From 044a86bde8b0fd3b185253f52715655541dacc60 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 25 Oct 2015 10:58:03 +0100 Subject: [PATCH 001/399] Tests and fix added for #309 (inplace mpi doubling). --- library/bignum.c | 7 ++++++- tests/suites/test_suite_mpi.data | 6 ++++++ tests/suites/test_suite_mpi.function | 17 +++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 628a6eedd..1b80200cb 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -862,7 +862,12 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( X == B ) { - const mbedtls_mpi *T = A; A = X; B = T; + const mbedtls_mpi *T; + + if( B == A) + return mbedtls_mpi_shift_l( X, 1 ); + + T = A; A = X; B = T; } if( X != A ) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index f838f3bda..2cfc212d2 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -295,6 +295,12 @@ mbedtls_mpi_add_mpi:10:"20395687835640197740576586692903457728019399331434826309 Test mbedtls_mpi_add_mpi #2 mbedtls_mpi_add_mpi:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"56125680981752282333498088313568935051383833838594899821664631784577337171193624243181360054669678410455329112434552942717084003541384594864129940145043086760031292483340068923506115878221189886491132772739661669044958531131327771":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924" +Base test mbedtls_mpi_add_mpi inplace #1 +mbedtls_mpi_add_mpi_inplace:10:"12345678":10:"24691356" + +Test mbedtls_mpi_add_mpi inplace #2 +mbedtls_mpi_add_mpi_inplace:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"1287616013607108878460259709922985398302772215068026865836146879048276529684741260122739430789478268181845874665180769440794266671939098512645241958073373266427807905932350214193538360035292323703146295192780306" + Test mbedtls_mpi_add_int #1 mbedtls_mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227022647561" diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 72b49408c..788893b35 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -442,6 +442,23 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_mpi_add_mpi_inplace( int radix_X, char *input_X, int radix_A, char *input_A ) +{ + mbedtls_mpi X, A; + mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); + + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); + +exit: + mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A ); +} +/* END_CASE */ + + /* BEGIN_CASE */ void mbedtls_mpi_add_abs( int radix_X, char *input_X, int radix_Y, char *input_Y, int radix_A, char *input_A ) From 6cbacec3b339547df06b9f6c0ac5205a53c1f74a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 25 Oct 2015 12:29:13 +0100 Subject: [PATCH 002/399] Improved on the fix of #309 and extended the test to cover subroutines. --- library/bignum.c | 15 +++++++++++---- tests/suites/test_suite_mpi.function | 11 ++++++++++- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 1b80200cb..7e35aa699 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -862,12 +862,19 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( X == B ) { - const mbedtls_mpi *T; + if( B == A ) + { + // Making a temporary copy instead of shifting by one to deny + // the possibility of corresponding side-channel attacks. + mbedtls_mpi TB; - if( B == A) - return mbedtls_mpi_shift_l( X, 1 ); + mbedtls_mpi_init( &TB ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); + + return mbedtls_mpi_add_abs( X, A, &TB ); + } - T = A; A = X; B = T; + B = A; A = X; } if( X != A ) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 788893b35..2a709bc7b 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -448,8 +448,17 @@ void mbedtls_mpi_add_mpi_inplace( int radix_X, char *input_X, int radix_A, char mbedtls_mpi X, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); From 3fc644f246ec88bcb2f1ace61206fd0199f4de3f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 25 Oct 2015 14:24:10 +0100 Subject: [PATCH 003/399] Removed recursion from fix #309. --- library/bignum.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 5e2512343..9c38117b0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -859,22 +859,21 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi int ret; size_t i, j; mbedtls_mpi_uint *o, *p, c; + mbedtls_mpi TB; if( X == B ) { + B = A; A = X; + if( B == A ) { // Making a temporary copy instead of shifting by one to deny // the possibility of corresponding side-channel attacks. - mbedtls_mpi TB; - mbedtls_mpi_init( &TB ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); - return mbedtls_mpi_add_abs( X, A, &TB ); + B = &TB; } - - B = A; A = X; } if( X != A ) @@ -911,6 +910,10 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi } cleanup: + if( &TB == B ) + { + mbedtls_mpi_free( &TB ); + } return( ret ); } From 6c9226809370f0fed4639ebc30766ef5a86987b4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 30 Oct 2015 17:43:11 +0100 Subject: [PATCH 004/399] Improved on the previous fix and added a test case to cover both types of carries. --- library/bignum.c | 25 +++++++------------------ tests/suites/test_suite_mpi.data | 3 +++ 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 9c38117b0..b587b6761 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -858,22 +858,11 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi { int ret; size_t i, j; - mbedtls_mpi_uint *o, *p, c; - mbedtls_mpi TB; + mbedtls_mpi_uint *o, *p, c, tmp; if( X == B ) { - B = A; A = X; - - if( B == A ) - { - // Making a temporary copy instead of shifting by one to deny - // the possibility of corresponding side-channel attacks. - mbedtls_mpi_init( &TB ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); - - B = &TB; - } + const mbedtls_mpi *T = A; A = X; B = T; } if( X != A ) @@ -892,10 +881,14 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi o = B->p; p = X->p; c = 0; + /* + * tmp is used because it might happen that p == o + */ for( i = 0; i < j; i++, o++, p++ ) { + tmp= *o; *p += c; c = ( *p < c ); - *p += *o; c += ( *p < *o ); + *p += tmp; c += ( *p < tmp ); } while( c != 0 ) @@ -910,10 +903,6 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi } cleanup: - if( &TB == B ) - { - mbedtls_mpi_free( &TB ); - } return( ret ); } diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 2cfc212d2..3fd7f2d1b 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -301,6 +301,9 @@ mbedtls_mpi_add_mpi_inplace:10:"12345678":10:"24691356" Test mbedtls_mpi_add_mpi inplace #2 mbedtls_mpi_add_mpi_inplace:10:"643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"1287616013607108878460259709922985398302772215068026865836146879048276529684741260122739430789478268181845874665180769440794266671939098512645241958073373266427807905932350214193538360035292323703146295192780306" +Test mbedtls_mpi_add_mpi inplace #3 +mbedtls_mpi_add_mpi_inplace:16:"ffffffffffffffffffffffffffffffff":16:"01fffffffffffffffffffffffffffffffe" + Test mbedtls_mpi_add_int #1 mbedtls_mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227022647561" From 733676b97894cda2bc2bb565f32361e80a41df04 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Sat, 14 Nov 2015 13:09:01 +0000 Subject: [PATCH 005/399] Allow test suites to be run on Windows For a start, they don't even compile with Visual Studio due to strcasecmp being missing. Secondly, on Windows Perl scripts aren't executable and have to be run using the Perl interpreter directly; thankfully CMake is able to find cygwin Perl straight away without problems. --- tests/CMakeLists.txt | 7 ++++++- tests/suites/helpers.function | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 1cca81830..23eb2a432 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -10,6 +10,11 @@ if(ENABLE_ZLIB_SUPPORT) set(libs ${libs} ${ZLIB_LIBRARIES}) endif(ENABLE_ZLIB_SUPPORT) +find_package(Perl) +if(NOT PERL_FOUND) + message(FATAL_ERROR "Cannot build test suites without Perl") +endif() + function(add_test_suite suite_name) if(ARGV1) set(data_name ${ARGV1}) @@ -19,7 +24,7 @@ function(add_test_suite suite_name) add_custom_command( OUTPUT test_suite_${data_name}.c - COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name} + COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name} DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl mbedtls suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data ) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 8f681dbd4..6af918cad 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -15,6 +15,8 @@ #ifdef _MSC_VER #include typedef UINT32 uint32_t; +#define strncasecmp _strnicmp +#define strcasecmp _stricmp #else #include #endif From 6c8edca2d41580e1ca9dcaf8fd4fba70670a19c9 Mon Sep 17 00:00:00 2001 From: James Cowgill Date: Thu, 17 Dec 2015 01:40:26 +0000 Subject: [PATCH 006/399] Fix build errors on x32 by using the generic 'add' instruction On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x registers (instead of %r?x registers). These registers must be accessed using "addl" instead of "addq", however the GNU assembler will acccept the generic "add" instruction and determine the correct opcode based on the registers passed to it. --- library/aesni.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/aesni.c b/library/aesni.c index 83a5868bd..1ca3c3ef5 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -100,7 +100,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, asm( "movdqu (%3), %%xmm0 \n\t" // load input "movdqu (%1), %%xmm1 \n\t" // load round key 0 "pxor %%xmm1, %%xmm0 \n\t" // round 0 - "addq $16, %1 \n\t" // point to next round key + "add $16, %1 \n\t" // point to next round key "subl $1, %0 \n\t" // normal rounds = nr - 1 "test %2, %2 \n\t" // mode? "jz 2f \n\t" // 0 = decrypt @@ -108,7 +108,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, "1: \n\t" // encryption loop "movdqu (%1), %%xmm1 \n\t" // load round key AESENC xmm1_xmm0 "\n\t" // do round - "addq $16, %1 \n\t" // point to next round key + "add $16, %1 \n\t" // point to next round key "subl $1, %0 \n\t" // loop "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key @@ -118,7 +118,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, "2: \n\t" // decryption loop "movdqu (%1), %%xmm1 \n\t" AESDEC xmm1_xmm0 "\n\t" // do round - "addq $16, %1 \n\t" + "add $16, %1 \n\t" "subl $1, %0 \n\t" "jnz 2b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key From 21e402a3aef100414546ac77a8093ea7c0e917c0 Mon Sep 17 00:00:00 2001 From: James Cowgill Date: Thu, 17 Dec 2015 01:51:09 +0000 Subject: [PATCH 007/399] Fix segfault on x32 by using better register constraints in bn_mul.h On x32, pointers are only 4-bytes wide and need to be loaded using the "movl" instruction instead of "movq" to avoid loading garbage into the register. The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting gcc to load all the registers for us in advance (and storing them later) by using better register constraints. The b, c, D and S constraints correspond to the rbx, rcx, rdi and rsi registers respectively. --- include/mbedtls/bn_mul.h | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 5408d4146..71dd672c2 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -162,10 +162,6 @@ #define MULADDC_INIT \ asm( \ - "movq %3, %%rsi \n\t" \ - "movq %4, %%rdi \n\t" \ - "movq %5, %%rcx \n\t" \ - "movq %6, %%rbx \n\t" \ "xorq %%r8, %%r8 \n\t" #define MULADDC_CORE \ @@ -181,12 +177,9 @@ "addq $8, %%rdi \n\t" #define MULADDC_STOP \ - "movq %%rcx, %0 \n\t" \ - "movq %%rdi, %1 \n\t" \ - "movq %%rsi, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" \ + : "+c" (c), "+D" (d), "+S" (s) \ + : "b" (b) \ + : "rax", "rdx", "r8" \ ); #endif /* AMD64 */ From f92c86e44d5c33ad2a895cf7f0b989737a60d252 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 7 Jan 2016 13:18:01 +0100 Subject: [PATCH 008/399] Update reference to attack in ChangeLog We couldn't do that before the attack was public --- ChangeLog | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e21187fff..5dcb5a207 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,10 @@ Security * Fix potential double free when mbedtls_asn1_store_named_data() fails to allocate memory. Only used for certificate generation, not triggerable remotely in SSL/TLS. Found by RafaƂ Przywara. #367 - * Disable MD5 handshake signatures in TLS 1.2 by default + * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the + SLOTH attack on TLS 1.2 server authentication (other attacks from the + SLOTH paper do not apply to any version of mbed TLS or PolarSSL). + https://www.mitls.org/pages/attacks/SLOTH Bugfix * Fix over-restrictive length limit in GCM. Found by Andreas-N. #362 From afbb3101ce681080a3abf8e52674009330f389c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 7 Jan 2016 13:26:11 +0100 Subject: [PATCH 009/399] Update ChangeLog for latest PR merged fixes #309 --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5dcb5a207..b6cf066f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x branch + +Bugfix + * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three + arguments where the same (in-place doubling). Found and fixed by Janos + Follath. + = mbed TLS 2.2.1 released 2016-01-05 Security From 3551901cd149359bb3bff4b3bb8a30f87120e9e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 7 Jan 2016 13:06:51 +0100 Subject: [PATCH 010/399] Make ar invocation more portable armar doesn't understand the syntax without dash. OTOH, the syntax with dash is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as bundled with OS X) and armar, so it looks like the most portable syntax. fixes #386 --- ChangeLog | 3 ++- library/Makefile | 12 ++++++------ tests/scripts/all.sh | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index b6cf066f3..ef62ddb0a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos - Follath. + Follath. #309 + * Fix issue in Makefile that prevented building using armar. #386 = mbed TLS 2.2.1 released 2016-01-05 diff --git a/library/Makefile b/library/Makefile index 7d253434c..00528b3c8 100644 --- a/library/Makefile +++ b/library/Makefile @@ -90,9 +90,9 @@ shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT) # tls libmbedtls.a: $(OBJS_TLS) echo " AR $@" - $(AR) rc $@ $(OBJS_TLS) + $(AR) -rc $@ $(OBJS_TLS) echo " RL $@" - $(AR) s $@ + $(AR) -s $@ libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so echo " LD $@" @@ -113,9 +113,9 @@ libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll # x509 libmbedx509.a: $(OBJS_X509) echo " AR $@" - $(AR) rc $@ $(OBJS_X509) + $(AR) -rc $@ $(OBJS_X509) echo " RL $@" - $(AR) s $@ + $(AR) -s $@ libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so echo " LD $@" @@ -136,9 +136,9 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll # crypto libmbedcrypto.a: $(OBJS_CRYPTO) echo " AR $@" - $(AR) rc $@ $(OBJS_CRYPTO) + $(AR) -rc $@ $(OBJS_CRYPTO) echo " RL $@" - $(AR) s $@ + $(AR) -s $@ libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO) echo " LD $@" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d96615b48..4829c8fa0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -233,7 +233,7 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -CC=armcc WARNING_CFLAGS= make lib 2> armcc.stderr +CC=armcc AR=armar WARNING_CFLAGS= make lib 2> armcc.stderr if [ -s armcc.stderr ]; then cat armcc.stderr exit 1; From 25caaf36a618f687d45c1f724049717a15521082 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 8 Jan 2016 14:29:11 +0100 Subject: [PATCH 011/399] Avoid build errors with -O0 due to assembly --- ChangeLog | 5 +++++ include/mbedtls/bn_mul.h | 18 +++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ef62ddb0a..f68333e7a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ Bugfix Follath. #309 * Fix issue in Makefile that prevented building using armar. #386 +Changes + * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, + don't use the optimized assembly for bignum multiplication. This removes + the need to pass -fomit-frame-pointer to avoid a build error with -O0. + = mbed TLS 2.2.1 released 2016-01-05 Security diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 5408d4146..c59cbc77a 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -563,7 +563,23 @@ #endif /* TriCore */ -#if defined(__arm__) +/* + * gcc -O0 by default uses r7 for the frame pointer, so it complains about our + * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately, + * passing that option is not easy when building with yotta. + * + * On the other hand, -fomit-frame-pointer is implied by any -Ox options with + * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by + * clang and armcc5 under the same conditions). + * + * So, only use the optimized assembly below for optimized build, which avoids + * the build error and is pretty reasonable anyway. + */ +#if defined(__GNUC__) && !defined(__OPTIMIZE__) +#define CANNOT_USE_R7 +#endif + +#if defined(__arm__) && !defined(CANNOT_USE_R7) #if defined(__thumb__) && !defined(__thumb2__) From 365f325e03e9ab38ae70ae53548f43a1316d7303 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 8 Jan 2016 14:58:45 +0100 Subject: [PATCH 012/399] Make check-names.sh happy --- include/mbedtls/bn_mul.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index c59cbc77a..1fc7aa68d 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -576,10 +576,10 @@ * the build error and is pretty reasonable anyway. */ #if defined(__GNUC__) && !defined(__OPTIMIZE__) -#define CANNOT_USE_R7 +#define MULADDC_CANNOT_USE_R7 #endif -#if defined(__arm__) && !defined(CANNOT_USE_R7) +#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7) #if defined(__thumb__) && !defined(__thumb2__) From d2655ac2dc450dd5169db09f52396180879fba1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 8 Jan 2016 15:02:05 +0100 Subject: [PATCH 013/399] Add test for yotta debug build --- tests/scripts/yotta-build.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/yotta-build.sh b/tests/scripts/yotta-build.sh index 0651baee6..19cc57664 100755 --- a/tests/scripts/yotta-build.sh +++ b/tests/scripts/yotta-build.sh @@ -11,8 +11,12 @@ yt update || true # needs network yotta_build() { TARGET=$1 - echo; echo "*** $TARGET ***" + + echo; echo "*** $TARGET (release) ***" yt -t $TARGET build + + echo; echo "*** $TARGET (debug) ***" + yt -t $TARGET build -d } if uname -a | grep 'Linux.*x86' >/dev/null; then From b873f7ac982d2919e5c83ab776d98e1cba417a4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 4 Jan 2016 16:27:32 +0100 Subject: [PATCH 014/399] Fix doxygen warnings about deprecated tags Doxygen 1.8.10 warns that those tags are obsolete. Since we're not generating XML anyway, it seems harmless to remove them even for earlier versions. --- doxygen/mbedtls.doxyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 6a00f4757..e5c9cbb98 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1485,13 +1485,13 @@ XML_OUTPUT = xml # which can be used by a validating XML parser to check the # syntax of the XML files. -XML_SCHEMA = +#XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. -XML_DTD = +#XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting From 1d552e7583b29d52fef0c2d7eebb5adb682622b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 4 Jan 2016 16:49:09 +0100 Subject: [PATCH 015/399] Add test script for doxygen warnings --- tests/scripts/all.sh | 6 ++++++ tests/scripts/doxygen.sh | 25 +++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100755 tests/scripts/doxygen.sh diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d96615b48..421adc344 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -83,6 +83,12 @@ msg "test/build: declared and exported names" # < 3s cleanup tests/scripts/check-names.sh +if which doxygen >/dev/null; then + msg "test: doxygen warnings" # ~ 3s + cleanup + tests/scripts/doxygen.sh +fi + msg "build: create and build yotta module" # ~ 30s cleanup tests/scripts/yotta-build.sh diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh new file mode 100755 index 000000000..5a00c90b7 --- /dev/null +++ b/tests/scripts/doxygen.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# Make sure the doxygen documentation builds without warnings + +# Abort on errors (and uninitiliased variables) +set -eu + +if [ -d library -a -d include -a -d tests ]; then :; else + echo "Must be run from mbed TLS root" >&2 + exit 1 +fi + +if make apidoc > doc.out 2>doc.err; then :; else + cat doc.err + echo "FAIL" >&2 + exit 1; +fi + +if grep warning doc.out doc.err; then + echo "FAIL" >&2 + exit 1; +fi + +make apidoc_clean +rm -f doc.out doc.err From 695e0ba014b668f1822e0bb4c2899972ca55fbdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 4 Jan 2016 17:08:31 +0100 Subject: [PATCH 016/399] Add new doxygen test to travis --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index f30a4e398..dbc23476a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,7 @@ script: - tests/scripts/check-generated-files.sh - tests/scripts/check-doxy-blocks.pl - tests/scripts/check-names.sh +- tests/scripts/doxygen.sh - cmake -D CMAKE_BUILD_TYPE:String="Check" . - make - make test @@ -23,6 +24,10 @@ env: secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" addons: + apt: + packages: + - doxygen + - graphviz coverity_scan: project: name: "ARMmbed/mbedtls" From 259b08a5d216cc2bc709d8b8dd9adf391dc296d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 8 Jan 2016 16:27:41 +0100 Subject: [PATCH 017/399] Add -s (short) option to all.sh On my machine, that reduces running time from about 30 minutes to less than 10 minutes, while maintaining a good probability of catching the most likely issues in practice. --- tests/scripts/all.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 421adc344..9d3a38b63 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -21,12 +21,16 @@ CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 +SHORT=0 while [ $# -gt 0 ]; do case "$1" in -m*) MEMORY=${1#-m} ;; + -s) + SHORT=1 + ;; *) echo "Unknown argument: '$1'" >&2 echo "Use the source, Luke!" >&2 @@ -109,6 +113,11 @@ msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s tests/scripts/test-ref-configs.pl # Most frequent issues are likely to be caught at this point +if [ $SHORT -eq 1 ]; then + msg "Done, cleaning up" + cleanup + exit 0 +fi msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min make From de7ae7b2e90ec82c1b5286a8c8c36a297ba633c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 8 Jan 2016 16:47:33 +0100 Subject: [PATCH 018/399] Exclude some warnings from the doxygen test Apparently travis has an old version of doxygen that doesn't know all tags in our config. That's not something we care about, we only want to know about warnings in our doxygen content --- tests/scripts/doxygen.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index 5a00c90b7..1013cbd16 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -16,10 +16,14 @@ if make apidoc > doc.out 2>doc.err; then :; else exit 1; fi -if grep warning doc.out doc.err; then +cat doc.out doc.err | \ + grep -v "warning: ignoring unsupported tag" \ + > doc.filtered + +if grep "warning" doc.filtered; then echo "FAIL" >&2 exit 1; fi make apidoc_clean -rm -f doc.out doc.err +rm -f doc.out doc.err doc.filtered From 35d07bfb451422cf63f297078fd5d10898899871 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 8 Jan 2016 16:48:51 +0100 Subject: [PATCH 019/399] Exclude more things from doxygen inputs --- doxygen/mbedtls.doxyfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index e5c9cbb98..3170c80a8 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -664,7 +664,7 @@ WARN_LOGFILE = # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = . +INPUT = include # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is @@ -696,7 +696,7 @@ RECURSIVE = YES # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = configs +EXCLUDE = configs yotta/module # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded @@ -710,7 +710,7 @@ EXCLUDE_SYMLINKS = NO # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* -EXCLUDE_PATTERNS = +EXCLUDE_PATTERNS = *_internal.h *_wrap.h # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the From 04d42111f499c91bb5a95af9304737557674f946 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 12 Jan 2016 00:59:15 +0000 Subject: [PATCH 020/399] Reverted the INPUT in doxygen to . Previous change to include excluded the content in doxygen/input --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 3170c80a8..2fc0b7f90 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -664,7 +664,7 @@ WARN_LOGFILE = # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = include +INPUT = . # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is From c990189e14eab809cbb39bb350a36fcdab5c85ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 12 Jan 2016 13:59:39 +0000 Subject: [PATCH 021/399] Revert changes done to 'make apidoc' target This partially reverts 1989caf71c1d4 (only the changes to Makefile and CMakeLists, the addition to scripts/config.pl is kept). Modifying config.h in the apidoc target creates a race condition with make -j4 all apidoc where some parts of the library, tests or programs could be built with the wrong config.h, resulting in all kinds of (semi-random) errors. Recent versions of CMake mitigate this by adding a .NOTPARALLEL target to the generated Makefile, but people would still get errors with older CMake versions that are still in use (eg in RHEL 5), and with plain make. An additional issue is that, by failing to use cp -p, the apidoc target was updating the timestamp on config.h, which seems to cause further build issues. Let's get back to the previous, safe, situation. The improved apidoc building will be resurrected in a script in the next commit. fixes #390 fixes #391 --- CMakeLists.txt | 17 +++-------------- ChangeLog | 2 ++ Makefile | 3 --- 3 files changed, 5 insertions(+), 17 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 890521853..094d9069b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -85,20 +85,9 @@ if(ENABLE_PROGRAMS) add_subdirectory(programs) endif() -# targets for doxygen only work on Unix -if(UNIX) - ADD_CUSTOM_TARGET(apidoc - COMMAND mkdir -p apidoc - COMMAND cp include/mbedtls/config.h include/mbedtls/config.h.bak - COMMAND scripts/config.pl realfull - COMMAND doxygen doxygen/mbedtls.doxyfile - COMMAND mv include/mbedtls/config.h.bak include/mbedtls/config.h - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) - - ADD_CUSTOM_TARGET(apidoc_clean - COMMAND rm -rf apidoc - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) -endif(UNIX) +ADD_CUSTOM_TARGET(apidoc + COMMAND doxygen doxygen/mbedtls.doxyfile + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) if(ENABLE_TESTING) enable_testing() diff --git a/ChangeLog b/ChangeLog index b6cf066f3..3f8d55357 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos Follath. + * Fix potential build failures related to the 'apidoc' target, introduced + in the previous patch release. Found by Robert Scheck. #390 #391 = mbed TLS 2.2.1 released 2016-01-05 diff --git a/Makefile b/Makefile index 0950e6b17..7f03115b0 100644 --- a/Makefile +++ b/Makefile @@ -87,10 +87,7 @@ lcov: apidoc: mkdir -p apidoc - cp include/mbedtls/config.h include/mbedtls/config.h.bak - scripts/config.pl realfull doxygen doxygen/mbedtls.doxyfile - mv include/mbedtls/config.h.bak include/mbedtls/config.h apidoc_clean: rm -rf apidoc From d091ed1911e227e7a036327f882e7d0d68a1bf9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 12 Jan 2016 14:17:52 +0000 Subject: [PATCH 022/399] Add scripts/apidoc_full.sh This re-introduces the apidoc with full config.h, but hopefully with the race conditions and other issues that the previous implementation had. Adapt doxygen test script to use that new script, and also check for errors in addition to warnings while at it. --- scripts/apidoc_full.sh | 25 +++++++++++++++++++++++++ tests/scripts/doxygen.sh | 4 ++-- 2 files changed, 27 insertions(+), 2 deletions(-) create mode 100755 scripts/apidoc_full.sh diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh new file mode 100755 index 000000000..bebab103e --- /dev/null +++ b/scripts/apidoc_full.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# Generate doxygen documentation with a full config.h (this ensures that every +# available flag is documented, and avoids warnings about documentation +# without a corresponding #define). +# +# /!\ This must not be a Makefile target, as it would create a race condition +# when multiple targets are invoked in the same parallel build. + +set -eu + +CONFIG_H='include/mbedtls/config.h' + +if [ -r $CONFIG_H ]; then :; else + echo "$CONFIG_H not found" >&2 + exit 1 +fi + +CONFIG_BAK=${CONFIG_H}.bak +cp -p $CONFIG_H $CONFIG_BAK + +scripts/config.pl realfull +make apidoc + +mv $CONFIG_BAK $CONFIG_H diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index 1013cbd16..e7758c9e8 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -10,7 +10,7 @@ if [ -d library -a -d include -a -d tests ]; then :; else exit 1 fi -if make apidoc > doc.out 2>doc.err; then :; else +if scripts/apidoc_full.sh > doc.out 2>doc.err; then :; else cat doc.err echo "FAIL" >&2 exit 1; @@ -20,7 +20,7 @@ cat doc.out doc.err | \ grep -v "warning: ignoring unsupported tag" \ > doc.filtered -if grep "warning" doc.filtered; then +if egrep "(warning|error):" doc.filtered; then echo "FAIL" >&2 exit 1; fi From 00b78a9c54ab2c5c2941d395fd3202272d148b88 Mon Sep 17 00:00:00 2001 From: Alexey Skalozub Date: Wed, 13 Jan 2016 17:39:58 +0200 Subject: [PATCH 023/399] Move K inside MBEDTLS_SHA512_PROCESS_ALT block It is used only by `mbedtls_sha512_process()`, and in case `MBEDTLS_SHA512_PROCESS_ALT` is defined, it still cannot be reused because of `static` declaration. --- library/sha512.c | 95 ++++++++++++++++++++++++------------------------ 1 file changed, 48 insertions(+), 47 deletions(-) diff --git a/library/sha512.c b/library/sha512.c index af610bb43..0f9e1e535 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -89,53 +89,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { } #endif /* PUT_UINT64_BE */ -/* - * Round constants - */ -static const uint64_t K[80] = -{ - UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), - UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), - UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), - UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), - UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), - UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), - UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), - UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), - UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), - UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), - UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), - UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), - UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), - UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), - UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), - UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), - UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), - UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), - UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), - UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), - UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), - UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), - UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), - UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), - UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), - UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), - UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), - UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), - UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), - UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), - UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), - UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), - UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), - UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), - UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), - UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), - UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), - UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), - UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), - UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) -}; - void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); @@ -192,6 +145,54 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) } #if !defined(MBEDTLS_SHA512_PROCESS_ALT) + +/* + * Round constants + */ +static const uint64_t K[80] = +{ + UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), + UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), + UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), + UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), + UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), + UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), + UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), + UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), + UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), + UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), + UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), + UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), + UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), + UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), + UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), + UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), + UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), + UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), + UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), + UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), + UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), + UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), + UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), + UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), + UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), + UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), + UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), + UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), + UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), + UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), + UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), + UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), + UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), + UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), + UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), + UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), + UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), + UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), + UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), + UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) +}; + void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) { int i; From bdae02ce90e081a2904f550f069ce7c11565c3dc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 20 Jan 2016 00:44:42 +0000 Subject: [PATCH 024/399] Corrected references for RSA and DHM The links in the references in rsa.c and dhm.c were no longer valid and needed updating. --- library/dhm.c | 7 +++++-- library/rsa.c | 12 +++++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index 0f4d31643..a4715d170 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -19,9 +19,12 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ /* - * Reference: + * The following sources were referenced in the design of this implementation + * of the Diffie-Hellman-Merkle algorithm: + * + * [1] Handbook of Applied Cryptography - 1997, Chapter 12 + * Menezes, van Oorschot and Vanstone * - * http://www.cacr.math.uwaterloo.ca/hac/ (chapter 12) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/library/rsa.c b/library/rsa.c index efdd055c4..fba68ddfc 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -19,10 +19,16 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ /* - * RSA was designed by Ron Rivest, Adi Shamir and Len Adleman. + * The following sources were referenced in the design of this implementation + * of the RSA algorithm: + * + * [1] A method for obtaining digital signatures and public-key cryptosystems + * R Rivest, A Shamir, and L Adleman + * http://people.csail.mit.edu/rivest/pubs.html#RSA78 + * + * [2] Handbook of Applied Cryptography - 1997, Chapter 8 + * Menezes, van Oorschot and Vanstone * - * http://theory.lcs.mit.edu/~rivest/rsapaper.pdf - * http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf */ #if !defined(MBEDTLS_CONFIG_FILE) From d19ea90f11c657db2c1a4232a40c460eb1a92400 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 26 Jan 2016 11:39:26 +0100 Subject: [PATCH 025/399] Fix handle leak in mbedtls_platform_entropy_poll() on Windows on error --- library/entropy_poll.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 25a27bef3..01bd58efc 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -61,7 +61,10 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len } if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE ) + { + CryptReleaseContext( provider, 0 ); return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + } CryptReleaseContext( provider, 0 ); *olen = len; From edb1a483971c836e84e95d7b73ee39bd6b450675 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 29 Jan 2016 16:05:55 +0100 Subject: [PATCH 026/399] dtls: improve doc about handshake timeouts --- include/mbedtls/ssl.h | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ff5f3897f..00e1c6c6e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1309,9 +1309,24 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi * * \note Default values are from RFC 6347 section 4.2.4.1. * - * \note Higher values for initial timeout may increase average - * handshake latency. Lower values may increase the risk of - * network congestion by causing more retransmissions. + * \note The 'min' value should typically be slightly above the + * expected round-trip time to your peer, plus whatever time + * it takes for the peer to process the message. For example, + * if your RTT is about 600ms and you peer needs up to 1s to + * do the cryptographic operations in the handshake, then you + * should set 'min' slightly above 1600. Lower values of 'min' + * might cause spurious resends which waste network resources, + * while larger value of 'min' will increase overall latency + * on unreliable network links. + * + * \note The more unreliable your network connection is, the larger + * your max / min ratio needs to be in order to achieve + * reliable handshakes. + * + * \note Messages are retransmitted up to log2(ceil(max/min)) times. + * For example, if min = 1s and max = 5s, the retransmit plan + * goes: send ... 1s -> resend ... 2s -> resend ... 4s -> + * resend ... 5s -> give up and return a timeout error. */ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ From 599d349811dcb438ac7969ad3cfbe897b6b6a0c9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 14:52:29 +0000 Subject: [PATCH 027/399] Included tests for the overflow --- library/rsa.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..3cb92f40c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -529,7 +529,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - if( olen < ilen + 2 * hlen + 2 ) + // first comparison checks for overflow + if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); memset( output, 0, olen ); @@ -594,8 +595,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - - if( olen < ilen + 11 ) + + // first comparison checks for overflow + if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen; From b8afe1bb2c8fdd3d85d9c5c669bd0b4f45eb65e9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 9 Feb 2016 14:51:35 +0000 Subject: [PATCH 028/399] Included test for integer underflow. --- library/rsa.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..881805ee1 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -720,6 +720,10 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, */ hlen = mbedtls_md_get_size( md_info ); + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); From ca214b9aaf358b2a2f3ce063fd66339749ee9af7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 9 Feb 2016 16:53:08 +0000 Subject: [PATCH 029/399] Updated relevant #ifdef --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4424f5677..a4a5bff72 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6949,7 +6949,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) #endif #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* explicit void pointer cast for buggy MS compiler */ mbedtls_free( (void *) handshake->curves ); #endif From 4ae5c294a41c0ff5e72c9063357f777df1cd8dac Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 11:27:43 +0000 Subject: [PATCH 030/399] Add Changelog entry and improve coding style --- ChangeLog | 2 ++ library/ssl_tls.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 71aa60567..e9b67908f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,8 @@ Bugfix * Fix potential build failures related to the 'apidoc' target, introduced in the previous patch release. Found by Robert Scheck. #390 #391 * Fix issue in Makefile that prevented building using armar. #386 + * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and + ECDSA was disabled in config.h . The leak didn't occur by default. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a4a5bff72..a4cc1ca05 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6949,7 +6949,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ) #endif #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* explicit void pointer cast for buggy MS compiler */ mbedtls_free( (void *) handshake->curves ); #endif From 31581985a0965a238ca13fc152dda8bc2c4ad9ba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 031/399] Add Changelog entry for current branch --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 71aa60567..cff532e9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x branch +Security + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos From eae41bf340bdb280ad2c72db367811c664bf9ac6 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:40:16 +0000 Subject: [PATCH 032/399] Add Changelog entry for current branch --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 71aa60567..f37bd9b67 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x branch +Security + * Fix a potential integer underflow to buffer overread in + mbedtls_rsa_rsaes_oaep_decrypt + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos From 9678b5dccd42d745f734db01a7223007f580982f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 11 Feb 2016 10:35:13 +0100 Subject: [PATCH 033/399] Add precision about exploitability in ChangeLog Also fix some whitespace while at it. --- ChangeLog | 1 + library/rsa.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index cff532e9c..5b88a2506 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three diff --git a/library/rsa.c b/library/rsa.c index 3cb92f40c..9150e8745 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -595,7 +595,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - + // first comparison checks for overflow if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); From c17cda1ab9c8b42bfa183830f0acdcbeabcd154c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Feb 2016 11:08:18 +0000 Subject: [PATCH 034/399] Moved underflow test to better reflect time constant behaviour. --- library/rsa.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 881805ee1..34f9d8b05 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -705,6 +705,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + hlen = mbedtls_md_get_size( md_info ); + + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + /* * RSA operation */ @@ -718,12 +724,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, /* * Unmask data and generate lHash */ - hlen = mbedtls_md_get_size( md_info ); - - // checking for integer underflow - if( 2 * hlen + 2 > ilen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); From bc247c99469028c536c051620f326374cd279414 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Feb 2016 11:15:44 +0000 Subject: [PATCH 035/399] Extended ChangeLog entry --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f37bd9b67..e89e54ad6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix a potential integer underflow to buffer overread in - mbedtls_rsa_rsaes_oaep_decrypt + mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in + SSL/TLS. Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 8c4472af397c58c0a28416881f31229d554bdecd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 13 Feb 2016 23:19:04 +0000 Subject: [PATCH 036/399] Clarified mbedtls_ssl_conf_alpn_protocols() doc Clarified the lifetime of the protos parameter passed in the function mbedtls_ssl_conf_alpn_protocols(). --- include/mbedtls/ssl.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 00e1c6c6e..ad0e42c6c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1762,8 +1762,11 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, * \brief Set the supported Application Layer Protocols. * * \param conf SSL configuration - * \param protos NULL-terminated list of supported protocols, - * in decreasing preference order. + * \param protos Pointer to a NULL-terminated list of supported protocols, + * in decreasing preference order. The pointer to the list is + * recorded by the library for later reference as required, so + * the lifetime of the table should be as long as the + * SSL configuration structure. * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ From 0b2423403c1233c0848530dc06cf1ba36707e484 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 17 Feb 2016 10:11:21 +0000 Subject: [PATCH 037/399] x509: trailing bytes in DER: add integration tests --- tests/data_files/server5-der0.crt | Bin 0 -> 547 bytes tests/data_files/server5-der1a.crt | Bin 0 -> 548 bytes tests/data_files/server5-der1b.crt | Bin 0 -> 548 bytes tests/data_files/server5-der2.crt | Bin 0 -> 549 bytes tests/data_files/server5-der4.crt | Bin 0 -> 551 bytes tests/data_files/server5-der8.crt | Bin 0 -> 555 bytes tests/data_files/server5-der9.crt | Bin 0 -> 556 bytes tests/ssl-opt.sh | 58 +++++++++++++++++++++++++++++ 8 files changed, 58 insertions(+) create mode 100644 tests/data_files/server5-der0.crt create mode 100644 tests/data_files/server5-der1a.crt create mode 100644 tests/data_files/server5-der1b.crt create mode 100644 tests/data_files/server5-der2.crt create mode 100644 tests/data_files/server5-der4.crt create mode 100644 tests/data_files/server5-der8.crt create mode 100644 tests/data_files/server5-der9.crt diff --git a/tests/data_files/server5-der0.crt b/tests/data_files/server5-der0.crt new file mode 100644 index 0000000000000000000000000000000000000000..08d8dd311b525fd51171a1019ad3194dad91580a GIT binary patch literal 547 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z RfPe8Z2E`yPzK_SR0ss?|s)_&r literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der1a.crt b/tests/data_files/server5-der1a.crt new file mode 100644 index 0000000000000000000000000000000000000000..015017b17db1c360392790665896ea46dc0feac2 GIT binary patch literal 548 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z SfPe8Z2E`yPzK_SRG5`R+9IA={ literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der1b.crt b/tests/data_files/server5-der1b.crt new file mode 100644 index 0000000000000000000000000000000000000000..6340d9e2ed9fb5e60822f52182c08cddf98f4417 GIT binary patch literal 548 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z SfPe8Z2E`yPzK_SR9s~fs-K$Fg literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der2.crt b/tests/data_files/server5-der2.crt new file mode 100644 index 0000000000000000000000000000000000000000..c6e320a369c20c3ee8c54d3caa1d5af0a7225206 GIT binary patch literal 549 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z TfPe8Z2E`yPzK_SR?&JahYB8%# literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der4.crt b/tests/data_files/server5-der4.crt new file mode 100644 index 0000000000000000000000000000000000000000..4af05cce1ed05ea02e9fac3fed3a0904b44799b0 GIT binary patch literal 551 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z VfPe8Z2E`yPzK_SRE*F>*4*yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z ZfPe8Z2E`yPzK_SRE?NFxU9D;rKLC6Lu2cX3 literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-der9.crt b/tests/data_files/server5-der9.crt new file mode 100644 index 0000000000000000000000000000000000000000..4947f1f83fad41a48cee838ccf8cfdf2f2100e29 GIT binary patch literal 556 zcmXqLVv;v#VqCg_nTe5!iILNQi;Y98&EuRc3p0~}ogudYCmVAp3!5;LpO2xS0Y8Yt zCCm|!pOaV=9PDE#V;}_*Vipz#3l$gVD1@XImngV8D>yqE$cghB8XH&|nHZXy8X1^G ziSrtPxJFQ}feAtLg$x8B=5yxcCnx4)dUQv4h>n#0YgPGb1~*69bF+nXsE> zoN`e`cE=-i|10FZtNF<`vE;&9k*(h|lp>QR`8{R0p)C0SmHs7@*jTZ>T^)zA%Xvf3 zc4_hbVmz_s?f=D%a}642fxRp%%)(^AU?2;$U6zkUj720MacTb*_M6w67;`VyonyI+c^Rf1A}TbXwv-X(%>vG8}Y%RF~v@ z<^^)(FlR6rq%s*Y%+iUuzU=m*rzyN2cKY4Do_I~z@c8QDhTWGh7Ym21ox~lx`of;? z>-3*3RMa$`y2{Ry$w1Mpe(tf@W8ACNKdH)Ee?0%uR8{2p(~r})Mm~-ctx4NCq53$Z afPe8Z2E`yPzK_SRp8sKBT=suSl_mf!qOWiO literal 0 HcmV?d00001 diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c0b6f94d6..e1ecbca33 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1554,6 +1554,64 @@ run_test "Renego ext: gnutls client unsafe, server break legacy" \ -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ -S "server hello, secure renegotiation extension" +# Tests for silently dropping trailing extra bytes in .der certificates + +requires_gnutls +run_test "DER format: no trailing bytes" \ + "$P_SRV crt_file=data_files/server5-der0.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with a trailing zero byte" \ + "$P_SRV crt_file=data_files/server5-der1a.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with a trailing random byte" \ + "$P_SRV crt_file=data_files/server5-der1b.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with 2 trailing random bytes" \ + "$P_SRV crt_file=data_files/server5-der2.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with 4 trailing random bytes" \ + "$P_SRV crt_file=data_files/server5-der4.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with 8 trailing random bytes" \ + "$P_SRV crt_file=data_files/server5-der8.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + +requires_gnutls +run_test "DER format: with 9 trailing random bytes" \ + "$P_SRV crt_file=data_files/server5-der9.crt \ + key_file=data_files/server5.key" \ + "$G_CLI " \ + 0 \ + -c "Handshake was completed" \ + # Tests for auth_mode run_test "Authentication: server badcert, client required" \ From e154f95e035ed07763a95ccda25bd7074454242b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 17 Feb 2016 14:24:28 +0000 Subject: [PATCH 038/399] x509: trailing bytes in DER: correct a unit test One of the unit test was failing, because it was testing behavior that was part of the bug. Updated the return value to the correct one --- tests/suites/test_suite_x509parse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2f2137f54..6b04ae37e 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -755,7 +755,7 @@ X509 Certificate ASN1 (Incorrect first tag) x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT X509 Certificate ASN1 (Correct first tag, data length does not match) -x509parse_crt:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (Correct first tag, no more data) x509parse_crt:"3000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA From cc0e49ddde3d8dbfcbbdc725b3d48482fb8015f1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 17 Feb 2016 14:34:12 +0000 Subject: [PATCH 039/399] x509: trailing bytes in DER: fix bug Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. #377 --- ChangeLog | 2 ++ library/x509_crt.c | 23 +++++++++++++++-------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index e9b67908f..ed32f0b37 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix issue in Makefile that prevented building using armar. #386 * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. + * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the + buffer after DER certificates to be included in the raw representation. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/x509_crt.c b/library/x509_crt.c index 6dc5ad34f..a1ce2544e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -680,14 +680,9 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * if( crt == NULL || buf == NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); - p = mbedtls_calloc( 1, len = buflen ); - if( p == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); - - memcpy( p, buf, buflen ); - - crt->raw.p = p; - crt->raw.len = len; + // Use the original buffer until we figure out actual length + p = (unsigned char*) buf; + len = buflen; end = p + len; /* @@ -711,6 +706,18 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * } crt_end = p + len; + // Create and populate a new buffer for the raw field + crt->raw.len = crt_end - buf; + crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len ); + if( p == NULL ) + return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + + memcpy( p, buf, crt->raw.len ); + + // Direct pointers to the new buffer + p += crt->raw.len - len; + end = crt_end = p + len; + /* * TBSCertificate ::= SEQUENCE { */ From d13b9507b3eb868acf3b999956daddf0b090b699 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 09:33:52 +0100 Subject: [PATCH 040/399] Improve documentation of some SSL callbacks The previous documentation was not explicit about what was expected of the callbacks - the user had to infer that from the descriptions in net.h or timing.h, and it was not clear what was part of the calling convention and what was specific to our implementation. --- include/mbedtls/ssl.h | 153 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 136 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 00e1c6c6e..2569f59e0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -969,6 +969,76 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg ); +/** + * \brief Callback type: send data on the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer holding the date to send + * \param len Length of the data to send + * + * \return The callback must return the number of bytes sent if any, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE + * must be returned when the operation would block. + * + * \note The callback is allowed to send less bytes than requested. + * It must always return the number of bytes actually sent. + */ +typedef int mbedtls_ssl_send_t( void *ctx, + const unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * + * \return The callback must return the number of bytes received, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ + * must be returned when the operation would block. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_t( void *ctx, + unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network, with timeout + * + * \note That callback must block until data is received, or the + * timeout delay expires, or the operation is interrupted by a + * signal. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * \param timeout Maximum nomber of millisecondes to wait for data + * 0 means no timeout (potentially wait forever) + * + * \return The callback must return the number of bytes received, + * or a non-zero error code: + * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, + * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_timeout_t( void *ctx, + unsigned char *buf, + size_t len, + uint32_t timeout ); + /** * \brief Set the underlying BIO callbacks for write, read and * read-with-timeout. @@ -978,8 +1048,6 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \param f_send write callback * \param f_recv read callback * \param f_recv_timeout blocking read callback with timeout. - * The last argument is the timeout in milliseconds, - * 0 means no timeout (block forever until a message comes) * * \note One of f_recv or f_recv_timeout can be NULL, in which case * the other is used. If both are non-NULL, f_recv_timeout is @@ -991,12 +1059,20 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * * \note For DTLS, you need to provide either a non-NULL * f_recv_timeout callback, or a f_recv that doesn't block. + * + * \note See the documentations of \c mbedtls_ssl_sent_t, + * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for + * the convetions those callbacks must follow. + * + * \note On some platforms, net.c provides \c mbedtls_net_send(), + * \c mbedtls_net_recv() and \c mbedtls_net_recv_timeout() + * that are suitable to be used here. */ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - void *p_bio, - int (*f_send)(void *, const unsigned char *, size_t), - int (*f_recv)(void *, unsigned char *, size_t), - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) ); + void *p_bio, + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout ); /** * \brief Set the timeout period for mbedtls_ssl_read() @@ -1017,24 +1093,67 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); /** - * \brief Set the timer callbacks - * (Mandatory for DTLS.) + * \brief Callback type: set a pair of timers/delays to watch + * + * \param ctx Context pointer + * \param int_ms Intermediate delay in milliseconds + * \param fin_ms Final delay in milliseconds + * 0 cancels the current timer. + * + * \note This callback must at least store the necessary information + * for the associated \c mbedtls_ssl_get_timer_t callback to + * return correct information. + * + * \note If using a event-driven style of programming, an event must + * be generated when the final delay is passed. The event must + * cause a call to \c mbedtls_ssl_handshake() with the proper + * SSL context to be scheduled. Care must be taken to ensure + * that at most one such call happens at a time. + * + * \note Only one timer at a time must be running. Calling this + * function while a timer is running must cancel it. Cancelled + * timers must not generate any event. + */ +typedef void mbedtls_ssl_set_timer_t( void * ctx, + uint32_t int_ms, + uint32_t fin_ms ); + +/** + * \brief Callback type: get status of timers/delays + * + * \param ctx Context pointer + * + * \return This callback must return: + * -1 if cancelled (fin_ms == 0), + * 0 if none of the delays is passed, + * 1 if only the intermediate delay is passed, + * 2 if the final delay is passed. + */ +typedef int mbedtls_ssl_get_timer_t( void * ctx ); + +/** + * \brief Set the timer callbacks (Mandatory for DTLS.) * * \param ssl SSL context - * \param p_timer parameter (context) shared by timer callback + * \param p_timer parameter (context) shared by timer callbacks * \param f_set_timer set timer callback - * Accepts an intermediate and a final delay in milliseconcs - * If the final delay is 0, cancels the running timer. * \param f_get_timer get timer callback. Must return: - * -1 if cancelled - * 0 if none of the delays is expired - * 1 if the intermediate delay only is expired - * 2 if the final delay is expired + * + * \note See the documentation of \c mbedtls_ssl_set_timer_t and + * \c mbedtls_ssl_get_timer_t for the conventions this pair of + * callbacks must fallow. + * + * \note On some platforms, timing.c provides + * \c mbedtls_timing_set_delay() and + * \c mbedtls_timing_get_delay() that are suitable for using + * here, except if using an event-driven style. + * + * \note See also the "DTLS tutorial" article in our knowledge base. */ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, - void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms), - int (*f_get_timer)(void *) ); + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer ); /** * \brief Callback type: generate and write session ticket From 325ce093f9e80900e560fd1cadecad3c63408d8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 10:33:34 +0100 Subject: [PATCH 041/399] Give better error messages for semi-portable parts Previously it was failing with errors about headers not found, which is suboptimal in terms of clarity. Now give a clean error with pointer to the documentation. Do the checks in the .c files rather than check_config.h as it keeps them closer to the platform-specific implementations. --- include/mbedtls/config.h | 17 ++++++++++++++--- library/entropy_poll.c | 6 ++++++ library/net.c | 5 +++++ library/timing.c | 5 +++++ 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d1db0d825..c69ba1bcb 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1897,11 +1897,15 @@ /** * \def MBEDTLS_NET_C * - * Enable the TCP/IP networking routines. + * Enable the TCP and UDP over IPv6/IPv4 networking routines. + * + * \note This module only works on Unix (including Linux, BSD and OS X) and + * Windows. For other platforms, you'll want to disable it, and write your + * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). * * Module: library/net.c * - * This module provides TCP/IP networking routines. + * This module provides networking routines. */ #define MBEDTLS_NET_C @@ -2264,7 +2268,14 @@ /** * \def MBEDTLS_TIMING_C * - * Enable the portable timing interface. + * Enable the semi-portable timing interface. + * + * \note The provided implementation only works on Unix (including Linux, BSD + * and OS X) and Windows. On other platforms, you can either disable that + * module and provide your own implementations of the callbacks needed by + * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide + * your own implementation of the whole module by setting + * \c MBEDTLS_TIMING_ALT in the current file. * * Module: library/timing.c * Caller: library/havege.c diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 25a27bef3..972ad2aea 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -39,6 +39,12 @@ #endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) + +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" +#endif + #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if !defined(_WIN32_WINNT) diff --git a/library/net.c b/library/net.c index a77268c55..3b78b6b15 100644 --- a/library/net.c +++ b/library/net.c @@ -27,6 +27,11 @@ #if defined(MBEDTLS_NET_C) +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" +#endif + #include "mbedtls/net.h" #include diff --git a/library/timing.c b/library/timing.c index 5d8b25b99..a7c7ff027 100644 --- a/library/timing.c +++ b/library/timing.c @@ -38,6 +38,11 @@ #if !defined(MBEDTLS_TIMING_ALT) +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" +#endif + #ifndef asm #define asm __asm #endif From 02049dcbd1b758ad0b33f33e95c545894dabb106 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 16:42:51 +0000 Subject: [PATCH 042/399] Add links to KB articles --- include/mbedtls/config.h | 11 ++++++++++- include/mbedtls/ssl.h | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c69ba1bcb..987d59d64 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1903,6 +1903,10 @@ * Windows. For other platforms, you'll want to disable it, and write your * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). * + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * * Module: library/net.c * * This module provides networking routines. @@ -2251,7 +2255,8 @@ * By default mbed TLS assumes it is used in a non-threaded environment or that * contexts are not shared between threads. If you do intend to use contexts * between threads, you will need to enable this layer to prevent race - * conditions. + * conditions. See also our Knowledge Base article about threading: + * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading * * Module: library/threading.c * @@ -2277,6 +2282,10 @@ * your own implementation of the whole module by setting * \c MBEDTLS_TIMING_ALT in the current file. * + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * * Module: library/timing.c * Caller: library/havege.c * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2569f59e0..c64b1b230 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1149,6 +1149,7 @@ typedef int mbedtls_ssl_get_timer_t( void * ctx ); * here, except if using an event-driven style. * * \note See also the "DTLS tutorial" article in our knowledge base. + * https://tls.mbed.org/kb/how-to/dtls-tutorial */ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, From 4b17e53c72b9bc8a4d3993abff23040b3c7b2f9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 10:47:43 +0100 Subject: [PATCH 043/399] Fix Unix detection in mini_client fixes #398 --- programs/ssl/mini_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index d61312425..26082ef5b 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -36,7 +36,7 @@ * This is not a good example for general use. This programs has the specific * goal of minimizing use of the libc functions on full-blown OSes. */ -#if defined(unix) || defined(__unix__) || defined(__unix) +#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__) #define UNIX #endif From b967c15e4034e3e7bd890d28346ec0590db172d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 09:33:52 +0100 Subject: [PATCH 044/399] Improve documentation of some SSL callbacks The previous documentation was not explicit about what was expected of the callbacks - the user had to infer that from the descriptions in net.h or timing.h, and it was not clear what was part of the calling convention and what was specific to our implementation. --- include/mbedtls/ssl.h | 153 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 136 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ad0e42c6c..4aad2a829 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -969,6 +969,76 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg ); +/** + * \brief Callback type: send data on the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer holding the date to send + * \param len Length of the data to send + * + * \return The callback must return the number of bytes sent if any, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE + * must be returned when the operation would block. + * + * \note The callback is allowed to send less bytes than requested. + * It must always return the number of bytes actually sent. + */ +typedef int mbedtls_ssl_send_t( void *ctx, + const unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * + * \return The callback must return the number of bytes received, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ + * must be returned when the operation would block. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_t( void *ctx, + unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network, with timeout + * + * \note That callback must block until data is received, or the + * timeout delay expires, or the operation is interrupted by a + * signal. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * \param timeout Maximum nomber of millisecondes to wait for data + * 0 means no timeout (potentially wait forever) + * + * \return The callback must return the number of bytes received, + * or a non-zero error code: + * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, + * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_timeout_t( void *ctx, + unsigned char *buf, + size_t len, + uint32_t timeout ); + /** * \brief Set the underlying BIO callbacks for write, read and * read-with-timeout. @@ -978,8 +1048,6 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \param f_send write callback * \param f_recv read callback * \param f_recv_timeout blocking read callback with timeout. - * The last argument is the timeout in milliseconds, - * 0 means no timeout (block forever until a message comes) * * \note One of f_recv or f_recv_timeout can be NULL, in which case * the other is used. If both are non-NULL, f_recv_timeout is @@ -991,12 +1059,20 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * * \note For DTLS, you need to provide either a non-NULL * f_recv_timeout callback, or a f_recv that doesn't block. + * + * \note See the documentations of \c mbedtls_ssl_sent_t, + * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for + * the convetions those callbacks must follow. + * + * \note On some platforms, net.c provides \c mbedtls_net_send(), + * \c mbedtls_net_recv() and \c mbedtls_net_recv_timeout() + * that are suitable to be used here. */ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - void *p_bio, - int (*f_send)(void *, const unsigned char *, size_t), - int (*f_recv)(void *, unsigned char *, size_t), - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) ); + void *p_bio, + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout ); /** * \brief Set the timeout period for mbedtls_ssl_read() @@ -1017,24 +1093,67 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); /** - * \brief Set the timer callbacks - * (Mandatory for DTLS.) + * \brief Callback type: set a pair of timers/delays to watch + * + * \param ctx Context pointer + * \param int_ms Intermediate delay in milliseconds + * \param fin_ms Final delay in milliseconds + * 0 cancels the current timer. + * + * \note This callback must at least store the necessary information + * for the associated \c mbedtls_ssl_get_timer_t callback to + * return correct information. + * + * \note If using a event-driven style of programming, an event must + * be generated when the final delay is passed. The event must + * cause a call to \c mbedtls_ssl_handshake() with the proper + * SSL context to be scheduled. Care must be taken to ensure + * that at most one such call happens at a time. + * + * \note Only one timer at a time must be running. Calling this + * function while a timer is running must cancel it. Cancelled + * timers must not generate any event. + */ +typedef void mbedtls_ssl_set_timer_t( void * ctx, + uint32_t int_ms, + uint32_t fin_ms ); + +/** + * \brief Callback type: get status of timers/delays + * + * \param ctx Context pointer + * + * \return This callback must return: + * -1 if cancelled (fin_ms == 0), + * 0 if none of the delays is passed, + * 1 if only the intermediate delay is passed, + * 2 if the final delay is passed. + */ +typedef int mbedtls_ssl_get_timer_t( void * ctx ); + +/** + * \brief Set the timer callbacks (Mandatory for DTLS.) * * \param ssl SSL context - * \param p_timer parameter (context) shared by timer callback + * \param p_timer parameter (context) shared by timer callbacks * \param f_set_timer set timer callback - * Accepts an intermediate and a final delay in milliseconcs - * If the final delay is 0, cancels the running timer. * \param f_get_timer get timer callback. Must return: - * -1 if cancelled - * 0 if none of the delays is expired - * 1 if the intermediate delay only is expired - * 2 if the final delay is expired + * + * \note See the documentation of \c mbedtls_ssl_set_timer_t and + * \c mbedtls_ssl_get_timer_t for the conventions this pair of + * callbacks must fallow. + * + * \note On some platforms, timing.c provides + * \c mbedtls_timing_set_delay() and + * \c mbedtls_timing_get_delay() that are suitable for using + * here, except if using an event-driven style. + * + * \note See also the "DTLS tutorial" article in our knowledge base. */ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, - void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms), - int (*f_get_timer)(void *) ); + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer ); /** * \brief Callback type: generate and write session ticket From 7ff4b774b7a0ed48e432a3fdee46269a602034af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 10:33:34 +0100 Subject: [PATCH 045/399] Give better error messages for semi-portable parts Previously it was failing with errors about headers not found, which is suboptimal in terms of clarity. Now give a clean error with pointer to the documentation. Do the checks in the .c files rather than check_config.h as it keeps them closer to the platform-specific implementations. --- include/mbedtls/config.h | 17 ++++++++++++++--- library/entropy_poll.c | 6 ++++++ library/net.c | 5 +++++ library/timing.c | 5 +++++ 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d1db0d825..c69ba1bcb 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1897,11 +1897,15 @@ /** * \def MBEDTLS_NET_C * - * Enable the TCP/IP networking routines. + * Enable the TCP and UDP over IPv6/IPv4 networking routines. + * + * \note This module only works on Unix (including Linux, BSD and OS X) and + * Windows. For other platforms, you'll want to disable it, and write your + * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). * * Module: library/net.c * - * This module provides TCP/IP networking routines. + * This module provides networking routines. */ #define MBEDTLS_NET_C @@ -2264,7 +2268,14 @@ /** * \def MBEDTLS_TIMING_C * - * Enable the portable timing interface. + * Enable the semi-portable timing interface. + * + * \note The provided implementation only works on Unix (including Linux, BSD + * and OS X) and Windows. On other platforms, you can either disable that + * module and provide your own implementations of the callbacks needed by + * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide + * your own implementation of the whole module by setting + * \c MBEDTLS_TIMING_ALT in the current file. * * Module: library/timing.c * Caller: library/havege.c diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 25a27bef3..972ad2aea 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -39,6 +39,12 @@ #endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) + +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" +#endif + #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if !defined(_WIN32_WINNT) diff --git a/library/net.c b/library/net.c index a77268c55..3b78b6b15 100644 --- a/library/net.c +++ b/library/net.c @@ -27,6 +27,11 @@ #if defined(MBEDTLS_NET_C) +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" +#endif + #include "mbedtls/net.h" #include diff --git a/library/timing.c b/library/timing.c index 5d8b25b99..a7c7ff027 100644 --- a/library/timing.c +++ b/library/timing.c @@ -38,6 +38,11 @@ #if !defined(MBEDTLS_TIMING_ALT) +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" +#endif + #ifndef asm #define asm __asm #endif From c3cb4c75a58e9793019e643a48874dccf41e556f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:10:14 +0100 Subject: [PATCH 046/399] Add note about not implementing PSK id_hint --- include/mbedtls/ssl.h | 5 +++++ library/ssl_cli.c | 7 +++++-- library/ssl_srv.c | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4aad2a829..e367c474a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1613,6 +1613,11 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * \note This is mainly useful for clients. Servers will usually * want to use \c mbedtls_ssl_conf_psk_cb() instead. * + * \note Currently clients can only register one pre-shared key. + * In other words, the servers' idendity hint is ignored. + * Please contact us if you need ability to set multiple PSKs + * on clients and select one based on the identity hint. + * * \param conf SSL configuration * \param psk pointer to the pre-shared key * \param psk_len pre-shared key length diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4452169d9..1d22d1518 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1981,8 +1981,11 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - // TODO: Retrieve PSK identity hint and callback to app - // + /* + * Note: we currently ignore the PKS identity hint, as we only allow one + * PSK to be provisionned on the client. This could be changed later if + * someone needs that feature. + */ *p += len; ret = 0; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6b5b461e1..6bd0b598a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2718,7 +2718,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { - /* TODO: Support identity hints */ + /* Note: we don't support identity hints, until someone asks + * for them. */ *(p++) = 0x00; *(p++) = 0x00; From fc0e286c0e5484d7524474a0b3d78e000e8881cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:18:35 +0100 Subject: [PATCH 047/399] Remove unused code. After the record contents are decompressed, in_len is no longer accessed directly, only in_msglen is accessed. in_len is only read by ssl_parse_record_header() which happens before ssl_prepare_record_contents(). This is also made clear by the fact that in_len is not touched after decrypting anyway, so if it was accessed after that it would be wrong unless decryption is used - as this is not the case, it show in_len is not accessed. --- library/ssl_tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a4cc1ca05..0c1a7cccf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3706,10 +3706,6 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); return( ret ); } - - // TODO: what's the purpose of these lines? is in_len used? - ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); - ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); } #endif /* MBEDTLS_ZLIB_SUPPORT */ From 982b9adc96ac56be49ef2bffaab0b01e8fbe2ac5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:27:26 +0100 Subject: [PATCH 048/399] Update note about hardcoded verify_data_length --- library/ssl_tls.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0c1a7cccf..afbcdd99c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5011,7 +5011,12 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); - // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63) + /* + * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites + * may define some other value. Currently (early 2016), no defined + * ciphersuite does this (and this is unlikely to change as activity has + * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. + */ hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; #if defined(MBEDTLS_SSL_RENEGOTIATION) From 0fa5b055c93834b31f63b965d54761d9ac09b414 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:36:55 +0100 Subject: [PATCH 049/399] Clarify documentation about missing CRLs Also tune up some working while at it. --- include/mbedtls/x509_crt.h | 17 +++++++++++------ library/x509_crt.c | 9 ++------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index fe821d1cf..41b6bfe57 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -271,9 +271,14 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the * default security profile. * - * \param crt a certificate to be verified - * \param trust_ca the trusted CA chain - * \param ca_crl the CRL chain for trusted CA's + * \note It is your responsibility to provide up-to-date CRLs for + * all trusted CAs. If no CRL is provided for the CA that was + * used to sign the certificate, CRL verification is skipped + * silently, that is *without* setting any flag. + * + * \param crt a certificate (chain) to be verified + * \param trust_ca the list of trusted CAs + * \param ca_crl the list of CRLs for trusted CAs (see note above) * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) * \param flags result of the verification @@ -304,9 +309,9 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, * for ECDSA) apply to all certificates: trusted root, * intermediate CAs if any, and end entity certificate. * - * \param crt a certificate to be verified - * \param trust_ca the trusted CA chain - * \param ca_crl the CRL chain for trusted CA's + * \param crt a certificate (chain) to be verified + * \param trust_ca the list of trusted CAs + * \param ca_crl the list of CRLs for trusted CAs * \param profile security profile for verification * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) diff --git a/library/x509_crt.c b/library/x509_crt.c index 6dc5ad34f..0606eb96d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1600,7 +1600,8 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 } /* - * Check that the given certificate is valid according to the CRL. + * Check that the given certificate is not revoked according to the CRL. + * Skip validation is no CRL for the given CA is present. */ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, mbedtls_x509_crl *crl_list, @@ -1613,12 +1614,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, if( ca == NULL ) return( flags ); - /* - * TODO: What happens if no CRL is present? - * Suggestion: Revocation state should be unknown if no CRL is present. - * For backwards compatibility this is not yet implemented. - */ - while( crl_list != NULL ) { if( crl_list->version == 0 || From b222cd92c17bb8bae5958fd1b29c266387d5a3ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 12:02:30 +0100 Subject: [PATCH 050/399] Remove unnecessary TODO comment We don't implement anonymous key exchanges, and we don't intend to, so it can never happen that an unauthenticated server requests a certificate from us. --- library/ssl_cli.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1d22d1518..5ce7d2529 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2581,9 +2581,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) ssl->record_read = 0; - // TODO: handshake_failure alert for an anonymous server to request - // client authentication - /* * struct { * ClientCertificateType certificate_types<1..2^8-1>; From 04d39d282569e33dd5c53a5074b6bab55e5f3727 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 14:13:22 +0000 Subject: [PATCH 051/399] ssl: ignore CertificateRequest's content for real - document why we made that choice - remove the two TODOs about checking hash and CA - remove the code that parsed certificate_type: it did nothing except store the selected type in handshake->cert_type, but that field was never accessed afterwards. Since handshake_params is now an internal type, we can remove that field without breaking the ABI. --- include/mbedtls/ssl.h | 7 +++- include/mbedtls/ssl_internal.h | 1 - library/ssl_cli.c | 67 +++++++++++++--------------------- 3 files changed, 31 insertions(+), 44 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e367c474a..3a8b73362 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1593,7 +1593,12 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * adequate, preference is given to the one set by the first * call to this function, then second, etc. * - * \note On client, only the first call has any effect. + * \note On client, only the first call has any effect. That is, + * only one client certificate can be provisioned. The + * server's preferences in its CertficateRequest message will + * be ignored and our only cert will be sent regardless of + * whether it matches those preferences - the server can then + * decide what it wants to do with it. * * \param conf SSL configuration * \param own_cert own public certificate chain diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 3af059f89..d63d7d4e7 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -166,7 +166,6 @@ struct mbedtls_ssl_handshake_params * Handshake specific crypto variables */ int sig_alg; /*!< Hash algorithm for signature */ - int cert_type; /*!< Requested cert type */ int verify_sig_alg; /*!< Signature algorithm for verify */ #if defined(MBEDTLS_DHM_C) mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5ce7d2529..bf6c22101 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2532,8 +2532,8 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { int ret; - unsigned char *buf, *p; - size_t n = 0, m = 0; + unsigned char *buf; + size_t n = 0; size_t cert_type_len = 0, dn_len = 0; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; @@ -2588,11 +2588,26 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * supported_signature_algorithms<2^16-1>; -- TLS 1.2 only * DistinguishedName certificate_authorities<0..2^16-1>; * } CertificateRequest; + * + * Since we only support a single certificate on clients, let's just + * ignore all the information that's supposed to help us pick a + * certificate. + * + * We could check that our certificate matches the request, and bail out + * if it doesn't, but it's simpler to just send the certificate anyway, + * and give the server the opportunity to decide if it should terminate + * the connection when it doesn't like our certificate. + * + * Same goes for the hash in TLS 1.2's signature_algorithms: at this + * point we only have one hash available (see comments in + * write_certificate_verify), so let's jsut use what we have. + * + * However, we still minimally parse the message to check it is at least + * superficially sane. */ buf = ssl->in_msg; - // Retrieve cert types - // + /* certificate_types */ cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; n = cert_type_len; @@ -2602,45 +2617,14 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); } - p = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 1; - while( cert_type_len > 0 ) - { -#if defined(MBEDTLS_RSA_C) - if( *p == MBEDTLS_SSL_CERT_TYPE_RSA_SIGN && - mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) ) - { - ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN; - break; - } - else -#endif -#if defined(MBEDTLS_ECDSA_C) - if( *p == MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN && - mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) ) - { - ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN; - break; - } - else -#endif - { - ; /* Unsupported cert type, ignore */ - } - - cert_type_len--; - p++; - } - + /* supported_signature_algorithms */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - /* Ignored, see comments about hash in write_certificate_verify */ - // TODO: should check the signature part against our pk_key though size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); - m += 2; - n += sig_alg_len; + n += 2 + sig_alg_len; if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) { @@ -2650,13 +2634,12 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - /* Ignore certificate_authorities, we only have one cert anyway */ - // TODO: should not send cert if no CA matches - dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + m + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + m + n] ) ); + /* certificate_authorities */ + dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) + | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); n += dn_len; - if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + m + n ) + if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); From a0e924fa7bb8ea4ce480ceb32e8b715a3443bf25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 14:36:05 +0000 Subject: [PATCH 052/399] x509: - --- include/mbedtls/x509_csr.h | 6 ++++++ library/x509_csr.c | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 34998a3a5..7a9c2e055 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -83,6 +83,8 @@ mbedtls_x509write_csr; /** * \brief Load a Certificate Signing Request (CSR) in DER format * + * \note CSR attributes (if any) are currently silently ignored. + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer @@ -95,6 +97,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /** * \brief Load a Certificate Signing Request (CSR), DER or PEM format * + * \note See notes for \c mbedtls_x509_csr_parse_der() + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer @@ -108,6 +112,8 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz /** * \brief Load a Certificate Signing Request (CSR) * + * \note See notes for \c mbedtls_x509_csr_parse() + * * \param csr CSR context to fill * \param path filename to read the CSR from * diff --git a/library/x509_csr.c b/library/x509_csr.c index dbf659b44..f8c45f8d2 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -207,6 +207,13 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * attributes [0] Attributes + * + * The list of possible attributes is open-ended, though RFC 2985 + * (PKCS#9) defines a few in section 5.4. We currently don't support any, + * so we just ignore them. This is a safe thing to do as the worst thing + * that could happen is that we issue a certificate that does not match + * the requester's expectations - this cannot cause a violation of our + * signature policies. */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) @@ -214,7 +221,6 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } - // TODO Parse Attributes / extension requests p += len; From 347700ebe2893711cbf717cef883a42afdaf2b1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 17:11:40 +0000 Subject: [PATCH 053/399] x509: remove obsolete TODO comment - basicContraints checks are done during verification - there is no need to set extensions that are not present to default values, as the code using the extension will check if it was present using ext_types. (And default values would not make sense anyway.) --- library/x509_crt.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 0606eb96d..3eaf5bc14 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -516,9 +516,6 @@ static int x509_get_subject_alt_name( unsigned char **p, /* * X.509 v3 extensions * - * TODO: Perform all of the basic constraints tests required by the RFC - * TODO: Set values for undetected extensions to a sane default? - * */ static int x509_get_crt_ext( unsigned char **p, const unsigned char *end, From a766576a7409722453df112d66770f177eb2ae60 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 13:16:57 +0000 Subject: [PATCH 054/399] Fix some minor typos in comments Fix spelling mistakes and typos. --- include/mbedtls/ssl.h | 12 +++++++----- library/ssl_cli.c | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3a8b73362..b89d4ed0d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -995,7 +995,8 @@ typedef int mbedtls_ssl_send_t( void *ctx, * * \note That callback may be either blocking or non-blocking. * - * \param ctx Context for the send callback (typically a file descriptor) + * \param ctx Context for the receive callback (typically a file + * descriptor) * \param buf Buffer to write the received data to * \param len Length of the receive buffer * @@ -1019,7 +1020,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * timeout delay expires, or the operation is interrupted by a * signal. * - * \param ctx Context for the send callback (typically a file descriptor) + * \param ctx Context for the receive callback (typically a file descriptor) * \param buf Buffer to write the received data to * \param len Length of the receive buffer * \param timeout Maximum nomber of millisecondes to wait for data @@ -1619,9 +1620,10 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * want to use \c mbedtls_ssl_conf_psk_cb() instead. * * \note Currently clients can only register one pre-shared key. - * In other words, the servers' idendity hint is ignored. - * Please contact us if you need ability to set multiple PSKs - * on clients and select one based on the identity hint. + * In other words, the servers' identity hint is ignored. + * Support for setting multiple PSKs on clients and selecting + * one based on the identity hint is not a planned feature but + * feedback is welcomed. * * \param conf SSL configuration * \param psk pointer to the pre-shared key diff --git a/library/ssl_cli.c b/library/ssl_cli.c index bf6c22101..52ddf9a92 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2600,7 +2600,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * * Same goes for the hash in TLS 1.2's signature_algorithms: at this * point we only have one hash available (see comments in - * write_certificate_verify), so let's jsut use what we have. + * write_certificate_verify), so let's just use what we have. * * However, we still minimally parse the message to check it is at least * superficially sane. From 1b6044ded24e967f7901c646c0f5a754e2cd086b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 17:31:49 +0000 Subject: [PATCH 055/399] Use the SSL IO and time callback typedefs consistently The callback typedefs defined for mbedtls_ssl_set_bio() and mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were referenced in structures or in code. --- include/mbedtls/ssl.h | 236 +++++++++++++++++++++--------------------- library/ssl_tls.c | 10 +- 2 files changed, 123 insertions(+), 123 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b89d4ed0d..9bd105149 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -411,6 +411,116 @@ typedef enum } mbedtls_ssl_states; +/** + * \brief Callback type: send data on the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer holding the date to send + * \param len Length of the data to send + * + * \return The callback must return the number of bytes sent if any, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE + * must be returned when the operation would block. + * + * \note The callback is allowed to send less bytes than requested. + * It must always return the number of bytes actually sent. + */ +typedef int mbedtls_ssl_send_t( void *ctx, + const unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the receive callback (typically a file + * descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * + * \return The callback must return the number of bytes received, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ + * must be returned when the operation would block. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_t( void *ctx, + unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network, with timeout + * + * \note That callback must block until data is received, or the + * timeout delay expires, or the operation is interrupted by a + * signal. + * + * \param ctx Context for the receive callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * \param timeout Maximum nomber of millisecondes to wait for data + * 0 means no timeout (potentially wait forever) + * + * \return The callback must return the number of bytes received, + * or a non-zero error code: + * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, + * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_timeout_t( void *ctx, + unsigned char *buf, + size_t len, + uint32_t timeout ); +/** + * \brief Callback type: set a pair of timers/delays to watch + * + * \param ctx Context pointer + * \param int_ms Intermediate delay in milliseconds + * \param fin_ms Final delay in milliseconds + * 0 cancels the current timer. + * + * \note This callback must at least store the necessary information + * for the associated \c mbedtls_ssl_get_timer_t callback to + * return correct information. + * + * \note If using a event-driven style of programming, an event must + * be generated when the final delay is passed. The event must + * cause a call to \c mbedtls_ssl_handshake() with the proper + * SSL context to be scheduled. Care must be taken to ensure + * that at most one such call happens at a time. + * + * \note Only one timer at a time must be running. Calling this + * function while a timer is running must cancel it. Cancelled + * timers must not generate any event. + */ +typedef void mbedtls_ssl_set_timer_t( void * ctx, + uint32_t int_ms, + uint32_t fin_ms ); + +/** + * \brief Callback type: get status of timers/delays + * + * \param ctx Context pointer + * + * \return This callback must return: + * -1 if cancelled (fin_ms == 0), + * 0 if none of the delays is passed, + * 1 if only the intermediate delay is passed, + * 2 if the final delay is passed. + */ +typedef int mbedtls_ssl_get_timer_t( void * ctx ); + + /* Defined below */ typedef struct mbedtls_ssl_session mbedtls_ssl_session; typedef struct mbedtls_ssl_context mbedtls_ssl_context; @@ -662,12 +772,11 @@ struct mbedtls_ssl_context unsigned badmac_seen; /*!< records with a bad MAC received */ #endif - /* - * Callbacks - */ - int (*f_send)(void *, const unsigned char *, size_t); - int (*f_recv)(void *, unsigned char *, size_t); - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t); + mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ + mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ + mbedtls_ssl_recv_timeout_t *f_recv_timeout; + /*!< Callback for network receive with timeout */ + void *p_bio; /*!< context for I/O operations */ /* @@ -693,8 +802,9 @@ struct mbedtls_ssl_context * Timers */ void *p_timer; /*!< context for the timer callbacks */ - void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */ - int (*f_get_timer)(void *); /*!< get timer callback */ + + mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */ + mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */ /* * Record layer (incoming data) @@ -969,77 +1079,6 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg ); -/** - * \brief Callback type: send data on the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the send callback (typically a file descriptor) - * \param buf Buffer holding the date to send - * \param len Length of the data to send - * - * \return The callback must return the number of bytes sent if any, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE - * must be returned when the operation would block. - * - * \note The callback is allowed to send less bytes than requested. - * It must always return the number of bytes actually sent. - */ -typedef int mbedtls_ssl_send_t( void *ctx, - const unsigned char *buf, - size_t len ); - -/** - * \brief Callback type: receive data from the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the receive callback (typically a file - * descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * - * \return The callback must return the number of bytes received, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ - * must be returned when the operation would block. - * - * \note The callback may receive less bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_t( void *ctx, - unsigned char *buf, - size_t len ); - -/** - * \brief Callback type: receive data from the network, with timeout - * - * \note That callback must block until data is received, or the - * timeout delay expires, or the operation is interrupted by a - * signal. - * - * \param ctx Context for the receive callback (typically a file descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * \param timeout Maximum nomber of millisecondes to wait for data - * 0 means no timeout (potentially wait forever) - * - * \return The callback must return the number of bytes received, - * or a non-zero error code: - * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, - * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * - * \note The callback may receive less bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_timeout_t( void *ctx, - unsigned char *buf, - size_t len, - uint32_t timeout ); - /** * \brief Set the underlying BIO callbacks for write, read and * read-with-timeout. @@ -1093,45 +1132,6 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, */ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); -/** - * \brief Callback type: set a pair of timers/delays to watch - * - * \param ctx Context pointer - * \param int_ms Intermediate delay in milliseconds - * \param fin_ms Final delay in milliseconds - * 0 cancels the current timer. - * - * \note This callback must at least store the necessary information - * for the associated \c mbedtls_ssl_get_timer_t callback to - * return correct information. - * - * \note If using a event-driven style of programming, an event must - * be generated when the final delay is passed. The event must - * cause a call to \c mbedtls_ssl_handshake() with the proper - * SSL context to be scheduled. Care must be taken to ensure - * that at most one such call happens at a time. - * - * \note Only one timer at a time must be running. Calling this - * function while a timer is running must cancel it. Cancelled - * timers must not generate any event. - */ -typedef void mbedtls_ssl_set_timer_t( void * ctx, - uint32_t int_ms, - uint32_t fin_ms ); - -/** - * \brief Callback type: get status of timers/delays - * - * \param ctx Context pointer - * - * \return This callback must return: - * -1 if cancelled (fin_ms == 0), - * 0 if none of the delays is passed, - * 1 if only the intermediate delay is passed, - * 2 if the final delay is passed. - */ -typedef int mbedtls_ssl_get_timer_t( void * ctx ); - /** * \brief Set the timer callbacks (Mandatory for DTLS.) * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index afbcdd99c..1c44b7ddb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5598,9 +5598,9 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void *p_bio, - int (*f_send)(void *, const unsigned char *, size_t), - int (*f_recv)(void *, unsigned char *, size_t), - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) ) + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout ) { ssl->p_bio = p_bio; ssl->f_send = f_send; @@ -5615,8 +5615,8 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, - void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms), - int (*f_get_timer)(void *) ) + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer ) { ssl->p_timer = p_timer; ssl->f_set_timer = f_set_timer; From 6c545a87c22814ec02932b1f389d2b01eeafcd00 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 26 Jan 2016 22:13:58 +0000 Subject: [PATCH 056/399] Parameterised the test suite applications All test suites can now take an arbitrary test file. --- tests/suites/main_test.function | 143 ++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 60 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 420ee7697..61c7337a6 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -240,10 +240,13 @@ static int run_test_snprintf( void ) test_snprintf( 5, "123", 3 ) != 0 ); } -int main() +int main(int argc, const char *argv[]) { - int ret, i, cnt, total_errors = 0, total_tests = 0, total_skipped = 0; - const char *filename = "TEST_FILENAME"; + int testfile_index, testfile_count, ret, i, cnt; + int total_errors = 0, total_tests = 0, total_skipped = 0; + const char *default_filename = "TEST_FILENAME"; + const char *test_filename = NULL; + const char **test_files = NULL; FILE *file; char buf[5000]; char *params[50]; @@ -276,78 +279,98 @@ int main() return( 0 ); } - file = fopen( filename, "r" ); - if( file == NULL ) + if ( argc <= 1 ) { - mbedtls_fprintf( stderr, "Failed to open\n" ); - return( 1 ); + test_files = &default_filename; + testfile_count = 1; + } + else + { + test_files = &argv[1]; + testfile_count = argc - 1; } - while( !feof( file ) ) + for ( testfile_index = 0; + testfile_index < testfile_count; + testfile_index++ ) { - int skip = 0; + test_filename = test_files[ testfile_index ]; - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); - mbedtls_fprintf( stdout, " " ); - for( i = strlen( buf ) + 1; i < 67; i++ ) - mbedtls_fprintf( stdout, "." ); - mbedtls_fprintf( stdout, " " ); - fflush( stdout ); - - total_tests++; - - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - cnt = parse_arguments( buf, strlen(buf), params ); - - if( strcmp( params[0], "depends_on" ) == 0 ) + file = fopen( test_filename, "r" ); + if( file == NULL ) { - for( i = 1; i < cnt; i++ ) - if( dep_check( params[i] ) != 0 ) - skip = 1; + mbedtls_fprintf( stderr, "Failed to open test file: %s\n", + test_filename ); + return( 1 ); + } + + while( !feof( file ) ) + { + int skip = 0; + + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); + mbedtls_fprintf( stdout, " " ); + for( i = strlen( buf ) + 1; i < 67; i++ ) + mbedtls_fprintf( stdout, "." ); + mbedtls_fprintf( stdout, " " ); + fflush( stdout ); + + total_tests++; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; cnt = parse_arguments( buf, strlen(buf), params ); - } - if( skip == 0 ) - { - test_errors = 0; - ret = dispatch_test( cnt, params ); - } + if( strcmp( params[0], "depends_on" ) == 0 ) + { + for( i = 1; i < cnt; i++ ) + if( dep_check( params[i] ) != 0 ) + skip = 1; - if( skip == 1 || ret == 3 ) - { - total_skipped++; - mbedtls_fprintf( stdout, "----\n" ); - fflush( stdout ); - } - else if( ret == 0 && test_errors == 0 ) - { - mbedtls_fprintf( stdout, "PASS\n" ); - fflush( stdout ); - } - else if( ret == 2 ) - { - mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); - fclose(file); - mbedtls_exit( 2 ); - } - else - total_errors++; + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + cnt = parse_arguments( buf, strlen(buf), params ); + } - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - if( strlen(buf) != 0 ) - { - mbedtls_fprintf( stderr, "Should be empty %d\n", (int) strlen(buf) ); - return( 1 ); + if( skip == 0 ) + { + test_errors = 0; + ret = dispatch_test( cnt, params ); + } + + if( skip == 1 || ret == 3 ) + { + total_skipped++; + mbedtls_fprintf( stdout, "----\n" ); + fflush( stdout ); + } + else if( ret == 0 && test_errors == 0 ) + { + mbedtls_fprintf( stdout, "PASS\n" ); + fflush( stdout ); + } + else if( ret == 2 ) + { + mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); + fclose(file); + mbedtls_exit( 2 ); + } + else + total_errors++; + + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + if( strlen(buf) != 0 ) + { + mbedtls_fprintf( stderr, "Should be empty %d\n", + (int) strlen(buf) ); + return( 1 ); + } } + fclose(file); } - fclose(file); mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n"); if( total_errors == 0 ) From 2bed20d670f50b105a614bcedfbff355eba2ad64 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 26 Jan 2016 22:15:11 +0000 Subject: [PATCH 057/399] Added script to split the test case data files Script generate-afl-tests.sh will split the test suite data files into individual test case files, suitable for fuzzing. --- tests/scripts/generate-afl-tests.sh | 68 +++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100755 tests/scripts/generate-afl-tests.sh diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh new file mode 100755 index 000000000..cbc2f5906 --- /dev/null +++ b/tests/scripts/generate-afl-tests.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +# This script splits the data test files containing the test cases into +# individual files (one test case per file) suitable for use with afl +# (American Fuzzy Lop). http://lcamtuf.coredump.cx/afl/ +# +# Usage: generate-afl-tests.sh +# - should be the path to one of the test suite files +# such as 'test_suite_mpi.data' + +# Abort on errors +set -e + +if [ -z $1 ] +then + echo " [!] No test file specified" >&2 + echo "Usage: $0 " >&2 + exit 1 +fi + +SRC_FILEPATH=$(dirname $1)/$(basename $1) +TESTSUITE=$(basename $1 .data) + +THIS_DIR=$(basename $PWD) + +if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ]; +then :; +else + echo " [!] Must be run from mbed TLS tests directory" >&2 + exit 1 +fi + +DEST_TESTCASE_DIR=$TESTSUITE-afl-tests +DEST_OUTPUT_DIR=$TESTSUITE-afl-out + +echo " [+] Creating output directories" >&2 + +if [ -e $DEST_OUTPUT_DIR/* ]; +then : + echo " [!] Test output files already exist." >&2 + exit 1 +else + mkdir -p $DEST_OUTPUT_DIR +fi + +if [ -e $DEST_TESTCASE_DIR/* ]; +then : + echo " [!] Test output files already exist." >&2 +else + mkdir -p $DEST_TESTCASE_DIR +fi + +echo " [+] Creating test cases" >&2 +cd $DEST_TESTCASE_DIR + +split -p '^\s*$' ../$SRC_FILEPATH + +for f in *; +do + # Strip out any blank lines (no trim on OS X) + sed '/^\s*$/d' $f >testcase_$f + rm $f +done + +cd .. + +echo " [+] Test cases in $DEST_TESTCASE_DIR" >&2 + From 718548d5c98c161941325d4588f3d39639be80e5 Mon Sep 17 00:00:00 2001 From: SimonB Date: Wed, 10 Feb 2016 23:50:28 +0000 Subject: [PATCH 058/399] Clarified purpose and usage of generate_code.pl Added comments to explain purpose and usage of generate_code.pl --- tests/scripts/generate_code.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 1c7a281d7..581320e2d 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -1,5 +1,12 @@ #!/usr/bin/env perl + +# generate_code.pl # +# Generates the test suite code given inputs of the test suite directory that +# contain the test suites, and the test suite file names for the test code and +# test data. +# +# Usage: generate_code.pl [main code file] use strict; From 6fb9db3afd113d8b4a7ca2ad94dd78539818e667 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 15 Feb 2016 23:27:28 +0000 Subject: [PATCH 059/399] Added support for per test suite helper functions Added to generate_code.pl: - support for per test suite helper functions - description of the structure of the files the script uses to construct the test suite file - delimiters through the source code to make the machine generated code easier to understand --- tests/scripts/generate_code.pl | 73 +++++++++++++++++++++++++++++++-- tests/suites/main_test.function | 12 ++++++ 2 files changed, 81 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 581320e2d..ba61b680a 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -2,11 +2,47 @@ # generate_code.pl # +# Purpose +# # Generates the test suite code given inputs of the test suite directory that # contain the test suites, and the test suite file names for the test code and # test data. # # Usage: generate_code.pl [main code file] +# +# Structure of files +# +# - main code file - 'main_test.function' +# Template file that contains the main() function for the test suite, +# test dispatch code as well as support functions. It contains the +# following symbols which are substituted by this script during +# processing: +# TEST_FILENAME +# SUITE_PRE_DEP +# MAPPING_CODE +# FUNCTION CODE +# SUITE_POST_DEP +# DEP_CHECK_CODE +# DISPATCH_FUNCTION +# +# - common helper code file - 'helpers.function' +# Common helper functions +# +# - test suite code file - file name in the form 'test_suite_xxx.function' +# Code file that contains the actual test cases. The file contains a +# series of code sequences delimited by the following: +# BEGIN_HEADER / END_HEADER - list of headers files +# BEGIN_SUITE_HELPERS / END_SUITE_HELPERS - helper functions common to +# the test suite +# BEGIN_CASE / END_CASE - the test cases in the test suite. Each test +# case contains at least one function that is used to create the +# dispatch code. +# +# - test data file - file name in the form 'test_suite_xxxx.data' +# The test case parameters to to be used in execution of the test. The +# file name is used to replace the symbol 'TEST_FILENAME' in the main code +# file above. +# use strict; @@ -15,15 +51,16 @@ my $suite_name = shift or die "Missing suite name"; my $data_name = shift or die "Missing data name"; my $test_main_file = do { my $arg = shift; defined($arg) ? $arg : $suite_dir."/main_test.function" }; my $test_file = $data_name.".c"; -my $test_helper_file = $suite_dir."/helpers.function"; +my $test_common_helper_file = $suite_dir."/helpers.function"; my $test_case_file = $suite_dir."/".$suite_name.".function"; my $test_case_data = $suite_dir."/".$data_name.".data"; my $line_separator = $/; undef $/; -open(TEST_HELPERS, "$test_helper_file") or die "Opening test helpers '$test_helper_file': $!"; -my $test_helpers = ; +open(TEST_HELPERS, "$test_common_helper_file") or die "Opening test helpers +'$test_common_helper_file': $!"; +my $test_common_helpers = ; close(TEST_HELPERS); open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!"; @@ -40,6 +77,7 @@ close(TEST_DATA); my ( $suite_header ) = $test_cases =~ /\/\* BEGIN_HEADER \*\/\n(.*?)\n\/\* END_HEADER \*\//s; my ( $suite_defines ) = $test_cases =~ /\/\* BEGIN_DEPENDENCIES\n \* (.*?)\n \* END_DEPENDENCIES/s; +my ( $suite_helpers ) = $test_cases =~ /\/\* BEGIN_SUITE_HELPERS \*\/\n(.*?)\n\/\* END_SUITE_HELPERS \*\//s; my $requirements; if ($suite_defines =~ /^depends_on:/) @@ -67,16 +105,43 @@ $/ = $line_separator; open(TEST_FILE, ">$test_file") or die "Opening destination file '$test_file': $!"; print TEST_FILE << "END"; +/* + * *** THIS FILE HAS BEEN MACHINE GENERATED *** + * + * This file has been machine generated using the script: $0 + * + * Test file : $test_file + * + * The following files were used to create this file. + * + * Main code file : $test_main_file + * Helper file : $test_common_helper_file + * Test suite file : $test_case_file + * Test suite daya : $test_case_data + * + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + #if !defined(MBEDTLS_CONFIG_FILE) #include #else #include MBEDTLS_CONFIG_FILE #endif -$test_helpers + +/*----------------------------------------------------------------------------*/ +/* Common helper functions */ + +$test_common_helpers + + +/*----------------------------------------------------------------------------*/ +/* Test Suite Code */ $suite_pre_code $suite_header +$suite_helpers $suite_post_code END diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 61c7337a6..2a21441a4 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -101,9 +101,17 @@ MAPPING_CODE return( -1 ); } + +/*----------------------------------------------------------------------------*/ +/* Test Case code */ + FUNCTION_CODE SUITE_POST_DEP + +/*----------------------------------------------------------------------------*/ +/* Test dispatch code */ + int dep_check( char *str ) { if( str == NULL ) @@ -133,6 +141,10 @@ DISPATCH_FUNCTION return( ret ); } + +/*----------------------------------------------------------------------------*/ +/* Main Test code */ + int get_line( FILE *f, char *buf, size_t len ) { char *ret; From beff85aaee4cd1849432f87b8760134af6de3f62 Mon Sep 17 00:00:00 2001 From: SimonB Date: Wed, 17 Feb 2016 23:34:30 +0000 Subject: [PATCH 060/399] Refactored test suite template code Restructed test suite helper and main code to support tests suite helper functions, changed C++ comments to C-style, and made the generated source code more navigable. --- tests/scripts/generate_code.pl | 2 +- tests/suites/helpers.function | 41 ++++++++++++++++++++++++++++++++- tests/suites/main_test.function | 40 +------------------------------- 3 files changed, 42 insertions(+), 41 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index ba61b680a..30ee6b01c 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -131,7 +131,7 @@ print TEST_FILE << "END"; /*----------------------------------------------------------------------------*/ -/* Common helper functions */ +/* Common helper code */ $test_common_helpers diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 8f681dbd4..c18eed895 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -1,3 +1,6 @@ +/*----------------------------------------------------------------------------*/ +/* Headers */ + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -12,6 +15,10 @@ #define mbedtls_snprintf snprintf #endif +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#include "mbedtls/memory_buffer_alloc.h" +#endif + #ifdef _MSC_VER #include typedef UINT32 uint32_t; @@ -23,6 +30,25 @@ typedef UINT32 uint32_t; #include #include + +/*----------------------------------------------------------------------------*/ +/* Global variables */ + +static int test_errors = 0; + + +/*----------------------------------------------------------------------------*/ +/* Macros */ + +#define TEST_ASSERT( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST ); \ + goto exit; \ + } \ + } while( 0 ) + #define assert(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ @@ -53,11 +79,15 @@ typedef UINT32 uint32_t; } #endif + +/*----------------------------------------------------------------------------*/ +/* Helper Functions */ + static int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; - assert( strlen( ibuf ) % 2 == 0 ); // must be even number of bytes + assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ while( *ibuf != 0 ) { @@ -298,3 +328,12 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } + +static void test_fail( const char *test ) +{ + test_errors++; + if( test_errors == 1 ) + mbedtls_printf( "FAILED\n" ); + mbedtls_printf( " %s\n", test ); +} + diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 2a21441a4..7ec69b45d 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -1,44 +1,6 @@ -#include - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_exit exit -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -static int test_errors = 0; - SUITE_PRE_DEP #define TEST_SUITE_ACTIVE -static void test_fail( const char *test ) -{ - test_errors++; - if( test_errors == 1 ) - mbedtls_printf( "FAILED\n" ); - mbedtls_printf( " %s\n", test ); -} - -#define TEST_ASSERT( TEST ) \ - do { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST ); \ - goto exit; \ - } \ - } while( 0 ) - int verify_string( char **str ) { if( (*str)[0] != '"' || @@ -190,7 +152,7 @@ int parse_arguments( char *buf, size_t len, char *params[50] ) p++; } - // Replace newlines, question marks and colons in strings + /* Replace newlines, question marks and colons in strings */ for( i = 0; i < cnt; i++ ) { p = params[i]; From f18e02c22e1ead278288dee5811a1809fd2ef3ac Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 18:35:02 +0000 Subject: [PATCH 061/399] Fix typos and add copyright statement to generate_code.pl --- tests/scripts/generate_code.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 30ee6b01c..5c623f8a7 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -2,6 +2,8 @@ # generate_code.pl # +# Copyright (c) 2009-2016, ARM Limited, All Rights Reserved +# # Purpose # # Generates the test suite code given inputs of the test suite directory that @@ -117,7 +119,7 @@ print TEST_FILE << "END"; * Main code file : $test_main_file * Helper file : $test_common_helper_file * Test suite file : $test_case_file - * Test suite daya : $test_case_data + * Test suite data : $test_case_data * * * This file is part of mbed TLS (https://tls.mbed.org) From ede75f06c598a047cbbe29c796e59a3550367412 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 18 Feb 2016 17:28:04 +0000 Subject: [PATCH 062/399] X509: Future CA among trusted: add unit tests --- tests/data_files/test-ca2-future.crt | 13 +++++++++ .../test-ca2_cat-future-present.crt | 28 +++++++++++++++++++ .../test-ca2_cat-present-future.crt | 28 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 4 files changed, 77 insertions(+) create mode 100644 tests/data_files/test-ca2-future.crt create mode 100644 tests/data_files/test-ca2_cat-future-present.crt create mode 100644 tests/data_files/test-ca2_cat-present-future.crt diff --git a/tests/data_files/test-ca2-future.crt b/tests/data_files/test-ca2-future.crt new file mode 100644 index 000000000..d75729936 --- /dev/null +++ b/tests/data_files/test-ca2-future.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-future-present.crt b/tests/data_files/test-ca2_cat-future-present.crt new file mode 100644 index 000000000..776e725cb --- /dev/null +++ b/tests/data_files/test-ca2_cat-future-present.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-future.crt b/tests/data_files/test-ca2_cat-present-future.crt new file mode 100644 index 000000000..d62ed09cd --- /dev/null +++ b/tests/data_files/test-ca2_cat-present-future.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2f2137f54..ef6ba3c88 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -699,6 +699,14 @@ X509 Certificate verification #81 (multiple CRLs, none relevant) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL" +X509 Certificate verification #82 (Not yet valid CA and valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #83 (valid CA and Not yet valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From 884b4fc2e99bd27a1d1ee6b940732afae12f4f53 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Feb 2016 15:57:17 +0000 Subject: [PATCH 063/399] X509: Future CA among trusted: add more tests --- tests/data_files/test-ca2-expired.crt | 13 +++++++++ .../data_files/test-ca2_cat-past-present.crt | 28 +++++++++++++++++++ .../data_files/test-ca2_cat-present-past.crt | 28 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 4 files changed, 77 insertions(+) create mode 100644 tests/data_files/test-ca2-expired.crt create mode 100644 tests/data_files/test-ca2_cat-past-present.crt create mode 100644 tests/data_files/test-ca2_cat-present-past.crt diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt new file mode 100644 index 000000000..22e4797f3 --- /dev/null +++ b/tests/data_files/test-ca2-expired.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-present.crt b/tests/data_files/test-ca2_cat-past-present.crt new file mode 100644 index 000000000..bc1ba9a2e --- /dev/null +++ b/tests/data_files/test-ca2_cat-past-present.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-past.crt b/tests/data_files/test-ca2_cat-present-past.crt new file mode 100644 index 000000000..a321d5dd7 --- /dev/null +++ b/tests/data_files/test-ca2_cat-present-past.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ef6ba3c88..0008d3d2c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -707,6 +707,14 @@ X509 Certificate verification #83 (valid CA and Not yet valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" +X509 Certificate verification #84 (valid CA and Not yet valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #85 (Not yet valid CA and valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From c72d6425955c780f09c9347c9ebf7c0bc18e32b9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Feb 2016 15:58:21 +0000 Subject: [PATCH 064/399] X509: Fix bug triggered by future CA among trusted Fix an issue that caused valid certificates being rejected whenever an expired or not yet valid version of the trusted certificate was before the valid version in the trusted certificate list. --- ChangeLog | 3 +++ library/x509_crt.c | 16 ++++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index e9b67908f..a1afbaae6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ Bugfix * Fix issue in Makefile that prevented building using armar. #386 * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. + * Fix an issue that caused valid certificates being rejected whenever an + expired or not yet valid version of the trusted certificate was before the + valid version in the trusted certificate list. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/x509_crt.c b/library/x509_crt.c index 3eaf5bc14..334b8ef51 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1932,6 +1932,16 @@ static int x509_crt_verify_top( continue; } + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) + { + continue; + } + + if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + { + continue; + } + if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, child->sig_md, hash, mbedtls_md_get_size( md_info ), child->sig.p, child->sig.len ) != 0 ) @@ -1967,12 +1977,6 @@ static int x509_crt_verify_top( ((void) ca_crl); #endif - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) - ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; - - if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) - ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; - if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, From a418ff8eb5d2acf65a58eeb73b1dcc4960f38416 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 20:26:16 +0000 Subject: [PATCH 065/399] Remove redundant test certificates and clarify ChangeLog --- ChangeLog | 6 +++--- tests/data_files/test-ca2-expired.crt | 13 ------------- tests/data_files/test-ca2-future.crt | 13 ------------- 3 files changed, 3 insertions(+), 29 deletions(-) delete mode 100644 tests/data_files/test-ca2-expired.crt delete mode 100644 tests/data_files/test-ca2-future.crt diff --git a/ChangeLog b/ChangeLog index a1afbaae6..56464ceb0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,9 +11,9 @@ Bugfix * Fix issue in Makefile that prevented building using armar. #386 * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. - * Fix an issue that caused valid certificates being rejected whenever an - expired or not yet valid version of the trusted certificate was before the - valid version in the trusted certificate list. + * Fix an issue that caused valid certificates to be rejected whenever an + expired or not yet valid certificate was parsed before a valid certificate + in the trusted certificate list. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt deleted file mode 100644 index 22e4797f3..000000000 --- a/tests/data_files/test-ca2-expired.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP -tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm -l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg ------END CERTIFICATE----- diff --git a/tests/data_files/test-ca2-future.crt b/tests/data_files/test-ca2-future.crt deleted file mode 100644 index d75729936..000000000 --- a/tests/data_files/test-ca2-future.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== ------END CERTIFICATE----- From b39b710e420b759d20d2195217666b7e56ee625a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 13:59:25 +0000 Subject: [PATCH 066/399] Length check added --- library/rsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 9150e8745..2baf53257 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -856,6 +856,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } + if( pad_count < 8 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( bad ) return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From 8ac04de42b67c1410a02b86a5b5e4155d31b3337 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:14:10 +0000 Subject: [PATCH 067/399] Add Changelog entry for current branch --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index f7b318eb9..a875347c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + required by PKCS1 v2.2 Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 69db3bc7382941675ac325c5c4aca36b2de3607d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 12 Feb 2016 13:18:20 +0000 Subject: [PATCH 068/399] Add tests for the bug IOTSSL-619. The main goal with these tests is to test the bug in question and they are not meant to test the entire PKCS#1 v1.5 behaviour. To achieve full test coverage, further test cases are needed. --- tests/CMakeLists.txt | 1 + tests/suites/test_suite_pkcs1_v15.data | 30 ++++++ tests/suites/test_suite_pkcs1_v15.function | 110 +++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 tests/suites/test_suite_pkcs1_v15.data create mode 100644 tests/suites/test_suite_pkcs1_v15.function diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 1cca81830..dfef1ef69 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -82,6 +82,7 @@ add_test_suite(mdx) add_test_suite(memory_buffer_alloc) add_test_suite(mpi) add_test_suite(pem) +add_test_suite(pkcs1_v15) add_test_suite(pkcs1_v21) add_test_suite(pkcs5) add_test_suite(pk) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data new file mode 100644 index 000000000..65bd99caf --- /dev/null +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -0,0 +1,30 @@ +RSAES-V15 Encryption Test Vector Int +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Decryption Test Vector Int +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Encryption Test Vector Data just fits +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Decryption Test Vector Data just fits +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Encryption Test Vector Data too long 1 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 7 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 3 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 5 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 8 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 0 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING + diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function new file mode 100644 index 000000000..90460f1d3 --- /dev/null +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -0,0 +1,110 @@ +/* BEGIN_HEADER */ +#include "mbedtls/rsa.h" +#include "mbedtls/md.