From 248ae6dbb812367ce3d3dd41ee5cfe8d69842e3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 01/64] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- include/mbedtls/rsa.h | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdc..7d7469d50 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -329,9 +329,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -355,9 +361,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -383,9 +395,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From a9e775efe46b2d9de2e10fecf5f808e3f68d5aba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 02/64] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 7 +++++++ include/mbedtls/threading.h | 3 --- library/ecp.c | 20 -------------------- library/threading.c | 9 --------- 4 files changed, 7 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f0116bcf..29acca935 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x released xxxx-xx-xx + +Changes + * Removed mutexes from ECP hardware accelerator code. Now all hardware + accelerator code in the library leaves concurrency handling to the + platform. Reported by Steven Cooreman. #863 + = mbed TLS 2.5.1 released 2017-06-21 Security diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a89fd6496..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,9 +97,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex; -#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/ecp.c b/library/ecp.c index 56f22c272..1cfd4b10f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1690,11 +1690,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return( ret ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1719,11 +1714,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ return( ret ); } @@ -1831,11 +1821,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1853,11 +1838,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); diff --git a/library/threading.c b/library/threading.c index 55091e8db..07586756f 100644 --- a/library/threading.c +++ b/library/threading.c @@ -113,9 +113,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_init( &mbedtls_threading_ecp_mutex ); -#endif } /* @@ -125,9 +122,6 @@ void mbedtls_threading_free_alt( void ) { mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_free( &mbedtls_threading_ecp_mutex ); -#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -139,8 +133,5 @@ void mbedtls_threading_free_alt( void ) #endif mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT; -#endif #endif /* MBEDTLS_THREADING_C */ From 8c1b0be111c81bc354504168b732c978dab16d8b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 13:05:44 +0100 Subject: [PATCH 03/64] Enable MBEDTLS_AES_ROM_TABLES in config-no-entropy Enable the MBEDTLS_AES_ROM_TABLES option in the configs/config-no-entropy.h to place AES lookup tables in ROM. This saves considerable RAM space, a resource that is very limited in small devices that use this configuration. --- configs/config-no-entropy.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 95f17d456..73758602a 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -80,6 +80,9 @@ #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C +/* Miscellaneous options */ +#define MBEDTLS_AES_ROM_TABLES + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ From 6f45598d32d0fc2a322d6f8993097b5d5661cc37 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 12:57:44 +0100 Subject: [PATCH 04/64] Add ChangeLog entry for config-no-entropy.h change --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 29acca935..fd5194375 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 + * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file + config-no-entropy.h to reduce the RAM footprint. = mbed TLS 2.5.1 released 2017-06-21 From ee5a0ca3bba93e6906c8220db227be0215a221b8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Jun 2017 15:23:23 +0300 Subject: [PATCH 05/64] Minor: Fix typos in program comments Fix a couple of typos and writer's mistakes, in some reference program applications --- programs/pkey/ecdh_curve25519.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index aa15c4687..e7ead9a93 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -204,7 +204,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Verification: are the computed secret equal? + * Verification: are the computed secrets equal? */ mbedtls_printf( " . Checking if both computed secrets are equal..." ); fflush( stdout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e6366cec..a25886824 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2168,7 +2168,7 @@ handshake: #if defined(MBEDTLS_X509_CRT_PARSE_C) /* - * 5. Verify the server certificate + * 5. Verify the client certificate */ mbedtls_printf( " . Verifying peer X.509 certificate..." ); From e1b92fee55661a9adc61351784a13c1b01f016bf Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 06/64] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 ++- library/gcm.c | 6 ++- tests/suites/test_suite_gcm.aes128_de.data | 4 ++ tests/suites/test_suite_gcm.aes128_en.data | 4 ++ tests/suites/test_suite_gcm.aes192_de.data | 4 ++ tests/suites/test_suite_gcm.aes192_en.data | 4 ++ tests/suites/test_suite_gcm.aes256_de.data | 4 ++ tests/suites/test_suite_gcm.aes256_en.data | 4 ++ tests/suites/test_suite_gcm.function | 43 ++++++++++++++++++++++ 9 files changed, 76 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd5194375..491b18bd2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/gcm.c b/library/gcm.c index f1210c52c..fccb092bd 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -277,8 +277,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t use_len, olen = 0; /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ - if( ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) + /* IV is not allowed to be zero length */ + if( iv_len == 0 || + ( (uint64_t) iv_len ) >> 61 != 0 || + ( (uint64_t) add_len ) >> 61 != 0 ) { return( MBEDTLS_ERR_GCM_BAD_INPUT ); } diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index 6eaa711b9..2a2e32f0d 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index d8bee9d56..9453ffa70 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data index 841c6fa36..9e7bad00f 100644 --- a/tests/suites/test_suite_gcm.aes192_de.data +++ b/tests/suites/test_suite_gcm.aes192_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data index 18e56e79c..5ea110186 100644 --- a/tests/suites/test_suite_gcm.aes192_en.data +++ b/tests/suites/test_suite_gcm.aes192_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data index 0fe848978..9696a62be 100644 --- a/tests/suites/test_suite_gcm.aes256_de.data +++ b/tests/suites/test_suite_gcm.aes256_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data index 23d1689cc..0ff716d5d 100644 --- a/tests/suites/test_suite_gcm.aes256_en.data +++ b/tests/suites/test_suite_gcm.aes256_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 56c7e1899..308e14bb4 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -7,6 +7,49 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void gcm_bad_parameters( int cipher_id, int direction, + char *hex_key_string, char *hex_src_string, + char *hex_iv_string, char *hex_add_string, + int tag_len_bits, int gcm_result ) +{ + unsigned char key_str[128]; + unsigned char src_str[128]; + unsigned char dst_str[257]; + unsigned char iv_str[128]; + unsigned char add_str[128]; + unsigned char tag_str[128]; + unsigned char output[128]; + unsigned char tag_output[16]; + mbedtls_gcm_context ctx; + unsigned int key_len; + size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; + + mbedtls_gcm_init( &ctx ); + + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( add_str, 0x00, sizeof( add_str ) ); + memset( tag_str, 0x00, sizeof( tag_str ) ); + memset( output, 0x00, sizeof( output ) ); + memset( tag_output, 0x00, sizeof( tag_output ) ); + + key_len = unhexify( key_str, hex_key_string ); + pt_len = unhexify( src_str, hex_src_string ); + iv_len = unhexify( iv_str, hex_iv_string ); + add_len = unhexify( add_str, hex_add_string ); + + TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len, + add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result ); + +exit: + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, char *hex_key_string, char *hex_src_string, From 85bdcf8c16f280d76c4cd9f12f74a223a46e4419 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 07/64] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ library/x509_crt.