 +59,14 @@ #define inline __inline #endif -#if !defined(MBEDTLS_AES_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_AES_ALT) +// Regular implementation +// + /** * \brief The AES context-type definition. */ @@ -85,6 +85,10 @@ typedef struct } mbedtls_aes_context; +#else /* MBEDTLS_AES_ALT */ +#include "aes_alt.h" +#endif /* MBEDTLS_AES_ALT */ + /** * \brief This function initializes the specified AES context. * @@ -391,18 +395,6 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_AES_ALT */ -#include "aes_alt.h" -#endif /* MBEDTLS_AES_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine. * diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index f9d93f822f..f11fc5be0a 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -38,14 +38,14 @@ #define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */ -#if !defined(MBEDTLS_ARC4_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_ARC4_ALT) +// Regular implementation +// + /** * \brief ARC4 context structure * @@ -61,6 +61,10 @@ typedef struct } mbedtls_arc4_context; +#else /* MBEDTLS_ARC4_ALT */ +#include "arc4_alt.h" +#endif /* MBEDTLS_ARC4_ALT */ + /** * \brief Initialize ARC4 context * @@ -118,18 +122,6 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, unsigned char *output ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_ARC4_ALT */ -#include "arc4_alt.h" -#endif /* MBEDTLS_ARC4_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index c0ef5a04cc..22479be5ae 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -44,14 +44,14 @@ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ -#if !defined(MBEDTLS_BLOWFISH_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_BLOWFISH_ALT) +// Regular implementation +// + /** * \brief Blowfish context structure */ @@ -62,6 +62,10 @@ typedef struct } mbedtls_blowfish_context; +#else /* MBEDTLS_BLOWFISH_ALT */ +#include "blowfish_alt.h" +#endif /* MBEDTLS_BLOWFISH_ALT */ + /** * \brief Initialize Blowfish context * @@ -198,8 +202,4 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, } #endif -#else /* MBEDTLS_BLOWFISH_ALT */ -#include "blowfish_alt.h" -#endif /* MBEDTLS_BLOWFISH_ALT */ - #endif /* blowfish.h */ diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index cf07629d9b..f0466bfd7e 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -40,14 +40,14 @@ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ -#if !defined(MBEDTLS_CAMELLIA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_CAMELLIA_ALT) +// Regular implementation +// + /** * \brief CAMELLIA context structure */ @@ -58,6 +58,10 @@ typedef struct } mbedtls_camellia_context; +#else /* MBEDTLS_CAMELLIA_ALT */ +#include "camellia_alt.h" +#endif /* MBEDTLS_CAMELLIA_ALT */ + /** * \brief Initialize CAMELLIA context * @@ -211,18 +215,6 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_CAMELLIA_ALT */ -#include "camellia_alt.h" -#endif /* MBEDTLS_CAMELLIA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 5a1a636522..b0a82df9b8 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -46,14 +46,14 @@ #define MBEDTLS_DES_KEY_SIZE 8 -#if !defined(MBEDTLS_DES_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_DES_ALT) +// Regular implementation +// + /** * \brief DES context structure * @@ -67,6 +67,10 @@ typedef struct } mbedtls_des_context; +#else /* MBEDTLS_DES_ALT */ +#include "des_alt.h" +#endif /* MBEDTLS_DES_ALT */ + /** * \brief Triple-DES context structure */ @@ -331,17 +335,6 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, */ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_DES_ALT */ -#include "des_alt.h" -#endif /* MBEDTLS_DES_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif /** * \brief Checkup routine diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 0fd8b5afcc..08e75b247b 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ -#if !defined(MBEDTLS_MD2_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD2_ALT) +// Regular implementation +// + /** * \brief MD2 context structure * @@ -64,6 +64,10 @@ typedef struct } mbedtls_md2_context; +#else /* MBEDTLS_MD2_ALT */ +#include "md2_alt.h" +#endif /* MBEDTLS_MD2_ALT */ + /** * \brief Initialize MD2 context * @@ -235,18 +239,6 @@ MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD2_ALT */ -#include "md2_alt.h" -#endif /* MBEDTLS_MD2_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD2( input buffer ) * diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 23fa95e46a..8ee4e5cabf 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -40,14 +40,14 @@ #define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ -#if !defined(MBEDTLS_MD4_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD4_ALT) +// Regular implementation +// + /** * \brief MD4 context structure * @@ -64,6 +64,10 @@ typedef struct } mbedtls_md4_context; +#else /* MBEDTLS_MD4_ALT */ +#include "md4_alt.h" +#endif /* MBEDTLS_MD4_ALT */ + /** * \brief Initialize MD4 context * @@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD4_ALT */ -#include "md4_alt.h" -#endif /* MBEDTLS_MD4_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD4( input buffer ) * diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 06ea4c5d44..43ead4b747 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */ -#if !defined(MBEDTLS_MD5_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD5_ALT) +// Regular implementation +// + /** * \brief MD5 context structure * @@ -63,6 +63,10 @@ typedef struct } mbedtls_md5_context; +#else /* MBEDTLS_MD5_ALT */ +#include "md5_alt.h" +#endif /* MBEDTLS_MD5_ALT */ + /** * \brief Initialize MD5 context * @@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD5_ALT */ -#include "md5_alt.h" -#endif /* MBEDTLS_MD5_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD5( input buffer ) * diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 3a8b50a621..a0dac0c360 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ -#if !defined(MBEDTLS_RIPEMD160_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_RIPEMD160_ALT) +// Regular implementation +// + /** * \brief RIPEMD-160 context structure */ @@ -54,6 +54,10 @@ typedef struct } mbedtls_ripemd160_context; +#else /* MBEDTLS_RIPEMD160_ALT */ +#include "ripemd160.h" +#endif /* MBEDTLS_RIPEMD160_ALT */ + /** * \brief Initialize RIPEMD-160 context * @@ -178,18 +182,6 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_RIPEMD160_ALT */ -#include "ripemd160_alt.h" -#endif /* MBEDTLS_RIPEMD160_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = RIPEMD-160( input buffer ) * diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 05540cde12..5fd02d3c0c 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA1_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA1_ALT) +// Regular implementation +// + /** * \brief The SHA-1 context structure. * @@ -63,6 +63,10 @@ typedef struct } mbedtls_sha1_context; +#else /* MBEDTLS_SHA1_ALT */ +#include "sha1_alt.h" +#endif /* MBEDTLS_SHA1_ALT */ + /** * \brief This function initializes a SHA-1 context. * @@ -240,18 +244,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA1_ALT */ -#include "sha1_alt.h" -#endif /* MBEDTLS_SHA1_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief This function calculates the SHA-1 checksum of a buffer. * diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index ffb16c277a..8d7a1f733e 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA256_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA256_ALT) +// Regular implementation +// + /** * \brief The SHA-256 context structure. * @@ -61,6 +61,10 @@ typedef struct } mbedtls_sha256_context; +#else /* MBEDTLS_SHA256_ALT */ +#include "sha256_alt.h" +#endif /* MBEDTLS_SHA256_ALT */ + /** * \brief This function initializes a SHA-256 context. * @@ -196,17 +200,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA256_ALT */ -#include "sha256_alt.h" -#endif /* MBEDTLS_SHA256_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif /** * \brief This function calculates the SHA-224 or SHA-256 diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 8404a2d599..c4eb5a93c7 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA512_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA512_ALT) +// Regular implementation +// + /** * \brief The SHA-512 context structure. * @@ -61,6 +61,10 @@ typedef struct } mbedtls_sha512_context; +#else /* MBEDTLS_SHA512_ALT */ +#include "sha512_alt.h" +#endif /* MBEDTLS_SHA512_ALT */ + /** * \brief This function initializes a SHA-512 context. * @@ -198,18 +202,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process( #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA512_ALT */ -#include "sha512_alt.h" -#endif /* MBEDTLS_SHA512_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief This function calculates the SHA-512 or SHA-384 * checksum of a buffer. diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index 34ccee3c22..8df708a3a5 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ #define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */ -#if !defined(MBEDTLS_XTEA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_XTEA_ALT) +// Regular implementation +// + /** * \brief XTEA context structure */ @@ -56,6 +56,10 @@ typedef struct } mbedtls_xtea_context; +#else /* MBEDTLS_XTEA_ALT */ +#include "xtea_alt.h" +#endif /* MBEDTLS_XTEA_ALT */ + /** * \brief Initialize XTEA context * @@ -115,18 +119,6 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_XTEA_ALT */ -#include "xtea_alt.h" -#endif /* MBEDTLS_XTEA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * From 4e6d55d14d1156c20f184640d9b259402da579f5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 7 Feb 2018 16:36:15 +0200 Subject: [PATCH 0908/1059] Add new modules to the refactoring Add new alternative supported modules to the new arcitecture design --- include/mbedtls/ccm.h | 22 ++++++++-------------- include/mbedtls/cmac.h | 16 ++++------------ include/mbedtls/dhm.h | 19 ++++++------------- include/mbedtls/ecjpake.h | 20 +++++++------------- include/mbedtls/gcm.h | 20 ++++++-------------- include/mbedtls/rsa.h | 24 ++++++++---------------- 6 files changed, 39 insertions(+), 82 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 630b7fdf6c..48f73edda7 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -40,14 +40,15 @@ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ -#if !defined(MBEDTLS_CCM_ALT) -// Regular implementation -// #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_CCM_ALT) +// Regular implementation +// + /** * \brief The CCM context-type definition. The CCM context is passed * to the APIs called. @@ -57,6 +58,10 @@ typedef struct { } mbedtls_ccm_context; +#else /* MBEDTLS_CCM_ALT */ +#include "ccm_alt.h" +#endif /* MBEDTLS_CCM_ALT */ + /** * \brief This function initializes the specified CCM context, * to make references valid, and prepare the context @@ -148,17 +153,6 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_CCM_ALT */ -#include "ccm_alt.h" -#endif /* MBEDTLS_CCM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /** diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 628c9daba2..bb203cf686 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -61,6 +61,10 @@ struct mbedtls_cmac_context_t size_t unprocessed_len; }; +#else /* !MBEDTLS_CMAC_ALT */ +#include "cmac_alt.h" +#endif /* !MBEDTLS_CMAC_ALT */ + /** * \brief This function sets the CMAC key, and prepares to authenticate * the input data. @@ -180,18 +184,6 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, unsigned char output[16] ); #endif /* MBEDTLS_AES_C */ -#ifdef __cplusplus -} -#endif - -#else /* !MBEDTLS_CMAC_ALT */ -#include "cmac_alt.h" -#endif /* !MBEDTLS_CMAC_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) /** * \brief The CMAC checkup routine. diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 00fafd8d16..1bf572abeb 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -65,7 +65,6 @@ #include MBEDTLS_CONFIG_FILE #endif #include "bignum.h" -#if !defined(MBEDTLS_DHM_ALT) /* * DHM Error codes @@ -86,6 +85,8 @@ extern "C" { #endif +#if !defined(MBEDTLS_DHM_ALT) + /** * \brief The DHM context structure. */ @@ -105,6 +106,10 @@ typedef struct } mbedtls_dhm_context; +#else /* MBEDTLS_DHM_ALT */ +#include "dhm_alt.h" +#endif /* MBEDTLS_DHM_ALT */ + /** * \brief This function initializes the DHM context. * @@ -282,18 +287,6 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_DHM_ALT */ -#include "dhm_alt.h" -#endif /* MBEDTLS_DHM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The DMH checkup routine. * diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index d86e8207f1..cc2b316f5e 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -44,8 +44,6 @@ #include "ecp.h" #include "md.h" -#if !defined(MBEDTLS_ECJPAKE_ALT) - #ifdef __cplusplus extern "C" { #endif @@ -58,6 +56,7 @@ typedef enum { MBEDTLS_ECJPAKE_SERVER, /**< Server */ } mbedtls_ecjpake_role; +#if !defined(MBEDTLS_ECJPAKE_ALT) /** * EC J-PAKE context structure. * @@ -88,6 +87,10 @@ typedef struct mbedtls_mpi s; /**< Pre-shared secret (passphrase) */ } mbedtls_ecjpake_context; +#else /* MBEDTLS_ECJPAKE_ALT */ +#include "ecjpake_alt.h" +#endif /* MBEDTLS_ECJPAKE_ALT */ + /** * \brief Initialize a context * (just makes it ready for setup() or free()). @@ -225,20 +228,10 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, */ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); -#ifdef __cplusplus -} -#endif -#else /* MBEDTLS_ECJPAKE_ALT */ -#include "ecjpake_alt.h" -#endif /* MBEDTLS_ECJPAKE_ALT */ #if defined(MBEDTLS_SELF_TEST) -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * @@ -246,10 +239,11 @@ extern "C" { */ int mbedtls_ecjpake_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif -#endif /* MBEDTLS_SELF_TEST */ #endif /* ecjpake.h */ diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 1e5a507a26..c2965e9779 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -42,12 +42,12 @@ #define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ -#if !defined(MBEDTLS_GCM_ALT) - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_GCM_ALT) + /** * \brief The GCM context structure. */ @@ -66,6 +66,10 @@ typedef struct { } mbedtls_gcm_context; +#else /* !MBEDTLS_GCM_ALT */ +#include "gcm_alt.h" +#endif /* !MBEDTLS_GCM_ALT */ + /** * \brief This function initializes the specified GCM context, * to make references valid, and prepares the context @@ -236,18 +240,6 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); -#ifdef __cplusplus -} -#endif - -#else /* !MBEDTLS_GCM_ALT */ -#include "gcm_alt.h" -#endif /* !MBEDTLS_GCM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The GCM checkup routine. * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 5548f3c127..6ede7cb1cb 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -76,14 +76,14 @@ * eg for alternative (PKCS#11) RSA implemenations in the PK layers. */ -#if !defined(MBEDTLS_RSA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_RSA_ALT) +// Regular implementation +// + /** * \brief The RSA context structure. * @@ -128,6 +128,10 @@ typedef struct } mbedtls_rsa_context; +#else /* MBEDTLS_RSA_ALT */ +#include "rsa_alt.h" +#endif /* MBEDTLS_RSA_ALT */ + /** * \brief This function initializes an RSA context. * @@ -1112,18 +1116,6 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_RSA_ALT */ -#include "rsa_alt.h" -#endif /* MBEDTLS_RSA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The RSA checkup routine. * From 1c9f9be9a29b7b4d02b17877702369132515c9ed Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 7 Feb 2018 16:40:17 +0200 Subject: [PATCH 0909/1059] update ChangeLog Update ChangeLog with suggested rephrasing --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4249de7666..a00ad1beb5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -138,7 +138,7 @@ Changes * Put the Cryptographic API outside of the XXX_ALT macro check, so alternative header file will not need to redefined the same API, and to force alternative implementer to use the same API. - + = mbed TLS 2.7.0 branch released 2018-02-03 Security From 810e650c707f9bce7d5eb679f2f5ecc85b32abc3 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 1 Apr 2018 15:59:58 +0300 Subject: [PATCH 0910/1059] Adjust more modules to new design Add `ecp.h` anf `timing.h` to new XXX_alt design --- ChangeLog | 2 +- include/mbedtls/ecp.h | 16 ++++++++-------- include/mbedtls/timing.h | 24 ++++++++---------------- 3 files changed, 17 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index a00ad1beb5..4249de7666 100644 --- a/ChangeLog +++ b/ChangeLog @@ -138,7 +138,7 @@ Changes * Put the Cryptographic API outside of the XXX_ALT macro check, so alternative header file will not need to redefined the same API, and to force alternative implementer to use the same API. - + = mbed TLS 2.7.0 branch released 2018-02-03 Security diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index d8c68233dc..fe346141a5 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -39,6 +39,10 @@ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ +#ifdef __cplusplus +extern "C" { +#endif + #if !defined(MBEDTLS_ECP_ALT) /* * default mbed TLS elliptic curve arithmetic implementation @@ -48,10 +52,6 @@ * one.) */ -#ifdef __cplusplus -extern "C" { -#endif - /** * Domain parameters (curve, subgroup and generator) identifiers. * @@ -237,6 +237,10 @@ mbedtls_ecp_keypair; #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ +#else /* MBEDTLS_ECP_ALT */ +#include "ecp_alt.h" +#endif /* MBEDTLS_ECP_ALT */ + /* * Some other constants from RFC 4492 */ @@ -679,8 +683,4 @@ int mbedtls_ecp_self_test( int verbose ); } #endif -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - #endif /* ecp.h */ diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 2c497bf4eb..bbcb90688a 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -30,16 +30,16 @@ #include MBEDTLS_CONFIG_FILE #endif -#if !defined(MBEDTLS_TIMING_ALT) -// Regular implementation -// - #include #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_TIMING_ALT) +// Regular implementation +// + /** * \brief timer structure */ @@ -58,6 +58,10 @@ typedef struct uint32_t fin_ms; } mbedtls_timing_delay_context; +#else /* MBEDTLS_TIMING_ALT */ +#include "timing_alt.h" +#endif /* MBEDTLS_TIMING_ALT */ + extern volatile int mbedtls_timing_alarmed; /** @@ -133,18 +137,6 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); */ int mbedtls_timing_get_delay( void *data ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_TIMING_ALT */ -#include "timing_alt.h" -#endif /* MBEDTLS_TIMING_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - #if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine From 19d392b2581d1bded5ba61051b8b6343c0511b78 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 2 Apr 2018 07:25:26 -0700 Subject: [PATCH 0911/1059] Fix compatibility problem in the printed message Replace %zu with %lu and add cast for the printed value. --- library/ssl_tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a3515e1dc8..36899f3b88 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2425,8 +2425,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %zu were requested", - ret, len ) ); + ( "f_recv returned %d bytes but only %lu were requested", + ret, (unsigned long)len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2480,8 +2480,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %zu bytes were sent", - ret, ssl->out_left ) ); + ( "f_send returned %d bytes but only %lu bytes were sent", + ret, (unsigned long)ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } From 0cbe816bfc8ba361d25920d09114eb8bc3ffb99a Mon Sep 17 00:00:00 2001 From: Kevin Luty Date: Mon, 2 Apr 2018 10:01:16 -0500 Subject: [PATCH 0912/1059] ChangeLog updated and returning proper value --- ChangeLog | 2 ++ programs/pkey/pk_sign.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e7abd5ce60..8d9ffd6eaf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,8 @@ Bugfix * Fix leap year calculation in x509_date_is_valid() to ensure that invalid dates on leap years with 100 and 400 intervals are handled correctly. Found by Nicholas Wilson. #694 + * Fix overriding and ignoring return values when parsing and writing to + a file in pk_sign program. Found by kevlut in #1142. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 06ad3ee225..1d97be757d 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -168,7 +168,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + return( ret ? EXIT_FAILURE : EXIT_SUCCESS ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && From b364053a8718bb76e364dfe3df01e0f4d3eab97a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 3 Apr 2018 06:16:04 -0400 Subject: [PATCH 0913/1059] pk_sign: add stdlib include --- programs/pkey/pk_sign.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 1d97be757d..55df95e49d 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_snprintf snprintf #define mbedtls_printf printf #endif From f4e5b7e87de2484f0e3dbb9d11e87dd275874cd0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Apr 2018 16:28:09 +0100 Subject: [PATCH 0914/1059] Additionally initialize fd_set's via memset in mbedtls_net_poll The initialization via FD_SET is not seen by memory sanitizers if FD_SET is implemented through assembly. Additionally zeroizing the respective fd_set's before calling FD_SET contents the sanitizers and comes at a negligible computational overhead. --- library/net_sockets.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index cdc237642b..f99d339ff0 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -275,7 +275,7 @@ static int net_would_block( const mbedtls_net_context *ctx ) static int net_would_block( const mbedtls_net_context *ctx ) { int err = errno; - + /* * Never return 'WOULD BLOCK' on a non-blocking socket */ @@ -459,6 +459,12 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) if( fd < 0 ) return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + /* Ensure that memory sanitizers consider + * read_fds and write_fds as initialized even + * if FD_ZERO is implemented in assembly. */ + memset( &read_fds, 0, sizeof( read_fds ) ); + memset( &write_fds, 0, sizeof( write_fds ) ); + FD_ZERO( &read_fds ); if( rw & MBEDTLS_NET_POLL_READ ) { From d6953b58d74fb721edf71c825355d76d93b64129 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Apr 2018 09:09:29 +0200 Subject: [PATCH 0915/1059] Improve changelog entry --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 71f69ee208..72f00e9fe8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,8 +23,8 @@ Changes Contributed by Mathieu Briand. * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. * Remove support for the library reference configuration for picocoin. - * Verify that when (f_send, f_recv and f_recv_timeout) send or receive - more than the required length an error is returned. Raised by + * In the SSL module, when f_send, f_recv or f_recv_timeout report + transmitting more than the required length, return an error. Raised by Sam O'Connor in #1245. = mbed TLS 2.7.0 branch released 2018-02-03 From 557e77d9a31c5bad6930dde800ba46939151a834 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Apr 2018 09:18:11 +0200 Subject: [PATCH 0916/1059] Add ChangeLog entry --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3572b8d30b..79529430b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ Features * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables during runtime, thereby reducing the RAM/ROM footprint by ~6kb. Suggested and contributed by jkivilin in #394. + * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and + ECDH primitive functions (mbedtls_ecdh_gen_public(), + mbedtls_ecdh_compute_shared()) are supported for now. Contributed by + Nicholas Wilson (#348). Bugfix * Fix spurious uninitialized variable warning in cmac.c. Fix independently From e4d3b7f86074e32d907867d72ee52507b47b3457 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Apr 2018 09:28:48 +0200 Subject: [PATCH 0917/1059] Fix merge glitch in ChangeLog --- ChangeLog | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 70e9bb679d..b772c3fd2d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -326,7 +326,6 @@ Changes implementation. * Add explicit warnings for the use of MD2, MD4, MD5, SHA-1, DES and ARC4 throughout the library. ->>>>>>> development = mbed TLS 2.6.0 branch released 2017-08-10 From 73b183c3bb6e729bcd3b47804de52fdc9194940c Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Thu, 5 Apr 2018 10:20:09 +0200 Subject: [PATCH 0918/1059] Add buffer size check before cert_type_len read --- library/ssl_cli.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e4b2c993f0..84f2f3d004 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2659,6 +2659,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) buf = ssl->in_msg; /* certificate_types */ + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + } cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; n = cert_type_len; From cd09fc812dcbfbee63e69f243381d7d0343fc54c Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Thu, 5 Apr 2018 14:48:18 +0200 Subject: [PATCH 0919/1059] Remove a redundant test --- library/ssl_cli.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 84f2f3d004..e74f5dd693 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2728,14 +2728,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif n += 2 + sig_alg_len; - - if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); - } } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From 94d49978eb8ac94f97c8c5f15aad9d45fe30efc1 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Thu, 5 Apr 2018 14:48:55 +0200 Subject: [PATCH 0920/1059] Improve comments style --- library/ssl_cli.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e74f5dd693..65b2c7656e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2670,7 +2670,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) n = cert_type_len; /* - * In the subsequent code there are two paths that make read from buf: + * In the subsequent code there are two paths that read from buf: * * the length of the signature algorithms field (if minor version of * SSL is 3), * * distinguished name length otherwise. @@ -2699,12 +2699,12 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif /* - * The farthes access in buf is in the loop few lines below: + * The furthest access in buf is in the loop few lines below: * sig_alg[i + 1], * where: * sig_alg = buf + ...hdr_len + 3 + n, * max(i) = sig_alg_len - 1. - * Therefore the farthest access is: + * Therefore the furthest access is: * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1], * which reduces to: * buf[...hdr_len + 3 + n + sig_alg_len], From ec4733b645f8a3402c4e4adf454dab5ae565126a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 5 Apr 2018 14:55:47 +0200 Subject: [PATCH 0921/1059] Make the memset call prior to FD_ZERO conditional to needing it Zeroing out an fd_set before calling FD_ZERO on it is in principle useless, but without it some memory sanitizers think the fd_set is still uninitialized after FD_ZERO (e.g. clang-msan/Glibc/x86_64 where FD_ZERO is implemented in assembly). Make the zeroing conditional on using a memory sanitizer. --- library/net_sockets.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index f99d339ff0..7b4a423ccd 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -459,11 +459,15 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) if( fd < 0 ) return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); - /* Ensure that memory sanitizers consider - * read_fds and write_fds as initialized even - * if FD_ZERO is implemented in assembly. */ +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) + /* Ensure that memory sanitizers consider read_fds and write_fds as + * initialized even on platforms such as Glibc/x86_64 where FD_ZERO + * is implemented in assembly. */ memset( &read_fds, 0, sizeof( read_fds ) ); memset( &write_fds, 0, sizeof( write_fds ) ); +#endif +#endif FD_ZERO( &read_fds ); if( rw & MBEDTLS_NET_POLL_READ ) From 5053efde33ef1777b8791e4b34338fb13a66c663 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 5 Apr 2018 15:25:50 +0200 Subject: [PATCH 0922/1059] Warn if using a memory sanitizer on AESNI Clang-Msan is known to report spurious errors when MBEDTLS_AESNI_C is enabled, due to the use of assembly code. The error reports don't mention AES, so they can be difficult to trace back to the use of AES-NI. Warn about this potential problem at compile time. --- library/aesni.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/aesni.c b/library/aesni.c index 1ca3c3ef5b..062708b047 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -32,6 +32,12 @@ #if defined(MBEDTLS_AESNI_C) +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) +#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code." +#endif +#endif + #include "mbedtls/aesni.h" #include From c33c7c8363e998a0d7b54f1f310372757c67ada4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 5 Apr 2018 15:57:56 +0200 Subject: [PATCH 0923/1059] Copy DartConfiguration.tcl, needed for make memcheck --- CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8b26e6e7c7..e9a632e9bf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -192,4 +192,8 @@ endif() # Make scripts needed for testing available in an out-of-source build. if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) link_to_source(scripts) + # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to + # keep things simple with the sed commands in the memcheck target. + configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl + ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY) endif() From 7869680e41e09e2aa1d24529099b86e08acfe1e3 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 6 Apr 2018 11:23:22 +0100 Subject: [PATCH 0924/1059] Updated abi_check.py docstrings --- scripts/abi_check.py | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 98d8be422b..14250d2b9c 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,18 +1,19 @@ #!/usr/bin/env python3 -# -# This file is part of Mbed TLS (https://tls.mbed.org) -# -# Copyright (c) 2018, Arm Limited, All Rights Reserved -# -# Purpose -# -# This script is a small wrapper around the abi-compliance-checker and -# abi-dumper tools, applying them to compare the ABI and API of the library -# files from two different Git revisions within an Mbed TLS repository. -# The results of the comparison are formatted as HTML and stored at -# a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, -# and 2 if there is an error while running the script. -# Note: must be run from Mbed TLS root. +""" +This file is part of Mbed TLS (https://tls.mbed.org) + +Copyright (c) 2018, Arm Limited, All Rights Reserved + +Purpose + +This script is a small wrapper around the abi-compliance-checker and +abi-dumper tools, applying them to compare the ABI and API of the library +files from two different Git revisions within an Mbed TLS repository. +The results of the comparison are formatted as HTML and stored at +a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, +and 2 if there is an error while running the script. +Note: requires Python 3, must be run from Mbed TLS root. +""" import os import sys @@ -205,8 +206,8 @@ def run_main(): " The results of the comparison are formatted as HTML and" " stored at a configurable location. Returns 0 on success, " "1 on ABI/API non-compliance, and 2 if there is an error " - "while running the script. # Note: must be run from " - "Mbed TLS root." + "while running the script. Note: requires Python 3, " + "must be run from Mbed TLS root." ) ) parser.add_argument( From bf027e736a64af33307f15a5d1bd5c491c9b822e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Apr 2018 15:51:19 +0300 Subject: [PATCH 0925/1059] Minor modifications after PR review 1. Move ChangLog entry to correct location 2. Move point formats outside the ECP_ALT check, as it's part of the RFC --- ChangeLog | 6 +++--- include/mbedtls/ecp.h | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4249de7666..a005eb2585 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,9 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. + * Put the Cryptographic API outside of the XXX_ALT macro check, so + alternative header file will not need to redefined the same API, + and to force alternative implementer to use the same API. = mbed TLS 2.8.0 branch released 2018-03-16 @@ -135,9 +138,6 @@ Changes * Clarify the documentation of mbedtls_ssl_setup. * Use (void) when defining functions with no parameters. Contributed by Joris Aerts. #678 - * Put the Cryptographic API outside of the XXX_ALT macro check, so - alternative header file will not need to redefined the same API, - and to force alternative implementer to use the same API. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index fe346141a5..1bc5ac9e64 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -231,16 +231,16 @@ mbedtls_ecp_keypair; /* \} name SECTION: Module settings */ +#else /* MBEDTLS_ECP_ALT */ +#include "ecp_alt.h" +#endif /* MBEDTLS_ECP_ALT */ + /* * Point formats, from RFC 4492's enum ECPointFormat */ #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - /* * Some other constants from RFC 4492 */ From 97f95c9ef3668b762e499907da872e942a8d3b7f Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 13 Feb 2018 15:50:36 -0800 Subject: [PATCH 0926/1059] Avoid small private exponents during RSA key generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Attacks against RSA exist for small D. [Wiener] established this for D < N^0.25. [Boneh] suggests the bound should be N^0.5. Multiple possible values of D might exist for the same set of E, P, Q. The attack works when there exists any possible D that is small. To make sure that the generated key is not susceptible to attack, we need to make sure we have found the smallest possible D, and then check that D is big enough. The Carmichael function λ of p*q is lcm(p-1, q-1), so we can apply Carmichael's theorem to show that D = d mod λ(n) is the smallest. [Wiener] Michael J. Wiener, "Cryptanalysis of Short RSA Secret Exponents" [Boneh] Dan Boneh and Glenn Durfee, "Cryptanalysis of RSA with Private Key d Less than N^0.292" --- library/rsa.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 2185040869..2f72d4064c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -502,7 +502,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, unsigned int nbits, int exponent ) { int ret; - mbedtls_mpi H, G; + mbedtls_mpi H, G, L; if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -512,10 +512,12 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &L ); /* * find primes P and Q with Q < P so that: - * GCD( E, (P-1)*(Q-1) ) == 1 + * 1. GCD( E, (P-1)*(Q-1) ) == 1 + * 2. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) ); @@ -541,9 +543,23 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); + + /* check GCD( E, (P-1)*(Q-1) ) == 1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); + if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) + continue; + + /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) ); + + if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a)) + continue; + + break; } - while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ); + while( 1 ); /* Restore P,Q */ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); @@ -551,16 +567,12 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, ctx->len = mbedtls_mpi_size( &ctx->N ); +#if !defined(MBEDTLS_RSA_NO_CRT) /* - * D = E^-1 mod ((P-1)*(Q-1)) * DP = D mod (P - 1) * DQ = D mod (Q - 1) * QP = Q^-1 mod P */ - - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &H ) ); - -#if !defined(MBEDTLS_RSA_NO_CRT) MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, &ctx->DP, &ctx->DQ, &ctx->QP ) ); #endif /* MBEDTLS_RSA_NO_CRT */ @@ -572,6 +584,7 @@ cleanup: mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &L ); if( ret != 0 ) { From 666892792d98d68f45aac0e3ff3cfda2baa89a57 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 14 Feb 2018 19:24:10 -0800 Subject: [PATCH 0927/1059] Generate primes according to FIPS 186-4 The specification requires that numbers are the raw entropy (except for odd/ even) and at least 2^(nbits-0.5). If not, new random bits need to be used for the next number. Similarly, if the number is not prime new random bits need to be used. --- library/bignum.c | 116 +++++++++++++++++-------------- tests/suites/test_suite_mpi.data | 12 ++++ 2 files changed, 74 insertions(+), 54 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 47bf1ef979..f58af788f7 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2194,12 +2194,23 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, /* * Prime number generation + * + * If dh_flag is 0 and nbits is at least 1024, then the procedure + * follows the RSA probably-prime generation method of FIPS 186-4. + * NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536. */ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret; +#ifdef MBEDTLS_HAVE_INT64 +// ceil(2^63.5) +#define CEIL_MAXUINT_DIV_SQRT2 0xb504f333f9de6485ULL +#else +// ceil(2^31.5) +#define CEIL_MAXUINT_DIV_SQRT2 0xb504f334U +#endif + int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; size_t k, n; mbedtls_mpi_uint r; mbedtls_mpi Y; @@ -2211,69 +2222,66 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, n = BITS_TO_LIMBS( nbits ); - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); - - k = mbedtls_mpi_bitlen( X ); - if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) ); - - mbedtls_mpi_set_bit( X, nbits-1, 1 ); - - X->p[0] |= 1; - - if( dh_flag == 0 ) + while( 1 ) { - while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); + /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */ + if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue; + + k = n * biL; + if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) ); + X->p[0] |= 1; + + if( dh_flag == 0 ) { + ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ); + if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; - - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) ); } - } - else - { - /* - * An necessary condition for Y and X = 2Y + 1 to be prime - * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). - * Make sure it is satisfied, while keeping X = 3 mod 4 - */ - - X->p[0] |= 2; - - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) ); - if( r == 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) ); - else if( r == 1 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) ); - - /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) ); - - while( 1 ) + else { /* - * First, check small factors for X and Y - * before doing Miller-Rabin on any of them + * An necessary condition for Y and X = 2Y + 1 to be prime + * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). + * Make sure it is satisfied, while keeping X = 3 mod 4 */ - if( ( ret = mpi_check_small_factors( X ) ) == 0 && - ( ret = mpi_check_small_factors( &Y ) ) == 0 && - ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && - ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) + + X->p[0] |= 2; + + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) ); + if( r == 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) ); + else if( r == 1 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) ); + + /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) ); + + while( 1 ) { - break; + /* + * First, check small factors for X and Y + * before doing Miller-Rabin on any of them + */ + if( ( ret = mpi_check_small_factors( X ) ) == 0 && + ( ret = mpi_check_small_factors( &Y ) ) == 0 && + ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 && + ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 ) + goto cleanup; + + if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + goto cleanup; + + /* + * Next candidates. We want to preserve Y = (X-1) / 2 and + * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) + * so up Y by 6 and X by 12. + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) ); } - - if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) - goto cleanup; - - /* - * Next candidates. We want to preserve Y = (X-1) / 2 and - * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) - * so up Y by 6 and X by 12. - */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) ); } } diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 17cf350e44..2a2cfce45c 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -688,6 +688,18 @@ Test mbedtls_mpi_gen_prime (OK, minimum size) depends_on:MBEDTLS_GENPRIME mbedtls_mpi_gen_prime:3:0:0 +Test mbedtls_mpi_gen_prime (corner case limb size -1 bits) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:63:0:0 + +Test mbedtls_mpi_gen_prime (corner case limb size) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:64:0:0 + +Test mbedtls_mpi_gen_prime (corner case limb size +1 bits) +depends_on:MBEDTLS_GENPRIME +mbedtls_mpi_gen_prime:65:0:0 + Test mbedtls_mpi_gen_prime (Larger) depends_on:MBEDTLS_GENPRIME mbedtls_mpi_gen_prime:128:0:0 From c645bfe176aa4ab8c7a6a28ad44565c039392cce Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 14 Feb 2018 19:27:13 -0800 Subject: [PATCH 0928/1059] Generate RSA keys according to FIPS 186-4 The specification requires that P and Q are not too close. The specification also requires that you generate a P and stick with it, generating new Qs until you have found a pair that works. In practice, it turns out that sometimes a particular P results in it being very unlikely a Q can be found matching all the constraints. So we keep the original behavior where a new P and Q are generated every round. --- library/rsa.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 2f72d4064c..729e1f735d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -495,6 +495,9 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) /* * Generate an RSA keypair + * + * This generation method follows the RSA key pair generation procedure of + * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072. */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -516,8 +519,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, /* * find primes P and Q with Q < P so that: - * 1. GCD( E, (P-1)*(Q-1) ) == 1 - * 2. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) + * 1. |P-Q| > 2^( nbits / 2 - 100 ) + * 2. GCD( E, (P-1)*(Q-1) ) == 1 + * 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) ); @@ -529,14 +533,13 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) + /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) ); + if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) ) continue; - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); - if( mbedtls_mpi_bitlen( &ctx->N ) != nbits ) - continue; - - if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) + /* not required by any standards, but some users rely on the fact that P > Q */ + if( H.s < 0 ) mbedtls_mpi_swap( &ctx->P, &ctx->Q ); /* Temporarily replace P,Q by P-1, Q-1 */ @@ -544,12 +547,12 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); - /* check GCD( E, (P-1)*(Q-1) ) == 1 */ + /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) continue; - /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) */ + /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) ); @@ -565,6 +568,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); + ctx->len = mbedtls_mpi_size( &ctx->N ); #if !defined(MBEDTLS_RSA_NO_CRT) From cb122373f0f22ae520e6f28cb0fddc023b6f293e Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 11 Apr 2018 08:40:38 -0700 Subject: [PATCH 0929/1059] Update ChangeLog for #1380 --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 9ee82c6853..ae8d86f205 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,7 +42,7 @@ Bugfix mnacamura. * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was unable to parse keys with only the optional parameters field of the - ECPrivateKey structure. Found by jethrogb, fixed in #1379. + ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379. * Return plaintext data sooner on unpadded CBC decryption, as stated in the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. * Fix overriding and ignoring return values when parsing and writing to @@ -93,6 +93,8 @@ Changes * Improve robustness of mbedtls_ssl_derive_keys against the use of HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan Chen in #1377. Fixes #1437. + * Improve security of RSA key generation by including criteria from FIPS + 186-4. Contributed by Jethro Beekman. #1380 = mbed TLS 2.8.0 branch released 2018-03-16 From 3c5f9498e5dedfdb46174b7b479b1f679e1f994e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 11 Jan 2018 19:51:27 +0000 Subject: [PATCH 0930/1059] genereate_visualc_files.pl deletes old files Add a function that deletes all the old Visual Studio prokect files before generating the new ones. This ensure that project files for delete example applications are removed from the repository. --- scripts/generate_visualc_files.pl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 8d36653b4c..0f54239718 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -171,12 +171,22 @@ sub gen_vsx_solution { content_to_file( $out, $vsx_sln_file ); } +sub del_vsx_files { + unlink glob "'$vsx_dir/*.$vsx_ext'"; + unlink $vsx_main_file; + unlink $vsx_sln_file; +} + sub main { if( ! check_dirs() ) { chdir '..' or die; check_dirs or die "Must but run from mbedTLS root or scripts dir\n"; } + # Remove old files to ensure that, for example, project files from deleted + # apps are not kept + del_vsx_files(); + my @app_list = get_app_list(); my @headers = <$header_dir/*.h>; my @sources = <$source_dir/*.c>; From 4c1e2ec286e0b990b62c9708cb4645e36c324654 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 10 Jan 2018 11:03:45 +0000 Subject: [PATCH 0931/1059] Check generated-visualc-files in check-generated-files --- tests/scripts/check-generated-files.sh | 62 ++++++++++++++++++++++---- 1 file changed, 53 insertions(+), 9 deletions(-) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 0400bc7544..f471ad2927 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -1,6 +1,12 @@ -#!/bin/sh +#! /usr/bin/env sh -# check if generated files are up-to-date +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2018, ARM Limited, All Rights Reserved +# +# Purpose +# +# Check if generated files are up-to-date. set -eu @@ -11,14 +17,52 @@ fi check() { - FILE=$1 - SCRIPT=$2 + SCRIPT=$1 + TO_CHECK=$2 + PATTERN="" + + if [ -d $TO_CHECK ]; then + for FILE in $TO_CHECK/*; do + FILES="$FILE $FILES" + done + else + FILES=$TO_CHECK + fi + + for FILE in $FILES; do + cp $FILE $FILE.bak + done - cp $FILE $FILE.bak $SCRIPT - diff $FILE $FILE.bak - mv $FILE.bak $FILE + + # Compare the script output to the old files and remove backups + for FILE in $FILES; do + if ! diff $FILE $FILE.bak >/dev/null 2>&1; then + echo "'$FILE' was either modified or deleted by '$SCRIPT'" + exit 1 + fi + mv $FILE.bak $FILE + + if [ -d $TO_CHECK ]; then + # Create a grep regular expression that we can check against the + # directory contents to test whether new files have been created + if [ -z $PATTERN ]; then + PATTERN="$(basename $FILE)" + else + PATTERN="$PATTERN\|$(basename $FILE)" + fi + fi + done + + if [ -d $TO_CHECK ]; then + # Check if there are any new files + if ls -1 $TO_CHECK | grep -v "$PATTERN" >/dev/null 2>&1; then + echo "Files were created by '$SCRIPT'" + exit 1 + fi + fi } -check library/error.c scripts/generate_errors.pl -check library/version_features.c scripts/generate_features.pl +check scripts/generate_errors.pl library/error.c +check scripts/generate_features.pl library/version_features.c +check scripts/generate_visualc_files.pl visualc/VS2010 From 5121d4b32fbc4b3f8cb37948f1bafa20f70a0d39 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 11 Apr 2018 20:35:19 -0500 Subject: [PATCH 0932/1059] Remove refs to VS6 from generate_visualc_files.pl --- scripts/generate_visualc_files.pl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 0f54239718..e042a4493d 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -1,8 +1,7 @@ #!/usr/bin/perl -# Generate files for MS Visual Studio: -# - for VS6: main project (library) file, individual app files, workspace -# - for VS2010: main file, individual apps, solution file +# Generate main file, individual apps and solution files for MS Visual Studio +# 2010 # # Must be run from mbedTLS root or scripts directory. # Takes no argument. From dfeda4818627d70f1e43e4841fcffc02f24c42a0 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 11 Apr 2018 20:55:22 -0500 Subject: [PATCH 0933/1059] Remove VS project files from deleted example apps --- visualc/VS2010/md5sum.vcxproj | 170 --------------------------------- visualc/VS2010/sha1sum.vcxproj | 170 --------------------------------- visualc/VS2010/sha2sum.vcxproj | 170 --------------------------------- 3 files changed, 510 deletions(-) delete mode 100644 visualc/VS2010/md5sum.vcxproj delete mode 100644 visualc/VS2010/sha1sum.vcxproj delete mode 100644 visualc/VS2010/sha2sum.vcxproj diff --git a/visualc/VS2010/md5sum.vcxproj b/visualc/VS2010/md5sum.vcxproj deleted file mode 100644 index 6f20e57e74..0000000000 --- a/visualc/VS2010/md5sum.vcxproj +++ /dev/null @@ -1,170 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {80FE1ECF-6992-A275-7973-E2976718D128} - Win32Proj - md5sum - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - Windows7.1SDK - - - - - - - - - - - - - - - - - - - true - - - true - - - false - - - false - - - - - - Level3 - Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - - - Level3 - Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - - - MaxSpeed - true - true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - - - MaxSpeed - true - true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/sha1sum.vcxproj b/visualc/VS2010/sha1sum.vcxproj deleted file mode 100644 index 2c3674b45f..0000000000 --- a/visualc/VS2010/sha1sum.vcxproj +++ /dev/null @@ -1,170 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {E91D12D7-01C0-357F-CAB1-8478B096743C} - Win32Proj - sha1sum - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - Windows7.1SDK - - - - - - - - - - - - - - - - - - - true - - - true - - - false - - - false - - - - - - Level3 - Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - - - Level3 - Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - - - MaxSpeed - true - true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - - - MaxSpeed - true - true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/sha2sum.vcxproj b/visualc/VS2010/sha2sum.vcxproj deleted file mode 100644 index b1afb674d7..0000000000 --- a/visualc/VS2010/sha2sum.vcxproj +++ /dev/null @@ -1,170 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {8C5CF095-A0A4-54FB-0D48-8DF2B7FE4CA5} - Win32Proj - sha2sum - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - Windows7.1SDK - - - - - - - - - - - - - - - - - - - true - - - true - - - false - - - false - - - - - - Level3 - Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - - - Level3 - Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - NotSet - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - - - MaxSpeed - true - true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - - - MaxSpeed - true - true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - From c4ec716ec84b456262a8da43903b7afc212e48bc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 11 Apr 2018 21:13:20 -0500 Subject: [PATCH 0934/1059] Fix uninitialized var in check-generated-files.sh --- tests/scripts/check-generated-files.