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, + char *input_E, int hash, + char *message_hex_string, char *seed, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + unsigned char rnd_buf[1000]; + mbedtls_rsa_context ctx; + size_t msg_len; + rnd_buf_info info; + + info.length = unhexify( rnd_buf, seed ); + info.buf = rnd_buf; + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, + int radix_Q, char *input_Q, int radix_N, + char *input_N, int radix_E, char *input_E, + int hash, char *result_hex_str, char *seed, + char *message_hex_string, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + mbedtls_rsa_context ctx; + mbedtls_mpi P1, Q1, H, G; + size_t output_len; + rnd_pseudo_info rnd_info; + ((void) seed); + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + unhexify( message_str, message_hex_string ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 ); + } + +exit: + mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + From 9ee7f6cf6d945a857fc41781afa4ea6a41f74363 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 12 Feb 2016 13:30:09 +0000 Subject: [PATCH 069/399] Removing 'if' branch from the fix. This new error shouldn't be distinguishable from other padding errors. Updating 'bad' instead of adding a new 'if' branch. --- library/rsa.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 2baf53257..4c85c29d4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -856,8 +856,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } - if( pad_count < 8 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + bad |= ( pad_count < 8 ); if( bad ) return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From b3e014cffc96f70ec1185102a8ddd9662030ddcb Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 13 Feb 2016 23:19:04 +0000 Subject: [PATCH 070/399] Clarified mbedtls_ssl_conf_alpn_protocols() doc Clarified the lifetime of the protos parameter passed in the function mbedtls_ssl_conf_alpn_protocols(). --- include/mbedtls/ssl.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 00e1c6c6e..ad0e42c6c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1762,8 +1762,11 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, * \brief Set the supported Application Layer Protocols. * * \param conf SSL configuration - * \param protos NULL-terminated list of supported protocols, - * in decreasing preference order. + * \param protos Pointer to a NULL-terminated list of supported protocols, + * in decreasing preference order. The pointer to the list is + * recorded by the library for later reference as required, so + * the lifetime of the table should be as long as the + * SSL configuration structure. * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ From 840046aa8c8af400ab3ee60df74f20520982c04b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 10:47:43 +0100 Subject: [PATCH 071/399] Fix Unix detection in mini_client fixes #398 --- programs/ssl/mini_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index d61312425..26082ef5b 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -36,7 +36,7 @@ * This is not a good example for general use. This programs has the specific * goal of minimizing use of the libc functions on full-blown OSes. */ -#if defined(unix) || defined(__unix__) || defined(__unix) +#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__) #define UNIX #endif From 7a0cf2ef3c2553b2d8b0f3a5b861b5d6973ebdb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 09:33:52 +0100 Subject: [PATCH 072/399] Improve documentation of some SSL callbacks The previous documentation was not explicit about what was expected of the callbacks - the user had to infer that from the descriptions in net.h or timing.h, and it was not clear what was part of the calling convention and what was specific to our implementation. --- include/mbedtls/ssl.h | 153 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 136 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ad0e42c6c..4aad2a829 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -969,6 +969,76 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg ); +/** + * \brief Callback type: send data on the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer holding the date to send + * \param len Length of the data to send + * + * \return The callback must return the number of bytes sent if any, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE + * must be returned when the operation would block. + * + * \note The callback is allowed to send less bytes than requested. + * It must always return the number of bytes actually sent. + */ +typedef int mbedtls_ssl_send_t( void *ctx, + const unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * + * \return The callback must return the number of bytes received, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ + * must be returned when the operation would block. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_t( void *ctx, + unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network, with timeout + * + * \note That callback must block until data is received, or the + * timeout delay expires, or the operation is interrupted by a + * signal. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * \param timeout Maximum nomber of millisecondes to wait for data + * 0 means no timeout (potentially wait forever) + * + * \return The callback must return the number of bytes received, + * or a non-zero error code: + * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, + * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_timeout_t( void *ctx, + unsigned char *buf, + size_t len, + uint32_t timeout ); + /** * \brief Set the underlying BIO callbacks for write, read and * read-with-timeout. @@ -978,8 +1048,6 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \param f_send write callback * \param f_recv read callback * \param f_recv_timeout blocking read callback with timeout. - * The last argument is the timeout in milliseconds, - * 0 means no timeout (block forever until a message comes) * * \note One of f_recv or f_recv_timeout can be NULL, in which case * the other is used. If both are non-NULL, f_recv_timeout is @@ -991,12 +1059,20 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * * \note For DTLS, you need to provide either a non-NULL * f_recv_timeout callback, or a f_recv that doesn't block. + * + * \note See the documentations of \c mbedtls_ssl_sent_t, + * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for + * the convetions those callbacks must follow. + * + * \note On some platforms, net.c provides \c mbedtls_net_send(), + * \c mbedtls_net_recv() and \c mbedtls_net_recv_timeout() + * that are suitable to be used here. */ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - void *p_bio, - int (*f_send)(void *, const unsigned char *, size_t), - int (*f_recv)(void *, unsigned char *, size_t), - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) ); + void *p_bio, + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout ); /** * \brief Set the timeout period for mbedtls_ssl_read() @@ -1017,24 +1093,67 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); /** - * \brief Set the timer callbacks - * (Mandatory for DTLS.) + * \brief Callback type: set a pair of timers/delays to watch + * + * \param ctx Context pointer + * \param int_ms Intermediate delay in milliseconds + * \param fin_ms Final delay in milliseconds + * 0 cancels the current timer. + * + * \note This callback must at least store the necessary information + * for the associated \c mbedtls_ssl_get_timer_t callback to + * return correct information. + * + * \note If using a event-driven style of programming, an event must + * be generated when the final delay is passed. The event must + * cause a call to \c mbedtls_ssl_handshake() with the proper + * SSL context to be scheduled. Care must be taken to ensure + * that at most one such call happens at a time. + * + * \note Only one timer at a time must be running. Calling this + * function while a timer is running must cancel it. Cancelled + * timers must not generate any event. + */ +typedef void mbedtls_ssl_set_timer_t( void * ctx, + uint32_t int_ms, + uint32_t fin_ms ); + +/** + * \brief Callback type: get status of timers/delays + * + * \param ctx Context pointer + * + * \return This callback must return: + * -1 if cancelled (fin_ms == 0), + * 0 if none of the delays is passed, + * 1 if only the intermediate delay is passed, + * 2 if the final delay is passed. + */ +typedef int mbedtls_ssl_get_timer_t( void * ctx ); + +/** + * \brief Set the timer callbacks (Mandatory for DTLS.) * * \param ssl SSL context - * \param p_timer parameter (context) shared by timer callback + * \param p_timer parameter (context) shared by timer callbacks * \param f_set_timer set timer callback - * Accepts an intermediate and a final delay in milliseconcs - * If the final delay is 0, cancels the running timer. * \param f_get_timer get timer callback. Must return: - * -1 if cancelled - * 0 if none of the delays is expired - * 1 if the intermediate delay only is expired - * 2 if the final delay is expired + * + * \note See the documentation of \c mbedtls_ssl_set_timer_t and + * \c mbedtls_ssl_get_timer_t for the conventions this pair of + * callbacks must fallow. + * + * \note On some platforms, timing.c provides + * \c mbedtls_timing_set_delay() and + * \c mbedtls_timing_get_delay() that are suitable for using + * here, except if using an event-driven style. + * + * \note See also the "DTLS tutorial" article in our knowledge base. */ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, - void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms), - int (*f_get_timer)(void *) ); + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer ); /** * \brief Callback type: generate and write session ticket From d47c4335b8a22cb09094fbaed0300049f68aca4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 10:33:34 +0100 Subject: [PATCH 073/399] Give better error messages for semi-portable parts Previously it was failing with errors about headers not found, which is suboptimal in terms of clarity. Now give a clean error with pointer to the documentation. Do the checks in the .c files rather than check_config.h as it keeps them closer to the platform-specific implementations. --- include/mbedtls/config.h | 17 ++++++++++++++--- library/entropy_poll.c | 6 ++++++ library/net.c | 5 +++++ library/timing.c | 5 +++++ 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d1db0d825..c69ba1bcb 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1897,11 +1897,15 @@ /** * \def MBEDTLS_NET_C * - * Enable the TCP/IP networking routines. + * Enable the TCP and UDP over IPv6/IPv4 networking routines. + * + * \note This module only works on Unix (including Linux, BSD and OS X) and + * Windows. For other platforms, you'll want to disable it, and write your + * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). * * Module: library/net.c * - * This module provides TCP/IP networking routines. + * This module provides networking routines. */ #define MBEDTLS_NET_C @@ -2264,7 +2268,14 @@ /** * \def MBEDTLS_TIMING_C * - * Enable the portable timing interface. + * Enable the semi-portable timing interface. + * + * \note The provided implementation only works on Unix (including Linux, BSD + * and OS X) and Windows. On other platforms, you can either disable that + * module and provide your own implementations of the callbacks needed by + * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide + * your own implementation of the whole module by setting + * \c MBEDTLS_TIMING_ALT in the current file. * * Module: library/timing.c * Caller: library/havege.c diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 25a27bef3..972ad2aea 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -39,6 +39,12 @@ #endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) + +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" +#endif + #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if !defined(_WIN32_WINNT) diff --git a/library/net.c b/library/net.c index a77268c55..3b78b6b15 100644 --- a/library/net.c +++ b/library/net.c @@ -27,6 +27,11 @@ #if defined(MBEDTLS_NET_C) +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" +#endif + #include "mbedtls/net.h" #include diff --git a/library/timing.c b/library/timing.c index 5d8b25b99..a7c7ff027 100644 --- a/library/timing.c +++ b/library/timing.c @@ -38,6 +38,11 @@ #if !defined(MBEDTLS_TIMING_ALT) +#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ + !defined(__APPLE__) && !defined(_WIN32) +#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" +#endif + #ifndef asm #define asm __asm #endif From e6a4846435b8d12c034f4e51da2cfe16557dd035 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:10:14 +0100 Subject: [PATCH 074/399] Add note about not implementing PSK id_hint --- include/mbedtls/ssl.h | 5 +++++ library/ssl_cli.c | 7 +++++-- library/ssl_srv.c | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4aad2a829..e367c474a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1613,6 +1613,11 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * \note This is mainly useful for clients. Servers will usually * want to use \c mbedtls_ssl_conf_psk_cb() instead. * + * \note Currently clients can only register one pre-shared key. + * In other words, the servers' idendity hint is ignored. + * Please contact us if you need ability to set multiple PSKs + * on clients and select one based on the identity hint. + * * \param conf SSL configuration * \param psk pointer to the pre-shared key * \param psk_len pre-shared key length diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4452169d9..1d22d1518 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1981,8 +1981,11 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - // TODO: Retrieve PSK identity hint and callback to app - // + /* + * Note: we currently ignore the PKS identity hint, as we only allow one + * PSK to be provisionned on the client. This could be changed later if + * someone needs that feature. + */ *p += len; ret = 0; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6b5b461e1..6bd0b598a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2718,7 +2718,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { - /* TODO: Support identity hints */ + /* Note: we don't support identity hints, until someone asks + * for them. */ *(p++) = 0x00; *(p++) = 0x00; From 28124dba072ba9be766b094df0eea8bc6c265bae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:18:35 +0100 Subject: [PATCH 075/399] Remove unused code. After the record contents are decompressed, in_len is no longer accessed directly, only in_msglen is accessed. in_len is only read by ssl_parse_record_header() which happens before ssl_prepare_record_contents(). This is also made clear by the fact that in_len is not touched after decrypting anyway, so if it was accessed after that it would be wrong unless decryption is used - as this is not the case, it show in_len is not accessed. --- library/ssl_tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a4cc1ca05..0c1a7cccf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3706,10 +3706,6 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); return( ret ); } - - // TODO: what's the purpose of these lines? is in_len used? - ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); - ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); } #endif /* MBEDTLS_ZLIB_SUPPORT */ From a6062607f100f3f1ef695f3a60b79f5bb3614714 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:27:26 +0100 Subject: [PATCH 076/399] Update note about hardcoded verify_data_length --- library/ssl_tls.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0c1a7cccf..afbcdd99c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5011,7 +5011,12 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); - // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63) + /* + * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites + * may define some other value. Currently (early 2016), no defined + * ciphersuite does this (and this is unlikely to change as activity has + * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. + */ hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; #if defined(MBEDTLS_SSL_RENEGOTIATION) From e66dd1dcef8cccd7f4ba63892ff147e12a11bd5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:36:55 +0100 Subject: [PATCH 077/399] Clarify documentation about missing CRLs Also tune up some working while at it. --- include/mbedtls/x509_crt.h | 17 +++++++++++------ library/x509_crt.c | 9 ++------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index fe821d1cf..41b6bfe57 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -271,9 +271,14 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the * default security profile. * - * \param crt a certificate to be verified - * \param trust_ca the trusted CA chain - * \param ca_crl the CRL chain for trusted CA's + * \note It is your responsibility to provide up-to-date CRLs for + * all trusted CAs. If no CRL is provided for the CA that was + * used to sign the certificate, CRL verification is skipped + * silently, that is *without* setting any flag. + * + * \param crt a certificate (chain) to be verified + * \param trust_ca the list of trusted CAs + * \param ca_crl the list of CRLs for trusted CAs (see note above) * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) * \param flags result of the verification @@ -304,9 +309,9 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, * for ECDSA) apply to all certificates: trusted root, * intermediate CAs if any, and end entity certificate. * - * \param crt a certificate to be verified - * \param trust_ca the trusted CA chain - * \param ca_crl the CRL chain for trusted CA's + * \param crt a certificate (chain) to be verified + * \param trust_ca the list of trusted CAs + * \param ca_crl the list of CRLs for trusted CAs * \param profile security profile for verification * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) diff --git a/library/x509_crt.c b/library/x509_crt.c index 6dc5ad34f..0606eb96d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1600,7 +1600,8 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 } /* - * Check that the given certificate is valid according to the CRL. + * Check that the given certificate is not revoked according to the CRL. + * Skip validation is no CRL for the given CA is present. */ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, mbedtls_x509_crl *crl_list, @@ -1613,12 +1614,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, if( ca == NULL ) return( flags ); - /* - * TODO: What happens if no CRL is present? - * Suggestion: Revocation state should be unknown if no CRL is present. - * For backwards compatibility this is not yet implemented. - */ - while( crl_list != NULL ) { if( crl_list->version == 0 || From 9d79c1ba956471175f56775a4c9a6b4d83551cb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 12:02:30 +0100 Subject: [PATCH 078/399] Remove unnecessary TODO comment We don't implement anonymous key exchanges, and we don't intend to, so it can never happen that an unauthenticated server requests a certificate from us. --- library/ssl_cli.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1d22d1518..5ce7d2529 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2581,9 +2581,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) ssl->record_read = 0; - // TODO: handshake_failure alert for an anonymous server to request - // client authentication - /* * struct { * ClientCertificateType certificate_types<1..2^8-1>; From 5a793b74a0ba2aa3e85b6ace7cc39404b447ac44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 14:13:22 +0000 Subject: [PATCH 079/399] ssl: ignore CertificateRequest's content for real - document why we made that choice - remove the two TODOs about checking hash and CA - remove the code that parsed certificate_type: it did nothing except store the selected type in handshake->cert_type, but that field was never accessed afterwards. Since handshake_params is now an internal type, we can remove that field without breaking the ABI. --- include/mbedtls/ssl.h | 7 +++- include/mbedtls/ssl_internal.h | 1 - library/ssl_cli.c | 67 +++++++++++++--------------------- 3 files changed, 31 insertions(+), 44 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e367c474a..3a8b73362 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1593,7 +1593,12 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * adequate, preference is given to the one set by the first * call to this function, then second, etc. * - * \note On client, only the first call has any effect. + * \note On client, only the first call has any effect. That is, + * only one client certificate can be provisioned. The + * server's preferences in its CertficateRequest message will + * be ignored and our only cert will be sent regardless of + * whether it matches those preferences - the server can then + * decide what it wants to do with it. * * \param conf SSL configuration * \param own_cert own public certificate chain diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 3af059f89..d63d7d4e7 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -166,7 +166,6 @@ struct mbedtls_ssl_handshake_params * Handshake specific crypto variables */ int sig_alg; /*!< Hash algorithm for signature */ - int cert_type; /*!< Requested cert type */ int verify_sig_alg; /*!< Signature algorithm for verify */ #if defined(MBEDTLS_DHM_C) mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5ce7d2529..bf6c22101 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2532,8 +2532,8 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { int ret; - unsigned char *buf, *p; - size_t n = 0, m = 0; + unsigned char *buf; + size_t n = 0; size_t cert_type_len = 0, dn_len = 0; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; @@ -2588,11 +2588,26 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * supported_signature_algorithms<2^16-1>; -- TLS 1.2 only * DistinguishedName certificate_authorities<0..2^16-1>; * } CertificateRequest; + * + * Since we only support a single certificate on clients, let's just + * ignore all the information that's supposed to help us pick a + * certificate. + * + * We could check that our certificate matches the request, and bail out + * if it doesn't, but it's simpler to just send the certificate anyway, + * and give the server the opportunity to decide if it should terminate + * the connection when it doesn't like our certificate. + * + * Same goes for the hash in TLS 1.2's signature_algorithms: at this + * point we only have one hash available (see comments in + * write_certificate_verify), so let's jsut use what we have. + * + * However, we still minimally parse the message to check it is at least + * superficially sane. */ buf = ssl->in_msg; - // Retrieve cert types - // + /* certificate_types */ cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; n = cert_type_len; @@ -2602,45 +2617,14 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); } - p = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 1; - while( cert_type_len > 0 ) - { -#if defined(MBEDTLS_RSA_C) - if( *p == MBEDTLS_SSL_CERT_TYPE_RSA_SIGN && - mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) ) - { - ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN; - break; - } - else -#endif -#if defined(MBEDTLS_ECDSA_C) - if( *p == MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN && - mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) ) - { - ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN; - break; - } - else -#endif - { - ; /* Unsupported cert type, ignore */ - } - - cert_type_len--; - p++; - } - + /* supported_signature_algorithms */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - /* Ignored, see comments about hash in write_certificate_verify */ - // TODO: should check the signature part against our pk_key though size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); - m += 2; - n += sig_alg_len; + n += 2 + sig_alg_len; if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) { @@ -2650,13 +2634,12 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - /* Ignore certificate_authorities, we only have one cert anyway */ - // TODO: should not send cert if no CA matches - dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + m + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + m + n] ) ); + /* certificate_authorities */ + dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) + | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); n += dn_len; - if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + m + n ) + if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); From db1ae1ea01bac132e8ac7992e62935e811a6eb69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 14:36:05 +0000 Subject: [PATCH 080/399] x509: - --- include/mbedtls/x509_csr.h | 6 ++++++ library/x509_csr.c | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 34998a3a5..7a9c2e055 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -83,6 +83,8 @@ mbedtls_x509write_csr; /** * \brief Load a Certificate Signing Request (CSR) in DER format * + * \note CSR attributes (if any) are currently silently ignored. + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer @@ -95,6 +97,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /** * \brief Load a Certificate Signing Request (CSR), DER or PEM format * + * \note See notes for \c mbedtls_x509_csr_parse_der() + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer @@ -108,6 +112,8 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz /** * \brief Load a Certificate Signing Request (CSR) * + * \note See notes for \c mbedtls_x509_csr_parse() + * * \param csr CSR context to fill * \param path filename to read the CSR from * diff --git a/library/x509_csr.c b/library/x509_csr.c index dbf659b44..f8c45f8d2 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -207,6 +207,13 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * attributes [0] Attributes + * + * The list of possible attributes is open-ended, though RFC 2985 + * (PKCS#9) defines a few in section 5.4. We currently don't support any, + * so we just ignore them. This is a safe thing to do as the worst thing + * that could happen is that we issue a certificate that does not match + * the requester's expectations - this cannot cause a violation of our + * signature policies. */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) @@ -214,7 +221,6 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } - // TODO Parse Attributes / extension requests p += len; From b2d3011774b5ffe49b7c24c5d27b32273b130f4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 17:11:40 +0000 Subject: [PATCH 081/399] x509: remove obsolete TODO comment - basicContraints checks are done during verification - there is no need to set extensions that are not present to default values, as the code using the extension will check if it was present using ext_types. (And default values would not make sense anyway.) --- library/x509_crt.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 0606eb96d..3eaf5bc14 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -516,9 +516,6 @@ static int x509_get_subject_alt_name( unsigned char **p, /* * X.509 v3 extensions * - * TODO: Perform all of the basic constraints tests required by the RFC - * TODO: Set values for undetected extensions to a sane default? - * */ static int x509_get_crt_ext( unsigned char **p, const unsigned char *end, From 36567e34379d622617e18bb7032feeabf85d074f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 13:16:57 +0000 Subject: [PATCH 082/399] Fix some minor typos in comments Fix spelling mistakes and typos. --- include/mbedtls/ssl.h | 12 +++++++----- library/ssl_cli.c | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3a8b73362..b89d4ed0d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -995,7 +995,8 @@ typedef int mbedtls_ssl_send_t( void *ctx, * * \note That callback may be either blocking or non-blocking. * - * \param ctx Context for the send callback (typically a file descriptor) + * \param ctx Context for the receive callback (typically a file + * descriptor) * \param buf Buffer to write the received data to * \param len Length of the receive buffer * @@ -1019,7 +1020,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * timeout delay expires, or the operation is interrupted by a * signal. * - * \param ctx Context for the send callback (typically a file descriptor) + * \param ctx Context for the receive callback (typically a file descriptor) * \param buf Buffer to write the received data to * \param len Length of the receive buffer * \param timeout Maximum nomber of millisecondes to wait for data @@ -1619,9 +1620,10 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * want to use \c mbedtls_ssl_conf_psk_cb() instead. * * \note Currently clients can only register one pre-shared key. - * In other words, the servers' idendity hint is ignored. - * Please contact us if you need ability to set multiple PSKs - * on clients and select one based on the identity hint. + * In other words, the servers' identity hint is ignored. + * Support for setting multiple PSKs on clients and selecting + * one based on the identity hint is not a planned feature but + * feedback is welcomed. * * \param conf SSL configuration * \param psk pointer to the pre-shared key diff --git a/library/ssl_cli.c b/library/ssl_cli.c index bf6c22101..52ddf9a92 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2600,7 +2600,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * * Same goes for the hash in TLS 1.2's signature_algorithms: at this * point we only have one hash available (see comments in - * write_certificate_verify), so let's jsut use what we have. + * write_certificate_verify), so let's just use what we have. * * However, we still minimally parse the message to check it is at least * superficially sane. From bc32e4a1515261781480f3c9c390ce56eaacf262 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 17:31:49 +0000 Subject: [PATCH 083/399] Use the SSL IO and time callback typedefs consistently The callback typedefs defined for mbedtls_ssl_set_bio() and mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were referenced in structures or in code. --- include/mbedtls/ssl.h | 236 +++++++++++++++++++++--------------------- library/ssl_tls.c | 10 +- 2 files changed, 123 insertions(+), 123 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b89d4ed0d..9bd105149 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -411,6 +411,116 @@ typedef enum } mbedtls_ssl_states; +/** + * \brief Callback type: send data on the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer holding the date to send + * \param len Length of the data to send + * + * \return The callback must return the number of bytes sent if any, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE + * must be returned when the operation would block. + * + * \note The callback is allowed to send less bytes than requested. + * It must always return the number of bytes actually sent. + */ +typedef int mbedtls_ssl_send_t( void *ctx, + const unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the receive callback (typically a file + * descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * + * \return The callback must return the number of bytes received, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ + * must be returned when the operation would block. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_t( void *ctx, + unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network, with timeout + * + * \note That callback must block until data is received, or the + * timeout delay expires, or the operation is interrupted by a + * signal. + * + * \param ctx Context for the receive callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * \param timeout Maximum nomber of millisecondes to wait for data + * 0 means no timeout (potentially wait forever) + * + * \return The callback must return the number of bytes received, + * or a non-zero error code: + * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, + * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_timeout_t( void *ctx, + unsigned char *buf, + size_t len, + uint32_t timeout ); +/** + * \brief Callback type: set a pair of timers/delays to watch + * + * \param ctx Context pointer + * \param int_ms Intermediate delay in milliseconds + * \param fin_ms Final delay in milliseconds + * 0 cancels the current timer. + * + * \note This callback must at least store the necessary information + * for the associated \c mbedtls_ssl_get_timer_t callback to + * return correct information. + * + * \note If using a event-driven style of programming, an event must + * be generated when the final delay is passed. The event must + * cause a call to \c mbedtls_ssl_handshake() with the proper + * SSL context to be scheduled. Care must be taken to ensure + * that at most one such call happens at a time. + * + * \note Only one timer at a time must be running. Calling this + * function while a timer is running must cancel it. Cancelled + * timers must not generate any event. + */ +typedef void mbedtls_ssl_set_timer_t( void * ctx, + uint32_t int_ms, + uint32_t fin_ms ); + +/** + * \brief Callback type: get status of timers/delays + * + * \param ctx Context pointer + * + * \return This callback must return: + * -1 if cancelled (fin_ms == 0), + * 0 if none of the delays is passed, + * 1 if only the intermediate delay is passed, + * 2 if the final delay is passed. + */ +typedef int mbedtls_ssl_get_timer_t( void * ctx ); + + /* Defined below */ typedef struct mbedtls_ssl_session mbedtls_ssl_session; typedef struct mbedtls_ssl_context mbedtls_ssl_context; @@ -662,12 +772,11 @@ struct mbedtls_ssl_context unsigned badmac_seen; /*!< records with a bad MAC received */ #endif - /* - * Callbacks - */ - int (*f_send)(void *, const unsigned char *, size_t); - int (*f_recv)(void *, unsigned char *, size_t); - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t); + mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ + mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ + mbedtls_ssl_recv_timeout_t *f_recv_timeout; + /*!< Callback for network receive with timeout */ + void *p_bio; /*!< context for I/O operations */ /* @@ -693,8 +802,9 @@ struct mbedtls_ssl_context * Timers */ void *p_timer; /*!< context for the timer callbacks */ - void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */ - int (*f_get_timer)(void *); /*!< get timer callback */ + + mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */ + mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */ /* * Record layer (incoming data) @@ -969,77 +1079,6 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg ); -/** - * \brief Callback type: send data on the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the send callback (typically a file descriptor) - * \param buf Buffer holding the date to send - * \param len Length of the data to send - * - * \return The callback must return the number of bytes sent if any, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE - * must be returned when the operation would block. - * - * \note The callback is allowed to send less bytes than requested. - * It must always return the number of bytes actually sent. - */ -typedef int mbedtls_ssl_send_t( void *ctx, - const unsigned char *buf, - size_t len ); - -/** - * \brief Callback type: receive data from the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the receive callback (typically a file - * descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * - * \return The callback must return the number of bytes received, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ - * must be returned when the operation would block. - * - * \note The callback may receive less bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_t( void *ctx, - unsigned char *buf, - size_t len ); - -/** - * \brief Callback type: receive data from the network, with timeout - * - * \note That callback must block until data is received, or the - * timeout delay expires, or the operation is interrupted by a - * signal. - * - * \param ctx Context for the receive callback (typically a file descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * \param timeout Maximum nomber of millisecondes to wait for data - * 0 means no timeout (potentially wait forever) - * - * \return The callback must return the number of bytes received, - * or a non-zero error code: - * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, - * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * - * \note The callback may receive less bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_timeout_t( void *ctx, - unsigned char *buf, - size_t len, - uint32_t timeout ); - /** * \brief Set the underlying BIO callbacks for write, read and * read-with-timeout. @@ -1093,45 +1132,6 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, */ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); -/** - * \brief Callback type: set a pair of timers/delays to watch - * - * \param ctx Context pointer - * \param int_ms Intermediate delay in milliseconds - * \param fin_ms Final delay in milliseconds - * 0 cancels the current timer. - * - * \note This callback must at least store the necessary information - * for the associated \c mbedtls_ssl_get_timer_t callback to - * return correct information. - * - * \note If using a event-driven style of programming, an event must - * be generated when the final delay is passed. The event must - * cause a call to \c mbedtls_ssl_handshake() with the proper - * SSL context to be scheduled. Care must be taken to ensure - * that at most one such call happens at a time. - * - * \note Only one timer at a time must be running. Calling this - * function while a timer is running must cancel it. Cancelled - * timers must not generate any event. - */ -typedef void mbedtls_ssl_set_timer_t( void * ctx, - uint32_t int_ms, - uint32_t fin_ms ); - -/** - * \brief Callback type: get status of timers/delays - * - * \param ctx Context pointer - * - * \return This callback must return: - * -1 if cancelled (fin_ms == 0), - * 0 if none of the delays is passed, - * 1 if only the intermediate delay is passed, - * 2 if the final delay is passed. - */ -typedef int mbedtls_ssl_get_timer_t( void * ctx ); - /** * \brief Set the timer callbacks (Mandatory for DTLS.) * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index afbcdd99c..1c44b7ddb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5598,9 +5598,9 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void *p_bio, - int (*f_send)(void *, const unsigned char *, size_t), - int (*f_recv)(void *, unsigned char *, size_t), - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) ) + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout ) { ssl->p_bio = p_bio; ssl->f_send = f_send; @@ -5615,8 +5615,8 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, - void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms), - int (*f_get_timer)(void *) ) + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer ) { ssl->p_timer = p_timer; ssl->f_set_timer = f_set_timer; From 3990f626692b6119cc0f5a67a6f5ac8666404553 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 26 Jan 2016 22:13:58 +0000 Subject: [PATCH 084/399] Parameterised the test suite applications All test suites can now take an arbitrary test file. --- tests/suites/main_test.function | 143 ++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 60 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 420ee7697..61c7337a6 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -240,10 +240,13 @@ static int run_test_snprintf( void ) test_snprintf( 5, "123", 3 ) != 0 ); } -int main() +int main(int argc, const char *argv[]) { - int ret, i, cnt, total_errors = 0, total_tests = 0, total_skipped = 0; - const char *filename = "TEST_FILENAME"; + int testfile_index, testfile_count, ret, i, cnt; + int total_errors = 0, total_tests = 0, total_skipped = 0; + const char *default_filename = "TEST_FILENAME"; + const char *test_filename = NULL; + const char **test_files = NULL; FILE *file; char buf[5000]; char *params[50]; @@ -276,78 +279,98 @@ int main() return( 0 ); } - file = fopen( filename, "r" ); - if( file == NULL ) + if ( argc <= 1 ) { - mbedtls_fprintf( stderr, "Failed to open\n" ); - return( 1 ); + test_files = &default_filename; + testfile_count = 1; + } + else + { + test_files = &argv[1]; + testfile_count = argc - 1; } - while( !feof( file ) ) + for ( testfile_index = 0; + testfile_index < testfile_count; + testfile_index++ ) { - int skip = 0; + test_filename = test_files[ testfile_index ]; - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); - mbedtls_fprintf( stdout, " " ); - for( i = strlen( buf ) + 1; i < 67; i++ ) - mbedtls_fprintf( stdout, "." ); - mbedtls_fprintf( stdout, " " ); - fflush( stdout ); - - total_tests++; - - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - cnt = parse_arguments( buf, strlen(buf), params ); - - if( strcmp( params[0], "depends_on" ) == 0 ) + file = fopen( test_filename, "r" ); + if( file == NULL ) { - for( i = 1; i < cnt; i++ ) - if( dep_check( params[i] ) != 0 ) - skip = 1; + mbedtls_fprintf( stderr, "Failed to open test file: %s\n", + test_filename ); + return( 1 ); + } + + while( !feof( file ) ) + { + int skip = 0; + + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); + mbedtls_fprintf( stdout, " " ); + for( i = strlen( buf ) + 1; i < 67; i++ ) + mbedtls_fprintf( stdout, "." ); + mbedtls_fprintf( stdout, " " ); + fflush( stdout ); + + total_tests++; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; cnt = parse_arguments( buf, strlen(buf), params ); - } - if( skip == 0 ) - { - test_errors = 0; - ret = dispatch_test( cnt, params ); - } + if( strcmp( params[0], "depends_on" ) == 0 ) + { + for( i = 1; i < cnt; i++ ) + if( dep_check( params[i] ) != 0 ) + skip = 1; - if( skip == 1 || ret == 3 ) - { - total_skipped++; - mbedtls_fprintf( stdout, "----\n" ); - fflush( stdout ); - } - else if( ret == 0 && test_errors == 0 ) - { - mbedtls_fprintf( stdout, "PASS\n" ); - fflush( stdout ); - } - else if( ret == 2 ) - { - mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); - fclose(file); - mbedtls_exit( 2 ); - } - else - total_errors++; + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + cnt = parse_arguments( buf, strlen(buf), params ); + } - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - if( strlen(buf) != 0 ) - { - mbedtls_fprintf( stderr, "Should be empty %d\n", (int) strlen(buf) ); - return( 1 ); + if( skip == 0 ) + { + test_errors = 0; + ret = dispatch_test( cnt, params ); + } + + if( skip == 1 || ret == 3 ) + { + total_skipped++; + mbedtls_fprintf( stdout, "----\n" ); + fflush( stdout ); + } + else if( ret == 0 && test_errors == 0 ) + { + mbedtls_fprintf( stdout, "PASS\n" ); + fflush( stdout ); + } + else if( ret == 2 ) + { + mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); + fclose(file); + mbedtls_exit( 2 ); + } + else + total_errors++; + + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + if( strlen(buf) != 0 ) + { + mbedtls_fprintf( stderr, "Should be empty %d\n", + (int) strlen(buf) ); + return( 1 ); + } } + fclose(file); } - fclose(file); mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n"); if( total_errors == 0 ) From f51f088656438d2f92d475f24f98c14ad1a8fc94 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 26 Jan 2016 22:15:11 +0000 Subject: [PATCH 085/399] Added script to split the test case data files Script generate-afl-tests.sh will split the test suite data files into individual test case files, suitable for fuzzing. --- tests/scripts/generate-afl-tests.sh | 68 +++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100755 tests/scripts/generate-afl-tests.sh diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh new file mode 100755 index 000000000..cbc2f5906 --- /dev/null +++ b/tests/scripts/generate-afl-tests.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +# This script splits the data test files containing the test cases into +# individual files (one test case per file) suitable for use with afl +# (American Fuzzy Lop). http://lcamtuf.coredump.cx/afl/ +# +# Usage: generate-afl-tests.sh +# - should be the path to one of the test suite files +# such as 'test_suite_mpi.data' + +# Abort on errors +set -e + +if [ -z $1 ] +then + echo " [!] No test file specified" >&2 + echo "Usage: $0 " >&2 + exit 1 +fi + +SRC_FILEPATH=$(dirname $1)/$(basename $1) +TESTSUITE=$(basename $1 .data) + +THIS_DIR=$(basename $PWD) + +if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ]; +then :; +else + echo " [!] Must be run from mbed TLS tests directory" >&2 + exit 1 +fi + +DEST_TESTCASE_DIR=$TESTSUITE-afl-tests +DEST_OUTPUT_DIR=$TESTSUITE-afl-out + +echo " [+] Creating output directories" >&2 + +if [ -e $DEST_OUTPUT_DIR/* ]; +then : + echo " [!] Test output files already exist." >&2 + exit 1 +else + mkdir -p $DEST_OUTPUT_DIR +fi + +if [ -e $DEST_TESTCASE_DIR/* ]; +then : + echo " [!] Test output files already exist." >&2 +else + mkdir -p $DEST_TESTCASE_DIR +fi + +echo " [+] Creating test cases" >&2 +cd $DEST_TESTCASE_DIR + +split -p '^\s*$' ../$SRC_FILEPATH + +for f in *; +do + # Strip out any blank lines (no trim on OS X) + sed '/^\s*$/d' $f >testcase_$f + rm $f +done + +cd .. + +echo " [+] Test cases in $DEST_TESTCASE_DIR" >&2 + From 26f9a7098a99e84975b947c34390bc84a975f118 Mon Sep 17 00:00:00 2001 From: SimonB Date: Wed, 10 Feb 2016 23:50:28 +0000 Subject: [PATCH 086/399] Clarified purpose and usage of generate_code.pl Added comments to explain purpose and usage of generate_code.pl --- tests/scripts/generate_code.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 1c7a281d7..581320e2d 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -1,5 +1,12 @@ #!/usr/bin/env perl + +# generate_code.pl # +# Generates the test suite code given inputs of the test suite directory that +# contain the test suites, and the test suite file names for the test code and +# test data. +# +# Usage: generate_code.pl [main code file] use strict; From 16177a40335f2afa6e844fe699ef3f9d6265288b Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 15 Feb 2016 23:27:28 +0000 Subject: [PATCH 087/399] Added support for per test suite helper functions Added to generate_code.pl: - support for per test suite helper functions - description of the structure of the files the script uses to construct the test suite file - delimiters through the source code to make the machine generated code easier to understand --- tests/scripts/generate_code.pl | 73 +++++++++++++++++++++++++++++++-- tests/suites/main_test.function | 12 ++++++ 2 files changed, 81 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 581320e2d..ba61b680a 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -2,11 +2,47 @@ # generate_code.pl # +# Purpose +# # Generates the test suite code given inputs of the test suite directory that # contain the test suites, and the test suite file names for the test code and # test data. # # Usage: generate_code.pl [main code file] +# +# Structure of files +# +# - main code file - 'main_test.function' +# Template file that contains the main() function for the test suite, +# test dispatch code as well as support functions. It contains the +# following symbols which are substituted by this script during +# processing: +# TEST_FILENAME +# SUITE_PRE_DEP +# MAPPING_CODE +# FUNCTION CODE +# SUITE_POST_DEP +# DEP_CHECK_CODE +# DISPATCH_FUNCTION +# +# - common helper code file - 'helpers.function' +# Common helper functions +# +# - test suite code file - file name in the form 'test_suite_xxx.function' +# Code file that contains the actual test cases. The file contains a +# series of code sequences delimited by the following: +# BEGIN_HEADER / END_HEADER - list of headers files +# BEGIN_SUITE_HELPERS / END_SUITE_HELPERS - helper functions common to +# the test suite +# BEGIN_CASE / END_CASE - the test cases in the test suite. Each test +# case contains at least one function that is used to create the +# dispatch code. +# +# - test data file - file name in the form 'test_suite_xxxx.data' +# The test case parameters to to be used in execution of the test. The +# file name is used to replace the symbol 'TEST_FILENAME' in the main code +# file above. +# use strict; @@ -15,15 +51,16 @@ my $suite_name = shift or die "Missing suite name"; my $data_name = shift or die "Missing data name"; my $test_main_file = do { my $arg = shift; defined($arg) ? $arg : $suite_dir."/main_test.function" }; my $test_file = $data_name.".c"; -my $test_helper_file = $suite_dir."/helpers.function"; +my $test_common_helper_file = $suite_dir."/helpers.function"; my $test_case_file = $suite_dir."/".$suite_name.".function"; my $test_case_data = $suite_dir."/".$data_name.".data"; my $line_separator = $/; undef $/; -open(TEST_HELPERS, "$test_helper_file") or die "Opening test helpers '$test_helper_file': $!"; -my $test_helpers = ; +open(TEST_HELPERS, "$test_common_helper_file") or die "Opening test helpers +'$test_common_helper_file': $!"; +my $test_common_helpers = ; close(TEST_HELPERS); open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!"; @@ -40,6 +77,7 @@ close(TEST_DATA); my ( $suite_header ) = $test_cases =~ /\/\* BEGIN_HEADER \*\/\n(.*?)\n\/\* END_HEADER \*\//s; my ( $suite_defines ) = $test_cases =~ /\/\* BEGIN_DEPENDENCIES\n \* (.*?)\n \* END_DEPENDENCIES/s; +my ( $suite_helpers ) = $test_cases =~ /\/\* BEGIN_SUITE_HELPERS \*\/\n(.*?)\n\/\* END_SUITE_HELPERS \*\//s; my $requirements; if ($suite_defines =~ /^depends_on:/) @@ -67,16 +105,43 @@ $/ = $line_separator; open(TEST_FILE, ">$test_file") or die "Opening destination file '$test_file': $!"; print TEST_FILE << "END"; +/* + * *** THIS FILE HAS BEEN MACHINE GENERATED *** + * + * This file has been machine generated using the script: $0 + * + * Test file : $test_file + * + * The following files were used to create this file. + * + * Main code file : $test_main_file + * Helper file : $test_common_helper_file + * Test suite file : $test_case_file + * Test suite daya : $test_case_data + * + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + #if !defined(MBEDTLS_CONFIG_FILE) #include #else #include MBEDTLS_CONFIG_FILE #endif -$test_helpers + +/*----------------------------------------------------------------------------*/ +/* Common helper functions */ + +$test_common_helpers + + +/*----------------------------------------------------------------------------*/ +/* Test Suite Code */ $suite_pre_code $suite_header +$suite_helpers $suite_post_code END diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 61c7337a6..2a21441a4 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -101,9 +101,17 @@ MAPPING_CODE return( -1 ); } + +/*----------------------------------------------------------------------------*/ +/* Test Case code */ + FUNCTION_CODE SUITE_POST_DEP + +/*----------------------------------------------------------------------------*/ +/* Test dispatch code */ + int dep_check( char *str ) { if( str == NULL ) @@ -133,6 +141,10 @@ DISPATCH_FUNCTION return( ret ); } + +/*----------------------------------------------------------------------------*/ +/* Main Test code */ + int get_line( FILE *f, char *buf, size_t len ) { char *ret; From 32ff13ae3dfc07e0d4082a6c4bc26f5c90b13af0 Mon Sep 17 00:00:00 2001 From: SimonB Date: Wed, 17 Feb 2016 23:34:30 +0000 Subject: [PATCH 088/399] Refactored test suite template code Restructed test suite helper and main code to support tests suite helper functions, changed C++ comments to C-style, and made the generated source code more navigable. --- tests/scripts/generate_code.pl | 2 +- tests/suites/helpers.function | 41 ++++++++++++++++++++++++++++++++- tests/suites/main_test.function | 40 +------------------------------- 3 files changed, 42 insertions(+), 41 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index ba61b680a..30ee6b01c 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -131,7 +131,7 @@ print TEST_FILE << "END"; /*----------------------------------------------------------------------------*/ -/* Common helper functions */ +/* Common helper code */ $test_common_helpers diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 8f681dbd4..c18eed895 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -1,3 +1,6 @@ +/*----------------------------------------------------------------------------*/ +/* Headers */ + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -12,6 +15,10 @@ #define mbedtls_snprintf snprintf #endif +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#include "mbedtls/memory_buffer_alloc.h" +#endif + #ifdef _MSC_VER #include typedef UINT32 uint32_t; @@ -23,6 +30,25 @@ typedef UINT32 uint32_t; #include #include + +/*----------------------------------------------------------------------------*/ +/* Global variables */ + +static int test_errors = 0; + + +/*----------------------------------------------------------------------------*/ +/* Macros */ + +#define TEST_ASSERT( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST ); \ + goto exit; \ + } \ + } while( 0 ) + #define assert(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ @@ -53,11 +79,15 @@ typedef UINT32 uint32_t; } #endif + +/*----------------------------------------------------------------------------*/ +/* Helper Functions */ + static int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; - assert( strlen( ibuf ) % 2 == 0 ); // must be even number of bytes + assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ while( *ibuf != 0 ) { @@ -298,3 +328,12 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } + +static void test_fail( const char *test ) +{ + test_errors++; + if( test_errors == 1 ) + mbedtls_printf( "FAILED\n" ); + mbedtls_printf( " %s\n", test ); +} + diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 2a21441a4..7ec69b45d 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -1,44 +1,6 @@ -#include - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_exit exit -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -static int test_errors = 0; - SUITE_PRE_DEP #define TEST_SUITE_ACTIVE -static void test_fail( const char *test ) -{ - test_errors++; - if( test_errors == 1 ) - mbedtls_printf( "FAILED\n" ); - mbedtls_printf( " %s\n", test ); -} - -#define TEST_ASSERT( TEST ) \ - do { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST ); \ - goto exit; \ - } \ - } while( 0 ) - int verify_string( char **str ) { if( (*str)[0] != '"' || @@ -190,7 +152,7 @@ int parse_arguments( char *buf, size_t len, char *params[50] ) p++; } - // Replace newlines, question marks and colons in strings + /* Replace newlines, question marks and colons in strings */ for( i = 0; i < cnt; i++ ) { p = params[i]; From e919f76e0daab484fff6257a7a45c6493294af58 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 18:35:02 +0000 Subject: [PATCH 089/399] Fix typos and add copyright statement to generate_code.pl --- tests/scripts/generate_code.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 30ee6b01c..5c623f8a7 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -2,6 +2,8 @@ # generate_code.pl # +# Copyright (c) 2009-2016, ARM Limited, All Rights Reserved +# # Purpose # # Generates the test suite code given inputs of the test suite directory that @@ -117,7 +119,7 @@ print TEST_FILE << "END"; * Main code file : $test_main_file * Helper file : $test_common_helper_file * Test suite file : $test_case_file - * Test suite daya : $test_case_data + * Test suite data : $test_case_data * * * This file is part of mbed TLS (https://tls.mbed.org) From a155afb9d7448a11c068c53595f80ae6eada3e76 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 18 Feb 2016 17:28:04 +0000 Subject: [PATCH 090/399] X509: Future CA among trusted: add unit tests --- tests/data_files/test-ca2-future.crt | 13 +++++++++ .../test-ca2_cat-future-present.crt | 28 +++++++++++++++++++ .../test-ca2_cat-present-future.crt | 28 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 4 files changed, 77 insertions(+) create mode 100644 tests/data_files/test-ca2-future.crt create mode 100644 tests/data_files/test-ca2_cat-future-present.crt create mode 100644 tests/data_files/test-ca2_cat-present-future.crt diff --git a/tests/data_files/test-ca2-future.crt b/tests/data_files/test-ca2-future.crt new file mode 100644 index 000000000..d75729936 --- /dev/null +++ b/tests/data_files/test-ca2-future.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-future-present.crt b/tests/data_files/test-ca2_cat-future-present.crt new file mode 100644 index 000000000..776e725cb --- /dev/null +++ b/tests/data_files/test-ca2_cat-future-present.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-future.crt b/tests/data_files/test-ca2_cat-present-future.crt new file mode 100644 index 000000000..d62ed09cd --- /dev/null +++ b/tests/data_files/test-ca2_cat-present-future.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2f2137f54..ef6ba3c88 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -699,6 +699,14 @@ X509 Certificate verification #81 (multiple CRLs, none relevant) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL" +X509 Certificate verification #82 (Not yet valid CA and valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #83 (valid CA and Not yet valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From f4a65d66bf0f7e7689c622c094f912a8d01bfc47 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Feb 2016 15:57:17 +0000 Subject: [PATCH 091/399] X509: Future CA among trusted: add more tests --- tests/data_files/test-ca2-expired.crt | 13 +++++++++ .../data_files/test-ca2_cat-past-present.crt | 28 +++++++++++++++++++ .../data_files/test-ca2_cat-present-past.crt | 28 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 4 files changed, 77 insertions(+) create mode 100644 tests/data_files/test-ca2-expired.crt create mode 100644 tests/data_files/test-ca2_cat-past-present.crt create mode 100644 tests/data_files/test-ca2_cat-present-past.crt diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt new file mode 100644 index 000000000..22e4797f3 --- /dev/null +++ b/tests/data_files/test-ca2-expired.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-present.crt b/tests/data_files/test-ca2_cat-past-present.crt new file mode 100644 index 000000000..bc1ba9a2e --- /dev/null +++ b/tests/data_files/test-ca2_cat-past-present.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-past.crt b/tests/data_files/test-ca2_cat-present-past.crt new file mode 100644 index 000000000..a321d5dd7 --- /dev/null +++ b/tests/data_files/test-ca2_cat-present-past.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ef6ba3c88..0008d3d2c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -707,6 +707,14 @@ X509 Certificate verification #83 (valid CA and Not yet valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" +X509 Certificate verification #84 (valid CA and Not yet valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #85 (Not yet valid CA and valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From 855ec587a46d5e27b7a13ecade7f1a880d42f76a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Feb 2016 15:58:21 +0000 Subject: [PATCH 092/399] X509: Fix bug triggered by future CA among trusted Fix an issue that caused valid certificates being rejected whenever an expired or not yet valid version of the trusted certificate was before the valid version in the trusted certificate list. --- ChangeLog | 3 +++ library/x509_crt.c | 16 ++++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index a875347c9..7073804c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ Bugfix * Fix issue in Makefile that prevented building using armar. #386 * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. + * Fix an issue that caused valid certificates being rejected whenever an + expired or not yet valid version of the trusted certificate was before the + valid version in the trusted certificate list. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/x509_crt.c b/library/x509_crt.c index 3eaf5bc14..334b8ef51 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1932,6 +1932,16 @@ static int x509_crt_verify_top( continue; } + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) + { + continue; + } + + if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + { + continue; + } + if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, child->sig_md, hash, mbedtls_md_get_size( md_info ), child->sig.p, child->sig.len ) != 0 ) @@ -1967,12 +1977,6 @@ static int x509_crt_verify_top( ((void) ca_crl); #endif - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) - ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; - - if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) - ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; - if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, From e3241670b1f1d08a871cc77168023714e1398f67 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 20:26:16 +0000 Subject: [PATCH 093/399] Remove redundant test certificates and clarify ChangeLog --- ChangeLog | 6 +++--- tests/data_files/test-ca2-expired.crt | 13 ------------- tests/data_files/test-ca2-future.crt | 13 ------------- 3 files changed, 3 insertions(+), 29 deletions(-) delete mode 100644 tests/data_files/test-ca2-expired.crt delete mode 100644 tests/data_files/test-ca2-future.crt diff --git a/ChangeLog b/ChangeLog index 7073804c2..e26a04fcf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,9 +18,9 @@ Bugfix * Fix issue in Makefile that prevented building using armar. #386 * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. - * Fix an issue that caused valid certificates being rejected whenever an - expired or not yet valid version of the trusted certificate was before the - valid version in the trusted certificate list. + * Fix an issue that caused valid certificates to be rejected whenever an + expired or not yet valid certificate was parsed before a valid certificate + in the trusted certificate list. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt deleted file mode 100644 index 22e4797f3..000000000 --- a/tests/data_files/test-ca2-expired.