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 491b18bd2..84ca3684a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/x509_crt.c b/library/x509_crt.c index d86857de8..915a7f63e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1171,13 +1171,13 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( dir == NULL ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) { closedir( dir ); return( ret ); } -#endif +#endif /* MBEDTLS_THREADING_C */ while( ( entry = readdir( dir ) ) != NULL ) { @@ -1210,10 +1210,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) cleanup: closedir( dir ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; -#endif +#endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ From eba5dabc61240aeded9cffd20b840f0d184d2e2c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 08/64] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 84ca3684a..05892db80 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/x509_crt.c b/library/x509_crt.c index 915a7f63e..a6dce95ba 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1146,7 +1146,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + { + ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } w_ret = mbedtls_x509_crt_parse_file( chain, filename ); if( w_ret < 0 ) @@ -1159,6 +1162,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( GetLastError() != ERROR_NO_MORE_FILES ) ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; +cleanup: FindClose( hFind ); #else /* _WIN32 */ int t_ret; From 7875b2428794a32b0b60a9c04f3bd07a86ad2460 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 09/64] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ library/dhm.c | 6 +++--- library/ecp.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 05892db80..c88239dfd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/dhm.c b/library/dhm.c index a4715d170..bec52a11d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -165,7 +165,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -251,7 +251,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -324,7 +324,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, count = 0; do { - mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); diff --git a/library/ecp.c b/library/ecp.c index 1cfd4b10f..5ad686398 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1128,7 +1128,7 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); @@ -1527,7 +1527,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); From 544039ac598e0d90f7ad73944bf052978f6a86d2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Jun 2017 14:31:29 +0100 Subject: [PATCH 10/64] Undo API change The previous commit b3e6872c9381ed4ce020d631dda1e0126c42b64f changed to public functions from ssl_ciphersuite.h to static inline. This commit reverts this change. --- include/mbedtls/ssl_ciphersuites.h | 36 ++---------------------------- library/ssl_ciphersuites.c | 36 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 931c1b3c3..9101d9cc7 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -359,23 +359,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciph mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -static inline int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) @@ -429,23 +414,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) { switch( info->key_exchange ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index c1a92d67d..95e6163cc 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1834,6 +1834,42 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers return( MBEDTLS_PK_NONE ); } } + #endif /* MBEDTLS_PK_C */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_PSK: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ From 0a38f1ac28aaf3de7631d3da0863b94167aad9b6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 11:25:37 +0100 Subject: [PATCH 11/64] Undo API change from SHA1 deprecation The previous commit bd5ceee484f201b90a384636ba12de86bd330cba removed the definition of the global constants - mbedtls_test_ca_crt_rsa_len, - mbedtls_test_cli_crt_rsa_len, - mbedtls_test_ca_crt_rsa, and - mbedtls_test_cli_crt_rsa. This commit restores these to maintain ABI compatibility. Further, it was noticed that without SHA256_C being enabled the previous code failed to compile because because the SHA1 resp. SHA256 certificates were only defined when the respective SHAXXX_C options were set, but the emission of the global variable mbedtls_test_ca_crt was unconditionally defined through the SHA256 certificate. Previously, the RSA SHA1 certificate was unconditionally defined and used for that. As a remedy, this commit makes sure some RSA certificate is defined and exported through the following rule: 1. If SHA256_C is active, define an RSA SHA256 certificate and export it as mbedtls_test_ca_crt. Also, define SHA1 certificates only if SHA1_C is set. 2. If SHA256_C is not set, always define SHA1 certificate and export it as mbedtls_test_ca_crt. --- library/certs.c | 75 +++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/library/certs.c b/library/certs.c index 5c0199891..f1379b8cb 100644 --- a/library/certs.c +++ b/library/certs.c @@ -116,31 +116,6 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec ); #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA1_C) -#define TEST_CA_CRT_RSA_SHA1 \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ -"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ -"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ -"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ -"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ -"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ -"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ -"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ -"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ -"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ -"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ -"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ -"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ -"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ -"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ -"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ -"-----END CERTIFICATE-----\r\n" -static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -#endif #if defined(MBEDTLS_SHA256_C) #define TEST_CA_CRT_RSA_SHA256 \ @@ -165,7 +140,46 @@ static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; "ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \ "n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \ "-----END CERTIFICATE-----\r\n" + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#define TEST_CA_CRT_RSA_SOME + static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; + +#endif + +#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C) +#define TEST_CA_CRT_RSA_SHA1 \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ +"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ +"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ +"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ +"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ +"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ +"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ +"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ +"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ +"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ +"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ +"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ +"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ +"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ +"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ +"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ +"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ +"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +#if !defined (TEST_CA_CRT_RSA_SOME) +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#endif + +static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; + #endif const char mbedtls_test_ca_key_rsa[] = @@ -257,7 +271,7 @@ const char