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index f471ad2927..4976bacf5c 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -20,6 +20,7 @@ check() SCRIPT=$1 TO_CHECK=$2 PATTERN="" + FILES="" if [ -d $TO_CHECK ]; then for FILE in $TO_CHECK/*; do From 1152fa83f99489cd22149594e6e2f5a4e9be0234 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 13 Apr 2018 05:15:17 -0400 Subject: [PATCH 0935/1059] Add platform setup and teardown calls to test suites Add a global platform context variable available for tests --- tests/suites/helpers.function | 1 + tests/suites/main_test.function | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index eef41c79a6..9295bfaa5b 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -109,6 +109,7 @@ static struct } test_info; +mbedtls_platform_context platform_ctx; /*----------------------------------------------------------------------------*/ /* Helper flags for complex dependencies */ diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 042085f0ba..9dd792d365 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -281,6 +281,14 @@ int main(int argc, const char *argv[]) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; +#endif + if( mbedtls_platform_setup( &platform_ctx ) ) + { + mbedtls_fprintf( stderr, "FATAL: Failed to initialize platform" ); + return -1; + } +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ + !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); #endif @@ -293,6 +301,7 @@ int main(int argc, const char *argv[]) if( pointer != NULL ) { mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" ); + mbedtls_platform_teardown( &platform_ctx ); return( 1 ); } @@ -302,6 +311,7 @@ int main(int argc, const char *argv[]) if( run_test_snprintf() != 0 ) { mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" ); + mbedtls_platform_teardown( &platform_ctx ); return( 0 ); } @@ -318,6 +328,7 @@ int main(int argc, const char *argv[]) strcmp(next_arg, "-h" ) == 0 ) { mbedtls_fprintf( stdout, USAGE ); + mbedtls_platform_teardown( &platform_ctx ); mbedtls_exit( EXIT_SUCCESS ); } else @@ -357,6 +368,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "Failed to open test file: %s\n", test_filename ); + mbedtls_platform_teardown( &platform_ctx ); return( 1 ); } @@ -366,6 +378,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "FATAL: Dep count larger than zero at start of loop\n" ); + mbedtls_platform_teardown( &platform_ctx ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; @@ -402,6 +415,7 @@ int main(int argc, const char *argv[]) if( unmet_dependencies[ unmet_dep_count ] == NULL ) { mbedtls_fprintf( stderr, "FATAL: Out of memory\n" ); + mbedtls_platform_teardown( &platform_ctx ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; @@ -428,6 +442,7 @@ int main(int argc, const char *argv[]) if( stdout_fd == -1 ) { /* Redirection has failed with no stdout so exit */ + mbedtls_platform_teardown( &platform_ctx ); exit( 1 ); } } @@ -439,6 +454,7 @@ int main(int argc, const char *argv[]) if( !option_verbose && restore_output( &stdout, stdout_fd ) ) { /* Redirection has failed with no stdout so exit */ + mbedtls_platform_teardown( &platform_ctx ); exit( 1 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ @@ -490,6 +506,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); fclose( file ); + mbedtls_platform_teardown( &platform_ctx ); mbedtls_exit( 2 ); } else @@ -501,6 +518,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "Should be empty %d\n", (int) strlen( buf ) ); + mbedtls_platform_teardown( &platform_ctx ); return( 1 ); } } @@ -533,5 +551,6 @@ int main(int argc, const char *argv[]) close_output( stdout ); #endif /* __unix__ || __APPLE__ __MACH__ */ + mbedtls_platform_teardown( &platform_ctx ); return( total_errors != 0 ); } From aca09c70263c0abe3bc99d6d2f73e4fe7c4e0729 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 13 Apr 2018 05:18:08 -0400 Subject: [PATCH 0936/1059] Changelog entry Describing platform teardown and setup calls in test suites --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 9ee82c6853..d8f7425275 100644 --- a/ChangeLog +++ b/ChangeLog @@ -93,6 +93,7 @@ Changes * Improve robustness of mbedtls_ssl_derive_keys against the use of HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan Chen in #1377. Fixes #1437. + * Add platform setup and teardown calls in test suites. = mbed TLS 2.8.0 branch released 2018-03-16 From 32a675f032fdc9ef14cb8c171fb187d42b51c998 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 13 Apr 2018 06:16:04 -0400 Subject: [PATCH 0937/1059] Add conditional platform context creation & usage Add another layer of abstraction before calling platform setup and teardown. --- tests/suites/helpers.function | 19 +++++++++++++++++++ tests/suites/main_test.function | 24 ++++++++++++------------ 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 9295bfaa5b..e716318b1d 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -109,7 +109,9 @@ static struct } test_info; +#if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_context platform_ctx; +#endif /*----------------------------------------------------------------------------*/ /* Helper flags for complex dependencies */ @@ -128,6 +130,23 @@ mbedtls_platform_context platform_ctx; /*----------------------------------------------------------------------------*/ /* Helper Functions */ +static int platform_setup() +{ +#if defined(MBEDTLS_PLATFORM_C) + if( mbedtls_platform_setup( &platform_ctx ) ) + { + return -1; + } +#endif /* MBEDTLS_PLATFORM_C */ + return 0; +} + +static void platform_teardown() +{ +#if defined(MBEDTLS_PLATFORM_C) + mbedtls_platform_teardown( &platform_ctx ); +#endif /* MBEDTLS_PLATFORM_C */ +} #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) static int redirect_output( FILE** out_stream, const char* path ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 9dd792d365..e5b404358f 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -282,7 +282,7 @@ int main(int argc, const char *argv[]) !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; #endif - if( mbedtls_platform_setup( &platform_ctx ) ) + if( platform_setup() ) { mbedtls_fprintf( stderr, "FATAL: Failed to initialize platform" ); return -1; @@ -301,7 +301,7 @@ int main(int argc, const char *argv[]) if( pointer != NULL ) { mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( 1 ); } @@ -311,7 +311,7 @@ int main(int argc, const char *argv[]) if( run_test_snprintf() != 0 ) { mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( 0 ); } @@ -328,7 +328,7 @@ int main(int argc, const char *argv[]) strcmp(next_arg, "-h" ) == 0 ) { mbedtls_fprintf( stdout, USAGE ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); mbedtls_exit( EXIT_SUCCESS ); } else @@ -368,7 +368,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "Failed to open test file: %s\n", test_filename ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( 1 ); } @@ -378,7 +378,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "FATAL: Dep count larger than zero at start of loop\n" ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count = 0; @@ -415,7 +415,7 @@ int main(int argc, const char *argv[]) if( unmet_dependencies[ unmet_dep_count ] == NULL ) { mbedtls_fprintf( stderr, "FATAL: Out of memory\n" ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; @@ -441,8 +441,8 @@ int main(int argc, const char *argv[]) stdout_fd = redirect_output( &stdout, "/dev/null" ); if( stdout_fd == -1 ) { + platform_teardown(); /* Redirection has failed with no stdout so exit */ - mbedtls_platform_teardown( &platform_ctx ); exit( 1 ); } } @@ -454,7 +454,7 @@ int main(int argc, const char *argv[]) if( !option_verbose && restore_output( &stdout, stdout_fd ) ) { /* Redirection has failed with no stdout so exit */ - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); exit( 1 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ @@ -506,7 +506,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); fclose( file ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); mbedtls_exit( 2 ); } else @@ -518,7 +518,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "Should be empty %d\n", (int) strlen( buf ) ); - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( 1 ); } } @@ -551,6 +551,6 @@ int main(int argc, const char *argv[]) close_output( stdout ); #endif /* __unix__ || __APPLE__ __MACH__ */ - mbedtls_platform_teardown( &platform_ctx ); + platform_teardown(); return( total_errors != 0 ); } From 819d13dfff96df5aa82f38b8e436ae43c26227a0 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 09:35:15 +0100 Subject: [PATCH 0938/1059] Update aes.h fixed missing multiple returns on mbedtls_aes_setkey_enc --- include/mbedtls/aes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index c82d39a402..3c5b1336b2 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -116,7 +116,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); *
  • 256 bits
    • * * \return \c 0 on success. - * #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. + * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ); From bd9571a01eb29d2be7dab23925de213021f21d0a Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 09:45:12 +0100 Subject: [PATCH 0939/1059] Update ccm.h minor changes based on comments --- include/mbedtls/ccm.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 93ec157d88..f354ef9fbd 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -118,6 +118,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * 4, 6, 8, 10, 12, 14 or 16. * * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, @@ -143,8 +144,8 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param tag_len The length of the tag in Bytes. * 4, 6, 8, 10, 12, 14 or 16. * - * \return 0 if successful and authenticated. - * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. + * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, From b5607bf61d80d08520dd557e2041599940d2f077 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 10:34:51 +0100 Subject: [PATCH 0940/1059] Update cipher.h minor changes based on comments --- include/mbedtls/cipher.h | 59 ++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 216771517a..3ecae9b06b 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -72,8 +72,8 @@ extern "C" { * \brief Supported cipher types. * * \warning ARC4 and DES are considered weak ciphers and their use - * constitutes a security risk. We recommend you consider using - * stronger ciphers instead. + * constitutes a security risk. Arm recommends considering stronger + * ciphers instead. */ typedef enum { MBEDTLS_CIPHER_ID_NONE = 0, /**< None. */ @@ -90,7 +90,7 @@ typedef enum { * \brief Supported {cipher type, cipher mode} pairs. * * \warning ARC4 and DES are considered weak ciphers and their use - * constitutes a security risk. We recommend considering stronger + * constitutes a security risk. Arm recommends considering stronger * ciphers instead. */ typedef enum { @@ -228,8 +228,10 @@ typedef struct { */ unsigned int iv_size; - /** Flags to set. For example, if the cipher - supports variable IV sizes or variable key sizes. */ + /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and + * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the + * cipher supports variable IV or variable key sizes, respectively. + */ int flags; /** The block size, in Bytes. */ @@ -312,7 +314,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher * \param cipher_type Type of the cipher to search for. * * \return The cipher information structure associated with the - * given \p cipher_type, or NULL if not found. + * given \p cipher_type. + * \return NULL if the associated cipher information is not found. */ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); @@ -405,9 +408,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * * \param ctx The context of the cipher. Must be initialized. * - * \return The recommended IV size, if no IV has been set. - * 0 for ciphers not using IV or nonce. - * \return The actual size, if an IV has been set. + * \return The recommended IV size if no IV has been set. + * \return 0 for ciphers not using IV or nonce. + * \return The actual size if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { @@ -475,10 +478,8 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t * * \param ctx The context of the cipher. Must be initialized. * - * \return The type of operation: #MBEDTLS_ENCRYPT or - * #MBEDTLS_DECRYPT. - * \return #MBEDTLS_OPERATION_NONE if \p ctx - * has not been initialized. + * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. + * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized. */ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx ) { @@ -499,10 +500,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci * \param operation The operation that the key will be used for: * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * parameter verification fails. - * \return A cipher-specific error code. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation ); @@ -517,7 +518,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k * \param ctx The generic cipher context. * \param mode The padding mode. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE * if the selected padding mode is not supported. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode @@ -538,7 +539,7 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph * \param iv_len The IV length for ciphers with variable-size IV. * This parameter is discarded by ciphers with fixed-size IV. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on failure. */ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, @@ -549,7 +550,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, * * \param ctx The generic cipher context. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA * if parameter verification fails. */ @@ -596,12 +597,12 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * \param olen The length of the output data, to be updated with the * actual number of Bytes written. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * parameter verification fails. * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an * unsupported mode for a cipher. - * \return A cipher-specific error code. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ); @@ -616,15 +617,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * \param output The buffer to write data to. Needs block_size available. * \param olen The length of the data written to the \p output buffer. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if * parameter verification fails. * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption * expected a full block but was not provided one. * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * while decrypting. - * \return A cipher-specific error code on failure for any other - * reason. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ); @@ -681,14 +681,13 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * \note Some ciphers do not use IVs nor nonce. For these * ciphers, use \p iv = NULL and \p iv_len = 0. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption * expected a full block but was not provided one. * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * while decrypting. - * \return A cipher-specific error code on failure for any other - * reason. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -714,9 +713,9 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * \param tag The buffer for the authentication tag. * \param tag_len The desired length of the authentication tag. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. - * \return A cipher-specific error code. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -747,10 +746,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * \param tag The buffer holding the authentication tag. * \param tag_len The length of the authentication tag. * - * \returns \c 0 on success. + * \return \c 0 on success. * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. - * \return A cipher-specific error code on failure for any other reason. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, From c138bb7b052251401e568df4daef69404a727a4c Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 11:11:25 +0100 Subject: [PATCH 0941/1059] Update cmac.h minor changes based on comments --- include/mbedtls/cmac.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index b9c6f22104..0ada7421b5 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -76,8 +76,8 @@ struct mbedtls_cmac_context_t * \param keybits The length of the CMAC key in bits. * Must be supported by the cipher. * - * \returns \c 0 on success. - * \returns A cipher-specific error code on failure. + * \return \c 0 on success. + * \return A cipher-specific error code on failure. */ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, const unsigned char *key, size_t keybits ); @@ -94,8 +94,8 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, @@ -112,8 +112,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, * \param ctx The cipher context used for the CMAC operation. * \param output The output buffer for the CMAC checksum result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, @@ -129,8 +129,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, * * \param ctx The cipher context used for the CMAC operation. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); @@ -153,8 +153,8 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); * \param ilen The length of the input data. * \param output The buffer for the generic CMAC result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, From a282270a10b42fb0d4d109c3e96ccc745f2095cf Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 16 Apr 2018 06:33:28 -0400 Subject: [PATCH 0942/1059] Add explicit checks for non-zero result of platform setup in test suites --- tests/suites/helpers.function | 2 +- tests/suites/main_test.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index e716318b1d..c436fbb87a 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -133,7 +133,7 @@ mbedtls_platform_context platform_ctx; static int platform_setup() { #if defined(MBEDTLS_PLATFORM_C) - if( mbedtls_platform_setup( &platform_ctx ) ) + if( mbedtls_platform_setup( &platform_ctx ) != 0 ) { return -1; } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index e5b404358f..8d7e477694 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -282,7 +282,7 @@ int main(int argc, const char *argv[]) !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; #endif - if( platform_setup() ) + if( platform_setup() != 0 ) { mbedtls_fprintf( stderr, "FATAL: Failed to initialize platform" ); return -1; From 418527b041e2c147ed604221d7b58d1143e953ff Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 16 Apr 2018 12:02:29 +0100 Subject: [PATCH 0943/1059] Fix minor issues with command line options --- scripts/abi_check.py | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 14250d2b9c..8f9cd0f43f 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -12,7 +12,7 @@ files from two different Git revisions within an Mbed TLS repository. The results of the comparison are formatted as HTML and stored at a configurable location. Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error while running the script. -Note: requires Python 3, must be run from Mbed TLS root. +Note: must be run from Mbed TLS root. """ import os @@ -199,31 +199,30 @@ def run_main(): try: parser = argparse.ArgumentParser( description=( - "This script is a small wrapper around the " - "abi-compliance-checker and abi-dumper tools, applying them " - "to compare the ABI and API of the library files from two " - "different Git revisions within an Mbed TLS repository." - " The results of the comparison are formatted as HTML and" - " stored at a configurable location. Returns 0 on success, " - "1 on ABI/API non-compliance, and 2 if there is an error " - "while running the script. Note: requires Python 3, " - "must be run from Mbed TLS root." + """This script is a small wrapper around the + abi-compliance-checker and abi-dumper tools, applying them + to compare the ABI and API of the library files from two + different Git revisions within an Mbed TLS repository. + The results of the comparison are formatted as HTML and stored + at a configurable location. Returns 0 on success, 1 on ABI/API + non-compliance, and 2 if there is an error while running the + script. Note: must be run from Mbed TLS root.""" ) ) parser.add_argument( - "-r", "--report_dir", type=str, default="reports", + "-r", "--report-dir", type=str, default="reports", help="directory where reports are stored, default is reports", ) parser.add_argument( - "-k", "--keep_all_reports", action="store_true", + "-k", "--keep-all-reports", action="store_true", help="keep all reports, even if there are no compatibility issues", ) parser.add_argument( - "-o", "--old_rev", type=str, help="revision for old version", + "-o", "--old-rev", type=str, help="revision for old version", required=True ) parser.add_argument( - "-n", "--new_rev", type=str, help="revision for new version", + "-n", "--new-rev", type=str, help="revision for new version", required=True ) abi_args = parser.parse_args() From f25eb6eef6b53db98b6afa5f4b8463f27c200a48 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 14:51:52 +0100 Subject: [PATCH 0944/1059] Update ctr_drbg.h minor changes based on comments --- include/mbedtls/ctr_drbg.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 5f611dd018..dcbc047924 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -3,10 +3,13 @@ * * \brief This file contains CTR_DRBG definitions and functions. * - * CTR_DRBG is based on AES-256, as defined in NIST SP 800-90A: - * Recommendation for Random Number Generation Using Deterministic - * Random Bit Generators. + * CTR_DRBG is a standardized way of building a PRNG from a block-cipher + * in counter mode operation, as defined in NIST SP 800-90A: + * Recommendation for Random Number Generation Using Deterministic Random + * Bit Generators. * + * The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying + * block cipher. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -286,8 +289,8 @@ int mbedtls_ctr_drbg_random( void *p_rng, * \param path The name of the file. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or - * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on + * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. + * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on * failure. */ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); From 9464d7b6e367407c96bbf1000ecc71d854d14ce1 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 15:28:35 +0100 Subject: [PATCH 0945/1059] Update platform.h Implemented changes based on review comments --- include/mbedtls/platform.h | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 65ae85c190..d50b266b71 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -3,6 +3,14 @@ * * \brief This file contains the definitions and functions of the * Mbed TLS platform abstraction layer. + * + * The platform abstraction layer removes the need for the library + * to directly link to standard C library functions or operating + * system services, making the library easier to port and embed. + * Application developers and users of the library can provide their own + * implementations of these functions, or implementations specific to + * their platform, which can be statically linked to the library or + * dynamically configured at runtime. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved @@ -117,8 +125,8 @@ extern void * (*mbedtls_calloc)( size_t n, size_t size ); extern void (*mbedtls_free)( void *ptr ); /** - * \brief This function allows configuring custom - * memory-management functions. + * \brief This function dynamically sets the memory-management + * functions used by the library, during runtime. * * \param calloc_func The \c calloc function implementation. * \param free_func The \c free function implementation. @@ -142,8 +150,9 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); /** - * \brief This function allows configuring a custom - * \p fprintf function pointer. + * \brief This function dynamically configures the fprintf + * function that is called when the + * mbedtls_fprintf() function is invoked by the library. * * \param fprintf_func The \c fprintf function implementation. * @@ -166,8 +175,9 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char extern int (*mbedtls_printf)( const char *format, ... ); /** - * \brief This function allows configuring a custom \c printf - * function pointer. + * \brief This function dynamically configures the snprintf + * function that is called when the mbedtls_snprintf() + * function is invoked by the library. * * \param printf_func The \c printf function implementation. * @@ -224,8 +234,9 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, extern void (*mbedtls_exit)( int status ); /** - * \brief This function allows configuring a custom - * \c exit function pointer. + * \brief This function dynamically configures the exit + * function that is called when the mbedtls_exit() + * function is invoked by the library. * * \param exit_func The \c exit function implementation. * @@ -314,7 +325,8 @@ mbedtls_platform_context; #endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** - * \brief This function performs any platform-specific initialization operations. + * \brief This function performs any platform-specific initialization + * operations. * * \note This function should be called before any other library functions. * @@ -323,7 +335,7 @@ mbedtls_platform_context; * * \note The usage and necessity of this function is dependent on the platform. * - * \param ctx The Mbed TLS context. + * \param ctx The platform context. * * \return \c 0 on success. */ @@ -339,7 +351,7 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \note The usage and necessity of this function is dependent on the platform. * - * \param ctx The Mbed TLS context. + * \param ctx The platform context. * */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From 05d0e51bb1cdace99da6571967af1c9adc3b74f8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 16 Apr 2018 17:40:04 +0300 Subject: [PATCH 0946/1059] Minor modifications for alt support in des and ecp 1. Add 3des context to be allowed for alternative defintion 2. Move some ecp structs, to disallow alternative definition of them, as other modules rely on them --- include/mbedtls/des.h | 8 ++++---- include/mbedtls/ecp.h | 48 +++++++++++++++++++++---------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index b0a82df9b8..6eb7d03bae 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -67,10 +67,6 @@ typedef struct } mbedtls_des_context; -#else /* MBEDTLS_DES_ALT */ -#include "des_alt.h" -#endif /* MBEDTLS_DES_ALT */ - /** * \brief Triple-DES context structure */ @@ -80,6 +76,10 @@ typedef struct } mbedtls_des3_context; +#else /* MBEDTLS_DES_ALT */ +#include "des_alt.h" +#endif /* MBEDTLS_DES_ALT */ + /** * \brief Initialize DES context * diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1bc5ac9e64..45a2452a1a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -43,15 +43,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_ECP_ALT) -/* - * default mbed TLS elliptic curve arithmetic implementation - * - * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an - * alternative implementation for the whole module and it will replace this - * one.) - */ - /** * Domain parameters (curve, subgroup and generator) identifiers. * @@ -113,6 +104,15 @@ typedef struct } mbedtls_ecp_point; +#if !defined(MBEDTLS_ECP_ALT) +/* + * default mbed TLS elliptic curve arithmetic implementation + * + * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an + * alternative implementation for the whole module and it will replace this + * one.) + */ + /** * \brief ECP group structure * @@ -157,21 +157,6 @@ typedef struct } mbedtls_ecp_group; -/** - * \brief ECP key pair structure - * - * A generic key pair that could be used for ECDSA, fixed ECDH, etc. - * - * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. - */ -typedef struct -{ - mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ - mbedtls_mpi d; /*!< our secret value */ - mbedtls_ecp_point Q; /*!< our public value */ -} -mbedtls_ecp_keypair; - /** * \name SECTION: Module settings * @@ -235,6 +220,21 @@ mbedtls_ecp_keypair; #include "ecp_alt.h" #endif /* MBEDTLS_ECP_ALT */ +/** + * \brief ECP key pair structure + * + * A generic key pair that could be used for ECDSA, fixed ECDH, etc. + * + * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. + */ +typedef struct +{ + mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ + mbedtls_mpi d; /*!< our secret value */ + mbedtls_ecp_point Q; /*!< our public value */ +} +mbedtls_ecp_keypair; + /* * Point formats, from RFC 4492's enum ECPointFormat */ From 7375b0f6c179db8247fe4510cc8c680f4bccf456 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 16:04:57 +0100 Subject: [PATCH 0947/1059] Update ecdh.h Changs based on review comments --- include/mbedtls/ecdh.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 70455e8c74..922f029d7e 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -45,7 +45,7 @@ extern "C" { */ typedef enum { - MBEDTLS_ECDH_OURS, /**< Our key. */ + MBEDTLS_ECDH_OURS, /**< Our key. */ MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */ } mbedtls_ecdh_side; @@ -101,8 +101,8 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * \see ecp.h * * \note If \p f_rng is not NULL, it is used to implement - * countermeasures against potential elaborate timing - * attacks. For more information, see mbedtls_ecp_mul(). + * countermeasures against side-channel attacks. + * For more information, see mbedtls_ecp_mul(). * * \param grp The ECP group. * \param z The destination MPI (shared secret). @@ -253,8 +253,8 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * and servers. * * \note If \p f_rng is not NULL, it is used to implement - * countermeasures against potential elaborate timing - * attacks. For more information, see mbedtls_ecp_mul(). + * countermeasures against side-channel attacks. + * For more information, see mbedtls_ecp_mul(). * * \see ecp.h * From 14d0d57c512c6286336c40aad2a15d4b32a7a736 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 16:09:30 +0100 Subject: [PATCH 0948/1059] Update ecdsa.h Minor changes based on review comments --- include/mbedtls/ecdsa.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 99c6d2e527..806c417ef4 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -121,7 +121,7 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, * \param md_alg The MD algorithm used to hash the message. * * \return \c 0 on success. - * \return or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, @@ -149,7 +149,8 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi * \param s The second integer of the signature. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature + * is invalid. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure for any other reason. */ @@ -240,7 +241,7 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 * * \param ctx The ECDSA context. - * \param hash The Message hash. + * \param hash The message hash. * \param hlen The length of the hash. * \param sig The buffer that holds the signature. * \param slen The length of the signature written. From 6a7ebc4c8663c19890f3d57ddaae68ac9c9872aa Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 16:11:49 +0100 Subject: [PATCH 0949/1059] Update gcm.h minor fix based on review comments --- include/mbedtls/gcm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 88408c2cf4..119e2752ec 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -158,7 +158,7 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * \param output The buffer for holding the output data. * * \return 0 if successful and authenticated. - * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. + * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match. */ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t length, From f3e4736131f1ee9c4e37d9924c1690dd7d0eb222 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 16 Apr 2018 16:31:16 +0100 Subject: [PATCH 0950/1059] Update md.h Changes based on review comments --- include/mbedtls/md.h | 97 +++++++++++++++++++++++--------------------- 1 file changed, 50 insertions(+), 47 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index df2ab630b8..6b6f5c53dd 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -54,15 +54,15 @@ extern "C" { * */ typedef enum { - MBEDTLS_MD_NONE=0, /**< None. */ - MBEDTLS_MD_MD2, /**< The MD2 message digest. */ - MBEDTLS_MD_MD4, /**< The MD4 message digest. */ - MBEDTLS_MD_MD5, /**< The MD5 message digest. */ - MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ - MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ - MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ - MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ - MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ + MBEDTLS_MD_NONE=0, /**< None. */ + MBEDTLS_MD_MD2, /**< The MD2 message digest. */ + MBEDTLS_MD_MD4, /**< The MD4 message digest. */ + MBEDTLS_MD_MD5, /**< The MD5 message digest. */ + MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ + MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ + MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ + MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ + MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ } mbedtls_md_type_t; @@ -108,8 +108,8 @@ const int *mbedtls_md_list( void ); * * \param md_name The name of the digest to search for. * - * \return The message-digest information associated with \p md_name, - * or NULL if not found. + * \return The message-digest information associated with \p md_name. + * \return NULL if the associated message-digest information is not found. */ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); @@ -168,9 +168,10 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * \param md_info The information structure of the message-digest algorithm * to use. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. - * \returns #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. + * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED @@ -190,9 +191,10 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory), * or non-zero: HMAC is used with this context. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. - * \returns #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. + * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); @@ -213,7 +215,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf * \param src The context to be cloned. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure. */ int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ); @@ -260,9 +262,9 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); * * \param ctx The generic message-digest context. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); @@ -278,9 +280,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -298,9 +300,9 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si * \param ctx The generic message-digest context. * \param output The buffer for the generic message-digest checksum result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); @@ -318,9 +320,9 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \param ilen The length of the input data. * \param output The generic message-digest checksum result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output ); @@ -339,8 +341,9 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si * \param output The generic message-digest checksum result. * * \return \c 0 on success. - * \returns #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. + * \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing + * the file pointed by \p path. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ); @@ -360,9 +363,9 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, * \param key The HMAC secret key. * \param keylen The length of the HMAC key in Bytes. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ); @@ -382,9 +385,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, * \param input The buffer holding the input data. * \param ilen The length of the input data. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); @@ -403,9 +406,9 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu * context. * \param output The generic HMAC checksum result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); @@ -420,9 +423,9 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); * \param ctx The message digest context containing an embedded HMAC * context. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); @@ -444,9 +447,9 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * \param ilen The length of the input data. * \param output The generic HMAC result. * - * \returns \c 0 on success. - * \returns #MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter verification - * fails. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification + * failure. */ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, From f2ec288bf891cbfea5deb9996ed54f97d46b50a7 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:27:25 +0100 Subject: [PATCH 0951/1059] Update rsa.h Changes based on review comments. --- include/mbedtls/rsa.h | 133 +++++++++++++++++++++--------------------- 1 file changed, 66 insertions(+), 67 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 711329c520..033e58027c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1,7 +1,7 @@ /** * \file rsa.h * - * \brief This file contains RSA definitions and functions. + * \brief This file defines the RSA public-key cryptosystem. * * The RSA public-key cryptosystem is defined in Public-Key * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption @@ -104,14 +104,14 @@ typedef struct mbedtls_mpi P; /*!< The first prime factor. */ mbedtls_mpi Q; /*!< The second prime factor. */ - mbedtls_mpi DP; /*!< \p D % (P - 1) */ - mbedtls_mpi DQ; /*!< \p D % (Q - 1) */ - mbedtls_mpi QP; /*!< 1 / (Q % P) */ + mbedtls_mpi DP; /*!< D % (P - 1). */ + mbedtls_mpi DQ; /*!< D % (Q - 1). */ + mbedtls_mpi QP; /*!< 1 / (Q % P). */ - mbedtls_mpi RN; /*!< cached R^2 mod \p N */ + mbedtls_mpi RN; /*!< cached R^2 mod N. */ - mbedtls_mpi RP; /*!< cached R^2 mod \p P */ - mbedtls_mpi RQ; /*!< cached R^2 mod \p Q */ + mbedtls_mpi RP; /*!< cached R^2 mod P. */ + mbedtls_mpi RQ; /*!< cached R^2 mod Q. */ mbedtls_mpi Vi; /*!< The cached blinding value. */ mbedtls_mpi Vf; /*!< The cached un-blinding value. */ @@ -328,7 +328,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * If the function fails due to an unsupported operation, * the RSA context stays intact and remains usable. * - * \note The length fields are ignored if the corresponding + * \note The length parameters are ignored if the corresponding * buffer pointers are NULL. * * \param ctx The initialized RSA context. @@ -338,7 +338,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * NULL. * \param P_len The size of the buffer for the first prime factor. * \param Q The Byte array to hold the second prime factor of \p N, or - NULL. + * NULL. * \param Q_len The size of the buffer for the second prime factor. * \param D The Byte array to hold the private exponent, or NULL. * \param D_len The size of the buffer for the private exponent. @@ -549,10 +549,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 encryption * operation using the \p mode from the context. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The input and output buffers must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -561,6 +557,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1 * encoding, and #MBEDTLS_RSA_PRIVATE. @@ -584,10 +584,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 encryption operation * (RSAES-PKCS1-v1_5-ENCRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The output buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -596,6 +592,10 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding and * #MBEDTLS_RSA_PRIVATE. @@ -619,10 +619,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 OAEP encryption * operation (RSAES-OAEP-ENCRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The output buffer must be as large as the size * of ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -631,6 +627,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1 * encoding and #MBEDTLS_RSA_PRIVATE. @@ -671,15 +671,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \note The input buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -691,7 +691,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. - */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -705,10 +704,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 decryption * operation (RSAES-PKCS1-v1_5-DECRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N, for example, * 128 Bytes if RSA-1024 is used, to be able to hold an @@ -724,6 +719,10 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -749,26 +748,26 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 OAEP decryption * operation (RSAES-OAEP-DECRYPT). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * \note The output buffer length \c output_max_len should be + * as large as the size \p ctx->len of \p ctx->N, for + * example, 128 Bytes if RSA-1024 is used, to be able to + * hold an arbitrary decrypted message. If it is not + * large enough to hold the decryption of the particular + * ciphertext provided, the function returns + * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The output buffer length \c output_max_len should be - * as large as the size \p ctx->len of \p ctx->N, for - * example, 128 Bytes if RSA-1024 is used, to be able to - * hold an arbitrary decrypted message. If it is not - * large enough to hold the decryption of the particular - * ciphertext provided, the function returns - * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. - * - * \note The input buffer must be as large as the size - * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. + * \note The input buffer must be as large as the size + * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * * \deprecated It is deprecated and discouraged to call this function * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -800,10 +799,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * It is the generic wrapper for performing a PKCS#1 * signature using the \p mode from the context. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -816,6 +811,10 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for * #MBEDTLS_RSA_PRIVATE. @@ -843,10 +842,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 signature * operation (RSASSA-PKCS1-v1_5-SIGN). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -855,6 +850,10 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -881,10 +880,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v2.1 PSS signature * operation (RSASSA-PSS-SIGN). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -900,6 +895,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PRIVATE. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PUBLIC and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA context. * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for * #MBEDTLS_RSA_PRIVATE. @@ -930,10 +929,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * This is the generic wrapper for performing a PKCS#1 * verification using the mode from the context. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -946,6 +941,10 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -972,10 +971,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -984,6 +979,10 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. @@ -1013,10 +1012,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * The hash function for the MGF mask generating function * is that specified in the RSA context. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. - * * \note The \p sig buffer must be as large as the size * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used. * @@ -1033,6 +1028,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * are likely to remove the \p mode argument and have it * implicitly set to #MBEDTLS_RSA_PUBLIC. * + * \note Alternative implementations of RSA need not support + * mode being set to #MBEDTLS_RSA_PRIVATE and might instead + * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \param ctx The RSA public key context. * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE. * \param p_rng The RNG context. From 92d66b88aeab09f0828e0d98ede669956c857ad0 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:36:56 +0100 Subject: [PATCH 0952/1059] Update sha1.h Changes based on review comments --- include/mbedtls/sha1.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 4a43c01015..d8ce3c63b9 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -97,8 +97,8 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param dst The destination context. - * \param src The context to clone. + * \param dst The SHA-1 context to clone to. + * \param src The SHA-1 context to clone from. * */ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, @@ -111,7 +111,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * constitutes a security risk. We recommend considering * stronger message digests instead. * - * \param ctx The context to initialize. + * \param ctx The SHA-1 context to initialize. * * \return \c 0 on success. * @@ -183,7 +183,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0. * - * \param ctx The context to initialize. + * \param ctx The SHA-1 context to initialize. * */ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); From 6ee22a7d524917bd9da1a0abfcf08899b07eec77 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:38:39 +0100 Subject: [PATCH 0953/1059] Update sha256.h Minor fix based on review comments --- include/mbedtls/sha256.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 7affb1be84..c4465e586b 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -102,7 +102,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \brief This function feeds an input buffer into an ongoing * SHA-256 checksum calculation. * - * \param ctx The SHA-256 context to initialize. + * \param ctx The SHA-256 context. * \param input The buffer holding the data. * \param ilen The length of the input data. * From ef8717984218f9a7d62f121ebb69b6c0219585b7 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:41:48 +0100 Subject: [PATCH 0954/1059] Update ccm.h updated failure returns to "A CCM or cipher-specific error code on failure." --- include/mbedtls/ccm.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index f354ef9fbd..8f252c4bd0 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -78,7 +78,7 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \param keybits The key size in bits. This must be acceptable by the cipher. * * \return \c 0 on success. - * \return A cipher-specific error code on failure. + * \return A CCM or cipher-specific error code on failure. */ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, @@ -118,7 +118,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * 4, 6, 8, 10, 12, 14 or 16. * * \return \c 0 on success. - * \return A cipher-specific error code on failure. + * \return A CCM or cipher-specific error code on failure. */ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, @@ -145,7 +145,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * 4, 6, 8, 10, 12, 14 or 16. * * \return \c 0 on success. - * \return A cipher-specific error code on failure. + * \return A CCM or cipher-specific error code on failure. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, From d3c9bfcbeb02fdb89097d33326a6d1efd52c6a73 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 10:56:55 +0100 Subject: [PATCH 0955/1059] Update ecp.h Reviewed and standardized --- include/mbedtls/ecp.h | 645 +++++++++++++++++++++++------------------- 1 file changed, 351 insertions(+), 294 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index e024da8640..89c756b37b 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1,10 +1,20 @@ /** * \file ecp.h * - * \brief Elliptic curves over GF(p) + * \brief This file contains ECP definitions and functions. + * + * The Elliptic Curve over P (ECP) is defined in Standards for Efficient + * Cryptography Group (SECG): SEC1 Elliptic Curve Cryptography and + * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites + * for Transport Layer Security (TLS). + * + * RFC-2409: The Internet Key Exchange (IKE) defines ECP + * group types. + * */ -/* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +29,9 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ + #ifndef MBEDTLS_ECP_H #define MBEDTLS_ECP_H @@ -31,13 +42,13 @@ */ #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */ +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested curve not available. */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ -#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ +#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */ -#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ +#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< The ECP hardware accelerator failed. */ #if !defined(MBEDTLS_ECP_ALT) /* @@ -53,9 +64,9 @@ extern "C" { #endif /** - * Domain parameters (curve, subgroup and generator) identifiers. + * Definition of domain parameter identifiers: curve, subgroup and generator. * - * Only curves over prime fields are supported. + * \note Only curves over prime fields are supported. * * \warning This library does not support validation of arbitrary domain * parameters. Therefore, only well-known domain parameters from trusted @@ -63,113 +74,119 @@ extern "C" { */ typedef enum { - MBEDTLS_ECP_DP_NONE = 0, - MBEDTLS_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */ - MBEDTLS_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */ - MBEDTLS_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */ - MBEDTLS_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */ - MBEDTLS_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */ - MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */ - MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */ - MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */ - MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */ - MBEDTLS_ECP_DP_CURVE448, /*!< Curve448 */ - MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */ - MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */ - MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */ + MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */ + MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for 192-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for 224-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for 256-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for 384-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for 521-bit NIST curve. */ + MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */ + MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ + MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ + MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for a Curve25519 curve. */ + MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for a Curve448 curve. */ + MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ + MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ + MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ } mbedtls_ecp_group_id; /** - * Number of supported curves (plus one for NONE). + * The number of supported curves, plus one for none. * - * (Montgomery curves excluded for now.) + * \note Montgomery curves are currently excluded. */ #define MBEDTLS_ECP_DP_MAX 12 /** - * Curve information for use by other modules + * Curve information, for use by other modules. */ typedef struct { - mbedtls_ecp_group_id grp_id; /*!< Internal identifier */ - uint16_t tls_id; /*!< TLS NamedCurve identifier */ - uint16_t bit_size; /*!< Curve size in bits */ - const char *name; /*!< Human-friendly name */ + mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ + uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ + uint16_t bit_size; /*!< The size of the curve in bits. */ + const char *name; /*!< A human-friendly name. */ } mbedtls_ecp_curve_info; /** - * \brief ECP point structure (jacobian coordinates) + * \brief The ECP point structure, in jacobian coordinates. * * \note All functions expect and return points satisfying - * the following condition: Z == 0 or Z == 1. (Other - * values of Z are used by internal functions only.) + * the following condition: \p Z == 0 or \p Z == 1. Other + * values of \p Z are used only by internal functions. * The point is zero, or "at infinity", if Z == 0. * Otherwise, X and Y are its standard (affine) coordinates. */ typedef struct { - mbedtls_mpi X; /*!< the point's X coordinate */ - mbedtls_mpi Y; /*!< the point's Y coordinate */ - mbedtls_mpi Z; /*!< the point's Z coordinate */ + mbedtls_mpi X; /*!< The X coordinate of the ECP point. */ + mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */ + mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */ } mbedtls_ecp_point; /** - * \brief ECP group structure + * \brief The ECP group structure. * - * We consider two types of curves equations: - * 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492) - * 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft) - * In both cases, a generator G for a prime-order subgroup is fixed. In the - * short weierstrass, this subgroup is actually the whole curve, and its - * cardinal is denoted by N. + * We consider two types of curve equations: + *