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP -tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm -l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg ------END CERTIFICATE----- diff --git a/tests/data_files/test-ca2-future.crt b/tests/data_files/test-ca2-future.crt deleted file mode 100644 index d75729936..000000000 --- a/tests/data_files/test-ca2-future.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== ------END CERTIFICATE----- From 05884db0431e6642182573d05aae21f5dd5d804d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 094/399] Add Changelog entry for current branch --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e26a04fcf..113acd58a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,10 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). - * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 2a85c3998c8bab628c939b87e4c0abde0676c8b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 11 Feb 2016 10:35:13 +0100 Subject: [PATCH 095/399] Add precision about exploitability in ChangeLog Also fix some whitespace while at it. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 113acd58a..78ce7f929 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Security required by PKCS1 v2.2 * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 2e4370119a255d459df88c06ec12b83af45aa590 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 21:19:12 +0000 Subject: [PATCH 096/399] Swap C++ comments to C for style consistency in rsa.c --- library/rsa.c | 61 +++++++++++++++++++++------------------------------ 1 file changed, 25 insertions(+), 36 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 4c85c29d4..69db220ba 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -471,8 +471,7 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, hlen = mbedtls_md_get_size( md_ctx->md_info ); - // Generate and apply dbMask - // + /* Generate and apply dbMask */ p = dst; while( dlen > 0 ) @@ -529,7 +528,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - // first comparison checks for overflow + /* first comparison checks for overflow */ if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -537,15 +536,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, *p++ = 0; - // Generate a random octet string seed - // + /* Generate a random octet string seed */ if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); p += hlen; - // Construct DB - // + /* Construct DB */ mbedtls_md( md_info, label, label_len, p ); p += hlen; p += olen - 2 * hlen - 2 - ilen; @@ -555,13 +552,11 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); - // maskedDB: Apply dbMask to DB - // + /* maskedDB: Apply dbMask to DB */ mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, &md_ctx ); - // maskedSeed: Apply seedMask to seed - // + /* maskedSeed: Apply seedMask to seed */ mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, &md_ctx ); @@ -596,7 +591,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; - // first comparison checks for overflow + /* first comparison checks for overflow */ if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -615,8 +610,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, ret = f_rng( p_rng, p, 1 ); } while( *p == 0 && --rng_dl && ret == 0 ); - // Check if RNG failed to generate data - // + /* Check if RNG failed to generate data */ if( rng_dl == 0 || ret != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); @@ -934,8 +928,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, if( md_alg != MBEDTLS_MD_NONE ) { - // Gather length of hash to sign - // + /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -955,13 +948,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, memset( sig, 0, olen ); - // Generate salt of length slen - // + /* Generate salt of length slen */ if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); - // Note: EMSA-PSS encoding is over the length of N - 1 bits - // + /* Note: EMSA-PSS encoding is over the length of N - 1 bits */ msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; p += olen - hlen * 2 - 2; *p++ = 0x01; @@ -971,21 +962,18 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); - // Generate H = Hash( M' ) - // + /* Generate H = Hash( M' ) */ mbedtls_md_starts( &md_ctx ); mbedtls_md_update( &md_ctx, p, 8 ); mbedtls_md_update( &md_ctx, hash, hashlen ); mbedtls_md_update( &md_ctx, salt, slen ); mbedtls_md_finish( &md_ctx, p ); - // Compensate for boundary condition when applying mask - // + /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) offset = 1; - // maskedDB: Apply dbMask to DB - // + /* maskedDB: Apply dbMask to DB */ mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); mbedtls_md_free( &md_ctx ); @@ -1209,8 +1197,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, if( md_alg != MBEDTLS_MD_NONE ) { - // Gather length of hash to sign - // + /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1227,12 +1214,12 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, memset( zeros, 0, 8 ); - // Note: EMSA-PSS verification is over the length of N - 1 bits - // + /* + * Note: EMSA-PSS verification is over the length of N - 1 bits + */ msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; - // Compensate for boundary condition when applying mask - // + /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) { p++; @@ -1268,8 +1255,9 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_INVALID_PADDING ); } - // Generate H = Hash( M' ) - // + /* + * Generate H = Hash( M' ) + */ mbedtls_md_starts( &md_ctx ); mbedtls_md_update( &md_ctx, zeros, 8 ); mbedtls_md_update( &md_ctx, hash, hashlen ); @@ -1374,8 +1362,9 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, end = p + len; - // Parse the ASN.1 structure inside the PKCS#1 v1.5 structure - // + /* + * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure + */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); From 25f2c4c028f45ec1e44dfc6d53c2b23bb7b13625 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 2 Mar 2016 17:00:16 +0000 Subject: [PATCH 097/399] Update mbed-drivers dependency to v1.0.0 --- yotta/data/module.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yotta/data/module.json b/yotta/data/module.json index 6345f080e..0569e6246 100644 --- a/yotta/data/module.json +++ b/yotta/data/module.json @@ -13,6 +13,6 @@ "mbed": { "cmsis-core": "^1.0.0" } }, "testTargetDependencies": { - "mbed": { "mbed-drivers": "~0.11.0" } + "mbed": { "mbed-drivers": "^1.0.0" } } } From 5d23716e20d6d2b7877a440808c4d5839bfc0306 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 4 Mar 2016 22:21:52 +0000 Subject: [PATCH 098/399] Add missing dependencies to X509 Parse test suite for P-384 curve The test script curves.pl was failing on testing dependencies for the P-384 curve on the new test cases introduced by ede75f0 and 884b4fc. --- tests/suites/test_suite_x509parse.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0008d3d2c..b21a64090 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -700,19 +700,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED: x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL" X509 Certificate verification #82 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #83 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #84 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #85 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification callback: trusted EE cert From b3c6978c7e21823b111402194c4b85102a2785cb Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 4 Mar 2016 23:26:57 +0000 Subject: [PATCH 099/399] Add copright, and better documentation to curves.pl The purpose and use of the test script, curves.pl was not obvious without reading the source code, plus the file was missing a copyright statement. --- tests/scripts/curves.pl | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 654bc5c3e..85eb7e651 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -1,10 +1,25 @@ #!/usr/bin/perl -# test dependencies on individual curves in tests -# - build -# - run test suite +# curves.pl # -# Usage: tests/scripts/curves.pl +# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# To test the code dependencies on individual curves in each test suite. This +# is a verification step to ensure we don't ship test suites that do not work +# for some build options. +# +# The process is: +# for each possible curve +# build the library and test suites with the curve disabled +# execute the test suites +# +# And any test suite with the wrong dependencies will fail. +# +# Usage: curves.pl +# +# This script should be executed from the root of the project directory. use warnings; use strict; From a720ced4030d8fabf47373037642617cab9dc990 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 7 Mar 2016 15:57:05 +0000 Subject: [PATCH 100/399] Update default configuration Change the default settings for SSL and modify the tests accordingly. --- CMakeLists.txt | 2 +- include/mbedtls/config.h | 2 +- tests/ssl-opt.sh | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 094d9069b..ffaf677c5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -100,7 +100,7 @@ if(ENABLE_TESTING) ADD_CUSTOM_TARGET(covtest COMMAND make test COMMAND programs/test/selftest - COMMAND tests/compat.sh + COMMAND tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' COMMAND tests/ssl-opt.sh ) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c69ba1bcb..ee1a23a51 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1058,7 +1058,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -#define MBEDTLS_SSL_PROTO_SSL3 +//#define MBEDTLS_SSL_PROTO_SSL3 /** * \def MBEDTLS_SSL_PROTO_TLS1 diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c0b6f94d6..8792b21c2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -695,6 +695,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \ -C "using encrypt then mac" \ -S "using encrypt then mac" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Encrypt then MAC: client SSLv3, server enabled" \ "$P_SRV debug_level=3 min_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -707,6 +708,7 @@ run_test "Encrypt then MAC: client SSLv3, server enabled" \ -C "using encrypt then mac" \ -S "using encrypt then mac" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Encrypt then MAC: client enabled, server SSLv3" \ "$P_SRV debug_level=3 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -754,6 +756,7 @@ run_test "Extended Master Secret: client disabled, server enabled" \ -C "using extended master secret" \ -S "using extended master secret" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Extended Master Secret: client SSLv3, server enabled" \ "$P_SRV debug_level=3 min_version=ssl3" \ "$P_CLI debug_level=3 force_version=ssl3" \ @@ -765,6 +768,7 @@ run_test "Extended Master Secret: client SSLv3, server enabled" \ -C "using extended master secret" \ -S "using extended master secret" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Extended Master Secret: client enabled, server SSLv3" \ "$P_SRV debug_level=3 force_version=ssl3" \ "$P_CLI debug_level=3 min_version=ssl3" \ @@ -883,6 +887,7 @@ run_test "CBC Record splitting: TLS 1.0, splitting" \ -s "Read from client: 1 bytes read" \ -s "122 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "CBC Record splitting: SSLv3, splitting" \ "$P_SRV min_version=ssl3" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -1674,6 +1679,7 @@ run_test "Authentication: client no cert, openssl server optional" \ -c "skip write certificate verify" \ -C "! mbedtls_ssl_handshake returned" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Authentication: client no cert, ssl3" \ "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ @@ -2593,6 +2599,7 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Tests for ciphersuites per version +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Per-version suites: SSL3" \ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=ssl3" \ @@ -2642,6 +2649,7 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \ # Tests for small packets +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Small packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=1 force_version=ssl3 \ @@ -2649,6 +2657,7 @@ run_test "Small packet SSLv3 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Small packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=ssl3 \ @@ -2783,6 +2792,7 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \ # Test for large packets +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Large packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ @@ -2790,6 +2800,7 @@ run_test "Large packet SSLv3 BlockCipher" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Large packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=ssl3 \ From 29b215001640383592b1c5882e074675d88754b9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 7 Mar 2016 17:35:59 +0000 Subject: [PATCH 101/399] Fix the 'all tests' script for baremetal builds Fixes the test script test/scripts/all.sh which was failing at the baremetal ARM builds due to the entropy platform check introduced in 7ff4b77. --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2f716bbe5..2c63ab546 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -222,6 +222,7 @@ scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # following things are not in the default config scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c scripts/config.pl unset MBEDTLS_THREADING_PTHREAD @@ -241,6 +242,7 @@ scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_HAVE_TIME scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # following things are not in the default config scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c From 14ecd0439f7556d46d4d2a2659e6aa3b23a1ed7c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 7 Mar 2016 17:39:05 +0000 Subject: [PATCH 102/399] Fix yotta builds for change in default configs The change to defaults configurations in a720ced broke the yotta build. This fix addresses that. --- yotta/data/adjust-config.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/yotta/data/adjust-config.sh b/yotta/data/adjust-config.sh index 9088fd5e3..170d3070a 100755 --- a/yotta/data/adjust-config.sh +++ b/yotta/data/adjust-config.sh @@ -68,7 +68,6 @@ conf unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED conf unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED conf unset MBEDTLS_SSL_FALLBACK_SCSV conf unset MBEDTLS_SSL_CBC_RECORD_SPLITTING -conf unset MBEDTLS_SSL_PROTO_SSL3 conf unset MBEDTLS_SSL_PROTO_TLS1 conf unset MBEDTLS_SSL_PROTO_TLS1_1 conf unset MBEDTLS_SSL_TRUNCATED_HMAC From 342671f98295424fc5b399a0e1a8ead1b207db55 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 7 Mar 2016 23:22:10 +0000 Subject: [PATCH 103/399] Update interop tests to default configuration Removed SSLv3 from the default tests in compat.sh, and adapted the test cases in all.sh to include an additional SSLv3 regression test suite. --- CMakeLists.txt | 2 +- tests/compat.sh | 2 +- tests/scripts/all.sh | 22 ++++++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ffaf677c5..094d9069b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -100,7 +100,7 @@ if(ENABLE_TESTING) ADD_CUSTOM_TARGET(covtest COMMAND make test COMMAND programs/test/selftest - COMMAND tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' + COMMAND tests/compat.sh COMMAND tests/ssl-opt.sh ) diff --git a/tests/compat.sh b/tests/compat.sh index 4b43e33a5..a333a1916 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -45,7 +45,7 @@ else fi # default values for options -MODES="ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2" +MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2" VERIFIES="NO YES" TYPES="ECDSA RSA PSK" FILTER="" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2c63ab546..467f22a93 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1,5 +1,11 @@ #!/bin/sh +# all.sh +# +# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# +# Purpose +# # Run all available tests (mostly). # # Warning: includes various build modes, so it will mess with the current @@ -125,6 +131,22 @@ make msg "test: compat.sh (ASan build)" # ~ 6 min tests/compat.sh +msg "build: Default + SSLv3 (ASan build)" # ~ 6 min +cleanup +scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: SSLv3 - main suites and selftest (ASan build)" # ~ 50s +make test +programs/test/selftest + +msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min +tests/compat.sh -m 'ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2' + +msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min +tests/ssl-opt.sh + msg "build: cmake, full config, clang" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 8b4a1bdbb044cb1693fd36cc134d8a1493b69b15 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 7 Mar 2016 23:30:50 +0000 Subject: [PATCH 104/399] Update the ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 56464ceb0..55391816c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,7 @@ Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. + * Disabled SSLv3 in the default configuration. = mbed TLS 2.2.1 released 2016-01-05 From e726aa4946aa6f933acecb6389534bb0c1ea82d5 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 14:52:29 +0000 Subject: [PATCH 105/399] Included tests for the overflow --- library/rsa.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..3cb92f40c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -529,7 +529,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - if( olen < ilen + 2 * hlen + 2 ) + // first comparison checks for overflow + if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); memset( output, 0, olen ); @@ -594,8 +595,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - - if( olen < ilen + 11 ) + + // first comparison checks for overflow + if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen; From ff40a4b8056f88e3200f3ca559c09f03fc661358 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 106/399] Add Changelog entry for current branch --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 55391816c..4650dc565 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x branch +Security + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos From 7dc6f93db162dc86deef774e65b55af444ccc05d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 11 Feb 2016 10:35:13 +0100 Subject: [PATCH 107/399] Add precision about exploitability in ChangeLog Also fix some whitespace while at it. --- ChangeLog | 1 + library/rsa.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4650dc565..bcfe0ac94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three diff --git a/library/rsa.c b/library/rsa.c index 3cb92f40c..9150e8745 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -595,7 +595,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - + // first comparison checks for overflow if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); From 8dfdce3341538fd8cdd54b69a93e605fdf7d0bfa Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 13:59:25 +0000 Subject: [PATCH 108/399] Length check added --- library/rsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 9150e8745..2baf53257 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -856,6 +856,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } + if( pad_count < 8 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( bad ) return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From ed6a7ae681d03b7a95739a57c8b2a5befe866a8c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:14:10 +0000 Subject: [PATCH 109/399] Add Changelog entry for current branch --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index bcfe0ac94..1c8314bcf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + required by PKCS1 v2.2 Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From eb39d7d268023b47ad4a1eb2a04836a0b73adae3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 12 Feb 2016 13:18:20 +0000 Subject: [PATCH 110/399] Add tests for the bug IOTSSL-619. The main goal with these tests is to test the bug in question and they are not meant to test the entire PKCS#1 v1.5 behaviour. To achieve full test coverage, further test cases are needed. --- tests/CMakeLists.txt | 1 + tests/suites/test_suite_pkcs1_v15.data | 30 ++++++ tests/suites/test_suite_pkcs1_v15.function | 110 +++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 tests/suites/test_suite_pkcs1_v15.data create mode 100644 tests/suites/test_suite_pkcs1_v15.function diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 1cca81830..dfef1ef69 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -82,6 +82,7 @@ add_test_suite(mdx) add_test_suite(memory_buffer_alloc) add_test_suite(mpi) add_test_suite(pem) +add_test_suite(pkcs1_v15) add_test_suite(pkcs1_v21) add_test_suite(pkcs5) add_test_suite(pk) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data new file mode 100644 index 000000000..65bd99caf --- /dev/null +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -0,0 +1,30 @@ +RSAES-V15 Encryption Test Vector Int +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Decryption Test Vector Int +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Encryption Test Vector Data just fits +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Decryption Test Vector Data just fits +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Encryption Test Vector Data too long 1 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 7 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 3 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 5 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 8 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 0 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING + diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function new file mode 100644 index 000000000..90460f1d3 --- /dev/null +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -0,0 +1,110 @@ +/* BEGIN_HEADER */ +#include "mbedtls/rsa.h" +#include "mbedtls/md.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, + char *input_E, int hash, + char *message_hex_string, char *seed, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + unsigned char rnd_buf[1000]; + mbedtls_rsa_context ctx; + size_t msg_len; + rnd_buf_info info; + + info.length = unhexify( rnd_buf, seed ); + info.buf = rnd_buf; + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, + int radix_Q, char *input_Q, int radix_N, + char *input_N, int radix_E, char *input_E, + int hash, char *result_hex_str, char *seed, + char *message_hex_string, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + mbedtls_rsa_context ctx; + mbedtls_mpi P1, Q1, H, G; + size_t output_len; + rnd_pseudo_info rnd_info; + ((void) seed); + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + unhexify( message_str, message_hex_string ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 ); + } + +exit: + mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + From c7ac991ceaf19b22294b7246f4bcc70b8aa31305 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 12 Feb 2016 13:30:09 +0000 Subject: [PATCH 111/399] Removing 'if' branch from the fix. This new error shouldn't be distinguishable from other padding errors. Updating 'bad' instead of adding a new 'if' branch. --- library/rsa.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 2baf53257..4c85c29d4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -856,8 +856,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } - if( pad_count < 8 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + bad |= ( pad_count < 8 ); if( bad ) return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From 3c21bafae7db6af5163a1a34012dbc896d74b1bf Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 112/399] Add Changelog entry for current branch --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1c8314bcf..7f2b033c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,10 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). - * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 81835a19adc7bd5fc9275c89b6eb0dea9df7c5ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 11 Feb 2016 10:35:13 +0100 Subject: [PATCH 113/399] Add precision about exploitability in ChangeLog Also fix some whitespace while at it. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 7f2b033c9..bd61d9478 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Security required by PKCS1 v2.2 * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From d7515ae998f81f34314c11212a07f9e29d508891 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 21:19:12 +0000 Subject: [PATCH 114/399] Swap C++ comments to C for style consistency in rsa.c --- library/rsa.c | 61 +++++++++++++++++++++------------------------------ 1 file changed, 25 insertions(+), 36 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 4c85c29d4..69db220ba 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -471,8 +471,7 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, hlen = mbedtls_md_get_size( md_ctx->md_info ); - // Generate and apply dbMask - // + /* Generate and apply dbMask */ p = dst; while( dlen > 0 ) @@ -529,7 +528,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - // first comparison checks for overflow + /* first comparison checks for overflow */ if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -537,15 +536,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, *p++ = 0; - // Generate a random octet string seed - // + /* Generate a random octet string seed */ if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); p += hlen; - // Construct DB - // + /* Construct DB */ mbedtls_md( md_info, label, label_len, p ); p += hlen; p += olen - 2 * hlen - 2 - ilen; @@ -555,13 +552,11 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); - // maskedDB: Apply dbMask to DB - // + /* maskedDB: Apply dbMask to DB */ mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, &md_ctx ); - // maskedSeed: Apply seedMask to seed - // + /* maskedSeed: Apply seedMask to seed */ mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, &md_ctx ); @@ -596,7 +591,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; - // first comparison checks for overflow + /* first comparison checks for overflow */ if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -615,8 +610,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, ret = f_rng( p_rng, p, 1 ); } while( *p == 0 && --rng_dl && ret == 0 ); - // Check if RNG failed to generate data - // + /* Check if RNG failed to generate data */ if( rng_dl == 0 || ret != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); @@ -934,8 +928,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, if( md_alg != MBEDTLS_MD_NONE ) { - // Gather length of hash to sign - // + /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -955,13 +948,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, memset( sig, 0, olen ); - // Generate salt of length slen - // + /* Generate salt of length slen */ if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); - // Note: EMSA-PSS encoding is over the length of N - 1 bits - // + /* Note: EMSA-PSS encoding is over the length of N - 1 bits */ msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; p += olen - hlen * 2 - 2; *p++ = 0x01; @@ -971,21 +962,18 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); - // Generate H = Hash( M' ) - // + /* Generate H = Hash( M' ) */ mbedtls_md_starts( &md_ctx ); mbedtls_md_update( &md_ctx, p, 8 ); mbedtls_md_update( &md_ctx, hash, hashlen ); mbedtls_md_update( &md_ctx, salt, slen ); mbedtls_md_finish( &md_ctx, p ); - // Compensate for boundary condition when applying mask - // + /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) offset = 1; - // maskedDB: Apply dbMask to DB - // + /* maskedDB: Apply dbMask to DB */ mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); mbedtls_md_free( &md_ctx ); @@ -1209,8 +1197,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, if( md_alg != MBEDTLS_MD_NONE ) { - // Gather length of hash to sign - // + /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1227,12 +1214,12 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, memset( zeros, 0, 8 ); - // Note: EMSA-PSS verification is over the length of N - 1 bits - // + /* + * Note: EMSA-PSS verification is over the length of N - 1 bits + */ msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; - // Compensate for boundary condition when applying mask - // + /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) { p++; @@ -1268,8 +1255,9 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_INVALID_PADDING ); } - // Generate H = Hash( M' ) - // + /* + * Generate H = Hash( M' ) + */ mbedtls_md_starts( &md_ctx ); mbedtls_md_update( &md_ctx, zeros, 8 ); mbedtls_md_update( &md_ctx, hash, hashlen ); @@ -1374,8 +1362,9 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, end = p + len; - // Parse the ASN.1 structure inside the PKCS#1 v1.5 structure - // + /* + * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure + */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); From a1452b0c95dd242fe4eb09e49a825b59bf508399 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 115/399] Add Changelog entry for current branch --- ChangeLog | 3 --- 1 file changed, 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index bd61d9478..29b1aef55 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,9 +8,6 @@ Security (not triggerable remotely in (D)TLS). * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 - * Fix potential integer overflow to buffer overflow in - mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt - (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 2f5f123817552f3bacee18ff374f36f67b8d49ff Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 116/399] Add Changelog entry for current branch --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 29b1aef55..7f2b033c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ Security (not triggerable remotely in (D)TLS). * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 1dbf753502e532e5cd90fa9a13eb6b03c9676c39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 11 Feb 2016 10:35:13 +0100 Subject: [PATCH 117/399] Add precision about exploitability in ChangeLog Also fix some whitespace while at it. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 7f2b033c9..bd61d9478 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Security required by PKCS1 v2.2 * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 157cb656a9ee2a80b6a2b68bc2095f4ff46246ef Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 13 Feb 2016 23:19:04 +0000 Subject: [PATCH 118/399] Clarified mbedtls_ssl_conf_alpn_protocols() doc Clarified the lifetime of the protos parameter passed in the function mbedtls_ssl_conf_alpn_protocols(). --- include/mbedtls/ssl.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c64b1b230..4212bb03c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1882,8 +1882,11 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, * \brief Set the supported Application Layer Protocols. * * \param conf SSL configuration - * \param protos NULL-terminated list of supported protocols, - * in decreasing preference order. + * \param protos Pointer to a NULL-terminated list of supported protocols, + * in decreasing preference order. The pointer to the list is + * recorded by the library for later reference as required, so + * the lifetime of the table should be as long as the + * SSL configuration structure. * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ From 90ab4a45b55dcc23c148a83ec16098daf3ccfec0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 10:47:43 +0100 Subject: [PATCH 119/399] Fix Unix detection in mini_client fixes #398 --- programs/ssl/mini_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index d61312425..26082ef5b 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -36,7 +36,7 @@ * This is not a good example for general use. This programs has the specific * goal of minimizing use of the libc functions on full-blown OSes. */ -#if defined(unix) || defined(__unix__) || defined(__unix) +#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__) #define UNIX #endif From 9d6241269a4f5b9f12fc4d937ab71461c69611e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:10:14 +0100 Subject: [PATCH 120/399] Add note about not implementing PSK id_hint --- include/mbedtls/ssl.h | 5 +++++ library/ssl_cli.c | 7 +++++-- library/ssl_srv.c | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4212bb03c..b7782550a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1614,6 +1614,11 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * \note This is mainly useful for clients. Servers will usually * want to use \c mbedtls_ssl_conf_psk_cb() instead. * + * \note Currently clients can only register one pre-shared key. + * In other words, the servers' idendity hint is ignored. + * Please contact us if you need ability to set multiple PSKs + * on clients and select one based on the identity hint. + * * \param conf SSL configuration * \param psk pointer to the pre-shared key * \param psk_len pre-shared key length diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4452169d9..1d22d1518 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1981,8 +1981,11 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - // TODO: Retrieve PSK identity hint and callback to app - // + /* + * Note: we currently ignore the PKS identity hint, as we only allow one + * PSK to be provisionned on the client. This could be changed later if + * someone needs that feature. + */ *p += len; ret = 0; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6b5b461e1..6bd0b598a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2718,7 +2718,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { - /* TODO: Support identity hints */ + /* Note: we don't support identity hints, until someone asks + * for them. */ *(p++) = 0x00; *(p++) = 0x00; From 967994a05ed52cf19e5d88b14b6d1ba5a20dec58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:18:35 +0100 Subject: [PATCH 121/399] Remove unused code. After the record contents are decompressed, in_len is no longer accessed directly, only in_msglen is accessed. in_len is only read by ssl_parse_record_header() which happens before ssl_prepare_record_contents(). This is also made clear by the fact that in_len is not touched after decrypting anyway, so if it was accessed after that it would be wrong unless decryption is used - as this is not the case, it show in_len is not accessed. --- library/ssl_tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a4cc1ca05..0c1a7cccf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3706,10 +3706,6 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); return( ret ); } - - // TODO: what's the purpose of these lines? is in_len used? - ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); - ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); } #endif /* MBEDTLS_ZLIB_SUPPORT */ From 214a84889cfc8fd18ef08f72e4b9074b4f8472d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:27:26 +0100 Subject: [PATCH 122/399] Update note about hardcoded verify_data_length --- library/ssl_tls.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0c1a7cccf..afbcdd99c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5011,7 +5011,12 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); - // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63) + /* + * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites + * may define some other value. Currently (early 2016), no defined + * ciphersuite does this (and this is unlikely to change as activity has + * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. + */ hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; #if defined(MBEDTLS_SSL_RENEGOTIATION) From eeef9470406422af6d4f05df9a28d18af6c300dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 11:36:55 +0100 Subject: [PATCH 123/399] Clarify documentation about missing CRLs Also tune up some working while at it. --- include/mbedtls/x509_crt.h | 17 +++++++++++------ library/x509_crt.c | 9 ++------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index fe821d1cf..41b6bfe57 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -271,9 +271,14 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the * default security profile. * - * \param crt a certificate to be verified - * \param trust_ca the trusted CA chain - * \param ca_crl the CRL chain for trusted CA's + * \note It is your responsibility to provide up-to-date CRLs for + * all trusted CAs. If no CRL is provided for the CA that was + * used to sign the certificate, CRL verification is skipped + * silently, that is *without* setting any flag. + * + * \param crt a certificate (chain) to be verified + * \param trust_ca the list of trusted CAs + * \param ca_crl the list of CRLs for trusted CAs (see note above) * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) * \param flags result of the verification @@ -304,9 +309,9 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, * for ECDSA) apply to all certificates: trusted root, * intermediate CAs if any, and end entity certificate. * - * \param crt a certificate to be verified - * \param trust_ca the trusted CA chain - * \param ca_crl the CRL chain for trusted CA's + * \param crt a certificate (chain) to be verified + * \param trust_ca the list of trusted CAs + * \param ca_crl the list of CRLs for trusted CAs * \param profile security profile for verification * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) diff --git a/library/x509_crt.c b/library/x509_crt.c index 6dc5ad34f..0606eb96d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1600,7 +1600,8 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 } /* - * Check that the given certificate is valid according to the CRL. + * Check that the given certificate is not revoked according to the CRL. + * Skip validation is no CRL for the given CA is present. */ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, mbedtls_x509_crl *crl_list, @@ -1613,12 +1614,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, if( ca == NULL ) return( flags ); - /* - * TODO: What happens if no CRL is present? - * Suggestion: Revocation state should be unknown if no CRL is present. - * For backwards compatibility this is not yet implemented. - */ - while( crl_list != NULL ) { if( crl_list->version == 0 || From 56e9ae2bf28ae8ca2e2cb792310272d75e2daf64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Feb 2016 12:02:30 +0100 Subject: [PATCH 124/399] Remove unnecessary TODO comment We don't implement anonymous key exchanges, and we don't intend to, so it can never happen that an unauthenticated server requests a certificate from us. --- library/ssl_cli.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1d22d1518..5ce7d2529 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2581,9 +2581,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) ssl->record_read = 0; - // TODO: handshake_failure alert for an anonymous server to request - // client authentication - /* * struct { * ClientCertificateType certificate_types<1..2^8-1>; From d1b7f2b8cfd8b8751d701970ef1601bc91dfc28e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 14:13:22 +0000 Subject: [PATCH 125/399] ssl: ignore CertificateRequest's content for real - document why we made that choice - remove the two TODOs about checking hash and CA - remove the code that parsed certificate_type: it did nothing except store the selected type in handshake->cert_type, but that field was never accessed afterwards. Since handshake_params is now an internal type, we can remove that field without breaking the ABI. --- include/mbedtls/ssl.h | 7 +++- include/mbedtls/ssl_internal.h | 1 - library/ssl_cli.c | 67 +++++++++++++--------------------- 3 files changed, 31 insertions(+), 44 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b7782550a..24d567843 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1594,7 +1594,12 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * adequate, preference is given to the one set by the first * call to this function, then second, etc. * - * \note On client, only the first call has any effect. + * \note On client, only the first call has any effect. That is, + * only one client certificate can be provisioned. The + * server's preferences in its CertficateRequest message will + * be ignored and our only cert will be sent regardless of + * whether it matches those preferences - the server can then + * decide what it wants to do with it. * * \param conf SSL configuration * \param own_cert own public certificate chain diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 3af059f89..d63d7d4e7 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -166,7 +166,6 @@ struct mbedtls_ssl_handshake_params * Handshake specific crypto variables */ int sig_alg; /*!< Hash algorithm for signature */ - int cert_type; /*!< Requested cert type */ int verify_sig_alg; /*!< Signature algorithm for verify */ #if defined(MBEDTLS_DHM_C) mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5ce7d2529..bf6c22101 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2532,8 +2532,8 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { int ret; - unsigned char *buf, *p; - size_t n = 0, m = 0; + unsigned char *buf; + size_t n = 0; size_t cert_type_len = 0, dn_len = 0; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; @@ -2588,11 +2588,26 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * supported_signature_algorithms<2^16-1>; -- TLS 1.2 only * DistinguishedName certificate_authorities<0..2^16-1>; * } CertificateRequest; + * + * Since we only support a single certificate on clients, let's just + * ignore all the information that's supposed to help us pick a + * certificate. + * + * We could check that our certificate matches the request, and bail out + * if it doesn't, but it's simpler to just send the certificate anyway, + * and give the server the opportunity to decide if it should terminate + * the connection when it doesn't like our certificate. + * + * Same goes for the hash in TLS 1.2's signature_algorithms: at this + * point we only have one hash available (see comments in + * write_certificate_verify), so let's jsut use what we have. + * + * However, we still minimally parse the message to check it is at least + * superficially sane. */ buf = ssl->in_msg; - // Retrieve cert types - // + /* certificate_types */ cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; n = cert_type_len; @@ -2602,45 +2617,14 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); } - p = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 1; - while( cert_type_len > 0 ) - { -#if defined(MBEDTLS_RSA_C) - if( *p == MBEDTLS_SSL_CERT_TYPE_RSA_SIGN && - mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) ) - { - ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN; - break; - } - else -#endif -#if defined(MBEDTLS_ECDSA_C) - if( *p == MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN && - mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) ) - { - ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN; - break; - } - else -#endif - { - ; /* Unsupported cert type, ignore */ - } - - cert_type_len--; - p++; - } - + /* supported_signature_algorithms */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - /* Ignored, see comments about hash in write_certificate_verify */ - // TODO: should check the signature part against our pk_key though size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); - m += 2; - n += sig_alg_len; + n += 2 + sig_alg_len; if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) { @@ -2650,13 +2634,12 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - /* Ignore certificate_authorities, we only have one cert anyway */ - // TODO: should not send cert if no CA matches - dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + m + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + m + n] ) ); + /* certificate_authorities */ + dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) + | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); n += dn_len; - if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + m + n ) + if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); From 986bbf24cee600893347ba41ba7ef10a93d0971c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 14:36:05 +0000 Subject: [PATCH 126/399] x509: - --- include/mbedtls/x509_csr.h | 6 ++++++ library/x509_csr.c | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 34998a3a5..7a9c2e055 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -83,6 +83,8 @@ mbedtls_x509write_csr; /** * \brief Load a Certificate Signing Request (CSR) in DER format * + * \note CSR attributes (if any) are currently silently ignored. + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer @@ -95,6 +97,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /** * \brief Load a Certificate Signing Request (CSR), DER or PEM format * + * \note See notes for \c mbedtls_x509_csr_parse_der() + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer @@ -108,6 +112,8 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz /** * \brief Load a Certificate Signing Request (CSR) * + * \note See notes for \c mbedtls_x509_csr_parse() + * * \param csr CSR context to fill * \param path filename to read the CSR from * diff --git a/library/x509_csr.c b/library/x509_csr.c index dbf659b44..f8c45f8d2 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -207,6 +207,13 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * attributes [0] Attributes + * + * The list of possible attributes is open-ended, though RFC 2985 + * (PKCS#9) defines a few in section 5.4. We currently don't support any, + * so we just ignore them. This is a safe thing to do as the worst thing + * that could happen is that we issue a certificate that does not match + * the requester's expectations - this cannot cause a violation of our + * signature policies. */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) @@ -214,7 +221,6 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } - // TODO Parse Attributes / extension requests p += len; From 0c6aad90f2f4efc8548e892bd9dc4b3e4ff44db1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 Feb 2016 17:11:40 +0000 Subject: [PATCH 127/399] x509: remove obsolete TODO comment - basicContraints checks are done during verification - there is no need to set extensions that are not present to default values, as the code using the extension will check if it was present using ext_types. (And default values would not make sense anyway.) --- library/x509_crt.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 0606eb96d..3eaf5bc14 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -516,9 +516,6 @@ static int x509_get_subject_alt_name( unsigned char **p, /* * X.509 v3 extensions * - * TODO: Perform all of the basic constraints tests required by the RFC - * TODO: Set values for undetected extensions to a sane default? - * */ static int x509_get_crt_ext( unsigned char **p, const unsigned char *end, From c0957bdc1396847087aed62a049f5326cd686b78 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 13:16:57 +0000 Subject: [PATCH 128/399] Fix some minor typos in comments Fix spelling mistakes and typos. --- include/mbedtls/ssl.h | 12 +++++++----- library/ssl_cli.c | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 24d567843..283864cc3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -995,7 +995,8 @@ typedef int mbedtls_ssl_send_t( void *ctx, * * \note That callback may be either blocking or non-blocking. * - * \param ctx Context for the send callback (typically a file descriptor) + * \param ctx Context for the receive callback (typically a file + * descriptor) * \param buf Buffer to write the received data to * \param len Length of the receive buffer * @@ -1019,7 +1020,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * timeout delay expires, or the operation is interrupted by a * signal. * - * \param ctx Context for the send callback (typically a file descriptor) + * \param ctx Context for the receive callback (typically a file descriptor) * \param buf Buffer to write the received data to * \param len Length of the receive buffer * \param timeout Maximum nomber of millisecondes to wait for data @@ -1620,9 +1621,10 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * want to use \c mbedtls_ssl_conf_psk_cb() instead. * * \note Currently clients can only register one pre-shared key. - * In other words, the servers' idendity hint is ignored. - * Please contact us if you need ability to set multiple PSKs - * on clients and select one based on the identity hint. + * In other words, the servers' identity hint is ignored. + * Support for setting multiple PSKs on clients and selecting + * one based on the identity hint is not a planned feature but + * feedback is welcomed. * * \param conf SSL configuration * \param psk pointer to the pre-shared key diff --git a/library/ssl_cli.c b/library/ssl_cli.c index bf6c22101..52ddf9a92 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2600,7 +2600,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * * Same goes for the hash in TLS 1.2's signature_algorithms: at this * point we only have one hash available (see comments in - * write_certificate_verify), so let's jsut use what we have. + * write_certificate_verify), so let's just use what we have. * * However, we still minimally parse the message to check it is at least * superficially sane. From e846b5128f529f4932208091d716e72087172ac9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 17:31:49 +0000 Subject: [PATCH 129/399] Use the SSL IO and time callback typedefs consistently The callback typedefs defined for mbedtls_ssl_set_bio() and mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were referenced in structures or in code. --- include/mbedtls/ssl.h | 236 +++++++++++++++++++++--------------------- library/ssl_tls.c | 10 +- 2 files changed, 123 insertions(+), 123 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 283864cc3..c4eedab5a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -411,6 +411,116 @@ typedef enum } mbedtls_ssl_states; +/** + * \brief Callback type: send data on the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the send callback (typically a file descriptor) + * \param buf Buffer holding the date to send + * \param len Length of the data to send + * + * \return The callback must return the number of bytes sent if any, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE + * must be returned when the operation would block. + * + * \note The callback is allowed to send less bytes than requested. + * It must always return the number of bytes actually sent. + */ +typedef int mbedtls_ssl_send_t( void *ctx, + const unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network. + * + * \note That callback may be either blocking or non-blocking. + * + * \param ctx Context for the receive callback (typically a file + * descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * + * \return The callback must return the number of bytes received, + * or a non-zero error code. + * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ + * must be returned when the operation would block. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_t( void *ctx, + unsigned char *buf, + size_t len ); + +/** + * \brief Callback type: receive data from the network, with timeout + * + * \note That callback must block until data is received, or the + * timeout delay expires, or the operation is interrupted by a + * signal. + * + * \param ctx Context for the receive callback (typically a file descriptor) + * \param buf Buffer to write the received data to + * \param len Length of the receive buffer + * \param timeout Maximum nomber of millisecondes to wait for data + * 0 means no timeout (potentially wait forever) + * + * \return The callback must return the number of bytes received, + * or a non-zero error code: + * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, + * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * + * \note The callback may receive less bytes than the length of the + * buffer. It must always return the number of bytes actually + * received and written to the buffer. + */ +typedef int mbedtls_ssl_recv_timeout_t( void *ctx, + unsigned char *buf, + size_t len, + uint32_t timeout ); +/** + * \brief Callback type: set a pair of timers/delays to watch + * + * \param ctx Context pointer + * \param int_ms Intermediate delay in milliseconds + * \param fin_ms Final delay in milliseconds + * 0 cancels the current timer. + * + * \note This callback must at least store the necessary information + * for the associated \c mbedtls_ssl_get_timer_t callback to + * return correct information. + * + * \note If using a event-driven style of programming, an event must + * be generated when the final delay is passed. The event must + * cause a call to \c mbedtls_ssl_handshake() with the proper + * SSL context to be scheduled. Care must be taken to ensure + * that at most one such call happens at a time. + * + * \note Only one timer at a time must be running. Calling this + * function while a timer is running must cancel it. Cancelled + * timers must not generate any event. + */ +typedef void mbedtls_ssl_set_timer_t( void * ctx, + uint32_t int_ms, + uint32_t fin_ms ); + +/** + * \brief Callback type: get status of timers/delays + * + * \param ctx Context pointer + * + * \return This callback must return: + * -1 if cancelled (fin_ms == 0), + * 0 if none of the delays is passed, + * 1 if only the intermediate delay is passed, + * 2 if the final delay is passed. + */ +typedef int mbedtls_ssl_get_timer_t( void * ctx ); + + /* Defined below */ typedef struct mbedtls_ssl_session mbedtls_ssl_session; typedef struct mbedtls_ssl_context mbedtls_ssl_context; @@ -662,12 +772,11 @@ struct mbedtls_ssl_context unsigned badmac_seen; /*!< records with a bad MAC received */ #endif - /* - * Callbacks - */ - int (*f_send)(void *, const unsigned char *, size_t); - int (*f_recv)(void *, unsigned char *, size_t); - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t); + mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ + mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ + mbedtls_ssl_recv_timeout_t *f_recv_timeout; + /*!< Callback for network receive with timeout */ + void *p_bio; /*!< context for I/O operations */ /* @@ -693,8 +802,9 @@ struct mbedtls_ssl_context * Timers */ void *p_timer; /*!< context for the timer callbacks */ - void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */ - int (*f_get_timer)(void *); /*!< get timer callback */ + + mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */ + mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */ /* * Record layer (incoming data) @@ -969,77 +1079,6 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg ); -/** - * \brief Callback type: send data on the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the send callback (typically a file descriptor) - * \param buf Buffer holding the date to send - * \param len Length of the data to send - * - * \return The callback must return the number of bytes sent if any, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE - * must be returned when the operation would block. - * - * \note The callback is allowed to send less bytes than requested. - * It must always return the number of bytes actually sent. - */ -typedef int mbedtls_ssl_send_t( void *ctx, - const unsigned char *buf, - size_t len ); - -/** - * \brief Callback type: receive data from the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the receive callback (typically a file - * descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * - * \return The callback must return the number of bytes received, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ - * must be returned when the operation would block. - * - * \note The callback may receive less bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_t( void *ctx, - unsigned char *buf, - size_t len ); - -/** - * \brief Callback type: receive data from the network, with timeout - * - * \note That callback must block until data is received, or the - * timeout delay expires, or the operation is interrupted by a - * signal. - * - * \param ctx Context for the receive callback (typically a file descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * \param timeout Maximum nomber of millisecondes to wait for data - * 0 means no timeout (potentially wait forever) - * - * \return The callback must return the number of bytes received, - * or a non-zero error code: - * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, - * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * - * \note The callback may receive less bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_timeout_t( void *ctx, - unsigned char *buf, - size_t len, - uint32_t timeout ); - /** * \brief Set the underlying BIO callbacks for write, read and * read-with-timeout. @@ -1093,45 +1132,6 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, */ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); -/** - * \brief Callback type: set a pair of timers/delays to watch - * - * \param ctx Context pointer - * \param int_ms Intermediate delay in milliseconds - * \param fin_ms Final delay in milliseconds - * 0 cancels the current timer. - * - * \note This callback must at least store the necessary information - * for the associated \c mbedtls_ssl_get_timer_t callback to - * return correct information. - * - * \note If using a event-driven style of programming, an event must - * be generated when the final delay is passed. The event must - * cause a call to \c mbedtls_ssl_handshake() with the proper - * SSL context to be scheduled. Care must be taken to ensure - * that at most one such call happens at a time. - * - * \note Only one timer at a time must be running. Calling this - * function while a timer is running must cancel it. Cancelled - * timers must not generate any event. - */ -typedef void mbedtls_ssl_set_timer_t( void * ctx, - uint32_t int_ms, - uint32_t fin_ms ); - -/** - * \brief Callback type: get status of timers/delays - * - * \param ctx Context pointer - * - * \return This callback must return: - * -1 if cancelled (fin_ms == 0), - * 0 if none of the delays is passed, - * 1 if only the intermediate delay is passed, - * 2 if the final delay is passed. - */ -typedef int mbedtls_ssl_get_timer_t( void * ctx ); - /** * \brief Set the timer callbacks (Mandatory for DTLS.) * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index afbcdd99c..1c44b7ddb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5598,9 +5598,9 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void *p_bio, - int (*f_send)(void *, const unsigned char *, size_t), - int (*f_recv)(void *, unsigned char *, size_t), - int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) ) + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout ) { ssl->p_bio = p_bio; ssl->f_send = f_send; @@ -5615,8 +5615,8 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, void *p_timer, - void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms), - int (*f_get_timer)(void *) ) + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer ) { ssl->p_timer = p_timer; ssl->f_set_timer = f_set_timer; From aad787f1c7068697d8654f8daf74fc43b5f66214 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 26 Jan 2016 22:13:58 +0000 Subject: [PATCH 130/399] Parameterised the test suite applications All test suites can now take an arbitrary test file. --- tests/suites/main_test.function | 143 ++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 60 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 420ee7697..61c7337a6 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -240,10 +240,13 @@ static int run_test_snprintf( void ) test_snprintf( 5, "123", 3 ) != 0 ); } -int main() +int main(int argc, const char *argv[]) { - int ret, i, cnt, total_errors = 0, total_tests = 0, total_skipped = 0; - const char *filename = "TEST_FILENAME"; + int testfile_index, testfile_count, ret, i, cnt; + int total_errors = 0, total_tests = 0, total_skipped = 0; + const char *default_filename = "TEST_FILENAME"; + const char *test_filename = NULL; + const char **test_files = NULL; FILE *file; char buf[5000]; char *params[50]; @@ -276,78 +279,98 @@ int main() return( 0 ); } - file = fopen( filename, "r" ); - if( file == NULL ) + if ( argc <= 1 ) { - mbedtls_fprintf( stderr, "Failed to open\n" ); - return( 1 ); + test_files = &default_filename; + testfile_count = 1; + } + else + { + test_files = &argv[1]; + testfile_count = argc - 1; } - while( !feof( file ) ) + for ( testfile_index = 0; + testfile_index < testfile_count; + testfile_index++ ) { - int skip = 0; + test_filename = test_files[ testfile_index ]; - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); - mbedtls_fprintf( stdout, " " ); - for( i = strlen( buf ) + 1; i < 67; i++ ) - mbedtls_fprintf( stdout, "." ); - mbedtls_fprintf( stdout, " " ); - fflush( stdout ); - - total_tests++; - - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - cnt = parse_arguments( buf, strlen(buf), params ); - - if( strcmp( params[0], "depends_on" ) == 0 ) + file = fopen( test_filename, "r" ); + if( file == NULL ) { - for( i = 1; i < cnt; i++ ) - if( dep_check( params[i] ) != 0 ) - skip = 1; + mbedtls_fprintf( stderr, "Failed to open test file: %s\n", + test_filename ); + return( 1 ); + } + + while( !feof( file ) ) + { + int skip = 0; + + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); + mbedtls_fprintf( stdout, " " ); + for( i = strlen( buf ) + 1; i < 67; i++ ) + mbedtls_fprintf( stdout, "." ); + mbedtls_fprintf( stdout, " " ); + fflush( stdout ); + + total_tests++; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; cnt = parse_arguments( buf, strlen(buf), params ); - } - if( skip == 0 ) - { - test_errors = 0; - ret = dispatch_test( cnt, params ); - } + if( strcmp( params[0], "depends_on" ) == 0 ) + { + for( i = 1; i < cnt; i++ ) + if( dep_check( params[i] ) != 0 ) + skip = 1; - if( skip == 1 || ret == 3 ) - { - total_skipped++; - mbedtls_fprintf( stdout, "----\n" ); - fflush( stdout ); - } - else if( ret == 0 && test_errors == 0 ) - { - mbedtls_fprintf( stdout, "PASS\n" ); - fflush( stdout ); - } - else if( ret == 2 ) - { - mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); - fclose(file); - mbedtls_exit( 2 ); - } - else - total_errors++; + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + cnt = parse_arguments( buf, strlen(buf), params ); + } - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) - break; - if( strlen(buf) != 0 ) - { - mbedtls_fprintf( stderr, "Should be empty %d\n", (int) strlen(buf) ); - return( 1 ); + if( skip == 0 ) + { + test_errors = 0; + ret = dispatch_test( cnt, params ); + } + + if( skip == 1 || ret == 3 ) + { + total_skipped++; + mbedtls_fprintf( stdout, "----\n" ); + fflush( stdout ); + } + else if( ret == 0 && test_errors == 0 ) + { + mbedtls_fprintf( stdout, "PASS\n" ); + fflush( stdout ); + } + else if( ret == 2 ) + { + mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); + fclose(file); + mbedtls_exit( 2 ); + } + else + total_errors++; + + if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + break; + if( strlen(buf) != 0 ) + { + mbedtls_fprintf( stderr, "Should be empty %d\n", + (int) strlen(buf) ); + return( 1 ); + } } + fclose(file); } - fclose(file); mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n"); if( total_errors == 0 ) From ef50c0da6ef1bf3cb0d2c0dcb58d1aafec5d39d0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 26 Jan 2016 22:15:11 +0000 Subject: [PATCH 131/399] Added script to split the test case data files Script generate-afl-tests.sh will split the test suite data files into individual test case files, suitable for fuzzing. --- tests/scripts/generate-afl-tests.sh | 68 +++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100755 tests/scripts/generate-afl-tests.sh diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh new file mode 100755 index 000000000..cbc2f5906 --- /dev/null +++ b/tests/scripts/generate-afl-tests.