mbedtls_test_srv_key_rsa[] = "-----END RSA PRIVATE KEY-----\r\n"; const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); -static const char mbedtls_test_cli_crt_rsa_sha256[] = +const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" @@ -279,6 +293,7 @@ static const char mbedtls_test_cli_crt_rsa_sha256[] = "ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n" "c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n" "-----END CERTIFICATE-----\r\n"; +const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); const char mbedtls_test_cli_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" @@ -354,19 +369,19 @@ const size_t mbedtls_test_cas_len[] = { }; #if defined(MBEDTLS_RSA_C) -const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256; +const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */ const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa; const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa; const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa; const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa; -const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256; +const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa; const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa; -const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa ); const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa ); const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1; const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa ); const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa ); -const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 ); +const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa ); const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa ); #else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */ const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec; From 649dcab1759588aa8bcccb2a6c40c3d4ce5821d4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:19 +0100 Subject: [PATCH 12/64] Clarify documentation for alternative AES implementations The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been superseded by mbedtls_aes_internal_decrypt and mbedtls_aes_internal_encrypt, respectively. Alternative implementations should now only replace the latter, and leave the maintenance wrapper definitions of the former untouched. This commit clarifies this in the documentation of the respective configuration options MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 12 +++++++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc81..6044a51aa 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,9 +287,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) + * \brief Old AES block encryption function without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -306,9 +304,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( } /** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) + * \brief Old AES block decryption function without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..2a2209a35 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -273,9 +273,15 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * have to stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. * * Uncomment a macro to enable alternate implementation of the corresponding * function. From 489b985fae447c89d65e56fe7be79a1968d18813 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:56 +0100 Subject: [PATCH 13/64] Export mbedtls_aes_(en/de)crypt to retain for API compatibility The commit f5bf7189d303e602992c750c09e429e23c7b2abf made the AES functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing the library's API. This commit reverts this. --- include/mbedtls/aes.h | 20 ++++++-------------- library/aes.c | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 6044a51aa..4a546acc9 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -295,13 +295,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); /** * \brief Old AES block decryption function without return value. @@ -312,13 +308,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( * \param input Ciphertext block * \param output Output (plaintext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b..58603849c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,6 +765,13 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_encrypt( ctx, input, output ); +} + /* * AES-ECB block decryption */ @@ -824,6 +831,13 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_decrypt( ctx, input, output ); +} + /* * AES-ECB block encryption/decryption */ From 1a28b01b5e500cf0f53df797a4a23aa0e328bb6b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Jul 2017 09:50:59 +0100 Subject: [PATCH 14/64] Make minor changes to documentation --- include/mbedtls/aes.h | 6 ++++-- include/mbedtls/config.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4a546acc9..1829f7240 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,7 +287,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Old AES block encryption function without return value. + * \brief Deprecated internal AES block encryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -300,7 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ); /** - * \brief Old AES block decryption function without return value. + * \brief Deprecated internal AES block decryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a2209a35..b10d87375 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -277,7 +277,7 @@ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * have to stay untouched. + * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES From 75c0c814e4bf9cf753d20c04f5eaebb04c7ab6c6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 20 Jul 2017 12:33:41 +0200 Subject: [PATCH 15/64] Update Changelog for API/ABI fixes to revert interface --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index c88239dfd..0209cfe9e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the + API consistent with mbed TLS 2.5.0. Specifically removed the inline + qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 From 122d89929617e9735773eb4dbb4cf0bf6e66724c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:03:23 +0100 Subject: [PATCH 16/64] Add library setup and teardown APIs Add the following two functions to allow platform setup and teardown operations for the full library to be hooked in: * mbedtls_platform_setup() * mbedtls_platform_teardown() An mbedtls_platform_context C structure is also added and two internal functions that are called by the corresponding setup and teardown functions above: * mbedtls_internal_platform_setup() * mbedtls_internal_plartform_teardown() Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow mbedtls_platform_context and internal function to be overriden by the user as needed for a platform. --- include/mbedtls/config.h | 1 + include/mbedtls/platform.h | 45 ++++++++++++++++++++++++++++++++++++++ library/platform.c | 30 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b10d87375..ffeeb34af 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,6 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_SETUP_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index b1b019e55..a9ff7e421 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,6 +288,51 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +typedef struct mbedtls_platform_context mbedtls_platform_context; +#else +#include "platform_alt.h" +#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ + +/** + * \brief Perform any platform initialisation operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be called before any other library function + */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Perform any platform teardown operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be after every other mbed TLS module has been + * correctly freed using the appropriate free function. + */ +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); + +/** + * \brief Internal function to perform any platform initialisation operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + * + * \return 0 if successful + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Internal function to perform any platform teardown operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 