    • Short Weierstrass: y^2 = x^3 + \p A x + \p B mod P + * (SEC1 + RFC-4492)
      • + *
    • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
    + * In both cases, the generator (G) for a prime-order subgroup is fixed. * - * In the case of Short Weierstrass curves, our code requires that N is an odd - * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.) + * For Short Weierstrass, this subgroup is the whole curve, and its + * cardinal is denoted by \p N. Our code requires that \p N is an odd prime. * - * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is - * the quantity actually used in the formulas. Also, nbits is not the size of N - * but the required size for private keys. + * \note For blinding, use odd in mbedtls_ecp_mul() and prime in + * mbedtls_ecdsa_sign(). * - * If modp is NULL, reduction modulo P is done using a generic algorithm. - * Otherwise, it must point to a function that takes an mbedtls_mpi in the range - * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more - * than pbits, so that the integer may be efficiently brought in the 0..P-1 - * range by a few additions or substractions. It must return 0 on success and - * non-zero on failure. + * For Montgomery curves, we do not store \p A, but (A + 2) / 4, which is + * the quantity used in the formulas. Additionally, \p nbits is not the + * size of \p N but the required size for private keys. + * + * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. + * Otherwise, it must point to a function that takes an \p mbedtls_mpi in the + * range of 0..2^(2*pbits)-1, and transforms it in-place in an integer of + * little more than \p pbits, so that the integer may be efficiently brought + * in the 0..P-1 range by a few additions or substractions. + * + * \return \c 0 on success + * \return Non-zero on failure. */ typedef struct { - mbedtls_ecp_group_id id; /*!< internal group identifier */ - mbedtls_mpi P; /*!< prime modulus of the base field */ - mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ - mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */ - mbedtls_ecp_point G; /*!< generator of the (sub)group used */ - mbedtls_mpi N; /*!< the order of G */ - size_t pbits; /*!< number of bits in P */ - size_t nbits; /*!< number of bits in 1. P, or 2. private keys */ - unsigned int h; /*!< internal: 1 if the constants are static */ - int (*modp)(mbedtls_mpi *); /*!< function for fast reduction mod P */ - int (*t_pre)(mbedtls_ecp_point *, void *); /*!< unused */ - int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused */ - void *t_data; /*!< unused */ - mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */ - size_t T_size; /*!< number for pre-computed points */ + mbedtls_ecp_group_id id; /*!< An internal group identifier. */ + mbedtls_mpi P; /*!< A prime modulus of the base field. */ + mbedtls_mpi A; /*!< \p A in the equation or (A + 2) / 4. */ + mbedtls_mpi B; /*!< \p B in the equation or unused. */ + mbedtls_ecp_point G; /*!< The generator of the (sub)group used. */ + mbedtls_mpi N; /*!< The order of \p G. */ + size_t pbits; /*!< The number of bits in \p P.*/ + size_t nbits; /*!< The number of bits in \p P, or the private + keys. */ + unsigned int h; /*!< \internal 1 if the constants are static. */ + int (*modp)(mbedtls_mpi *); /*!< The function for fast reduction mod P.*/ + int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ + int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ + void *t_data; /*!< Unused. */ + mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ + size_t T_size; /*!< The number for pre-computed points. */ } mbedtls_ecp_group; /** - * \brief ECP key pair structure + * \brief The ECP key-pair structure. * - * A generic key pair that could be used for ECDSA, fixed ECDH, etc. + * A generic key-pair that may be used for ECDSA and fixed ECDH, for example. * - * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. + * \note Members are deliberately in the same order as in the + * #mbedtls_ecdsa_context structure. */ typedef struct { - mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ - mbedtls_mpi d; /*!< our secret value */ - mbedtls_ecp_point Q; /*!< our public value */ + mbedtls_ecp_group grp; /*!< The elliptic curve and base point. */ + mbedtls_mpi d; /*!< Our secret value. */ + mbedtls_ecp_point Q; /*!< Our public value. */ } mbedtls_ecp_keypair; @@ -177,15 +194,15 @@ mbedtls_ecp_keypair; * \name SECTION: Module settings * * The configuration options you can set for this module are in this section. - * Either change them in config.h or define them on the compiler command line. + * Either change them in config.h, or define them using the compiler command line. * \{ */ #if !defined(MBEDTLS_ECP_MAX_BITS) /** - * Maximum size of the groups (that is, of N and P) + * The maximum size of the groups, that is, of N and P. */ -#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ +#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ #endif #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) @@ -212,7 +229,7 @@ mbedtls_ecp_keypair; * 224 475 475 453 398 342 * 192 640 640 633 587 476 */ -#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ +#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ #endif /* MBEDTLS_ECP_WINDOW_SIZE */ #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) @@ -227,7 +244,7 @@ mbedtls_ecp_keypair; * * Change this value to 0 to reduce peak memory usage. */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ /* \} name SECTION: Module settings */ @@ -235,25 +252,26 @@ mbedtls_ecp_keypair; /* * Point formats, from RFC 4492's enum ECPointFormat */ -#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ -#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ +#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */ +#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */ /* * Some other constants from RFC 4492 */ -#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ +#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */ /** - * \brief Get the list of supported curves in order of preferrence - * (full information) + * \brief This function retrieves the information defined in + * mbedtls_ecp_curve_info()for all supported curves in order + * of preference. * - * \return A statically allocated array, the last entry is 0. + * \return A statically allocated array. The last entry is 0. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); /** - * \brief Get the list of supported curves in order of preferrence - * (grp_id only) + * \brief This function retrieves the grp_id of all supported curves + * in order of preference. * * \return A statically allocated array, * terminated with MBEDTLS_ECP_DP_NONE. @@ -261,358 +279,390 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); /** - * \brief Get curve information from an internal group identifier + * \brief This function retrieves curve information from an internal + * group identifier. * - * \param grp_id A MBEDTLS_ECP_DP_XXX value + * \param grp_id An \c MBEDTLS_ECP_DP_XXX value. * - * \return The associated curve information or NULL + * \return The associated curve information, or NULL. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); /** - * \brief Get curve information from a TLS NamedCurve value + * \brief This function retrieves curve information from a TLS + * NamedCurve value. * - * \param tls_id A MBEDTLS_ECP_DP_XXX value + * \param tls_id An \c MBEDTLS_ECP_DP_XXX value. * - * \return The associated curve information or NULL + * \return The associated curve information, or NULL. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); /** - * \brief Get curve information from a human-readable name + * \brief This function retrieves curve information from a + * human-readable name. * - * \param name The name + * \param name The human-readable name. * - * \return The associated curve information or NULL + * \return The associated curve information, or NULL. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); /** - * \brief Initialize a point (as zero) + * \brief This function initializes a point as zero. + * + * \param pt The point to initialize. */ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); /** - * \brief Initialize a group (to something meaningless) + * \brief This function initializes a group to something meaningless. */ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); /** - * \brief Initialize a key pair (as an invalid one) + * \brief This function initializes a key pair as an invalid one. + * + * \param key The key pair to initialize. */ void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ); /** - * \brief Free the components of a point + * \brief This function frees the components of a point. + * + * \param pt The point to free. */ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); /** - * \brief Free the components of an ECP group + * \brief This function frees the components of an ECP group. + * \param grp The group to free. */ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); /** - * \brief Free the components of a key pair + * \brief This function frees the components of a key pair. + * \param key The key pair to free. */ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); /** - * \brief Copy the contents of point Q into P + * \brief This function copies the contents of point \p Q into + * point \p P. * - * \param P Destination point - * \param Q Source point + * \param P The destination point. + * \param Q The source point. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. */ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); /** - * \brief Copy the contents of a group object + * \brief This function copies the contents of group \p src into + * group \p dst. * - * \param dst Destination group - * \param src Source group + * \param dst The destination group. + * \param src The source group. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. */ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ); /** - * \brief Set a point to zero + * \brief This function sets a point to zero. * - * \param pt Destination point + * \param pt The point to set. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. */ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); /** - * \brief Tell if a point is zero + * \brief This function checks if a point is zero. * - * \param pt Point to test + * \param pt The point to test. * - * \return 1 if point is zero, 0 otherwise + * \return \c 1 if point is zero. + * \return \c 0 if point is non-zero. */ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); /** - * \brief Compare two points + * \brief This function compares two points. * - * \note This assumes the points are normalized. Otherwise, + * \note This assumes that the points are normalized. Otherwise, * they may compare as "not equal" even if they are. * - * \param P First point to compare - * \param Q Second point to compare + * \param P The first point to compare. + * \param Q The second point to compare. * - * \return 0 if the points are equal, - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise + * \return \c 0 if the points are equal. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal. */ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); /** - * \brief Import a non-zero point from two ASCII strings + * \brief This function imports a non-zero point from two ASCII + * strings. * - * \param P Destination point - * \param radix Input numeric base - * \param x First affine coordinate as a null-terminated string - * \param y Second affine coordinate as a null-terminated string + * \param P The destination point. + * \param radix The numeric base of the input. + * \param x The first affine coordinate, as a null-terminated string. + * \param y The second affine coordinate, as a null-terminated string. * - * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure. */ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, const char *x, const char *y ); /** - * \brief Export a point into unsigned binary data + * \brief This function exports a point into unsigned binary data. * - * \param grp Group to which the point should belong - * \param P Point to export - * \param format Point format, should be a MBEDTLS_ECP_PF_XXX macro - * \param olen Length of the actual output - * \param buf Output buffer - * \param buflen Length of the output buffer + * \param grp The group to which the point should belong. + * \param P The point to export. + * \param format The point format. Should be an \c MBEDTLS_ECP_PF_XXX macro. + * \param olen The length of the output. + * \param buf The output buffer. + * \param buflen The length of the output buffer. * - * \return 0 if successful, - * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA - * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA + * or #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. */ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen ); /** - * \brief Import a point from unsigned binary data + * \brief This function imports a point from unsigned binary data. * - * \param grp Group to which the point should belong - * \param P Point to import - * \param buf Input buffer - * \param ilen Actual length of input + * \note This function does not check that the point actually + * belongs to the given group, see mbedtls_ecp_check_pubkey() + * for that. * - * \return 0 if successful, - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format + * \param grp The group to which the point should belong. + * \param P The point to import. + * \param buf The input buffer. + * \param ilen The length of the input. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format * is not implemented. * - * \note This function does NOT check that the point actually - * belongs to the given group, see mbedtls_ecp_check_pubkey() for - * that. */ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen ); /** - * \brief Import a point from a TLS ECPoint record + * \brief This function imports a point from a TLS ECPoint record. * - * \param grp ECP group used - * \param pt Destination point - * \param buf $(Start of input buffer) - * \param len Buffer length + * \note On function return, \p buf is updated to point to immediately + * after the ECPoint. * - * \note buf is updated to point right after the ECPoint on exit + * \param grp The ECP group used. + * \param pt The destination point. + * \param buf The address of the pointer to the start of input buffer. + * \param len The length of the buffer. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_XXX if initialization failed - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization failed. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len ); /** - * \brief Export a point as a TLS ECPoint record + * \brief This function exports a point as a TLS ECPoint record. * - * \param grp ECP group used - * \param pt Point to export - * \param format Export format - * \param olen length of data written - * \param buf Buffer to write to - * \param blen Buffer length + * \param grp The ECP group used. + * \param pt The point to export. + * \param format The export format. + * \param olen The length of data written. + * \param buf The Buffer to write to. + * \param blen The length of the Buffer. * - * \return 0 if successful, - * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA - * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or + * #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. */ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen ); /** - * \brief Set a group using well-known domain parameters + * \brief This function sets a group using well-known domain parameters. * - * \param grp Destination group - * \param id Index in the list of well-known domain parameters + * \note The index should be a value of the NamedCurve enum, + * as defined in RFC-4492: Elliptic Curve Cryptography + * (ECC) Cipher Suites for Transport Layer Security (TLS), + * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_XXX if initialization failed - * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups + * \param grp The destination group. + * \param id The index in the list of well-known domain parameters. * - * \note Index should be a value of RFC 4492's enum NamedCurve, - * usually in the form of a MBEDTLS_ECP_DP_XXX macro. + * \return \c 0 on success, + * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization fails. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups. + */ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** - * \brief Set a group from a TLS ECParameters record + * \brief This function sets a group from a TLS ECParameters record. * - * \param grp Destination group - * \param buf &(Start of input buffer) - * \param len Buffer length + * \note \p buf is updated to point right after ECParameters on exit. * - * \note buf is updated to point right after ECParameters on exit + * \param grp The destination group. + * \param buf The address of the pointer to the start of input buffer. + * \param len The length of the buffer. * - * \return 0 if successful, - * MBEDTLS_ERR_MPI_XXX if initialization failed - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization fails. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); /** - * \brief Write the TLS ECParameters record for a group + * \brief This function writes the TLS ECParameters record for a group. * - * \param grp ECP group used - * \param olen Number of bytes actually written - * \param buf Buffer to write to - * \param blen Buffer length + * \param grp The ECP group used. + * \param olen The number of Bytes written. + * \param buf The buffer to write to. + * \param blen The length of the buffer. * - * \return 0 if successful, - * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure. */ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen ); /** - * \brief Multiplication by an integer: R = m * P - * (Not thread-safe to use same group in multiple threads) + * \brief This function performs multiplication of a point by + * an integer: \p R = \p m * \p P. * - * \note In order to prevent timing attacks, this function - * executes the exact same sequence of (base field) - * operations for any valid m. It avoids any if-branch or - * array index depending on the value of m. + * It is not thread-safe to use same group in multiple threads. * - * \note If f_rng is not NULL, it is used to randomize intermediate - * results in order to prevent potential timing attacks - * targeting these results. It is recommended to always - * provide a non-NULL f_rng (the overhead is negligible). + * \note To prevent timing attacks, this function + * executes the exact same sequence of base-field + * operations for any valid \p m. It avoids any if-branch or + * array index depending on the value of \p m. * - * \param grp ECP group - * \param R Destination point - * \param m Integer by which to multiply - * \param P Point to multiply - * \param f_rng RNG function (see notes) - * \param p_rng RNG parameter + * \note If \p f_rng is not NULL, it is used to randomize + * intermediate results to prevent potential timing attacks + * targeting these results. We recommend always providing + * a non-NULL \p f_rng. The overhead is negligible. * - * \return 0 if successful, - * MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey - * or P is not a valid pubkey, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \param grp The ECP group. + * \param R The destination point. + * \param m The integer by which to multiply. + * \param P The point to multiply. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid privkey, + * or \p P is not a valid pubkey. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Multiplication and addition of two points by integers: - * R = m * P + n * Q - * (Not thread-safe to use same group in multiple threads) + * \brief This function performs multiplication and addition of two + * points by integers: \p R = \p m * \p P + \p n * \p Q + + * It is not thread-safe to use same group in multiple threads. * - * \note In contrast to mbedtls_ecp_mul(), this function does not guarantee - * a constant execution flow and timing. + * \note In contrast to mbedtls_ecp_mul(), this function does not + * guarantee a constant execution flow and timing. * - * \param grp ECP group - * \param R Destination point - * \param m Integer by which to multiply P - * \param P Point to multiply by m - * \param n Integer by which to multiply Q - * \param Q Point to be multiplied by n + * \param grp The ECP group. + * \param R The destination point. + * \param m The integer by which to multiply \p P. + * \param P The point to multiply by \p m. + * \param n The integer by which to multiply \p Q. + * \param Q The point to be multiplied by \p n. * - * \return 0 if successful, - * MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey - * or P or Q is not a valid pubkey, - * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not + * valid private keys, or \p P or \p Q are not valid public + * keys. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); /** - * \brief Check that a point is a valid public key on this curve + * \brief This function checks that a point is a valid public key + * on this curve. * - * \param grp Curve/group the point should belong to - * \param pt Point to check + * It only checks that the point is non-zero, has + * valid coordinates and lies on the curve. It does not verify + * that it is indeed a multiple of \p G. This additional + * check is computationally more expensive, is not required + * by standards, and should not be necessary if the group + * used has a small cofactor. In particular, it is useless for + * the NIST groups which all have a cofactor of 1. * - * \return 0 if point is a valid public key, - * MBEDTLS_ERR_ECP_INVALID_KEY otherwise. + * \note This function uses bare components rather than an + * mbedtls_ecp_keypair() structure, to ease use with other + * structures. For example, mbedtls_ecdh_context() or + * mbedtls_ecdsa_context(). * - * \note This function only checks the point is non-zero, has valid - * coordinates and lies on the curve, but not that it is - * indeed a multiple of G. This is additional check is more - * expensive, isn't required by standards, and shouldn't be - * necessary if the group used has a small cofactor. In - * particular, it is useless for the NIST groups which all - * have a cofactor of 1. + * \param grp The curve or group the point should belong to. + * \param pt The point to check. * - * \note Uses bare components rather than an mbedtls_ecp_keypair structure - * in order to ease use with other structures such as - * mbedtls_ecdh_context of mbedtls_ecdsa_context. + * \return \c 0 if the point is a valid public key. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY otherwise. */ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); /** - * \brief Check that an mbedtls_mpi is a valid private key for this curve + * \brief This function checks that an \p mbedtls_mpi is a valid private + * key for this curve. * - * \param grp Group used - * \param d Integer to check + * \note This function uses bare components rather than an + * mbedtls_ecp_keypair() structure to ease use with other + * structures such as mbedtls_ecdh_context() or + * mbedtls_ecdsa_context(). * - * \return 0 if point is a valid private key, - * MBEDTLS_ERR_ECP_INVALID_KEY otherwise. + * \param grp The group used. + * \param d The integer to check. * - * \note Uses bare components rather than an mbedtls_ecp_keypair structure - * in order to ease use with other structures such as - * mbedtls_ecdh_context of mbedtls_ecdsa_context. + * \return \c 0 if the point is a valid private key. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY otherwise. */ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); /** - * \brief Generate a keypair with configurable base point + * \brief This function generates a keypair with a configurable base + * point. * - * \param grp ECP group - * \param G Chosen base point - * \param d Destination MPI (secret part) - * \param Q Destination point (public part) - * \param f_rng RNG function - * \param p_rng RNG parameter + * \note This function uses bare components rather than an + * mbedtls_ecp_keypair() structure to ease use with other + * structures such as mbedtls_ecdh_context() or + * mbedtls_ecdsa_context(). +* + * \param grp The ECP group. + * \param G The chosen base point. + * \param d The destination MPI (secret part). + * \param Q The destination point (public part). + * \param f_rng The RNG function. + * \param p_rng The RNG context. * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code - * - * \note Uses bare components rather than an mbedtls_ecp_keypair structure - * in order to ease use with other structures such as - * mbedtls_ecdh_context of mbedtls_ecdsa_context. - */ + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code + * on failure. + */ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, @@ -620,57 +670,64 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, void *p_rng ); /** - * \brief Generate a keypair + * \brief This function generates a keypair. * - * \param grp ECP group - * \param d Destination MPI (secret part) - * \param Q Destination point (public part) - * \param f_rng RNG function - * \param p_rng RNG parameter + * \note This function uses bare components rather than an + * mbedtls_ecp_keypair() structure to ease use with other + * structures such as mbedtls_ecdh_context() or + * mbedtls_ecdsa_context(). * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \param grp The ECP group. + * \param d The destination MPI (secret part). + * \param Q The destination point (public part). + * \param f_rng The RNG function. + * \param p_rng The RNG context. * - * \note Uses bare components rather than an mbedtls_ecp_keypair structure - * in order to ease use with other structures such as - * mbedtls_ecdh_context of mbedtls_ecdsa_context. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code + * on failure. */ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Generate a keypair + * \brief This function generates a key. * - * \param grp_id ECP group identifier - * \param key Destination keypair - * \param f_rng RNG function - * \param p_rng RNG parameter + * \param grp_id The ECP group identifier. + * \param key The destination key. + * \param f_rng The RNG function. + * \param p_rng The RNG context. * - * \return 0 if successful, - * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code + * on failure. */ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Check a public-private key pair + * \brief This function checks a public-private key pair. * - * \param pub Keypair structure holding a public key - * \param prv Keypair structure holding a private (plus public) key + * \param pub The keypair structure holding the public key. + * \param prv The keypair structure holding the private key. * - * \return 0 if successful (keys are valid and match), or - * MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or - * a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code. + * \note The both are keypairs, and may optionally hold the corresponding other key, but the public key passed in thee pub is checked against the private key passed in prv. + * + * \return \c 0 on success - the keys are valid and match. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or an \c + * MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * error code on failure. */ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); #if defined(MBEDTLS_SELF_TEST) /** - * \brief Checkup routine + * \brief The ECP checkup routine. * - * \return 0 if successful, or 1 if a test failed + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_ecp_self_test( int verbose ); From f763f2bbc1c92416d12874fd5f14969279036cb0 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 11:00:40 +0100 Subject: [PATCH 0956/1059] Update dhm.h Minor documentation improvements: *Standardized file brief description. *Separated return statements. *Reordered tags within documentation blocks so that params and returns are last in block. *p_rng descriptions changed from "parameter" to "context". *Suggest to specify issue for each return code, where multiple failure return codes are listed, or generalize. *Minor improvements to parameter documentation proposed by eng. --- include/mbedtls/dhm.h | 108 ++++++++++++++++++++++-------------------- 1 file changed, 57 insertions(+), 51 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 00fafd8d16..2829ffc072 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -1,7 +1,12 @@ /** * \file dhm.h * - * \brief Diffie-Hellman-Merkle key exchange. + * \brief This file contains DHM definitions and functions. + * + * Diffie-Hellman-Merkle (DHM) key exchange is defined in + * RFC-2631: Diffie-Hellman Key Agreement Method and + * Public-Key Cryptography Standards (PKCS) #3: Diffie + * Hellman Key Agreement Standard. * * RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for * Internet Key Exchange (IKE) defines a number of standardized @@ -125,8 +130,8 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); * failures. * \param end The end of the input buffer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, unsigned char **p, @@ -136,13 +141,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * \brief This function sets up and writes the ServerKeyExchange * parameters. * - * \param ctx The DHM context. - * \param x_size The private value size in Bytes. - * \param olen The number of characters written. - * \param output The destination buffer. - * \param f_rng The RNG function. - * \param p_rng The RNG parameter. - * * \note The destination buffer must be large enough to hold * the reduced binary presentation of the modulus, the generator * and the public key, each wrapped with a 2-byte length field. @@ -155,8 +153,15 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * mbedtls_dhm_set_group() below in conjunction with * mbedtls_mpi_read_binary() and mbedtls_mpi_read_string(). * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \param ctx The DHM context. + * \param x_size The private key size in Bytes. + * \param olen The number of characters written. + * \param output The destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t *olen, @@ -164,54 +169,54 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, void *p_rng ); /** - * \brief Set prime modulus and generator + * \brief This function sets the prime modulus and generator. + * + * \note This function can be used to set \p P, \p G + * in preparation for mbedtls_dhm_make_params(). * * \param ctx The DHM context. - * \param P The MPI holding DHM prime modulus. - * \param G The MPI holding DHM generator. + * \param P The MPI holding the DHM prime modulus. + * \param G The MPI holding the DHM generator. * - * \note This function can be used to set P, G - * in preparation for \c mbedtls_dhm_make_params. - * - * \return \c 0 if successful, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \return \c 0 if successful. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *P, const mbedtls_mpi *G ); /** - * \brief This function imports the public value G^Y of the peer. + * \brief This function imports the G^Y public value of the peer. * * \param ctx The DHM context. - * \param input The input buffer. + * \param input The input buffer containing the G^Y value of the peer. * \param ilen The size of the input buffer. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief This function creates its own private value \c X and + * \brief This function creates its own \c X private key and * exports \c G^X. * + * \note The destination buffer is always fully written + * so as to contain a big-endian representation of G^X mod P. + * If it is larger than ctx->len, it is padded accordingly + * with zero-bytes at the beginning. + * * \param ctx The DHM context. - * \param x_size The private value size in Bytes. + * \param x_size The private key size in Bytes. * \param output The destination buffer. * \param olen The length of the destination buffer. Must be at least - equal to ctx->len (the size of \c P). + * equal to ctx->len (the size of \c P). * \param f_rng The RNG function. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \note The destination buffer will always be fully written - * so as to contain a big-endian presentation of G^X mod P. - * If it is larger than ctx->len, it will accordingly be - * padded with zero-bytes in the beginning. - * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t olen, @@ -222,22 +227,22 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, * \brief This function derives and exports the shared secret * \c (G^Y)^X mod \c P. * + * \note If \p f_rng is not NULL, it is used to blind the input as + * a countermeasure against timing attacks. Blinding is used + * only if our private key \c X is re-used, and not used + * otherwise. We recommend always passing a non-NULL + * \p f_rng argument. + * * \param ctx The DHM context. * \param output The destination buffer. * \param output_size The size of the destination buffer. Must be at least - * the size of ctx->len. + * the size of ctx->len (the size of \c P). * \param olen On exit, holds the actual number of Bytes written. * \param f_rng The RNG function, for blinding purposes. - * \param p_rng The RNG parameter. + * \param p_rng The RNG context. * - * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code - * on failure. - * - * \note If non-NULL, \p f_rng is used to blind the input as - * a countermeasure against timing attacks. Blinding is used - * only if our secret value \p X is re-used and omitted - * otherwise. Therefore, we recommend always passing a - * non-NULL \p f_rng argument. + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, @@ -245,7 +250,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, void *p_rng ); /** - * \brief This function frees and clears the components of a DHM key. + * \brief This function frees and clears the components of a DHM context. * * \param ctx The DHM context to free and clear. */ @@ -261,8 +266,8 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); * \param dhminlen The size of the buffer, including the terminating null * Byte for PEM data. * - * \return \c 0 on success, or a specific DHM or PEM error code - * on failure. + * \return \c 0 on success. + * \return A specific DHM or PEM error code on failure. */ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen ); @@ -275,8 +280,8 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \param dhm The DHM context to load the parameters to. * \param path The filename to read the DHM parameters from. * - * \return \c 0 on success, or a specific DHM or PEM error code - * on failure. + * \return \c 0 on success. + * \return A specific DHM or PEM error code on failure. */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ @@ -297,7 +302,8 @@ extern "C" { /** * \brief The DMH checkup routine. * - * \return \c 0 on success, or \c 1 on failure. + * \return \c 0 on success. + * \return \c 1 on failure. */ int mbedtls_dhm_self_test( int verbose ); From 21e2926736dbb834e0822c9a8a0ce3b7c6f353cf Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 14:08:56 +0100 Subject: [PATCH 0957/1059] Update rsa.h minor change to the file's brief desc. --- include/mbedtls/rsa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 033e58027c..f8b8965925 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1,7 +1,7 @@ /** * \file rsa.h * - * \brief This file defines the RSA public-key cryptosystem. + * \brief This file provides an API for the RSA public-key cryptosystem. * * The RSA public-key cryptosystem is defined in Public-Key * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption From 614d9c06677dfac460e60208c8e7fefcbacd9505 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 21:27:43 +0100 Subject: [PATCH 0958/1059] Add a utils.h file that contains common functions The new header contains common information across various mbed TLS modules and avoids code duplication. To start, utils.h currently only contains the mbedtls_zeroize() function. --- include/mbedtls/utils.h | 39 +++++++++++++++++++++++++++++++++++++++ library/CMakeLists.txt | 1 + library/Makefile | 3 ++- library/utils.c | 33 +++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 include/mbedtls/utils.h create mode 100644 library/utils.c diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h new file mode 100644 index 0000000000..61b1b76c0d --- /dev/null +++ b/include/mbedtls/utils.h @@ -0,0 +1,39 @@ +/** + * \file utils.h + * + * \brief mbed TLS utility functions + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_UTILS_H +#define MBEDTLS_UTILS_H + +#include + +/** + * \brief Securely zeroize a buffer + * + * \param buf Buffer to be zeroized + * \param len Length of the buffer in bytes + * + * \note This implementation should never be optimized out by the + * compiler + */ +void mbedtls_zeroize( void *buf, size_t len ); + +#endif /* MBEDTLS_UTILS_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7742c22d25..24a2484a32 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -57,6 +57,7 @@ set(src_crypto version.c version_features.c xtea.c + utils.c ) set(src_x509 diff --git a/library/Makefile b/library/Makefile index 0333815f00..46dce4e6ff 100644 --- a/library/Makefile +++ b/library/Makefile @@ -65,7 +65,8 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ ripemd160.o rsa_internal.o rsa.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ - version_features.o xtea.o + version_features.o xtea.o \ + utils.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ diff --git a/library/utils.c b/library/utils.c new file mode 100644 index 0000000000..f943cb1c68 --- /dev/null +++ b/library/utils.c @@ -0,0 +1,33 @@ +/* + * mbedtls utility functions + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include "mbedtls/utils.h" + +#include + +/* This implementation should never be optimized out by the compiler */ +void mbedtls_zeroize( void *buf, size_t len ) +{ + volatile unsigned char *p = (unsigned char *)buf; + + while( len-- ) + *p++ = 0; +} From 5ab74a1401f2b2ceb6b59276681359ecc6d4d7da Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 21:10:45 +0100 Subject: [PATCH 0959/1059] Add programs/test/zeroize.c to test mbedtls_zeroize The idea is to use the simple program that is expected to be modified rarely to set a breakpoint in a specific line and check that the function mbedtls_zeroize() does actually set the buffer to 0 and is not optimised out by the compiler. --- programs/.gitignore | 1 + programs/Makefile | 5 ++ programs/test/CMakeLists.txt | 5 +- programs/test/zeroize.c | 91 ++++++++++++++++++++++++++++++++++++ 4 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 programs/test/zeroize.c diff --git a/programs/.gitignore b/programs/.gitignore index 27055b8298..ddfa1a4266 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -47,6 +47,7 @@ test/ecp-bench test/selftest test/ssl_cert_test test/udp_proxy +test/zeroize util/pem2der util/strerror x509/cert_app diff --git a/programs/Makefile b/programs/Makefile index 25f184f8c3..4e659d4859 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -67,6 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ random/gen_random_ctr_drbg$(EXEXT) \ test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ + test/zeroize$(EXEXT) \ util/pem2der$(EXEXT) util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \ @@ -249,6 +250,10 @@ test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) echo " CC test/udp_proxy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/zeroize$(EXEXT): test/zeroize.c $(DEP) + echo " CC test/zeroize.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + util/pem2der$(EXEXT): util/pem2der.c $(DEP) echo " CC util/pem2der.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 0ed7145466..1e87fca313 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -22,6 +22,9 @@ target_link_libraries(ssl_cert_test ${libs}) add_executable(udp_proxy udp_proxy.c) target_link_libraries(udp_proxy ${libs}) -install(TARGETS selftest benchmark ssl_cert_test udp_proxy +add_executable(zeroize zeroize.c) +target_link_libraries(zeroize ${libs}) + +install(TARGETS selftest benchmark ssl_cert_test udp_proxy zeroize DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c new file mode 100644 index 0000000000..7f3e8b4013 --- /dev/null +++ b/programs/test/zeroize.c @@ -0,0 +1,91 @@ +/* + * Zeroize demonstration program + * + * Copyright (C) 2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_printf printf +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#include "mbedtls/utils.h" + +#define BUFFER_LEN 1024 + +void usage( void ) +{ + mbedtls_printf( "Zeroize is a simple program to assist with testing\n" ); + mbedtls_printf( "the mbedtls_zeroize() function by using the\n" ); + mbedtls_printf( "debugger. This program takes a file as input and\n" ); + mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN ); + mbedtls_printf( " zeroize \n" ); +} + +int main( int argc, char** argv ) +{ + int exit_code = MBEDTLS_EXIT_FAILURE; + FILE * fp; + char buf[BUFFER_LEN]; + char *p = buf; + char *end = p + BUFFER_LEN; + char c; + + if( argc != 2 ) + { + mbedtls_printf( "This program takes exactly 1 agument\n" ); + usage(); + return( exit_code ); + } + + fp = fopen( argv[1], "r" ); + if( fp == NULL ) + { + mbedtls_printf( "Could not open file '%s'\n", argv[1] ); + return( exit_code ); + } + + while( ( c = fgetc( fp ) ) != EOF && p < end - 1 ) + *p++ = c; + *p = '\0'; + + if( p - buf != 0 ) + { + mbedtls_printf( "%s\n", buf ); + mbedtls_zeroize( buf, sizeof( buf ) ); + exit_code = MBEDTLS_EXIT_SUCCESS; + } + else + mbedtls_printf( "The file is empty!\n" ); + + fclose( fp ); + + return( exit_code ); +} From ddebc49f286e3fa789fefd178604a7c213e8a159 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:16:34 +0100 Subject: [PATCH 0960/1059] Add gdb script to test mbedtls_zeroize() The gdb script loads the programs/test/zeroize program and feeds it as imput its own source code. Then sets a breakpoint just before the last program's return code and checks that every element in memory was zeroized. Otherwise it signals a failure and terminates. The test was added to all.sh. --- tests/scripts/all.sh | 2 +- tests/scripts/test_zeroize.gdb | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 tests/scripts/test_zeroize.gdb diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 497a261c4b..81ab2ca90b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -421,7 +421,7 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" + "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" if [ $RUN_ARMCC -ne 0 ]; then check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" fi diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb new file mode 100644 index 0000000000..52b7cda7f8 --- /dev/null +++ b/tests/scripts/test_zeroize.gdb @@ -0,0 +1,25 @@ +set confirm off +file ./programs/test/zeroize +break zeroize.c:90 + +set args ./programs/test/zeroize.c +run + +set $i = 0 +set $len = sizeof(buf) +set $buf = buf + +if exit_code != 0 + echo The program did not terminate correctly\n + quit 1 +end + +while $i < $len + if $buf[$i++] != 0 + echo The buffer at was not zeroized\n + quit 1 + end +end + +echo The buffer was correctly zeroized\n +quit 0 From 9a65b1de2a7b986ea91bdba07f4d437c9539b1a1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:30:29 +0100 Subject: [PATCH 0961/1059] Add utils.h ChangeLog entry --- ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9ee82c6853..7e915e7108 100644 --- a/ChangeLog +++ b/ChangeLog @@ -286,6 +286,11 @@ New deprecations from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() accepting DHM parameters in binary form, matching the new constants. +API Changes + * Create a new header utils.h that contains functionality shared by multiple + mbed TLS modules. At this stage utils.h (and its associated utils.c) only + contain mbedtls_zeroize(). + Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. From c6b0abd5a6e3cac8c6b16154dadebd505727a17b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:35:13 +0100 Subject: [PATCH 0962/1059] Fix alignment of Makefiles --- programs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/Makefile b/programs/Makefile index 4e659d4859..080e82d88c 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -67,7 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ random/gen_random_ctr_drbg$(EXEXT) \ test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \ - test/zeroize$(EXEXT) \ + test/zeroize$(EXEXT) \ util/pem2der$(EXEXT) util/strerror$(EXEXT) \ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \ From f2d17929c032109f86933e6d677732084893f9bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Oct 2017 22:47:14 +0100 Subject: [PATCH 0963/1059] Document test_zeroize.gdb script --- tests/scripts/test_zeroize.gdb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 52b7cda7f8..15b8b09b33 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,3 +1,20 @@ +# test_zeroize.gdb +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# +# Run a test using the debugger to check that the mbedtls_zeroize() function in +# utils.h is not being optimized out by the compiler. To do so, the script +# loads the test program at programs/test/zeroize.c and sets a breakpoint at +# the last return statement in the main(). When the breakpoint is hit, the +# debugger manually checks the contents to be zeroized and checks that it is +# actually cleared. +# +# Note: This test requires that the test program is compiled with -g3. + set confirm off file ./programs/test/zeroize break zeroize.c:90 From d0d7bf614eb82db6cdbc7551dd05cb3cd9cfbb54 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:01:31 +0100 Subject: [PATCH 0964/1059] Add gdb zeroize test when compiling with clang --- tests/scripts/all.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 81ab2ca90b..f450628183 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -907,6 +907,16 @@ make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" +msg "test: gcc, mbedtls_zeroize()" +cleanup +CC=gcc DEBUG=1 make programs +gdb -x tests/scripts/test_zeroize.gdb + +msg "test: clang, mbedtls_zeroize()" +cleanup +CC=clang DEBUG=1 make programs +gdb -x tests/scripts/test_zeroize.gdb + ################################################################ From e32df087fb3193dbb2689354492a11464db3adb0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:37:04 +0100 Subject: [PATCH 0965/1059] Remove individual copies of mbedtls_zeroize() This commit removes all the static occurrencies of the function mbedtls_zeroize() in each of the individual .c modules. Instead the function has been moved to utils.h that is included in each of the modules. --- library/aes.c | 6 +----- library/arc4.c | 6 +----- library/asn1parse.c | 6 +----- library/blowfish.c | 6 +----- library/camellia.c | 6 +----- library/ccm.c | 6 +----- library/cipher.c | 6 +----- library/cmac.c | 6 +----- library/ctr_drbg.c | 6 +----- library/des.c | 6 +----- library/dhm.c | 5 +---- library/ecp.c | 6 +----- library/entropy.c | 6 +----- library/gcm.c | 6 +----- library/havege.c | 6 +----- library/hmac_drbg.c | 6 +----- library/md.c | 6 +----- library/md2.c | 6 +----- library/md4.c | 6 +----- library/md5.c | 6 +----- library/memory_buffer_alloc.c | 6 +----- library/pem.c | 6 +----- library/pk.c | 7 ++----- library/pk_wrap.c | 11 ++++------- library/pkcs12.c | 6 +----- library/pkparse.c | 9 +-------- library/ripemd160.c | 6 +----- library/rsa.c | 6 +----- library/sha1.c | 6 +----- library/sha256.c | 6 +----- library/sha512.c | 6 +----- library/ssl_cli.c | 5 +---- library/ssl_cookie.c | 6 +----- library/ssl_srv.c | 5 +---- library/ssl_ticket.c | 6 +----- library/ssl_tls.c | 6 +----- library/x509_crl.c | 6 +----- library/x509_crt.c | 6 +----- library/x509_csr.c | 6 +----- library/x509write_crt.c | 6 +----- library/x509write_csr.c | 6 +----- library/xtea.c | 6 +----- 42 files changed, 46 insertions(+), 212 deletions(-) diff --git a/library/aes.c b/library/aes.c index da94b19439..797e00fa39 100644 --- a/library/aes.c +++ b/library/aes.c @@ -36,6 +36,7 @@ #include #include "mbedtls/aes.h" +#include "mbedtls/utils.h" #if defined(MBEDTLS_PADLOCK_C) #include "mbedtls/padlock.h" #endif @@ -54,11 +55,6 @@ #if !defined(MBEDTLS_AES_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/arc4.c b/library/arc4.c index 05b33d3fdb..a6d2d4ef3e 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_ARC4_C) #include "mbedtls/arc4.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_ARC4_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_arc4_context ) ); diff --git a/library/asn1parse.c b/library/asn1parse.c index 4dd65c03c0..10ec3d8cbf 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" +#include "mbedtls/utils.h" #include @@ -43,11 +44,6 @@ #define mbedtls_free free #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * ASN.1 DER decoding routines */ diff --git a/library/blowfish.c b/library/blowfish.c index 9003f0dfeb..59c5798886 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -34,16 +34,12 @@ #if defined(MBEDTLS_BLOWFISH_C) #include "mbedtls/blowfish.h" +#include "mbedtls/utils.h" #include #if !defined(MBEDTLS_BLOWFISH_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/camellia.c b/library/camellia.c index ac6f96a83a..b2115c4a6f 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_CAMELLIA_C) #include "mbedtls/camellia.