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +# This script splits the data test files containing the test cases into +# individual files (one test case per file) suitable for use with afl +# (American Fuzzy Lop). http://lcamtuf.coredump.cx/afl/ +# +# Usage: generate-afl-tests.sh +# - should be the path to one of the test suite files +# such as 'test_suite_mpi.data' + +# Abort on errors +set -e + +if [ -z $1 ] +then + echo " [!] No test file specified" >&2 + echo "Usage: $0 " >&2 + exit 1 +fi + +SRC_FILEPATH=$(dirname $1)/$(basename $1) +TESTSUITE=$(basename $1 .data) + +THIS_DIR=$(basename $PWD) + +if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ]; +then :; +else + echo " [!] Must be run from mbed TLS tests directory" >&2 + exit 1 +fi + +DEST_TESTCASE_DIR=$TESTSUITE-afl-tests +DEST_OUTPUT_DIR=$TESTSUITE-afl-out + +echo " [+] Creating output directories" >&2 + +if [ -e $DEST_OUTPUT_DIR/* ]; +then : + echo " [!] Test output files already exist." >&2 + exit 1 +else + mkdir -p $DEST_OUTPUT_DIR +fi + +if [ -e $DEST_TESTCASE_DIR/* ]; +then : + echo " [!] Test output files already exist." >&2 +else + mkdir -p $DEST_TESTCASE_DIR +fi + +echo " [+] Creating test cases" >&2 +cd $DEST_TESTCASE_DIR + +split -p '^\s*$' ../$SRC_FILEPATH + +for f in *; +do + # Strip out any blank lines (no trim on OS X) + sed '/^\s*$/d' $f >testcase_$f + rm $f +done + +cd .. + +echo " [+] Test cases in $DEST_TESTCASE_DIR" >&2 + From 3ddf35526a74ac225d9dfcd7a010d11a43fffcd3 Mon Sep 17 00:00:00 2001 From: SimonB Date: Wed, 10 Feb 2016 23:50:28 +0000 Subject: [PATCH 132/399] Clarified purpose and usage of generate_code.pl Added comments to explain purpose and usage of generate_code.pl --- tests/scripts/generate_code.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 1c7a281d7..581320e2d 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -1,5 +1,12 @@ #!/usr/bin/env perl + +# generate_code.pl # +# Generates the test suite code given inputs of the test suite directory that +# contain the test suites, and the test suite file names for the test code and +# test data. +# +# Usage: generate_code.pl [main code file] use strict; From 152ea18037b508b1dd53d964a7a82854540d817a Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 15 Feb 2016 23:27:28 +0000 Subject: [PATCH 133/399] Added support for per test suite helper functions Added to generate_code.pl: - support for per test suite helper functions - description of the structure of the files the script uses to construct the test suite file - delimiters through the source code to make the machine generated code easier to understand --- tests/scripts/generate_code.pl | 73 +++++++++++++++++++++++++++++++-- tests/suites/main_test.function | 12 ++++++ 2 files changed, 81 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 581320e2d..ba61b680a 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -2,11 +2,47 @@ # generate_code.pl # +# Purpose +# # Generates the test suite code given inputs of the test suite directory that # contain the test suites, and the test suite file names for the test code and # test data. # # Usage: generate_code.pl [main code file] +# +# Structure of files +# +# - main code file - 'main_test.function' +# Template file that contains the main() function for the test suite, +# test dispatch code as well as support functions. It contains the +# following symbols which are substituted by this script during +# processing: +# TEST_FILENAME +# SUITE_PRE_DEP +# MAPPING_CODE +# FUNCTION CODE +# SUITE_POST_DEP +# DEP_CHECK_CODE +# DISPATCH_FUNCTION +# +# - common helper code file - 'helpers.function' +# Common helper functions +# +# - test suite code file - file name in the form 'test_suite_xxx.function' +# Code file that contains the actual test cases. The file contains a +# series of code sequences delimited by the following: +# BEGIN_HEADER / END_HEADER - list of headers files +# BEGIN_SUITE_HELPERS / END_SUITE_HELPERS - helper functions common to +# the test suite +# BEGIN_CASE / END_CASE - the test cases in the test suite. Each test +# case contains at least one function that is used to create the +# dispatch code. +# +# - test data file - file name in the form 'test_suite_xxxx.data' +# The test case parameters to to be used in execution of the test. The +# file name is used to replace the symbol 'TEST_FILENAME' in the main code +# file above. +# use strict; @@ -15,15 +51,16 @@ my $suite_name = shift or die "Missing suite name"; my $data_name = shift or die "Missing data name"; my $test_main_file = do { my $arg = shift; defined($arg) ? $arg : $suite_dir."/main_test.function" }; my $test_file = $data_name.".c"; -my $test_helper_file = $suite_dir."/helpers.function"; +my $test_common_helper_file = $suite_dir."/helpers.function"; my $test_case_file = $suite_dir."/".$suite_name.".function"; my $test_case_data = $suite_dir."/".$data_name.".data"; my $line_separator = $/; undef $/; -open(TEST_HELPERS, "$test_helper_file") or die "Opening test helpers '$test_helper_file': $!"; -my $test_helpers = ; +open(TEST_HELPERS, "$test_common_helper_file") or die "Opening test helpers +'$test_common_helper_file': $!"; +my $test_common_helpers = ; close(TEST_HELPERS); open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!"; @@ -40,6 +77,7 @@ close(TEST_DATA); my ( $suite_header ) = $test_cases =~ /\/\* BEGIN_HEADER \*\/\n(.*?)\n\/\* END_HEADER \*\//s; my ( $suite_defines ) = $test_cases =~ /\/\* BEGIN_DEPENDENCIES\n \* (.*?)\n \* END_DEPENDENCIES/s; +my ( $suite_helpers ) = $test_cases =~ /\/\* BEGIN_SUITE_HELPERS \*\/\n(.*?)\n\/\* END_SUITE_HELPERS \*\//s; my $requirements; if ($suite_defines =~ /^depends_on:/) @@ -67,16 +105,43 @@ $/ = $line_separator; open(TEST_FILE, ">$test_file") or die "Opening destination file '$test_file': $!"; print TEST_FILE << "END"; +/* + * *** THIS FILE HAS BEEN MACHINE GENERATED *** + * + * This file has been machine generated using the script: $0 + * + * Test file : $test_file + * + * The following files were used to create this file. + * + * Main code file : $test_main_file + * Helper file : $test_common_helper_file + * Test suite file : $test_case_file + * Test suite daya : $test_case_data + * + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + #if !defined(MBEDTLS_CONFIG_FILE) #include #else #include MBEDTLS_CONFIG_FILE #endif -$test_helpers + +/*----------------------------------------------------------------------------*/ +/* Common helper functions */ + +$test_common_helpers + + +/*----------------------------------------------------------------------------*/ +/* Test Suite Code */ $suite_pre_code $suite_header +$suite_helpers $suite_post_code END diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 61c7337a6..2a21441a4 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -101,9 +101,17 @@ MAPPING_CODE return( -1 ); } + +/*----------------------------------------------------------------------------*/ +/* Test Case code */ + FUNCTION_CODE SUITE_POST_DEP + +/*----------------------------------------------------------------------------*/ +/* Test dispatch code */ + int dep_check( char *str ) { if( str == NULL ) @@ -133,6 +141,10 @@ DISPATCH_FUNCTION return( ret ); } + +/*----------------------------------------------------------------------------*/ +/* Main Test code */ + int get_line( FILE *f, char *buf, size_t len ) { char *ret; From 0269dad5e593c9b9e0865770353e160bd0b40150 Mon Sep 17 00:00:00 2001 From: SimonB Date: Wed, 17 Feb 2016 23:34:30 +0000 Subject: [PATCH 134/399] Refactored test suite template code Restructed test suite helper and main code to support tests suite helper functions, changed C++ comments to C-style, and made the generated source code more navigable. --- tests/scripts/generate_code.pl | 2 +- tests/suites/helpers.function | 41 ++++++++++++++++++++++++++++++++- tests/suites/main_test.function | 40 +------------------------------- 3 files changed, 42 insertions(+), 41 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index ba61b680a..30ee6b01c 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -131,7 +131,7 @@ print TEST_FILE << "END"; /*----------------------------------------------------------------------------*/ -/* Common helper functions */ +/* Common helper code */ $test_common_helpers diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 8f681dbd4..c18eed895 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -1,3 +1,6 @@ +/*----------------------------------------------------------------------------*/ +/* Headers */ + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -12,6 +15,10 @@ #define mbedtls_snprintf snprintf #endif +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#include "mbedtls/memory_buffer_alloc.h" +#endif + #ifdef _MSC_VER #include typedef UINT32 uint32_t; @@ -23,6 +30,25 @@ typedef UINT32 uint32_t; #include #include + +/*----------------------------------------------------------------------------*/ +/* Global variables */ + +static int test_errors = 0; + + +/*----------------------------------------------------------------------------*/ +/* Macros */ + +#define TEST_ASSERT( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST ); \ + goto exit; \ + } \ + } while( 0 ) + #define assert(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ @@ -53,11 +79,15 @@ typedef UINT32 uint32_t; } #endif + +/*----------------------------------------------------------------------------*/ +/* Helper Functions */ + static int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; - assert( strlen( ibuf ) % 2 == 0 ); // must be even number of bytes + assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ while( *ibuf != 0 ) { @@ -298,3 +328,12 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } + +static void test_fail( const char *test ) +{ + test_errors++; + if( test_errors == 1 ) + mbedtls_printf( "FAILED\n" ); + mbedtls_printf( " %s\n", test ); +} + diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 2a21441a4..7ec69b45d 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -1,44 +1,6 @@ -#include - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_exit exit -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_fprintf fprintf -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -static int test_errors = 0; - SUITE_PRE_DEP #define TEST_SUITE_ACTIVE -static void test_fail( const char *test ) -{ - test_errors++; - if( test_errors == 1 ) - mbedtls_printf( "FAILED\n" ); - mbedtls_printf( " %s\n", test ); -} - -#define TEST_ASSERT( TEST ) \ - do { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST ); \ - goto exit; \ - } \ - } while( 0 ) - int verify_string( char **str ) { if( (*str)[0] != '"' || @@ -190,7 +152,7 @@ int parse_arguments( char *buf, size_t len, char *params[50] ) p++; } - // Replace newlines, question marks and colons in strings + /* Replace newlines, question marks and colons in strings */ for( i = 0; i < cnt; i++ ) { p = params[i]; From 64d60da4f6a1542df5103c54f3c87c92833ca5c1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 18:35:02 +0000 Subject: [PATCH 135/399] Fix typos and add copyright statement to generate_code.pl --- tests/scripts/generate_code.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 30ee6b01c..5c623f8a7 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -2,6 +2,8 @@ # generate_code.pl # +# Copyright (c) 2009-2016, ARM Limited, All Rights Reserved +# # Purpose # # Generates the test suite code given inputs of the test suite directory that @@ -117,7 +119,7 @@ print TEST_FILE << "END"; * Main code file : $test_main_file * Helper file : $test_common_helper_file * Test suite file : $test_case_file - * Test suite daya : $test_case_data + * Test suite data : $test_case_data * * * This file is part of mbed TLS (https://tls.mbed.org) From 12c868c5d613f4e3ab9f54cfe3764a3034a6051c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 18 Feb 2016 17:28:04 +0000 Subject: [PATCH 136/399] X509: Future CA among trusted: add unit tests --- tests/data_files/test-ca2-future.crt | 13 +++++++++ .../test-ca2_cat-future-present.crt | 28 +++++++++++++++++++ .../test-ca2_cat-present-future.crt | 28 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 4 files changed, 77 insertions(+) create mode 100644 tests/data_files/test-ca2-future.crt create mode 100644 tests/data_files/test-ca2_cat-future-present.crt create mode 100644 tests/data_files/test-ca2_cat-present-future.crt diff --git a/tests/data_files/test-ca2-future.crt b/tests/data_files/test-ca2-future.crt new file mode 100644 index 000000000..d75729936 --- /dev/null +++ b/tests/data_files/test-ca2-future.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-future-present.crt b/tests/data_files/test-ca2_cat-future-present.crt new file mode 100644 index 000000000..776e725cb --- /dev/null +++ b/tests/data_files/test-ca2_cat-future-present.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-future.crt b/tests/data_files/test-ca2_cat-present-future.crt new file mode 100644 index 000000000..d62ed09cd --- /dev/null +++ b/tests/data_files/test-ca2_cat-present-future.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH +qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 ++XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2f2137f54..ef6ba3c88 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -699,6 +699,14 @@ X509 Certificate verification #81 (multiple CRLs, none relevant) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL" +X509 Certificate verification #82 (Not yet valid CA and valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #83 (valid CA and Not yet valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From df4bca20295605e9d05b467fc59d6a0b612328c0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Feb 2016 15:57:17 +0000 Subject: [PATCH 137/399] X509: Future CA among trusted: add more tests --- tests/data_files/test-ca2-expired.crt | 13 +++++++++ .../data_files/test-ca2_cat-past-present.crt | 28 +++++++++++++++++++ .../data_files/test-ca2_cat-present-past.crt | 28 +++++++++++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++ 4 files changed, 77 insertions(+) create mode 100644 tests/data_files/test-ca2-expired.crt create mode 100644 tests/data_files/test-ca2_cat-past-present.crt create mode 100644 tests/data_files/test-ca2_cat-present-past.crt diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt new file mode 100644 index 000000000..22e4797f3 --- /dev/null +++ b/tests/data_files/test-ca2-expired.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-present.crt b/tests/data_files/test-ca2_cat-past-present.crt new file mode 100644 index 000000000..bc1ba9a2e --- /dev/null +++ b/tests/data_files/test-ca2_cat-past-present.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-past.crt b/tests/data_files/test-ca2_cat-present-past.crt new file mode 100644 index 000000000..a321d5dd7 --- /dev/null +++ b/tests/data_files/test-ca2_cat-present-past.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 +WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p +w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E +FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ +vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP +tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm +l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ef6ba3c88..0008d3d2c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -707,6 +707,14 @@ X509 Certificate verification #83 (valid CA and Not yet valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" +X509 Certificate verification #84 (valid CA and Not yet valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #85 (Not yet valid CA and valid CA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" + X509 Certificate verification callback: trusted EE cert depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n" From b437b4b1252fa8f2e9bb1585a613fd70fc6c0525 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 19 Feb 2016 15:58:21 +0000 Subject: [PATCH 138/399] X509: Fix bug triggered by future CA among trusted Fix an issue that caused valid certificates being rejected whenever an expired or not yet valid version of the trusted certificate was before the valid version in the trusted certificate list. --- ChangeLog | 3 +++ library/x509_crt.c | 16 ++++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index e9b67908f..a1afbaae6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ Bugfix * Fix issue in Makefile that prevented building using armar. #386 * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. + * Fix an issue that caused valid certificates being rejected whenever an + expired or not yet valid version of the trusted certificate was before the + valid version in the trusted certificate list. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/x509_crt.c b/library/x509_crt.c index 3eaf5bc14..334b8ef51 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1932,6 +1932,16 @@ static int x509_crt_verify_top( continue; } + if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) + { + continue; + } + + if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) + { + continue; + } + if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk, child->sig_md, hash, mbedtls_md_get_size( md_info ), child->sig.p, child->sig.len ) != 0 ) @@ -1967,12 +1977,6 @@ static int x509_crt_verify_top( ((void) ca_crl); #endif - if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ) - ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; - - if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) ) - ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; - if( NULL != f_vrfy ) { if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, From f59e66ba24d98bfdf8d63a1b3d9d29fd89e6f267 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 20:26:16 +0000 Subject: [PATCH 139/399] Remove redundant test certificates and clarify ChangeLog --- ChangeLog | 6 +++--- tests/data_files/test-ca2-expired.crt | 13 ------------- tests/data_files/test-ca2-future.crt | 13 ------------- 3 files changed, 3 insertions(+), 29 deletions(-) delete mode 100644 tests/data_files/test-ca2-expired.crt delete mode 100644 tests/data_files/test-ca2-future.crt diff --git a/ChangeLog b/ChangeLog index a1afbaae6..56464ceb0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,9 +11,9 @@ Bugfix * Fix issue in Makefile that prevented building using armar. #386 * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in config.h . The leak didn't occur by default. - * Fix an issue that caused valid certificates being rejected whenever an - expired or not yet valid version of the trusted certificate was before the - valid version in the trusted certificate list. + * Fix an issue that caused valid certificates to be rejected whenever an + expired or not yet valid certificate was parsed before a valid certificate + in the trusted certificate list. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt deleted file mode 100644 index 22e4797f3..000000000 --- a/tests/data_files/test-ca2-expired.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP -tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm -l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg ------END CERTIFICATE----- diff --git a/tests/data_files/test-ca2-future.crt b/tests/data_files/test-ca2-future.crt deleted file mode 100644 index d75729936..000000000 --- a/tests/data_files/test-ca2-future.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== ------END CERTIFICATE----- From 6ee1af5aab5a9989c35cdc4f7e2eef083f3dafef Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 2 Mar 2016 17:00:16 +0000 Subject: [PATCH 140/399] Update mbed-drivers dependency to v1.0.0 --- yotta/data/module.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yotta/data/module.json b/yotta/data/module.json index 6345f080e..0569e6246 100644 --- a/yotta/data/module.json +++ b/yotta/data/module.json @@ -13,6 +13,6 @@ "mbed": { "cmsis-core": "^1.0.0" } }, "testTargetDependencies": { - "mbed": { "mbed-drivers": "~0.11.0" } + "mbed": { "mbed-drivers": "^1.0.0" } } } From fbe85fe4fa35f614e3e90ae8f2bafa80217c84c2 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 4 Mar 2016 22:21:52 +0000 Subject: [PATCH 141/399] Add missing dependencies to X509 Parse test suite for P-384 curve The test script curves.pl was failing on testing dependencies for the P-384 curve on the new test cases introduced by ede75f0 and 884b4fc. --- tests/suites/test_suite_x509parse.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0008d3d2c..b21a64090 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -700,19 +700,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED: x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL" X509 Certificate verification #82 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #83 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #84 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification #85 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL" X509 Certificate verification callback: trusted EE cert From 3000f78b0bc8dee6743441396f8b9143131eac9c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 4 Mar 2016 23:26:57 +0000 Subject: [PATCH 142/399] Add copright, and better documentation to curves.pl The purpose and use of the test script, curves.pl was not obvious without reading the source code, plus the file was missing a copyright statement. --- tests/scripts/curves.pl | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 654bc5c3e..85eb7e651 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -1,10 +1,25 @@ #!/usr/bin/perl -# test dependencies on individual curves in tests -# - build -# - run test suite +# curves.pl # -# Usage: tests/scripts/curves.pl +# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# To test the code dependencies on individual curves in each test suite. This +# is a verification step to ensure we don't ship test suites that do not work +# for some build options. +# +# The process is: +# for each possible curve +# build the library and test suites with the curve disabled +# execute the test suites +# +# And any test suite with the wrong dependencies will fail. +# +# Usage: curves.pl +# +# This script should be executed from the root of the project directory. use warnings; use strict; From e2681a448b7a21a73f5e46770473f5017420690a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 7 Mar 2016 15:57:05 +0000 Subject: [PATCH 143/399] Update default configuration Change the default settings for SSL and modify the tests accordingly. --- CMakeLists.txt | 2 +- include/mbedtls/config.h | 2 +- tests/ssl-opt.sh | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 094d9069b..ffaf677c5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -100,7 +100,7 @@ if(ENABLE_TESTING) ADD_CUSTOM_TARGET(covtest COMMAND make test COMMAND programs/test/selftest - COMMAND tests/compat.sh + COMMAND tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' COMMAND tests/ssl-opt.sh ) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 987d59d64..81daaee1c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1058,7 +1058,7 @@ * * Comment this macro to disable support for SSL 3.0 */ -#define MBEDTLS_SSL_PROTO_SSL3 +//#define MBEDTLS_SSL_PROTO_SSL3 /** * \def MBEDTLS_SSL_PROTO_TLS1 diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c0b6f94d6..8792b21c2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -695,6 +695,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \ -C "using encrypt then mac" \ -S "using encrypt then mac" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Encrypt then MAC: client SSLv3, server enabled" \ "$P_SRV debug_level=3 min_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -707,6 +708,7 @@ run_test "Encrypt then MAC: client SSLv3, server enabled" \ -C "using encrypt then mac" \ -S "using encrypt then mac" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Encrypt then MAC: client enabled, server SSLv3" \ "$P_SRV debug_level=3 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -754,6 +756,7 @@ run_test "Extended Master Secret: client disabled, server enabled" \ -C "using extended master secret" \ -S "using extended master secret" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Extended Master Secret: client SSLv3, server enabled" \ "$P_SRV debug_level=3 min_version=ssl3" \ "$P_CLI debug_level=3 force_version=ssl3" \ @@ -765,6 +768,7 @@ run_test "Extended Master Secret: client SSLv3, server enabled" \ -C "using extended master secret" \ -S "using extended master secret" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Extended Master Secret: client enabled, server SSLv3" \ "$P_SRV debug_level=3 force_version=ssl3" \ "$P_CLI debug_level=3 min_version=ssl3" \ @@ -883,6 +887,7 @@ run_test "CBC Record splitting: TLS 1.0, splitting" \ -s "Read from client: 1 bytes read" \ -s "122 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "CBC Record splitting: SSLv3, splitting" \ "$P_SRV min_version=ssl3" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ @@ -1674,6 +1679,7 @@ run_test "Authentication: client no cert, openssl server optional" \ -c "skip write certificate verify" \ -C "! mbedtls_ssl_handshake returned" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Authentication: client no cert, ssl3" \ "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ @@ -2593,6 +2599,7 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Tests for ciphersuites per version +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Per-version suites: SSL3" \ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=ssl3" \ @@ -2642,6 +2649,7 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \ # Tests for small packets +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Small packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=1 force_version=ssl3 \ @@ -2649,6 +2657,7 @@ run_test "Small packet SSLv3 BlockCipher" \ 0 \ -s "Read from client: 1 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Small packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=1 force_version=ssl3 \ @@ -2783,6 +2792,7 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \ # Test for large packets +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Large packet SSLv3 BlockCipher" \ "$P_SRV min_version=ssl3" \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ @@ -2790,6 +2800,7 @@ run_test "Large packet SSLv3 BlockCipher" \ 0 \ -s "Read from client: 16384 bytes read" +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 run_test "Large packet SSLv3 StreamCipher" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_CLI request_size=16384 force_version=ssl3 \ From bc6a486b2fab42eb7fda47d839901d1ad1b6e6b8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 7 Mar 2016 17:35:59 +0000 Subject: [PATCH 144/399] Fix the 'all tests' script for baremetal builds Fixes the test script test/scripts/all.sh which was failing at the baremetal ARM builds due to the entropy platform check introduced in 7ff4b77. --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2f716bbe5..2c63ab546 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -222,6 +222,7 @@ scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # following things are not in the default config scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c scripts/config.pl unset MBEDTLS_THREADING_PTHREAD @@ -241,6 +242,7 @@ scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_HAVE_TIME scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # following things are not in the default config scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c From c7940f0bd83a5d10a81bfbfd35642871ba1c2e87 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 7 Mar 2016 17:39:05 +0000 Subject: [PATCH 145/399] Fix yotta builds for change in default configs The change to defaults configurations in a720ced broke the yotta build. This fix addresses that. --- yotta/data/adjust-config.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/yotta/data/adjust-config.sh b/yotta/data/adjust-config.sh index 9088fd5e3..170d3070a 100755 --- a/yotta/data/adjust-config.sh +++ b/yotta/data/adjust-config.sh @@ -68,7 +68,6 @@ conf unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED conf unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED conf unset MBEDTLS_SSL_FALLBACK_SCSV conf unset MBEDTLS_SSL_CBC_RECORD_SPLITTING -conf unset MBEDTLS_SSL_PROTO_SSL3 conf unset MBEDTLS_SSL_PROTO_TLS1 conf unset MBEDTLS_SSL_PROTO_TLS1_1 conf unset MBEDTLS_SSL_TRUNCATED_HMAC From 3ea7f52fdf6bcc1318f75d16556ee56fe82ee6e8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 7 Mar 2016 23:22:10 +0000 Subject: [PATCH 146/399] Update interop tests to default configuration Removed SSLv3 from the default tests in compat.sh, and adapted the test cases in all.sh to include an additional SSLv3 regression test suite. --- CMakeLists.txt | 2 +- tests/compat.sh | 2 +- tests/scripts/all.sh | 22 ++++++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ffaf677c5..094d9069b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -100,7 +100,7 @@ if(ENABLE_TESTING) ADD_CUSTOM_TARGET(covtest COMMAND make test COMMAND programs/test/selftest - COMMAND tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' + COMMAND tests/compat.sh COMMAND tests/ssl-opt.sh ) diff --git a/tests/compat.sh b/tests/compat.sh index 4b43e33a5..a333a1916 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -45,7 +45,7 @@ else fi # default values for options -MODES="ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2" +MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2" VERIFIES="NO YES" TYPES="ECDSA RSA PSK" FILTER="" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2c63ab546..467f22a93 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1,5 +1,11 @@ #!/bin/sh +# all.sh +# +# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# +# Purpose +# # Run all available tests (mostly). # # Warning: includes various build modes, so it will mess with the current @@ -125,6 +131,22 @@ make msg "test: compat.sh (ASan build)" # ~ 6 min tests/compat.sh +msg "build: Default + SSLv3 (ASan build)" # ~ 6 min +cleanup +scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: SSLv3 - main suites and selftest (ASan build)" # ~ 50s +make test +programs/test/selftest + +msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min +tests/compat.sh -m 'ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2' + +msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min +tests/ssl-opt.sh + msg "build: cmake, full config, clang" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 00157ce51015f4d09f1ae0a9939f804b6d910605 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 7 Mar 2016 23:30:50 +0000 Subject: [PATCH 147/399] Update the ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 56464ceb0..55391816c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,7 @@ Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. + * Disabled SSLv3 in the default configuration. = mbed TLS 2.2.1 released 2016-01-05 From d567a23c590f36dbb672b644d496768c42d68a70 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 9 Mar 2016 20:19:21 +0000 Subject: [PATCH 148/399] Fix typos, grammar in the comments and clarify them --- include/mbedtls/config.h | 8 ++++---- include/mbedtls/ssl.h | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 81daaee1c..d9b37e0ce 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1899,8 +1899,8 @@ * * Enable the TCP and UDP over IPv6/IPv4 networking routines. * - * \note This module only works on Unix (including Linux, BSD and OS X) and - * Windows. For other platforms, you'll want to disable it, and write your + * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) + * and Windows. For other platforms, you'll want to disable it, and write your * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). * * \note See also our Knowledge Base article about porting to a new @@ -2275,8 +2275,8 @@ * * Enable the semi-portable timing interface. * - * \note The provided implementation only works on Unix (including Linux, BSD - * and OS X) and Windows. On other platforms, you can either disable that + * \note The provided implementation only works on POSIX/Unix (including Linux, + * BSD and OS X) and Windows. On other platforms, you can either disable that * module and provide your own implementations of the callbacks needed by * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide * your own implementation of the whole module by setting diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c4eedab5a..307275130 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -417,7 +417,7 @@ mbedtls_ssl_states; * \note That callback may be either blocking or non-blocking. * * \param ctx Context for the send callback (typically a file descriptor) - * \param buf Buffer holding the date to send + * \param buf Buffer holding the data to send * \param len Length of the data to send * * \return The callback must return the number of bytes sent if any, @@ -425,7 +425,7 @@ mbedtls_ssl_states; * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE * must be returned when the operation would block. * - * \note The callback is allowed to send less bytes than requested. + * \note The callback is allowed to send fewer bytes than requested. * It must always return the number of bytes actually sent. */ typedef int mbedtls_ssl_send_t( void *ctx, @@ -447,7 +447,7 @@ typedef int mbedtls_ssl_send_t( void *ctx, * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ * must be returned when the operation would block. * - * \note The callback may receive less bytes than the length of the + * \note The callback may receive fewer bytes than the length of the * buffer. It must always return the number of bytes actually * received and written to the buffer. */ @@ -473,7 +473,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. * - * \note The callback may receive less bytes than the length of the + * \note The callback may receive fewer bytes than the length of the * buffer. It must always return the number of bytes actually * received and written to the buffer. */ @@ -1102,7 +1102,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * * \note See the documentations of \c mbedtls_ssl_sent_t, * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for - * the convetions those callbacks must follow. + * the conventions those callbacks must follow. * * \note On some platforms, net.c provides \c mbedtls_net_send(), * \c mbedtls_net_recv() and \c mbedtls_net_recv_timeout() From eddfe8f6f3ac3597ce95581c47658e7c696d4497 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 14:52:29 +0000 Subject: [PATCH 149/399] Included tests for the overflow --- library/rsa.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..3cb92f40c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -529,7 +529,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - if( olen < ilen + 2 * hlen + 2 ) + // first comparison checks for overflow + if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); memset( output, 0, olen ); @@ -594,8 +595,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - - if( olen < ilen + 11 ) + + // first comparison checks for overflow + if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); nb_pad = olen - 3 - ilen; From cc4eba73fb79a2efb6bcc28590c7f82ebc629604 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 150/399] Add Changelog entry for current branch --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 55391816c..4650dc565 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x branch +Security + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos From 370717b5717347fadbc183bdd3a109db6a840651 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 11 Feb 2016 10:35:13 +0100 Subject: [PATCH 151/399] Add precision about exploitability in ChangeLog Also fix some whitespace while at it. --- ChangeLog | 1 + library/rsa.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4650dc565..bcfe0ac94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three diff --git a/library/rsa.c b/library/rsa.c index 3cb92f40c..9150e8745 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -595,7 +595,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; - + // first comparison checks for overflow if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); From b6eb1ca01c0dc4572da9a4fdd8e23549eb7b4c7e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 8 Feb 2016 13:59:25 +0000 Subject: [PATCH 152/399] Length check added --- library/rsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 9150e8745..2baf53257 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -856,6 +856,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } + if( pad_count < 8 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( bad ) return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From 3218b21b6837eff2eb6f84ad507a483e7ad8158b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:14:10 +0000 Subject: [PATCH 153/399] Add Changelog entry for current branch --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index bcfe0ac94..1c8314bcf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + required by PKCS1 v2.2 Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 8a49a019b0daf508d21d9ef3ca1a60a49ae9a126 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 12 Feb 2016 13:18:20 +0000 Subject: [PATCH 154/399] Add tests for the bug IOTSSL-619. The main goal with these tests is to test the bug in question and they are not meant to test the entire PKCS#1 v1.5 behaviour. To achieve full test coverage, further test cases are needed. --- tests/CMakeLists.txt | 1 + tests/suites/test_suite_pkcs1_v15.data | 30 ++++++ tests/suites/test_suite_pkcs1_v15.function | 110 +++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 tests/suites/test_suite_pkcs1_v15.data create mode 100644 tests/suites/test_suite_pkcs1_v15.function diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 1cca81830..dfef1ef69 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -82,6 +82,7 @@ add_test_suite(mdx) add_test_suite(memory_buffer_alloc) add_test_suite(mpi) add_test_suite(pem) +add_test_suite(pkcs1_v15) add_test_suite(pkcs1_v21) add_test_suite(pkcs5) add_test_suite(pk) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data new file mode 100644 index 000000000..65bd99caf --- /dev/null +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -0,0 +1,30 @@ +RSAES-V15 Encryption Test Vector Int +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Decryption Test Vector Int +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 + +RSAES-V15 Encryption Test Vector Data just fits +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Decryption Test Vector Data just fits +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"4293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"18cdb161f40a18509a3501b7e8ec1c7522e2490319efee8581179b5bcf3750f83a865952d078efd48f58f8060b0d43f9888b43a094fe15209451826ef797195885ff9fa3e26994eee85dbe5dd0404a71565708286027b433c88c85af555b96c34c304dc7c8278233654c022ef340042cfff55e6b15b67cfea8a5a384ef64a6ac":0 + +RSAES-V15 Encryption Test Vector Data too long 1 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 7 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"b84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"05abded6751d620a95177abdba915027b58dd6eecf4ebe71f71c400b115e1d9e12465ace4db3cc03eb57fcbbfe017770f438cf84c10bad505919aefebfa0752087f6376b055beabf0e089fbb90e10f99c795d2d5676eea196db7f94a8fd34aedaba39fb230281bb9917cc91793eb37f84dedb2421e9680c39cfda34d4a012134":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 3 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 5 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"aa1ab84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"10d60b8040d57d8701bacb55f2f283d54601ec24d465601ac7f7d5a2f75cac380ba78ca4ab6f3c159f3a9fd6839f5adde0333852ebf876c585664c1a58a1e6885231982f2027be6d7f08ff1807d3ceda8e41ad1f02ddf97a7458832fd13a1f431de6a4ab79e3d4b88bb1df2c5c77fcde9e7b5aa1e7bb29112eae58763127752a":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSAES-V15 Encryption Test Vector Data too long 8 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSAES-V15 Decryption Test Vector Padding too short 0 +pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING + diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function new file mode 100644 index 000000000..90460f1d3 --- /dev/null +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -0,0 +1,110 @@ +/* BEGIN_HEADER */ +#include "mbedtls/rsa.h" +#include "mbedtls/md.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA1_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, + char *input_E, int hash, + char *message_hex_string, char *seed, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + unsigned char rnd_buf[1000]; + mbedtls_rsa_context ctx; + size_t msg_len; + rnd_buf_info info; + + info.length = unhexify( rnd_buf, seed ); + info.buf = rnd_buf; + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, + int radix_Q, char *input_Q, int radix_N, + char *input_N, int radix_E, char *input_E, + int hash, char *result_hex_str, char *seed, + char *message_hex_string, int result ) +{ + unsigned char message_str[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + mbedtls_rsa_context ctx; + mbedtls_mpi P1, Q1, H, G; + size_t output_len; + rnd_pseudo_info rnd_info; + ((void) seed); + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + + memset( message_str, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + unhexify( message_str, message_hex_string ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len ); + + TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 ); + } + +exit: + mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + From c69fa50d4c6d6fd955d38ed588c7a5ab997121aa Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 12 Feb 2016 13:30:09 +0000 Subject: [PATCH 155/399] Removing 'if' branch from the fix. This new error shouldn't be distinguishable from other padding errors. Updating 'bad' instead of adding a new 'if' branch. --- library/rsa.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 2baf53257..4c85c29d4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -856,8 +856,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, bad |= *p++; /* Must be zero */ } - if( pad_count < 8 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + bad |= ( pad_count < 8 ); if( bad ) return( MBEDTLS_ERR_RSA_INVALID_PADDING ); From e43b81ae6836c72009ccc206a340adb5f48a7cda Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 10 Feb 2016 16:25:55 +0000 Subject: [PATCH 156/399] Add Changelog entry for current branch --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1c8314bcf..7f2b033c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,10 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). - * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt + * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 + * Fix potential integer overflow to buffer overflow in + mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 8ddc93f07a8ed93a096b6afac6523164b50844f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 11 Feb 2016 10:35:13 +0100 Subject: [PATCH 157/399] Add precision about exploitability in ChangeLog Also fix some whitespace while at it. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 7f2b033c9..bd61d9478 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Security required by PKCS1 v2.2 * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt + (not triggerable remotely in (D)TLS). Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three From 0203745e2314fe394476ef433507247268b6c16b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Mar 2016 21:19:12 +0000 Subject: [PATCH 158/399] Swap C++ comments to C for style consistency in rsa.c --- library/rsa.c | 61 +++++++++++++++++++++------------------------------ 1 file changed, 25 insertions(+), 36 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 4c85c29d4..69db220ba 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -471,8 +471,7 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, hlen = mbedtls_md_get_size( md_ctx->md_info ); - // Generate and apply dbMask - // + /* Generate and apply dbMask */ p = dst; while( dlen > 0 ) @@ -529,7 +528,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; hlen = mbedtls_md_get_size( md_info ); - // first comparison checks for overflow + /* first comparison checks for overflow */ if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -537,15 +536,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, *p++ = 0; - // Generate a random octet string seed - // + /* Generate a random octet string seed */ if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); p += hlen; - // Construct DB - // + /* Construct DB */ mbedtls_md( md_info, label, label_len, p ); p += hlen; p += olen - 2 * hlen - 2 - ilen; @@ -555,13 +552,11 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); - // maskedDB: Apply dbMask to DB - // + /* maskedDB: Apply dbMask to DB */ mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, &md_ctx ); - // maskedSeed: Apply seedMask to seed - // + /* maskedSeed: Apply seedMask to seed */ mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, &md_ctx ); @@ -596,7 +591,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, olen = ctx->len; - // first comparison checks for overflow + /* first comparison checks for overflow */ if( ilen + 11 < ilen || olen < ilen + 11 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -615,8 +610,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, ret = f_rng( p_rng, p, 1 ); } while( *p == 0 && --rng_dl && ret == 0 ); - // Check if RNG failed to generate data - // + /* Check if RNG failed to generate data */ if( rng_dl == 0 || ret != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); @@ -934,8 +928,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, if( md_alg != MBEDTLS_MD_NONE ) { - // Gather length of hash to sign - // + /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -955,13 +948,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, memset( sig, 0, olen ); - // Generate salt of length slen - // + /* Generate salt of length slen */ if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); - // Note: EMSA-PSS encoding is over the length of N - 1 bits - // + /* Note: EMSA-PSS encoding is over the length of N - 1 bits */ msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; p += olen - hlen * 2 - 2; *p++ = 0x01; @@ -971,21 +962,18 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 ); - // Generate H = Hash( M' ) - // + /* Generate H = Hash( M' ) */ mbedtls_md_starts( &md_ctx ); mbedtls_md_update( &md_ctx, p, 8 ); mbedtls_md_update( &md_ctx, hash, hashlen ); mbedtls_md_update( &md_ctx, salt, slen ); mbedtls_md_finish( &md_ctx, p ); - // Compensate for boundary condition when applying mask - // + /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) offset = 1; - // maskedDB: Apply dbMask to DB - // + /* maskedDB: Apply dbMask to DB */ mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); mbedtls_md_free( &md_ctx ); @@ -1209,8 +1197,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, if( md_alg != MBEDTLS_MD_NONE ) { - // Gather length of hash to sign - // + /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1227,12 +1214,12 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, memset( zeros, 0, 8 ); - // Note: EMSA-PSS verification is over the length of N - 1 bits - // + /* + * Note: EMSA-PSS verification is over the length of N - 1 bits + */ msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; - // Compensate for boundary condition when applying mask - // + /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) { p++; @@ -1268,8 +1255,9 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_INVALID_PADDING ); } - // Generate H = Hash( M' ) - // + /* + * Generate H = Hash( M' ) + */ mbedtls_md_starts( &md_ctx ); mbedtls_md_update( &md_ctx, zeros, 8 ); mbedtls_md_update( &md_ctx, hash, hashlen ); @@ -1374,8 +1362,9 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, end = p + len; - // Parse the ASN.1 structure inside the PKCS#1 v1.5 structure - // + /* + * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure + */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); From f413b6fffe23da366920ca73d428303deac6acfd Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 14 Mar 2016 22:32:42 +0000 Subject: [PATCH 159/399] Fix to stop all.sh corrupting config.h The test script all.sh was persisting the SSL3 configuration in config.h through more tests than intended and not restoring the config the end. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 467f22a93..1cc82562c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -133,6 +133,7 @@ tests/compat.sh msg "build: Default + SSLv3 (ASan build)" # ~ 6 min cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -149,7 +150,6 @@ tests/ssl-opt.sh msg "build: cmake, full config, clang" # ~ 50s cleanup -cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check . From 5a8afb848a76eadd272e2d717f6bd065e546401b Mon Sep 17 00:00:00 2001 From: SimonB Date: Fri, 11 Mar 2016 00:40:54 +0000 Subject: [PATCH 160/399] Fix exit code and add a count of the test suites Now counts and displays the number of test suites executed, which can vary depending on build configurations. All tests are now executed as this is a sample and test program, rather than exit on first failure. Exit code now restricted to SUCCESS or FAILURE. --- programs/test/selftest.c | 161 +++++++++++++++++++++++++++++++-------- 1 file changed, 129 insertions(+), 32 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index fe5d51426..5c4c737f3 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -99,7 +99,8 @@ static int run_test_snprintf( void ) int main( int argc, char *argv[] ) { - int ret = 0, v; + int ret = 0, v, suites_tested = 0, suites_failed =0, + exitcode = EXIT_SUCCESS; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) unsigned char buf[1000000]; #endif @@ -126,8 +127,11 @@ int main( int argc, char *argv[] ) return( 0 ); } - if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 ) + if( argc == 2 && ( strcmp( argv[1], "--quiet" ) == 0 || + strcmp( argv[1], "-q" ) == 0 ) ) + { v = 0; + } else { v = 1; @@ -142,134 +146,212 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MD2_C) if( ( ret = mbedtls_md2_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_MD4_C) if( ( ret = mbedtls_md4_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_MD5_C) if( ( ret = mbedtls_md5_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_RIPEMD160_C) if( ( ret = mbedtls_ripemd160_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_SHA1_C) if( ( ret = mbedtls_sha1_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_SHA256_C) if( ( ret = mbedtls_sha256_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_SHA512_C) if( ( ret = mbedtls_sha512_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_ARC4_C) if( ( ret = mbedtls_arc4_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_DES_C) if( ( ret = mbedtls_des_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_AES_C) if( ( ret = mbedtls_aes_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) if( ( ret = mbedtls_gcm_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) if( ( ret = mbedtls_ccm_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_BASE64_C) if( ( ret = mbedtls_base64_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_BIGNUM_C) if( ( ret = mbedtls_mpi_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_RSA_C) if( ( ret = mbedtls_rsa_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_X509_USE_C) if( ( ret = mbedtls_x509_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_XTEA_C) if( ( ret = mbedtls_xtea_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_CAMELLIA_C) if( ( ret = mbedtls_camellia_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_CTR_DRBG_C) if( ( ret = mbedtls_ctr_drbg_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_HMAC_DRBG_C) if( ( ret = mbedtls_hmac_drbg_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_ECP_C) if( ( ret = mbedtls_ecp_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_ECJPAKE_C) if( ( ret = mbedtls_ecjpake_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_DHM_C) if( ( ret = mbedtls_dhm_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_ENTROPY_C) if( ( ret = mbedtls_entropy_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #if defined(MBEDTLS_PKCS5_C) if( ( ret = mbedtls_pkcs5_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif /* Slow tests last */ #if defined(MBEDTLS_TIMING_C) if( ( ret = mbedtls_timing_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif #else @@ -285,19 +367,34 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_free(); - if( ( ret = mbedtls_memory_buffer_alloc_self_test( v ) ) != 0 ) - return( ret ); + { + suites_failed++; + } + suites_tested++; #endif if( v != 0 ) { - mbedtls_printf( " [ All tests passed ]\n\n" ); + mbedtls_printf( " Executed %d test suites\n\n", suites_tested); + + if( suites_failed > 0) + { + mbedtls_printf( " [ %d tests FAIL ]\n\n", suites_failed ); + } + else + { + mbedtls_printf( " [ All tests PASS ]\n\n" ); + } #if defined(_WIN32) mbedtls_printf( " Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif } - return( ret ); + if( suites_failed > 0) + exitcode = EXIT_FAILURE; + + exit(exitcode); } + From ad8fbc066c2f3d05ba8564ab1496f511c9de38bf Mon Sep 17 00:00:00 2001 From: SimonB Date: Fri, 11 Mar 2016 17:33:39 +0000 Subject: [PATCH 161/399] Add test result breakdown to test suites script Added a --verbose switch to 'run-test-suite.pl' to summarise the pass/fail/skip results of each test suite, and summary for all executed tests. --- tests/scripts/run-test-suites.pl | 65 ++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 3 deletions(-) mode change 100644 => 100755 tests/scripts/run-test-suites.pl diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl old mode 100644 new mode 100755 index b91355d30..0ac2a30fc --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -1,11 +1,36 @@ #!/usr/bin/perl +# run-test-suites.pl +# +# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Executes all the available test suites, and provides a basic summary of the +# results. +# +# Usage: run-test-suites.pl [-v] +# +# Options : +# -v|--verbose - Provide a pass/fail/skip breakdown per test suite and +# in total +# + use warnings; use strict; use utf8; use open qw(:std utf8); +use constant FALSE => 0; +use constant TRUE => 1; + +my $verbose; +my $switch = shift; +if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) { + $verbose = TRUE; +} + my @suites = grep { ! /\.(?:c|gcno)$/ } glob 'test_suite_*'; die "$0: no test suite found\n" unless @suites; @@ -14,22 +39,56 @@ $ENV{'LD_LIBRARY_PATH'} = '../library'; my $prefix = $^O eq "MSWin32" ? '' : './'; -my ($failed_suites, $total_tests_run); +my ($failed_suites, $total_tests_run, $failed, $suite_cases_passed, + $suite_cases_failed, $suite_cases_skipped, $total_cases_passed, + $total_cases_failed, $total_cases_skipped ); + for my $suite (@suites) { print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " "; my $result = `$prefix$suite`; + + $suite_cases_passed = () = $result =~ /.. PASS/g; + $suite_cases_failed = () = $result =~ /.. FAILED/g; + $suite_cases_skipped = () = $result =~ /.. ----/g; + if( $result =~ /PASSED/ ) { print "PASS\n"; - my ($tests, $skipped) = $result =~ /([0-9]*) tests.*?([0-9]*) skipped/; - $total_tests_run += $tests - $skipped; } else { $failed_suites++; print "FAIL\n"; } + + my ($passed, $tests, $skipped) = $result =~ /([0-9]*) \/ ([0-9]*) tests.*?([0-9]*) skipped/; + $total_tests_run += $tests - $skipped; + + if ( $verbose ) { + print "(test cases passed:", $suite_cases_passed, + " failed:", $suite_cases_failed, + " skipped:", $suite_cases_skipped, + " of total:", ( $suite_cases_passed + $suite_cases_failed ), + ")\n" + } + + $total_cases_passed += $suite_cases_passed; + $total_cases_failed += $suite_cases_failed; + $total_cases_skipped += $suite_cases_skipped; } print "-" x 72, "\n"; print $failed_suites ? "FAILED" : "PASSED"; printf " (%d suites, %d tests run)\n", scalar @suites, $total_tests_run; + +if ( $verbose ) { + print " test cases passed :", $total_cases_passed, "\n"; + print " failed :", $total_cases_failed, "\n"; + print " skipped :", $total_cases_skipped, "\n"; + print " of tests executed :", ( $total_cases_passed + $total_cases_failed ), + "\n"; + print " of available tests :", + ( $total_cases_passed + $total_cases_failed + $total_cases_skipped ), + "\n" + } + exit( $failed_suites ? 1 : 0 ); + From 75f3caa4084e89a0d9eb54cee6ee5d16f32a4b9b Mon Sep 17 00:00:00 2001 From: SimonB Date: Sat, 12 Mar 2016 19:06:56 +0000 Subject: [PATCH 162/399] Fix unit test script to ignore coverage data The script run-test-suite.pl was mistaking .gcda code coverage data files as test suites. The files are now ignored. --- tests/scripts/run-test-suites.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 0ac2a30fc..ed3aaab33 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -31,7 +31,7 @@ if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) { $verbose = TRUE; } -my @suites = grep { ! /\.(?:c|gcno)$/ } glob 'test_suite_*'; +my @suites = grep { ! /\.(?:c|gcno|gcda)$/ } glob 'test_suite_*'; die "$0: no test suite found\n" unless @suites; # in case test suites are linked dynamically From 21ab9d7b8b6cb601e7f5074f719f672762384f58 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sat, 12 Mar 2016 20:37:32 +0000 Subject: [PATCH 163/399] Add a script to execute the basic tests basic-build-test.sh executes the most obvious and common test suites and creates a test report including coverage data. --- tests/scripts/basic-build-test.sh | 201 ++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100755 tests/scripts/basic-build-test.sh diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh new file mode 100755 index 000000000..3cc0b18f4 --- /dev/null +++ b/tests/scripts/basic-build-test.sh @@ -0,0 +1,201 @@ +#!/bin/sh + +# basic-build-tests.sh +# +# Copyright (c) 2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Executes the basic test suites, captures the results, and generates a simple +# test report and code coverage report. +# +# The tests include: +# * Self-tests - executed using program/test/selftest +# * Unit tests - executed using tests/scripts/run-test-suite.pl +# * System tests - executed using tests/ssl-opt.sh +# * Interoperability tests - executed using tests/compat.sh +# +# The tests focus on functionality and do not consider performance. +# +# Note the tests self-adapt due to configurations in include/mbedtls/config.h +# which can lead to some tests being skipped, and can cause the number of +# available self-tests to fluctuate. +# +# This script has been written to be generic and should work on any shell. +# +# Usage: basic-build-tests.sh +# + +# Abort on errors (and uninitiliased variables) +set -eu + +if [ -d library -a -d include -a -d tests ]; then :; else + echo "Must be run from mbed TLS root" >&2 + exit 1 +fi + + +# Step 1 - Make and instrumented build for code coverage +CFLAGS=' --coverage -g3 -O0 ' +make + + +# Step 2 - Execute the tests +TEST_OUTPUT=out_${PPID} +cd tests + +# Step 2a - Self-tests +../programs/test/selftest |tee self-test-$TEST_OUTPUT +echo + +# Step 2b - Unit Tests +perl scripts/run-test-suites.pl -v |tee unit-test-$TEST_OUTPUT +echo + +# Step 2c - System Tests +sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT +echo + +# Step 2d - Compatibility tests +sh compat.sh |tee compat-test-$TEST_OUTPUT +echo + +# Step 3 - Process the coverage report +cd .. +make lcov |tee tests/cov-$TEST_OUTPUT + + +# Step 4 - Summarise the test report +echo +echo "=========================================================================" +echo "Test Report Summary" +echo + +cd tests + +# Step 4a - Self-tests +echo "Self tests - ./programs/test/selftest" + +PASSED_TESTS=$(grep 'passed' self-test-$TEST_OUTPUT |wc -l) +FAILED_TESTS=$(grep 'failed' self-test-$TEST_OUTPUT |wc -l) +AVAIL_TESTS=$(($PASSED_TESTS + $FAILED_TESTS)) +EXED_TESTS=$(($PASSED_TESTS + $FAILED_TESTS)) + +echo "Passed : $PASSED_TESTS" +echo "Failed : $FAILED_TESTS" +echo "Skipped : n/a" +echo "Total tests : $AVAIL_TESTS" +echo + +TOTAL_PASS=$PASSED_TESTS +TOTAL_FAIL=$FAILED_TESTS +TOTAL_SKIP=0 +TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS)) +TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS)) + + +# Step 3b - Unit tests +echo "Unit tests - tests/scripts/run-test-suites.pl" + +PASSED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ') +SKIPPED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/skipped :[ \t]*\([0-9]*\)/\1/p'| tr -d ' ') +TOTAL_SUITES=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) .*, [0-9]* tests run)/\1/p'| tr -d ' ') +FAILED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/failed :[\t]*\([0-9]*\)/\1/p' |tr -d ' ') + +echo "No test suites : $TOTAL_SUITES" +echo "Passed : $PASSED_TESTS" +echo "Failed : $FAILED_TESTS" +echo "Skipped : $SKIPPED_TESTS" +echo "Total exec'd tests : $(($PASSED_TESTS + $FAILED_TESTS))" +echo "Total avail tests : $(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))" +echo + +TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS)) +TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS)) +TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS)) +TOTAL_AVAIL=$(($TOTAL_AVAIL + $PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS)) +TOTAL_EXED=$(($TOTAL_EXED + $PASSED_TESTS + $FAILED_TESTS)) + + +# Step 3c - System tests +echo "System tests - tests/ssl-opt.sh" + +PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') +SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p') +TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p') +FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS)) + +echo "Passed : $PASSED_TESTS" +echo "Failed : $FAILED_TESTS" +echo "Skipped : $SKIPPED_TESTS" +echo "Total exec'd tests : $TOTAL_TESTS" +echo "Total avail tests : $(($TOTAL_TESTS + $SKIPPED_TESTS))" +echo + +TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS)) +TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS)) +TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS)) +TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS)) +TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS)) + + +# Step 3d - Compatibility tests +echo "Compatibility tests - tests/compat.sh" + +PASSED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') +SKIPPED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p') +EXED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p') +FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS)) + +echo "Passed : $PASSED_TESTS" +echo "Failed : $FAILED_TESTS" +echo "Skipped : $SKIPPED_TESTS" +echo "Total exec'd tests : $EXED_TESTS" +echo "Total avail tests : $(($EXED_TESTS + $SKIPPED_TESTS))" +echo + +TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS)) +TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS)) +TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS)) +TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS)) +TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS)) + + +# Step 3e - Grand totals +echo "-------------------------------------------------------------------------" +echo "Total tests" + +echo "Total Passed : $TOTAL_PASS" +echo "Total Failed : $TOTAL_FAIL" +echo "Total Skipped : $TOTAL_SKIP" +echo "Total exec'd tests : $TOTAL_EXED" +echo "Total avail tests : $TOTAL_AVAIL" +echo + + +# Step 3f - Coverage +echo "Coverage" + +LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') +LINES_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') +FUNCS_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') +FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9.]