8b336c38e..2ac67cbe9 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,4 +304,34 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) +{ + return( mbedtls_internal_platform_setup( ctx ) ); +} + +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) +{ + mbedtls_internal_platform_teardown( ctx ); +} + +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +/* + * Placeholder internal platform setup that does nothing by default + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +{ + (void)ctx; + + return( 0 ); +} + +/* + * Placeholder internal platform teardown that does nothing by default + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +{ + (void)ctx; +} +#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ + #endif /* MBEDTLS_PLATFORM_C */ From ab8b624fd5f0b1d4752a34bb247204a5702ad379 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:19:13 +0100 Subject: [PATCH 17/64] Add ChangeLog entry for platform setup and teardown --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0209cfe9e..937991afc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() + to perform platform-specific setup and teardown operations. Furthermore, + the internal functions mbedtls_internal_platform_setup() and + mbedtls_internal_platform_teardown() to allow platform-specific hooks to + be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT + allows the internal functions to be overridden. This new APIs are + specially useful in some embedded environments that have hardware + acceleration support. + API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline From 82d7314c434338ff34b8dc43f0981ae1fb6f07e9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:25:17 +0100 Subject: [PATCH 18/64] Remove internal functions from setup API --- include/mbedtls/platform.h | 21 ++++----------------- library/platform.c | 18 ++++-------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a9ff7e421..29b80cd3e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,6 +289,10 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +struct mbedtls_platform_context { + char dummy; /**< Placeholder member as empty structs are not portable */ +}; + typedef struct mbedtls_platform_context mbedtls_platform_context; #else #include "platform_alt.h" @@ -316,23 +320,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform initialisation operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - * - * \return 0 if successful - */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform teardown operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 2ac67cbe9..f739f2f0f 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,21 +304,11 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) -{ - return( mbedtls_internal_platform_setup( ctx ) ); -} - -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) -{ - mbedtls_internal_platform_teardown( ctx ); -} - #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) /* - * Placeholder internal platform setup that does nothing by default + * Placeholder platform setup that does nothing by default */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) { (void)ctx; @@ -326,9 +316,9 @@ int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) } /* - * Placeholder internal platform teardown that does nothing by default + * Placeholder platform teardown that does nothing by default */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } From 849811c9ccda98bdd135c4f92369462d5e145d7d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:27:05 +0100 Subject: [PATCH 19/64] Modify ChangeLog according to API changes --- ChangeLog | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 937991afc..ae2d59ac5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,11 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - to perform platform-specific setup and teardown operations. Furthermore, - the internal functions mbedtls_internal_platform_setup() and - mbedtls_internal_platform_teardown() to allow platform-specific hooks to - be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT - allows the internal functions to be overridden. This new APIs are - specially useful in some embedded environments that have hardware - acceleration support. + and the context struct mbedtls_platform_context to perform + platform-specific setup and teardown operations. The macro + MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the + user in a platform_alt.h file. This new APIs are specially useful in some + embedded environments that have hardware acceleration support. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the From 9d80a363363dfff1c90754470528ed1c68a3611f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:32:40 +0100 Subject: [PATCH 20/64] Improve documentation for mbedtls_platform_context --- include/mbedtls/platform.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 29b80cd3e..88a0bdf33 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,11 +289,18 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) -struct mbedtls_platform_context { - char dummy; /**< Placeholder member as empty structs are not portable */ -}; -typedef struct mbedtls_platform_context mbedtls_platform_context; +/** + * \brief Platform context structure + * + * \note This structure may be used to assist platform-specific + * setup/teardown operations. + */ +typedef struct { + char dummy; /**< Placeholder member as empty structs are not portable */ +} +mbedtls_platform_context; + #else #include "platform_alt.h" #endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ From 9da69514ecbc69b9e1b4ad2ad85a82e18e8c68b8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:23:04 +0100 Subject: [PATCH 21/64] Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive as this macro enables/disables both functions. --- include/mbedtls/config.h | 2 +- include/mbedtls/platform.h | 4 ++-- library/platform.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ffeeb34af..de9993848 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,7 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 88a0bdf33..712bbe937 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,7 +288,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /** * \brief Platform context structure @@ -303,7 +303,7 @@ mbedtls_platform_context; #else #include "platform_alt.h" -#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** * \brief Perform any platform initialisation operations diff --git a/library/platform.c b/library/platform.c index f739f2f0f..af3b2f15e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,7 +304,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /* * Placeholder platform setup that does nothing by default */ @@ -322,6 +322,6 @@ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } -#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #endif /* MBEDTLS_PLATFORM_C */ From f92e5d5dbc6a52a14342997693f0cc5c9b6dd040 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:24:26 +0100 Subject: [PATCH 22/64] Fix typo in ChangeLog and update macro name --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae2d59ac5..d9682a5ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,8 @@ Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the - user in a platform_alt.h file. This new APIs are specially useful in some + MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden + by the user in a platform_alt.h file. This new APIs are required in some embedded environments that have hardware acceleration support. API Changes From 1d74c41a4913d1e49f11d22474f2a7f723d59138 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 23/64] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d9682a5ea..cf29b0a65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 49406c89788d582a1445216fe7cfb1c360ee4e40 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 24/64] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index cf29b0a65..ed0220f85 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8c50e72a0afe745be37e23f03ee98cd3597a3365 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 25/64] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ed0220f85..9fee9c43e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 45778acf85b7d19506478c777cdb0fe5e74a4669 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 26/64] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9fee9c43e..4181281c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e1b2f6bd33af2c5f1a542759a71267bcb46b1087 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 27/64] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4181281c7..0bb5d88c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8d65f95901b46e02e0284516be6af94b6005320b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 01:48:17 +0200 Subject: [PATCH 28/64] Correct order of sections in the ChangeLog --- ChangeLog | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0bb5d88c1..d9682a5ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,18 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From be4f75c12f9ee37eea8d836909fe04841567210b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 02:08:00 +0200 Subject: [PATCH 29/64] Add additional comments to platform setup/teardown functions --- include/mbedtls/platform.