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_CAMELLIA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/ccm.c b/library/ccm.c index 9101e5f7c7..a7a2cc4465 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -37,6 +37,7 @@ #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" +#include "mbedtls/utils.h" #include @@ -51,11 +52,6 @@ #if !defined(MBEDTLS_CCM_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - #define CCM_ENCRYPT 0 #define CCM_DECRYPT 1 diff --git a/library/cipher.c b/library/cipher.c index 7369f48230..1b2e569cb2 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -33,6 +33,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/cipher_internal.h" +#include "mbedtls/utils.h" #include #include @@ -60,11 +61,6 @@ #define MBEDTLS_CIPHER_MODE_STREAM #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - static int supported_init = 0; const int *mbedtls_cipher_list( void ) diff --git a/library/cmac.c b/library/cmac.c index a4a2106f20..54ad843407 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -49,6 +49,7 @@ #if defined(MBEDTLS_CMAC_C) #include "mbedtls/cmac.h" +#include "mbedtls/utils.h" #include @@ -67,11 +68,6 @@ #if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * Multiplication by u in the Galois field of GF(2^n) * diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index ff532a0134..ae6d62f347 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" +#include "mbedtls/utils.h" #include @@ -49,11 +50,6 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * CTR_DRBG context initialization */ diff --git a/library/des.c b/library/des.c index 09f95cfc3b..863a80c48b 100644 --- a/library/des.c +++ b/library/des.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_DES_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/dhm.c b/library/dhm.c index 28ac31003c..5e510de2d1 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -36,6 +36,7 @@ #if defined(MBEDTLS_DHM_C) #include "mbedtls/dhm.h" +#include "mbedtls/utils.h" #include @@ -58,10 +59,6 @@ #endif #if !defined(MBEDTLS_DHM_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} /* * helper to validate the mbedtls_mpi size and import it diff --git a/library/ecp.c b/library/ecp.c index 92a188b665..a2a1225189 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -51,6 +51,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/threading.h" +#include "mbedtls/utils.h" #include @@ -73,11 +74,6 @@ #define inline __inline #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #if defined(MBEDTLS_SELF_TEST) /* * Counts of point addition and doubling, and field multiplications. diff --git a/library/entropy.c b/library/entropy.c index e17512e779..37fdf3a9a7 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -35,6 +35,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" +#include "mbedtls/utils.h" #include @@ -59,11 +60,6 @@ #include "mbedtls/havege.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) diff --git a/library/gcm.c b/library/gcm.c index 294a86d3d4..39e8dd3f23 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -38,6 +38,7 @@ #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" +#include "mbedtls/utils.h" #include @@ -80,11 +81,6 @@ } #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialize a context */ diff --git a/library/havege.c b/library/havege.c index 2b75ef7bd8..c9bb64dc11 100644 --- a/library/havege.c +++ b/library/havege.c @@ -36,14 +36,10 @@ #include "mbedtls/havege.h" #include "mbedtls/timing.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* ------------------------------------------------------------------------ * On average, one iteration accesses two 8-word blocks in the havege WALK * table, and generates 16 words in the RES array. diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 24c609e9ce..1ef819d860 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_HMAC_DRBG_C) #include "mbedtls/hmac_drbg.h" +#include "mbedtls/utils.h" #include @@ -50,11 +51,6 @@ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * HMAC_DRBG context initialization */ diff --git a/library/md.c b/library/md.c index 00249af78b..c54ae85a90 100644 --- a/library/md.c +++ b/library/md.c @@ -33,6 +33,7 @@ #include "mbedtls/md.h" #include "mbedtls/md_internal.h" +#include "mbedtls/utils.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -48,11 +49,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ diff --git a/library/md2.c b/library/md2.c index b88aa406af..37e35dc582 100644 --- a/library/md2.c +++ b/library/md2.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_MD2_C) #include "mbedtls/md2.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_MD2_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - static const unsigned char PI_SUBST[256] = { 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, diff --git a/library/md4.c b/library/md4.c index ba704f58e8..a98d0a853e 100644 --- a/library/md4.c +++ b/library/md4.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_MD4_C) #include "mbedtls/md4.h" +#include "mbedtls/utils.h" #include @@ -48,11 +49,6 @@ #if !defined(MBEDTLS_MD4_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/md5.c b/library/md5.c index 8440ebffcf..f439a73ba3 100644 --- a/library/md5.c +++ b/library/md5.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_MD5_C) #include "mbedtls/md5.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_MD5_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 821ae2c708..68f094b3dc 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -31,6 +31,7 @@ /* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C is dependent upon MBEDTLS_PLATFORM_C */ #include "mbedtls/platform.h" +#include "mbedtls/utils.h" #include @@ -42,11 +43,6 @@ #include "mbedtls/threading.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define MAGIC1 0xFF00AA55 #define MAGIC2 0xEE119966 #define MAX_BT 20 diff --git a/library/pem.c b/library/pem.c index 13f9208693..527c5f44b5 100644 --- a/library/pem.c +++ b/library/pem.c @@ -33,6 +33,7 @@ #include "mbedtls/aes.h" #include "mbedtls/md5.h" #include "mbedtls/cipher.h" +#include "mbedtls/utils.h" #include @@ -45,11 +46,6 @@ #endif #if defined(MBEDTLS_PEM_PARSE_C) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_pem_init( mbedtls_pem_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_pem_context ) ); diff --git a/library/pk.c b/library/pk.c index b52c73fbc6..bd3e4275da 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,6 +29,8 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" +#include "mbedtls/utils.h" + #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif @@ -42,11 +44,6 @@ #include #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialise a mbedtls_pk_context */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 5446e23507..2e09711104 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -41,6 +41,10 @@ #include "mbedtls/ecdsa.h" #endif +#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) +#include "mbedtls/utils.h" +#endif + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -52,13 +56,6 @@ #include #include -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} -#endif - #if defined(MBEDTLS_RSA_C) static int rsa_can_do( mbedtls_pk_type_t type ) { diff --git a/library/pkcs12.c b/library/pkcs12.c index c603a13577..98b8324a97 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -36,6 +36,7 @@ #include "mbedtls/pkcs12.h" #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #include "mbedtls/des.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations ) { diff --git a/library/pkparse.c b/library/pkparse.c index 5ad5edf849..093ef58176 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -30,6 +30,7 @@ #include "mbedtls/pk.h" #include "mbedtls/asn1.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -60,14 +61,6 @@ #define mbedtls_free free #endif -#if defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} -#endif - #if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. diff --git a/library/ripemd160.c b/library/ripemd160.c index 2ba48b7fdb..6cf027f8d2 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_RIPEMD160_C) #include "mbedtls/ripemd160.h" +#include "mbedtls/utils.h" #include @@ -71,11 +72,6 @@ } #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) ); diff --git a/library/rsa.c b/library/rsa.c index 2185040869..9e4a0f08f7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -48,6 +48,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -70,11 +71,6 @@ #if !defined(MBEDTLS_RSA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - #if defined(MBEDTLS_PKCS1_V15) /* constant-time buffer comparison */ static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) diff --git a/library/sha1.c b/library/sha1.c index 1f29a0fbf8..a7577b4ef8 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA1_C) #include "mbedtls/sha1.h" +#include "mbedtls/utils.h" #include @@ -47,11 +48,6 @@ #if !defined(MBEDTLS_SHA1_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/sha256.c b/library/sha256.c index f39bcbab6c..c92f2804cd 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA256_C) #include "mbedtls/sha256.h" +#include "mbedtls/utils.h" #include @@ -50,11 +51,6 @@ #if !defined(MBEDTLS_SHA256_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ diff --git a/library/sha512.c b/library/sha512.c index 97cee07c56..e8d1b69c6a 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_SHA512_C) #include "mbedtls/sha512.h" +#include "mbedtls/utils.h" #if defined(_MSC_VER) || defined(__WATCOMC__) #define UL64(x) x##ui64 @@ -56,11 +57,6 @@ #if !defined(MBEDTLS_SHA512_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 64-bit integer manipulation macros (big endian) */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 738014e9ef..8ab9886a51 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -48,10 +48,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +#include "mbedtls/utils.h" #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index caf119990d..ec0814a2ea 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -40,14 +40,10 @@ #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is * available. Try SHA-256 first, 512 wastes resources since we need to stay diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2c180f13f4..b4934a3a6c 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -50,10 +50,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} +#include "mbedtls/utils.h" #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 4d9116d214..9e2276d2ed 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,14 +36,10 @@ #endif #include "mbedtls/ssl_ticket.h" +#include "mbedtls/utils.h" #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Initialze context */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8063d2c1a..84f9c77ac9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -46,6 +46,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/utils.h" #include @@ -53,11 +54,6 @@ #include "mbedtls/oid.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* Length of the "epoch" field in the record header */ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) { diff --git a/library/x509_crl.c b/library/x509_crl.c index b0f39d428b..09c7ac3186 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -39,6 +39,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -66,11 +67,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Version ::= INTEGER { v1(0), v2(1) } */ diff --git a/library/x509_crt.c b/library/x509_crt.c index afff4e18bf..c9969a80d4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -41,6 +41,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include #include @@ -90,11 +91,6 @@ typedef struct { */ #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Default profile */ diff --git a/library/x509_csr.c b/library/x509_csr.c index 26a06db4f6..8a74db85f3 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -39,6 +39,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" +#include "mbedtls/utils.h" #include @@ -60,11 +61,6 @@ #include #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * Version ::= INTEGER { v1(0) } */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 41dfe87b75..dee77b8413 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -37,6 +37,7 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" #include "mbedtls/sha1.h" +#include "mbedtls/utils.h" #include @@ -44,11 +45,6 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e80053828f..482e65eb7a 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -35,6 +35,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" +#include "mbedtls/utils.h" #include #include @@ -43,11 +44,6 @@ #include "mbedtls/pem.h" #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); diff --git a/library/xtea.c b/library/xtea.c index fe0a3509f6..65b416545e 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_XTEA_C) #include "mbedtls/xtea.h" +#include "mbedtls/utils.h" #include @@ -42,11 +43,6 @@ #if !defined(MBEDTLS_XTEA_ALT) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (big endian) */ From b1262a3bdb5ae7e478a04ec44143fbb4d9e9d16c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 09:51:14 +0100 Subject: [PATCH 0966/1059] Allow compile-time alternate to mbedtls_zeroize() Add a new macro MBEDTLS_UTILS_ZEROIZE that allows users to configure mbedtls_zeroize() to an alternative definition when defined. If the macro is not defined, then mbed TLS will use the default definition of the function. --- include/mbedtls/config.h | 8 ++++++++ library/utils.c | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9585e69225..8c35b86cd5 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2852,6 +2852,14 @@ */ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE +/** + * \def MBEDTLS_UTILS_ZEROIZE_ALT + * + * Uncomment the macro to let mbed TLS use your alternate implementation of + * mbedtls_zeroize(). + */ +//#define MBEDTLS_UTILS_ZEROIZE_ALT + /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations */ diff --git a/library/utils.c b/library/utils.c index f943cb1c68..3819558f41 100644 --- a/library/utils.c +++ b/library/utils.c @@ -19,10 +19,17 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #include "mbedtls/utils.h" #include +#if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) /* This implementation should never be optimized out by the compiler */ void mbedtls_zeroize( void *buf, size_t len ) { @@ -31,3 +38,4 @@ void mbedtls_zeroize( void *buf, size_t len ) while( len-- ) *p++ = 0; } +#endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ From 24768bfa370ad72ccd4fda6c74bccc5dc158546f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 10:33:25 +0100 Subject: [PATCH 0967/1059] Improve test_zeroize.gdb breakpoint Improve the position of the breakpoint to be set at a line of code that is less likely to be optimised out by the compiler. Setting the breakpoint at a place that can be easily optimised out by the compiler will cause the gdb script to fail as it cannot match the source code line to the compiled code. For this reason the breakpoint is now set at the fclose() call which is very unlikely to be optimised out or there might be a resource leak. --- tests/scripts/test_zeroize.gdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 15b8b09b33..e0b1ac5b50 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -17,7 +17,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:90 +break zeroize.c:88 set args ./programs/test/zeroize.c run From 2967381ccdadfc2f84e2da8b3072bc993e4e2e7e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 25 Oct 2017 10:35:51 +0100 Subject: [PATCH 0968/1059] Extend zeroize tests to multiple optimizations Extend the all.sh test to cover multiple compiler optimization levels. At the momment, the test is run using gcc and clang. --- tests/scripts/all.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f450628183..53f2a93deb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -907,15 +907,14 @@ make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" -msg "test: gcc, mbedtls_zeroize()" -cleanup -CC=gcc DEBUG=1 make programs -gdb -x tests/scripts/test_zeroize.gdb - -msg "test: clang, mbedtls_zeroize()" -cleanup -CC=clang DEBUG=1 make programs -gdb -x tests/scripts/test_zeroize.gdb +for optimization_flag in -O2 -O3 -Ofast -Os; do + for compiler in clang gcc; do + msg "test: $compiler $optimization_flag, mbedtls_zeroize()" + cleanup + CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs + gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx + done +done From ecd1891c5128b5293138c3f350b6e68bce5ca579 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 26 Oct 2017 22:43:41 +0100 Subject: [PATCH 0969/1059] Change mbedtls_zeroize() to prevent optimizations Change mbedtls_zeroize() implementation to use memset() instead of a custom implementation for performance reasons. Furthermore, we would also like to prevent as much as we can compiler optimisations that remove zeroization code. The implementation of mbedtls_zeroize() now uses a volatile function pointer to memset() as suggested by Colin Percival at: http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html --- library/utils.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/library/utils.c b/library/utils.c index 3819558f41..1adf8adf40 100644 --- a/library/utils.c +++ b/library/utils.c @@ -28,14 +28,33 @@ #include "mbedtls/utils.h" #include +#include #if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) -/* This implementation should never be optimized out by the compiler */ +/* + * This implementation should never be optimized out by the compiler + * + * This implementation for mbedtls_zeroize() uses a volatile function pointer. + * We always know that it points to memset(), but because it is volatile the + * compiler expects it to change at any time and will not optimize out the + * call that could potentially perform other operations on the input buffer + * instead of just setting it to 0. Nevertheless, optimizations of the + * following form are still possible: + * + * if( memset_func != memset ) + * memset_func( buf, 0, len ); + * + * Note that it is extremely difficult to guarantee that mbedtls_zeroize() + * will not be optimized out by aggressive compilers in a portable way. For + * this reason, mbed TLS also provides the configuration option + * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure + * mbedtls_zeroize() to use a suitable implementation for their platform and + * needs. + */ +static void * (* const volatile memset_func)( void *, int, size_t ) = memset; + void mbedtls_zeroize( void *buf, size_t len ) { - volatile unsigned char *p = (unsigned char *)buf; - - while( len-- ) - *p++ = 0; + memset_func( buf, 0, len ); } #endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ From 0bd4237c2a02c8ef4d3858ebb6ad2bf5f8723094 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 26 Oct 2017 23:19:01 +0100 Subject: [PATCH 0970/1059] Fix formatting in utils.c file comment --- library/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/utils.c b/library/utils.c index 1adf8adf40..62b3244ed2 100644 --- a/library/utils.c +++ b/library/utils.c @@ -1,5 +1,5 @@ /* - * mbedtls utility functions + * mbed TLS utility functions * * Copyright (C) 2017, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 From 88f8f41e5af4dfe7ef5a0b21657bb1065bd76ba5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 31 Oct 2017 21:27:59 +0000 Subject: [PATCH 0971/1059] Move zeroize func call to end of program in zeroize.c --- programs/test/zeroize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 7f3e8b4013..efd5980012 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -79,13 +79,13 @@ int main( int argc, char** argv ) if( p - buf != 0 ) { mbedtls_printf( "%s\n", buf ); - mbedtls_zeroize( buf, sizeof( buf ) ); exit_code = MBEDTLS_EXIT_SUCCESS; } else mbedtls_printf( "The file is empty!\n" ); fclose( fp ); + mbedtls_zeroize( buf, sizeof( buf ) ); return( exit_code ); } From 7111a0d13ba0b49ab2711265817ec1911e554beb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 31 Oct 2017 21:28:31 +0000 Subject: [PATCH 0972/1059] Change test_zeroize.gdb script breakpoint due to zeroize.c change --- tests/scripts/test_zeroize.gdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index e0b1ac5b50..15b8b09b33 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -17,7 +17,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:88 +break zeroize.c:90 set args ./programs/test/zeroize.c run From 6e34e63eb30814957b18971719791363f501b11f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 1 Nov 2017 10:03:09 +0000 Subject: [PATCH 0973/1059] Fix style in programs/test/zeroize.c --- programs/test/zeroize.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index efd5980012..14292b108f 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -52,7 +52,7 @@ void usage( void ) int main( int argc, char** argv ) { int exit_code = MBEDTLS_EXIT_FAILURE; - FILE * fp; + FILE *fp; char buf[BUFFER_LEN]; char *p = buf; char *end = p + BUFFER_LEN; From 806f403a02f0501c15618a399209a7208f041d0f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 1 Nov 2017 10:03:36 +0000 Subject: [PATCH 0974/1059] Improve detection of program exit code in gdb script --- tests/scripts/test_zeroize.gdb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 15b8b09b33..df15c8ab43 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -26,11 +26,6 @@ set $i = 0 set $len = sizeof(buf) set $buf = buf -if exit_code != 0 - echo The program did not terminate correctly\n - quit 1 -end - while $i < $len if $buf[$i++] != 0 echo The buffer at was not zeroized\n @@ -39,4 +34,12 @@ while $i < $len end echo The buffer was correctly zeroized\n + +continue + +if $_exitcode != 0 + echo The program did not terminate correctly\n + quit 1 +end + quit 0 From 1962405be15395797f4d47f537dc1c8c24311770 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:06:03 +0000 Subject: [PATCH 0975/1059] Justify moving zeroize() to utils in ChangeLog --- ChangeLog | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7e915e7108..fe588a4b8e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,15 @@ API Changes if more data is pending to be processed in the internal message buffers. This function is necessary to determine when it is safe to idle on the underlying transport in case event-driven IO is used. + * Extend the platform module with a util component that contains + functionality shared by multiple Mbed TLS modules. At this stage + platform_util.h (and its associated platform_util.c) only contain + mbedtls_platform_zeroize(), which is a critical function from a security + point of view. mbedtls_platform_zeroize() needs to be regularly tested + against compilers to ensure that calls to it are not removed from the + output binary as part of redundant code elimination optimizations. + Therefore, mbedtls_platform_zeroize() is moved to the platform module to + facilitate testing and maintenance. Bugfix * Fix spurious uninitialized variable warning in cmac.c. Fix independently @@ -286,11 +295,6 @@ New deprecations from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() accepting DHM parameters in binary form, matching the new constants. -API Changes - * Create a new header utils.h that contains functionality shared by multiple - mbed TLS modules. At this stage utils.h (and its associated utils.c) only - contain mbedtls_zeroize(). - Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. From 6606d5c4141d970dab05e8667bff4fa965c6d79f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:25:29 +0000 Subject: [PATCH 0976/1059] Add config.h docs for MBEDTLS_UTILS_ZEROIZE_ALT --- include/mbedtls/config.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 8c35b86cd5..7f0941fcf6 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2856,7 +2856,20 @@ * \def MBEDTLS_UTILS_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). + * mbedtls_zeroize(). This replaced the default implementation in utils.c. + * + * mbedtls_zeroize() is a widely used function across the library to zero a + * block of memory. The implementation is expected to be secure in the sense + * that it has been written to prevent the compiler from removing calls to + * mbedtls_zeroize() as part of redundant code elimination optimizations. + * However, it is difficult to guarantee that calls to mbedtls_zeroize() will + * not be optimized by the compiler as older versions of the C language + * standards do not provide a secure implementation of memset(). Therefore, + * MBEDTLS_UTILS_ZEROIZE_ALT enables users to configure their own + * implementation of mbedtls_zeroize(), for example by using directives + * specific to their compiler, features from the C standard (e.g using + * memset_s() in C11) or calling a secure memset() from their system (e.g + * explicit_bzero() in BSD). */ //#define MBEDTLS_UTILS_ZEROIZE_ALT From 1e8ea5fa68223351553192a608ac06a6ac8dfbc3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 20:46:39 +0000 Subject: [PATCH 0977/1059] Improve docs for mbedtls_zeroize() and add refs --- include/mbedtls/utils.h | 7 +++++++ library/utils.c | 20 +++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h index 61b1b76c0d..cb03fb0e45 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/utils.h @@ -33,6 +33,13 @@ * * \note This implementation should never be optimized out by the * compiler + * + * \note It is extremely difficult to guarantee that calls to + * mbedtls_zeroize() are not removed by aggressive compiler + * optimizations in a portable way. For this reason, Mbed TLS + * provides the configuration option MBEDTLS_UTILS_ZEROIZE_ALT, + * which allows users to configure mbedtls_zeroize() to use a + * suitable implementation for their platform and needs */ void mbedtls_zeroize( void *buf, size_t len ); diff --git a/library/utils.c b/library/utils.c index 62b3244ed2..e7fef6da1b 100644 --- a/library/utils.c +++ b/library/utils.c @@ -34,19 +34,25 @@ /* * This implementation should never be optimized out by the compiler * - * This implementation for mbedtls_zeroize() uses a volatile function pointer. - * We always know that it points to memset(), but because it is volatile the - * compiler expects it to change at any time and will not optimize out the - * call that could potentially perform other operations on the input buffer - * instead of just setting it to 0. Nevertheless, optimizations of the - * following form are still possible: + * This implementation for mbedtls_zeroize() was inspired from Colin Percival's + * blog article at: + * + * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html + * + * It uses a volatile function pointer to the standard memset(). Because the + * pointer is volatile the compiler expects it to change at + * any time and will not optimize out the call that could potentially perform + * other operations on the input buffer instead of just setting it to 0. + * Nevertheless, as pointed out by davidtgoldblatt on Hacker News + * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for + * details), optimizations of the following form are still possible: * * if( memset_func != memset ) * memset_func( buf, 0, len ); * * Note that it is extremely difficult to guarantee that mbedtls_zeroize() * will not be optimized out by aggressive compilers in a portable way. For - * this reason, mbed TLS also provides the configuration option + * this reason, Mbed TLS also provides the configuration option * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure * mbedtls_zeroize() to use a suitable implementation for their platform and * needs. From 42defd10a6ff408a7c4502e3cf53df6c35a4dd94 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 21:21:40 +0000 Subject: [PATCH 0978/1059] Improve docs for zeroize.c and test_zeroize.gdb --- programs/test/zeroize.c | 11 ++++++++++- tests/scripts/test_zeroize.gdb | 27 ++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 14292b108f..d7f2337d30 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -1,5 +1,14 @@ /* - * Zeroize demonstration program + * Zeroize application for debugger-driven testing + * + * This is a simple test application used for debbuger-driven testing to check + * whether calls to mbedtls_zeroize() are being eliminated by compiler + * optimizations. This application is used by the GDB script at + * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not + * change often (as opposed to the library code) because the script sets a + * breakpoint at the last return statement in the main() function of this + * program. The debugger facilities are then used to manually inspect the + * memory and verify that the call to mbedtls_zeroize() was not eliminated. * * Copyright (C) 2017, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index df15c8ab43..c6184ee60a 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -13,11 +13,36 @@ # debugger manually checks the contents to be zeroized and checks that it is # actually cleared. # +# The mbedtls_zeroize() test is debugger driven because there does not seem to +# be a mechanism to reliably check whether the zeroize calls are being +# eliminated by compiler optimizations from within the compiled program. The +# problem is that a compiler would typically remove what it considers to be +# "unecessary" assignments as part of redundant code elimination. To identify +# such code, the compilar will create some form dependency graph between +# reads and writes to variables (among other situations). It will then use this +# data structure to remove redundant code that does not have an impact on the +# program's observable behavior. In the case of mbedtls_zeroize(), an +# intelligent compiler could determine that this function clears a block of +# memory that is not accessed later in the program, so removing the call to +# mbedtls_zeroize() does not have an observable behavior. However, inserting a +# test after a call to mbedtls_zeroize() to check whether the block of +# memory was correctly zeroed would force the compiler to not eliminate the +# mbedtls_zeroize() call. If this does not occur, then the compiler potentially +# has a bug. +# # Note: This test requires that the test program is compiled with -g3. +# +# WARNING: There does not seem to be a mechanism in GDB scripts to set a +# breakpoint at the end of a function (probably because there are a lot of +# complications as function can have multiple exit points, etc). Therefore, it +# was necessary to hard-code the line number of the breakpoint in the zeroize.c +# test app. The assumption is that zeroize.c is a simple test app that does not +# change often (as opposed to the actual library code), so the breakpoint line +# number does not need to be updated often. set confirm off file ./programs/test/zeroize -break zeroize.c:90 +break zeroize.c:99 set args ./programs/test/zeroize.c run From 757cd72edf710e44ca864df7f1daccb6a7660973 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 8 Mar 2018 21:25:25 +0000 Subject: [PATCH 0979/1059] Update license headers year and branding --- include/mbedtls/utils.h | 6 +++--- library/utils.c | 6 +++--- programs/test/zeroize.c | 2 +- tests/scripts/test_zeroize.gdb | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/utils.h b/include/mbedtls/utils.h index cb03fb0e45..7eb2b68bf5 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/utils.h @@ -1,9 +1,9 @@ /** * \file utils.h * - * \brief mbed TLS utility functions + * \brief Mbed TLS utility functions * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -18,7 +18,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_UTILS_H #define MBEDTLS_UTILS_H diff --git a/library/utils.c b/library/utils.c index e7fef6da1b..34629eb97a 100644 --- a/library/utils.c +++ b/library/utils.c @@ -1,7 +1,7 @@ /* - * mbed TLS utility functions + * Mbed TLS utility functions * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -16,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index d7f2337d30..a7b94e2056 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -10,7 +10,7 @@ * program. The debugger facilities are then used to manually inspect the * memory and verify that the call to mbedtls_zeroize() was not eliminated. * - * Copyright (C) 2017, ARM Limited, All Rights Reserved + * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index c6184ee60a..574379b047 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,8 +1,8 @@ # test_zeroize.gdb # -# This file is part of mbed TLS (https://tls.mbed.org) +# This file is part of Mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2017, ARM Limited, All Rights Reserved +# Copyright (c) 2018, Arm Limited, All Rights Reserved # # Purpose # From ae8e30697345cf022dc27cfa1aa5b37fc74eefc7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 13 Mar 2018 19:19:16 +0000 Subject: [PATCH 0980/1059] Fix docs typos for zeroize related features/test --- include/mbedtls/config.h | 2 +- programs/test/zeroize.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 7f0941fcf6..69754cf672 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2856,7 +2856,7 @@ * \def MBEDTLS_UTILS_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). This replaced the default implementation in utils.c. + * mbedtls_zeroize(). This replaces the default implementation in utils.c. * * mbedtls_zeroize() is a widely used function across the library to zero a * block of memory. The implementation is expected to be secure in the sense diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index a7b94e2056..9f77425547 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -1,7 +1,7 @@ /* * Zeroize application for debugger-driven testing * - * This is a simple test application used for debbuger-driven testing to check + * This is a simple test application used for debugger-driven testing to check * whether calls to mbedtls_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not From ec5d416cb2f09642a867d330e7c6b2934c30616e Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 15:55:28 +0100 Subject: [PATCH 0981/1059] Update ecdsa.h minor fix based on review comments --- include/mbedtls/ecdsa.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 806c417ef4..11df7e2157 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -238,7 +238,8 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t * * \see ecp.h * - * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 + * \deprecated Superseded by mbedtls_ecdsa_write_signature() in + * Mbed TLS version 2.0 and later. * * \param ctx The ECDSA context. * \param hash The message hash. From 904e1efb8c69fc8395a5575a2a48d13ac3bfab22 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 09:16:30 -0500 Subject: [PATCH 0982/1059] Make utils module part of the platform --- include/mbedtls/{utils.h => platform_util.h} | 35 +++++++++++++------- library/CMakeLists.txt | 2 +- library/Makefile | 2 +- library/{utils.c => platform_util.c} | 25 +++++++------- 4 files changed, 38 insertions(+), 26 deletions(-) rename include/mbedtls/{utils.h => platform_util.h} (58%) rename library/{utils.c => platform_util.c} (70%) diff --git a/include/mbedtls/utils.h b/include/mbedtls/platform_util.h similarity index 58% rename from include/mbedtls/utils.h rename to include/mbedtls/platform_util.h index 7eb2b68bf5..bda97102c8 100644 --- a/include/mbedtls/utils.h +++ b/include/mbedtls/platform_util.h @@ -1,8 +1,10 @@ /** - * \file utils.h - * - * \brief Mbed TLS utility functions + * \file platform_util.h * + * \brief Common and shared functions used by multiple modules in the Mbed TLS + * library. + */ +/* * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * @@ -20,11 +22,15 @@ * * This file is part of Mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_UTILS_H -#define MBEDTLS_UTILS_H +#ifndef MBEDTLS_PLATFORM_UTIL_H +#define MBEDTLS_PLATFORM_UTIL_H #include +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Securely zeroize a buffer * @@ -35,12 +41,17 @@ * compiler * * \note It is extremely difficult to guarantee that calls to - * mbedtls_zeroize() are not removed by aggressive compiler - * optimizations in a portable way. For this reason, Mbed TLS - * provides the configuration option MBEDTLS_UTILS_ZEROIZE_ALT, - * which allows users to configure mbedtls_zeroize() to use a - * suitable implementation for their platform and needs + * mbedtls_platform_zeroize() are not removed by aggressive + * compiler optimizations in a portable way. For this reason, Mbed + * TLS provides the configuration option + * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure + * mbedtls_platform_zeroize() to use a suitable implementation for + * their platform and needs */ -void mbedtls_zeroize( void *buf, size_t len ); +void mbedtls_platform_zeroize( void *buf, size_t len ); -#endif /* MBEDTLS_UTILS_H */ +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_PLATFORM_UTIL_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 24a2484a32..648b151a08 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -57,7 +57,7 @@ set(src_crypto version.c version_features.c xtea.c - utils.c + platform_util.c ) set(src_x509 diff --git a/library/Makefile b/library/Makefile index 46dce4e6ff..fd4544aa49 100644 --- a/library/Makefile +++ b/library/Makefile @@ -66,7 +66,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ version_features.o xtea.o \ - utils.o + platform_util.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ diff --git a/library/utils.c b/library/platform_util.c similarity index 70% rename from library/utils.c rename to library/platform_util.c index 34629eb97a..498e214ff5 100644 --- a/library/utils.c +++ b/library/platform_util.c @@ -1,5 +1,6 @@ /* - * Mbed TLS utility functions + * Common and shared functions used by multiple modules in the Mbed TLS + * library. * * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -30,12 +31,12 @@ #include #include -#if !defined(MBEDTLS_UTILS_ZEROIZE_ALT) +#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) /* * This implementation should never be optimized out by the compiler * - * This implementation for mbedtls_zeroize() was inspired from Colin Percival's - * blog article at: + * This implementation for mbedtls_platform_zeroize() was inspired from Colin + * Percival's blog article at: * * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html * @@ -50,17 +51,17 @@ * if( memset_func != memset ) * memset_func( buf, 0, len ); * - * Note that it is extremely difficult to guarantee that mbedtls_zeroize() - * will not be optimized out by aggressive compilers in a portable way. For - * this reason, Mbed TLS also provides the configuration option - * MBEDTLS_UTILS_ZEROIZE_ALT, which allows users to configure - * mbedtls_zeroize() to use a suitable implementation for their platform and - * needs. + * Note that it is extremely difficult to guarantee that + * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers + * in a portable way. For this reason, Mbed TLS also provides the configuration + * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure + * mbedtls_platform_zeroize() to use a suitable implementation for their + * platform and needs. */ static void * (* const volatile memset_func)( void *, int, size_t ) = memset; -void mbedtls_zeroize( void *buf, size_t len ) +void mbedtls_platform_zeroize( void *buf, size_t len ) { memset_func( buf, 0, len ); } -#endif /* MBEDTLS_UTILS_ZEROIZE_ALT */ +#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ From 1f6301b3c889efb8e353aa8179f691123549d6c7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 09:51:09 -0500 Subject: [PATCH 0983/1059] Rename mbedtls_zeroize to mbedtls_platform_zeroize --- library/aes.c | 4 +-- library/arc4.c | 4 +-- library/asn1parse.c | 6 ++-- library/bignum.c | 18 ++++------ library/blowfish.c | 4 +-- library/camellia.c | 4 +-- library/ccm.c | 6 ++-- library/cipher.c | 7 ++-- library/cmac.c | 32 ++++++++--------- library/ctr_drbg.c | 18 +++++----- library/des.c | 14 ++++---- library/dhm.c | 8 ++--- library/ecp.c | 4 +-- library/entropy.c | 14 ++++---- library/gcm.c | 6 ++-- library/havege.c | 4 +-- library/hmac_drbg.c | 8 ++--- library/md.c | 11 +++--- library/md2.c | 4 +-- library/md4.c | 4 +-- library/md5.c | 4 +-- library/memory_buffer_alloc.c | 4 +-- library/pem.c | 22 ++++++------ library/pk.c | 4 +-- library/pk_wrap.c | 4 +-- library/pkcs12.c | 16 ++++----- library/pkparse.c | 10 +++--- library/platform.c | 11 ++---- library/platform_util.c | 2 +- library/ripemd160.c | 4 +-- library/rsa.c | 18 +++++----- library/sha1.c | 4 +-- library/sha256.c | 4 +-- library/sha512.c | 4 +-- library/ssl_cli.c | 6 ++-- library/ssl_cookie.c | 6 ++-- library/ssl_srv.c | 4 +-- library/ssl_ticket.c | 6 ++-- library/ssl_tls.c | 68 ++++++++++++++++++----------------- library/x509_crl.c | 13 +++---- library/x509_crt.c | 18 +++++----- library/x509_csr.c | 10 +++--- library/x509write_crt.c | 4 +-- library/x509write_csr.c | 4 +-- library/xtea.c | 4 +-- 45 files changed, 216 insertions(+), 218 deletions(-) diff --git a/library/aes.c b/library/aes.c index 797e00fa39..b0aea0091b 100644 --- a/library/aes.c +++ b/library/aes.c @@ -36,7 +36,7 @@ #include #include "mbedtls/aes.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PADLOCK_C) #include "mbedtls/padlock.h" #endif @@ -518,7 +518,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); } /* diff --git a/library/arc4.c b/library/arc4.c index a6d2d4ef3e..b8998ac6cd 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_ARC4_C) #include "mbedtls/arc4.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -58,7 +58,7 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); } /* diff --git a/library/asn1parse.c b/library/asn1parse.c index 10ec3d8cbf..171c340b8c 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -28,7 +28,7 @@ #if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -309,7 +309,7 @@ int mbedtls_asn1_get_alg( unsigned char **p, if( *p == end ) { - mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) ); + mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) ); return( 0 ); } @@ -354,7 +354,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur ) mbedtls_free( cur->oid.p ); mbedtls_free( cur->val.p ); - mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); + mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); } void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ) diff --git a/library/bignum.c b/library/bignum.c index 47bf1ef979..fb748d8a1e 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -45,6 +45,7 @@ #include "mbedtls/bignum.h" #include "mbedtls/bn_mul.h" +#include "mbedtls/platform_util.h" #include @@ -58,16 +59,6 @@ #define mbedtls_free free #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { - volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; -} - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ @@ -81,6 +72,11 @@ static void mbedtls_zeroize( void *v, size_t n ) { #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { + mbedtls_platform_zeroize( v, ciL * n ); +} + /* * Initialize one MPI */ @@ -1897,7 +1893,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) ); cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } diff --git a/library/blowfish.c b/library/blowfish.c index 59c5798886..5b6bb9885f 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_BLOWFISH_C) #include "mbedtls/blowfish.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -161,7 +161,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); } /* diff --git a/library/camellia.c b/library/camellia.c index b2115c4a6f..41b7da0fae 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_CAMELLIA_C) #include "mbedtls/camellia.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -329,7 +329,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); } /* diff --git a/library/ccm.c b/library/ccm.c index a7a2cc4465..cf6520935e 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -37,7 +37,7 @@ #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -98,7 +98,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) { mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); } /* @@ -339,7 +339,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, if( diff != 0 ) { - mbedtls_zeroize( output, length ); + mbedtls_platform_zeroize( output, length ); return( MBEDTLS_ERR_CCM_AUTH_FAILED ); } diff --git a/library/cipher.c b/library/cipher.c index 1b2e569cb2..a5cd61cdf3 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -33,7 +33,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/cipher_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -137,7 +137,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) #if defined(MBEDTLS_CMAC_C) if( ctx->cmac_ctx ) { - mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) ); + mbedtls_platform_zeroize( ctx->cmac_ctx, + sizeof( mbedtls_cmac_context_t ) ); mbedtls_free( ctx->cmac_ctx ); } #endif @@ -145,7 +146,7 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) if( ctx->cipher_ctx ) ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); + mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); } int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ) diff --git a/library/cmac.c b/library/cmac.c index 54ad843407..4d7a1f1693 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -49,7 +49,7 @@ #if defined(MBEDTLS_CMAC_C) #include "mbedtls/cmac.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -140,7 +140,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; size_t olen, block_size; - mbedtls_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize( L, sizeof( L ) ); block_size = ctx->cipher_info->block_size; @@ -158,7 +158,7 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, goto exit; exit: - mbedtls_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize( L, sizeof( L ) ); return( ret ); } @@ -234,7 +234,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, ctx->cmac_ctx = cmac_ctx; - mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); return 0; } @@ -326,8 +326,8 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, block_size = ctx->cipher_info->block_size; state = cmac_ctx->state; - mbedtls_zeroize( K1, sizeof( K1 ) ); - mbedtls_zeroize( K2, sizeof( K2 ) ); + mbedtls_platform_zeroize( K1, sizeof( K1 ) ); + mbedtls_platform_zeroize( K2, sizeof( K2 ) ); cmac_generate_subkeys( ctx, K1, K2 ); last_block = cmac_ctx->unprocessed_block; @@ -357,14 +357,14 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, exit: /* Wipe the generated keys on the stack, and any other transients to avoid * side channel leakage */ - mbedtls_zeroize( K1, sizeof( K1 ) ); - mbedtls_zeroize( K2, sizeof( K2 ) ); + mbedtls_platform_zeroize( K1, sizeof( K1 ) ); + mbedtls_platform_zeroize( K2, sizeof( K2 ) ); cmac_ctx->unprocessed_len = 0; - mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); + mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); + mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); return( ret ); } @@ -379,10 +379,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; - mbedtls_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_zeroize( cmac_ctx->state, - sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, + sizeof( cmac_ctx->unprocessed_block ) ); + mbedtls_platform_zeroize( cmac_ctx->state, + sizeof( cmac_ctx->state ) ); return( 0 ); } @@ -462,7 +462,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, output ); exit: - mbedtls_zeroize( int_key, sizeof( int_key ) ); + mbedtls_platform_zeroize( int_key, sizeof( int_key ) ); return( ret ); } diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index ae6d62f347..d0e5ba862d 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -121,7 +121,7 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_aes_free( &ctx->aes_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); } void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance ) @@ -241,16 +241,16 @@ exit: /* * tidy up the stack */ - mbedtls_zeroize( buf, sizeof( buf ) ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( key, sizeof( key ) ); - mbedtls_zeroize( chain, sizeof( chain ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( chain, sizeof( chain ) ); if( 0 != ret ) { /* * wipe partial seed from memory */ - mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); + mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); } return( ret ); @@ -489,7 +489,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); return( ret ); @@ -522,7 +522,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/des.c b/library/des.c index 863a80c48b..ca9e071f32 100644 --- a/library/des.c +++ b/library/des.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -312,7 +312,7 @@ void mbedtls_des_free( mbedtls_des_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) ); } void mbedtls_des3_init( mbedtls_des3_context *ctx ) @@ -325,7 +325,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) ); } static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, @@ -549,7 +549,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set2key( ctx->sk, sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -563,7 +563,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set2key( sk, ctx->sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -600,7 +600,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set3key( ctx->sk, sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } @@ -614,7 +614,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, uint32_t sk[96]; des3_set3key( sk, ctx->sk, key ); - mbedtls_zeroize( sk, sizeof( sk ) ); + mbedtls_platform_zeroize( sk, sizeof( sk ) ); return( 0 ); } diff --git a/library/dhm.c b/library/dhm.c index 5e510de2d1..82cbb0ce88 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -36,7 +36,7 @@ #if defined(MBEDTLS_DHM_C) #include "mbedtls/dhm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -434,7 +434,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P ); - mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); } #if defined(MBEDTLS_ASN1_PARSE_C) @@ -572,7 +572,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) { fclose( f ); - mbedtls_zeroize( *buf, *n + 1 ); + mbedtls_platform_zeroize( *buf, *n + 1 ); mbedtls_free( *buf ); return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); @@ -602,7 +602,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) ret = mbedtls_dhm_parse_dhm( dhm, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); diff --git a/library/ecp.c b/library/ecp.c index a2a1225189..41db3fbe5b 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -51,7 +51,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/threading.