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') + +LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL)) +LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))" + +FUNCS_PERCENT=$((1000*$FUNCS_TESTED/$FUNCS_TOTAL)) +FUNCS_PERCENT="$(($FUNCS_PERCENT/10)).$(($FUNCS_PERCENT-($FUNCS_PERCENT/10)*10))" + +echo "Lines Tested : $LINES_TESTED of $LINES_TOTAL $LINES_PERCENT%" +echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%" +echo + + +rm self-test-$TEST_OUTPUT +rm unit-test-$TEST_OUTPUT +rm sys-test-$TEST_OUTPUT +rm compat-test-$TEST_OUTPUT +rm cov-$TEST_OUTPUT + +cd .. From ab0c51d782343f51d6b3ec9ada1f1d1dab899b53 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 13 Mar 2016 01:23:34 +0000 Subject: [PATCH 164/399] Fix minor issues with basic test script Following fixes: * In the test script, 'basic-build-test.sh', the total number of functions had a broken RE, and was picking up the number of tested functions. * Titles of tests was misleading * The 'run-test-suites.pl' script was mistaking dSYM directories as test suites to be executed. --- tests/scripts/basic-build-test.sh | 10 +++++----- tests/scripts/run-test-suites.pl | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 3cc0b18f4..25248d622 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -117,8 +117,8 @@ TOTAL_AVAIL=$(($TOTAL_AVAIL + $PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS)) TOTAL_EXED=$(($TOTAL_EXED + $PASSED_TESTS + $FAILED_TESTS)) -# Step 3c - System tests -echo "System tests - tests/ssl-opt.sh" +# Step 3c - TLS Options tests +echo "TLS Options tests - tests/ssl-opt.sh" PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p') @@ -139,8 +139,8 @@ TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS)) TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS)) -# Step 3d - Compatibility tests -echo "Compatibility tests - tests/compat.sh" +# Step 3d - System Compatibility tests +echo "System/Compatibility tests - tests/compat.sh" PASSED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') SKIPPED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p') @@ -179,7 +179,7 @@ echo "Coverage" LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') LINES_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') FUNCS_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') -FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9.]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') +FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p') LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL)) LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))" diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index ed3aaab33..fb77e1571 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -31,7 +31,7 @@ if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) { $verbose = TRUE; } -my @suites = grep { ! /\.(?:c|gcno|gcda)$/ } glob 'test_suite_*'; +my @suites = grep { ! /\.(?:c|gcno|gcda|dSYM)$/ } glob 'test_suite_*'; die "$0: no test suite found\n" unless @suites; # in case test suites are linked dynamically From f1547632dc318b14d7edc66d0cc59ed778be237d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 14 Mar 2016 23:09:39 +0000 Subject: [PATCH 165/399] Fixes to style following review Made code spacing consistent with guidelines, and corrected the misnamed test steps in basic-build-test.sh --- programs/test/selftest.c | 6 +++--- tests/scripts/basic-build-test.sh | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 5c4c737f3..b168b7112 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -99,7 +99,7 @@ static int run_test_snprintf( void ) int main( int argc, char *argv[] ) { - int ret = 0, v, suites_tested = 0, suites_failed =0, + int ret = 0, v, suites_tested = 0, suites_failed = 0, exitcode = EXIT_SUCCESS; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) unsigned char buf[1000000]; @@ -376,7 +376,7 @@ int main( int argc, char *argv[] ) if( v != 0 ) { - mbedtls_printf( " Executed %d test suites\n\n", suites_tested); + mbedtls_printf( " Executed %d test suites\n\n", suites_tested ); if( suites_failed > 0) { @@ -395,6 +395,6 @@ int main( int argc, char *argv[] ) if( suites_failed > 0) exitcode = EXIT_FAILURE; - exit(exitcode); + exit( exitcode ); } diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 25248d622..06c2eb9bd 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -94,7 +94,7 @@ TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS)) TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS)) -# Step 3b - Unit tests +# Step 4b - Unit tests echo "Unit tests - tests/scripts/run-test-suites.pl" PASSED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ') @@ -117,7 +117,7 @@ TOTAL_AVAIL=$(($TOTAL_AVAIL + $PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS)) TOTAL_EXED=$(($TOTAL_EXED + $PASSED_TESTS + $FAILED_TESTS)) -# Step 3c - TLS Options tests +# Step 4c - TLS Options tests echo "TLS Options tests - tests/ssl-opt.sh" PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') @@ -139,7 +139,7 @@ TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS)) TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS)) -# Step 3d - System Compatibility tests +# Step 4d - System Compatibility tests echo "System/Compatibility tests - tests/compat.sh" PASSED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') @@ -161,7 +161,7 @@ TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS)) TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS)) -# Step 3e - Grand totals +# Step 4e - Grand totals echo "-------------------------------------------------------------------------" echo "Total tests" @@ -173,7 +173,7 @@ echo "Total avail tests : $TOTAL_AVAIL" echo -# Step 3f - Coverage +# Step 4f - Coverage echo "Coverage" LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') From 00aea9a36d6cbd476a40ed83af14d66d6fca2e5d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Mar 2016 00:30:35 +0000 Subject: [PATCH 166/399] Fix function name in hashing module doxygen file --- doxygen/input/doc_hashing.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h index de8205074..49f15ea88 100644 --- a/doxygen/input/doc_hashing.h +++ b/doxygen/input/doc_hashing.h @@ -23,13 +23,14 @@ /** * @addtogroup hashing_module Hashing module * - * The Hashing module provides one-way hashing functions. Such functions can be - * used for creating a hash message authentication code (HMAC) when sending a - * message. Such a HMAC can be used in combination with a private key - * for authentication, which is a message integrity control. + * The Message Digest (MD) or Hashing module provides one-way hashing + * functions. Such functions can be used for creating a hash message + * authentication code (HMAC) when sending a message. Such a HMAC can be used + * in combination with a private key for authentication, which is a message + * integrity control. * * All hash algorithms can be accessed via the generic MD layer (see - * \c md_setup()) + * \c mbedtls_md_setup()) * * The following hashing-algorithms are provided: * - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest. From de69b1664bc9481f9cad7ff080c80d264da39d36 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Mar 2016 11:13:48 +0000 Subject: [PATCH 167/399] Fix ChangeLog after merge of IOTSSL-628 --- ChangeLog | 3 --- 1 file changed, 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fed72ba4f..ad4d1f5ec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,9 +3,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x branch Security - * Fix potential integer overflow to buffer overflow in - mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt - (not triggerable remotely in (D)TLS). * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 * Fix potential integer overflow to buffer overflow in From 60ddf167c12be3610cd743f04b3397246d92a9cc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Mar 2016 13:55:07 +0000 Subject: [PATCH 168/399] Fix yotta examples baud rate. --- yotta/data/example-authcrypt/main.cpp | 6 ++---- yotta/data/example-benchmark/main.cpp | 6 ++---- yotta/data/example-hashing/main.cpp | 6 ++---- yotta/data/example-selftest/main.cpp | 6 ++---- 4 files changed, 8 insertions(+), 16 deletions(-) diff --git a/yotta/data/example-authcrypt/main.cpp b/yotta/data/example-authcrypt/main.cpp index 83d5566c5..23fad2792 100644 --- a/yotta/data/example-authcrypt/main.cpp +++ b/yotta/data/example-authcrypt/main.cpp @@ -175,10 +175,6 @@ static int example(void) #include "minar/minar.h" static void run() { - /* Use 115200 bps for consistency with other examples */ - Serial pc(USBTX, USBRX); - pc.baud(115200); - MBED_HOSTTEST_TIMEOUT(10); MBED_HOSTTEST_SELECT(default); MBED_HOSTTEST_DESCRIPTION(mbed TLS example authcrypt); @@ -187,6 +183,8 @@ static void run() { } void app_start(int, char*[]) { + /* Use 115200 bps for consistency with other examples */ + get_stdio_serial().baud(115200); minar::Scheduler::postCallback(mbed::util::FunctionPointer0(run).bind()); } diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp index 77c70052b..ef38c442b 100644 --- a/yotta/data/example-benchmark/main.cpp +++ b/yotta/data/example-benchmark/main.cpp @@ -935,10 +935,6 @@ int benchmark( int argc, char *argv[] ) #include "minar/minar.h" static void run() { - /* Use 115200 bps for consistency with other examples */ - Serial pc(USBTX, USBRX); - pc.baud(115200); - MBED_HOSTTEST_TIMEOUT(150); MBED_HOSTTEST_SELECT(default); MBED_HOSTTEST_DESCRIPTION(mbed TLS benchmark program); @@ -947,6 +943,8 @@ static void run() { } void app_start(int, char*[]) { + /* Use 115200 bps for consistency with other examples */ + get_stdio_serial().baud(115200); minar::Scheduler::postCallback(mbed::util::FunctionPointer0(run).bind()); } diff --git a/yotta/data/example-hashing/main.cpp b/yotta/data/example-hashing/main.cpp index 27c469ba5..574152ab8 100644 --- a/yotta/data/example-hashing/main.cpp +++ b/yotta/data/example-hashing/main.cpp @@ -155,10 +155,6 @@ int example(void) #include "minar/minar.h" static void run() { - /* Use 115200 bps for consistency with other examples */ - Serial pc(USBTX, USBRX); - pc.baud(115200); - MBED_HOSTTEST_TIMEOUT(10); MBED_HOSTTEST_SELECT(default); MBED_HOSTTEST_DESCRIPTION(mbed TLS example on hashing); @@ -167,6 +163,8 @@ static void run() { } void app_start(int, char*[]) { + /* Use 115200 bps for consistency with other examples */ + get_stdio_serial().baud(115200); minar::Scheduler::postCallback(mbed::util::FunctionPointer0(run).bind()); } diff --git a/yotta/data/example-selftest/main.cpp b/yotta/data/example-selftest/main.cpp index b1b15f13b..0ff5b048e 100644 --- a/yotta/data/example-selftest/main.cpp +++ b/yotta/data/example-selftest/main.cpp @@ -246,10 +246,6 @@ int selftest( int argc, char *argv[] ) #include "minar/minar.h" static void run() { - /* Use 115200 bps for consistency with other examples */ - Serial pc(USBTX, USBRX); - pc.baud(115200); - MBED_HOSTTEST_TIMEOUT(40); MBED_HOSTTEST_SELECT(default); MBED_HOSTTEST_DESCRIPTION(mbed TLS selftest program); @@ -258,6 +254,8 @@ static void run() { } void app_start(int, char*[]) { + /* Use 115200 bps for consistency with other examples */ + get_stdio_serial().baud(115200); minar::Scheduler::postCallback(mbed::util::FunctionPointer0(run).bind()); } From 1404ddbd78862779f8e0359370f38fa1b3fd7928 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Mar 2016 16:00:13 +0000 Subject: [PATCH 169/399] Added clarification text on benchmark usefulness. --- yotta/data/example-benchmark/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 1a534a2f3..8589e7bd6 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -92,3 +92,9 @@ To build and run this example you must have: {{success}} {{end}} ``` + +Any performance data generated by this example application are indicative only of the performance of the mbed TLS module on the platform it's executed on. + +Differences in the integration of mbed TLS into the platform, such as whether all available hardware accelerators have been used or not, can lead to significant differences in performance, and so results from the program are not intended to be used to meaningfully compare platforms. + +The figures may also slightly change from execution to execution due to variations in the timing functions. From 9a5c0aa076e51c4760eb806a37a8c35585dcdcf4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 17 Mar 2016 16:03:39 +0000 Subject: [PATCH 170/399] Update the version number of the yotta module --- yotta/data/module.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yotta/data/module.json b/yotta/data/module.json index 0569e6246..164a083d8 100644 --- a/yotta/data/module.json +++ b/yotta/data/module.json @@ -1,6 +1,6 @@ { "name": "mbedtls", - "version": "2.2.1", + "version": "2.2.2", "description": "The mbed TLS crypto/SSL/TLS library", "licenses": [ { From 7ef5cf3c54aeb79d45b7a12e60adef42002ad4be Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 13 Feb 2016 22:20:04 +0000 Subject: [PATCH 171/399] Provided doxygen function definitions for debug.h Documented each function definition. --- include/mbedtls/debug.h | 113 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 108 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index d859dd5f6..7d944f3f6 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -1,7 +1,7 @@ /** * \file debug.h * - * \brief Debug functions + * \brief Functions for controlling and providing debug output from the library. * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -80,39 +80,141 @@ extern "C" { #endif /** - * \brief Set the level threshold to handle globally. Messages that have a - * level over the threshold value are ignored. - * (Default value: 0 (No debug)) + * \brief Set the threshold error level to handle globally all debug output. + * Debug messages that have a level over the threshold value are + * discarded. + * (Default value: 0 = No debug ) * - * \param threshold maximum level of messages to pass on + * \param threshold theshold level of messages to filter on. Messages at a + * higher level will be discarded. + * - Debug levels + * - 0 No debug + * - 1 Error + * - 2 State change + * - 3 Informational + * - 4 Verbose */ void mbedtls_debug_set_threshold( int threshold ); +/** +* \brief Print a message to the debug output. This function is always used + * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl + * context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the message has occurred in + * \param line line number the message has occurred at + * \param format format specifier, in printf format + * \param ... variables used by the format specifier + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *format, ... ); +/** + * \brief Print the return value of a function to the debug output. This + * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro, + * which supplies the ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text the name of the function that returned the error + * \param ret the return code value + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, int ret ); +/** + * \brief Output a buffer of size len bytes to the debug output. This function + * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro, + * which supplies the ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text a name or label for the buffer being dumped. Normally the + * variable or buffer name + * \param buf the buffer to be outputted + * \param len length of the buffer + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const unsigned char *buf, size_t len ); #if defined(MBEDTLS_BIGNUM_C) +/** + * \brief Print a MPI variable to the debug output. This function is always + * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the + * ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text a name or label for the MPI being output. Normally the + * variable name + * \param X the MPI variable + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_mpi *X ); #endif #if defined(MBEDTLS_ECP_C) +/** + * \brief Print an ECP point to the debug output. This function is always + * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the + * ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text a name or label for the ECP point being output. Normally the + * variable name + * \param X the ECP point + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_ecp_point *X ); #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) +/** + * \brief Print a X.509 certificate structure to the debug output. This + * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, + * which supplies the ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text a name or label for the certificate being output + * \param crt X.509 certificate structure + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_x509_crt *crt ); @@ -123,3 +225,4 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, #endif #endif /* debug.h */ + From 68c0bd72bc9abeb9b76c96239ddddb99b09917aa Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 13 Feb 2016 22:44:49 +0000 Subject: [PATCH 172/399] Clarified current status of RC4 usage Made clear RC4 has been deprecated by IETF standard, and disabled by default in the library. --- include/mbedtls/ssl.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 307275130..3e05f3f3d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2012,11 +2012,13 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems * \brief Disable or enable support for RC4 * (Default: MBEDTLS_SSL_ARC4_DISABLED) * - * \warning Use of RC4 in (D)TLS has been prohibited by RFC ???? - * for security reasons. Use at your own risks. + * \warning Use of RC4 in DTLS/TLS has been prohibited by RFC-7465 + * for security reasons. Use at your own risk. * - * \note This function will likely be removed in future versions as - * RC4 will then be disabled by default at compile time. + * \note This function is deprecated and will likely be removed in + * a future version of the library. + * RC4 is disabled by default at compile time and needs to be + * actively enabled for use with legacy systems. * * \param conf SSL configuration * \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED From 91947445956817f10b29fc888feaaa9ca74a4823 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Mar 2016 13:49:27 +0000 Subject: [PATCH 173/399] Add exit value macros to platform abstraction layer. --- ChangeLog | 1 + include/mbedtls/config.h | 4 +++- include/mbedtls/platform.h | 22 +++++++++++++++++++++- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 007f60418..cdbac2e8b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,7 @@ Changes don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. * Disabled SSLv3 in the default configuration. + * Add exit value macros to the platform abstraction layer. = mbed TLS 2.2.1 released 2016-01-05 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d9b37e0ce..c9332e113 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -131,7 +131,7 @@ //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS /** - * \def MBEDTLS_PLATFORM_EXIT_ALT + * \def MBEDTLS_PLATFORM_XXX_ALT * * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the * function in the platform abstraction layer. @@ -2469,6 +2469,8 @@ //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ /* Note: your snprintf must correclty zero-terminate the buffer! */ //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index f71f1b649..1371ff1c6 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -64,7 +64,13 @@ extern "C" { #define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */ #endif #if !defined(MBEDTLS_PLATFORM_STD_EXIT) -#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default free to use */ +#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */ +#endif +#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS) +#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< Default exit value to use */ +#endif +#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) +#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */ #endif #else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) @@ -207,6 +213,20 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #endif /* MBEDTLS_PLATFORM_EXIT_MACRO */ #endif /* MBEDTLS_PLATFORM_EXIT_ALT */ +/* + * The default exit values + */ +#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS) +#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS +#else +#define MBEDTLS_EXIT_SUCCESS 0 +#endif +#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) +#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE +#else +#define MBEDTLS_EXIT_FAILURE 1 +#endif + #ifdef __cplusplus } #endif From 2e3aca2c9e1af86d279e6a6eae5d7e0d9d6a4e1e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Mar 2016 16:25:52 +0000 Subject: [PATCH 174/399] Fix test break in 'test-ref-configs.pl' --- programs/test/selftest.c | 71 +++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index b168b7112..3765a0ae0 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -52,15 +52,19 @@ #include "mbedtls/ecjpake.h" #include "mbedtls/timing.h" -#include +//#include #include #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) @@ -99,8 +103,7 @@ static int run_test_snprintf( void ) int main( int argc, char *argv[] ) { - int ret = 0, v, suites_tested = 0, suites_failed = 0, - exitcode = EXIT_SUCCESS; + int v, suites_tested = 0, suites_failed = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) unsigned char buf[1000000]; #endif @@ -115,7 +118,7 @@ int main( int argc, char *argv[] ) if( pointer != NULL ) { mbedtls_printf( "all-bits-zero is not a NULL pointer\n" ); - return( 1 ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } /* @@ -124,7 +127,7 @@ int main( int argc, char *argv[] ) if( run_test_snprintf() != 0 ) { mbedtls_printf( "the snprintf implementation is broken\n" ); - return( 0 ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } if( argc == 2 && ( strcmp( argv[1], "--quiet" ) == 0 || @@ -145,7 +148,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_MD2_C) - if( ( ret = mbedtls_md2_self_test( v ) ) != 0 ) + if( mbedtls_md2_self_test( v ) != 0 ) { suites_failed++; } @@ -153,7 +156,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_MD4_C) - if( ( ret = mbedtls_md4_self_test( v ) ) != 0 ) + if( mbedtls_md4_self_test( v ) != 0 ) { suites_failed++; } @@ -161,7 +164,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_MD5_C) - if( ( ret = mbedtls_md5_self_test( v ) ) != 0 ) + if( mbedtls_md5_self_test( v ) != 0 ) { suites_failed++; } @@ -169,7 +172,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_RIPEMD160_C) - if( ( ret = mbedtls_ripemd160_self_test( v ) ) != 0 ) + if( mbedtls_ripemd160_self_test( v ) != 0 ) { suites_failed++; } @@ -177,7 +180,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SHA1_C) - if( ( ret = mbedtls_sha1_self_test( v ) ) != 0 ) + if( mbedtls_sha1_self_test( v ) != 0 ) { suites_failed++; } @@ -185,7 +188,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SHA256_C) - if( ( ret = mbedtls_sha256_self_test( v ) ) != 0 ) + if( mbedtls_sha256_self_test( v ) != 0 ) { suites_failed++; } @@ -193,7 +196,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SHA512_C) - if( ( ret = mbedtls_sha512_self_test( v ) ) != 0 ) + if( mbedtls_sha512_self_test( v ) != 0 ) { suites_failed++; } @@ -201,7 +204,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_ARC4_C) - if( ( ret = mbedtls_arc4_self_test( v ) ) != 0 ) + if( mbedtls_arc4_self_test( v ) != 0 ) { suites_failed++; } @@ -209,7 +212,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_DES_C) - if( ( ret = mbedtls_des_self_test( v ) ) != 0 ) + if( mbedtls_des_self_test( v ) != 0 ) { suites_failed++; } @@ -217,7 +220,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_AES_C) - if( ( ret = mbedtls_aes_self_test( v ) ) != 0 ) + if( mbedtls_aes_self_test( v ) != 0 ) { suites_failed++; } @@ -225,7 +228,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) - if( ( ret = mbedtls_gcm_self_test( v ) ) != 0 ) + if( mbedtls_gcm_self_test( v ) != 0 ) { suites_failed++; } @@ -233,7 +236,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) - if( ( ret = mbedtls_ccm_self_test( v ) ) != 0 ) + if( mbedtls_ccm_self_test( v ) != 0 ) { suites_failed++; } @@ -241,7 +244,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_BASE64_C) - if( ( ret = mbedtls_base64_self_test( v ) ) != 0 ) + if( mbedtls_base64_self_test( v ) != 0 ) { suites_failed++; } @@ -249,7 +252,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_BIGNUM_C) - if( ( ret = mbedtls_mpi_self_test( v ) ) != 0 ) + if( mbedtls_mpi_self_test( v ) != 0 ) { suites_failed++; } @@ -257,7 +260,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_RSA_C) - if( ( ret = mbedtls_rsa_self_test( v ) ) != 0 ) + if( mbedtls_rsa_self_test( v ) != 0 ) { suites_failed++; } @@ -265,7 +268,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_X509_USE_C) - if( ( ret = mbedtls_x509_self_test( v ) ) != 0 ) + if( mbedtls_x509_self_test( v ) != 0 ) { suites_failed++; } @@ -273,7 +276,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_XTEA_C) - if( ( ret = mbedtls_xtea_self_test( v ) ) != 0 ) + if( mbedtls_xtea_self_test( v ) != 0 ) { suites_failed++; } @@ -281,7 +284,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_CAMELLIA_C) - if( ( ret = mbedtls_camellia_self_test( v ) ) != 0 ) + if( mbedtls_camellia_self_test( v ) != 0 ) { suites_failed++; } @@ -289,7 +292,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_CTR_DRBG_C) - if( ( ret = mbedtls_ctr_drbg_self_test( v ) ) != 0 ) + if( mbedtls_ctr_drbg_self_test( v ) != 0 ) { suites_failed++; } @@ -297,7 +300,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_HMAC_DRBG_C) - if( ( ret = mbedtls_hmac_drbg_self_test( v ) ) != 0 ) + if( mbedtls_hmac_drbg_self_test( v ) != 0 ) { suites_failed++; } @@ -305,7 +308,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_ECP_C) - if( ( ret = mbedtls_ecp_self_test( v ) ) != 0 ) + if( mbedtls_ecp_self_test( v ) != 0 ) { suites_failed++; } @@ -313,7 +316,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_ECJPAKE_C) - if( ( ret = mbedtls_ecjpake_self_test( v ) ) != 0 ) + if( mbedtls_ecjpake_self_test( v ) != 0 ) { suites_failed++; } @@ -321,7 +324,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_DHM_C) - if( ( ret = mbedtls_dhm_self_test( v ) ) != 0 ) + if( mbedtls_dhm_self_test( v ) != 0 ) { suites_failed++; } @@ -329,7 +332,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_ENTROPY_C) - if( ( ret = mbedtls_entropy_self_test( v ) ) != 0 ) + if( mbedtls_entropy_self_test( v ) != 0 ) { suites_failed++; } @@ -337,7 +340,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_PKCS5_C) - if( ( ret = mbedtls_pkcs5_self_test( v ) ) != 0 ) + if( mbedtls_pkcs5_self_test( v ) != 0 ) { suites_failed++; } @@ -347,7 +350,7 @@ int main( int argc, char *argv[] ) /* Slow tests last */ #if defined(MBEDTLS_TIMING_C) - if( ( ret = mbedtls_timing_self_test( v ) ) != 0 ) + if( mbedtls_timing_self_test( v ) != 0 ) { suites_failed++; } @@ -367,7 +370,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_free(); - if( ( ret = mbedtls_memory_buffer_alloc_self_test( v ) ) != 0 ) + if( mbedtls_memory_buffer_alloc_self_test( v ) != 0 ) { suites_failed++; } @@ -393,8 +396,8 @@ int main( int argc, char *argv[] ) } if( suites_failed > 0) - exitcode = EXIT_FAILURE; + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); - exit( exitcode ); + mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); } From d75b782d0d4be34f57295b79267f1c0a0d808e3c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Mar 2016 16:28:20 +0000 Subject: [PATCH 175/399] Fix a typo that confuses check-names.sh --- include/mbedtls/debug.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 7d944f3f6..295799640 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -97,7 +97,7 @@ extern "C" { void mbedtls_debug_set_threshold( int threshold ); /** -* \brief Print a message to the debug output. This function is always used + * \brief Print a message to the debug output. This function is always used * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl * context, file and line number parameters. * From be412aaca99c46b24a56fbee535b79d99996447e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 18 Mar 2016 18:28:43 +0000 Subject: [PATCH 176/399] Fix the basic test build script to always build The test script, 'basic-build-test.sh', wasn't consistently building with symbols and coverage data, nor doing a forced rebuild. --- tests/scripts/basic-build-test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 06c2eb9bd..ffca6f94f 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -36,8 +36,8 @@ fi # Step 1 - Make and instrumented build for code coverage -CFLAGS=' --coverage -g3 -O0 ' -make +export CFLAGS=' --coverage -g3 -O0 ' +make clean; make # Step 2 - Execute the tests From c351d18c0ef986daaf6e8a4b1cff4082de021ffb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 21 Mar 2016 08:43:59 +0000 Subject: [PATCH 177/399] Restore a change in the documentation. Using the wildcard name MBEDTLS_PLATFORM_XXX_ALT made the Travis build fail. --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c9332e113..a617d0629 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -131,7 +131,7 @@ //#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS /** - * \def MBEDTLS_PLATFORM_XXX_ALT + * \def MBEDTLS_PLATFORM_EXIT_ALT * * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the * function in the platform abstraction layer. From 831a65ffa7d9a255cfdd78b395ca6be2b64d781c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 21 Mar 2016 09:22:58 +0000 Subject: [PATCH 178/399] Make Travis more chatty. Include the logs in the report after failing. --- .travis.yml | 2 ++ tests/scripts/travis-log.sh | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100755 tests/scripts/travis-log.sh diff --git a/.travis.yml b/.travis.yml index dbc23476a..6aca79eaf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,6 +19,8 @@ script: - tests/scripts/test-ref-configs.pl - tests/scripts/curves.pl - tests/scripts/key-exchanges.pl +after_failure: +- tests/scripts/travis-log.sh env: global: secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" diff --git a/tests/scripts/travis-log.sh b/tests/scripts/travis-log.sh new file mode 100755 index 000000000..fead2c1b7 --- /dev/null +++ b/tests/scripts/travis-log.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# List the server and client logs on failed ssl-opt.sh and compat.sh tests. +# This script is used to make the logs show up in the Travis test results. + +# Some of the logs can be very long: this means usually a couple of megabytes +# but it can bee much more. For example, the client log of test 273 in ssl-opt.sh +# is more than 630 Megabytes long. + +if [ -d include/mbedtls ]; then :; else + echo "$0: must be run from root" >&2 + exit 1 +fi + +FILES="o-srv-*.log o-cli-*.log c-srv-*.log c-cli-*.log o-pxy-*.log" + +for PATTERN in $FILES; do + for LOG in $( ls tests/$PATTERN 2>/dev/null ); do + echo + echo "****** BEGIN file: $LOG ******" + echo + cat $LOG + echo "****** END file: $LOG ******" + echo + rm $LOG + done +done From c2b0efcebebdc63c827f1e25f6065c3a6824cfab Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 18 Mar 2016 18:28:43 +0000 Subject: [PATCH 179/399] Fix the basic test build script to always build The test script, 'basic-build-test.sh', wasn't consistently building with symbols and coverage data, nor doing a forced rebuild. --- tests/scripts/basic-build-test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 06c2eb9bd..ffca6f94f 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -36,8 +36,8 @@ fi # Step 1 - Make and instrumented build for code coverage -CFLAGS=' --coverage -g3 -O0 ' -make +export CFLAGS=' --coverage -g3 -O0 ' +make clean; make # Step 2 - Execute the tests From cd0ee5e49915cd9e9fcc5ed5272543d3219677dc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 21 Mar 2016 22:54:37 +0000 Subject: [PATCH 180/399] Fixes following review of 'iotssl-682-selftest-ci-break' --- ChangeLog | 1 - programs/test/selftest.c | 1 - 2 files changed, 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index cdbac2e8b..007f60418 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,7 +22,6 @@ Changes don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. * Disabled SSLv3 in the default configuration. - * Add exit value macros to the platform abstraction layer. = mbed TLS 2.2.1 released 2016-01-05 diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 3765a0ae0..6ca07bba2 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -52,7 +52,6 @@ #include "mbedtls/ecjpake.h" #include "mbedtls/timing.h" -//#include #include #if defined(MBEDTLS_PLATFORM_C) From 3527514e94c7723a67f5093528a065d11154af60 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 23 Mar 2016 15:38:37 +0000 Subject: [PATCH 181/399] Update the yotta module number Changed the yotta module number to 2.2.3 --- yotta/data/module.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yotta/data/module.json b/yotta/data/module.json index 164a083d8..a132c93b3 100644 --- a/yotta/data/module.json +++ b/yotta/data/module.json @@ -1,6 +1,6 @@ { "name": "mbedtls", - "version": "2.2.2", + "version": "2.2.3", "description": "The mbed TLS crypto/SSL/TLS library", "licenses": [ { From a7ffc8f7396573bec401e0afcc073137522d5305 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 23 Mar 2016 16:22:24 +0000 Subject: [PATCH 182/399] Update the yotta module version number The minor version must rise to allow other software with dependencies on mbed TLS to be dependent on the next version following the 2016 Q1 release. --- yotta/data/module.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yotta/data/module.json b/yotta/data/module.json index a132c93b3..f3037835f 100644 --- a/yotta/data/module.json +++ b/yotta/data/module.json @@ -1,6 +1,6 @@ { "name": "mbedtls", - "version": "2.2.3", + "version": "2.3.0", "description": "The mbed TLS crypto/SSL/TLS library", "licenses": [ { From 4c5dccf419604715fcddc0b214e18cbc475ea822 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 16 Mar 2016 10:16:54 +0000 Subject: [PATCH 183/399] Fix the broken pkcs1 v1.5 test. The random buffer handed over to the test function was too small and the remaining bytes were generated by the default (platform dependant) function. --- tests/suites/test_suite_pkcs1_v15.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data index 65bd99caf..9ab3e8c99 100644 --- a/tests/suites/test_suite_pkcs1_v15.data +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -1,5 +1,5 @@ RSAES-V15 Encryption Test Vector Int -pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 +pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb32":"6c5ebca6116b1e91316613fbb5e93197270a849122d549122d05815e2626f80d20f7f3f038c98295203c0f7f6bb8c3568455c67dec82bca86be86eff43b56b7ba2d15375f9a42454c2a2c709953a6e4a977462e35fd21a9c2fb3c0ad2a370f7655267bf6f04814784982988e663b869fc8588475af860d499e5a6ffdfc2c6bfd":0 RSAES-V15 Decryption Test Vector Int pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":0 From 60f2cf93f5f241467867df58d56b2b10142567a2 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sun, 3 Apr 2016 14:16:08 +0100 Subject: [PATCH 184/399] Adds option to config.pl to force config changes The script config.pl fails when setting a #define symbol if the symbol isn't already in the configuration header. This adds an option '--force' to append the symbol to the end of the file if it isn't already present. Also clarified usage, and added copyright to the config.pl. --- scripts/config.pl | 176 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 135 insertions(+), 41 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index d4c32fd1b..291a54a9a 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -1,22 +1,73 @@ #!/usr/bin/perl - -# Tune the configuration file +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Comments and uncomments #define lines in the given header file and optionally +# sets their value. This is to provide scripting control of what preprocessor +# symbols, and therefore what build time configuration flags are set in the +# 'config.h' file. +# +# Usage: config.pl [-f | --file ] [-o | --force] +# [set | unset | full | realfull] +# +# Full usage description provided below. +# +# Things that shouldn't be enabled with "full". +# +# MBEDTLS_DEPRECATED_REMOVED +# MBEDTLS_HAVE_SSE2 +# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +# MBEDTLS_ECP_DP_M221_ENABLED +# MBEDTLS_ECP_DP_M383_ENABLED +# MBEDTLS_ECP_DP_M511_ENABLED +# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +# MBEDTLS_NO_PLATFORM_ENTROPY +# MBEDTLS_REMOVE_ARC4_CIPHERSUITES +# MBEDTLS_SSL_HW_RECORD_ACCEL +# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +# - this could be enabled if the respective tests were adapted +# MBEDTLS_ZLIB_SUPPORT +# MBEDTLS_PKCS11_C +# and any symbol beginning _ALT +# use warnings; use strict; +my $config_file = "include/mbedtls/config.h"; my $usage = <] unset -$0 [-f ] set [] -EOU -# for our eyes only: -# $0 [-f ] full|realfull +$0 [-f | --file ] [-o | --force] + [set | unset | full | realfull] + +Commands + set [ to + the configuration file, and optionally making it + of . + If the symbol isn't present in the file an error + is returned. + unset - Comments out any #define present in the + configuration file. + full - Uncomments all #define's in the configuration file + excluding some reserved symbols, until the + 'Module configuration options' section + realfull - Uncomments all #define's with no exclusions + +Options + -f | --file - The file or file path for the configuration file + to edit. When omitted, the following default is + used: + $config_file + -o | --force - If the symbol isn't present in the configuration + file when setting it's value, a #define is + appended to the end of the file. + +EOU -# Things that shouldn't be enabled with "full". -# Notes: -# - MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 and -# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the -# respective tests were adapted my @excluded = qw( MBEDTLS_DEPRECATED_REMOVED MBEDTLS_HAVE_SSE2 @@ -40,40 +91,65 @@ my @non_excluded = qw( PLATFORM_[A-Z0-9]+_ALT ); -my $config_file = "include/mbedtls/config.h"; +# Process the command line arguments -# get -f option -if (@ARGV >= 2 && $ARGV[0] eq "-f") { - shift; # -f - $config_file = shift; +my $force_option = 0; - -f $config_file or die "No such file: $config_file\n"; -} else { - if (! -f $config_file) { - chdir '..' or die; - -f $config_file - or die "Without -f, must be run from root or scripts\n" +my ($arg, $name, $value, $action); + +while ( $arg = shift) { + + # Check if the argument is an option + if ( $arg eq "-f" || $arg eq "--file" ) { + $config_file = shift; + + -f $config_file or die "No such file: $config_file\n"; + + } + elsif ( $arg eq "-o" || $arg eq "--force" ) { + $force_option = 1; + + } + else + { + # ...else assume it's a command + $action = $arg; + + if ($action eq "full" || $action eq "realfull") { + # No additional parameters + die $usage if @ARGV; + + } + elsif ($action eq "unset") { + die $usage unless @ARGV; + $name = shift; + + } + elsif ($action eq "set") { + die $usage unless @ARGV; + $name = shift; + $value = shift if @ARGV; + + } + else { + die "Command '$action' not recognised.\n\n".$usage; + } } } -# get action -die $usage unless @ARGV; -my $action = shift; +# Check the config file is present +if (! -f $config_file) { -my ($name, $value); -if ($action eq "full" || $action eq "realfull") { - # nothing to do -} elsif ($action eq "unset") { - die $usage unless @ARGV; - $name = shift; -} elsif ($action eq "set") { - die $usage unless @ARGV; - $name = shift; - $value = shift if @ARGV; -} else { - die $usage; + chdir '..' or die; + + # Confirm this is the project root directory and try again + if ( !(-d 'scripts' && -d 'include' && -d 'library' && -f $config_file) ) { + die "If no file specified, must be run from the project root or scripts directory.\n"; + } } -die $usage if @ARGV; + + +# Now read the file and process the contents open my $config_read, '<', $config_file or die "read $config_file: $!\n"; my @config_lines = <$config_read>; @@ -122,9 +198,27 @@ for my $line (@config_lines) { print $config_write $line; } +# Did the set command work? +if ($action eq "set"&& $force_option && !$done) { + + # If the force option was set, append the symbol to the end of the file + my $line = "#define $name"; + $line .= " $value" if defined $value && $value ne ""; + $line .= "\n"; + $done = 1; + + print $config_write $line; +} + close $config_write; -die "configuration section not found" if ($action eq "full" && !$done); -die "$name not found" if ($action ne "full" && !$done); +if ($action eq "full" && !$done) { + die "Configuration section was not found in $config_file\n"; + +} + +if ($action ne "full" && $action ne "unset" && !$done) { + die "A #define for the symbol $name was not found in $config_file\n"; +} __END__ From ba9dd1ec13dd50ed116e3c9015cd92a196a45a80 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sun, 3 Apr 2016 15:06:52 +0100 Subject: [PATCH 185/399] Adds to footprint.sh MBEDTLS_NO_PLATFORM_ENTROPY For baremetal builds MBEDTLS_NO_PLATFORM_ENTROPY must now be set to avoid the build failing. Fixes #449. --- scripts/footprint.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 87d62dfc4..026e7a841 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -1,5 +1,23 @@ #!/bin/sh - +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# This script determines ROM size (or code size) for the standard mbed TLS +# configurations, when built for a Cortex M3/M4 target. +# +# Configurations included: +# default include/mbedtls/config.h +# yotta yotta/module/mbedtls/config.h +# thread configs/config-thread.h +# suite-b configs/config-suite-b.h +# psk configs/config-ccm-psk-tls1_2.h +# +# Usage: footprint.sh +# set -eu CONFIG_H='include/mbedtls/config.h' @@ -48,6 +66,7 @@ doit() scripts/config.pl unset MBEDTLS_NET_C || true scripts/config.pl unset MBEDTLS_TIMING_C || true scripts/config.pl unset MBEDTLS_FS_IO || true + scripts/config.pl --force set MBEDTLS_NO_PLATFORM_ENTROPY || true } >/dev/null 2>&1 CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld \ From 73883c12bc382775663eb605d3ee143f65496bb4 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 4 Apr 2016 13:49:10 +0100 Subject: [PATCH 186/399] Fixes formatting of spacing in config.pl --- scripts/config.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 291a54a9a..a6dcfe7d7 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -97,16 +97,16 @@ my $force_option = 0; my ($arg, $name, $value, $action); -while ( $arg = shift) { +while ($arg = shift) { # Check if the argument is an option - if ( $arg eq "-f" || $arg eq "--file" ) { + if ($arg eq "-f" || $arg eq "--file") { $config_file = shift; -f $config_file or die "No such file: $config_file\n"; } - elsif ( $arg eq "-o" || $arg eq "--force" ) { + elsif ($arg eq "-o" || $arg eq "--force") { $force_option = 1; } From d9106f3538d1e6aca681f3904adae41ab4809947 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 5 Apr 2016 13:59:00 +0100 Subject: [PATCH 187/399] Makes basic-build-test.sh tests more consistent This contains two fixes: * CFLAGS symbol wasn't being exported so wasn't being used in the build * Absence of a clean build meant the build could be made with existing object code that may not have code coverage instrumentation --- tests/scripts/basic-build-test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 06c2eb9bd..f1b36c379 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -36,7 +36,8 @@ fi # Step 1 - Make and instrumented build for code coverage -CFLAGS=' --coverage -g3 -O0 ' +export CFLAGS=' --coverage -g3 -O0 ' +make clean make From 2181449d5c9081363119dff3d1d7a63925807d93 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sun, 3 Apr 2016 14:16:08 +0100 Subject: [PATCH 188/399] Adds option to config.pl to force config changes The script config.pl fails when setting a #define symbol if the symbol isn't already in the configuration header. This adds an option '--force' to append the symbol to the end of the file if it isn't already present. Also clarified usage, and added copyright to the config.pl. --- scripts/config.pl | 176 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 135 insertions(+), 41 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index d4c32fd1b..291a54a9a 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -1,22 +1,73 @@ #!/usr/bin/perl - -# Tune the configuration file +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Comments and uncomments #define lines in the given header file and optionally +# sets their value. This is to provide scripting control of what preprocessor +# symbols, and therefore what build time configuration flags are set in the +# 'config.h' file. +# +# Usage: config.pl [-f | --file ] [-o | --force] +# [set | unset | full | realfull] +# +# Full usage description provided below. +# +# Things that shouldn't be enabled with "full". +# +# MBEDTLS_DEPRECATED_REMOVED +# MBEDTLS_HAVE_SSE2 +# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +# MBEDTLS_ECP_DP_M221_ENABLED +# MBEDTLS_ECP_DP_M383_ENABLED +# MBEDTLS_ECP_DP_M511_ENABLED +# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +# MBEDTLS_NO_PLATFORM_ENTROPY +# MBEDTLS_REMOVE_ARC4_CIPHERSUITES +# MBEDTLS_SSL_HW_RECORD_ACCEL +# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +# - this could be enabled if the respective tests were adapted +# MBEDTLS_ZLIB_SUPPORT +# MBEDTLS_PKCS11_C +# and any symbol beginning _ALT +# use warnings; use strict; +my $config_file = "include/mbedtls/config.h"; my $usage = <] unset -$0 [-f ] set [] -EOU -# for our eyes only: -# $0 [-f ] full|realfull +$0 [-f | --file ] [-o | --force] + [set | unset | full | realfull] + +Commands + set [ to + the configuration file, and optionally making it + of . + If the symbol isn't present in the file an error + is returned. + unset - Comments out any #define present in the + configuration file. + full - Uncomments all #define's in the configuration file + excluding some reserved symbols, until the + 'Module configuration options' section + realfull - Uncomments all #define's with no exclusions + +Options + -f | --file - The file or file path for the configuration file + to edit. When omitted, the following default is + used: + $config_file + -o | --force - If the symbol isn't present in the configuration + file when setting it's value, a #define is + appended to the end of the file. + +EOU -# Things that shouldn't be enabled with "full". -# Notes: -# - MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 and -# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the -# respective tests were adapted my @excluded = qw( MBEDTLS_DEPRECATED_REMOVED MBEDTLS_HAVE_SSE2 @@ -40,40 +91,65 @@ my @non_excluded = qw( PLATFORM_[A-Z0-9]+_ALT ); -my $config_file = "include/mbedtls/config.h"; +# Process the command line arguments -# get -f option -if (@ARGV >= 2 && $ARGV[0] eq "-f") { - shift; # -f - $config_file = shift; +my $force_option = 0; - -f $config_file or die "No such file: $config_file\n"; -} else { - if (! -f $config_file) { - chdir '..' or die; - -f $config_file - or die "Without -f, must be run from root or scripts\n" +my ($arg, $name, $value, $action); + +while ( $arg = shift) { + + # Check if the argument is an option + if ( $arg eq "-f" || $arg eq "--file" ) { + $config_file = shift; + + -f $config_file or die "No such file: $config_file\n"; + + } + elsif ( $arg eq "-o" || $arg eq "--force" ) { + $force_option = 1; + + } + else + { + # ...else assume it's a command + $action = $arg; + + if ($action eq "full" || $action eq "realfull") { + # No additional parameters + die $usage if @ARGV; + + } + elsif ($action eq "unset") { + die $usage unless @ARGV; + $name = shift; + + } + elsif ($action eq "set") { + die $usage unless @ARGV; + $name = shift; + $value = shift if @ARGV; + + } + else { + die "Command '$action' not recognised.\n\n".$usage; + } } } -# get action -die $usage unless @ARGV; -my $action = shift; +# Check the config file is present +if (! -f $config_file) { -my ($name, $value); -if ($action eq "full" || $action eq "realfull") { - # nothing to do -} elsif ($action eq "unset") { - die $usage unless @ARGV; - $name = shift; -} elsif ($action eq "set") { - die $usage unless @ARGV; - $name = shift; - $value = shift if @ARGV; -} else { - die $usage; + chdir '..' or die; + + # Confirm this is the project root directory and try again + if ( !(-d 'scripts' && -d 'include' && -d 'library' && -f $config_file) ) { + die "If no file specified, must be run from the project root or scripts directory.\n"; + } } -die $usage if @ARGV; + + +# Now read the file and process the contents open my $config_read, '<', $config_file or die "read $config_file: $!\n"; my @config_lines = <$config_read>; @@ -122,9 +198,27 @@ for my $line (@config_lines) { print $config_write $line; } +# Did the set command work? +if ($action eq "set"&& $force_option && !$done) { + + # If the force option was set, append the symbol to the end of the file + my $line = "#define $name"; + $line .= " $value" if defined $value && $value ne ""; + $line .= "\n"; + $done = 1; + + print $config_write $line; +} + close $config_write; -die "configuration section not found" if ($action eq "full" && !$done); -die "$name not found" if ($action ne "full" && !$done); +if ($action eq "full" && !$done) { + die "Configuration section was not found in $config_file\n"; + +} + +if ($action ne "full" && $action ne "unset" && !$done) { + die "A #define for the symbol $name was not found in $config_file\n"; +} __END__ From c3352d6be65df4333e8eee7e07143135f7c61d30 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sun, 3 Apr 2016 15:06:52 +0100 Subject: [PATCH 189/399] Adds to footprint.sh MBEDTLS_NO_PLATFORM_ENTROPY For baremetal builds MBEDTLS_NO_PLATFORM_ENTROPY must now be set to avoid the build failing. Fixes #449. --- scripts/footprint.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 87d62dfc4..026e7a841 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -1,5 +1,23 @@ #!/bin/sh - +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# This script determines ROM size (or code size) for the standard mbed TLS +# configurations, when built for a Cortex M3/M4 target. +# +# Configurations included: +# default include/mbedtls/config.h +# yotta yotta/module/mbedtls/config.h +# thread configs/config-thread.h +# suite-b configs/config-suite-b.h +# psk configs/config-ccm-psk-tls1_2.h +# +# Usage: footprint.sh +# set -eu CONFIG_H='include/mbedtls/config.h' @@ -48,6 +66,7 @@ doit() scripts/config.pl unset MBEDTLS_NET_C || true scripts/config.pl unset MBEDTLS_TIMING_C || true scripts/config.pl unset MBEDTLS_FS_IO || true + scripts/config.pl --force set MBEDTLS_NO_PLATFORM_ENTROPY || true } >/dev/null 2>&1 CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld \ From 024ac945c1c15c65ee2b80941093f9d08b55b2b7 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 4 Apr 2016 13:49:10 +0100 Subject: [PATCH 190/399] Fixes formatting of spacing in config.pl --- scripts/config.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 291a54a9a..a6dcfe7d7 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -97,16 +97,16 @@ my $force_option = 0; my ($arg, $name, $value, $action); -while ( $arg = shift) { +while ($arg = shift) { # Check if the argument is an option - if ( $arg eq "-f" || $arg eq "--file" ) { + if ($arg eq "-f" || $arg eq "--file") { $config_file = shift; -f $config_file or die "No such file: $config_file\n"; } - elsif ( $arg eq "-o" || $arg eq "--force" ) { + elsif ($arg eq "-o" || $arg eq "--force") { $force_option = 1; } From 6eaf3659eaa276828c125b33b212cdf5ddd6695a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 10 Apr 2016 15:11:27 +0100 Subject: [PATCH 191/399] Fixes Travis post-mortem script dump following review Changes made: * Added copyright and project statement * Limited size of each file to dump to 1Mbyte * Changed name of script --- .travis.yml | 2 +- .../{travis-log.sh => travis-log-failure.sh} | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) rename tests/scripts/{travis-log.sh => travis-log-failure.sh} (70%) diff --git a/.travis.yml b/.travis.yml index 6aca79eaf..fa01e5a24 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,7 @@ script: - tests/scripts/curves.pl - tests/scripts/key-exchanges.pl after_failure: -- tests/scripts/travis-log.sh +- tests/scripts/travis-log-failure.sh env: global: secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k=" diff --git a/tests/scripts/travis-log.sh b/tests/scripts/travis-log-failure.sh similarity index 70% rename from tests/scripts/travis-log.sh rename to tests/scripts/travis-log-failure.sh index fead2c1b7..9866ca7da 100755 --- a/tests/scripts/travis-log.sh +++ b/tests/scripts/travis-log-failure.sh @@ -1,10 +1,18 @@ #!/bin/sh +# travis-log-failure.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2016, ARM Limited, All Rights Reserved +# +# Purpose +# # List the server and client logs on failed ssl-opt.sh and compat.sh tests. # This script is used to make the logs show up in the Travis test results. - +# # Some of the logs can be very long: this means usually a couple of megabytes -# but it can bee much more. For example, the client log of test 273 in ssl-opt.sh +# but it can be much more. For example, the client log of test 273 in ssl-opt.sh # is more than 630 Megabytes long. if [ -d include/mbedtls ]; then :; else @@ -13,13 +21,14 @@ if [ -d include/mbedtls ]; then :; else fi FILES="o-srv-*.log o-cli-*.log c-srv-*.log c-cli-*.log o-pxy-*.log" +MAX_LOG_SIZE=1048576 for PATTERN in $FILES; do for LOG in $( ls tests/$PATTERN 2>/dev/null ); do echo echo "****** BEGIN file: $LOG ******" echo - cat $LOG + tail -c $MAX_LOG_SIZE $LOG echo "****** END file: $LOG ******" echo rm $LOG From e6aef9fa70d6d57adba8bc9500b3904b5c02140f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 16 Mar 2016 16:39:41 +0000 Subject: [PATCH 192/399] Add tests to cover PKCS1 v1.5 signature functions. The reported memory leak should have been spotted by make memcheck But it wasn't. Keeping the tests for better coverage. --- tests/suites/test_suite_pkcs1_v15.data | 5 + tests/suites/test_suite_pkcs1_v15.function | 157 +++++++++++++++++++++ 2 files changed, 162 insertions(+) diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data index 9ab3e8c99..db7a4cd4b 100644 --- a/tests/suites/test_suite_pkcs1_v15.data +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -28,3 +28,8 @@ pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a RSAES-V15 Decryption Test Vector Padding too short 0 pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"a5a384ef64a6acb84293cecc8095232ae595b84c15ec26f35cf5fde88ae7a9aaa717bcb1ecc4de498da81db97425000770817b5dde5eed01ca3745ff5ab894d0fc0921e5a10b081490129d8ccbaa154ad3dd461397af8ec964ef99402d60a7591ee44b8ce1c16ef88fcb2717076c730d88223893bdd8000b23d87d38ab":"aafd12f659cae63489b479e5076ddec2f06cb58f":"72f98d12ddc230484179ec3022d11b3719222daaa0dc016fc3dbd6771a3f2c9fdd0560f86d616dd50ef1fa5b8c7e1fc40b5abf7b845d7795b3a6af02457b97f783360575cde7497bdf9c104650d4e9a8f4034406de1af95ace39bef2b9e979b74d9a2c0a741d8a21221d9afc98992776cad52d73151613dbc10da9bd8038751a":MBEDTLS_ERR_RSA_INVALID_PADDING +RSASSA-V15 Signing Test Vector Int +pkcs1_rsassa_v15_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0 + +RSASSA-V15 Verification Test Vector Int +pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0 diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 90460f1d3..ce8bf5892 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -108,3 +108,160 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, + char *input_Q, int radix_N, char *input_N, + int radix_E, char *input_E, int digest, int hash, + char *message_hex_string, char *salt, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char hash_result[1000]; + unsigned char output[1000]; + unsigned char output_str[1000]; + unsigned char rnd_buf[1000]; + mbedtls_rsa_context ctx; + mbedtls_mpi P1, Q1, H, G; + size_t msg_len; + rnd_buf_info info; + + info.length = unhexify( rnd_buf, salt ); + info.buf = rnd_buf; + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + + memset( message_str, 0x00, 1000 ); + memset( hash_result, 0x00, 1000 ); + memset( output, 0x00, 1000 ); + memset( output_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + + if( mbedtls_md_info_from_type( digest ) != NULL ) + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + if( result == 0 ) + { + hexify( output_str, output, ctx.len); + + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } + +exit: + mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E, + char *input_E, int digest, int hash, + char *message_hex_string, char *salt, + char *result_hex_str, int result ) +{ + unsigned char message_str[1000]; + unsigned char hash_result[1000]; + unsigned char result_str[1000]; + mbedtls_rsa_context ctx; + size_t msg_len; + ((void) salt); + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + memset( message_str, 0x00, 1000 ); + memset( hash_result, 0x00, 1000 ); + memset( result_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + unhexify( result_str, result_hex_str ); + + if( mbedtls_md_info_from_type( digest ) != NULL ) + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs1_rsassa_v15_verify_ext( int mod, + int radix_N, char *input_N, + int radix_E, char *input_E, + int msg_digest_id, int ctx_hash, + int mgf_hash, int salt_len, + char *message_hex_string, + char *result_hex_str, + int result_simple, + int result_full ) +{ + unsigned char message_str[1000]; + unsigned char hash_result[1000]; + unsigned char result_str[1000]; + mbedtls_rsa_context ctx; + size_t msg_len, hash_len; + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, ctx_hash ); + memset( message_str, 0x00, 1000 ); + memset( hash_result, 0x00, 1000 ); + memset( result_str, 0x00, 1000 ); + + ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + msg_len = unhexify( message_str, message_hex_string ); + unhexify( result_str, result_hex_str ); + + if( msg_digest_id != MBEDTLS_MD_NONE ) + { + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ), + message_str, msg_len, hash_result ) == 0 ); + hash_len = 0; + } + else + { + memcpy( hash_result, message_str, msg_len ); + hash_len = msg_len; + } + + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + msg_digest_id, hash_len, hash_result, + result_str ) == result_simple ); + + TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + msg_digest_id, hash_len, hash_result, + mgf_hash, salt_len, + result_str ) == result_full ); + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ From f713b0a6ce49b333d59fc2b30dffc6fd9f46a6fb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Mar 2016 15:21:39 +0000 Subject: [PATCH 193/399] Fix memory leaks in example programs. --- programs/pkey/rsa_decrypt.c | 6 +++--- programs/pkey/rsa_encrypt.c | 4 ++-- programs/pkey/rsa_sign.c | 5 +++-- programs/pkey/rsa_verify.c | 6 ++++-- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 94431e0ce..37227e8a5 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -69,6 +69,8 @@ int main( int argc, char *argv[] ) memset(result, 0, sizeof( result ) ); mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); ret = 1; if( argc != 1 ) @@ -85,7 +87,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -104,8 +105,6 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || @@ -171,6 +170,7 @@ int main( int argc, char *argv[] ) exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); + mbedtls_rsa_free( &rsa ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 796343f1b..033ca11b5 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -67,6 +67,7 @@ int main( int argc, char *argv[] ) unsigned char buf[512]; const char *pers = "rsa_encrypt"; + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); ret = 1; @@ -104,8 +105,6 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { @@ -160,6 +159,7 @@ int main( int argc, char *argv[] ) exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); + mbedtls_rsa_free( &rsa ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index e897c6519..27f356632 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -62,6 +62,7 @@ int main( int argc, char *argv[] ) unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); ret = 1; if( argc != 2 ) @@ -86,8 +87,6 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || @@ -157,6 +156,8 @@ int main( int argc, char *argv[] ) exit: + mbedtls_rsa_free( &rsa ); + #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index ade36dc83..a22b55521 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -61,7 +61,9 @@ int main( int argc, char *argv[] ) unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); ret = 1; + if( argc != 2 ) { mbedtls_printf( "usage: rsa_verify \n" ); @@ -83,8 +85,6 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { @@ -149,6 +149,8 @@ int main( int argc, char *argv[] ) exit: + mbedtls_rsa_free( &rsa ); + #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); From f8758b8bdcbb1da903f1fdd6eac8f98a9c978afa Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 12 Apr 2016 11:31:00 +0100 Subject: [PATCH 194/399] Adds test_suite_pkcs1_v15 to tests/Makefile --- tests/Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index c5172e4d6..58c404e5d 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -76,7 +76,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \ test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \ test_suite_memory_buffer_alloc$(EXEXT) \ test_suite_mpi$(EXEXT) \ - test_suite_pem$(EXEXT) \ + test_suite_pem$(EXEXT) test_suite_pkcs1_v15$(EXEXT) \ test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \ test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \ test_suite_pk$(EXEXT) \ @@ -376,6 +376,10 @@ test_suite_pem$(EXEXT): test_suite_pem.