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 712bbe937..25b5d2129 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -312,7 +312,13 @@ mbedtls_platform_context; * * \return 0 if successful * - * \note This function should be called before any other library function + * \note This function is intended to allow platform specific initialisation, + * and should be called before any other library functions. Its + * implementation is platform specific, and by default, unless platform + * specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** @@ -322,8 +328,13 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \return 0 if successful * - * \note This function should be after every other mbed TLS module has been - * correctly freed using the appropriate free function. + * \note This function should be called after every other mbed TLS module has + * been correctly freed using the appropriate free function. + * Its implementation is platform specific, and by default, unless + * platform specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From c0da47dd1ea251c200f1971593a13def3d9e2084 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 23:48:55 +0100 Subject: [PATCH 30/64] Fix platform setup/teardown feature and comments Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it as a feature in 'version_features.c'. --- include/mbedtls/platform.h | 2 -- library/version_features.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 25b5d2129..35010f885 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -326,8 +326,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \param ctx mbed TLS context * - * \return 0 if successful - * * \note This function should be called after every other mbed TLS module has * been correctly freed using the appropriate free function. * Its implementation is platform specific, and by default, unless diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..bb172f298 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -69,6 +69,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) "MBEDTLS_PLATFORM_NV_SEED_ALT", #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ From 05d9535c9016d0ea709fa396bfc8c1ed6b73913c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:05:55 +0100 Subject: [PATCH 31/64] Enable 64-bit compilation with ARM Compiler 6 This patch fixes the conditional preprocessor directives in include/mbedtls/bignum.h to enable 64-bit compilation with ARM Compiler 6. --- ChangeLog | 2 ++ include/mbedtls/bignum.h | 68 ++++++++++++++++++++++++---------------- 2 files changed, 43 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index d9682a5ea..6c2f783cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix conditional preprocessor directives in bignum.h to enable 64-bit + compilation when using ARM Compiler 6. Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 1a5b4b675..ac89069dc 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -106,33 +106,47 @@ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM */ -#if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(_MSC_VER) && defined(_M_AMD64) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; -#else - #if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - (defined(__sparc__) && defined(__arch64__)) || \ - defined(__s390x__) || defined(__mips64) ) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #else - #define MBEDTLS_HAVE_INT32 - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */ -#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */ +#if !defined(MBEDTLS_HAVE_INT32) + #if defined(_MSC_VER) && defined(_M_AMD64) + /* Always choose 64-bit when using MSC */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #elif defined(__GNUC__) && ( \ + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + ( defined(__sparc__) && defined(__arch64__) ) || \ + defined(__s390x__) || defined(__mips64) ) + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #elif defined(__ARMCC_VERSION) && defined(__aarch64__) + /* __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif +#endif /* !MBEDTLS_HAVE_INT32 */ + +#if !defined(MBEDTLS_HAVE_INT64) + /* Default to 32-bit compilation */ + #if !defined(MBEDTLS_HAVE_INT32) + #define MBEDTLS_HAVE_INT32 + #endif /* !MBEDTLS_HAVE_INT32 */ + typedef int32_t mbedtls_mpi_sint; + typedef uint32_t mbedtls_mpi_uint; + typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus extern "C" { From dd29c2f2c3da25f3d379d07bd68d4056407870ba Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:35:51 +0100 Subject: [PATCH 32/64] Add all.sh test to force 32-bit compilation --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2c..743735e39 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -438,6 +438,17 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + +msg "build: gcc, force 32-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + +msg "test: gcc, force 32-bit compilation" +make test fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From 6ee7dad8961a089f0c405c5bdc2fc58efc2bff08 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 11:49:32 +0100 Subject: [PATCH 33/64] Allow forcing 64-bit integer type Allow forcing 64-bit integer type for bignum operations. Also introduce the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length integer in unknown compilers. --- include/mbedtls/bignum.h | 61 ++++++++++++++++++++++++++-------- include/mbedtls/check_config.h | 10 ++++++ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ac89069dc..3b76c1cac 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -103,13 +103,28 @@ /* * Define the base integer type, architecture-wise. * - * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) - * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM + * 32 or 64-bit integer types can be forced regardless of the underlying + * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 + * respectively and undefining MBEDTLS_HAVE_ASM. + * + * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * disabled by defining MBEDTLS_NO_UDBL_DIVISION. + * + * The double length integer types can be configured by defining + * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the + * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL + * must be a complete statement of the form: + * typedef mbedtls_t_udbl + * for example: + * #define MBEDTLS_TYPE_UDBL \ + * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) /* Always choose 64-bit when using MSC */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; #elif defined(__GNUC__) && ( \ @@ -118,22 +133,39 @@ defined(__ia64__) || defined(__alpha__) || \ ( defined(__sparc__) && defined(__arch64__) ) || \ defined(__s390x__) || defined(__mips64) ) - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* __ARMCC_VERSION is defined for both armcc and armclang and + /* + * __ARMCC_VERSION is defined for both armcc and armclang and * __aarch64__ is only defined by armclang when compiling 64-bit code */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ + #elif defined(MBEDTLS_HAVE_INT64) + /* Force 64-bit integers with unknown compiler */ + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) + MBEDTLS_TYPE_UDBL; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -144,8 +176,9 @@ #endif /* !MBEDTLS_HAVE_INT32 */ typedef int32_t