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -344,7 +344,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) mbedtls_free( grp->T ); } - mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); + mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) ); } /* diff --git a/library/entropy.c b/library/entropy.c index 37fdf3a9a7..f8db1a5503 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -35,7 +35,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -136,7 +136,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) ctx->initial_entropy_run = 0; #endif ctx->source_count = 0; - mbedtls_zeroize( ctx->source, sizeof( ctx->source ) ); + mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) ); ctx->accumulator_started = 0; } @@ -228,7 +228,7 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id #endif cleanup: - mbedtls_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); return( ret ); } @@ -296,7 +296,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -429,7 +429,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); #if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) @@ -482,7 +482,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p ret = 0; exit: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); return( ret ); @@ -512,7 +512,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/gcm.c b/library/gcm.c index 39e8dd3f23..57b027933d 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -38,7 +38,7 @@ #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -494,7 +494,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, if( diff != 0 ) { - mbedtls_zeroize( output, length ); + mbedtls_platform_zeroize( output, length ); return( MBEDTLS_ERR_GCM_AUTH_FAILED ); } @@ -504,7 +504,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) { mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); } #endif /* !MBEDTLS_GCM_ALT */ diff --git a/library/havege.c b/library/havege.c index c9bb64dc11..4dcac02875 100644 --- a/library/havege.c +++ b/library/havege.c @@ -36,7 +36,7 @@ #include "mbedtls/havege.h" #include "mbedtls/timing.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -204,7 +204,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs ) if( hs == NULL ) return; - mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) ); + mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) ); } /* diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 1ef819d860..dad55ff861 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_HMAC_DRBG_C) #include "mbedtls/hmac_drbg.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -334,7 +334,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif mbedtls_md_free( &ctx->md_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); } #if defined(MBEDTLS_FS_IO) @@ -360,7 +360,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha exit: fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -392,7 +392,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch fclose( f ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( ret != 0 ) return( ret ); diff --git a/library/md.c b/library/md.c index c54ae85a90..303cdcbeeb 100644 --- a/library/md.c +++ b/library/md.c @@ -33,7 +33,7 @@ #include "mbedtls/md.h" #include "mbedtls/md_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -189,11 +189,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) if( ctx->hmac_ctx != NULL ) { - mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size ); + mbedtls_platform_zeroize( ctx->hmac_ctx, + 2 * ctx->md_info->block_size ); mbedtls_free( ctx->hmac_ctx ); } - mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); } int mbedtls_md_clone( mbedtls_md_context_t *dst, @@ -307,7 +308,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne ret = md_info->finish_func( ctx.md_ctx, output ); cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); fclose( f ); mbedtls_md_free( &ctx ); @@ -357,7 +358,7 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, goto cleanup; cleanup: - mbedtls_zeroize( sum, sizeof( sum ) ); + mbedtls_platform_zeroize( sum, sizeof( sum ) ); return( ret ); } diff --git a/library/md2.c b/library/md2.c index 37e35dc582..1c0b3df52d 100644 --- a/library/md2.c +++ b/library/md2.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_MD2_C) #include "mbedtls/md2.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -89,7 +89,7 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) ); } void mbedtls_md2_clone( mbedtls_md2_context *dst, diff --git a/library/md4.c b/library/md4.c index a98d0a853e..3f8ddff31d 100644 --- a/library/md4.c +++ b/library/md4.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_MD4_C) #include "mbedtls/md4.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -82,7 +82,7 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) ); } void mbedtls_md4_clone( mbedtls_md4_context *dst, diff --git a/library/md5.c b/library/md5.c index f439a73ba3..8238c2b81a 100644 --- a/library/md5.c +++ b/library/md5.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_MD5_C) #include "mbedtls/md5.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -81,7 +81,7 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); } void mbedtls_md5_clone( mbedtls_md5_context *dst, diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 68f094b3dc..ceaeda1e73 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -31,7 +31,7 @@ /* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C is dependent upon MBEDTLS_PLATFORM_C */ #include "mbedtls/platform.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -608,7 +608,7 @@ void mbedtls_memory_buffer_alloc_free( void ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &heap.mutex ); #endif - mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) ); + mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/pem.c b/library/pem.c index 527c5f44b5..6069a23dec 100644 --- a/library/pem.c +++ b/library/pem.c @@ -33,7 +33,7 @@ #include "mbedtls/aes.h" #include "mbedtls/md5.h" #include "mbedtls/cipher.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -131,7 +131,7 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, exit: mbedtls_md5_free( &md5_ctx ); - mbedtls_zeroize( md5sum, 16 ); + mbedtls_platform_zeroize( md5sum, 16 ); return( ret ); } @@ -160,7 +160,7 @@ static int pem_des_decrypt( unsigned char des_iv[8], exit: mbedtls_des_free( &des_ctx ); - mbedtls_zeroize( des_key, 8 ); + mbedtls_platform_zeroize( des_key, 8 ); return( ret ); } @@ -188,7 +188,7 @@ static int pem_des3_decrypt( unsigned char des3_iv[8], exit: mbedtls_des3_free( &des3_ctx ); - mbedtls_zeroize( des3_key, 24 ); + mbedtls_platform_zeroize( des3_key, 24 ); return( ret ); } @@ -218,7 +218,7 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, exit: mbedtls_aes_free( &aes_ctx ); - mbedtls_zeroize( aes_key, keylen ); + mbedtls_platform_zeroize( aes_key, keylen ); return( ret ); } @@ -355,7 +355,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); } @@ -366,7 +366,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) if( pwd == NULL ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } @@ -403,12 +403,12 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const */ if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) { - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); } #else - mbedtls_zeroize( buf, len ); + mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && @@ -424,11 +424,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free( mbedtls_pem_context *ctx ) { if( ctx->buf != NULL ) - mbedtls_zeroize( ctx->buf, ctx->buflen ); + mbedtls_platform_zeroize( ctx->buf, ctx->buflen ); mbedtls_free( ctx->buf ); mbedtls_free( ctx->info ); - mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) ); } #endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/library/pk.c b/library/pk.c index bd3e4275da..f05b139e3f 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,7 +29,7 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" @@ -66,7 +66,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) ctx->pk_info->ctx_free_func( ctx->pk_ctx ); - mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); } /* diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2e09711104..2c7d2d79b8 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -42,7 +42,7 @@ #endif #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_PLATFORM_C) @@ -495,7 +495,7 @@ static void *rsa_alt_alloc_wrap( void ) static void rsa_alt_free_wrap( void *ctx ) { - mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); mbedtls_free( ctx ); } diff --git a/library/pkcs12.c b/library/pkcs12.c index 98b8324a97..16a15cb63e 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -36,7 +36,7 @@ #include "mbedtls/pkcs12.h" #include "mbedtls/asn1.h" #include "mbedtls/cipher.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -162,7 +162,7 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, goto exit; exit: - mbedtls_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); mbedtls_arc4_free( &ctx ); return( ret ); @@ -219,8 +219,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH; exit: - mbedtls_zeroize( key, sizeof( key ) ); - mbedtls_zeroize( iv, sizeof( iv ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( iv, sizeof( iv ) ); mbedtls_cipher_free( &cipher_ctx ); return( ret ); @@ -348,10 +348,10 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, ret = 0; exit: - mbedtls_zeroize( salt_block, sizeof( salt_block ) ); - mbedtls_zeroize( pwd_block, sizeof( pwd_block ) ); - mbedtls_zeroize( hash_block, sizeof( hash_block ) ); - mbedtls_zeroize( hash_output, sizeof( hash_output ) ); + mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) ); + mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) ); + mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) ); + mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) ); mbedtls_md_free( &md_ctx ); diff --git a/library/pkparse.c b/library/pkparse.c index 093ef58176..ccb7f5409d 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -30,7 +30,7 @@ #include "mbedtls/pk.h" #include "mbedtls/asn1.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -98,7 +98,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) { fclose( f ); - mbedtls_zeroize( *buf, *n ); + mbedtls_platform_zeroize( *buf, *n ); mbedtls_free( *buf ); return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); @@ -133,7 +133,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, ret = mbedtls_pk_parse_key( ctx, buf, n, (const unsigned char *) pwd, strlen( pwd ) ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -153,7 +153,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) ret = mbedtls_pk_parse_public_key( ctx, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -1288,7 +1288,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, pwd, pwdlen ); - mbedtls_zeroize( key_copy, keylen ); + mbedtls_platform_zeroize( key_copy, keylen ); mbedtls_free( key_copy ); } diff --git a/library/platform.c b/library/platform.c index a295f9b9af..9e992875d9 100644 --- a/library/platform.c +++ b/library/platform.c @@ -28,14 +28,7 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" - -#if defined(MBEDTLS_ENTROPY_NV_SEED) && \ - !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} -#endif +#include "mbedtls/platform_util.h" #if defined(MBEDTLS_PLATFORM_MEMORY) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) @@ -241,7 +234,7 @@ int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) { fclose( file ); - mbedtls_zeroize( buf, buf_len ); + mbedtls_platform_zeroize( buf, buf_len ); return( -1 ); } diff --git a/library/platform_util.c b/library/platform_util.c index 498e214ff5..1a57de9393 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -26,7 +26,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include diff --git a/library/ripemd160.c b/library/ripemd160.c index 6cf027f8d2..bd25ada62c 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -34,7 +34,7 @@ #if defined(MBEDTLS_RIPEMD160_C) #include "mbedtls/ripemd160.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -82,7 +82,7 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); } void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, diff --git a/library/rsa.c b/library/rsa.c index 9e4a0f08f7..0055223c86 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -48,7 +48,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -1038,7 +1038,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, } exit: - mbedtls_zeroize( mask, sizeof( mask ) ); + mbedtls_platform_zeroize( mask, sizeof( mask ) ); return( ret ); } @@ -1352,8 +1352,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, ret = 0; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); - mbedtls_zeroize( lhash, sizeof( lhash ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( lhash, sizeof( lhash ) ); return( ret ); } @@ -1450,7 +1450,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, ret = 0; cleanup: - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -1581,7 +1581,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, p += hlen; *p++ = 0xBC; - mbedtls_zeroize( salt, sizeof( salt ) ); + mbedtls_platform_zeroize( salt, sizeof( salt ) ); exit: mbedtls_md_free( &md_ctx ); @@ -1723,7 +1723,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * after the initial bounds check. */ if( p != dst + dst_len ) { - mbedtls_zeroize( dst, dst_len ); + mbedtls_platform_zeroize( dst, dst_len ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -2060,13 +2060,13 @@ cleanup: if( encoded != NULL ) { - mbedtls_zeroize( encoded, sig_len ); + mbedtls_platform_zeroize( encoded, sig_len ); mbedtls_free( encoded ); } if( encoded_expected != NULL ) { - mbedtls_zeroize( encoded_expected, sig_len ); + mbedtls_platform_zeroize( encoded_expected, sig_len ); mbedtls_free( encoded_expected ); } diff --git a/library/sha1.c b/library/sha1.c index a7577b4ef8..1587de4805 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA1_C) #include "mbedtls/sha1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -81,7 +81,7 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); } void mbedtls_sha1_clone( mbedtls_sha1_context *dst, diff --git a/library/sha256.c b/library/sha256.c index c92f2804cd..695485d847 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA256_C) #include "mbedtls/sha256.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -84,7 +84,7 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); } void mbedtls_sha256_clone( mbedtls_sha256_context *dst, diff --git a/library/sha512.c b/library/sha512.c index e8d1b69c6a..6de94e99b4 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_SHA512_C) #include "mbedtls/sha512.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #if defined(_MSC_VER) || defined(__WATCOMC__) #define UL64(x) x##ui64 @@ -98,7 +98,7 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); } void mbedtls_sha512_clone( mbedtls_sha512_context *dst, diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8ab9886a51..f5fecb7239 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -48,7 +48,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -3286,8 +3286,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) if( ticket_len == 0 ) return( 0 ); - mbedtls_zeroize( ssl->session_negotiate->ticket, - ssl->session_negotiate->ticket_len ); + mbedtls_platform_zeroize( ssl->session_negotiate->ticket, + ssl->session_negotiate->ticket_len ); mbedtls_free( ssl->session_negotiate->ticket ); ssl->session_negotiate->ticket = NULL; ssl->session_negotiate->ticket_len = 0; diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ec0814a2ea..56e9bdd2bf 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -40,7 +40,7 @@ #include "mbedtls/ssl_cookie.h" #include "mbedtls/ssl_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -97,7 +97,7 @@ void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif - mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); } int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, @@ -118,7 +118,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, if( ret != 0 ) return( ret ); - mbedtls_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); return( 0 ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b4934a3a6c..313938ee87 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -50,7 +50,7 @@ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) @@ -550,7 +550,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) ); /* Zeroize instead of free as we copied the content */ - mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) ); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 9e2276d2ed..a2b304869e 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -36,7 +36,7 @@ #endif #include "mbedtls/ssl_ticket.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -79,7 +79,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, mbedtls_cipher_get_key_bitlen( &key->ctx ), MBEDTLS_ENCRYPT ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( ret ); } @@ -479,7 +479,7 @@ void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ) mbedtls_mutex_free( &ctx->mutex ); #endif - mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); } #endif /* MBEDTLS_SSL_TICKET_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 84f9c77ac9..f249800491 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -46,7 +46,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -265,8 +265,8 @@ exit: mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padding, sizeof( padding ) ); - mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize( padding, sizeof( padding ) ); + mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); return( ret ); } @@ -363,8 +363,8 @@ static int tls1_prf( const unsigned char *secret, size_t slen, mbedtls_md_free( &md_ctx ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); return( 0 ); } @@ -428,8 +428,8 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, mbedtls_md_free( &md_ctx ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); - mbedtls_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); return( 0 ); } @@ -638,7 +638,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( ret ); } - mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) ); + mbedtls_platform_zeroize( handshake->premaster, + sizeof(handshake->premaster) ); } else MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); @@ -649,7 +650,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) memcpy( tmp, handshake->randbytes, 64 ); memcpy( handshake->randbytes, tmp + 32, 32 ); memcpy( handshake->randbytes + 32, tmp, 32 ); - mbedtls_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); /* * SSLv3: @@ -677,7 +678,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); - mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) ); + mbedtls_platform_zeroize( handshake->randbytes, + sizeof( handshake->randbytes ) ); /* * Determine the appropriate key, IV and MAC length. @@ -944,7 +946,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - mbedtls_zeroize( keyblk, sizeof( keyblk ) ); + mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); #if defined(MBEDTLS_ZLIB_SUPPORT) // Initialize compression @@ -5023,9 +5025,9 @@ static void ssl_calc_finished_ssl( mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); - mbedtls_zeroize( md5sum, sizeof( md5sum ) ); - mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) ); + mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5084,7 +5086,7 @@ static void ssl_calc_finished_tls( mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5134,7 +5136,7 @@ static void ssl_calc_finished_tls_sha256( mbedtls_sha256_free( &sha256 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -5183,7 +5185,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_sha512_free( &sha512 ); - mbedtls_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); } @@ -6102,7 +6104,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, if( conf->psk != NULL ) { - mbedtls_zeroize( conf->psk, conf->psk_len ); + mbedtls_platform_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); conf->psk = NULL; @@ -6145,7 +6147,8 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, if( ssl->handshake->psk != NULL ) { - mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len ); + mbedtls_platform_zeroize( ssl->handshake->psk, + ssl->handshake->psk_len ); mbedtls_free( ssl->handshake->psk ); ssl->handshake->psk_len = 0; } @@ -6275,7 +6278,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) if( ssl->hostname != NULL ) { - mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_free( ssl->hostname ); } @@ -7388,7 +7391,7 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_dec ); - mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); + mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); } #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -7448,7 +7451,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( handshake->psk != NULL ) { - mbedtls_zeroize( handshake->psk, handshake->psk_len ); + mbedtls_platform_zeroize( handshake->psk, handshake->psk_len ); mbedtls_free( handshake->psk ); } #endif @@ -7478,7 +7481,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) ssl_flight_free( handshake->flight ); #endif - mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); + mbedtls_platform_zeroize( handshake, + sizeof( mbedtls_ssl_handshake_params ) ); } void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) @@ -7498,7 +7502,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) mbedtls_free( session->ticket ); #endif - mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) ); } /* @@ -7513,20 +7517,20 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) if( ssl->out_buf != NULL ) { - mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->out_buf ); } if( ssl->in_buf != NULL ) { - mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->in_buf ); } #if defined(MBEDTLS_ZLIB_SUPPORT) if( ssl->compress_buf != NULL ) { - mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); + mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN ); mbedtls_free( ssl->compress_buf ); } #endif @@ -7557,7 +7561,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_X509_CRT_PARSE_C) if( ssl->hostname != NULL ) { - mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); mbedtls_free( ssl->hostname ); } #endif @@ -7577,7 +7581,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); /* Actually clear after last debug message */ - mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); + mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); } /* @@ -7804,7 +7808,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( conf->psk != NULL ) { - mbedtls_zeroize( conf->psk, conf->psk_len ); + mbedtls_platform_zeroize( conf->psk, conf->psk_len ); mbedtls_free( conf->psk ); conf->psk = NULL; conf->psk_len = 0; @@ -7812,7 +7816,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) if( conf->psk_identity != NULL ) { - mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len ); + mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len ); mbedtls_free( conf->psk_identity ); conf->psk_identity = NULL; conf->psk_identity_len = 0; @@ -7823,7 +7827,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) ssl_key_cert_free( conf->key_cert ); #endif - mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) ); + mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); } #if defined(MBEDTLS_PK_C) && \ diff --git a/library/x509_crl.c b/library/x509_crl.c index 09c7ac3186..8450f87e03 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -39,7 +39,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -612,7 +612,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) ret = mbedtls_x509_crl_parse( chain, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -733,7 +733,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -742,13 +742,14 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) { entry_prv = entry_cur; entry_cur = entry_cur->next; - mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) ); + mbedtls_platform_zeroize( entry_prv, + sizeof( mbedtls_x509_crl_entry ) ); mbedtls_free( entry_prv ); } if( crl_cur->raw.p != NULL ) { - mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len ); + mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len ); mbedtls_free( crl_cur->raw.p ); } @@ -762,7 +763,7 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) crl_prv = crl_cur; crl_cur = crl_cur->next; - mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); + mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); if( crl_prv != crl ) mbedtls_free( crl_prv ); } diff --git a/library/x509_crt.c b/library/x509_crt.c index c9969a80d4..462cbcf124 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -41,7 +41,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -1111,7 +1111,7 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) ret = mbedtls_x509_crt_parse( chain, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -2422,7 +2422,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -2431,7 +2431,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } @@ -2440,7 +2440,8 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); + mbedtls_platform_zeroize( seq_prv, + sizeof( mbedtls_x509_sequence ) ); mbedtls_free( seq_prv ); } @@ -2449,13 +2450,14 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) ); + mbedtls_platform_zeroize( seq_prv, + sizeof( mbedtls_x509_sequence ) ); mbedtls_free( seq_prv ); } if( cert_cur->raw.p != NULL ) { - mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len ); + mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); mbedtls_free( cert_cur->raw.p ); } @@ -2469,7 +2471,7 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) cert_prv = cert_cur; cert_cur = cert_cur->next; - mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); + mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); if( cert_prv != crt ) mbedtls_free( cert_prv ); } diff --git a/library/x509_csr.c b/library/x509_csr.c index 8a74db85f3..3e8e8fbc6a 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -39,7 +39,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -321,7 +321,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) ret = mbedtls_x509_csr_parse( csr, buf, n ); - mbedtls_zeroize( buf, n ); + mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); return( ret ); @@ -403,17 +403,17 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); mbedtls_free( name_prv ); } if( csr->raw.p != NULL ) { - mbedtls_zeroize( csr->raw.p, csr->raw.len ); + mbedtls_platform_zeroize( csr->raw.p, csr->raw.len ); mbedtls_free( csr->raw.p ); } - mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) ); + mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) ); } #endif /* MBEDTLS_X509_CSR_PARSE_C */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index dee77b8413..b1ef216c95 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -37,7 +37,7 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" #include "mbedtls/sha1.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -61,7 +61,7 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) mbedtls_asn1_free_named_data_list( &ctx->issuer ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); } void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 482e65eb7a..66cee56014 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -35,7 +35,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" #include "mbedtls/asn1write.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include #include @@ -54,7 +54,7 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) mbedtls_asn1_free_named_data_list( &ctx->subject ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); } void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) diff --git a/library/xtea.c b/library/xtea.c index 65b416545e..a33707bc17 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -28,7 +28,7 @@ #if defined(MBEDTLS_XTEA_C) #include "mbedtls/xtea.h" -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #include @@ -76,7 +76,7 @@ void mbedtls_xtea_free( mbedtls_xtea_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); } /* From 82934be1443d5fafff1bd9f8aa9c938dad8e825c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:02:17 -0500 Subject: [PATCH 0984/1059] Do not install zeroize program in CMakeLists --- programs/test/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 1e87fca313..0c5ce27f73 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -25,6 +25,6 @@ target_link_libraries(udp_proxy ${libs}) add_executable(zeroize zeroize.c) target_link_libraries(zeroize ${libs}) -install(TARGETS selftest benchmark ssl_cert_test udp_proxy zeroize +install(TARGETS selftest benchmark ssl_cert_test udp_proxy DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 9644983ae4d6080a604ceb25ec794dba6d850668 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:03:44 -0500 Subject: [PATCH 0985/1059] Add platform_utils and zeroize to visualc files --- visualc/VS2010/mbedTLS.sln | 13 +++ visualc/VS2010/mbedTLS.vcxproj | 2 + visualc/VS2010/zeroize.vcxproj | 174 +++++++++++++++++++++++++++++++++ 3 files changed, 189 insertions(+) create mode 100644 visualc/VS2010/zeroize.vcxproj diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln index 686091c7f7..66b96c3a34 100644 --- a/visualc/VS2010/mbedTLS.sln +++ b/visualc/VS2010/mbedTLS.sln @@ -203,6 +203,11 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "udp_proxy", "udp_proxy.vcxp {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} EndProjectSection EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zeroize", "zeroize.vcxproj", "{10C01E94-4926-063E-9F56-C84ED190D349}" + ProjectSection(ProjectDependencies) = postProject + {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} + EndProjectSection +EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} @@ -574,6 +579,14 @@ Global {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|Win32.Build.0 = Release|Win32 {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.ActiveCfg = Release|x64 {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.Build.0 = Release|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.ActiveCfg = Debug|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.Build.0 = Debug|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.ActiveCfg = Debug|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.Build.0 = Debug|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.ActiveCfg = Release|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64 + {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32 {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64 diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index f13f83cc16..802cce7191 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -197,6 +197,7 @@ + @@ -266,6 +267,7 @@ + diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj new file mode 100644 index 0000000000..9d311c7217 --- /dev/null +++ b/visualc/VS2010/zeroize.vcxproj @@ -0,0 +1,174 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + + + + + {46cf2d25-6a36-4189-b59c-e4815388e554} + true + + + + {10C01E94-4926-063E-9F56-C84ED190D349} + Win32Proj + zeroize + + + + Application + true + Unicode + + + Application + true + Unicode + + + Application + false + true + Unicode + + + Application + false + true + Unicode + Windows7.1SDK + + + + + + + + + + + + + + + + + + + true + $(Configuration)\$(TargetName)\ + + + true + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + false + $(Configuration)\$(TargetName)\ + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + Debug + + + false + + + + + + + Level3 + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + NotSet + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + Debug + + + false + + + + + Level3 + + + MaxSpeed + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + true + true + Release + kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + + + + + Level3 + + + MaxSpeed + true + true + WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + ../../include + + + Console + true + true + true + Release + %(AdditionalDependencies); + + + + + + From eecea0e281b2300a1e6f84241bddae4408ecd02d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:14:53 -0500 Subject: [PATCH 0986/1059] Update zeroize test to use mbedtls_platform_zeroize() --- programs/test/zeroize.c | 13 +++++++------ tests/scripts/test_zeroize.gdb | 30 +++++++++++++++--------------- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 9f77425547..252438bcf0 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -2,13 +2,14 @@ * Zeroize application for debugger-driven testing * * This is a simple test application used for debugger-driven testing to check - * whether calls to mbedtls_zeroize() are being eliminated by compiler + * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb under the assumption that line numbers do not + * tests/scripts/test_zeroize.gdb under the assumption that the code does not * change often (as opposed to the library code) because the script sets a * breakpoint at the last return statement in the main() function of this * program. The debugger facilities are then used to manually inspect the - * memory and verify that the call to mbedtls_zeroize() was not eliminated. + * memory and verify that the call to mbedtls_platform_zeroize() was not + * eliminated. * * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -45,14 +46,14 @@ #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif -#include "mbedtls/utils.h" +#include "mbedtls/platform_util.h" #define BUFFER_LEN 1024 void usage( void ) { mbedtls_printf( "Zeroize is a simple program to assist with testing\n" ); - mbedtls_printf( "the mbedtls_zeroize() function by using the\n" ); + mbedtls_printf( "the mbedtls_platform_zeroize() function by using the\n" ); mbedtls_printf( "debugger. This program takes a file as input and\n" ); mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN ); mbedtls_printf( " zeroize \n" ); @@ -94,7 +95,7 @@ int main( int argc, char** argv ) mbedtls_printf( "The file is empty!\n" ); fclose( fp ); - mbedtls_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize( buf, sizeof( buf ) ); return( exit_code ); } diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 574379b047..11ea37f972 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -6,29 +6,29 @@ # # Purpose # -# Run a test using the debugger to check that the mbedtls_zeroize() function in -# utils.h is not being optimized out by the compiler. To do so, the script -# loads the test program at programs/test/zeroize.c and sets a breakpoint at -# the last return statement in the main(). When the breakpoint is hit, the -# debugger manually checks the contents to be zeroized and checks that it is -# actually cleared. +# Run a test using the debugger to check that the mbedtls_platform_zeroize() +# function in platform_util.h is not being optimized out by the compiler. To do +# so, the script loads the test program at programs/test/zeroize.c and sets a +# breakpoint at the last return statement in main(). When the breakpoint is +# hit, the debugger manually checks the contents to be zeroized and checks that +# it is actually cleared. # -# The mbedtls_zeroize() test is debugger driven because there does not seem to -# be a mechanism to reliably check whether the zeroize calls are being +# The mbedtls_platform_zeroize() test is debugger driven because there does not +# seem to be a mechanism to reliably check whether the zeroize calls are being # eliminated by compiler optimizations from within the compiled program. The # problem is that a compiler would typically remove what it considers to be # "unecessary" assignments as part of redundant code elimination. To identify # such code, the compilar will create some form dependency graph between # reads and writes to variables (among other situations). It will then use this # data structure to remove redundant code that does not have an impact on the -# program's observable behavior. In the case of mbedtls_zeroize(), an +# program's observable behavior. In the case of mbedtls_platform_zeroize(), an # intelligent compiler could determine that this function clears a block of # memory that is not accessed later in the program, so removing the call to -# mbedtls_zeroize() does not have an observable behavior. However, inserting a -# test after a call to mbedtls_zeroize() to check whether the block of -# memory was correctly zeroed would force the compiler to not eliminate the -# mbedtls_zeroize() call. If this does not occur, then the compiler potentially -# has a bug. +# mbedtls_platform_zeroize() does not have an observable behavior. However, +# inserting a test after a call to mbedtls_zeroize() to check whether the block +# of memory was correctly zeroed would force the compiler to not eliminate the +# mbedtls_platform_zeroize() call. If this does not occur, then the compiler +# potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. # @@ -42,7 +42,7 @@ set confirm off file ./programs/test/zeroize -break zeroize.c:99 +break zeroize.c:100 set args ./programs/test/zeroize.c run From 3ea559ea6c93c232598e94424d2bf1913582ae1d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:17:22 -0500 Subject: [PATCH 0987/1059] Fix alignment in makefile --- library/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index fd4544aa49..0ce2a224e3 100644 --- a/library/Makefile +++ b/library/Makefile @@ -65,7 +65,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ ripemd160.o rsa_internal.o rsa.o \ sha1.o sha256.o sha512.o \ threading.o timing.o version.o \ - version_features.o xtea.o \ + version_features.o xtea.o \ platform_util.o OBJS_X509= certs.o pkcs11.o x509.o \ From c58787f5074d38dde47834e2e29249c4e7923a69 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 10:21:45 -0500 Subject: [PATCH 0988/1059] Update docs for MBEDTLS_PLATFORM_ZEROIZE_ALT in config.h --- include/mbedtls/config.h | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 69754cf672..85d3f8ef14 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2853,25 +2853,26 @@ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE /** - * \def MBEDTLS_UTILS_ZEROIZE_ALT + * \def MBEDTLS_PLATFORM_ZEROIZE_ALT * * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_zeroize(). This replaces the default implementation in utils.c. + * mbedtls_platform_zeroize(). This replaces the default implementation in + * platform_util.c. * - * mbedtls_zeroize() is a widely used function across the library to zero a - * block of memory. The implementation is expected to be secure in the sense - * that it has been written to prevent the compiler from removing calls to - * mbedtls_zeroize() as part of redundant code elimination optimizations. - * However, it is difficult to guarantee that calls to mbedtls_zeroize() will - * not be optimized by the compiler as older versions of the C language - * standards do not provide a secure implementation of memset(). Therefore, - * MBEDTLS_UTILS_ZEROIZE_ALT enables users to configure their own - * implementation of mbedtls_zeroize(), for example by using directives - * specific to their compiler, features from the C standard (e.g using - * memset_s() in C11) or calling a secure memset() from their system (e.g - * explicit_bzero() in BSD). + * mbedtls_platform_zeroize() is a widely used function across the library to + * zero a block of memory. The implementation is expected to be secure in the + * sense that it has been written to prevent the compiler from removing calls + * to mbedtls_platform_zeroize() as part of redundant code elimination + * optimizations. However, it is difficult to guarantee that calls to + * mbedtls_platform_zeroize() will not be optimized by the compiler as older + * versions of the C language standards do not provide a secure implementation + * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to + * configure their own implementation of mbedtls_platform_zeroize(), for + * example by using directives specific to their compiler, features from the C + * standard (e.g using memset_s() in C11) or calling a secure memset() from + * their system (e.g explicit_bzero() in BSD). */ -//#define MBEDTLS_UTILS_ZEROIZE_ALT +//#define MBEDTLS_PLATFORM_ZEROIZE_ALT /* \} name SECTION: Customisation configuration options */ From 477dce15bca9e4a20f9e06d4ad71a9a45fa6974f Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 16:31:22 +0100 Subject: [PATCH 0989/1059] Update ccm.h updated brief desc. --- include/mbedtls/ccm.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 8f252c4bd0..40ee1b3c88 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -1,7 +1,8 @@ /** * \file ccm.h * - * \brief This file contains CCM definitions and functions. + * \brief This file provides an API for the CCM authenticated encryption + * mode for block ciphers. * * CCM combines Counter mode encryption with CBC-MAC authentication * for 128-bit block ciphers. From 379b95ca9b5ca518dcff2b9f0a69702a49c01269 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 17 Apr 2018 16:43:00 +0100 Subject: [PATCH 0990/1059] Update ccm.h Updated return values for mbedtls_ccm_auth_decrypt(). --- include/mbedtls/ccm.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 40ee1b3c88..5a34f3a0af 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -145,8 +145,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param tag_len The length of the tag in Bytes. * 4, 6, 8, 10, 12, 14 or 16. * - * \return \c 0 on success. - * \return A CCM or cipher-specific error code on failure. + * \return \c 0 on success. This indicates that the message is authentic. + * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. + * \return A cipher-specific error code on calculation failure. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, From 14a8b59d7b9dea1d91c88ee27b8ddde7a8f29de9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 17 Apr 2018 16:56:12 +0100 Subject: [PATCH 0991/1059] Fix doxygen error for MBEDTLS_PLATFORM_ZEROIZE_ALT --- include/mbedtls/config.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 85d3f8ef14..67ad4b268d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2853,8 +2853,6 @@ #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE /** - * \def MBEDTLS_PLATFORM_ZEROIZE_ALT - * * Uncomment the macro to let mbed TLS use your alternate implementation of * mbedtls_platform_zeroize(). This replaces the default implementation in * platform_util.c. From 3f7f8170d6ba71da9a9f624ef9da6c9edeb64b50 Mon Sep 17 00:00:00 2001 From: Mohammad Azim Khan Date: Thu, 23 Nov 2017 17:49:05 +0000 Subject: [PATCH 0992/1059] Check invalid nc_off Uninitialized nc_off value >0xf passed by the caller can cause array out-of-bound. --- include/mbedtls/aes.h | 1 + library/aes.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 46016dcb7f..d252930fd7 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -49,6 +49,7 @@ /* Error codes in range 0x0020-0x0022 */ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ +#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0024 /**< Invalid input data. */ /* Error codes in range 0x0023-0x0025 */ #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ diff --git a/library/aes.c b/library/aes.c index da94b19439..3bb8515201 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1082,6 +1082,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, int c, i; size_t n = *nc_off; + if ( n > 0x0F ) + return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + while( length-- ) { if( n == 0 ) { From e5b5bd7a400391f3730a43f6191d7c5e7f89bf21 Mon Sep 17 00:00:00 2001 From: Mohammad Azim Khan Date: Fri, 24 Nov 2017 10:52:51 +0000 Subject: [PATCH 0993/1059] Allocate a unique err code for MBEDTLS_ERR_AES_BAD_INPUT_DATA --- include/mbedtls/aes.h | 4 ++-- include/mbedtls/error.h | 2 +- library/error.c | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index d252930fd7..8b9280d97a 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -49,9 +49,9 @@ /* Error codes in range 0x0020-0x0022 */ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ -#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0024 /**< Invalid input data. */ -/* Error codes in range 0x0023-0x0025 */ +/* Error codes in range 0x0021-0x0025 */ +#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */ #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8b4d3a8755..786d02e32a 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -53,7 +53,7 @@ * GCM 3 0x0012-0x0014 0x0013-0x0013 * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * THREADING 3 0x001A-0x001E - * AES 4 0x0020-0x0022 0x0023-0x0025 + * AES 5 0x0020-0x0022 0x0021-0x0025 * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 * XTEA 2 0x0028-0x0028 0x0029-0x0029 * BASE64 2 0x002A-0x002C diff --git a/library/error.c b/library/error.c index 96ab203766..37058254c1 100644 --- a/library/error.c +++ b/library/error.c @@ -572,6 +572,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "AES - Invalid key length" ); if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_AES_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "AES - Invalid input data" ); if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" ); if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) ) From f13ca9536c80c145e4b96721bb73a21ca8e9f41a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 18 Apr 2018 04:14:31 -0400 Subject: [PATCH 0994/1059] Test suites: print error on failed platform_setup Return encountered errors instead of covering them Fix return value on the broken snprintf implementation --- tests/suites/helpers.function | 8 +++----- tests/suites/main_test.function | 12 ++++++++---- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index c436fbb87a..f82694ada1 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -132,13 +132,11 @@ mbedtls_platform_context platform_ctx; /* Helper Functions */ static int platform_setup() { + int ret = 0; #if defined(MBEDTLS_PLATFORM_C) - if( mbedtls_platform_setup( &platform_ctx ) != 0 ) - { - return -1; - } + ret = mbedtls_platform_setup( &platform_ctx ); #endif /* MBEDTLS_PLATFORM_C */ - return 0; + return( ret ); } static void platform_teardown() diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 8d7e477694..1390f9fbba 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -282,10 +282,14 @@ int main(int argc, const char *argv[]) !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; #endif - if( platform_setup() != 0 ) + /* Platform setup should be called in the beginning */ + ret = platform_setup(); + if( ret != 0 ) { - mbedtls_fprintf( stderr, "FATAL: Failed to initialize platform" ); - return -1; + mbedtls_fprintf( stderr, + "FATAL: Failed to initialize platform - error %d\n", + ret ); + return( -1 ); } #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -312,7 +316,7 @@ int main(int argc, const char *argv[]) { mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" ); platform_teardown(); - return( 0 ); + return( 1 ); } while( arg_index < argc) From ee96359d8916617c9f2766f2e7c8e6c7bf473274 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Wed, 18 Apr 2018 09:46:12 +0100 Subject: [PATCH 0995/1059] Update dhm.h Changes based on review comments --- include/mbedtls/dhm.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 2829ffc072..348d8cfec7 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -1,7 +1,8 @@ /** * \file dhm.h * - * \brief This file contains DHM definitions and functions. + * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange + * definitions and functions. * * Diffie-Hellman-Merkle (DHM) key exchange is defined in * RFC-2631: Diffie-Hellman Key Agreement Method and @@ -186,7 +187,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *G ); /** - * \brief This function imports the G^Y public value of the peer. + * \brief This function imports the public value of the peer, G^Y. * * \param ctx The DHM context. * \param input The input buffer containing the G^Y value of the peer. @@ -199,7 +200,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief This function creates its own \c X private key and + * \brief This function creates its own private key, \c X, and * exports \c G^X. * * \note The destination buffer is always fully written @@ -267,7 +268,8 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); * Byte for PEM data. * * \return \c 0 on success. - * \return A specific DHM or PEM error code on failure. + * \return An \c MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code + * error code on failure. */ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen ); @@ -281,7 +283,8 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \param path The filename to read the DHM parameters from. * * \return \c 0 on success. - * \return A specific DHM or PEM error code on failure. + * \return An \c MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code + * error code on failure. */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ From fa1fe36e08a45902f40d53c81e9d9532a777e2d9 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Wed, 18 Apr 2018 10:09:31 +0100 Subject: [PATCH 0996/1059] Update dhm.h Minor fix based on review comments --- include/mbedtls/dhm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 348d8cfec7..b3b376172e 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -268,7 +268,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); * Byte for PEM data. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code + * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code * error code on failure. */ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, @@ -283,7 +283,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \param path The filename to read the DHM parameters from. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_DHM_XXX or MBEDTLS_ERR_PEM_XXX error code + * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code * error code on failure. */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); From 2e1934ac0c0a5b3a48739faea03b361aad26934b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 18 Apr 2018 16:05:29 +0200 Subject: [PATCH 0997/1059] Fix comment formatting to pacify check-names.sh --- include/mbedtls/sha1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index d8ce3c63b9..eec3f95bc7 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -286,7 +286,7 @@ int mbedtls_sha1_ret( const unsigned char *input, #define MBEDTLS_DEPRECATED #endif /** -* \brief This function calculates the SHA-1 checksum of a buffer. + * \brief This function calculates the SHA-1 checksum of a buffer. * * The function allocates the context, performs the * calculation, and frees the context. From f56cb34d609b9c697238c3a8f2c2096ec0b42be6 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 12:49:10 +0100 Subject: [PATCH 0998/1059] Update ecp.h Updated based on review comment. One comment remains open (waiting for input) --- include/mbedtls/ecp.h | 151 +++++++++++++++++++++++------------------- 1 file changed, 84 insertions(+), 67 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 89c756b37b..c58a4b6ab8 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -3,8 +3,9 @@ * * \brief This file contains ECP definitions and functions. * - * The Elliptic Curve over P (ECP) is defined in Standards for Efficient - * Cryptography Group (SECG): SEC1 Elliptic Curve Cryptography and + * The use of Elliptic Curves over GF(P) (ECP) in cryptography and + * TLS is defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography and * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites * for Transport Layer Security (TLS). * @@ -69,7 +70,7 @@ extern "C" { * \note Only curves over prime fields are supported. * * \warning This library does not support validation of arbitrary domain - * parameters. Therefore, only well-known domain parameters from trusted + * parameters. Therefore, only standardized domain parameters from trusted * sources should be used. See mbedtls_ecp_group_load(). */ typedef enum @@ -84,14 +85,14 @@ typedef enum MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for a Curve25519 curve. */ - MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for a Curve448 curve. */ + MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for a Curve448 curve. */ MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ } mbedtls_ecp_group_id; /** - * The number of supported curves, plus one for none. + * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE. * * \note Montgomery curves are currently excluded. */ @@ -109,13 +110,15 @@ typedef struct } mbedtls_ecp_curve_info; /** - * \brief The ECP point structure, in jacobian coordinates. + * \brief The ECP point structure, in Jacobian coordinates. * * \note All functions expect and return points satisfying - * the following condition: \p Z == 0 or \p Z == 1. Other - * values of \p Z are used only by internal functions. - * The point is zero, or "at infinity", if Z == 0. - * Otherwise, X and Y are its standard (affine) coordinates. + * the following condition: Z == 0 or + * Z == 1. Other values of \p Z are + * used only by internal functions. + * The point is zero, or "at infinity", if Z == 0. + * Otherwise, \p X and \p Y are its standard (affine) + * coordinates. */ typedef struct { @@ -129,43 +132,46 @@ mbedtls_ecp_point; * \brief The ECP group structure. * * We consider two types of curve equations: - *