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test_suite_pkcs1_v15$(EXEXT): test_suite_pkcs1_v15.c $(DEP) + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + test_suite_pkcs1_v21$(EXEXT): test_suite_pkcs1_v21.c $(DEP) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 6b46c62d7782f578fdf933b1dcefec442fce8f30 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 12 Apr 2016 13:25:08 +0100 Subject: [PATCH 195/399] Fixes error and exit paths in rsa sample programs --- programs/pkey/rsa_decrypt.c | 69 +++++++++++++++++++++---------------- programs/pkey/rsa_encrypt.c | 52 +++++++++++++++++----------- 2 files changed, 72 insertions(+), 49 deletions(-) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 37227e8a5..5bfe332bd 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -30,6 +30,9 @@ #else #include #define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ @@ -39,8 +42,8 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" -#include #include + #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ @@ -57,7 +60,7 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret, c; + int return_val, exit_val, c; size_t i; mbedtls_rsa_context rsa; mbedtls_entropy_context entropy; @@ -68,10 +71,7 @@ int main( int argc, char *argv[] ) ((void) argv); memset(result, 0, sizeof( result ) ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - ret = 1; + exit_val = MBEDTLS_EXIT_SUCCESS; if( argc != 1 ) { @@ -81,17 +81,23 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n" ); #endif - goto exit; + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + + return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ); + if( return_val != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", + return_val ); goto exit; } @@ -100,21 +106,24 @@ int main( int argc, char *argv[] ) if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) { + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; } - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + if( ( return_val = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + return_val ); goto exit; } @@ -125,10 +134,9 @@ int main( int argc, char *argv[] ) /* * Extract the RSA encrypted value from the text file */ - ret = 1; - if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) { + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); goto exit; } @@ -143,6 +151,7 @@ int main( int argc, char *argv[] ) if( i != rsa.len ) { + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); goto exit; } @@ -153,11 +162,14 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Decrypting the encrypted data" ); fflush( stdout ); - if( ( ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, - MBEDTLS_RSA_PRIVATE, &i, buf, result, - 1024 ) ) != 0 ) + return_val = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i, + buf, result, 1024 ); + if( return_val != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", + return_val ); goto exit; } @@ -165,8 +177,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( "The decrypted result is: '%s'\n\n", result ); - ret = 0; - exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); @@ -177,6 +187,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + return( exit_val ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ + diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 033ca11b5..9619baa66 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -31,6 +31,9 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ @@ -40,7 +43,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" -#include #include #endif @@ -58,7 +60,7 @@ int main( void ) int main( int argc, char *argv[] ) { FILE *f; - int ret; + int return_val, exit_val; size_t i; mbedtls_rsa_context rsa; mbedtls_entropy_context entropy; @@ -67,9 +69,7 @@ int main( int argc, char *argv[] ) unsigned char buf[512]; const char *pers = "rsa_encrypt"; - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - ret = 1; + exit_val = MBEDTLS_EXIT_SUCCESS; if( argc != 2 ) { @@ -79,18 +79,24 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n" ); #endif - goto exit; + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + + return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ); + if( return_val != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", + return_val ); goto exit; } @@ -99,16 +105,18 @@ int main( int argc, char *argv[] ) if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) { - ret = 1; + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; } - if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + if( ( return_val = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + return_val ); goto exit; } @@ -118,6 +126,7 @@ int main( int argc, char *argv[] ) if( strlen( argv[1] ) > 100 ) { + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " Input data larger than 100 characters.\n\n" ); goto exit; } @@ -130,11 +139,14 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Generating the RSA encrypted value" ); fflush( stdout ); - if( ( ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, - MBEDTLS_RSA_PUBLIC, strlen( argv[1] ), - input, buf ) ) != 0 ) + return_val = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg, MBEDTLS_RSA_PUBLIC, + strlen( argv[1] ), input, buf ); + if( return_val != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", ret ); + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", + return_val ); goto exit; } @@ -143,7 +155,7 @@ int main( int argc, char *argv[] ) */ if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) { - ret = 1; + exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" ); goto exit; } @@ -166,7 +178,7 @@ exit: fflush( stdout ); getchar(); #endif - return( ret ); + return( exit_val ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ From 2cc69fffcf431085f18f4e59c3c5188297f97b87 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:44:29 +0100 Subject: [PATCH 196/399] Shut up a clang-analyzer warning The function appears to be safe, since grow() is called with sensible arguments in previous functions. Ideally Clang would be clever enough to realise this. Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will cause the grow to fail, the affected lines in montmul won't be reached. Having this sanity check can hardly hurt though. --- library/bignum.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 7841bea43..81af57d5a 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1542,12 +1542,15 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) /* * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) */ -static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, +static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { size_t i, n, m; mbedtls_mpi_uint u0, u1, *d; + if( T->n < N->n + 1 || T->p == NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + memset( T->p, 0, T->n * ciL ); d = T->p; @@ -1575,12 +1578,14 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi else /* prevent timing attacks */ mpi_sub_hlp( n, A->p, T->p ); + + return( 0 ); } /* * Montgomery reduction: A = A * R^-1 mod N */ -static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; @@ -1588,7 +1593,7 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint U.n = U.s = (int) z; U.p = &z; - mpi_montmul( A, &U, N, mm, T ); + return( mpi_montmul( A, &U, N, mm, T ) ); } /* @@ -1665,13 +1670,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi else MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); - mpi_montmul( &W[1], &RR, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) ); /* * X = R^2 * R^-1 mod N = R mod N */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - mpi_montred( X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); if( wsize > 1 ) { @@ -1684,7 +1689,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); for( i = 0; i < wsize - 1; i++ ) - mpi_montmul( &W[j], &W[j], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) ); /* * W[i] = W[i - 1] * W[1] @@ -1694,7 +1699,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); - mpi_montmul( &W[i], &W[1], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) ); } } @@ -1731,7 +1736,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi /* * out of window, square X */ - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); continue; } @@ -1749,12 +1754,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi * X = X^wsize R^-1 mod N */ for( i = 0; i < wsize; i++ ) - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); /* * X = X * W[wbits] R^-1 mod N */ - mpi_montmul( X, &W[wbits], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) ); state--; nbits = 0; @@ -1767,18 +1772,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi */ for( i = 0; i < nbits; i++ ) { - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); wbits <<= 1; if( ( wbits & ( one << wsize ) ) != 0 ) - mpi_montmul( X, &W[1], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) ); } /* * X = A^E * R * R^-1 mod N = A^E mod N */ - mpi_montred( X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); if( neg ) { From 409401c044da02c84cb3ec5f4edb01d79a1f16a7 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:48:25 +0100 Subject: [PATCH 197/399] Shut up a few clang-analyze warnings about use of uninitialized variables The functions are all safe, Clang just isn't clever enough to realise it. --- library/pkcs12.c | 2 +- library/rsa.c | 19 +++++++++++++++++-- programs/hash/generic_sum.c | 2 +- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/library/pkcs12.c b/library/pkcs12.c index 7023b9dbc..c603a1357 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -93,7 +93,7 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen ) { - int ret, iterations; + int ret, iterations = 0; mbedtls_asn1_buf salt; size_t i; unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2]; diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..60559e2ac 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -797,7 +797,12 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int ret; size_t ilen, pad_count = 0, i; unsigned char *p, bad, pad_done = 0; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1175,13 +1180,18 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int ret; size_t siglen; unsigned char *p; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char result[MBEDTLS_MD_MAX_SIZE]; unsigned char zeros[8]; unsigned int hlen; size_t slen, msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1320,10 +1330,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int ret; size_t len, siglen, asn1_len; unsigned char *p, *end; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; mbedtls_md_type_t msg_md_alg; const mbedtls_md_info_t *md_info; mbedtls_asn1_buf oid; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index f071d311e..7805a79bc 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -83,7 +83,7 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename ) int nb_err1, nb_err2; int nb_tot1, nb_tot2; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1], line[1024]; + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }, line[1024]; char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) From 1ef918ddca9bae8ad857a19989acaeb581edf4bb Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 13 Apr 2016 11:56:27 +0100 Subject: [PATCH 198/399] Add missing stdlib.h header to rsa sample programs --- programs/pkey/rsa_decrypt.c | 1 + programs/pkey/rsa_encrypt.c | 1 + 2 files changed, 2 insertions(+) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 5bfe332bd..57c672094 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 9619baa66..e78e27309 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -29,6 +29,7 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_exit exit From daf534dcf921895604c2a73a767d7ce9a6de1906 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:50:33 +0100 Subject: [PATCH 199/399] Remove a dead store to silence clang-analyze --- library/ssl_cli.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 52ddf9a92..d1ef7dd35 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -265,7 +265,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); #else for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { From 5d5e421d089bf02488f5a0f06ae3a727ff9aadd7 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:51:05 +0100 Subject: [PATCH 200/399] Refactor slightly to silence a clang-analyze warning Since the buffer is used in a few places, it seems Clang isn't clever enough to realise that the first byte is never touched. So, even though the function has a correct null check for ssl->handshake, Clang complains. Pulling the handshake type out into its own variable is enough for Clang's analysis to kick in though. --- library/ssl_tls.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1c44b7ddb..2e41bcad2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2708,7 +2708,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) { - int ret, done = 0; + int ret, done = 0, out_msg_type; size_t len = ssl->out_msglen; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); @@ -2724,7 +2724,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) #endif if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST && + out_msg_type = ssl->out_msg[0]; + + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST && ssl->handshake == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -2751,7 +2753,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) len += 8; /* Write message_seq and update it, except for HelloRequest */ - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ) + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) { ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; @@ -2769,7 +2771,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ) + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); } From 42d47f0fb5414bc5cb07e0353303a6d81297dda3 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:53:27 +0100 Subject: [PATCH 201/399] Silence a clang-analyze warning The check is already effectively performed later in the function, but implicitly, so Clang's analysis fail to notice the functions are in fact safe. Pulling the check up to the top helps Clang to verify the behaviour. --- library/x509_csr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/x509_csr.c b/library/x509_csr.c index f8c45f8d2..603d06b64 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -104,7 +104,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * Check for valid input */ - if( csr == NULL || buf == NULL ) + if( csr == NULL || buf == NULL || buflen == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); mbedtls_x509_csr_init( csr ); @@ -274,14 +274,14 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz /* * Check for valid input */ - if( csr == NULL || buf == NULL ) + if( csr == NULL || buf == NULL || buflen == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( buflen == 0 || buf[buflen - 1] != '\0' ) + if( buf[buflen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, From 0914ac47d2fbf10e951a2f8cc50589cdbeda3061 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 13 Apr 2016 14:49:25 +0100 Subject: [PATCH 202/399] Add missing config dependencies to PKCS1 V15 tests --- tests/suites/test_suite_pkcs1_v15.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index ce8bf5892..77ab51389 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -209,7 +209,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15 MBEDTLS_PKCS1_V21 */ void pkcs1_rsassa_v15_verify_ext( int mod, int radix_N, char *input_N, int radix_E, char *input_E, From 0e4d9afa61cd33f4757abf60f834ba596dfc46a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Aug 2015 13:33:14 +0200 Subject: [PATCH 203/399] Use Freescale's RNGA on the K64F --- yotta/data/entropy_hardware_poll.c | 69 ++++++++++++++++++++---------- yotta/data/target_config.h | 6 +-- 2 files changed, 49 insertions(+), 26 deletions(-) diff --git a/yotta/data/entropy_hardware_poll.c b/yotta/data/entropy_hardware_poll.c index 192430257..3a61e22ae 100644 --- a/yotta/data/entropy_hardware_poll.c +++ b/yotta/data/entropy_hardware_poll.c @@ -1,5 +1,5 @@ /* - * Temporary "entropy" collector for Cortex-M4 + * Hardware entropy collector for the K64F, using Freescale's RNGA * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -20,46 +20,69 @@ */ /* - * WARNING: this is a temporary hack! - * 1. Currently does not provide strong entropy, should be replaced to use the - * on-board hardware RNG (see IOTSSL-303) - * 2. This should be in a separete yotta module which would be a target + * WARNING: this is temporary! + * This should be in a separate yotta module which would be a target * dependency of mbedtls (see IOTSSL-313) */ -#if defined(TARGET_LIKE_CORTEX_M4) +#if defined(TARGET_LIKE_K64F) -#include "MK64F12.h" -#include "core_cm4.h" -#include +/* + * Reference: "K64 Sub-Family Reference Manual, Rev. 2", chapter 34 + */ -unsigned long hardclock( void ) +#include "fsl_clock_manager.h" + +/* + * Get one byte of entropy from the RNG, assuming it is up and running. + * As recommended (34.1.1), get only one bit of each output. + */ +static void rng_get_byte( unsigned char *byte ) { - static int dwt_started = 0; + size_t bit; - if( dwt_started == 0 ) + /* 34.5 Steps 3-4-5: poll SR and read from OR when ready */ + for( bit = 0; bit < 8; bit++ ) { - CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk; - DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk; + while( ( RNG->SR & RNG_SR_OREG_LVL_MASK ) == 0 ); + *byte |= ( RNG->OR & 1 ) << bit; } - - return( DWT->CYCCNT ); } +/* + * Get len bytes of entropy from the hardware RNG. + */ int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen ) { - unsigned long timer = hardclock(); + size_t i; + int ret; ((void) data); - *olen = 0; - if( len < sizeof(unsigned long) ) - return( 0 ); + CLOCK_SYS_EnableRngaClock( 0 ); - memcpy( output, &timer, sizeof(unsigned long) ); - *olen = sizeof(unsigned long); + /* Set "Interrupt Mask", "High Assurance" and "Go", + * unset "Clear interrupt" and "Sleep" */ + RNG->CR = RNG_CR_INTM_MASK | RNG_CR_HA_MASK | RNG_CR_GO_MASK; - return( 0 ); + for( i = 0; i < len; i++ ) + rng_get_byte( output + i ); + + /* Just be extra sure that we didn't do it wrong */ + if( ( RNG->SR & RNG_SR_SECV_MASK ) != 0 ) + { + ret = -1; + goto cleanup; + } + + *olen = len; + ret = 0; + +cleanup: + /* Disable clock to save power - assume we're the only users of RNG */ + CLOCK_SYS_DisableRngaClock( 0 ); + + return( ret ); } #endif diff --git a/yotta/data/target_config.h b/yotta/data/target_config.h index df1a208b3..f350ce3ec 100644 --- a/yotta/data/target_config.h +++ b/yotta/data/target_config.h @@ -26,10 +26,10 @@ #endif /* - * WARNING: this is a temporary hack! - * 2. This should be in a separete yotta module which would be a target + * WARNING: this is temporary! + * This should be in a separate yotta module which would be a target * dependency of mbedtls (see IOTSSL-313) */ -#if defined(TARGET_LIKE_CORTEX_M4) +#if defined(TARGET_LIKE_K64F) #define MBEDTLS_ENTROPY_HARDWARE_ALT #endif From 10c575be3ee5d332923a888cf261b650e590eb32 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 23 Feb 2016 14:42:48 +0000 Subject: [PATCH 204/399] Fix odd bitlength RSA key generation Fix issue that caused a hang up when generating RSA keys of odd bitlength. --- ChangeLog | 1 + library/rsa.c | 14 ++++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 007f60418..9bf0b1549 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,7 @@ Bugfix in the trusted certificate list. * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. + * Fix issue that caused a hang up when generating RSA keys of odd bitlength Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/rsa.c b/library/rsa.c index fba68ddfc..19abc7f82 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -102,7 +102,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); + mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); /* * find primes P and Q with Q < P so that: @@ -112,14 +113,15 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, do { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0, + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0, + if( nbits % 2 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, + f_rng, p_rng ) ); + else + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - - if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) - mbedtls_mpi_swap( &ctx->P, &ctx->Q ); if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; From 3f5c875654f76cc1eff45bd953cf99a947aa7ac3 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 15 Apr 2016 19:06:59 +0100 Subject: [PATCH 205/399] Adds test for odd bit length RSA key size Also tidy up ChangeLog following review. --- ChangeLog | 2 +- library/rsa.c | 4 ++++ tests/suites/test_suite_rsa.data | 10 ++++++++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bf0b1549..1dba929dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,7 +16,7 @@ Bugfix in the trusted certificate list. * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. - * Fix issue that caused a hang up when generating RSA keys of odd bitlength + * Fix issue that caused a hang when generating RSA keys of odd bitlength Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/rsa.c b/library/rsa.c index 19abc7f82..9fc80cdc6 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -117,11 +117,15 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, f_rng, p_rng ) ); if( nbits % 2 ) + { MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, f_rng, p_rng ) ); + } else + { MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); + } if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index c43d6ae51..d522332a2 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -345,7 +345,7 @@ mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d0419 RSA Public (Data larger than N) mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA -RSA Generate Key +RSA Generate Key - 128bit key mbedtls_rsa_gen_key:128:3:0 RSA Generate Key (Number of bits too small) @@ -354,9 +354,15 @@ mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key (Exponent too small) mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSA Generate Key +RSA Generate Key - 1024 bit key mbedtls_rsa_gen_key:1024:3:0 +RSA Generate Key - 2048 bit key +mbedtls_rsa_gen_key:2048:3:0 + +RSA Generate Key - 1025 bit key +mbedtls_rsa_gen_key:1025:3:0 + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED From 2e23c8275367d57b0729724e124dc4cade2f6fd3 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sat, 16 Apr 2016 21:54:39 +0100 Subject: [PATCH 206/399] Adds check to avoid overwriting files Adds check to avoid accidental overwriting of config.h or the yotta module, as well as a force option to override any changes. --- tests/scripts/all.sh | 87 ++++++++++++++++++++++++++++++++------------ 1 file changed, 64 insertions(+), 23 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1cc82562c..5ecf868b3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2,20 +2,24 @@ # all.sh # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2014-2016, ARM Limited, All Rights Reserved # # Purpose # -# Run all available tests (mostly). +# To run all tests possible or available on the platform. # -# Warning: includes various build modes, so it will mess with the current -# CMake configuration. After this script is run, the CMake cache is lost and -# CMake is not initialised any more! +# Warning: the test is destructive. It includes various build modes and +# configurations, and can and will arbitrarily change the current CMake +# configuration. After this script has been run, the CMake cache will be lost +# and CMake will no longer be initialised. # -# Assumes gcc and clang (recent enough for using ASan with gcc and MemSan with -# clang, or valgrind) are available, as well as cmake and a "good" find. +# The script assumes the presence of gcc and clang (recent enough for using +# ASan with gcc and MemSan with clang, or valgrind) are available, as well as +# cmake and a "good" find. -# Abort on errors (and uninitiliased variables) +# Abort on errors (and uninitialised variables) set -eu if [ -d library -a -d include -a -d tests ]; then :; else @@ -28,23 +32,16 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 SHORT=0 +FORCE=0 -while [ $# -gt 0 ]; do - case "$1" in - -m*) - MEMORY=${1#-m} - ;; - -s) - SHORT=1 - ;; - *) - echo "Unknown argument: '$1'" >&2 - echo "Use the source, Luke!" >&2 - exit 1 - ;; - esac - shift -done +usage() +{ + echo "Usage: $0" + echo -e " -h|--help\t\tPrint this help." + echo -e " -m|--memory\t\tAdditional optional memory tests." + echo -e " -s|--short\t\tSubset of tests." + echo -e " -f|--force\t\tForce the tests to overwrite any modified files." +} # remove built files as well as the cmake cache/config cleanup() @@ -72,6 +69,50 @@ msg() echo "******************************************************************" } +while [ $# -gt 0 ]; do + case "$1" in + --memory|-m*) + MEMORY=${1#-m} + ;; + --short|-s) + SHORT=1 + ;; + --force|-f) + FORCE=1 + ;; + --help|-h|*) + usage() + exit 1 + ;; + esac + shift +done + +if [ $FORCE -eq 1 ]; then + rm -rf yotta/module + git checkout-index -f -q $CONFIG_H + cleanup +else + + if [ -d yotta/module ]; then + echo "Warning - there is an existing yotta module in the directory 'yotta/module'" >&2 + echo "You can either delete your work and retry, or force the test to overwrite the" + echo "test by rerunning the script as: $0 --force" + exit 1 + fi + + if ! git diff-files --quiet include/mbedtls/config.h; then + echo $? + echo "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " >&2 + echo "You can either delete or preserve your work, or force the test by rerunning the" + echo "script as: $0 --force" + exit 1 + fi +fi + +# +# Test Suites to be executed +# # The test ordering tries to optimize for the following criteria: # 1. Catch possible problems early, by running first tests that run quickly # and/or are more likely to fail than others (eg I use Clang most of the From 098a3b5025c4755e6b97a83c9af7a86bc8c6f2e1 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sat, 16 Apr 2016 21:56:59 +0100 Subject: [PATCH 207/399] Makes basic-build-test.sh test the full config Previously the test worked on the default configuration which missed deprecated or legacy features. This change tests the full configuration and all available tests. --- tests/scripts/basic-build-test.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index ffca6f94f..d13a8e4ed 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -37,7 +37,9 @@ fi # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' -make clean; make +make clean +scripts/config.pl full +make # Step 2 - Execute the tests From 8ca7bc42d028c8410ee67012f66ac1a04c220416 Mon Sep 17 00:00:00 2001 From: SimonB Date: Sun, 17 Apr 2016 23:24:50 +0100 Subject: [PATCH 208/399] Adds verbose mode to the test suites Added a verbose option to the generated test suites which can list the dependencies not met for skipped test cases. Also clarifies internal interfaces between the main_test.function and test code, and fixed a bug on calculating available tests in run-test-suites.pl. --- tests/scripts/generate_code.pl | 20 +++--- tests/scripts/run-test-suites.pl | 5 +- tests/suites/helpers.function | 19 ++++- tests/suites/main_test.function | 120 +++++++++++++++++++++++++------ 4 files changed, 131 insertions(+), 33 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 5c623f8a7..5892f7ba3 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -2,6 +2,8 @@ # generate_code.pl # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2009-2016, ARM Limited, All Rights Reserved # # Purpose @@ -202,7 +204,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// if( substr($def, 0, 4) eq "int " ) { $param_defs .= " int param$i;\n"; - $param_checks .= " if( verify_int( params[$i], ¶m$i ) != 0 ) return( 2 );\n"; + $param_checks .= " if( verify_int( params[$i], ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n"; push @dispatch_params, "param$i"; $mapping_regex .= ":([\\d\\w |\\+\\-\\(\\)]+)"; @@ -211,7 +213,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// elsif( substr($def, 0, 6) eq "char *" ) { $param_defs .= " char *param$i = params[$i];\n"; - $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( 2 );\n"; + $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n"; push @dispatch_params, "param$i"; $mapping_regex .= ":[^:\n]+"; } @@ -248,14 +250,14 @@ $param_defs if( cnt != $param_count ) { mbedtls_fprintf( stderr, "\\nIncorrect argument count (%d != %d)\\n", cnt, $param_count ); - return( 2 ); + return( DISPATCH_INVALID_TEST_DATA ); } $param_checks test_suite_$function_name( $call_params ); - return ( 0 ); + return ( DISPATCH_TEST_SUCCESS ); $function_post_code - return ( 3 ); + return ( DISPATCH_UNSUPPORTED_SUITE ); } else END @@ -283,9 +285,9 @@ while( my ($key, $value) = each(%case_deps) ) if( strcmp( str, "$key" ) == 0 ) { #if defined($key) - return( 0 ); + return( DEPENDENCY_SUPPORTED ); #else - return( 1 ); + return( DEPENDENCY_NOT_SUPPORTED ); #endif } END @@ -298,7 +300,7 @@ while( my ($key, $value) = each(%mapping_values) ) if( strcmp( str, "$key" ) == 0 ) { *value = ( $key ); - return( 0 ); + return( KEY_VALUE_MAPPING_FOUND ); } END @@ -315,7 +317,7 @@ END $dispatch_code =~ s/^(.+)/ $1/mg; -$test_main =~ s/TEST_FILENAME/$test_case_data/; +$test_main =~ s/TEST_FILENAME/$test_case_data/g; $test_main =~ s/FUNCTION_CODE//; $test_main =~ s/DEP_CHECK_CODE/$dep_check_code/; $test_main =~ s/DISPATCH_FUNCTION/$dispatch_code/; diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index fb77e1571..58f827c14 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -2,6 +2,8 @@ # run-test-suites.pl # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2015-2016, ARM Limited, All Rights Reserved # # Purpose @@ -66,7 +68,8 @@ for my $suite (@suites) print "(test cases passed:", $suite_cases_passed, " failed:", $suite_cases_failed, " skipped:", $suite_cases_skipped, - " of total:", ( $suite_cases_passed + $suite_cases_failed ), + " of total:", ($suite_cases_passed + $suite_cases_failed + + $suite_cases_skipped), ")\n" } diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index c18eed895..2eff043fd 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -32,9 +32,18 @@ typedef UINT32 uint32_t; /*----------------------------------------------------------------------------*/ -/* Global variables */ +/* Constants */ -static int test_errors = 0; +#define DEPENDENCY_SUPPORTED 0 +#define DEPENDENCY_NOT_SUPPORTED 1 + +#define KEY_VALUE_MAPPING_FOUND 0 +#define KEY_VALUE_MAPPING_NOT_FOUND -1 + +#define DISPATCH_TEST_SUCCESS 0 +#define DISPATCH_TEST_FN_NOT_FOUND 1 +#define DISPATCH_INVALID_TEST_DATA 2 +#define DISPATCH_UNSUPPORTED_SUITE 3 /*----------------------------------------------------------------------------*/ @@ -80,6 +89,12 @@ static int test_errors = 0; #endif +/*----------------------------------------------------------------------------*/ +/* Global variables */ + +static int test_errors = 0; + + /*----------------------------------------------------------------------------*/ /* Helper Functions */ diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 7ec69b45d..525df5b24 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -60,7 +60,7 @@ int verify_int( char *str, int *value ) MAPPING_CODE mbedtls_printf( "Expected integer for parameter and got: %s\n", str ); - return( -1 ); + return( KEY_VALUE_MAPPING_NOT_FOUND ); } @@ -81,7 +81,7 @@ int dep_check( char *str ) DEP_CHECK_CODE - return( 1 ); + return( DEPENDENCY_NOT_SUPPORTED ); } int dispatch_test(int cnt, char *params[50]) @@ -91,14 +91,18 @@ int dispatch_test(int cnt, char *params[50]) ((void) params); #if defined(TEST_SUITE_ACTIVE) + ret = DISPATCH_TEST_SUCCESS; + DISPATCH_FUNCTION { - mbedtls_fprintf( stdout, "FAILED\nSkipping unknown test function '%s'\n", params[0] ); + mbedtls_fprintf( stdout, + "FAILED\nSkipping unknown test function '%s'\n", + params[0] ); fflush( stdout ); - return( 1 ); + ret = DISPATCH_TEST_FN_NOT_FOUND; } #else - return( 3 ); + ret = DISPATCH_UNSUPPORTED_SUITE; #endif return( ret ); } @@ -107,6 +111,19 @@ DISPATCH_FUNCTION /*----------------------------------------------------------------------------*/ /* Main Test code */ +#define USAGE \ + "Usage: %s [OPTIONS] files...\n\n" \ + " Command line arguments:\n" \ + " files... One or more test data file. If no file is specified\n" \ + " the followimg default test case is used:\n" \ + " %s\n\n" \ + " Options:\n" \ + " -v | --verbose Display full information about each test\n" \ + " -h | --help Display this information\n\n", \ + argv[0], \ + "TEST_FILENAME" + + int get_line( FILE *f, char *buf, size_t len ) { char *ret; @@ -216,11 +233,18 @@ static int run_test_snprintf( void ) int main(int argc, const char *argv[]) { - int testfile_index, testfile_count, ret, i, cnt; - int total_errors = 0, total_tests = 0, total_skipped = 0; + /* Local Configurations and options */ const char *default_filename = "TEST_FILENAME"; const char *test_filename = NULL; const char **test_files = NULL; + int testfile_count = 0; + int option_verbose = 0; + + /* Other Local variables */ + int arg_index = 1; + const char *next_arg; + int testfile_index, ret, i, cnt; + int total_errors = 0, total_tests = 0, total_skipped = 0; FILE *file; char buf[5000]; char *params[50]; @@ -253,17 +277,41 @@ int main(int argc, const char *argv[]) return( 0 ); } - if ( argc <= 1 ) + while( arg_index < argc) + { + next_arg = argv[ arg_index ]; + + if( strcmp(next_arg, "--verbose" ) == 0 || + strcmp(next_arg, "-v" ) == 0 ) + { + option_verbose = 1; + } + else if( strcmp(next_arg, "--help" ) == 0 || + strcmp(next_arg, "-h" ) == 0 ) + { + mbedtls_fprintf( stdout, USAGE ); + mbedtls_exit( EXIT_SUCCESS ); + } + else + { + /* Not an option, therefore treat all further arguments as the file + * list. + */ + test_files = &argv[ arg_index ]; + testfile_count = argc - arg_index; + } + + arg_index++; + } + + /* If no files were specified, assume a default */ + if ( test_files == NULL || testfile_count == 0 ) { test_files = &default_filename; testfile_count = 1; } - else - { - test_files = &argv[1]; - testfile_count = argc - 1; - } + /* Now begin to execute the tests in the testfiles */ for ( testfile_index = 0; testfile_index < testfile_count; testfile_index++ ) @@ -280,7 +328,8 @@ int main(int argc, const char *argv[]) while( !feof( file ) ) { - int skip = 0; + int unmet_dep_count = 0; + char *unmet_dependencies[20]; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; @@ -300,32 +349,61 @@ int main(int argc, const char *argv[]) if( strcmp( params[0], "depends_on" ) == 0 ) { for( i = 1; i < cnt; i++ ) - if( dep_check( params[i] ) != 0 ) - skip = 1; + { + if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) + { + unmet_dependencies[ i-1 ] = strdup(params[i]); + if( unmet_dependencies[ i-1 ] == NULL ) + { + mbedtls_printf("FATAL: Out of memory\n"); + mbedtls_exit( MBEDTLS_PLATFORM_STD_EXIT_FAILURE ); + } + unmet_dep_count++; + } + } if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; cnt = parse_arguments( buf, strlen(buf), params ); } - - if( skip == 0 ) + + // If there are no unmet dependencies execute the test + if( unmet_dep_count == 0 ) { test_errors = 0; ret = dispatch_test( cnt, params ); } - if( skip == 1 || ret == 3 ) + if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) { total_skipped++; mbedtls_fprintf( stdout, "----\n" ); + + if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE ) + { + mbedtls_fprintf( stdout, " Test Suite not enabled" ); + } + + if( 1 == option_verbose && unmet_dep_count > 0 ) + { + mbedtls_fprintf( stdout, " Unmet dependencies: " ); + while( unmet_dep_count > 0) + { + mbedtls_fprintf(stdout, "%s ", + unmet_dependencies[unmet_dep_count - 1]); + free(unmet_dependencies[unmet_dep_count - 1]); + unmet_dep_count--; + } + mbedtls_fprintf( stdout, "\n" ); + } fflush( stdout ); } - else if( ret == 0 && test_errors == 0 ) + else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) { mbedtls_fprintf( stdout, "PASS\n" ); fflush( stdout ); } - else if( ret == 2 ) + else if( ret == DISPATCH_INVALID_TEST_DATA ) { mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); fclose(file); From 0c539447c1d53c82bc0e931d6a37fda46e80cc93 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 18 Apr 2016 09:59:16 +0100 Subject: [PATCH 209/399] Fixes no return value warning in selftest.c --- programs/test/selftest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 6ca07bba2..e57a78e5a 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -397,6 +397,6 @@ int main( int argc, char *argv[] ) if( suites_failed > 0) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); - mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); + return( MBEDTLS_EXIT_SUCCESS ); } From f5e254a9ff0fa6df9719a3659ff75d5ff42afe6a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 15 Apr 2016 15:54:30 +0100 Subject: [PATCH 210/399] Remove unused code from PKCS1v15 test suite --- tests/suites/test_suite_pkcs1_v15.function | 57 ---------------------- 1 file changed, 57 deletions(-) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 77ab51389..09fe05bb3 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -208,60 +208,3 @@ exit: mbedtls_rsa_free( &ctx ); } /* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15 MBEDTLS_PKCS1_V21 */ -void pkcs1_rsassa_v15_verify_ext( int mod, - int radix_N, char *input_N, - int radix_E, char *input_E, - int msg_digest_id, int ctx_hash, - int mgf_hash, int salt_len, - char *message_hex_string, - char *result_hex_str, - int result_simple, - int result_full ) -{ - unsigned char message_str[1000]; - unsigned char hash_result[1000]; - unsigned char result_str[1000]; - mbedtls_rsa_context ctx; - size_t msg_len, hash_len; - - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, ctx_hash ); - memset( message_str, 0x00, 1000 ); - memset( hash_result, 0x00, 1000 ); - memset( result_str, 0x00, 1000 ); - - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - - msg_len = unhexify( message_str, message_hex_string ); - unhexify( result_str, result_hex_str ); - - if( msg_digest_id != MBEDTLS_MD_NONE ) - { - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ), - message_str, msg_len, hash_result ) == 0 ); - hash_len = 0; - } - else - { - memcpy( hash_result, message_str, msg_len ); - hash_len = msg_len; - } - - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - result_str ) == result_simple ); - - TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - mgf_hash, salt_len, - result_str ) == result_full ); - -exit: - mbedtls_rsa_free( &ctx ); -} -/* END_CASE */ From 1ed9f99ef34493f6a7f3a11e813c4a223d1b26b7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Mar 2016 11:45:44 +0000 Subject: [PATCH 211/399] Fix null pointer dereference in the RSA module. Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt --- ChangeLog | 2 ++ library/rsa.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1dba929dd..ea55df8e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Bugfix * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. * Fix issue that caused a hang when generating RSA keys of odd bitlength + * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer + dereference possible. Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/rsa.c b/library/rsa.c index 9fc80cdc6..18fc70212 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -596,7 +596,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - if( f_rng == NULL ) + // We don't check p_rng because it won't be dereferenced here + if( f_rng == NULL || input == NULL || output == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; From 55abc215219ace39bc9c882a50ecd933bfc46663 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 18 Apr 2016 18:18:48 +0100 Subject: [PATCH 212/399] Fix ci break in builds without platform.h --- tests/suites/helpers.function | 2 ++ tests/suites/main_test.function | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2eff043fd..6d4438de5 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -13,6 +13,8 @@ #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_snprintf snprintf +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 525df5b24..c2e3f6b07 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -356,7 +356,7 @@ int main(int argc, const char *argv[]) if( unmet_dependencies[ i-1 ] == NULL ) { mbedtls_printf("FATAL: Out of memory\n"); - mbedtls_exit( MBEDTLS_PLATFORM_STD_EXIT_FAILURE ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } unmet_dep_count++; } From 8a3170571e886718699776777ab7fbb44320d4f1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 21 Apr 2016 23:37:09 +0100 Subject: [PATCH 213/399] Fix bug in ssl_write_supported_elliptic_curves_ext Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a crash later in ssl_write_supported_elliptic_curves_ext. #373 --- ChangeLog | 2 ++ library/ssl_cli.c | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ea55df8e1..bee652cf9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,8 @@ Bugfix * Fix issue that caused a hang when generating RSA keys of odd bitlength * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer dereference possible. + * Fix issue that caused a crash if invalid curves were passed to + mbedtls_ssl_conf_curves. #373 Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 52ddf9a92..7f5b94eb2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -270,6 +270,12 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { #endif + if( info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); + return; + } + elliptic_curve_len += 2; } @@ -289,7 +295,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { #endif - elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } From 35d48cb338120065d0b771f520fc4f11d58d3fdd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 22 Apr 2016 14:45:00 +0100 Subject: [PATCH 214/399] Fix missing cleanup in all.sh --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5ecf868b3..c3b708f03 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -191,6 +191,7 @@ tests/ssl-opt.sh msg "build: cmake, full config, clang" # ~ 50s cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check . From 3d53f416389103fc2c1d507906a4f6c04c19a247 Mon Sep 17 00:00:00 2001 From: Alexey Skalozub Date: Wed, 13 Jan 2016 16:53:40 +0200 Subject: [PATCH 215/399] Faster mbedtls_zeroize for MPI Writes in `sizeof(mbedtls_mpi_uint)` units perform faster than plain chars, also eliminates multiplication by `ciL` --- library/bignum.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 7841bea43..07e099afb 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -59,8 +59,8 @@ #endif /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; +static void mbedtls_zeroize( mbedtls_mpi_uint *v, size_t n ) { + volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; } #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ @@ -99,7 +99,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X ) if( X->p != NULL ) { - mbedtls_zeroize( X->p, X->n * ciL ); + mbedtls_zeroize( X->p, X->n ); mbedtls_free( X->p ); } @@ -126,7 +126,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) if( X->p != NULL ) { memcpy( p, X->p, X->n * ciL ); - mbedtls_zeroize( X->p, X->n * ciL ); + mbedtls_zeroize( X->p, X->n ); mbedtls_free( X->p ); } @@ -164,7 +164,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) if( X->p != NULL ) { memcpy( p, X->p, i * ciL ); - mbedtls_zeroize( X->p, X->n * ciL ); + mbedtls_zeroize( X->p, X->n ); mbedtls_free( X->p ); } From e17a8da17e3927603ecffa265f7279f429d17932 Mon Sep 17 00:00:00 2001 From: Alexey Skalozub Date: Wed, 13 Jan 2016 17:19:33 +0200 Subject: [PATCH 216/399] Rename MPI zeroize function to mbedtls_mpi_zeroize Avoid naming confusion --- library/bignum.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 07e099afb..d6f415c6f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -59,7 +59,7 @@ #endif /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( mbedtls_mpi_uint *v, size_t n ) { +static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) { volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0; } @@ -99,7 +99,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X ) if( X->p != NULL ) { - mbedtls_zeroize( X->p, X->n ); + mbedtls_mpi_zeroize( X->p, X->n ); mbedtls_free( X->p ); } @@ -126,7 +126,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) if( X->p != NULL ) { memcpy( p, X->p, X->n * ciL ); - mbedtls_zeroize( X->p, X->n ); + mbedtls_mpi_zeroize( X->p, X->n ); mbedtls_free( X->p ); } @@ -164,7 +164,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) if( X->p != NULL ) { memcpy( p, X->p, i * ciL ); - mbedtls_zeroize( X->p, X->n ); + mbedtls_mpi_zeroize( X->p, X->n ); mbedtls_free( X->p ); } From d7e9ad7d831e3709cb0d668a4a298e2a6383c4a7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 25 Apr 2016 16:07:12 +0100 Subject: [PATCH 217/399] Updates ChangeLog with faster MPI zeroize fix Added optimised mbedtls_mpi_zeroise() credit to ChangeLog. --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index bee652cf9..15bb3379c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. - * Disabled SSLv3 in the default configuration. + * Disabled SSLv3 in the default configuration. + * Optimized mbedtls_zeroize() for MPI integer size. (Fix by Alexey Skalozub) = mbed TLS 2.2.1 released 2016-01-05 From a543d11d3aa4fbf569f9ae51c37542e3b3f32932 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 26 Apr 2016 12:51:37 +0100 Subject: [PATCH 218/399] Fixes mbedtls_mpi_zeroize() function name in ChangeLog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 15bb3379c..128113838 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,7 +27,8 @@ Changes don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. * Disabled SSLv3 in the default configuration. - * Optimized mbedtls_zeroize() for MPI integer size. (Fix by Alexey Skalozub) + * Optimized mbedtls_mpi_zeroize() for MPI integer size. (Fix by Alexey + Skalozub). = mbed TLS 2.2.1 released 2016-01-05 From 1594210a49904cab931bd48e0bf19de99d878af3 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 25 Apr 2016 21:34:49 +0100 Subject: [PATCH 219/399] Adds better support to debug generated code The commit adds to the generate_code.pl script support to add #line directives to generated code to allow build breaks to be more easily found from the generated code. --- tests/scripts/generate_code.pl | 62 ++++++++++++++++++++++++++------- tests/suites/helpers.function | 1 + tests/suites/main_test.function | 9 +++-- 3 files changed, 57 insertions(+), 15 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 5892f7ba3..93c003b01 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -21,13 +21,15 @@ # test dispatch code as well as support functions. It contains the # following symbols which are substituted by this script during # processing: -# TEST_FILENAME +# TESTCASE_FILENAME +# TESTCODE_FILENAME # SUITE_PRE_DEP # MAPPING_CODE # FUNCTION CODE # SUITE_POST_DEP # DEP_CHECK_CODE # DISPATCH_FUNCTION +# !LINE_NO! # # - common helper code file - 'helpers.function' # Common helper functions @@ -44,8 +46,8 @@ # # - test data file - file name in the form 'test_suite_xxxx.data' # The test case parameters to to be used in execution of the test. The -# file name is used to replace the symbol 'TEST_FILENAME' in the main code -# file above. +# file name is used to replace the symbol 'TESTCASE_FILENAME' in the main +# code file above. # use strict; @@ -62,23 +64,52 @@ my $test_case_data = $suite_dir."/".$data_name.".data"; my $line_separator = $/; undef $/; + +# +# Open and read in the input files +# + open(TEST_HELPERS, "$test_common_helper_file") or die "Opening test helpers '$test_common_helper_file': $!"; my $test_common_helpers = ; close(TEST_HELPERS); open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!"; -my $test_main = ; +my @test_main_lines = split/^/, ; +my $test_main; +my $index = 1; +for my $line (@test_main_lines) { + $line =~ s/!LINE_NO!/$index/; + $test_main = $test_main.$line; + $index++; +} close(TEST_MAIN); open(TEST_CASES, "$test_case_file") or die "Opening test cases '$test_case_file': $!"; -my $test_cases = ; +my @test_cases_lines = split/^/, ; +my $test_cases; +my $index = 1; +for my $line (@test_cases_lines) { + if ($line =~ /^\/\* BEGIN_CASE .*\*\//) + { + $line = $line."#line $index \"$test_case_file\"\n"; + } + + $test_cases = $test_cases.$line; + $index++; +} + close(TEST_CASES); open(TEST_DATA, "$test_case_data") or die "Opening test data '$test_case_data': $!"; my $test_data = ; close(TEST_DATA); + +# +# Find the headers, dependencies, and suites in the test cases file +# + my ( $suite_header ) = $test_cases =~ /\/\* BEGIN_HEADER \*\/\n(.*?)\n\/\* END_HEADER \*\//s; my ( $suite_defines ) = $test_cases =~ /\/\* BEGIN_DEPENDENCIES\n \* (.*?)\n \* END_DEPENDENCIES/s; my ( $suite_helpers ) = $test_cases =~ /\/\* BEGIN_SUITE_HELPERS \*\/\n(.*?)\n\/\* END_SUITE_HELPERS \*\//s; @@ -159,16 +190,19 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// my $function_decl = $2; # Sanity checks of function - if ($function_decl !~ /^void /) + if ($function_decl !~ /^#line\s*.*\nvoid /) { - die "Test function does not have 'void' as return type\n"; + die "Test function does not have 'void' as return type.\n" . + "Function declaration:\n" . + $function_decl; } - if ($function_decl !~ /^void (\w+)\(\s*(.*?)\s*\)\s*{(.*)}/ms) + if ($function_decl !~ /^(#line\s*.*)\nvoid (\w+)\(\s*(.*?)\s*\)\s*{(.*)}/ms) { die "Function declaration not in expected format\n"; } - my $function_name = $1; - my $function_params = $2; + my $line_directive = $1; + my $function_name = $2; + my $function_params = $3; my $function_pre_code; my $function_post_code; my $param_defs; @@ -179,7 +213,7 @@ while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\// my $mapping_regex = "".$function_name; my $mapping_count = 0; - $function_decl =~ s/^void /void test_suite_/; + $function_decl =~ s/(^#line\s*.*)\nvoid /$1\nvoid test_suite_/; # Add exit label if not present if ($function_decl !~ /^exit:$/m) @@ -262,7 +296,8 @@ $function_post_code else END - my $function_code = $function_pre_code . $function_decl . "\n" . $function_post_code; + my $function_code = $function_pre_code . $function_decl . "\n" . + $function_post_code; $test_main =~ s/FUNCTION_CODE/$function_code\nFUNCTION_CODE/; } @@ -317,7 +352,8 @@ END $dispatch_code =~ s/^(.+)/ $1/mg; -$test_main =~ s/TEST_FILENAME/$test_case_data/g; +$test_main =~ s/TESTCASE_FILENAME/$test_case_data/g; +$test_main =~ s/TESTCODE_FILENAME/$test_case_file/g; $test_main =~ s/FUNCTION_CODE//; $test_main =~ s/DEP_CHECK_CODE/$dep_check_code/; $test_main =~ s/DISPATCH_FUNCTION/$dispatch_code/; diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 6d4438de5..c4128b403 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -1,3 +1,4 @@ +#line 1 "helpers.function" /*----------------------------------------------------------------------------*/ /* Headers */ diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index c2e3f6b07..c5d6cd86b 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -1,3 +1,4 @@ +#line 1 "main_test.function" SUITE_PRE_DEP #define TEST_SUITE_ACTIVE @@ -70,6 +71,8 @@ MAPPING_CODE FUNCTION_CODE SUITE_POST_DEP +#line !LINE_NO! "main_test.function" + /*----------------------------------------------------------------------------*/ /* Test dispatch code */ @@ -111,6 +114,8 @@ DISPATCH_FUNCTION /*----------------------------------------------------------------------------*/ /* Main Test code */ +#line !LINE_NO! "main_test.function" + #define USAGE \ "Usage: %s [OPTIONS] files...\n\n" \ " Command line arguments:\n" \ @@ -121,7 +126,7 @@ DISPATCH_FUNCTION " -v | --verbose Display full information about each test\n" \ " -h | --help Display this information\n\n", \ argv[0], \ - "TEST_FILENAME" + "TESTCASE_FILENAME" int get_line( FILE *f, char *buf, size_t len ) @@ -234,7 +239,7 @@ static int run_test_snprintf( void ) int main(int argc, const char *argv[]) { /* Local Configurations and options */ - const char *default_filename = "TEST_FILENAME"; + const char *default_filename = "TESTCASE_FILENAME"; const char *test_filename = NULL; const char **test_files = NULL; int testfile_count = 0; From d5800b7761ad9705d2ebca86d7af0c8ee24e427a Mon Sep 17 00:00:00 2001 From: SimonB Date: Tue, 26 Apr 2016 07:43:27 +0100 Subject: [PATCH 220/399] Abstracts away time()/stdlib.h into platform Substitutes time() into a configurable platform interface to allow it to be easily substituted. --- include/mbedtls/config.h | 2 ++ include/mbedtls/platform.h | 34 ++++++++++++++++++++++++++++++++++ include/mbedtls/ssl.h | 2 +- include/mbedtls/ssl_cache.h | 2 +- library/debug.c | 13 +++++++------ library/net.c | 8 +++++++- library/platform.c | 23 +++++++++++++++++++++++ library/ssl_cache.c | 16 +++++++++------- library/ssl_ciphersuites.c | 8 +++++++- library/ssl_cli.c | 22 ++++++++++++---------- library/ssl_cookie.c | 14 ++++++++------ library/ssl_srv.c | 24 +++++++++++++----------- library/ssl_ticket.c | 14 ++++++++------ library/ssl_tls.c | 17 +++++++++-------- library/x509.c | 12 +++++++----- programs/ssl/mini_client.c | 11 +++++++++++ 16 files changed, 159 insertions(+), 63 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a617d0629..3c3d9ca2d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -152,6 +152,7 @@ * platform function */ //#define MBEDTLS_PLATFORM_EXIT_ALT +//#define MBEDTLS_PLATFORM_TIME_ALT //#define MBEDTLS_PLATFORM_FPRINTF_ALT //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT @@ -2465,6 +2466,7 @@ //#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ /* Note: your snprintf must correclty zero-terminate the buffer! */ diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 1371ff1c6..7922e8c75 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -66,6 +66,9 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_STD_EXIT) #define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */ #endif +#if !defined(MBEDTLS_PLATFORM_STD_TIME) +#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use */ +#endif #if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS) #define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< Default exit value to use */ #endif @@ -227,6 +230,37 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #define MBEDTLS_EXIT_FAILURE 1 #endif +/* + * The time_t datatype + */ +#if defined(MBEDTLS_PLATFORM_TIME_T_MACRO) +#define mbedtls_time_t MBEDTLS_PLATFORM_TIME_T_MACRO +#else +#define mbedtls_time_t time_t +#endif /* MBEDTLS_PLATFORM_TIME_T_MACRO */ + +/* + * The function pointers for time + */ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) +extern time_t (*mbedtls_time)( mbedtls_time_t* time ); + +/** + * \brief Set your own time function pointer + * + * \param time_func the time function implementation + * + * \return 0 + */ +int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t time ) ); +#else +#if defined(MBEDTLS_PLATFORM_TIME_MACRO) +#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO +#else +#define mbedtls_time time +#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ +#endif /* MBEDTLS_PLATFORM_TIME_ALT */ + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3e05f3f3d..67c62b744 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -542,7 +542,7 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; struct mbedtls_ssl_session { #if defined(MBEDTLS_HAVE_TIME) - time_t start; /*!< starting time */ + mbedtls_time_t start; /*!< starting time */ #endif int ciphersuite; /*!< chosen ciphersuite */ int compression; /*!< chosen compression */ diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index 1155924a9..3734bb727 100644 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -60,7 +60,7 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; struct mbedtls_ssl_cache_entry { #if defined(MBEDTLS_HAVE_TIME) - time_t timestamp; /*!< entry timestamp */ + mbedtls_time_t timestamp; /*!< entry timestamp */ #endif mbedtls_ssl_session session; /*!< entry session */ #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/debug.c b/library/debug.c index 4752ab1a3..a032478da 100644 --- a/library/debug.c +++ b/library/debug.c @@ -27,21 +27,22 @@ #if defined(MBEDTLS_DEBUG_C) -#include "mbedtls/debug.h" - -#include -#include -#include - #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include #define mbedtls_calloc calloc #define mbedtls_free free +#define mbedtls_time_t time_t #define mbedtls_snprintf snprintf #endif +#include "mbedtls/debug.h" + +#include +#include +#include + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/library/net.c b/library/net.c index 3b78b6b15..4142bc061 100644 --- a/library/net.c +++ b/library/net.c @@ -32,6 +32,13 @@ #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h" #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_time_t time_t +#endif + #include "mbedtls/net.h" #include @@ -86,7 +93,6 @@ static int wsa_init_done = 0; #define MSVC_INT_CAST #endif -#include #include #include diff --git a/library/platform.c b/library/platform.c index d634c6277..e7ec0ad6a 100644 --- a/library/platform.c +++ b/library/platform.c @@ -190,4 +190,27 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ) } #endif /* MBEDTLS_PLATFORM_EXIT_ALT */ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) +#if !defined(MBEDTLS_PLATFORM_STD_TIME) +/* + * Make dummy function to prevent NULL pointer dereferences + */ +static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer ) +{ + ((void) timer); + return( NULL ); +} + +#define MBEDTLS_PLATFORM_STD_TIME platform_time_uninit +#endif /* !MBEDTLS_PLATFORM_STD_TIME */ + +time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME; + +int mbedtls_platform_set_exit( mbedtls_time_t (*time_func)( mbedtls_time_t timer ) ) +{ + mbedtls_time = time_func; + return( 0 ); +} +#endif /* MBEDTLS_PLATFORM_TIME_ALT */ + #endif /* MBEDTLS_PLATFORM_C */ diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 711bc535c..01c66aed1 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -31,18 +31,20 @@ #if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" - -#include - #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include #define mbedtls_calloc calloc -#define mbedtls_free free +#define mbedtls_free free +#define mbedtls_time time +#define mbedtls_time_t time_t #endif +#include "mbedtls/ssl_cache.h" + +#include + void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) { memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) ); @@ -59,7 +61,7 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - time_t t = time( NULL ); + mbedtls_time_t t = mbedtls_time( NULL ); #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; mbedtls_ssl_cache_entry *cur, *entry; @@ -138,7 +140,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - time_t t = time( NULL ), oldest = 0; + mbedtls_time_t t = time( NULL ), oldest = 0; mbedtls_ssl_cache_entry *old = NULL; #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 949b9ed64..35463317f 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -29,10 +29,16 @@ #if defined(MBEDTLS_SSL_TLS_C) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_time_t time_t +#endif + #include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/ssl.h" -// #include #include /* diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7f5b94eb2..cd39db027 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -27,20 +27,22 @@ #if defined(MBEDTLS_SSL_CLI_C) -#include "mbedtls/debug.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_internal.h" - -#include - #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include #define mbedtls_calloc calloc -#define mbedtls_free free +#define mbedtls_free free +#define mbedtls_time time +#define mbedtls_time_t time_t #endif +#include "mbedtls/debug.h" +#include "mbedtls/ssl.h" +#include "mbedtls/ssl_internal.h" + +#include + #include #if defined(MBEDTLS_HAVE_TIME) @@ -669,7 +671,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) int ret; unsigned char *p = ssl->handshake->randbytes; #if defined(MBEDTLS_HAVE_TIME) - time_t t; + mbedtls_time_t t; #endif /* @@ -684,7 +686,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_HAVE_TIME) - t = time( NULL ); + t = mbedtls_time( NULL ); *p++ = (unsigned char)( t >> 24 ); *p++ = (unsigned char)( t >> 16 ); *p++ = (unsigned char)( t >> 8 ); @@ -1592,7 +1594,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->state++; ssl->handshake->resume = 0; #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = time( NULL ); + ssl->session_negotiate->start = mbedtls_time( NULL ); #endif ssl->session_negotiate->ciphersuite = i; ssl->session_negotiate->compression = comp; diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 7e0c573ad..f241c86d8 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -31,16 +31,18 @@ #if defined(MBEDTLS_SSL_COOKIE_C) -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/ssl_internal.h" - #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_calloc calloc -#define mbedtls_free free +#define mbedtls_free free +#define mbedtls_time time +#define mbedtls_time_t time_t #endif +#include "mbedtls/ssl_cookie.h" +#include "mbedtls/ssl_internal.h" + #include /* Implementation that should never be optimized out by the compiler */ @@ -172,7 +174,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); #if defined(MBEDTLS_HAVE_TIME) - t = (unsigned long) time( NULL ); + t = (unsigned long) mbedtls_time( NULL ); #else t = ctx->serial++; #endif @@ -242,7 +244,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx, return( -1 ); #if defined(MBEDTLS_HAVE_TIME) - cur_time = (unsigned long) time( NULL ); + cur_time = (unsigned long) mbedtls_time( NULL ); #else cur_time = ctx->serial; #endif diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6bd0b598a..9fc21a5ef 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -27,6 +27,16 @@ #if defined(MBEDTLS_SSL_SRV_C) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#define mbedtls_time time +#define mbedtls_time_t time_t +#endif + #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -37,14 +47,6 @@ #include "mbedtls/ecp.h" #endif -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif - #if defined(MBEDTLS_HAVE_TIME) #include #endif @@ -2210,7 +2212,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_HAVE_TIME) - time_t t; + mbedtls_time_t t; #endif int ret; size_t olen, ext_len = 0, n; @@ -2253,7 +2255,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) buf[4], buf[5] ) ); #if defined(MBEDTLS_HAVE_TIME) - t = time( NULL ); + t = mbedtls_time( NULL ); *p++ = (unsigned char)( t >> 24 ); *p++ = (unsigned char)( t >> 16 ); *p++ = (unsigned char)( t >> 8 ); @@ -2302,7 +2304,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ssl->state++; #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = time( NULL ); + ssl->session_negotiate->start = mbedtls_time( NULL ); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 0e27900b5..5d77403e5 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -27,16 +27,18 @@ #if defined(MBEDTLS_SSL_TICKET_C) -#include "mbedtls/ssl_ticket.h" - #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include #define mbedtls_calloc calloc -#define mbedtls_free free +#define mbedtls_free free +#define mbedtls_time time +#define mbedtls_time_t time_t #endif +#include "mbedtls/ssl_ticket.h" + #include /* Implementation that should never be optimized out by the compiler */ @@ -69,7 +71,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, mbedtls_ssl_ticket_key *key = ctx->keys + index; #if defined(MBEDTLS_HAVE_TIME) - key->generation_time = (uint32_t) time( NULL ); + key->generation_time = (uint32_t) mbedtls_time( NULL ); #endif if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 ) @@ -98,7 +100,7 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) #else if( ctx->ticket_lifetime != 0 ) { - uint32_t current_time = (uint32_t) time( NULL ); + uint32_t current_time = (uint32_t) mbedtls_time( NULL ); uint32_t key_time = ctx->keys[ctx->active].generation_time; if( current_time > key_time && @@ -451,7 +453,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, #if defined(MBEDTLS_HAVE_TIME) { /* Check for expiration */ - time_t current_time = time( NULL ); + mbedtls_time_t current_time = mbedtls_time( NULL ); if( current_time < session->start || (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1c44b7ddb..19cc35792 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -35,6 +35,15 @@ #if defined(MBEDTLS_SSL_TLS_C) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#define mbedtls_time_t time_t +#endif + #include "mbedtls/debug.