mbedtls_mpi_sint; typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + typedef uint64_t mbedtls_t_udbl; + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index dab1113d8..7261e7da9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -650,6 +650,16 @@ #error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) +#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" +#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ + +#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ + defined(MBEDTLS_HAVE_ASM +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" + "defined simultaneously" +#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From 9a9adcd6aab77abe97ed77ae200516f2fe1d20ed Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Jun 2017 15:19:20 +0200 Subject: [PATCH 34/64] MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION Changed the option to disable the use of 64-bit division, to an option to disable the use of double-width division, whether that's 64 or 128-bit. --- ChangeLog | 7 +++++++ include/mbedtls/config.h | 25 +++++++++++++++++++++++++ tests/scripts/all.sh | 7 +++++++ 3 files changed, 39 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6c2f783cd..c3ec3c3cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. +Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. + * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the + double-width integer type used in the bignum module when the compiler is + unknown. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index de9993848..a921f4787 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -55,6 +55,31 @@ */ #define MBEDTLS_HAVE_ASM +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. + */ +//#define MBEDTLS_NO_UDBL_DIVISION + /** * \def MBEDTLS_HAVE_SSE2 * diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 743735e39..630ddfb36 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -468,6 +468,13 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s +cleanup +scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +echo "Checking that software 64-bit division is not required" +! grep __aeabi_uldiv library/*.o + msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 710f54182f09b419a15de67c9ae10ebb6d48a002 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2017 18:01:54 +0200 Subject: [PATCH 35/64] Checked names --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index bb172f298..5cbe8aca3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -36,6 +36,9 @@ static const char *features[] = { #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_NO_UDBL_DIVISION) + "MBEDTLS_NO_UDBL_DIVISION", +#endif /* MBEDTLS_NO_UDBL_DIVISION */ #if defined(MBEDTLS_HAVE_SSE2) "MBEDTLS_HAVE_SSE2", #endif /* MBEDTLS_HAVE_SSE2 */ From bebc5f69f8d21ff6feec49de96fffb2949e215f9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 12:11:19 +0100 Subject: [PATCH 36/64] Fix typo in check_config.h --- include/mbedtls/bignum.h | 4 ++-- include/mbedtls/check_config.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3b76c1cac..c8d94c920 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -107,10 +107,10 @@ * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 * respectively and undefining MBEDTLS_HAVE_ASM. * - * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. * - * The double length integer types can be configured by defining + * The double-width integer types can be configured by defining * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL * must be a complete statement of the form: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7261e7da9..e846b429a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -654,8 +654,8 @@ #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ -#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ - defined(MBEDTLS_HAVE_ASM +#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ + defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" "defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ From 713c6fdd4e7ec2170c474c73d4302d5d9e4eca1f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:15 +0100 Subject: [PATCH 37/64] Fix check_config.h #error directive --- include/mbedtls/check_config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e846b429a..fa72454e5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -656,8 +656,7 @@ #if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" - "defined simultaneously" +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ /* From 33264d7a96c8a66c76b36e81854e9b9da8e1dba3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:34 +0100 Subject: [PATCH 38/64] Add tests for 64 and 32-bit int types compilation --- tests/scripts/all.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 630ddfb36..7466b5403 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,10 +447,31 @@ scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "test: gcc, force 32-bit compilation" +msg "build: gcc, force 64-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + +msg "test: gcc, force 64-bit compilation" make test + +msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make fi # x86_64 +msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 6fb65864a20c0ebb0ad571bd6a755a0c279d3f73 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:27:35 +0100 Subject: [PATCH 39/64] Fix no 64-bit division test in all.sh --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7466b5403..1f5bad44b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -491,6 +491,18 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +scripts/config.pl full +scripts/config.pl unset MBEDTLS_NET_C +scripts/config.pl unset MBEDTLS_TIMING_C +scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY +# following things are not in the default config +scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c +scripts/config.pl unset MBEDTLS_THREADING_PTHREAD +scripts/config.pl unset MBEDTLS_THREADING_C +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib echo "Checking that software 64-bit division is not required" From de2e70431f01341291be75a778f4c3c43cfbd471 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 17:33:09 +0100 Subject: [PATCH 40/64] Remove MBEDTLS_TYPE_UDBL option --- ChangeLog | 3 --- include/mbedtls/bignum.h | 14 +------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index c3ec3c3cd..008db7ace 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,9 +19,6 @@ API Changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. - * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the - double-width integer type used in the bignum module when the compiler is - unknown. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index c8d94c920..456a80420 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -109,15 +109,6 @@ * * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. - * - * The double-width integer types can be configured by defining - * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the - * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL - * must be a complete statement of the form: - * typedef mbedtls_t_udbl - * for example: - * #define MBEDTLS_TYPE_UDBL \ - * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) @@ -162,10 +153,6 @@ /* Force 64-bit integers with unknown compiler */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) - MBEDTLS_TYPE_UDBL; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -178,6 +165,7 @@ typedef uint32_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ From c327aa1542315a79cc9451973631c81217be52bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:50:25 +0100 Subject: [PATCH 41/64] Remove MBEDTLS_TYPE_UDBL tests from all.sh --- tests/scripts/all.