    • Short Weierstrass: y^2 = x^3 + \p A x + \p B mod P + *
      1. Short Weierstrass: y^2 = x^3 + A x + B mod P * (SEC1 + RFC-4492)
        2. - *
      2. Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
    - * In both cases, the generator (G) for a prime-order subgroup is fixed. + *
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, + * Curve448)
    • + * In both cases, the generator (\p G) for a prime-order subgroup is fixed. * * For Short Weierstrass, this subgroup is the whole curve, and its - * cardinal is denoted by \p N. Our code requires that \p N is an odd prime. + * cardinality is denoted by \p N. Our code requires that \p N is an + * odd prime. * - * \note For blinding, use odd in mbedtls_ecp_mul() and prime in - * mbedtls_ecdsa_sign(). - * - * For Montgomery curves, we do not store \p A, but (A + 2) / 4, which is - * the quantity used in the formulas. Additionally, \p nbits is not the - * size of \p N but the required size for private keys. + * For Montgomery curves, we do not store \p A, but (A + 2) / 4, + * which is the quantity used in the formulas. Additionally, \p nbits is + * not the size of \p N but the required size for private keys. * * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. - * Otherwise, it must point to a function that takes an \p mbedtls_mpi in the - * range of 0..2^(2*pbits)-1, and transforms it in-place in an integer of - * little more than \p pbits, so that the integer may be efficiently brought - * in the 0..P-1 range by a few additions or substractions. + * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the + * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer which is + * congruent mod \p P to the given MPI, and is close enough to \p pbits in size, + * so that it may be efficiently brought in the 0..P-1 range by a few additions + * or subtractions. Therefore, it is only an approximative modular reduction. * * \return \c 0 on success - * \return Non-zero on failure. + * \return Non-zero error code on failure. */ typedef struct { mbedtls_ecp_group_id id; /*!< An internal group identifier. */ - mbedtls_mpi P; /*!< A prime modulus of the base field. */ - mbedtls_mpi A; /*!< \p A in the equation or (A + 2) / 4. */ - mbedtls_mpi B; /*!< \p B in the equation or unused. */ - mbedtls_ecp_point G; /*!< The generator of the (sub)group used. */ + mbedtls_mpi P; /*!< The prime modulus of the base field. */ + mbedtls_mpi A; /*!< For (1) \p A in the equation or for + (2) (A + 2) / 4. */ + mbedtls_mpi B; /*!< For (1) \p B in the equation or + for (2) Unused. */ + mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ mbedtls_mpi N; /*!< The order of \p G. */ size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< The number of bits in \p P, or the private - keys. */ + size_t nbits; /*!< For (1) The number of bits in \p P, or + for (2) the private keys. */ unsigned int h; /*!< \internal 1 if the constants are static. */ - int (*modp)(mbedtls_mpi *); /*!< The function for fast reduction mod P.*/ + int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction + mod \p P (see above).*/ int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ void *t_data; /*!< Unused. */ @@ -200,7 +206,7 @@ mbedtls_ecp_keypair; #if !defined(MBEDTLS_ECP_MAX_BITS) /** - * The maximum size of the groups, that is, of N and P. + * The maximum size of the groups, that is, of \c N and \c P. */ #define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ #endif @@ -262,7 +268,7 @@ mbedtls_ecp_keypair; /** * \brief This function retrieves the information defined in - * mbedtls_ecp_curve_info()for all supported curves in order + * mbedtls_ecp_curve_info() for all supported curves in order * of preference. * * \return A statically allocated array. The last entry is 0. @@ -270,8 +276,9 @@ mbedtls_ecp_keypair; const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); /** - * \brief This function retrieves the grp_id of all supported curves - * in order of preference. + * \brief This function retrieves the list of internal group + * identifiers of all supported curves in the order of + * preference. * * \return A statically allocated array, * terminated with MBEDTLS_ECP_DP_NONE. @@ -284,7 +291,8 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); * * \param grp_id An \c MBEDTLS_ECP_DP_XXX value. * - * \return The associated curve information, or NULL. + * \return The associated curve information on success. + * \return NULL on failure. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); @@ -294,7 +302,8 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr * * \param tls_id An \c MBEDTLS_ECP_DP_XXX value. * - * \return The associated curve information, or NULL. + * \return The associated curve information on success. + * \return NULL on failure. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); @@ -304,7 +313,8 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_i * * \param name The human-readable name. * - * \return The associated curve information, or NULL. + * \return The associated curve information on success. + * \return NULL on failure. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); @@ -316,7 +326,13 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); /** - * \brief This function initializes a group to something meaningless. + * \brief This function initializes an ECP group context + * without loading any domain parameters. + * + * \note After this function is called, domain parameters + * for various ECP groups can be loaded through the + * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group() + * functions. */ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); @@ -354,7 +370,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); * \param Q The source point. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); @@ -366,7 +382,7 @@ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); * \param src The source group. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ); @@ -376,7 +392,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src * \param pt The point to set. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation fails. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); @@ -385,8 +401,8 @@ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); * * \param pt The point to test. * - * \return \c 1 if point is zero. - * \return \c 0 if point is non-zero. + * \return \c 1 if the point is zero. + * \return \c 0 if the point is non-zero. */ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); @@ -452,7 +468,7 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format * is not implemented. * @@ -464,15 +480,15 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_poi * \brief This function imports a point from a TLS ECPoint record. * * \note On function return, \p buf is updated to point to immediately - * after the ECPoint. + * after the ECPoint record. * * \param grp The ECP group used. * \param pt The destination point. - * \param buf The address of the pointer to the start of input buffer. + * \param buf The address of the pointer to the start of the input buffer. * \param len The length of the buffer. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization failed. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, @@ -484,9 +500,9 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point * \param grp The ECP group used. * \param pt The point to export. * \param format The export format. - * \param olen The length of data written. - * \param buf The Buffer to write to. - * \param blen The length of the Buffer. + * \param olen The length of the data written. + * \param buf The buffer to write to. + * \param blen The length of the buffer. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or @@ -497,7 +513,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp unsigned char *buf, size_t blen ); /** - * \brief This function sets a group using well-known domain parameters. + * \brief This function sets a group using standardized domain parameters. * * \note The index should be a value of the NamedCurve enum, * as defined in RFC-4492: Elliptic Curve Cryptography @@ -505,10 +521,10 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro. * * \param grp The destination group. - * \param id The index in the list of well-known domain parameters. + * \param id The identifier of the domain parameter set to load. * * \return \c 0 on success, - * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization fails. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups. */ @@ -517,14 +533,15 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** * \brief This function sets a group from a TLS ECParameters record. * - * \note \p buf is updated to point right after ECParameters on exit. + * \note \p buf is updated to point right after the ECParameters record + * on exit. * * \param grp The destination group. - * \param buf The address of the pointer to the start of input buffer. + * \param buf The address of the pointer to the start of the input buffer. * \param len The length of the buffer. * * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_MPI_XXX error code if initialization fails. + * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); @@ -567,9 +584,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, * \param p_rng The RNG context. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid privkey, - * or \p P is not a valid pubkey. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private + * key, or \p P is not a valid public key. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, @@ -595,7 +612,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not * valid private keys, or \p P or \p Q are not valid public * keys. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, @@ -618,11 +635,11 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * structures. For example, mbedtls_ecdh_context() or * mbedtls_ecdsa_context(). * - * \param grp The curve or group the point should belong to. + * \param grp The curve the point should lie on. * \param pt The point to check. * * \return \c 0 if the point is a valid public key. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY otherwise. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure. */ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); @@ -639,7 +656,7 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po * \param d The integer to check. * * \return \c 0 if the point is a valid private key. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY otherwise. + * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure. */ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); @@ -670,7 +687,7 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, void *p_rng ); /** - * \brief This function generates a keypair. + * \brief This function generates an ECP keypair. * * \note This function uses bare components rather than an * mbedtls_ecp_keypair() structure to ease use with other @@ -692,7 +709,7 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp void *p_rng ); /** - * \brief This function generates a key. + * \brief This function generates an ECP key. * * \param grp_id The ECP group identifier. * \param key The destination key. From 826f26492008095bfe919784d4c6ae867240f3c8 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 14:01:29 +0100 Subject: [PATCH 0999/1059] Update cipher.h Additional changes based on review comments --- include/mbedtls/cipher.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 3ecae9b06b..4169428466 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -1,7 +1,9 @@ /** * \file cipher.h * - * \brief This file contains the generic cipher wrapper. + * \brief This file contains an abstraction interface for use with the cipher + * primitives provided by the library. It provides a common interface to all of + * the available cipher operations. * * \author Adriaan de Jong */ @@ -71,7 +73,7 @@ extern "C" { /** * \brief Supported cipher types. * - * \warning ARC4 and DES are considered weak ciphers and their use + * \warning RC4 and DES are considered weak ciphers and their use * constitutes a security risk. Arm recommends considering stronger * ciphers instead. */ @@ -80,16 +82,16 @@ typedef enum { MBEDTLS_CIPHER_ID_NULL, /**< NULL.*/ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ - MBEDTLS_CIPHER_ID_3DES, /**< The 3DES cipher. */ + MBEDTLS_CIPHER_ID_3DES, /**< The Trile DES cipher. */ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ - MBEDTLS_CIPHER_ID_ARC4, /**< The ARC4 cipher. */ + MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */ } mbedtls_cipher_id_t; /** * \brief Supported {cipher type, cipher mode} pairs. * - * \warning ARC4 and DES are considered weak ciphers and their use + * \warning RC4 and DES are considered weak ciphers and their use * constitutes a security risk. Arm recommends considering stronger * ciphers instead. */ @@ -136,7 +138,7 @@ typedef enum { MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */ MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */ MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */ - MBEDTLS_CIPHER_ARC4_128, /**< ARC4 cipher with 128-bit mode. */ + MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */ MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ @@ -151,7 +153,7 @@ typedef enum { MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */ MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */ MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */ - MBEDTLS_MODE_OFB, /**< Unused. */ + MBEDTLS_MODE_OFB, /**< The OFB cipher mode - unsupported. */ MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */ MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */ MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */ @@ -409,7 +411,7 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * \param ctx The context of the cipher. Must be initialized. * * \return The recommended IV size if no IV has been set. - * \return 0 for ciphers not using IV or nonce. + * \return \c 0 for ciphers not using IV or nonce. * \return The actual size if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) From 4c368e82cc5456303d4f0d0b7e5fd25c6a240b1a Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 14:24:11 +0100 Subject: [PATCH 1000/1059] Update cipher.h Additional changes based on review comments --- include/mbedtls/cipher.h | 59 ++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 4169428466..473181762c 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -78,8 +78,8 @@ extern "C" { * ciphers instead. */ typedef enum { - MBEDTLS_CIPHER_ID_NONE = 0, /**< None. */ - MBEDTLS_CIPHER_ID_NULL, /**< NULL.*/ + MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */ + MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ MBEDTLS_CIPHER_ID_3DES, /**< The Trile DES cipher. */ @@ -96,8 +96,8 @@ typedef enum { * ciphers instead. */ typedef enum { - MBEDTLS_CIPHER_NONE = 0, /**< None. */ - MBEDTLS_CIPHER_NULL, /**< NULL. */ + MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */ + MBEDTLS_CIPHER_NULL, /**< The cipher-pair, treated as a stream cipher. */ MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */ MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */ MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */ @@ -361,9 +361,10 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * \param cipher_info The cipher to use. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the - * cipher-specific context failed. + * cipher-specific context fails. * * \internal Currently, the function also clears the structure. * In future versions, the caller will be required to call @@ -411,7 +412,7 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl * \param ctx The context of the cipher. Must be initialized. * * \return The recommended IV size if no IV has been set. - * \return \c 0 for ciphers not using IV or nonce. + * \return \c 0 for ciphers not using an IV or a nonce. * \return The actual size if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) @@ -503,8 +504,8 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci * #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return A cipher-specific error code on failure. */ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, @@ -542,7 +543,8 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph * This parameter is discarded by ciphers with fixed-size IV. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on failure. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. */ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ); @@ -553,8 +555,8 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, * \param ctx The generic cipher context. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA - * if parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. */ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); @@ -585,10 +587,10 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * Exception: For MBEDTLS_MODE_ECB, expects a single block * in size. For example, 16 Bytes for AES. * - * \note If the underlying cipher is GCM, all calls to this - * function, except the last one before - * mbedtls_cipher_finish(). Must have \p ilen as a - * multiple of the block_size. + * \note If the underlying cipher is used in GCM mode, all calls + * to this function, except for the last one before + * mbedtls_cipher_finish(), must have \p ilen as a + * multiple of the block size of the cipher. * * \param ctx The generic cipher context. * \param input The buffer holding the input data. @@ -600,8 +602,8 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * actual number of Bytes written. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an * unsupported mode for a cipher. * \return A cipher-specific error code on failure. @@ -620,10 +622,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * \param olen The length of the data written to the \p output buffer. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if - * parameter verification fails. - * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption - * expected a full block but was not provided one. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. + * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption + * expecting a full block but not receiving one. * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * while decrypting. * \return A cipher-specific error code on failure. @@ -684,9 +686,10 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * ciphers, use \p iv = NULL and \p iv_len = 0. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or - * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption - * expected a full block but was not provided one. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. + * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption + * expecting a full block but not receiving one. * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding * while decrypting. * \return A cipher-specific error code on failure. @@ -716,7 +719,8 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * \param tag_len The desired length of the authentication tag. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return A cipher-specific error code on failure. */ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, @@ -749,7 +753,8 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * \param tag_len The length of the authentication tag. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA. + * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on + * parameter-verification failure. * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. * \return A cipher-specific error code on failure. */ From c441f7490005800065b206dbfaabbabfe54b9fe7 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 14:38:20 +0100 Subject: [PATCH 1001/1059] Update cipher.h minor fix --- include/mbedtls/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 473181762c..a131452084 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -97,7 +97,7 @@ typedef enum { */ typedef enum { MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */ - MBEDTLS_CIPHER_NULL, /**< The cipher-pair, treated as a stream cipher. */ + MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */ MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */ MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */ MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */ From 93f9919c26d8a42bc3ead452964b8e5b189b0522 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Thu, 19 Apr 2018 14:41:33 +0100 Subject: [PATCH 1002/1059] Update cipher.h Fixed typo. --- include/mbedtls/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index a131452084..3ee2ab7db9 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -82,7 +82,7 @@ typedef enum { MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ - MBEDTLS_CIPHER_ID_3DES, /**< The Trile DES cipher. */ + MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */ From 81021ca2da964aa34e30fba8ee672ddfbb504722 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Apr 2018 20:59:06 +0200 Subject: [PATCH 1003/1059] Improve ChangeLog entry --- ChangeLog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a005eb2585..f0ccec9bc1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,9 +54,11 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. - * Put the Cryptographic API outside of the XXX_ALT macro check, so - alternative header file will not need to redefined the same API, - and to force alternative implementer to use the same API. + * Declare functions in header files even when an alternative implementation + of the corresponding module is activated by defining the corresponding + MBEDTLS_XXX_ALT macro. This means that alternative implementations do + not need to copy the declarations, and ensures that they will have the + same API. = mbed TLS 2.8.0 branch released 2018-03-16 From b2e111a288811b7edd4616dda55afd680c6d4195 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 20 Apr 2018 10:13:48 +0100 Subject: [PATCH 1004/1059] Update ecp.h Changes based on review comments. 2 comments still open pending decisions --- include/mbedtls/ecp.h | 95 ++++++++++++++++++++++--------------------- 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index c58a4b6ab8..050283c4a9 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1,11 +1,11 @@ /** * \file ecp.h * - * \brief This file contains ECP definitions and functions. + * \brief This file provides an API for Elliptic Curves over GF(P) (ECP). * - * The use of Elliptic Curves over GF(P) (ECP) in cryptography and - * TLS is defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography and + * The use of ECP in cryptography and TLS is defined in + * Standards for Efficient Cryptography Group (SECG): SEC1 + * Elliptic Curve Cryptography and * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites * for Transport Layer Security (TLS). * @@ -43,7 +43,7 @@ */ #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested curve not available. */ +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested curve is not available. */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ @@ -65,7 +65,7 @@ extern "C" { #endif /** - * Definition of domain parameter identifiers: curve, subgroup and generator. + * Domain parameters: curve, subgroup, and generator. * * \note Only curves over prime fields are supported. * @@ -76,16 +76,16 @@ extern "C" { typedef enum { MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */ - MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for 192-bit NIST curve. */ - MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for 224-bit NIST curve. */ - MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for 256-bit NIST curve. */ - MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for 384-bit NIST curve. */ - MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for 521-bit NIST curve. */ + MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */ + MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */ + MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */ + MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */ + MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */ MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */ MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ - MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for a Curve25519 curve. */ - MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for a Curve448 curve. */ + MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */ + MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */ MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ @@ -105,7 +105,7 @@ typedef struct { mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ - uint16_t bit_size; /*!< The size of the curve in bits. */ + uint16_t bit_size; /*!< The curve size in bits. */ const char *name; /*!< A human-friendly name. */ } mbedtls_ecp_curve_info; @@ -132,15 +132,16 @@ mbedtls_ecp_point; * \brief The ECP group structure. * * We consider two types of curve equations: - *
    1. Short Weierstrass: y^2 = x^3 + A x + B mod P + *
      • Short Weierstrass: y^2 = x^3 + A x + B mod P * (SEC1 + RFC-4492)
        • *
      • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, - * Curve448)
    + * Curve448) * In both cases, the generator (\p G) for a prime-order subgroup is fixed. * * For Short Weierstrass, this subgroup is the whole curve, and its * cardinality is denoted by \p N. Our code requires that \p N is an - * odd prime. + * odd prime as mbedtls_ecp_mul() requires an odd number, and + * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. * * For Montgomery curves, we do not store \p A, but (A + 2) / 4, * which is the quantity used in the formulas. Additionally, \p nbits is @@ -160,15 +161,15 @@ typedef struct { mbedtls_ecp_group_id id; /*!< An internal group identifier. */ mbedtls_mpi P; /*!< The prime modulus of the base field. */ - mbedtls_mpi A; /*!< For (1) \p A in the equation or for - (2) (A + 2) / 4. */ - mbedtls_mpi B; /*!< For (1) \p B in the equation or - for (2) Unused. */ + mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For + Montgomery curves: (A + 2) / 4. */ + mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. + For Montgomery curves: unused. */ mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ mbedtls_mpi N; /*!< The order of \p G. */ size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< For (1) The number of bits in \p P, or - for (2) the private keys. */ + size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. + For Montgomery curves: the private keys. */ unsigned int h; /*!< \internal 1 if the constants are static. */ int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ @@ -176,7 +177,7 @@ typedef struct int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ void *t_data; /*!< Unused. */ mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ - size_t T_size; /*!< The number for pre-computed points. */ + size_t T_size; /*!< The number of pre-computed points. */ } mbedtls_ecp_group; @@ -498,7 +499,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point * \brief This function exports a point as a TLS ECPoint record. * * \param grp The ECP group used. - * \param pt The point to export. + * \param pt he point format to export to an \c MBEDTLS_ECP_PF_XXX constant. * \param format The export format. * \param olen The length of the data written. * \param buf The buffer to write to. @@ -631,9 +632,9 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * the NIST groups which all have a cofactor of 1. * * \note This function uses bare components rather than an - * mbedtls_ecp_keypair() structure, to ease use with other - * structures. For example, mbedtls_ecdh_context() or - * mbedtls_ecdsa_context(). + * ::mbedtls_ecp_keypair structure, to ease use with other + * structures, such as ::mbedtls_ecdh_context or + * ::mbedtls_ecdsa_context. * * \param grp The curve the point should lie on. * \param pt The point to check. @@ -648,9 +649,9 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po * key for this curve. * * \note This function uses bare components rather than an - * mbedtls_ecp_keypair() structure to ease use with other - * structures such as mbedtls_ecdh_context() or - * mbedtls_ecdsa_context(). + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context() or + * ::mbedtls_ecdsa_context. * * \param grp The group used. * \param d The integer to check. @@ -665,10 +666,10 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi * * point. * * \note This function uses bare components rather than an - * mbedtls_ecp_keypair() structure to ease use with other - * structures such as mbedtls_ecdh_context() or - * mbedtls_ecdsa_context(). -* + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or + * ::mbedtls_ecdsa_context. + * * \param grp The ECP group. * \param G The chosen base point. * \param d The destination MPI (secret part). @@ -690,9 +691,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, * \brief This function generates an ECP keypair. * * \note This function uses bare components rather than an - * mbedtls_ecp_keypair() structure to ease use with other - * structures such as mbedtls_ecdh_context() or - * mbedtls_ecdsa_context(). + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or + * ::mbedtls_ecdsa_context. * * \param grp The ECP group. * \param d The destination MPI (secret part). @@ -724,17 +725,19 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief This function checks a public-private key pair. + * \brief This function checks that the keypair objects + * \p pub and \p prv have the same group and the + * same public point, and that the private key in + * \p prv is consistent with the public key. * * \param pub The keypair structure holding the public key. - * \param prv The keypair structure holding the private key. + * If it contains a private key, that part is ignored. + * \param prv The keypair structure holding the full keypair. * - * \note The both are keypairs, and may optionally hold the corresponding other key, but the public key passed in thee pub is checked against the private key passed in prv. - * - * \return \c 0 on success - the keys are valid and match. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or an \c - * MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX - * error code on failure. + * \return \c 0 on success, meaning that the keys are valid and match. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match. + * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * error code on calculation failure. */ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); From f089fa334181d89bdd37a50b933c9568d1426e4d Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Fri, 20 Apr 2018 10:41:16 +0100 Subject: [PATCH 1005/1059] Update ecp.h minor spacing/comment format fixes --- include/mbedtls/ecp.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 050283c4a9..1a5d7d7985 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -232,7 +232,6 @@ mbedtls_ecp_keypair; * 521 145 141 135 120 97 * 384 214 209 198 177 146 * 256 320 320 303 262 226 - * 224 475 475 453 398 342 * 192 640 640 633 587 476 */ @@ -596,7 +595,7 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /** * \brief This function performs multiplication and addition of two * points by integers: \p R = \p m * \p P + \p n * \p Q - + * * It is not thread-safe to use same group in multiple threads. * * \note In contrast to mbedtls_ecp_mul(), this function does not @@ -680,7 +679,7 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. - */ + */ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, From 5462e028743938c120e35c0a410955bb055f1a4f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 20 Apr 2018 07:58:53 -0400 Subject: [PATCH 1006/1059] ssl_tls: Fix invalid buffer sizes during compression / decompression Adjust information passed to zlib to include already written data. --- ChangeLog | 2 ++ library/ssl_tls.c | 13 ++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae8d86f205..e15a53b6b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,8 @@ Bugfix in the internal buffers; these cases lead to deadlocks in case event-driven I/O was used. Found and reported by Hubert Mis in #772. + * Fix invalid buffer sizes passed to zlib during record compression and + decompression. Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8063d2c1a..9374961bd6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2108,6 +2108,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) { int ret; unsigned char *msg_post = ssl->out_msg; + ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf; size_t len_pre = ssl->out_msglen; unsigned char *msg_pre = ssl->compress_buf; @@ -2127,7 +2128,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) ssl->transform_out->ctx_deflate.next_in = msg_pre; ssl->transform_out->ctx_deflate.avail_in = len_pre; ssl->transform_out->ctx_deflate.next_out = msg_post; - ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN; + ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - bytes_written; ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); if( ret != Z_OK ) @@ -2137,7 +2138,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) } ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN - - ssl->transform_out->ctx_deflate.avail_out; + ssl->transform_out->ctx_deflate.avail_out - bytes_written; MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", ssl->out_msglen ) ); @@ -2154,6 +2155,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) { int ret; unsigned char *msg_post = ssl->in_msg; + ptrdiff_t bytes_written = ssl->in_msg - ssl->in_buf; size_t len_pre = ssl->in_msglen; unsigned char *msg_pre = ssl->compress_buf; @@ -2173,7 +2175,8 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) ssl->transform_in->ctx_inflate.next_in = msg_pre; ssl->transform_in->ctx_inflate.avail_in = len_pre; ssl->transform_in->ctx_inflate.next_out = msg_post; - ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN; + ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - + bytes_written; ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); if( ret != Z_OK ) @@ -2182,8 +2185,8 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); } - ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN - - ssl->transform_in->ctx_inflate.avail_out; + ssl->in_msglen = MBEDTLS_SSL_BUFFER_LEN - + ssl->transform_in->ctx_inflate.avail_out - bytes_written; MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", ssl->in_msglen ) ); From 1d3b508b825f0f4fc2e27694fde6aa1c56184f34 Mon Sep 17 00:00:00 2001 From: Mohammad Azim Khan Date: Wed, 18 Apr 2018 19:35:00 +0100 Subject: [PATCH 1007/1059] Same ciphersuite validation in server and client hello --- ChangeLog | 2 ++ library/ssl_cli.c | 92 +++++++++++++++++++++++++++-------------------- 2 files changed, 55 insertions(+), 39 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3e5dd68081..100551972b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -64,6 +64,8 @@ Bugfix * Fix buffer length assertions in the ssl_parse_certificate_request() function which leads to a potential one byte overread of the message buffer. + * Fix cipher suite validation in ssl_parse_server_hello() by performing same + checks as performed in ssl_write_client_hello(). Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7cde5b113b..efcf48bc0e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -717,6 +717,45 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) return( 0 ); } +/** + * \brief Validate cipher suite against config in SSL context. + * + * \param suite_info cipher suite to validate + * \param ssl SSL context + * + * \return 0 if valid, else 1 + */ +static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info, + const mbedtls_ssl_context * ssl ) +{ + if( suite_info == NULL ) + return( 1 ); + + if( suite_info->min_minor_ver > ssl->conf->max_minor_ver || + suite_info->max_minor_ver < ssl->conf->min_minor_ver ) + return( 1 ); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) + return( 1 ); +#endif + +#if defined(MBEDTLS_ARC4_C) + if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && + suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) + return( 1 ); +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) + return( 1 ); +#endif + + return( 0 ); +} + static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { int ret; @@ -869,31 +908,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); - if( ciphersuite_info == NULL ) + if( ssl_validate_ciphersuite( ciphersuite_info, ssl ) != 0 ) continue; - if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver || - ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver ) - continue; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) - continue; -#endif - -#if defined(MBEDTLS_ARC4_C) - if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && - ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) - continue; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - continue; -#endif - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", ciphersuites[i] ) ); @@ -1690,22 +1707,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); - suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); - if( suite_info == NULL -#if defined(MBEDTLS_ARC4_C) - || ( ssl->conf->arc4_disabled && - suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) -#endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); - } - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); - + /* Perform cipher suite validation in same way as in ssl_write_client_hello. + */ i = 0; while( 1 ) { @@ -1724,6 +1727,17 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } } + suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); + if( ssl_validate_ciphersuite( suite_info, ssl ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); + if( comp != MBEDTLS_SSL_COMPRESS_NULL #if defined(MBEDTLS_ZLIB_SUPPORT) && comp != MBEDTLS_SSL_COMPRESS_DEFLATE From abc9ec73b04c9e7f0e3fb3123471c33a973eed36 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 23 Apr 2018 06:16:40 +0100 Subject: [PATCH 1008/1059] Update ecdsa.h Merged change to MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH from other commit for merging, as requested (lines 282+283). --- include/mbedtls/ecdsa.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 11df7e2157..ce1a03d791 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -279,8 +279,8 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid. - * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than \p siglen. + * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid + * signature in \p sig, but its length is less than \p siglen. * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. */ From d76ac587d3b4eb37548b032d6fd6765575ee9959 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 23 Apr 2018 06:29:34 +0100 Subject: [PATCH 1009/1059] Update ecp.h Changes based on review comments. Waiting for responses on 2 remaining comments --- include/mbedtls/ecp.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1a5d7d7985..f7f57c0738 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -43,7 +43,7 @@ */ #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested curve is not available. */ +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, . */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ @@ -65,7 +65,7 @@ extern "C" { #endif /** - * Domain parameters: curve, subgroup, and generator. + * Domain-parameter identifiers: curve, subgroup, and generator. * * \note Only curves over prime fields are supported. * @@ -169,7 +169,8 @@ typedef struct mbedtls_mpi N; /*!< The order of \p G. */ size_t pbits; /*!< The number of bits in \p P.*/ size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. - For Montgomery curves: the private keys. */ + For Montgomery curves: the number of bits in the + private keys. */ unsigned int h; /*!< \internal 1 if the constants are static. */ int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ @@ -187,7 +188,7 @@ mbedtls_ecp_group; * A generic key-pair that may be used for ECDSA and fixed ECDH, for example. * * \note Members are deliberately in the same order as in the - * #mbedtls_ecdsa_context structure. + * ::mbedtls_ecdsa_context structure. */ typedef struct { @@ -498,7 +499,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point * \brief This function exports a point as a TLS ECPoint record. * * \param grp The ECP group used. - * \param pt he point format to export to an \c MBEDTLS_ECP_PF_XXX constant. + * \param pt The point format to export to an \c MBEDTLS_ECP_PF_XXX constant. * \param format The export format. * \param olen The length of the data written. * \param buf The buffer to write to. @@ -649,7 +650,7 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po * * \note This function uses bare components rather than an * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context() or + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The group used. From c32efb3f641313279a5d75ff7e102ed84e32c899 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 23 Apr 2018 09:38:29 +0100 Subject: [PATCH 1010/1059] Update ecp.h Resolved last review comment --- include/mbedtls/ecp.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index f7f57c0738..e11cdf2d85 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -499,7 +499,8 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point * \brief This function exports a point as a TLS ECPoint record. * * \param grp The ECP group used. - * \param pt The point format to export to an \c MBEDTLS_ECP_PF_XXX constant. + * \param pt The point format to export to. The point format is an + * \c MBEDTLS_ECP_PF_XXX constant. * \param format The export format. * \param olen The length of the data written. * \param buf The buffer to write to. From d35340550dea413e5a7ce872561eb84c96179be3 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Mon, 23 Apr 2018 16:12:42 +0100 Subject: [PATCH 1011/1059] Update ecp.h fixed omittion --- include/mbedtls/ecp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index e11cdf2d85..6924d40368 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -43,7 +43,7 @@ */ #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, . */ +#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, the requested curve is not supported. */ #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */ From a9ceef8e032e488e9b3821bfdac4b4dfba2f3a20 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 24 Apr 2018 06:32:44 -0400 Subject: [PATCH 1012/1059] Change variable bytes_written to header_bytes in record decompression The name is changed to better reflect the input, decompression case --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9374961bd6..8a903c563f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2155,7 +2155,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) { int ret; unsigned char *msg_post = ssl->in_msg; - ptrdiff_t bytes_written = ssl->in_msg - ssl->in_buf; + ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf; size_t len_pre = ssl->in_msglen; unsigned char *msg_pre = ssl->compress_buf; @@ -2176,7 +2176,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) ssl->transform_in->ctx_inflate.avail_in = len_pre; ssl->transform_in->ctx_inflate.next_out = msg_post; ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - - bytes_written; + header_bytes; ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); if( ret != Z_OK ) @@ -2186,7 +2186,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) } ssl->in_msglen = MBEDTLS_SSL_BUFFER_LEN - - ssl->transform_in->ctx_inflate.avail_out - bytes_written; + ssl->transform_in->ctx_inflate.avail_out - header_bytes; MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", ssl->in_msglen ) ); From a7a6155272baaae2a99a0021ac0694842eeac392 Mon Sep 17 00:00:00 2001 From: Rose Zadik Date: Tue, 24 Apr 2018 13:14:01 +0100 Subject: [PATCH 1013/1059] Update ecp.h One fix. Removed trailing whitespaces --- include/mbedtls/ecp.h | 107 +++++++++++++++++++++--------------------- 1 file changed, 53 insertions(+), 54 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 6924d40368..9fc650ee3a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -8,13 +8,13 @@ * Elliptic Curve Cryptography     and * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites * for Transport Layer Security (TLS). - * + * * RFC-2409: The Internet Key Exchange (IKE) defines ECP * group types. - * + * */ -/* +/* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * @@ -32,7 +32,7 @@ * * This file is part of Mbed TLS (https://tls.mbed.org) */ - + #ifndef MBEDTLS_ECP_H #define MBEDTLS_ECP_H @@ -114,10 +114,10 @@ typedef struct * * \note All functions expect and return points satisfying * the following condition: Z == 0 or - * Z == 1. Other values of \p Z are + * Z == 1. Other values of \p Z are * used only by internal functions. * The point is zero, or "at infinity", if Z == 0. - * Otherwise, \p X and \p Y are its standard (affine) + * Otherwise, \p X and \p Y are its standard (affine) * coordinates. */ typedef struct @@ -144,18 +144,17 @@ mbedtls_ecp_point; * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. * * For Montgomery curves, we do not store \p A, but (A + 2) / 4, - * which is the quantity used in the formulas. Additionally, \p nbits is + * which is the quantity used in the formulas. Additionally, \p nbits is * not the size of \p N but the required size for private keys. * - * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. - * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the - * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer which is - * congruent mod \p P to the given MPI, and is close enough to \p pbits in size, - * so that it may be efficiently brought in the 0..P-1 range by a few additions - * or subtractions. Therefore, it is only an approximative modular reduction. + * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. + * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the + * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer + * which is congruent mod \p P to the given MPI, and is close enough to \p pbits + * in size, so that it may be efficiently brought in the 0..P-1 range by a few + * additions or subtractions. Therefore, it is only an approximative modular + * reduction. It must return 0 on success and non-zero on failure. * - * \return \c 0 on success - * \return Non-zero error code on failure. */ typedef struct { @@ -169,10 +168,10 @@ typedef struct mbedtls_mpi N; /*!< The order of \p G. */ size_t pbits; /*!< The number of bits in \p P.*/ size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. - For Montgomery curves: the number of bits in the + For Montgomery curves: the number of bits in the private keys. */ unsigned int h; /*!< \internal 1 if the constants are static. */ - int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction + int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ @@ -187,7 +186,7 @@ mbedtls_ecp_group; * * A generic key-pair that may be used for ECDSA and fixed ECDH, for example. * - * \note Members are deliberately in the same order as in the + * \note Members are deliberately in the same order as in the * ::mbedtls_ecdsa_context structure. */ typedef struct @@ -298,7 +297,7 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); /** - * \brief This function retrieves curve information from a TLS + * \brief This function retrieves curve information from a TLS * NamedCurve value. * * \param tls_id An \c MBEDTLS_ECP_DP_XXX value. @@ -309,7 +308,7 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); /** - * \brief This function retrieves curve information from a + * \brief This function retrieves curve information from a * human-readable name. * * \param name The human-readable name. @@ -328,7 +327,7 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); /** * \brief This function initializes an ECP group context - * without loading any domain parameters. + * without loading any domain parameters. * * \note After this function is called, domain parameters * for various ECP groups can be loaded through the @@ -364,7 +363,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); /** - * \brief This function copies the contents of point \p Q into + * \brief This function copies the contents of point \p Q into * point \p P. * * \param P The destination point. @@ -376,7 +375,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); /** - * \brief This function copies the contents of group \p src into + * \brief This function copies the contents of group \p src into * group \p dst. * * \param dst The destination group. @@ -423,7 +422,7 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); /** - * \brief This function imports a non-zero point from two ASCII + * \brief This function imports a non-zero point from two ASCII * strings. * * \param P The destination point. @@ -459,7 +458,7 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ * \brief This function imports a point from unsigned binary data. * * \note This function does not check that the point actually - * belongs to the given group, see mbedtls_ecp_check_pubkey() + * belongs to the given group, see mbedtls_ecp_check_pubkey() * for that. * * \param grp The group to which the point should belong. @@ -518,7 +517,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \brief This function sets a group using standardized domain parameters. * * \note The index should be a value of the NamedCurve enum, - * as defined in RFC-4492: Elliptic Curve Cryptography + * as defined in RFC-4492: Elliptic Curve Cryptography * (ECC) Cipher Suites for Transport Layer Security (TLS), * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro. * @@ -528,7 +527,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \return \c 0 on success, * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups. - + */ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); @@ -563,7 +562,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen ); /** - * \brief This function performs multiplication of a point by + * \brief This function performs multiplication of a point by * an integer: \p R = \p m * \p P. * * It is not thread-safe to use same group in multiple threads. @@ -595,12 +594,12 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief This function performs multiplication and addition of two + * \brief This function performs multiplication and addition of two * points by integers: \p R = \p m * \p P + \p n * \p Q * * It is not thread-safe to use same group in multiple threads. * - * \note In contrast to mbedtls_ecp_mul(), this function does not + * \note In contrast to mbedtls_ecp_mul(), this function does not * guarantee a constant execution flow and timing. * * \param grp The ECP group. @@ -611,8 +610,8 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \param Q The point to be multiplied by \p n. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not - * valid private keys, or \p P or \p Q are not valid public + * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not + * valid private keys, or \p P or \p Q are not valid public * keys. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. */ @@ -621,20 +620,20 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); /** - * \brief This function checks that a point is a valid public key + * \brief This function checks that a point is a valid public key * on this curve. * - * It only checks that the point is non-zero, has - * valid coordinates and lies on the curve. It does not verify - * that it is indeed a multiple of \p G. This additional + * It only checks that the point is non-zero, has + * valid coordinates and lies on the curve. It does not verify + * that it is indeed a multiple of \p G. This additional * check is computationally more expensive, is not required * by standards, and should not be necessary if the group - * used has a small cofactor. In particular, it is useless for + * used has a small cofactor. In particular, it is useless for * the NIST groups which all have a cofactor of 1. * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure, to ease use with other - * structures, such as ::mbedtls_ecdh_context or + * \note This function uses bare components rather than an + * ::mbedtls_ecp_keypair structure, to ease use with other + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The curve the point should lie on. @@ -646,12 +645,12 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); /** - * \brief This function checks that an \p mbedtls_mpi is a valid private + * \brief This function checks that an \p mbedtls_mpi is a valid private * key for this curve. * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or + * \note This function uses bare components rather than an + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The group used. @@ -663,12 +662,12 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); /** - * \brief This function generates a keypair with a configurable base + * \brief This function generates a keypair with a configurable base * point. * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or + * \note This function uses bare components rather than an + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The ECP group. @@ -691,9 +690,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, /** * \brief This function generates an ECP keypair. * - * \note This function uses bare components rather than an - * ::mbedtls_ecp_keypair structure to ease use with other - * structures, such as ::mbedtls_ecdh_context or + * \note This function uses bare components rather than an + * ::mbedtls_ecp_keypair structure to ease use with other + * structures, such as ::mbedtls_ecdh_context or * ::mbedtls_ecdsa_context. * * \param grp The ECP group. @@ -726,7 +725,7 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief This function checks that the keypair objects + * \brief This function checks that the keypair objects * \p pub and \p prv have the same group and the * same public point, and that the private key in * \p prv is consistent with the public key. @@ -735,9 +734,9 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * If it contains a private key, that part is ignored. * \param prv The keypair structure holding the full keypair. * - * \return \c 0 on success, meaning that the keys are valid and match. + * \return \c 0 on success, meaning that the keys are valid and match. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match. - * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX + * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX * error code on calculation failure. */ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); From 3dd8abd037f9b5a0a7b543fc38e18d0f349b0a42 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 24 Apr 2018 10:56:55 +0100 Subject: [PATCH 1014/1059] Regenerate errors after ecp.h updates The error descriptions were updated in ecp.h (PR #1578), so also update the strings in error.c. --- library/error.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/error.c b/library/error.c index 96ab203766..222d85b62e 100644 --- a/library/error.c +++ b/library/error.c @@ -256,19 +256,19 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) ) mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" ); if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "ECP - Requested curve not available" ); + mbedtls_snprintf( buf, buflen, "ECP - The requested feature is not available, for example, the requested curve is not supported" ); if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) ) mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" ); if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) ) mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" ); if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) ) - mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" ); + mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as ephemeral key, failed" ); if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) ) mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" ); if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" ); + mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" ); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) From 21b376b56c64c7aadc13a4fc851cb3a298113246 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:28:26 -0500 Subject: [PATCH 1015/1059] Organize output objs in alfabetical order in Makefile --- library/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/Makefile b/library/Makefile index 0ce2a224e3..c6ec15351c 100644 --- a/library/Makefile +++ b/library/Makefile @@ -62,11 +62,11 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ padlock.o pem.o pk.o \ pk_wrap.o pkcs12.o pkcs5.o \ pkparse.o pkwrite.o platform.o \ - ripemd160.o rsa_internal.o rsa.o \ - sha1.o sha256.o sha512.o \ - threading.o timing.o version.o \ - version_features.o xtea.o \ - platform_util.o + platform_util.o ripemd160.o rsa_internal.o \ + rsa.o sha1.o sha256.o \ + sha512.o threading.o timing.o \ + version.o version_features.o \ + xtea.o OBJS_X509= certs.o pkcs11.o x509.o \ x509_create.o x509_crl.o x509_crt.o \ From bc7bdbf5c89768812fe4e5f0f62979488741bd04 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:29:20 -0500 Subject: [PATCH 1016/1059] Organize CMakeLists targets in alphabetical order --- library/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 648b151a08..e525731179 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -46,6 +46,7 @@ set(src_crypto pkparse.c pkwrite.c platform.c + platform_util.c ripemd160.c rsa.c rsa_internal.c @@ -57,7 +58,6 @@ set(src_crypto version.c version_features.c xtea.c - platform_util.c ) set(src_x509 From d0ef468d390f7847cb22dbc0297051dfb948eb97 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:31:34 -0500 Subject: [PATCH 1017/1059] Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 67ad4b268d..7c9acb2309 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2866,8 +2866,8 @@ * versions of the C language standards do not provide a secure implementation * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from the C - * standard (e.g using memset_s() in C11) or calling a secure memset() from + * example by using directives specific to their compiler, features from newer + * C standards (e.g using memset_s() in C11) or calling a secure memset() from * their system (e.g explicit_bzero() in BSD). */ //#define MBEDTLS_PLATFORM_ZEROIZE_ALT From 708c5cb6ab2602767e40e6f7f7164c42b401f04b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:33:31 -0500 Subject: [PATCH 1018/1059] mbedtls_zeroize -> mbedtls_platform_zeroize in docs --- tests/scripts/all.sh | 2 +- tests/scripts/test_zeroize.gdb | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 53f2a93deb..de0bbcc421 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -909,7 +909,7 @@ rm -rf "$OUT_OF_SOURCE_DIR" for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_zeroize()" + msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" cleanup CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 11ea37f972..617ab55449 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -25,10 +25,10 @@ # intelligent compiler could determine that this function clears a block of # memory that is not accessed later in the program, so removing the call to # mbedtls_platform_zeroize() does not have an observable behavior. However, -# inserting a test after a call to mbedtls_zeroize() to check whether the block -# of memory was correctly zeroed would force the compiler to not eliminate the -# mbedtls_platform_zeroize() call. If this does not occur, then the compiler -# potentially has a bug. +# inserting a test after a call to mbedtls_platform_zeroize() to check whether +# the block of memory was correctly zeroed would force the compiler to not +# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then +# the compiler potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. # From 56e06db1023255d19578cc4108ecf3b78053ccd7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:37:52 -0500 Subject: [PATCH 1019/1059] Improve mbedtls_platform_zeroize() docs --- include/mbedtls/platform_util.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index bda97102c8..84f0732eeb 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -34,19 +34,24 @@ extern "C" { /** * \brief Securely zeroize a buffer * - * \param buf Buffer to be zeroized - * \param len Length of the buffer in bytes + * The function is meant to wipe the data contained in a buffer so + * that it can no longer be recovered even if the program memory + * is later compromised. Call this function on sensitive data + * stored on the stack before returning from a function, and on + * sensitive data stored on the heap before freeing the heap + * object. * - * \note This implementation should never be optimized out by the - * compiler - * - * \note It is extremely difficult to guarantee that calls to + * It is extremely difficult to guarantee that calls to * mbedtls_platform_zeroize() are not removed by aggressive * compiler optimizations in a portable way. For this reason, Mbed * TLS provides the configuration option * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure * mbedtls_platform_zeroize() to use a suitable implementation for * their platform and needs + * + * \param buf Buffer to be zeroized + * \param len Length of the buffer in bytes + * */ void mbedtls_platform_zeroize( void *buf, size_t len ); From 6698d2fc5ca1feb5e6fceae4e9995de0843d3cb4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:39:07 -0500 Subject: [PATCH 1020/1059] Fix style for mbedtls_mpi_zeroize() --- library/bignum.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index fb748d8a1e..02d93edcfb 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -73,7 +73,8 @@ #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { +static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) +{ mbedtls_platform_zeroize( v, ciL * n ); } From 8491406803465667c4ee5d29b0ebd58bcd91cc87 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 24 Apr 2018 08:40:46 -0500 Subject: [PATCH 1021/1059] Remove preprocessor directives around platform_util.h include --- library/ssl_srv.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 313938ee87..09b7a3fed3 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -38,6 +38,7 @@ #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" +#include "mbedtls/platform_util.h" #include @@ -49,10 +50,6 @@ #include "mbedtls/platform_time.h" #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/platform_util.h" -#endif - #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, const unsigned char *info, From 03bac448db441d66612e2a2ed2c5e2f1ec2b04b8 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 25 Apr 2018 05:06:07 -0400 Subject: [PATCH 1022/1059] Change accepted ciphersuite versions when parsing server hello Accept only ciphersuites for version chosen by the server --- library/ssl_cli.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index efcf48bc0e..f4dc02aba7 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -722,17 +722,21 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * * \param suite_info cipher suite to validate * \param ssl SSL context + * \param min_minor_ver Minimal minor version to accept a cipher suite + * \param max_minor_ver Maximal minor version to accept a cipher suite * * \return 0 if valid, else 1 */ static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info, - const mbedtls_ssl_context * ssl ) + const mbedtls_ssl_context * ssl, + int min_minor_ver, int max_minor_ver ) { + (void) ssl; if( suite_info == NULL ) return( 1 ); - if( suite_info->min_minor_ver > ssl->conf->max_minor_ver || - suite_info->max_minor_ver < ssl->conf->min_minor_ver ) + if( suite_info->min_minor_ver > max_minor_ver || + suite_info->max_minor_ver < min_minor_ver ) return( 1 ); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -908,7 +912,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); - if( ssl_validate_ciphersuite( ciphersuite_info, ssl ) != 0 ) + if( ssl_validate_ciphersuite( ciphersuite_info, ssl, + ssl->conf->min_minor_ver, + ssl->conf->max_minor_ver ) != 0 ) continue; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", @@ -1707,7 +1713,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); - /* Perform cipher suite validation in same way as in ssl_write_client_hello. + /* + * Perform cipher suite validation in same way as in ssl_write_client_hello. */ i = 0; while( 1 ) @@ -1728,7 +1735,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); - if( ssl_validate_ciphersuite( suite_info, ssl ) != 0 ) + if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, From b7a18c049863bcddcc74321a0d32467216f844cd Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 25 Apr 2018 05:25:30 -0400 Subject: [PATCH 1023/1059] Changelog entry --- ChangeLog | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 100551972b..a0810d1a7f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,11 @@ Security where an optional signature algorithms list is expected in the cases of the signature algorithms section being too short. In the debug builds the overread data is printed to the standard output. + * Fix a client-side bug in the validation of the server's ciphersuite choice + potentially leading to the client accepting a ciphersuite it didn't offer + or one that cannot be used with the (D)TLS version chosen by the server. + This may lead to corruption of internal data structures for some + configurations. Features * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables @@ -64,8 +69,6 @@ Bugfix * Fix buffer length assertions in the ssl_parse_certificate_request() function which leads to a potential one byte overread of the message buffer. - * Fix cipher suite validation in ssl_parse_server_hello() by performing same - checks as performed in ssl_write_client_hello(). Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. From fe0669f52ac62abf3a25c58e737eb467d013aa31 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 27 Apr 2018 17:43:32 +0100 Subject: [PATCH 1024/1059] ecp: Fix binary compatibility with group ID We naturally added the new Curve448 ECP group ID in alphabetical order in the mbedtls_ecp_group_id enum. However, this causes binary incompatibility issues as previous binaries will use values for groups that now have a different meaning. For example, MBEDTLS_ECP_DP_SECP192K1, old value 10, would mean Curve448 (MBEDTLS_ECP_DP_CURVE448) and the wrong group ID used. Fix the binary compatibility issue by adding new enum entries to the end of the enum, even though this isn't so great for readbility as the list is no longer in alphabetical order. However, the list wasn't perfectly in alphabetical order before anyway. --- include/mbedtls/ecp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 3ad74e6024..3a407986dd 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -76,10 +76,10 @@ typedef enum MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */ MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */ MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */ - MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */ MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */ MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */ + MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */ } mbedtls_ecp_group_id; /** From 7d7bad6b1ff3a8ac425c5725e29c4711ca22ec32 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 27 Apr 2018 13:07:13 +0100 Subject: [PATCH 1025/1059] Update version to 2.9.0 Bump SOVERSION for parity with 2.7.2 and 2.7.3. --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- library/Makefile | 2 +- tests/suites/test_suite_version.data | 4 ++-- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7a1ec76d11..f5b1001cbc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.9.0 branch released 2018-04-30 Security * Fix a bug in the X.509 module potentially leading to a buffer overread diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 7952cbcbdb..e27c221bbc 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.8.0 source code documentation + * @mainpage mbed TLS v2.9.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index ec7a46a53e..510fa85b0b 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.8.0" +PROJECT_NAME = "mbed TLS v2.9.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index c3ee649f5c..aa52ce21ec 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 8 +#define MBEDTLS_VERSION_MINOR 9 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02080000 -#define MBEDTLS_VERSION_STRING "2.8.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0" +#define MBEDTLS_VERSION_NUMBER 0x02090000 +#define MBEDTLS_VERSION_STRING "2.9.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.9.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7742c22d25..fc3febdbc8 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -141,15 +141,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.8.0 SOVERSION 1) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.9.0 SOVERSION 2) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.8.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.9.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.8.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.9.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/library/Makefile b/library/Makefile index 0333815f00..97f796fcf8 100644 --- a/library/Makefile +++ b/library/Makefile @@ -33,7 +33,7 @@ endif SOEXT_TLS=so.10 SOEXT_X509=so.0 -SOEXT_CRYPTO=so.1 +SOEXT_CRYPTO=so.2 # Set DLEXT=dylib to compile as a shared library for Mac OS X DLEXT ?= so diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 79cc751ec9..0aca470237 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.8.0" +check_compiletime_version:"2.9.0" Check runtime library version -check_runtime_version:"2.8.0" +check_runtime_version:"2.9.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From b03120ad415e634433f98a82edf4762a9b59fb28 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 30 Apr 2018 16:40:25 +0100 Subject: [PATCH 1026/1059] Fix the ChangeLog for clarity, english and credit --- ChangeLog | 94 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7a1ec76d11..7af453fda1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,43 +3,46 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix a bug in the X.509 module potentially leading to a buffer overread - during CRT verification or to invalid or omitted checks for certificate - validity. The former can be triggered remotely, while the latter requires - a non DER-compliant certificate correctly signed by a trusted CA, or a - trusted CA with a non DER-compliant certificate. Found by luocm on GitHub. - Fixes #825. - * Fix buffer length assertion in the ssl_parse_certificate_request() - function which leads to an arbitrary overread of the message buffer. The - overreads could occur upon receiving a message malformed at the point - where an optional signature algorithms list is expected in the cases of - the signature algorithms section being too short. In the debug builds - the overread data is printed to the standard output. + * Fix an issue in the X.509 module which could lead to a buffer overread + during certificate validation. Additionally, the issue could also lead to + unnecessary callback checks being made or to some validation checks to be + omitted. The overread could be triggered remotely, while the other issues + would require a non DER-compliant certificate to be correctly signed by a + trusted CA, or a trusted CA with a non DER-compliant certificate. Found by + luocm. Fixes #825. + * Fix the buffer length assertion in the ssl_parse_certificate_request() + function which led to an arbitrary overread of the message buffer. The + overreads could be caused by receiving a malformed message at the point + where an optional signature algorithms list is expected when the signature + algorithms section is too short. In builds with debug output, the overread + data is output with the debug data. * Fix a client-side bug in the validation of the server's ciphersuite choice - potentially leading to the client accepting a ciphersuite it didn't offer - or one that cannot be used with the (D)TLS version chosen by the server. - This may lead to corruption of internal data structures for some - configurations. + which could potentially lead to the client accepting a ciphersuite it didn't + offer or a ciphersuite that cannot be used with the TLS or DTLS version + chosen by the server. This could lead to corruption of internal data + structures for some configurations. Features - * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables - during runtime, thereby reducing the RAM/ROM footprint by ~6kb. Suggested - and contributed by jkivilin in #394. + * Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES + tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB. + Suggested and contributed by jkivilin in pull request #394. * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and ECDH primitive functions (mbedtls_ecdh_gen_public(), mbedtls_ecdh_compute_shared()) are supported for now. Contributed by Nicholas Wilson (#348). API Changes - * Add function mbedtls_net_poll to public API allowing to wait for a - network context to become ready for reading or writing. - * Add function mbedtls_ssl_check_pending to public API allowing to check - if more data is pending to be processed in the internal message buffers. + * Extend the public API with the function of mbedtls_net_poll() to allow user + applications to wait for a network context to become ready before reading + or writing. + * Add function mbedtls_ssl_check_pending() to the public API to allow + a check for whether more more data is pending to be processed in the + internal message buffers. This function is necessary to determine when it is safe to idle on the underlying transport in case event-driven IO is used. Bugfix - * Fix spurious uninitialized variable warning in cmac.c. Fix independently + * Fix a spurious uninitialized variable warning in cmac.c. Fix independently contributed by Brian J Murray and David Brown. * Add missing dependencies in test suites that led to build failures in configurations that omit certain hashes or public-key algorithms. @@ -47,15 +50,16 @@ Bugfix * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. #1353 * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and - MBEDTLS_VERSION_FEATURES in test suites. Contributed by Deomid Ryabkov. - Fixes #1299, #1475. - * Fix dynamic library building process with Makefile on Mac OS X. Fixed by - mnacamura. + MBEDTLS_VERSION_FEATURES in some test suites. Contributed by + Deomid Ryabkov. Fixes #1299, #1475. + * Fix the Makefile build process for building shared libraries on Mac OS X. + Fixed by mnacamura. * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was - unable to parse keys with only the optional parameters field of the + unable to parse keys which had only the optional parameters field of the ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379. - * Return plaintext data sooner on unpadded CBC decryption, as stated in - the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. + * Return the plaintext data more quickly on unpadded CBC decryption, as + stated in the mbedtls_cipher_update() documentation. Contributed by + Andy Leiserson. * Fix overriding and ignoring return values when parsing and writing to a file in pk_sign program. Found by kevlut in #1142. * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations @@ -63,9 +67,8 @@ Bugfix to make progress. Previously, this error code was also occasionally returned when unexpected messages were being discarded, ignoring that further messages could potentially already be pending to be processed - in the internal buffers; these cases lead to deadlocks in case - event-driven I/O was used. - Found and reported by Hubert Mis in #772. + in the internal buffers; these cases led to deadlocks when event-driven + I/O was used. Found and reported by Hubert Mis in #772. * Fix buffer length assertions in the ssl_parse_certificate_request() function which leads to a potential one byte overread of the message buffer. @@ -74,18 +77,18 @@ Bugfix Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. - * Support cmake build where Mbed TLS is a subproject. Fix - contributed independently by Matthieu Volat and Arne Schwabe. + * Support cmake builds where Mbed TLS is a subproject. Fix contributed + independently by Matthieu Volat and Arne Schwabe. * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. * Do not define global mutexes around readdir() and gmtime() in configurations where the feature is disabled. Found and fixed by Gergely Budai. - * Harden mbedtls_ssl_config_free() against misuse, so that it doesn't - leak memory in case the user doesn't use mbedtls_ssl_conf_psk() and - instead incorrectly manipulates conf->psk and/or conf->psk_identity - directly. Found and fix submitted by junyeonLEE in #1220. + * Harden the function mbedtls_ssl_config_free() against misuse, so that it + doesn't leak memory if the user doesn't use mbedtls_ssl_conf_psk() and + instead incorrectly manipulates the configuration structure directly. + Found and fix submitted by junyeonLEE in #1220. * Provide an empty implementation of mbedtls_pkcs5_pbes2() when MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 without PBES2. Fixed by Marcos Del Sol Vives. @@ -96,7 +99,7 @@ Changes Krylov. * Improve the documentation of mbedtls_ssl_write(). Suggested by Paul Sokolovsky in #1356. - * Add an option in the makefile to support ar utilities where the operation + * Add an option in the Makefile to support ar utilities where the operation letter must not be prefixed by '-', such as LLVM. Found and fixed by Alex Hixon. * Allow configuring the shared library extension by setting the DLEXT @@ -109,8 +112,8 @@ Changes * Improve robustness of mbedtls_ssl_derive_keys against the use of HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan Chen in #1377. Fixes #1437. - * Improve security of RSA key generation by including criteria from FIPS - 186-4. Contributed by Jethro Beekman. #1380 + * Improve security of RSA key generation by including criteria from + FIPS 186-4. Contributed by Jethro Beekman. #1380 * Declare functions in header files even when an alternative implementation of the corresponding module is activated by defining the corresponding MBEDTLS_XXX_ALT macro. This means that alternative implementations do @@ -314,7 +317,7 @@ Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. - Found by projectgus and jethrogb, #836. + Found by projectgus and Jethro Beekman, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 @@ -508,8 +511,7 @@ Bugfix Previous behaviour was to keep processing data even after the alert has been sent. * Accept empty trusted CA chain in authentication mode - MBEDTLS_SSL_VERIFY_OPTIONAL. - Found by jethrogb. #864 + MBEDTLS_SSL_VERIFY_OPTIONAL. Found by Jethro Beekman. #864 * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to reflect bad EC curves within verification result. From 0b3f00c3cfe715044710ecaefdec2b78ce306da4 Mon Sep 17 00:00:00 2001 From: Mohammad Azim Khan Date: Tue, 1 May 2018 10:17:48 +0100 Subject: [PATCH 1027/1059] Avoid -Wformat-truncation warning on gcc7 --- tests/suites/main_test.function | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 1390f9fbba..abf3320364 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -226,12 +226,23 @@ int parse_arguments( char *buf, size_t len, char *params[50] ) return( cnt ); } +#if defined(__GNUC__) +/* At high optimization levels (e.g. gcc -O3), this function may be + * inlined in run_test_snprintf. This can trigger a spurious warning about + * potential misuse of snprintf from gcc -Wformat-truncation (observed with + * gcc 7.2). This warning makes tests in run_test_snprintf redundant on gcc + * only. They are still valid for other compilers. Avoid this warning by + * forbidding inlining of this function by gcc. */ +__attribute__((__noinline__)) +#endif static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) { int ret; char buf[10] = "xxxxxxxxx"; const char ref[10] = "xxxxxxxxx"; + if( n >= sizeof( buf ) ) + return( -1 ); ret = mbedtls_snprintf( buf, n, "%s", "123" ); if( ret < 0 || (size_t) ret >= n ) ret = -1; From e6a2a1aa97585fc5638953633ae6968d910a0b58 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 May 2018 13:57:53 +0100 Subject: [PATCH 1028/1059] Add the uodate to the soversion to the ChangeLog --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 3cfb4ced63..d1a69b7c7d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,7 +29,7 @@ Features * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and ECDH primitive functions (mbedtls_ecdh_gen_public(), mbedtls_ecdh_compute_shared()) are supported for now. Contributed by - Nicholas Wilson (#348). + Nicholas Wilson in pull request #348. API Changes * Extend the public API with the function of mbedtls_net_poll() to allow user @@ -74,6 +74,10 @@ Bugfix buffer. * Fix invalid buffer sizes passed to zlib during record compression and decompression. + * Fix the soversion of libmbedcrypto to match the soversion of the + maintained 2.7 branch. The soversion was increased in Mbed TLS + version 2.7.1 to reflect breaking changes in that release, but the + increment was missed in 2.8.0 and later releases outside of the 2.7 branch. Changes * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. From 707e9624e07538eaf43078cd19a3658121dfc892 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 9 May 2018 10:57:04 +0200 Subject: [PATCH 1029/1059] Update visualc project files --- visualc/VS2010/mbedTLS.vcxproj | 2 ++ 1 file changed, 2 insertions(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index f13f83cc16..b2df4b4ad5 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -149,6 +149,7 @@ + @@ -222,6 +223,7 @@ + From 11999bb72ec165f4762f23a894f91d91c1adfa7a Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 13 Mar 2018 15:22:58 +0000 Subject: [PATCH 1030/1059] Fix minor code style issues --- ChangeLog | 20 +++++++------- Makefile | 6 ++-- include/mbedtls/dhm.h | 6 ++-- include/mbedtls/ecdh.h | 4 +-- include/mbedtls/ecp_internal.h | 2 +- include/mbedtls/entropy.h | 2 +- include/mbedtls/gcm.h | 2 +- include/mbedtls/platform.h | 4 +-- include/mbedtls/rsa.h | 4 +-- include/mbedtls/sha1.h | 2 +- include/mbedtls/ssl.h | 12 ++++---- include/mbedtls/ssl_ciphersuites.h | 2 +- library/asn1write.c | 4 --- library/ecjpake.c | 2 +- library/ssl_cli.c | 4 +-- library/ssl_tls.c | 32 +++------------------- library/x509_crt.c | 2 +- programs/ssl/ssl_client1.c | 2 +- programs/ssl/ssl_mail_client.c | 2 +- programs/ssl/ssl_server.c | 2 +- tests/compat.sh | 2 +- tests/scripts/gen_ctr_drbg.pl | 2 +- tests/scripts/gen_pkcs1_v21_sign_verify.pl | 6 ++-- tests/suites/main_test.function | 2 +- tests/suites/test_suite_gcm.function | 2 +- tests/suites/test_suite_mpi.data | 4 +-- tests/suites/test_suite_pkcs1_v15.data | 6 ++-- tests/suites/test_suite_ssl.function | 2 +- yotta/data/example-authcrypt/README.md | 8 +++--- yotta/data/example-benchmark/README.md | 8 +++--- yotta/data/example-hashing/README.md | 8 +++--- yotta/data/example-selftest/README.md | 8 +++--- 32 files changed, 73 insertions(+), 101 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7b50534ca6..348864c0e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1730,7 +1730,7 @@ Features issuer_key_identifier, etc) * Optional blinding for RSA, DHM and EC * Support for multiple active certificate / key pairs in SSL servers for - the same host (Not to be confused with SNI!) + the same host (Not to be confused with SNI!) Changes * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 @@ -1961,7 +1961,7 @@ Changes PKCS#8 private key formats * Added mechanism to provide alternative implementations for all symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in - config.h) + config.h) * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated old PBKDF2 module @@ -1973,7 +1973,7 @@ Bugfix * x509parse_crt() now better handles PEM error situations * ssl_parse_certificate() now calls x509parse_crt_der() directly instead of the x509parse_crt() wrapper that can also parse PEM - certificates + certificates * x509parse_crtpath() is now reentrant and uses more portable stat() * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler * Fixed values for 2-key Triple DES in cipher layer @@ -2131,7 +2131,7 @@ Bugfix * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52) * Handle encryption with private key and decryption with public key as per - RFC 2313 + RFC 2313 * Handle empty certificate subject names * Prevent reading over buffer boundaries on X509 certificate parsing * mpi_add_abs() now correctly handles adding short numbers to long numbers @@ -2162,7 +2162,7 @@ Bugfix * x509parse_crt() now better handles PEM error situations * ssl_parse_certificate() now calls x509parse_crt_der() directly instead of the x509parse_crt() wrapper that can also parse PEM - certificates + certificates * Fixed values for 2-key Triple DES in cipher layer * ssl_write_certificate_request() can handle empty ca_chain @@ -2243,16 +2243,16 @@ Bugfix Features * Added ssl_session_reset() to allow better multi-connection pools of SSL contexts without needing to set all non-connection-specific - data and pointers again. Adapted ssl_server to use this functionality. + data and pointers again. Adapted ssl_server to use this functionality. * Added ssl_set_max_version() to allow clients to offer a lower maximum supported version to a server to help buggy server implementations. - (Closes ticket #36) + (Closes ticket #36) * Added cipher_get_cipher_mode() and cipher_get_cipher_operation() introspection functions (Closes ticket #40) * Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator * Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent - entropy sources + entropy sources Changes * Documentation for AES and Camellia in modes CTR and CFB128 clarified. @@ -2385,7 +2385,7 @@ Bugfixes * Corrected parsing of UTCTime dates before 1990 and after 1950 * Support more exotic OID's when parsing certificates - (found by Mads Kiilerich) + (found by Mads Kiilerich) * Support more exotic name representations when parsing certificates (found by Mads Kiilerich) * Replaced the expired test certificates @@ -2415,7 +2415,7 @@ Note: Most of these features have been donated by Fox-IT status, objects and configuration + Added verification callback on certificate chain verification to allow external blacklisting - + Additional example programs to show usage + + Additional example programs to show usage * Added support for PKCS#11 through the use of the libpkcs11-helper library diff --git a/Makefile b/Makefile index c18b99b2f4..a0fcb2bc56 100644 --- a/Makefile +++ b/Makefile @@ -24,12 +24,12 @@ ifndef WINDOWS install: no_test mkdir -p $(DESTDIR)/include/mbedtls cp -r include/mbedtls $(DESTDIR)/include - + mkdir -p $(DESTDIR)/lib cp -RP library/libmbedtls.* $(DESTDIR)/lib cp -RP library/libmbedx509.* $(DESTDIR)/lib cp -RP library/libmbedcrypto.* $(DESTDIR)/lib - + mkdir -p $(DESTDIR)/bin for p in programs/*/* ; do \ if [ -x $$p ] && [ ! -d $$p ] ; \ @@ -44,7 +44,7 @@ uninstall: rm -f $(DESTDIR)/lib/libmbedtls.* rm -f $(DESTDIR)/lib/libmbedx509.* rm -f $(DESTDIR)/lib/libmbedcrypto.* - + for p in programs/*/* ; do \ if [ -x $$p ] && [ ! -d $$p ] ; \ then \ diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index f848e221d4..75317a8e6d 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -1,12 +1,12 @@ /** * \file dhm.h * - * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange + * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange * definitions and functions. * * Diffie-Hellman-Merkle (DHM) key exchange is defined in - * RFC-2631: Diffie-Hellman Key Agreement Method and - * Public-Key Cryptography Standards (PKCS) #3: Diffie + * RFC-2631: Diffie-Hellman Key Agreement Method and + * Public-Key Cryptography Standards (PKCS) #3: Diffie * Hellman Key Agreement Standard. * * RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 922f029d7e..5fdf55a88a 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -2,8 +2,8 @@ * \file ecdh.h * * \brief This file contains ECDH definitions and functions. - * - * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous + * + * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous * key agreement protocol allowing two parties to establish a shared * secret over an insecure channel. Each party must have an * elliptic-curve public–private key pair. diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h index 8a6d517ed0..18040697ad 100644 --- a/include/mbedtls/ecp_internal.h +++ b/include/mbedtls/ecp_internal.h @@ -48,7 +48,7 @@ * [6] Digital Signature Standard (DSS), FIPS 186-4. * * - * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer + * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer * Security (TLS), RFC 4492. * * diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index fcb4d02557..a5cb05a584 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -166,7 +166,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ); * \param threshold Minimum required from source before entropy is released * ( with mbedtls_entropy_func() ) (in bytes) * \param strong MBEDTLS_ENTROPY_SOURCE_STRONG or - * MBEDTSL_ENTROPY_SOURCE_WEAK. + * MBEDTLS_ENTROPY_SOURCE_WEAK. * At least one strong source needs to be added. * Weaker sources (such as the cycle counter) can be used as * a complement. diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 3c220331e0..bec5577142 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -116,7 +116,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * \param ctx The GCM context to use for encryption or decryption. * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or * #MBEDTLS_GCM_DECRYPT. - * \param length The length of the input data. This must be a multiple of + * \param length The length of the input data. This must be a multiple of * 16 except in the last call before mbedtls_gcm_finish(). * \param iv The initialization vector. * \param iv_len The length of the IV. diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a53229b38c..bba770911e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -9,7 +9,7 @@ * system services, making the library easier to port and embed. * Application developers and users of the library can provide their own * implementations of these functions, or implementations specific to - * their platform, which can be statically linked to the library or + * their platform, which can be statically linked to the library or * dynamically configured at runtime. */ /* @@ -331,7 +331,7 @@ mbedtls_platform_context; * \note This function should be called before any other library functions. * * Its implementation is platform-specific, and unless - * platform-specific code is provided, it does nothing. + * platform-specific code is provided, it does nothing. * * \note The usage and necessity of this function is dependent on the platform. * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df6e3e557c..19eb2ee74c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -5,7 +5,7 @@ * * The RSA public-key cryptosystem is defined in Public-Key * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption - * and Public-Key Cryptography Standards (PKCS) #1 v2.1: + * and Public-Key Cryptography Standards (PKCS) #1 v2.1: * RSA Cryptography Specifications. * */ @@ -781,7 +781,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \param olen The length of the plaintext. * \param input The buffer holding the encrypted data. * \param output The buffer to hold the plaintext. - * \param output_max_len The maximum length of the output buffer. + * \param output_max_len The maximum length of the output buffer. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 8f805fb422..65a124c94b 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -3,7 +3,7 @@ * * \brief This file contains SHA-1 definitions and functions. * - * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in + * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in * FIPS 180-4: Secure Hash Standard (SHS). * * \warning SHA-1 is considered a weak message digest and its use constitutes diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index bb9c02dbfe..f91066d570 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1854,21 +1854,21 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** - * \brief Set or reset the hostname to check against the received - * server certificate. It sets the ServerName TLS extension, + * \brief Set or reset the hostname to check against the received + * server certificate. It sets the ServerName TLS extension, * too, if that extension is enabled. (client-side only) * * \param ssl SSL context * \param hostname the server hostname, may be NULL to clear hostname - + * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * - * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on + * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * * Hostname set to the one provided on success (cleared - * when NULL). On allocation failure hostname is cleared. + * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 545468a510..1d2aabc372 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -267,7 +267,7 @@ typedef enum { defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED #endif diff --git a/library/asn1write.c b/library/asn1write.c index 69b61b205f..c01c836550 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -232,10 +232,6 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) int ret; size_t len = 0; - // TODO negative values and values larger than 128 - // DER format assumes 2s complement for numbers, so the leftmost bit - // should be 0 for positive numbers and 1 for negative numbers. - // if( *p - start < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); diff --git a/library/ecjpake.c b/library/ecjpake.c index e8f40862be..ec5a4007db 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -301,7 +301,7 @@ cleanup: */ static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, const mbedtls_ecp_group *grp, - const int pf, + const int pf, const mbedtls_ecp_point *G, const mbedtls_mpi *x, const mbedtls_ecp_point *X, diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b3dc4db7cd..7455e99d2e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -352,7 +352,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *olen = 6; } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1281,7 +1281,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cf1b69492c..bc9dc77e16 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2445,8 +2445,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %lu were requested", + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "f_recv returned %d bytes but only %lu were requested", ret, (unsigned long)len ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -2500,8 +2500,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %lu bytes were sent", + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "f_send returned %d bytes but only %lu bytes were sent", ret, (unsigned long)ssl->out_left ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } @@ -6950,30 +6950,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } } - /* - * The logic could be streamlined here. Instead of - * - Manually checking whether ssl->in_offt is NULL - * - Fetching a new record if yes - * - Setting ssl->in_offt if one finds an application record - * - Resetting keep_current_message after handling the application data - * one should - * - Adapt read_record to set ssl->in_offt automatically - * when a new application data record is processed. - * - Always call mbedtls_ssl_read_record here. - * This way, the logic of ssl_read would be much clearer: - * (1) Always call record layer and see what kind of record is on - * and have it ready for consumption (in particular, in_offt - * properly set for application data records). - * (2) If it's application data (either freshly fetched - * or something already being partially processed), - * serve the read request from it. - * (3) If it's something different from application data, - * handle it accordingly, e.g. potentially start a - * renegotiation. - * This will also remove the need to manually reset - * ssl->keep_current_message = 0 below. - */ - /* Loop as long as no application data record is available */ while( ssl->in_offt == NULL ) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 462cbcf124..290c1eb3d1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -729,7 +729,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * memcpy( p, buf, crt->raw.len ); - // Direct pointers to the new buffer + // Direct pointers to the new buffer p += crt->raw.len - len; end = crt_end = p + len; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index fa70431733..01cee13546 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -30,7 +30,7 @@ #else #include #include -#define mbedtls_time time +#define mbedtls_time time #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index b49ffb4782..04b847a69a 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -31,7 +31,7 @@ #include #include #define mbedtls_time time -#define mbedtls_time_t time_t +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #endif diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index fd54f1726a..dcdafbb869 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -31,7 +31,7 @@ #include #include #define mbedtls_time time -#define mbedtls_time_t time_t +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #endif diff --git a/tests/compat.sh b/tests/compat.sh index 34e38f10f6..a2b2d5ba12 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -998,7 +998,7 @@ run_client() { if [ $EXIT -eq 0 ]; then RESULT=0 else - # If the cipher isn't supported... + # If the cipher isn't supported... if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then RESULT=1 else diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 66d9b3ab03..ee130247c2 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -64,7 +64,7 @@ while (my $line = ) my $AdditionalInput2 = get_val("AdditionalInput"); my $EntropyInputPR2 = get_val("EntropyInputPR") if ($PredictionResistance == 1); my $ReturnedBits = get_val("ReturnedBits"); - + if ($PredictionResistance == 1) { print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n"); diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index 0d7fc7d1ed..678e2f9083 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -18,10 +18,10 @@ sub get_val($$) next if($line !~ /^# $str/); last; } - + while(my $line = ) { - last if($line eq "\r\n"); + last if($line eq "\r\n"); $val .= $line; } @@ -66,7 +66,7 @@ while (my $line = ) print(":\"$val_salt\""); print(":\"$val_sig\":0"); print("\n\n"); - } + } $cnt++; } close(TEST_DATA); diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 1390f9fbba..bf65bdad0f 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -281,7 +281,7 @@ int main(int argc, const char *argv[]) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) unsigned char alloc_buf[1000000]; -#endif +#endif /* Platform setup should be called in the beginning */ ret = platform_setup(); if( ret != 0 ) diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 308e14bb49..3d0830e98e 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -35,7 +35,7 @@ void gcm_bad_parameters( int cipher_id, int direction, memset( tag_str, 0x00, sizeof( tag_str ) ); memset( output, 0x00, sizeof( output ) ); memset( tag_output, 0x00, sizeof( tag_output ) ); - + key_len = unhexify( key_str, hex_key_string ); pt_len = unhexify( src_str, hex_src_string ); iv_len = unhexify( iv_str, hex_iv_string ); diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 2a2cfce45c..c45008823a 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -301,10 +301,10 @@ mbedtls_mpi_add_mpi:10:"64380800680355443923012985496149269915138610753401343291 Base test mbedtls_mpi_add_mpi inplace #1 mbedtls_mpi_add_mpi_inplace:10:"12345678":10:"24691356" -Test mbedtls_mpi_add_mpi inplace #2 +Test mbedtls_mpi_add_mpi inplace #2 mbedtls_mpi_add_mpi_inplace:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"1287616013607108878460259709922985398302772215068026865836146879048276529684741260122739430789478268181845874665180769440794266671939098512645241958073373266427807905932350214193538360035292323703146295192780306" -Test mbedtls_mpi_add_mpi inplace #3 +Test mbedtls_mpi_add_mpi inplace #3 mbedtls_mpi_add_mpi_inplace:16:"ffffffffffffffffffffffffffffffff":16:"01fffffffffffffffffffffffffffffffe" Test mbedtls_mpi_add_int #1 diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data index db7a4cd4bb..0309400075 100644 --- a/tests/suites/test_suite_pkcs1_v15.data +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -13,19 +13,19 @@ pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda RSAES-V15 Encryption Test Vector Data too long 1 pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSAES-V15 Decryption Test Vector Padding too short 7 +RSAES-V15 Decryption Test Vector Padding too short 7 pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 Encryption Test Vector Data too long 3 pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSAES-V15 Decryption Test Vector Padding too short 5 +RSAES-V15 Decryption Test Vector Padding too short 5 pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 Encryption Test Vector Data too long 8 pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSAES-V15 Decryption Test Vector Padding too short 0 +RSAES-V15 Decryption Test Vector Padding too short 0 pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING RSASSA-V15 Signing Test Vector Int diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 60683afeec..5cc32ab91b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -52,4 +52,4 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) mbedtls_ssl_free( &ssl ); } -/* END_CASE */ \ No newline at end of file +/* END_CASE */ diff --git a/yotta/data/example-authcrypt/README.md b/yotta/data/example-authcrypt/README.md index ae4b1efa9d..4498b9dd41 100644 --- a/yotta/data/example-authcrypt/README.md +++ b/yotta/data/example-authcrypt/README.md @@ -38,11 +38,11 @@ To build and run this example you must have: 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - Use the following settings: + Use the following settings: - * 115200 baud (not 9600). - * 8N1. - * No flow control. + * 115200 baud (not 9600). + * 8N1. + * No flow control. 