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f5bad44b..65dc47175 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -458,20 +458,15 @@ CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make msg "test: gcc, force 64-bit compilation" make test -msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +msg "build: gcc, force 64-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 -msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make - msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From fdd11b253125253b6abb76da3e8f42f3c91a3076 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:56:22 +0100 Subject: [PATCH 42/64] Improve MBEDTLS_NO_UDBL_DIVISION description --- include/mbedtls/config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a921f4787..47c719640 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -76,7 +76,10 @@ * * Note that division for the native integer type is always required. * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. */ //#define MBEDTLS_NO_UDBL_DIVISION From 3422ddfa4c8e5f21c5339f692eb3318d7163c607 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 43/64] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 008db7ace..539fff102 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() @@ -16,10 +16,6 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. - Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 @@ -35,6 +31,8 @@ Bugfix compilation when using ARM Compiler 6. Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 537e2e9bb3098377febf51a20b1befdd99d5746b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 44/64] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 539fff102..292d5f380 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 237ab35b4aa7d2a9b480da5f447647fa07c41c6a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 45/64] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 292d5f380..240bff40a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8a26de6d99b3eb7800156a197a66180b82e39f16 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 46/64] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 240bff40a..127123117 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e6ec1d2d44b0272744106e533cd756e3c0747263 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 47/64] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 127123117..562fa6a78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From de1586799d9f2794e28fb94a382bac59d36a15a8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 22 Jul 2017 11:49:55 +0200 Subject: [PATCH 48/64] Added missing credit to Changelog and format fixes --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 562fa6a78..40b4fae44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 + Found by James Cowgill. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -44,7 +45,7 @@ Bugfix Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. + 64-bit division. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 51aaa99473aa3e5f62440b1d683f4858ea4e188c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 23 Jul 2017 13:42:36 +0200 Subject: [PATCH 49/64] Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them. --- tests/scripts/all.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65dc47175..d9c5bbfa4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -486,6 +486,7 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -526,11 +527,20 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean +# ARM Compiler 6 - Target ARMv7-A armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + +# ARM Compiler 6 - Target ARMv7-M armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + +# ARM Compiler 6 - Target ARMv8-A - AArch32 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + +# ARM Compiler 6 - Target ARMv8-M armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -armc6_build_test "--target=aarch64-arm-none-eabi" + +# ARM Compiler 6 - Target ARMv8-A - AArch64 +armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" msg "build: allow SHA1 in certificates by default" cleanup From b3136be542b4a5b4aa02ab72e3a40ac5e3b4fb15 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 21 Jun 2017 14:57:25 +0300 Subject: [PATCH 50/64] github templates Add templates for github, for templates to be used in new issues and new PRs --- .github/issue_template.md | 40 ++++++++++++++++++++++++++++++++ .github/pull_request_template.md | 39 +++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 .github/issue_template.md create mode 100644 .github/pull_request_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md new file mode 100644 index 000000000..3398f49e6 --- /dev/null +++ b/.github/issue_template.md @@ -0,0 +1,40 @@ +Note: This is just a template, so feel free to use/remove the unnecessary things + +### Description +- Type: Bug | Enhancement\Feature Request | Question +- Priority: Blocker | Major | Minor + +--------------------------------------------------------------- +## Bug + +**OS** +linux|windows|?? + +**mbed TLS build:** +Version: x.x.x or git commit id +Configuration: please attach config.h file +Compiler and options (if you used a pre-built binary, please indicate how you obtained it): +Additional environment information: + +**peer device TLS stack and version** +openSSL | GnuTls | other +version: + +**Expected behavior** + +**Actual behavior** + +**Steps to reproduce** + +---------------------------------------------------------------- +## Enhancement\Feature Request + +**Incentive for change** + +**Suggested enhancement** + +----------------------------------------------------------------- + +## Question + +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..dac8bde2a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,39 @@ +Notes: +* Pull requests will not be accepted until: +- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) + or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) +- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) +* This is just a template, so feel free to use/remove the unnecessary things +## Description +A few sentences describing the overall goals of the pull request's commits. + + +## Status +**READY/IN DEVELOPMENT/HOLD** + +## Requires Backporting +When there is a bug fix, it should be backported to legacy supported branches. +legacy supported branches will not be backported if: +- This PR is a new feature\enhancement +- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch + +Yes | NO +What branch? + +## Migrations +If there is any API change, what's the incentive and logic for it. + +YES | NO + +## Additional comments +Any additional information that could be of interest + +## Todos +- [ ] Tests +- [ ] Documentation +- [ ] Changelog updated +- [ ] Backported + + +## Steps to test or reproduce +Outline the steps to test or reproduce the PR here. \ No newline at end of file From 779d9f6886b94dd6f5366ab29348830e0eea64ec Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 13:28:48 +0300 Subject: [PATCH 51/64] Update after Simon's comment Update the comment with Simon's comments --- .github/issue_template.md | 11 ++++++----- .github/pull_request_template.md | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 3398f49e6..772d98b33 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,16 +8,17 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -linux|windows|?? +mbed-OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id -Configuration: please attach config.h file +OS version: x.x.x +Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: **peer device TLS stack and version** -openSSL | GnuTls | other +openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other version: **Expected behavior** @@ -29,7 +30,7 @@ version: ---------------------------------------------------------------- ## Enhancement\Feature Request -**Incentive for change** +**Justification - why does the library need this feature?** **Suggested enhancement** @@ -37,4 +38,4 @@ version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index dac8bde2a..fa0c7e964 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ Notes: -* Pull requests will not be accepted until: +* Pull requests cannot be accepted until: - The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) - or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) + or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) - The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) * This is just a template, so feel free to use/remove the unnecessary things ## Description @@ -18,7 +18,7 @@ legacy supported branches will not be backported if: - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch Yes | NO -What branch? +Which branch? ## Migrations If there is any API change, what's the incentive and logic for it. @@ -36,4 +36,4 @@ Any additional information that could be of interest ## Steps to test or reproduce -Outline the steps to test or reproduce the PR here. \ No newline at end of file +Outline the steps to test or reproduce the PR here. From 3aa712dff78b10f8fd1b6c4ca58187f80b152560 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 24 Jul 2017 14:19:02 +0200 Subject: [PATCH 52/64] Minor typo fixes in the github template files --- .github/issue_template.md | 6 +++--- .github/pull_request_template.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 772d98b33..33f68fba1 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -17,9 +17,9 @@ Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: -**peer device TLS stack and version** -openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other -version: +**Peer device TLS stack and version** +OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other +Version: **Expected behavior** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fa0c7e964..485b54195 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -12,8 +12,8 @@ A few sentences describing the overall goals of the pull request's commits. **READY/IN DEVELOPMENT/HOLD** ## Requires Backporting -When there is a bug fix, it should be backported to legacy supported branches. -legacy supported branches will not be backported if: +When there is a bug fix, it should be backported to all maintained and supported branches. +Changes do not have to be backported if: - This PR is a new feature\enhancement - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch From fcb7491a49f3a1617b8e8a42cbf78bb432e2c579 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 53/64] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 +++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++ tests/scripts/check-names.sh | 2 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 000000000..d0ed4a38f --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 000000000..6b2da10ed --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 191594ce0..4c66440e2 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -12,7 +12,7 @@ set -eu if grep --version|head -n1|grep GNU >/dev/null; then :; else - echo "This script requires GNU grep." + echo "This script requires GNU grep.">&2 exit 1 fi From 84f986c0e0c1258d8a87e3edbdfb945af0b72690 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 54/64] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f..f78df991d 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 9508923e9a949ce52e0c133cb0f2a5c2b185cb19 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 55/64] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d..400d63ee5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From ee16553d8e7054739310da2cb7c1705b0dcef2aa Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 56/64] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee5..6bd9110c5 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed..ee54a6cff 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From 4d90d56dfe3beb2b1da61b8518f609dcba05011a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 57/64] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- {test => tests}/git-scripts/README.md | 4 ++-- {test => tests}/git-scripts/pre-push.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename {test => tests}/git-scripts/README.md (67%) rename {test => tests}/git-scripts/pre-push.sh (100%) diff --git a/test/git-scripts/README.md b/tests/git-scripts/README.md similarity index 67% rename from test/git-scripts/README.md rename to tests/git-scripts/README.md index 6bd9110c5..29d7501b3 100644 --- a/test/git-scripts/README.md +++ b/tests/git-scripts/README.md @@ -4,12 +4,12 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tesst/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` +`ln -s ../../tests/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** diff --git a/test/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh similarity index 100% rename from test/git-scripts/pre-push.sh rename to tests/git-scripts/pre-push.sh From 853c46c8d3f621233e1a2f8d618ae1fbbba6ac60 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 58/64] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ library/x509_crl.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 40b4fae44..5c8f377c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/library/x509_crl.c b/library/x509_crl.c index 76c49f135..55d12acd0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -352,14 +352,14 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, return( ret ); } - crl->version++; - - if( crl->version > 2 ) + if( crl->version < 0 || crl->version > 1 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crl->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) From ae7b1c4aed5301cf17db0b1f382cccf07f7acddc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 10:57:34 +0000 Subject: [PATCH 59/64] Add CSR DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 08f332441..428be111f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1531,6 +1531,9 @@ X509 CSR ASN.1 (extra data after signature) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CSR ASN.1 (invalid version overflow) +mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 File parse (no issues) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 From 2a9fd0e5c766a93c2a862bc647b219d5230c74c4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 11:11:12 +0000 Subject: [PATCH 60/64] Add CRL DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 428be111f..2e84f7858 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1182,6 +1182,12 @@ X509 CRL ASN1 (TBSCertList, no entries) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 +X509 CRL ASN1 (invalid version 2) +x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 CRL ASN1 (invalid version overflow) +x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From eacc616a9cc6a40a28132bb3e7ae7267654e6656 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 15:29:07 +0000 Subject: [PATCH 61/64] Add CRT DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2e84f7858..dfa1f71e7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1118,6 +1118,12 @@ X509 Certificate ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 Certificate ASN1 (invalid version 3) +x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 Certificate ASN1 (invalid version overflow) +x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 487b7a9efc0bfad52816d2dd8dddfb3ff5790148 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 62/64] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5c8f377c1..8e9d174e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -212,6 +212,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509_crt.c b/library/x509_crt.c index a6dce95ba..2cab63c86 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -748,14 +748,14 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * return( ret ); } - crt->version++; - - if( crt->version > 3 ) + if( crt->version < 0 || crt->version > 2 ) { mbedtls_x509_crt_free( crt ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crt->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) From 642ea1f399ad9b3a2bd0358547ff4e966c66b908 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 17 Feb 2017 13:54:43 +0000 Subject: [PATCH 63/64] Prevent signed integer overflow in CSR parsing Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard. --- ChangeLog | 4 ++++ library/x509_csr.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8e9d174e9..42a74e126 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,10 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of diff --git a/library/x509_csr.c b/library/x509_csr.c index f92b66c58..26a06db4f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */ From ab0a8042f44b2ceb5b515da538334eed488c6518 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 26 Jul 2017 17:25:55 +0100 Subject: [PATCH 64/64] Fix merge errors in ChangeLog --- ChangeLog | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 42a74e126..e8d1da5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -46,10 +30,17 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER encoded X509 CSRs. The overflow would enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of @@ -216,9 +207,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13