7. Press the Reset button on the board. diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 3b66916e5c..715abee277 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -38,11 +38,11 @@ To build and run this example you must have: 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - Use the following settings: + Use the following settings: - * 115200 baud (not 9600). - * 8N1. - * No flow control. + * 115200 baud (not 9600). + * 8N1. + * No flow control. 7. Press the Reset button on the board. diff --git a/yotta/data/example-hashing/README.md b/yotta/data/example-hashing/README.md index 553c3a618e..6f0f969d09 100644 --- a/yotta/data/example-hashing/README.md +++ b/yotta/data/example-hashing/README.md @@ -38,11 +38,11 @@ To build and run this example you must have: 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - Use the following settings: + Use the following settings: - * 115200 baud (not 9600). - * 8N1. - * No flow control. + * 115200 baud (not 9600). + * 8N1. + * No flow control. 7. Press the Reset button on the board. diff --git a/yotta/data/example-selftest/README.md b/yotta/data/example-selftest/README.md index 5bc22a6850..b8e9cd49ea 100644 --- a/yotta/data/example-selftest/README.md +++ b/yotta/data/example-selftest/README.md @@ -38,11 +38,11 @@ To build and run this example you must have: 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. - Use the following settings: + Use the following settings: - * 115200 baud (not 9600). - * 8N1. - * No flow control. + * 115200 baud (not 9600). + * 8N1. + * No flow control. 7. Press the Reset button on the board. From 10d9ce332f9aabfcc4382fb2e35c56454c20140c Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Wed, 28 Feb 2018 10:02:55 +0000 Subject: [PATCH 1031/1059] Add script for source integrity checking --- tests/scripts/check-files.py | 223 +++++++++++++++++++++++++++++++++++ 1 file changed, 223 insertions(+) create mode 100755 tests/scripts/check-files.py diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py new file mode 100755 index 0000000000..f560d03785 --- /dev/null +++ b/tests/scripts/check-files.py @@ -0,0 +1,223 @@ +#!/usr/bin/env python3 +""" +This file is part of Mbed TLS (https://tls.mbed.org) + +Copyright (c) 2018, Arm Limited, All Rights Reserved + +Purpose + +This script checks the current state of the source code for minor issues, +including incorrect file permissions, presence of tabs, non-Unix line endings, +trailing whitespace, presence of UTF-8 BOM, and TODO comments. +Note: requires python 3, must be run from Mbed TLS root. +""" + +import os +import argparse +import logging +import codecs +import sys + + +class IssueTracker(object): + """Base class for issue tracking. Issues should inherit from this and + overwrite either issue_with_line if they check the file line by line, or + overwrite check_file_for_issue if they check the file as a whole.""" + + def __init__(self): + self.heading = "" + self.files_exemptions = [] + self.files_with_issues = {} + + def should_check_file(self, filepath): + for files_exemption in self.files_exemptions: + if filepath.endswith(files_exemption): + return False + return True + + def issue_with_line(self, line): + raise NotImplementedError + + def check_file_for_issue(self, filepath): + with open(filepath, "rb") as f: + for i, line in enumerate(iter(f.readline, b"")): + self.check_file_line(filepath, line, i + 1) + + def check_file_line(self, filepath, line, line_number): + if self.issue_with_line(line): + if filepath not in self.files_with_issues.keys(): + self.files_with_issues[filepath] = [] + self.files_with_issues[filepath].append(line_number) + + def output_file_issues(self, logger): + if self.files_with_issues.values(): + logger.info(self.heading) + for filename, lines in sorted(self.files_with_issues.items()): + if lines: + logger.info("{}: {}".format( + filename, ", ".join(str(x) for x in lines) + )) + else: + logger.info(filename) + logger.info("") + + +class PermissionIssueTracker(IssueTracker): + + def __init__(self): + super().__init__() + self.heading = "Incorrect permissions:" + + def check_file_for_issue(self, filepath): + if not (os.access(filepath, os.X_OK) == + filepath.endswith((".sh", ".pl", ".py"))): + self.files_with_issues[filepath] = None + + +class EndOfFileNewlineIssueTracker(IssueTracker): + + def __init__(self): + super().__init__() + self.heading = "Missing newline at end of file:" + + def check_file_for_issue(self, filepath): + with open(filepath, "rb") as f: + if not f.read().endswith(b"\n"): + self.files_with_issues[filepath] = None + + +class Utf8BomIssueTracker(IssueTracker): + + def __init__(self): + super().__init__() + self.heading = "UTF-8 BOM present:" + + def check_file_for_issue(self, filepath): + with open(filepath, "rb") as f: + if f.read().startswith(codecs.BOM_UTF8): + self.files_with_issues[filepath] = None + + +class LineEndingIssueTracker(IssueTracker): + + def __init__(self): + super().__init__() + self.heading = "Non Unix line endings:" + + def issue_with_line(self, line): + return b"\r" in line + + +class TrailingWhitespaceIssueTracker(IssueTracker): + + def __init__(self): + super().__init__() + self.heading = "Trailing whitespace:" + self.files_exemptions = [".md"] + + def issue_with_line(self, line): + return line.rstrip(b"\r\n") != line.rstrip() + + +class TabIssueTracker(IssueTracker): + + def __init__(self): + super().__init__() + self.heading = "Tabs present:" + self.files_exemptions = [ + "Makefile", "generate_visualc_files.pl" + ] + + def issue_with_line(self, line): + return b"\t" in line + + +class TodoIssueTracker(IssueTracker): + + def __init__(self): + super().__init__() + self.heading = "TODO present:" + self.files_exemptions = [ + __file__, "benchmark.c", "pull_request_template.md" + ] + + def issue_with_line(self, line): + return b"todo" in line.lower() + + +class IntegrityChecker(object): + + def __init__(self, log_file): + self.check_repo_path() + self.logger = None + self.setup_logger(log_file) + self.files_to_check = ( + ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data", + "Makefile", "CMakeLists.txt", "ChangeLog" + ) + self.issues_to_check = [ + PermissionIssueTracker(), + EndOfFileNewlineIssueTracker(), + Utf8BomIssueTracker(), + LineEndingIssueTracker(), + TrailingWhitespaceIssueTracker(), + TabIssueTracker(), + TodoIssueTracker(), + ] + + def check_repo_path(self): + if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): + raise Exception("Must be run from Mbed TLS root") + + def setup_logger(self, log_file, level=logging.INFO): + self.logger = logging.getLogger() + self.logger.setLevel(level) + if log_file: + handler = logging.FileHandler(log_file) + self.logger.addHandler(handler) + else: + console = logging.StreamHandler() + self.logger.addHandler(console) + + def check_files(self): + for root, dirs, files in sorted(os.walk(".")): + for filename in sorted(files): + filepath = os.path.join(root, filename) + if (os.path.join("yotta", "module") in filepath or + not filepath.endswith(self.files_to_check)): + continue + for issue_to_check in self.issues_to_check: + if issue_to_check.should_check_file(filepath): + issue_to_check.check_file_for_issue(filepath) + + def output_issues(self): + integrity_return_code = 0 + for issue_to_check in self.issues_to_check: + if issue_to_check.files_with_issues: + integrity_return_code = 1 + issue_to_check.output_file_issues(self.logger) + return integrity_return_code + + +def run_main(): + parser = argparse.ArgumentParser( + description=( + "This script checks the current state of the source code for " + "minor issues, including incorrect file permissions, " + "presence of tabs, non-Unix line endings, trailing whitespace, " + "presence of UTF-8 BOM, and TODO comments. " + "Note: requires python 3, must be run from Mbed TLS root." + ) + ) + parser.add_argument( + "-l", "--log_file", type=str, help="path to optional output log", + ) + check_args = parser.parse_args() + integrity_check = IntegrityChecker(check_args.log_file) + integrity_check.check_files() + return_code = integrity_check.output_issues() + sys.exit(return_code) + + +if __name__ == "__main__": + run_main() From a07039cfe2e4574b40e08ecb03774b55b210948c Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 13 Mar 2018 16:48:16 +0000 Subject: [PATCH 1032/1059] Add check-files.py to all.sh --- tests/scripts/all.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e6c7549e6a..6eb25026e4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -413,6 +413,10 @@ tests/scripts/check-generated-files.sh msg "test: doxygen markup outside doxygen blocks" # < 1s tests/scripts/check-doxy-blocks.pl +msg "test: check-files.py" # < 1s +cleanup +tests/scripts/check-files.py + msg "test/build: declared and exported names" # < 3s cleanup tests/scripts/check-names.sh From 2699de33703c06ac32ed860ffc705a40999085ce Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 21 May 2018 11:40:22 +0100 Subject: [PATCH 1033/1059] Add check-files.py to pre-push.sh --- tests/git-scripts/pre-push.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index ee54a6cffe..7407f44b97 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -45,3 +45,4 @@ run_test() run_test ./tests/scripts/check-doxy-blocks.pl run_test ./tests/scripts/check-names.sh run_test ./tests/scripts/check-generated-files.sh +run_test ./tests/scripts/check-files.py From 4d393b983539522511b6f6e9335d25e5c1d000d5 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Mon, 21 May 2018 11:59:28 +0100 Subject: [PATCH 1034/1059] Add check-files.py to travis.yml --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index fa01e5a24c..4d23652c67 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,7 @@ script: - tests/scripts/check-generated-files.sh - tests/scripts/check-doxy-blocks.pl - tests/scripts/check-names.sh +- tests/scripts/check-files.py - tests/scripts/doxygen.sh - cmake -D CMAKE_BUILD_TYPE:String="Check" . - make From 9d410733c2ee607a569f5452e68806ebc17db541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 12:49:22 +0200 Subject: [PATCH 1035/1059] Fix typos from copy-pasting --- include/mbedtls/aria.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 0c4960b1b2..0cf06c4c7d 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -128,8 +128,8 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, * (encrypt or decrypt), on the input data buffer defined in * the \p input parameter. * - * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or - * mbedtls_aes_setkey_dec() must be called before the first + * mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or + * mbedtls_aria_setkey_dec() must be called before the first * call to this API with the same context. * * \param ctx The ARIA context to use for encryption or decryption. @@ -155,8 +155,8 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * the \p input parameter. * * It can be called as many times as needed, until all the input - * data is processed. mbedtls_aes_init(), and either - * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called + * data is processed. mbedtls_aria_init(), and either + * mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called * before the first call to this API with the same context. * * \note This function operates on aligned blocks, that is, the input size @@ -199,7 +199,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, * parameter (encrypt or decrypt), on the input data buffer * defined in the \p input parameter. * - * For CFB, you must set up the context with mbedtls_aes_setkey_enc(), + * For CFB, you must set up the context with mbedtls_aria_setkey_enc(), * regardless of whether you are performing an encryption or decryption * operation, that is, regardless of the \p mode parameter. This is * because CFB mode uses the same key schedule for encryption and @@ -245,7 +245,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * * Due to the nature of CTR, you must use the same key schedule * for both encryption and decryption operations. Therefore, you - * must use the context initialized with mbedtls_aes_setkey_enc() + * must use the context initialized with mbedtls_aria_setkey_enc() * for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT. * * \warning You must never reuse a nonce value with the same key. Doing so From d418b0dcbaf2a680905bdc3bf07bbe69dc3bf0ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 12:56:11 +0200 Subject: [PATCH 1036/1059] Fix typo in comment --- library/aria.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aria.c b/library/aria.c index fdc2137fe9..f5354a9d04 100644 --- a/library/aria.c +++ b/library/aria.c @@ -182,7 +182,7 @@ static inline uint32_t aria_p3( uint32_t x ) * ARIA Affine Transform * (a, b, c, d) = state in/out * - * If we denote the first by of input by 0, ..., the last byte by f, + * If we denote the first byte of input by 0, ..., the last byte by f, * then inputs are: a = 0123, b = 4567, c = 89ab, d = cdef. * * Reading [1] 2.4 or [2] 2.4.3 in columns and performing simple From 12e2fbdf293ca414e4ee45671d44dd7a2c7f35b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 13:01:09 +0200 Subject: [PATCH 1037/1059] Style adjustments --- library/aria.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/aria.c b/library/aria.c index f5354a9d04..fbdc0ec560 100644 --- a/library/aria.c +++ b/library/aria.c @@ -235,8 +235,8 @@ static inline void aria_a( uint32_t *a, uint32_t *b, */ static inline void aria_sl( uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, - const uint8_t sa[0x100], const uint8_t sb[0x100], - const uint8_t sc[0x100], const uint8_t sd[0x100] ) + const uint8_t sa[256], const uint8_t sb[256], + const uint8_t sc[256], const uint8_t sd[256] ) { *a = ( (uint32_t) sa[ *a & 0xFF] ) ^ (((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^ @@ -259,7 +259,7 @@ static inline void aria_sl( uint32_t *a, uint32_t *b, /* * S-Boxes */ -static const uint8_t aria_sb1[0x100] = +static const uint8_t aria_sb1[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, @@ -285,7 +285,7 @@ static const uint8_t aria_sb1[0x100] = 0xB0, 0x54, 0xBB, 0x16 }; -static const uint8_t aria_sb2[0x100] = +static const uint8_t aria_sb2[256] = { 0xE2, 0x4E, 0x54, 0xFC, 0x94, 0xC2, 0x4A, 0xCC, 0x62, 0x0D, 0x6A, 0x46, 0x3C, 0x4D, 0x8B, 0xD1, 0x5E, 0xFA, 0x64, 0xCB, 0xB4, 0x97, 0xBE, 0x2B, @@ -311,7 +311,7 @@ static const uint8_t aria_sb2[0x100] = 0xAF, 0xBA, 0xB5, 0x81 }; -static const uint8_t aria_is1[0x100] = +static const uint8_t aria_is1[256] = { 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, @@ -337,7 +337,7 @@ static const uint8_t aria_is1[0x100] = 0x55, 0x21, 0x0C, 0x7D }; -static const uint8_t aria_is2[0x100] = +static const uint8_t aria_is2[256] = { 0x30, 0x68, 0x99, 0x1B, 0x87, 0xB9, 0x21, 0x78, 0x50, 0x39, 0xDB, 0xE1, 0x72, 0x09, 0x62, 0x3C, 0x3E, 0x7E, 0x5E, 0x8E, 0xF1, 0xA0, 0xCC, 0xA3, @@ -422,11 +422,11 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4], const uint8_t n1 = n % 32; // bit offset const uint8_t n2 = n1 ? 32 - n1 : 0; // reverse bit offset - j = (n / 32) % 4; // initial word offset + j = ( n / 32 ) % 4; // initial word offset t = ARIA_P3( b[j] ); // big endian for( i = 0; i < 4; i++ ) { - j = (j + 1) % 4; // get next word, big endian + j = ( j + 1 ) % 4; // get next word, big endian u = ARIA_P3( b[j] ); t <<= n1; // rotate t |= u >> n2; @@ -474,7 +474,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, GET_UINT32_LE( w[1][3], key, 28 ); } - i = (keybits - 128) >> 6; // index: 0, 1, 2 + i = ( keybits - 128 ) >> 6; // index: 0, 1, 2 ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16 aria_fo_xor( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR From 89924ddc7e861d8c86bc90b7a0fc049998863221 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 13:07:07 +0200 Subject: [PATCH 1038/1059] Wipe sensitive info from the stack --- library/aria.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/aria.c b/library/aria.c index fbdc0ec560..498a13264b 100644 --- a/library/aria.c +++ b/library/aria.c @@ -493,6 +493,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, } aria_rot128( ctx->rk[16], w[0], w[1], 19 ); + /* w holds enough info to reconstruct the round keys */ + mbedtls_zeroize( w, sizeof( w ) ); + return( 0 ); } From 08c337d058bef5f66bc8c28c5fa8b9df7b80b3ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 13:18:01 +0200 Subject: [PATCH 1039/1059] Remove useless parameter from function --- include/mbedtls/aria.h | 9 +++------ library/aria.c | 19 +++++++------------ library/cipher_wrap.c | 6 ++++-- 3 files changed, 14 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 0cf06c4c7d..153c76a71b 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -124,24 +124,21 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, * \brief This function performs an ARIA single-block encryption or * decryption operation. * - * It performs the operation defined in the \p mode parameter - * (encrypt or decrypt), on the input data buffer defined in - * the \p input parameter. + * It performs encryption or decryption (depending on whether + * the key was set for encryption on decryption) on the input + * data buffer defined in the \p input parameter. * * mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or * mbedtls_aria_setkey_dec() must be called before the first * call to this API with the same context. * * \param ctx The ARIA context to use for encryption or decryption. - * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or - * #MBEDTLS_ARIA_DECRYPT. * \param input The 16-Byte buffer holding the input data. * \param output The 16-Byte buffer holding the output data. * \return \c 0 on success. */ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, - int mode, const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ); diff --git a/library/aria.c b/library/aria.c index 498a13264b..646978e89b 100644 --- a/library/aria.c +++ b/library/aria.c @@ -536,7 +536,6 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, * Encrypt a block */ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, - int mode, const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ) { @@ -544,8 +543,6 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, uint32_t a, b, c, d; - ( (void) mode ); - GET_UINT32_LE( a, input, 0 ); GET_UINT32_LE( b, input, 4 ); GET_UINT32_LE( c, input, 8 ); @@ -626,7 +623,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, while( length > 0 ) { memcpy( temp, input, MBEDTLS_ARIA_BLOCKSIZE ); - mbedtls_aria_crypt_ecb( ctx, mode, input, output ); + mbedtls_aria_crypt_ecb( ctx, input, output ); for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ ) output[i] = (unsigned char)( output[i] ^ iv[i] ); @@ -645,7 +642,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ ) output[i] = (unsigned char)( input[i] ^ iv[i] ); - mbedtls_aria_crypt_ecb( ctx, mode, output, output ); + mbedtls_aria_crypt_ecb( ctx, output, output ); memcpy( iv, output, MBEDTLS_ARIA_BLOCKSIZE ); input += MBEDTLS_ARIA_BLOCKSIZE; @@ -678,7 +675,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, while( length-- ) { if( n == 0 ) - mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, iv, iv ); + mbedtls_aria_crypt_ecb( ctx, iv, iv ); c = *input++; *output++ = (unsigned char)( c ^ iv[n] ); @@ -692,7 +689,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, while( length-- ) { if( n == 0 ) - mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, iv, iv ); + mbedtls_aria_crypt_ecb( ctx, iv, iv ); iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); @@ -724,7 +721,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, while( length-- ) { if( n == 0 ) { - mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, nonce_counter, + mbedtls_aria_crypt_ecb( ctx, nonce_counter, stream_block ); for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- ) @@ -916,8 +913,7 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i ); mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); - mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, - aria_test1_ecb_pt, blk ); + mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk ); if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) ARIA_SELF_TEST_IF_FAIL; @@ -925,8 +921,7 @@ int mbedtls_aria_self_test( int verbose ) if( verbose ) printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i ); mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); - mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, - aria_test1_ecb_ct[i], blk ); + mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk ); if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) ARIA_SELF_TEST_IF_FAIL; } diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 47851e9c02..b1ab8f164b 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -831,7 +831,8 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = { static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, const unsigned char *input, unsigned char *output ) { - return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, operation, input, + (void) operation; + return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input, output ); } @@ -840,7 +841,8 @@ static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { - return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv, + (void) operation; + return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, length, iv, input, output ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ From 565e4e0fb2fd86469f4969469afaff16965d48f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 13:30:28 +0200 Subject: [PATCH 1040/1059] Use more appropriate type for local variable --- library/aria.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/aria.c b/library/aria.c index 646978e89b..ad15cebfa8 100644 --- a/library/aria.c +++ b/library/aria.c @@ -667,7 +667,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, const unsigned char *input, unsigned char *output ) { - int c; + unsigned char c; size_t n = *iv_off; if( mode == MBEDTLS_ARIA_DECRYPT ) @@ -678,8 +678,8 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, mbedtls_aria_crypt_ecb( ctx, iv, iv ); c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); - iv[n] = (unsigned char) c; + *output++ = c ^ iv[n]; + iv[n] = c; n = ( n + 1 ) & 0x0F; } From 2df4bfe80336ecaee77262eddd15b752a78b07cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 13:39:01 +0200 Subject: [PATCH 1041/1059] Fix typo in comments --- library/aria.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aria.c b/library/aria.c index ad15cebfa8..25beafc098 100644 --- a/library/aria.c +++ b/library/aria.c @@ -115,7 +115,7 @@ static inline uint32_t aria_p1( uint32_t x ) #endif /* arm */ #if defined(__GNUC__) && \ defined(__i386__) || defined(__amd64__) || defined( __x86_64__) -/* I couldn't find an Intel equivalent of ret16, so two instructions */ +/* I couldn't find an Intel equivalent of rev16, so two instructions */ #define ARIA_P1(x) ARIA_P2( ARIA_P3( x ) ) #endif /* x86 gnuc */ #endif /* MBEDTLS_HAVE_ASM && GNUC */ From c0893122df60de5d2ecdb45fb14d318f353e1045 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 15:17:20 +0200 Subject: [PATCH 1042/1059] Add ifdef for selftest in header file See https://github.com/ARMmbed/mbedtls/pull/975 --- include/mbedtls/aria.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 153c76a71b..ea68ae9ebc 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -298,12 +298,14 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, extern "C" { #endif +#if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine. * * \return \c 0 on success, or \c 1 on failure. */ int mbedtls_aria_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus } From 0960b80d53b6338dd9dd5e79f2c082c0ab83dcf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 15:22:07 +0200 Subject: [PATCH 1043/1059] Move to new header style for ALT implementations See https://github.com/ARMmbed/mbedtls-restricted/pull/357 --- include/mbedtls/aria.h | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index ea68ae9ebc..4bb1fc28a1 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -70,6 +70,10 @@ typedef struct } mbedtls_aria_context; +#else /* MBEDTLS_ARIA_ALT */ +#include "aria_alt.h" +#endif /* MBEDTLS_ARIA_ALT */ + /** * \brief This function initializes the specified ARIA context. * @@ -286,18 +290,6 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_ARIA_ALT */ -#include "aria_alt.h" -#endif /* MBEDTLS_ARIA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - #if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine. From 7124fb63be173bec1f73af56e5a14328f51780d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 May 2018 16:05:33 +0200 Subject: [PATCH 1044/1059] Use zeroize function from new platform_util --- library/aria.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/library/aria.c b/library/aria.c index 25beafc098..e9bcd6d135 100644 --- a/library/aria.c +++ b/library/aria.c @@ -48,16 +48,13 @@ #if !defined(MBEDTLS_ARIA_ALT) +#include "mbedtls/platform_util.h" + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline #endif -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; -} - /* * 32-bit integer manipulation macros (little endian) */ @@ -494,7 +491,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, aria_rot128( ctx->rk[16], w[0], w[1], 19 ); /* w holds enough info to reconstruct the round keys */ - mbedtls_zeroize( w, sizeof( w ) ); + mbedtls_platform_zeroize( w, sizeof( w ) ); return( 0 ); } @@ -598,7 +595,7 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ) if( ctx == NULL ) return; - mbedtls_zeroize( ctx, sizeof( mbedtls_aria_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aria_context ) ); } #if defined(MBEDTLS_CIPHER_MODE_CBC) From 8a1b2c88060d05865794047958a44f34645b9f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 May 2018 13:26:22 +0200 Subject: [PATCH 1045/1059] Update CTR documentation --- include/mbedtls/aria.h | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 4bb1fc28a1..8e59ffc045 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -255,19 +255,44 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * * There are two common strategies for managing nonces with CTR: * - * 1. Use a counter starting at 0 or a random value. With this - * strategy, this function will increment the counter for you, so - * you only need to preserve the \p nonce_counter buffer between - * calls. With this strategy, you must not encrypt more than - * 2**128 blocks of data. - * 2. Use a randomly-generated \p nonce_counter for each call. - * With this strategy, you need to ensure the nonce is generated - * in an unbiased way and you must not encrypt more than 2**64 + * 1. You can handle everything as a single message processed over + * successive calls to this function. In that case, you want to + * set \p nonce_counter and \p nc_off to 0 for the first call, and + * then preserve the values of \p nonce_counter, \p nc_off and \p + * stream_block across calls to this function as they will be + * updated by this function. + * + * With this strategy, you must not encrypt more than 2**128 * blocks of data. * + * 2. You can encrypt separate messages by dividing the \p + * nonce_counter buffer in two areas: the first one used for a + * per-message nonce, handled by yourself, and the second one + * updated by this function internally. + * + * For example, you might reserve the first 12 bytes for the + * per-message nonce, and the last 4 bytes for internal use. In that + * case, before calling this function on a new message you need to + * set the first 12 bytes of \p nonce_counter to your chosen nonce + * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p + * stream_block to be ignored). That way, you can encrypt at most + * 2**96 messages of up to 2**32 blocks each. + * + * The per-message nonce (or information sufficient to reconstruct + * it) needs to be communicated with the ciphertext and must be unique. + * The recommended way to ensure uniqueness is to use a message + * counter. An alternative is to generate random nonces, but this + * limits the number of messages that can be securely encrypted: + * for example, with 96-bit random nonces, you should not encrypt + * more than 2**32 messages with the same key. + * * Note that for both stategies, the limit is in number of blocks * and that an ARIA block is 16 bytes. * + * \warning Upon return, \p stream_block constains sensitive data. Its + * content must not be written to insecure storage and should be + * securely discarded as soon as it's no longer needed. + * * \param ctx The ARIA context to use for encryption or decryption. * \param length The length of the input data. * \param nc_off The offset in the current \p stream_block, for From a64fba41fb034e908b1b59700499b2265b0ddb29 Mon Sep 17 00:00:00 2001 From: Moran Peker Date: Sun, 25 Feb 2018 13:29:03 +0200 Subject: [PATCH 1046/1059] Remove double declaration of mbedtls_ssl_list_ciphersuites Raised by TrinityTonic. #1359 --- ChangeLog | 4 ++++ include/mbedtls/ssl.h | 8 -------- 2 files changed, 4 insertions(+), 8 deletions(-) mode change 100644 => 100755 include/mbedtls/ssl.h diff --git a/ChangeLog b/ChangeLog index 348864c0e9..5d697049b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ API Changes Therefore, mbedtls_platform_zeroize() is moved to the platform module to facilitate testing and maintenance. +Bugfix + * Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by + TrinityTonic. #1359. + = mbed TLS 2.9.0 branch released 2018-04-30 Security diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h old mode 100644 new mode 100755 index f91066d570..250031a6d3 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -946,14 +946,6 @@ extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl); extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ -/** - * \brief Returns the list of ciphersuites supported by the SSL/TLS module. - * - * \return a statically allocated array of ciphersuites, the last - * entry is 0. - */ -const int *mbedtls_ssl_list_ciphersuites( void ); - /** * \brief Return the name of the ciphersuite associated with the * given ID From f5842864d8f26664a65e45a1383ed3dbe509278a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 May 2018 11:51:58 +0200 Subject: [PATCH 1047/1059] Slightly tune ARIA CTR documentation --- include/mbedtls/aria.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 8e59ffc045..04f9240ead 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -263,7 +263,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * updated by this function. * * With this strategy, you must not encrypt more than 2**128 - * blocks of data. + * blocks of data with the same key. * * 2. You can encrypt separate messages by dividing the \p * nonce_counter buffer in two areas: the first one used for a @@ -276,7 +276,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * set the first 12 bytes of \p nonce_counter to your chosen nonce * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p * stream_block to be ignored). That way, you can encrypt at most - * 2**96 messages of up to 2**32 blocks each. + * 2**96 messages of up to 2**32 blocks each with the same key. * * The per-message nonce (or information sufficient to reconstruct * it) needs to be communicated with the ciphertext and must be unique. @@ -286,8 +286,8 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * for example, with 96-bit random nonces, you should not encrypt * more than 2**32 messages with the same key. * - * Note that for both stategies, the limit is in number of blocks - * and that an ARIA block is 16 bytes. + * Note that for both stategies, sizes are measured in blocks and + * that an ARIA block is 16 bytes. * * \warning Upon return, \p stream_block constains sensitive data. Its * content must not be written to insecure storage and should be From 4f24e9502e3de9ebd749482935bc58b9087e197a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 May 2018 11:59:30 +0200 Subject: [PATCH 1048/1059] Update CTR doc for other 128-bit block ciphers --- include/mbedtls/aes.h | 43 ++++++++++++++++++++++++++++---------- include/mbedtls/camellia.h | 43 ++++++++++++++++++++++++++++---------- 2 files changed, 64 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4c0429d450..731e5685ba 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -315,18 +315,39 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * * There are two common strategies for managing nonces with CTR: * - * 1. Use a counter starting at 0 or a random value. With this - * strategy, this function will increment the counter for you, so - * you only need to preserve the \p nonce_counter buffer between - * calls. With this strategy, you must not encrypt more than - * 2**128 blocks of data. - * 2. Use a randomly-generated \p nonce_counter for each call. - * With this strategy, you need to ensure the nonce is generated - * in an unbiased way and you must not encrypt more than 2**64 - * blocks of data. + * 1. You can handle everything as a single message processed over + * successive calls to this function. In that case, you want to + * set \p nonce_counter and \p nc_off to 0 for the first call, and + * then preserve the values of \p nonce_counter, \p nc_off and \p + * stream_block across calls to this function as they will be + * updated by this function. * - * Note that for both stategies, the limit is in number of blocks - * and that an AES block is 16 bytes. + * With this strategy, you must not encrypt more than 2**128 + * blocks of data with the same key. + * + * 2. You can encrypt separate messages by dividing the \p + * nonce_counter buffer in two areas: the first one used for a + * per-message nonce, handled by yourself, and the second one + * updated by this function internally. + * + * For example, you might reserve the first 12 bytes for the + * per-message nonce, and the last 4 bytes for internal use. In that + * case, before calling this function on a new message you need to + * set the first 12 bytes of \p nonce_counter to your chosen nonce + * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p + * stream_block to be ignored). That way, you can encrypt at most + * 2**96 messages of up to 2**32 blocks each with the same key. + * + * The per-message nonce (or information sufficient to reconstruct + * it) needs to be communicated with the ciphertext and must be unique. + * The recommended way to ensure uniqueness is to use a message + * counter. An alternative is to generate random nonces, but this + * limits the number of messages that can be securely encrypted: + * for example, with 96-bit random nonces, you should not encrypt + * more than 2**32 messages with the same key. + * + * Note that for both stategies, sizes are measured in blocks and + * that an AES block is 16 bytes. * * \param ctx The AES context to use for encryption or decryption. * \param length The length of the input data. diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 2eb945d5f7..1d3610fea7 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -197,18 +197,39 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * * There are two common strategies for managing nonces with CTR: * - * 1. Use a counter starting at 0 or a random value. With this - * strategy, this function will increment the counter for you, so - * you only need to preserve the \p nonce_counter buffer between - * calls. With this strategy, you must not encrypt more than - * 2**128 blocks of data. - * 2. Use a randomly-generated \p nonce_counter for each call. - * With this strategy, you need to ensure the nonce is generated - * in an unbiased way and you must not encrypt more than 2**64 - * blocks of data. + * 1. You can handle everything as a single message processed over + * successive calls to this function. In that case, you want to + * set \p nonce_counter and \p nc_off to 0 for the first call, and + * then preserve the values of \p nonce_counter, \p nc_off and \p + * stream_block across calls to this function as they will be + * updated by this function. * - * Note that for both stategies, the limit is in number of blocks - * and that a CAMELLIA block is 16 bytes. + * With this strategy, you must not encrypt more than 2**128 + * blocks of data with the same key. + * + * 2. You can encrypt separate messages by dividing the \p + * nonce_counter buffer in two areas: the first one used for a + * per-message nonce, handled by yourself, and the second one + * updated by this function internally. + * + * For example, you might reserve the first 12 bytes for the + * per-message nonce, and the last 4 bytes for internal use. In that + * case, before calling this function on a new message you need to + * set the first 12 bytes of \p nonce_counter to your chosen nonce + * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p + * stream_block to be ignored). That way, you can encrypt at most + * 2**96 messages of up to 2**32 blocks each with the same key. + * + * The per-message nonce (or information sufficient to reconstruct + * it) needs to be communicated with the ciphertext and must be unique. + * The recommended way to ensure uniqueness is to use a message + * counter. An alternative is to generate random nonces, but this + * limits the number of messages that can be securely encrypted: + * for example, with 96-bit random nonces, you should not encrypt + * more than 2**32 messages with the same key. + * + * Note that for both stategies, sizes are measured in blocks and + * that a CAMELLIA block is 16 bytes. * * \param ctx CAMELLIA context * \param length The length of the data From d0f143b1c9be651c08a9b16bc8f21aeeb589eca6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 May 2018 12:01:58 +0200 Subject: [PATCH 1049/1059] Update CTR doc for the 64-bit block cipher - constants need adjustment - don't mention "random nonces" as the space is too small --- include/mbedtls/blowfish.h | 40 +++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 0318db6979..fb16782aa8 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -180,18 +180,36 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * * There are two common strategies for managing nonces with CTR: * - * 1. Use a counter starting at 0 or a random value. With this - * strategy, this function will increment the counter for you, so - * you only need to preserve the \p nonce_counter buffer between - * calls. With this strategy, you must not encrypt more than - * 2**64 blocks of data. - * 2. Use a randomly-generated \p nonce_counter for each call. - * With this strategy, you need to ensure the nonce is generated - * in an unbiased way and you must not encrypt more than 2**32 - * blocks of data. + * 1. You can handle everything as a single message processed over + * successive calls to this function. In that case, you want to + * set \p nonce_counter and \p nc_off to 0 for the first call, and + * then preserve the values of \p nonce_counter, \p nc_off and \p + * stream_block across calls to this function as they will be + * updated by this function. * - * Note that for both stategies, the limit is in number of blocks - * and that a Blowfish block is 8 bytes. + * With this strategy, you must not encrypt more than 2**64 + * blocks of data with the same key. + * + * 2. You can encrypt separate messages by dividing the \p + * nonce_counter buffer in two areas: the first one used for a + * per-message nonce, handled by yourself, and the second one + * updated by this function internally. + * + * For example, you might reserve the first 4 bytes for the + * per-message nonce, and the last 4 bytes for internal use. In that + * case, before calling this function on a new message you need to + * set the first 4 bytes of \p nonce_counter to your chosen nonce + * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p + * stream_block to be ignored). That way, you can encrypt at most + * 2**32 messages of up to 2**32 blocks each with the same key. + * + * The per-message nonce (or information sufficient to reconstruct + * it) needs to be communicated with the ciphertext and must be unique. + * The recommended way to ensure uniqueness is to use a message + * counter. + * + * Note that for both stategies, sizes are measured in blocks and + * that a Blowfish block is 8 bytes. * * \param ctx Blowfish context * \param length The length of the data From 39f25616b3b26ee069094cf6c957c6a2d3439c2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 May 2018 14:06:02 +0200 Subject: [PATCH 1050/1059] Fix edit mistake in cipher_wrap.c Error was from 08c337d058bef --- library/cipher_wrap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index b1ab8f164b..a9ef8195ca 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -841,8 +841,7 @@ static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { - (void) operation; - return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, length, iv, + return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv, input, output ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ From fa0c47d4c81e0340770c3224dca1e5c082789535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 May 2018 19:02:06 +0200 Subject: [PATCH 1051/1059] Fix typo in doc and copy missing warning --- include/mbedtls/aes.h | 4 ++++ include/mbedtls/aria.h | 2 +- include/mbedtls/blowfish.h | 4 ++++ include/mbedtls/camellia.h | 4 ++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 731e5685ba..104c8f535b 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -349,6 +349,10 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * Note that for both stategies, sizes are measured in blocks and * that an AES block is 16 bytes. * + * \warning Upon return, \p stream_block contains sensitive data. Its + * content must not be written to insecure storage and should be + * securely discarded as soon as it's no longer needed. + * * \param ctx The AES context to use for encryption or decryption. * \param length The length of the input data. * \param nc_off The offset in the current \p stream_block, for diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 04f9240ead..bae0621b23 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -289,7 +289,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * Note that for both stategies, sizes are measured in blocks and * that an ARIA block is 16 bytes. * - * \warning Upon return, \p stream_block constains sensitive data. Its + * \warning Upon return, \p stream_block contains sensitive data. Its * content must not be written to insecure storage and should be * securely discarded as soon as it's no longer needed. * diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index fb16782aa8..985faa43f0 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -211,6 +211,10 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * Note that for both stategies, sizes are measured in blocks and * that a Blowfish block is 8 bytes. * + * \warning Upon return, \p stream_block contains sensitive data. Its + * content must not be written to insecure storage and should be + * securely discarded as soon as it's no longer needed. + * * \param ctx Blowfish context * \param length The length of the data * \param nc_off The offset in the current stream_block (for resuming diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 1d3610fea7..7e4721af78 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -231,6 +231,10 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * Note that for both stategies, sizes are measured in blocks and * that a CAMELLIA block is 16 bytes. * + * \warning Upon return, \p stream_block contains sensitive data. Its + * content must not be written to insecure storage and should be + * securely discarded as soon as it's no longer needed. + * * \param ctx CAMELLIA context * \param length The length of the data * \param nc_off The offset in the current stream_block (for resuming From e7d3f8e2ea94b03dceb7effd300edda9fd9822b9 Mon Sep 17 00:00:00 2001 From: Zach van Rijn Date: Mon, 21 May 2018 10:52:34 -0400 Subject: [PATCH 1052/1059] Fix MicroBlaze register typo. --- include/mbedtls/bn_mul.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 354c1cc1ab..f4b2b561d1 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -521,7 +521,7 @@ "swi r3, %2 \n\t" \ : "=m" (c), "=m" (d), "=m" (s) \ : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4" "r5", "r6", "r7", "r8", \ + : "r3", "r4", "r5", "r6", "r7", "r8", \ "r9", "r10", "r11", "r12", "r13" \ ); From d72700a8ed22511d26187013a88653e199a2e7ef Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 1 Jun 2018 19:11:55 +0100 Subject: [PATCH 1053/1059] Add ChangeLog entry for PR#1651 --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 348864c0e9..093b3a80b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ API Changes Therefore, mbedtls_platform_zeroize() is moved to the platform module to facilitate testing and maintenance. +Bugfix + * Fix an issue with MicroBlaze support in bn_mul.h which was causing the + build to fail. Found by zv-io. Fixes #1651. + = mbed TLS 2.9.0 branch released 2018-04-30 Security From 6e962b2762396c7bd1e810a53d0b497d4bd30c13 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 5 Jun 2018 10:25:04 +0100 Subject: [PATCH 1054/1059] Fix file permissions for ssl.h Correct the file permissions for ssl.h which were inadvertently made executable in PR#1402 --- include/mbedtls/ssl.h | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 include/mbedtls/ssl.h diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h old mode 100755 new mode 100644 From d08a2f7245c1e20e791c0ff3d4b8bbce5198a7d5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 5 Jun 2018 15:53:06 +0100 Subject: [PATCH 1055/1059] Adapt the ARIA test cases for new ECB function Commit 08c337d058be "Remove useless parameter from function" removed the parameter mode from the functions mbedtls_aria_crypt_ecb() which broke their respective test suite. This commit fixes those test cases. --- tests/suites/test_suite_aria.function | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index a662047cd9..4e39078ff0 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -42,9 +42,8 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, { for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) { - TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT, - src_str + i, output + i ) - == 0 ); + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) + == 0 ); } hexify( dst_str, output, data_len ); @@ -82,8 +81,7 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, { for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) { - TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT, - src_str + i, output + i ) + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) == 0 ); } hexify( dst_str, output, data_len ); From ab72727da4b72c9c4e9059fae983b817b502d639 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 6 Jun 2018 13:55:05 +0200 Subject: [PATCH 1056/1059] Add a disabled CMAC define in the no-entropy configuration --- configs/config-no-entropy.h | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index b4a0930b9c..7d34ad52ec 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -82,6 +82,7 @@ #define MBEDTLS_X509_USE_C #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C +//#define MBEDTLS_CMAC_C /* Miscellaneous options */ #define MBEDTLS_AES_ROM_TABLES From d5a09f1e68a6c154a0b0ff9556c5fe1cd919c803 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 6 Jun 2018 14:47:47 +0100 Subject: [PATCH 1057/1059] Updated version number to 2.10.0 for release --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8ebe9bb61e..4fbdb3d252 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.10.0 branch released 2018-06-06 Features * Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index e27c221bbc..9449cbbba9 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.9.0 source code documentation + * @mainpage mbed TLS v2.10.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 510fa85b0b..ddcbc2e048 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.9.0" +PROJECT_NAME = "mbed TLS v2.10.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index aa52ce21ec..83e3c1726b 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 9 +#define MBEDTLS_VERSION_MINOR 10 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02090000 -#define MBEDTLS_VERSION_STRING "2.9.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.9.0" +#define MBEDTLS_VERSION_NUMBER 0x020A0000 +#define MBEDTLS_VERSION_STRING "2.10.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.10.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7ec08e7b76..6e5faa5a04 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -143,15 +143,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.9.0 SOVERSION 2) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.10.0 SOVERSION 2) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.9.0 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.10.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.9.0 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.10.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 0aca470237..999a93365a 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.9.0" +check_compiletime_version:"2.10.0" Check runtime library version -check_runtime_version:"2.9.0" +check_runtime_version:"2.10.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From d75ee64c1fba22d10e49a510e931cbe1fd6a3e00 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 7 Jun 2018 11:55:50 +0100 Subject: [PATCH 1058/1059] Fix out-of-tree testing symlinks on Windows --- CMakeLists.txt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 587cfe258b..7641491825 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -67,7 +67,11 @@ function(link_to_source base_name) if (CMAKE_HOST_UNIX) set(command ln -s ${target} ${link}) else() - set(command cmd.exe /c mklink /j ${link} ${target}) + if (IS_DIRECTORY ${target}) + set(command cmd.exe /c mklink /j ${link} ${target}) + else() + set(command cmd.exe /c mklink ${link} ${target}) + endif() endif() execute_process(COMMAND ${command} From 2a1edacb1b49fc17729527d2bc8f829d5f03bb84 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 8 Jun 2018 10:07:32 +0100 Subject: [PATCH 1059/1059] Change symlink to hardlink to avoid permission issues --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7641491825..b9a0ce02da 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -70,7 +70,7 @@ function(link_to_source base_name) if (IS_DIRECTORY ${target}) set(command cmd.exe /c mklink /j ${link} ${target}) else() - set(command cmd.exe /c mklink ${link} ${target}) + set(command cmd.exe /c mklink /h ${link} ${target}) endif() endif()