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_internal.h" @@ -46,14 +55,6 @@ #include "mbedtls/oid.h" #endif -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; diff --git a/library/x509.c b/library/x509.c index ffc3d6c94..a0df81708 100644 --- a/library/x509.c +++ b/library/x509.c @@ -53,10 +53,12 @@ #else #include #include -#define mbedtls_free free +#define mbedtls_free free #define mbedtls_calloc calloc -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf +#define mbedtls_time time +#define mbedtls_time_t time_t +#define mbedtls_printf printf +#define mbedtls_snprintf snprintf #endif #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) @@ -843,7 +845,7 @@ static int x509_get_current_time( mbedtls_x509_time *now ) static int x509_get_current_time( mbedtls_x509_time *now ) { struct tm *lt; - time_t tt; + mbedtls_time_t tt; int ret = 0; #if defined(MBEDTLS_THREADING_C) @@ -851,7 +853,7 @@ static int x509_get_current_time( mbedtls_x509_time *now ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); #endif - tt = time( NULL ); + tt = mbedtls_time( NULL ); lt = gmtime( &tt ); if( lt == NULL ) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 26082ef5b..d3954c571 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -43,12 +43,14 @@ #if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(UNIX) + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include #define mbedtls_printf printf #endif + int main( void ) { mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " @@ -58,6 +60,15 @@ int main( void ) } #else +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_time_t time_t +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + #include #include "mbedtls/net.h" From 3fe6cd3a2d621d40b69102caf280da283df13a50 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 26 Apr 2016 19:51:29 +0100 Subject: [PATCH 221/399] Fixes time() abstraction for custom configs Added platform abstraction of time() to ChangeLog, version features, and fixed the build for dynamic configuration. --- ChangeLog | 4 ++++ include/mbedtls/platform.h | 5 +++-- library/platform.c | 6 +++--- library/version_features.c | 3 +++ 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 128113838..3e2ea6b5c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.x branch +Features + * Support for platform abstraction of the standard C library time() + function. + Bugfix * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 7922e8c75..69a6afda4 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -44,6 +44,7 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) #include #include +#include #if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF) #if defined(_WIN32) #define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */ @@ -243,7 +244,7 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); * The function pointers for time */ #if defined(MBEDTLS_PLATFORM_TIME_ALT) -extern time_t (*mbedtls_time)( mbedtls_time_t* time ); +extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); /** * \brief Set your own time function pointer @@ -252,7 +253,7 @@ extern time_t (*mbedtls_time)( mbedtls_time_t* time ); * * \return 0 */ -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t time ) ); +int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); #else #if defined(MBEDTLS_PLATFORM_TIME_MACRO) #define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO diff --git a/library/platform.c b/library/platform.c index e7ec0ad6a..89a2bd65d 100644 --- a/library/platform.c +++ b/library/platform.c @@ -198,15 +198,15 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ) static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer ) { ((void) timer); - return( NULL ); + return( 0 ); } #define MBEDTLS_PLATFORM_STD_TIME platform_time_uninit #endif /* !MBEDTLS_PLATFORM_STD_TIME */ -time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME; +mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME; -int mbedtls_platform_set_exit( mbedtls_time_t (*time_func)( mbedtls_time_t timer ) ) +int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) ) { mbedtls_time = time_func; return( 0 ); diff --git a/library/version_features.c b/library/version_features.c index 1575e093e..b852ca81a 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -54,6 +54,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_EXIT_ALT) "MBEDTLS_PLATFORM_EXIT_ALT", #endif /* MBEDTLS_PLATFORM_EXIT_ALT */ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) + "MBEDTLS_PLATFORM_TIME_ALT", +#endif /* MBEDTLS_PLATFORM_TIME_ALT */ #if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) "MBEDTLS_PLATFORM_FPRINTF_ALT", #endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */ From 80aea30aa5c72c3cdc6ea8322385747886508975 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 27 Apr 2016 00:28:14 +0100 Subject: [PATCH 222/399] Fixes syntax and naming for check-names.sh Some macros were failing checks by check-names.sh --- include/mbedtls/config.h | 2 ++ include/mbedtls/platform.h | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3c3d9ca2d..0efee0454 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2479,6 +2479,8 @@ //#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ /* Note: your snprintf must correclty zero-terminate the buffer! */ diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 69a6afda4..039cb587a 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -234,11 +234,11 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); /* * The time_t datatype */ -#if defined(MBEDTLS_PLATFORM_TIME_T_MACRO) -#define mbedtls_time_t MBEDTLS_PLATFORM_TIME_T_MACRO +#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) +typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; #else -#define mbedtls_time_t time_t -#endif /* MBEDTLS_PLATFORM_TIME_T_MACRO */ +typedef time_t mbedtls_time_t; +#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ /* * The function pointers for time From d3138c35c68481fc9cdc1990b8108c5970b92305 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 27 Apr 2016 01:26:50 +0100 Subject: [PATCH 223/399] Fixes SSL sample apps for non-default configs Fixes the SSL sample applications to build for the non-default configs which don't build if MBEDTLS_PLATFORM_C isn't defined. --- programs/ssl/ssl_client1.c | 3 +++ programs/ssl/ssl_client2.c | 3 +++ programs/ssl/ssl_mail_client.c | 3 +++ programs/ssl/ssl_server.c | 3 +++ programs/ssl/ssl_server2.c | 3 +++ programs/test/udp_proxy.c | 9 +++++---- 6 files changed, 20 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 1aeddf71c..3516e15c9 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -29,6 +29,9 @@ #include "mbedtls/platform.h" #else #include +#include +#define mbedtls_time time +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #endif diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 559e5028d..78f9e00f5 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -29,6 +29,9 @@ #include "mbedtls/platform.h" #else #include +#include +#define mbedtls_time time +#define mbedtls_time_t time_t #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_snprintf snprintf diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 974c17020..c807eb569 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -29,6 +29,9 @@ #include "mbedtls/platform.h" #else #include +#include +#define mbedtls_time time +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #endif diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 70efba938..c7f526795 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -29,6 +29,9 @@ #include "mbedtls/platform.h" #else #include +#include +#define mbedtls_time time +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b586a7008..6d4e9165b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -29,7 +29,10 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_free free +#define mbedtls_time time +#define mbedtls_time_t time_t #define mbedtls_calloc calloc #define mbedtls_fprintf fprintf #define mbedtls_printf printf diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index eb8d29e71..b698c78f0 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -34,11 +34,15 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else +#include +#include +#include +#define mbedtls_time time +#define mbedtls_time_t time_t #define mbedtls_printf printf #endif #if !defined(MBEDTLS_NET_C) -#include int main( void ) { mbedtls_printf( "MBEDTLS_NET_C not defined.\n" ); @@ -50,10 +54,7 @@ int main( void ) #include "mbedtls/error.h" #include "mbedtls/ssl.h" -#include -#include #include -#include /* For select() */ #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ From b2d5dd105dd6073c40aecdbb1471928d90b61287 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 27 Apr 2016 13:35:37 +0100 Subject: [PATCH 224/399] Fixes X509 sample app and SSL test suite Fixes the X.509 cert_app and the SSL test suite for the non-default configs which don't build with if MBEDTLS_PLATFORM_C isn't defined. --- programs/x509/cert_app.c | 3 +++ tests/suites/helpers.function | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 84f67e6d3..3f50a7a14 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -29,6 +29,9 @@ #include "mbedtls/platform.h" #else #include +#include +#define mbedtls_time time +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #endif diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index c4128b403..cc9ab7c42 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -6,11 +6,14 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_calloc calloc #define mbedtls_free free #define mbedtls_exit exit +#define mbedtls_time time +#define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_snprintf snprintf @@ -29,8 +32,6 @@ typedef UINT32 uint32_t; #include #endif -#include -#include #include From fe049db8ef95ce2cddf111de13d86bc82c605df0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 31 Mar 2016 11:37:33 +0100 Subject: [PATCH 225/399] Fix issue #429 in ssl_fork_server.c --- programs/ssl/ssl_fork_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 13ce5dd60..4da96a66c 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -258,11 +258,10 @@ int main( void ) goto exit; } - mbedtls_net_free( &client_fd ); continue; } - mbedtls_net_free( &listen_fd ); + mbedtls_net_init( &listen_fd ); /* * 4. Setup stuff From 582a461a49b80dd2f1d72ce8b68491eea629409d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 28 Apr 2016 23:37:16 +0100 Subject: [PATCH 226/399] Improves and makes pretty the ssl_fork_server output --- programs/ssl/ssl_fork_server.c | 75 +++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 33 deletions(-) diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 4da96a66c..545e2fbf3 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -127,7 +127,7 @@ int main( void ) (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + mbedtls_printf( " failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret ); goto exit; } @@ -148,7 +148,7 @@ int main( void ) mbedtls_test_srv_crt_len ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret ); goto exit; } @@ -156,7 +156,7 @@ int main( void ) mbedtls_test_cas_pem_len ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret ); goto exit; } @@ -164,7 +164,7 @@ int main( void ) mbedtls_test_srv_key_len, NULL, 0 ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret ); goto exit; } @@ -181,7 +181,7 @@ int main( void ) MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_ssl_config_defaults returned %d\n\n", ret ); goto exit; } @@ -191,7 +191,7 @@ int main( void ) mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); goto exit; } @@ -205,7 +205,7 @@ int main( void ) if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_net_bind returned %d\n\n", ret ); goto exit; } @@ -219,42 +219,40 @@ int main( void ) mbedtls_net_init( &client_fd ); mbedtls_ssl_init( &ssl ); - mbedtls_printf( " . Waiting for a remote connection ..." ); + mbedtls_printf( " . Waiting for a remote connection ...\n" ); fflush( stdout ); if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, NULL, 0, NULL ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_net_accept returned %d\n\n", ret ); goto exit; } - mbedtls_printf( " ok\n" ); - /* * 3.5. Forking server thread */ - pid = fork(); - mbedtls_printf( " . Forking to handle connection ..." ); fflush( stdout ); + pid = fork(); + if( pid < 0 ) { - mbedtls_printf(" failed\n ! fork returned %d\n\n", pid ); + mbedtls_printf(" failed! fork returned %d\n\n", pid ); goto exit; } - mbedtls_printf( " ok\n" ); - if( pid != 0 ) { + mbedtls_printf( " ok\n" ); + if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg, (const unsigned char *) "parent", 6 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_reseed returned %d\n", ret ); + mbedtls_printf( " failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret ); goto exit; } @@ -263,51 +261,59 @@ int main( void ) mbedtls_net_init( &listen_fd ); + pid = getpid(); + /* * 4. Setup stuff */ - mbedtls_printf( " . Setting up the SSL data...." ); + mbedtls_printf( "pid %d: Setting up the SSL data.\n", pid ); fflush( stdout ); if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg, (const unsigned char *) "child", 5 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_reseed returned %d\n", ret ); + mbedtls_printf( + "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n", + pid, ret ); goto exit; } if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); + mbedtls_printf( + "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n", + pid, ret ); goto exit; } mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); - mbedtls_printf( " ok\n" ); + mbedtls_printf( "pid %d: SSL setup ok\n", pid ); /* * 5. Handshake */ - mbedtls_printf( " . Performing the SSL/TLS handshake..." ); + mbedtls_printf( "pid %d: Performing the SSL/TLS handshake.\n", pid ); fflush( stdout ); while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret ); + mbedtls_printf( + "pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n", + pid, ret ); goto exit; } } - mbedtls_printf( " ok\n" ); + mbedtls_printf( "pid %d: SSL handshake ok\n", pid ); /* * 6. Read the HTTP Request */ - mbedtls_printf( " < Read from client:" ); + mbedtls_printf( "pid %d: Start reading from client.\n", pid ); fflush( stdout ); do @@ -324,15 +330,15 @@ int main( void ) switch( ret ) { case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf( " connection was closed gracefully\n" ); + mbedtls_printf( "pid %d: connection was closed gracefully\n", pid ); break; case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf( " connection was reset by peer\n" ); + mbedtls_printf( "pid %d: connection was reset by peer\n", pid ); break; default: - mbedtls_printf( " mbedtls_ssl_read returned %d\n", ret ); + mbedtls_printf( "pid %d: mbedtls_ssl_read returned %d\n", pid, ret ); break; } @@ -340,7 +346,7 @@ int main( void ) } len = ret; - mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); + mbedtls_printf( "pid %d: %d bytes read\n\n%s", pid, len, (char *) buf ); if( ret > 0 ) break; @@ -350,7 +356,7 @@ int main( void ) /* * 7. Write the 200 Response */ - mbedtls_printf( " > Write to client:" ); + mbedtls_printf( "pid %d: Start writing to client.\n", pid ); fflush( stdout ); len = sprintf( (char *) buf, HTTP_RESPONSE, @@ -362,18 +368,21 @@ int main( void ) { if( ret == MBEDTLS_ERR_NET_CONN_RESET ) { - mbedtls_printf( " failed\n ! peer closed the connection\n\n" ); + mbedtls_printf( + "pid %d: Write failed! peer closed the connection\n\n", pid ); goto exit; } if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); + mbedtls_printf( + "pid %d: Write failed! mbedtls_ssl_write returned %d\n\n", + pid, ret ); goto exit; } } len = ret; - mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf ); + mbedtls_printf( "pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf ); mbedtls_net_usleep( 1000000 ); } From 45732c7cac9cd9fc6ce0892f1f0ea6b74e6ab6de Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 29 Apr 2016 00:05:32 +0100 Subject: [PATCH 227/399] Update ChangeLog for bug #429 in ssl_fork_server --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 3e2ea6b5c..3b32873b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ Bugfix dereference possible. * Fix issue that caused a crash if invalid curves were passed to mbedtls_ssl_conf_curves. #373 + * Fix issue in ssl_fork_server which was preventing it from functioning. #429 Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From 0b98d2f0862aa8daa35fd1e1feed97e7fdd45335 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 2 May 2016 11:06:47 +0200 Subject: [PATCH 228/399] Fix minor doc issue --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 67c62b744..96643eb46 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -976,7 +976,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, * pointers and data. * * \param ssl SSL context - * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED, + * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED, MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or * MBEDTLS_ERR_SSL_COMPRESSION_FAILED */ From e609a08c2fe0b0cbb2c49efe2d8ddcd918b35918 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 31 Mar 2016 11:37:33 +0100 Subject: [PATCH 229/399] Fix issue #429 in ssl_fork_server.c --- programs/ssl/ssl_fork_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 13ce5dd60..4da96a66c 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -258,11 +258,10 @@ int main( void ) goto exit; } - mbedtls_net_free( &client_fd ); continue; } - mbedtls_net_free( &listen_fd ); + mbedtls_net_init( &listen_fd ); /* * 4. Setup stuff From 98c2b0ea7dd2f2303ea752276ec7df9e6514523f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 28 Apr 2016 23:37:16 +0100 Subject: [PATCH 230/399] Improves and makes pretty the ssl_fork_server output --- programs/ssl/ssl_fork_server.c | 75 +++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 33 deletions(-) diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 4da96a66c..545e2fbf3 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -127,7 +127,7 @@ int main( void ) (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + mbedtls_printf( " failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret ); goto exit; } @@ -148,7 +148,7 @@ int main( void ) mbedtls_test_srv_crt_len ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret ); goto exit; } @@ -156,7 +156,7 @@ int main( void ) mbedtls_test_cas_pem_len ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret ); goto exit; } @@ -164,7 +164,7 @@ int main( void ) mbedtls_test_srv_key_len, NULL, 0 ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret ); goto exit; } @@ -181,7 +181,7 @@ int main( void ) MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_ssl_config_defaults returned %d\n\n", ret ); goto exit; } @@ -191,7 +191,7 @@ int main( void ) mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); goto exit; } @@ -205,7 +205,7 @@ int main( void ) if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_net_bind returned %d\n\n", ret ); goto exit; } @@ -219,42 +219,40 @@ int main( void ) mbedtls_net_init( &client_fd ); mbedtls_ssl_init( &ssl ); - mbedtls_printf( " . Waiting for a remote connection ..." ); + mbedtls_printf( " . Waiting for a remote connection ...\n" ); fflush( stdout ); if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, NULL, 0, NULL ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); + mbedtls_printf( " failed! mbedtls_net_accept returned %d\n\n", ret ); goto exit; } - mbedtls_printf( " ok\n" ); - /* * 3.5. Forking server thread */ - pid = fork(); - mbedtls_printf( " . Forking to handle connection ..." ); fflush( stdout ); + pid = fork(); + if( pid < 0 ) { - mbedtls_printf(" failed\n ! fork returned %d\n\n", pid ); + mbedtls_printf(" failed! fork returned %d\n\n", pid ); goto exit; } - mbedtls_printf( " ok\n" ); - if( pid != 0 ) { + mbedtls_printf( " ok\n" ); + if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg, (const unsigned char *) "parent", 6 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_reseed returned %d\n", ret ); + mbedtls_printf( " failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret ); goto exit; } @@ -263,51 +261,59 @@ int main( void ) mbedtls_net_init( &listen_fd ); + pid = getpid(); + /* * 4. Setup stuff */ - mbedtls_printf( " . Setting up the SSL data...." ); + mbedtls_printf( "pid %d: Setting up the SSL data.\n", pid ); fflush( stdout ); if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg, (const unsigned char *) "child", 5 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_reseed returned %d\n", ret ); + mbedtls_printf( + "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n", + pid, ret ); goto exit; } if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); + mbedtls_printf( + "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n", + pid, ret ); goto exit; } mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); - mbedtls_printf( " ok\n" ); + mbedtls_printf( "pid %d: SSL setup ok\n", pid ); /* * 5. Handshake */ - mbedtls_printf( " . Performing the SSL/TLS handshake..." ); + mbedtls_printf( "pid %d: Performing the SSL/TLS handshake.\n", pid ); fflush( stdout ); while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret ); + mbedtls_printf( + "pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n", + pid, ret ); goto exit; } } - mbedtls_printf( " ok\n" ); + mbedtls_printf( "pid %d: SSL handshake ok\n", pid ); /* * 6. Read the HTTP Request */ - mbedtls_printf( " < Read from client:" ); + mbedtls_printf( "pid %d: Start reading from client.\n", pid ); fflush( stdout ); do @@ -324,15 +330,15 @@ int main( void ) switch( ret ) { case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf( " connection was closed gracefully\n" ); + mbedtls_printf( "pid %d: connection was closed gracefully\n", pid ); break; case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf( " connection was reset by peer\n" ); + mbedtls_printf( "pid %d: connection was reset by peer\n", pid ); break; default: - mbedtls_printf( " mbedtls_ssl_read returned %d\n", ret ); + mbedtls_printf( "pid %d: mbedtls_ssl_read returned %d\n", pid, ret ); break; } @@ -340,7 +346,7 @@ int main( void ) } len = ret; - mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); + mbedtls_printf( "pid %d: %d bytes read\n\n%s", pid, len, (char *) buf ); if( ret > 0 ) break; @@ -350,7 +356,7 @@ int main( void ) /* * 7. Write the 200 Response */ - mbedtls_printf( " > Write to client:" ); + mbedtls_printf( "pid %d: Start writing to client.\n", pid ); fflush( stdout ); len = sprintf( (char *) buf, HTTP_RESPONSE, @@ -362,18 +368,21 @@ int main( void ) { if( ret == MBEDTLS_ERR_NET_CONN_RESET ) { - mbedtls_printf( " failed\n ! peer closed the connection\n\n" ); + mbedtls_printf( + "pid %d: Write failed! peer closed the connection\n\n", pid ); goto exit; } if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); + mbedtls_printf( + "pid %d: Write failed! mbedtls_ssl_write returned %d\n\n", + pid, ret ); goto exit; } } len = ret; - mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf ); + mbedtls_printf( "pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf ); mbedtls_net_usleep( 1000000 ); } From f8935075dca3f301be88e9d5ac35e62f06d2e57d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 29 Apr 2016 00:05:32 +0100 Subject: [PATCH 231/399] Update ChangeLog for bug #429 in ssl_fork_server --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 2b863bf25..bb3af66b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,7 @@ Bugfix dereference possible. * Fix issue that caused a crash if invalid curves were passed to mbedtls_ssl_conf_curves. #373 + * Fix issue in ssl_fork_server which was preventing it from functioning. #429 Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From 42256118870538bb48d2cadeb16c787a528fe570 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 01:05:22 +0100 Subject: [PATCH 232/399] Fixes memory leak in memory_buffer_alloc.c debug Debug symbols were being leaked in memory_buffer_alloc.c --- library/memory_buffer_alloc.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index b2c775a3d..545d5a2c3 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -417,6 +417,12 @@ static void buffer_alloc_free( void *ptr ) heap.total_used -= hdr->size; #endif +#if defined(MBEDTLS_MEMORY_BACKTRACE) + free( hdr->trace ); + hdr->trace = NULL; + hdr->trace_count = 0; +#endif + // Regroup with block before // if( hdr->prev != NULL && hdr->prev->alloc == 0 ) @@ -432,9 +438,6 @@ static void buffer_alloc_free( void *ptr ) if( hdr->next != NULL ) hdr->next->prev = hdr; -#if defined(MBEDTLS_MEMORY_BACKTRACE) - free( old->trace ); -#endif memset( old, 0, sizeof(memory_header) ); } @@ -474,9 +477,6 @@ static void buffer_alloc_free( void *ptr ) if( hdr->next != NULL ) hdr->next->prev = hdr; -#if defined(MBEDTLS_MEMORY_BACKTRACE) - free( old->trace ); -#endif memset( old, 0, sizeof(memory_header) ); } @@ -491,11 +491,6 @@ static void buffer_alloc_free( void *ptr ) heap.first_free = hdr; } -#if defined(MBEDTLS_MEMORY_BACKTRACE) - hdr->trace = NULL; - hdr->trace_count = 0; -#endif - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 ) mbedtls_exit( 1 ); } From c1d2eb3fd692810d782916af66f457369ffb12c2 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 15:52:52 +0100 Subject: [PATCH 233/399] Adds line number substitution in test cases Expanded generate_code.pl to substitute !LINE_NO! in test cases. --- tests/scripts/generate_code.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 93c003b01..9c595917e 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -95,6 +95,8 @@ for my $line (@test_cases_lines) { $line = $line."#line $index \"$test_case_file\"\n"; } + $line =~ s/!LINE_NO!/$index/; + $test_cases = $test_cases.$line; $index++; } From 43dba3d94e3be8e4f8a300e084c2b0b038ae9e9a Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:31:51 +0100 Subject: [PATCH 234/399] Fixes off by 1 error reported in line number errors --- tests/scripts/generate_code.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 9c595917e..e940b5a1a 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -77,7 +77,7 @@ close(TEST_HELPERS); open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!"; my @test_main_lines = split/^/, ; my $test_main; -my $index = 1; +my $index = 2; for my $line (@test_main_lines) { $line =~ s/!LINE_NO!/$index/; $test_main = $test_main.$line; @@ -88,7 +88,7 @@ close(TEST_MAIN); open(TEST_CASES, "$test_case_file") or die "Opening test cases '$test_case_file': $!"; my @test_cases_lines = split/^/, ; my $test_cases; -my $index = 1; +my $index = 2; for my $line (@test_cases_lines) { if ($line =~ /^\/\* BEGIN_CASE .*\*\//) { From 31a6c491397ec70c0effa34947e3488f18a4ad0a Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:32:44 +0100 Subject: [PATCH 235/399] Adds reporting of file/line no. in failed tests Tests in tests/suites will now report the file and line number of failed test assertions. --- tests/suites/helpers.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index cc9ab7c42..31b8f586f 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -57,7 +57,7 @@ typedef UINT32 uint32_t; do { \ if( ! (TEST) ) \ { \ - test_fail( #TEST ); \ + test_fail( #TEST, __LINE__, __FILE__ ); \ goto exit; \ } \ } while( 0 ) @@ -348,11 +348,11 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -static void test_fail( const char *test ) +static void test_fail( const char *test, int line_no, char* filename ) { test_errors++; if( test_errors == 1 ) mbedtls_printf( "FAILED\n" ); - mbedtls_printf( " %s\n", test ); + mbedtls_printf( " %s\n at line %d, %s\n", test, line_no, filename ); } From 37f2620db68081c5131fa2798b6bdfb50dcbc27f Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:58:19 +0100 Subject: [PATCH 236/399] Adds line numbering in errors for test helpers Adds to the 'generate_code.pl' tool, support to insert line numbers before test suite helper code. --- tests/scripts/generate_code.pl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index e940b5a1a..49af2db7f 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -90,6 +90,11 @@ my @test_cases_lines = split/^/, ; my $test_cases; my $index = 2; for my $line (@test_cases_lines) { + if ($line =~ /^\/\* BEGIN_SUITE_HELPERS .*\*\//) + { + $line = $line."#line $index \"$test_case_file\"\n"; + } + if ($line =~ /^\/\* BEGIN_CASE .*\*\//) { $line = $line."#line $index \"$test_case_file\"\n"; From 5be3a256919f06da30bebf4a6754b5c9a29e98c6 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 22:15:42 +0100 Subject: [PATCH 237/399] Clarifies documentation on reported memory statistics --- include/mbedtls/memory_buffer_alloc.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h index 661bc08dc..d5df316fd 100644 --- a/include/mbedtls/memory_buffer_alloc.h +++ b/include/mbedtls/memory_buffer_alloc.h @@ -98,8 +98,10 @@ void mbedtls_memory_buffer_alloc_status( void ); /** * \brief Get the peak heap usage so far * - * \param max_used Peak number of bytes reauested by the application - * \param max_blocks Peak number of blocks reauested by the application + * \param max_used Peak number of bytes in use or committed. This + * includes bytes in allocated blocks too small to split + * into smaller blocks but larger than the requested size. + * \param max_blocks Peak number of blocks in use, including free and used */ void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); @@ -111,8 +113,10 @@ void mbedtls_memory_buffer_alloc_max_reset( void ); /** * \brief Get the current heap usage * - * \param cur_used Number of bytes reauested by the application - * \param cur_blocks Number of blocks reauested by the application + * \param cur_used Current number of bytes in use or committed. This + * includes bytes in allocated blocks too small to split + * into smaller blocks but larger than the requested size. + * \param cur_blocks Current number of blocks in use, including free and used */ void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); #endif /* MBEDTLS_MEMORY_DEBUG */ From a0ed709f05c41f321bbe3ed76779c7f047c293c4 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 23:25:02 +0100 Subject: [PATCH 238/399] Additional tests to test stack buffer allocator Adds additional tests to the test suite for memory_buffer_alloc.c --- .../test_suite_memory_buffer_alloc.data | 16 ++ .../test_suite_memory_buffer_alloc.function | 218 ++++++++++++++++++ 2 files changed, 234 insertions(+) diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data index a0b046010..8d3813a7b 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.data +++ b/tests/suites/test_suite_memory_buffer_alloc.data @@ -1,2 +1,18 @@ Memory buffer alloc self test mbedtls_memory_buffer_alloc_self_test: + +Memory buffer alloc - free in middle, alloc at end +memory_buffer_alloc_free_alloc:100:100:100:0:0:1:0:0:200:0 + +Memory buffer alloc - free in middle, realloc +memory_buffer_alloc_free_alloc:100:100:100:0:0:1:0:0:100:0 + +Memory buffer alloc - free in middle, merge, realloc +memory_buffer_alloc_free_alloc:100:100:100:100:0:1:1:0:201:0 + +Memory buffer alloc - free at end, merge, realloc +memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0 + +Memory buffer alloc - Out of Memory test +memory_buffer_alloc_oom_test: + diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index 59b06431b..a36dbc3d1 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/memory_buffer_alloc.h" #define TEST_SUITE_MEMORY_BUFFER_ALLOC + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -8,9 +9,226 @@ * END_DEPENDENCIES */ +/* BEGIN_SUITE_HELPERS */ +static int check_pointer( void *p ) +{ + if( p == NULL ) + return( -1 ); + + if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 ) + return( -1 ); + + return( 0 ); +} +/* END_SUITE_HELPERS */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void mbedtls_memory_buffer_alloc_self_test( ) { TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 0 ) == 0 ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes, + int d_bytes, + int free_a, int free_b, int free_c, + int free_d, + int e_bytes, int f_bytes ) +{ + unsigned char buf[1024]; + unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL, + *ptr_e = NULL, *ptr_f = NULL; + + size_t reported_blocks; + size_t allocated_bytes = 0, reported_bytes; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + + mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS ); + + if( a_bytes > 0 ) + { + ptr_a = mbedtls_calloc( a_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_a ) == 0 ); + + allocated_bytes += a_bytes * sizeof(char); + } + + if( b_bytes > 0 ) + { + ptr_b = mbedtls_calloc( b_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_b ) == 0 ); + + allocated_bytes += b_bytes * sizeof(char); + } + + if( c_bytes > 0 ) + { + ptr_c = mbedtls_calloc( c_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_c ) == 0 ); + + allocated_bytes += c_bytes * sizeof(char); + } + + if( d_bytes > 0 ) + { + ptr_d = mbedtls_calloc( d_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_d ) == 0 ); + + allocated_bytes += d_bytes * sizeof(char); + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == allocated_bytes ); + + if( free_a ) + { + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= a_bytes * sizeof(char); + } + + if( free_b ) + { + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= b_bytes * sizeof(char); + } + + if( free_c ) + { + mbedtls_free( ptr_c ); + ptr_c = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= c_bytes * sizeof(char); + } + + if( free_d ) + { + mbedtls_free( ptr_d ); + ptr_d = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= d_bytes * sizeof(char); + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == allocated_bytes ); + + if( e_bytes > 0 ) + { + ptr_e = mbedtls_calloc( e_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_e ) == 0 ); + } + + if( f_bytes > 0 ) + { + ptr_f = mbedtls_calloc( f_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_f ) == 0 ); + } + + /* Once blocks are reallocated, the block allocated to the memory request + * may be bigger than the request itself, which is indicated by the reported + * bytes, and makes it hard to know what the reported size will be, so + * we don't check the size after blocks have been reallocated. */ + + if( ptr_a != NULL ) + { + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_b != NULL ) + { + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_c != NULL ) + { + mbedtls_free( ptr_c ); + ptr_c = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_d != NULL ) + { + mbedtls_free( ptr_d ); + ptr_d = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_e != NULL ) + { + mbedtls_free( ptr_e ); + ptr_e = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_f != NULL ) + { + mbedtls_free( ptr_f ); + ptr_f = NULL; + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 0 ); + + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + +exit: + mbedtls_memory_buffer_alloc_free( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_alloc_oom_test() +{ + unsigned char buf[1024]; + unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL; + size_t reported_blocks, reported_bytes; + + (void)ptr_c; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + + mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS ); + + ptr_a = mbedtls_calloc( 432, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_a ) == 0 ); + + ptr_b = mbedtls_calloc( 432, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_b ) == 0 ); + + ptr_c = mbedtls_calloc( 431, sizeof(char) ); + TEST_ASSERT( ptr_c == NULL ); + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 864 ); + + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 0 ); + + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + +exit: + mbedtls_memory_buffer_alloc_free( ); +} +/* END_CASE */ + From 7e8a6fb78ca8e2b0fa4bbf37dfc19c78e0cdb37f Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 2 May 2016 11:06:47 +0200 Subject: [PATCH 239/399] Fix minor doc issue --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 67c62b744..96643eb46 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -976,7 +976,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, * pointers and data. * * \param ssl SSL context - * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED, + * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED, MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or * MBEDTLS_ERR_SSL_COMPRESSION_FAILED */ From d96924de9c1f0357804cd68075e47f0e0f7f5a0a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 6 May 2016 00:22:18 +0100 Subject: [PATCH 240/399] Widens test parameters in memory alloc tests --- tests/suites/helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 31b8f586f..f0d052013 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -348,7 +348,7 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -static void test_fail( const char *test, int line_no, char* filename ) +static void test_fail( const char *test, int line_no, const char* filename ) { test_errors++; if( test_errors == 1 ) From 00efff74691373b0cfd939d4b824f400d7a8c70e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 6 May 2016 13:48:23 +0100 Subject: [PATCH 241/399] Add a test for SSLv3 with extensions, server side This test verifies if the server parses or sends extensions when the protocol is SSLv3. --- tests/ssl-opt.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c08af7b04..1a91f7a6e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -715,7 +715,7 @@ run_test "Encrypt then MAC: client enabled, server SSLv3" \ "$P_CLI debug_level=3 min_version=ssl3" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ - -s "found encrypt then mac extension" \ + -S "found encrypt then mac extension" \ -S "server hello, adding encrypt then mac extension" \ -C "found encrypt_then_mac extension" \ -C "using encrypt then mac" \ @@ -774,7 +774,7 @@ run_test "Extended Master Secret: client enabled, server SSLv3" \ "$P_CLI debug_level=3 min_version=ssl3" \ 0 \ -c "client hello, adding extended_master_secret extension" \ - -s "found extended master secret extension" \ + -S "found extended master secret extension" \ -S "server hello, adding extended master secret extension" \ -C "found extended_master_secret extension" \ -C "using extended master secret" \ @@ -2848,6 +2848,16 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \ 0 \ -s "Read from client: 1 bytes read" +# A test for extensions in SSLv3 + +requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +run_test "SSLv3 with extensions, server side" \ + "$P_SRV min_version=ssl3 debug_level=3" \ + "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \ + 0 \ + -S "dumping 'client hello extensions'" \ + -S "server hello, total extension length:" + # Test for large packets requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 From 1aa590a1e4e5b4eaa91534958e47d9888b3d2864 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 9 May 2016 14:36:33 +0100 Subject: [PATCH 242/399] Add check to prevent enabling of RSA without selecting PKCS version(s) --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b6448ecef..8c0c68986 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -362,6 +362,11 @@ #error "MBEDTLS_RSA_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) || \ + !defined(MBEDTLS_PKCS1_V15) ) +#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled" +#endif + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) #error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" From d9dcd4321bdbe119b55b7556292ff0b06f8246b2 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 9 May 2016 15:13:04 +0100 Subject: [PATCH 243/399] Fix logic to allow at least one PKCS version enabled --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8c0c68986..d31555df7 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -362,7 +362,7 @@ #error "MBEDTLS_RSA_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) || \ +#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \ !defined(MBEDTLS_PKCS1_V15) ) #error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled" #endif From 6507891e65e7f8aabc08f0e0196ebdd1f1b9891a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 10:50:43 +0100 Subject: [PATCH 244/399] Add ability to only run select numbered tests in ssl-opt.sh In order to reduce debugging time, allows you to only run interesting tests (by number) from the commandline. e.g. the command 'tests/ssl-opt.sh -n 246,258' will only run test 246 and 258 (as per the number in the log file names) --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c08af7b04..d8df4ea87 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -33,12 +33,15 @@ MEMCHECK=0 FILTER='.*' EXCLUDE='^$' +RUN_TEST_NUMBER='' + print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" printf " -m|--memcheck\tCheck memory leaks and errors.\n" printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n" printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" + printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" } get_options() { @@ -53,6 +56,9 @@ get_options() { -m|--memcheck) MEMCHECK=1 ;; + -n|--number) + shift; RUN_TEST_NUMBER=$1 + ;; -h|--help) print_usage exit 0 @@ -293,6 +299,13 @@ run_test() { print_name "$NAME" + # Do we only run numbered tests? + if [ "X$RUN_TEST_NUMBER" = "X" ]; then : + elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then : + else + SKIP_NEXT="YES" + fi + # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then SKIP_NEXT="NO" From 9911faa1b42dda8ec5fc8938f4e8791829a5d99c Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 11:18:17 +0100 Subject: [PATCH 245/399] Add option to print test numbers in ssl-opt.sh output Allows for easy selection of tests based on numbers for use with the '-n' option --- tests/ssl-opt.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d8df4ea87..37fad8640 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -33,6 +33,7 @@ MEMCHECK=0 FILTER='.*' EXCLUDE='^$' +SHOW_TEST_NUMBER=0 RUN_TEST_NUMBER='' print_usage() { @@ -42,6 +43,7 @@ print_usage() { printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n" printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" + printf " -s|--show-numbers\tShow test numbers in front of test names\n" } get_options() { @@ -59,6 +61,9 @@ get_options() { -n|--number) shift; RUN_TEST_NUMBER=$1 ;; + -s|--show-numbers) + SHOW_TEST_NUMBER=1 + ;; -h|--help) print_usage exit 0 @@ -143,12 +148,19 @@ needs_more_time() { # print_name print_name() { - printf "$1 " - LEN=$(( 72 - `echo "$1" | wc -c` )) + TESTS=$(( $TESTS + 1 )) + LINE="" + + if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then + LINE="$TESTS " + fi + + LINE="$LINE$1" + printf "$LINE " + LEN=$(( 72 - `echo "$LINE" | wc -c` )) for i in `seq 1 $LEN`; do printf '.'; done printf ' ' - TESTS=$(( $TESTS + 1 )) } # fail From 73b851d23b3d16515deca8ac0374b2df1d262d39 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 11:47:13 +0100 Subject: [PATCH 246/399] Add option to preserve all logs in ssl-opt.sh Useful to also allow saving of correct logs in order to compare differences with failed logs --- tests/ssl-opt.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 37fad8640..e61025149 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -36,6 +36,8 @@ EXCLUDE='^$' SHOW_TEST_NUMBER=0 RUN_TEST_NUMBER='' +PRESERVE_LOGS=0 + print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" @@ -44,6 +46,7 @@ print_usage() { printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" + printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" } get_options() { @@ -64,6 +67,9 @@ get_options() { -s|--show-numbers) SHOW_TEST_NUMBER=1 ;; + -p|--preserve-logs) + PRESERVE_LOGS=1 + ;; -h|--help) print_usage exit 0 @@ -485,6 +491,11 @@ run_test() { # if we're here, everything is ok echo "PASS" + if [ "$PRESERVE_LOGS" -gt 0 ]; then + mv $SRV_OUT o-srv-${TESTS}.log + mv $CLI_OUT o-cli-${TESTS}.log + fi + rm -f $SRV_OUT $CLI_OUT $PXY_OUT } From 295639bfa1c077cac8fa320cd82befc78762750f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 19:39:36 +0100 Subject: [PATCH 247/399] Fixes minor typos in comments in pk.h and ctr_drbg.c Fixes typos in PRs #475 and #437 --- include/mbedtls/pk.h | 7 ++++--- library/ctr_drbg.c | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 458bb512a..f9f9b9bb0 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -496,11 +496,12 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, * \brief Load and parse a public key * * \param ctx key to be initialized - * \param path filename to read the private key from + * \param path filename to read the public key from * * \note On entry, ctx must be empty, either freshly initialised - * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a - * specific key type, check the result with mbedtls_pk_can_do(). + * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If + * you need a specific key type, check the result with + * mbedtls_pk_can_do(). * * \note The key is also checked for correctness. * diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index aefddfa1d..6962d68b9 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -67,7 +67,7 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) } /* - * Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST + * Non-public function wrapped by mbedtls_ctr_drbg_init(). Necessary to allow NIST * tests to succeed (which require known length fixed entropy) */ int mbedtls_ctr_drbg_seed_entropy_len( From e9f25c8a60b27fe4b3b9244ada24ba72d0b43a34 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 20:57:03 +0100 Subject: [PATCH 248/399] Widens test bounds on memory alloc tests --- tests/suites/test_suite_memory_buffer_alloc.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index a36dbc3d1..04dd68bec 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -212,7 +212,7 @@ void memory_buffer_alloc_oom_test() TEST_ASSERT( ptr_c == NULL ); mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); - TEST_ASSERT( reported_bytes == 864 ); + TEST_ASSERT( reported_bytes >= 864 && reported_bytes <= sizeof(buf) ); mbedtls_free( ptr_a ); ptr_a = NULL; From 699d7193a18afbc72699ca955827a9855e2523b9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 21:16:54 +0100 Subject: [PATCH 249/399] Disables backtrace config from basic-build-test.sh The configuration MBEDTLS_MEMORY_BACKTRACE is intended for debug and is not necessary for test coverage. Because it causes timing problems in some tests the configuration has been removed as it's not present in equivalent tests in the all.sh test script. --- tests/scripts/basic-build-test.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index d13a8e4ed..d961230ed 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -39,6 +39,7 @@ fi export CFLAGS=' --coverage -g3 -O0 ' make clean scripts/config.pl full +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE make From bc4d9c1faae077a79234b118b1eb0e8049ae0213 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 21:16:54 +0100 Subject: [PATCH 250/399] Disables backtrace config from basic-build-test.sh The configuration MBEDTLS_MEMORY_BACKTRACE is intended for debug and is not necessary for test coverage. Because it causes timing problems in some tests the configuration has been removed as it's not present in equivalent tests in the all.sh test script. --- tests/scripts/basic-build-test.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index d13a8e4ed..d961230ed 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -39,6 +39,7 @@ fi export CFLAGS=' --coverage -g3 -O0 ' make clean scripts/config.pl full +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE make From 71c7ac55973b409205f75a08cc45429538050bbf Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 23:47:30 +0100 Subject: [PATCH 251/399] Corrects incorrectly named function in ctr_drbg.c comment --- library/ctr_drbg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 6962d68b9..386f8adb0 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -67,8 +67,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) } /* - * Non-public function wrapped by mbedtls_ctr_drbg_init(). Necessary to allow NIST - * tests to succeed (which require known length fixed entropy) + * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow + * NIST tests to succeed (which require known length fixed entropy) */ int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *ctx, From 17ddff5eafeef9947c68f799e43515860da072e3 Mon Sep 17 00:00:00 2001 From: Embedthis Software Date: Thu, 10 Sep 2015 11:45:13 -0700 Subject: [PATCH 252/399] Fix single threaded builds --- include/mbedtls/threading.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index c39cbf24d..b416d478a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -81,6 +81,7 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * void mbedtls_threading_free_alt( void ); #endif /* MBEDTLS_THREADING_ALT */ +#if defined(MBEDTLS_THREADING_C) /* * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock * @@ -96,6 +97,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif #ifdef __cplusplus } From e049ccd40595961da7e1dfb448923aea1f84f715 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 16:17:27 +0100 Subject: [PATCH 253/399] Add end guard comment --- include/mbedtls/threading.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index b416d478a..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,7 +97,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif +#endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus } From 2dd49d1e47dad8bbd98d27694334d1e82d802690 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 11 May 2016 23:15:58 +0100 Subject: [PATCH 254/399] Reverts change in commit daf534d Commit daf534d from PR #457 breaks the build. This may reintroduce a clang-analyse warning, but this is the wrong fix for that. The fix removed a call to mbedtls_ecp_curve_info_from_grp_id() to find the curve info. This fix adds that back in. --- library/ssl_cli.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 509484e36..cd39db027 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -267,6 +267,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) { + info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); #else for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { From d1fe7aabc92fb67efe6a7ed20a61e47f58623576 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 12:46:02 +0100 Subject: [PATCH 255/399] Put clang analyzer fix inside __clang_analyzer__ guard --- programs/hash/generic_sum.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 7805a79bc..d1e81d491 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -83,8 +83,13 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename ) int nb_err1, nb_err2; int nb_tot1, nb_tot2; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }, line[1024]; + char line[1024]; char diff; +#if defined(__clang_analyzer__) + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }; +#else + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1]; +#endif if( ( f = fopen( filename, "rb" ) ) == NULL ) { From 21cc5741cf5a40585a1ca855ab24cfbadb074a54 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 12:46:28 +0100 Subject: [PATCH 256/399] Cleanup ifdef statements --- library/rsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 9386a762f..a6cc19b2f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -804,7 +804,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int ret; size_t ilen, pad_count = 0, i; unsigned char *p, bad, pad_done = 0; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else @@ -1193,7 +1193,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, size_t slen, msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else @@ -1340,7 +1340,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, mbedtls_md_type_t msg_md_alg; const mbedtls_md_info_t *md_info; mbedtls_asn1_buf oid; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else From 6e5191518727d1d32fa1d863efa22eb32a238078 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:52:48 +0100 Subject: [PATCH 257/399] Fix verbose test framework mote to use unmet_dep_count for index --- tests/suites/main_test.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index c5d6cd86b..edc9944b6 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -357,8 +357,8 @@ int main(int argc, const char *argv[]) { if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) { - unmet_dependencies[ i-1 ] = strdup(params[i]); - if( unmet_dependencies[ i-1 ] == NULL ) + unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); + if( unmet_dependencies[ unmet_dep_count ] == NULL ) { mbedtls_printf("FATAL: Out of memory\n"); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); From 2a259c63e359d85234528e78de18746a13382f34 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:55:37 +0100 Subject: [PATCH 258/399] Fox verbose test framework not to duplicate strings if not verbose --- tests/suites/main_test.function | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index edc9944b6..e8577d22a 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -357,6 +357,13 @@ int main(int argc, const char *argv[]) { if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) { + if( 0 == option_verbose ) + { + /* Only one count is needed if not verbose */ + unmet_dep_count++; + break; + } + unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); if( unmet_dependencies[ unmet_dep_count ] == NULL ) { From 53f01199e2f2fbcf22e556d2ce7370dfaa352828 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:59:48 +0100 Subject: [PATCH 259/399] Fix memory-leak in verbose test framework in case of unexpected input --- tests/suites/main_test.function | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index e8577d22a..f18248578 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -321,6 +321,9 @@ int main(int argc, const char *argv[]) testfile_index < testfile_count; testfile_index++ ) { + int unmet_dep_count = 0; + char *unmet_dependencies[20]; + test_filename = test_files[ testfile_index ]; file = fopen( test_filename, "r" ); @@ -333,8 +336,12 @@ int main(int argc, const char *argv[]) while( !feof( file ) ) { - int unmet_dep_count = 0; - char *unmet_dependencies[20]; + if( unmet_dep_count > 0 ) + { + mbedtls_printf("FATAL: Dep count larger than zero at start of loop\n"); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); + } + unmet_dep_count = 0; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; @@ -399,16 +406,17 @@ int main(int argc, const char *argv[]) if( 1 == option_verbose && unmet_dep_count > 0 ) { mbedtls_fprintf( stdout, " Unmet dependencies: " ); - while( unmet_dep_count > 0) + for( i = 0; i < unmet_dep_count; i++ ) { mbedtls_fprintf(stdout, "%s ", - unmet_dependencies[unmet_dep_count - 1]); - free(unmet_dependencies[unmet_dep_count - 1]); - unmet_dep_count--; + unmet_dependencies[i]); + free(unmet_dependencies[i]); } mbedtls_fprintf( stdout, "\n" ); } fflush( stdout ); + + unmet_dep_count = 0; } else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) { @@ -434,6 +442,10 @@ int main(int argc, const char *argv[]) } } fclose(file); + + /* In case we encounter early end of file */ + for( i = 0; i < unmet_dep_count; i++ ) + free( unmet_dependencies[i] ); } mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n"); From 8f0e4c263a4f3a88c11d73920a399a353a0ae64f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 16:38:27 +0100 Subject: [PATCH 260/399] Amended ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 3b32873b2..069966041 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,7 @@ Bugfix * Fix issue that caused a crash if invalid curves were passed to mbedtls_ssl_conf_curves. #373 * Fix issue in ssl_fork_server which was preventing it from functioning. #429 + * Fix memory leaks in test framework Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From 629c1ad3981fcca53934c8a49351ca238bdd0318 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:16:46 +0100 Subject: [PATCH 261/399] Add fix to ignore valgrind messages related to compressed debug symbols The glibc package recently enabled compressed debug symbols but valgrind doesn't support them yet. Results in messages like: --14923-- WARNING: Serious error when reading debug info --14923-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.21.so: --14923-- Ignoring non-Dwarf2/3/4 block in .debug_info First line has 'error' in it which triggers some of the ssl-opt tests --- tests/ssl-opt.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c08af7b04..7cf31156d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -408,32 +408,33 @@ run_test() { # check other assertions # lines beginning with == are added by valgrind, ignore them + # lines with 'Serious error when reading debug info', are valgrind issues as well while [ $# -gt 0 ] do case $1 in "-s") - if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else + if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else fail "-s $2" return fi ;; "-c") - if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else + if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else fail "-c $2" return fi ;; "-S") - if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then + if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then fail "-S $2" return fi ;; "-C") - if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then + if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then fail "-C $2" return fi From b8c8018343fbef0f82f128edeefb94468188a2e0 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:33:25 +0100 Subject: [PATCH 262/399] Split test into valgrind and no-valgrind version Running valgrind on: "DTLS client reconnect from same port: reconnect, nbio" results in timeouts. New version added that runs only under valgrind. Original only runs when valgrind is not used --- tests/ssl-opt.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7cf31156d..536add274 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -130,6 +130,13 @@ not_with_valgrind() { fi } +# skip the next test if valgrind is NOT in use +only_with_valgrind() { + if [ "$MEMCHECK" -eq 0 ]; then + SKIP_NEXT="YES" + fi +} + # multiply the client timeout delay by the given factor for the next test needs_more_time() { CLI_DELAY_FACTOR=$1 @@ -3049,13 +3056,22 @@ run_test "DTLS client reconnect from same port: reconnect" \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" -run_test "DTLS client reconnect from same port: reconnect, nbio" \ +not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) +run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 0 \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" +only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout +run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ + "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ + "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ + 0 \ + -S "The operation timed out" \ + -s "Client initiated reconnection from same port" + run_test "DTLS client reconnect from same port: no cookies" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ From f8e3794792a178d6addda6e72178cbb99d0d6a76 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:50:41 +0100 Subject: [PATCH 263/399] Update ChangeLog to reflect --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 069966041..daa6e503c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,7 @@ Bugfix mbedtls_ssl_conf_curves. #373 * Fix issue in ssl_fork_server which was preventing it from functioning. #429 * Fix memory leaks in test framework + * Fix test in ssl-opt.sh that does not run properly with valgrind Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From db0feca55c837600057636ed8e02fb8d0dd27ddf Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 17 May 2016 00:03:14 +0100 Subject: [PATCH 264/399] Fixes platform time_t abstraction Fixes platform abstraction in error.c and the file that it's generated from as well as DTLS samples. --- include/mbedtls/platform.h | 2 ++ library/error.c | 1 + programs/ssl/dtls_client.c | 1 + programs/ssl/dtls_server.c | 1 + scripts/data_files/error.fmt | 1 + 5 files changed, 6 insertions(+) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 039cb587a..fc3672cbe 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -237,6 +237,8 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; #else +/* For time_t */ +#include typedef time_t mbedtls_time_t; #endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ diff --git a/library/error.c b/library/error.c index debda1d78..4718b514d 100644 --- a/library/error.c +++ b/library/error.c @@ -34,6 +34,7 @@ #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf +#define mbedtls_time_t time_t #endif #if defined(MBEDTLS_ERROR_C) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index b37eb838c..14fb61202 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,6 +31,7 @@ #include #define mbedtls_printf printf #define mbedtls_fprintf fprintf +#define mbedtls_time_t time_t #endif #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index df0fc780a..1d6eb3bea 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -31,6 +31,7 @@ #include #define mbedtls_printf printf #define mbedtls_fprintf fprintf +#define mbedtls_time_t time_t #endif #if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index bd6ef0138..a08742c83 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -34,6 +34,7 @@ #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf +#define mbedtls_time_t time_t #endif #if defined(MBEDTLS_ERROR_C) From edb7fd9d760006de672557176a858cf8e03b7418 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 17 May 2016 13:35:51 +0100 Subject: [PATCH 265/399] Fixes stdlib.h dependencies in test suites Moved stdlib.h in test suites, so platforms that don't support MBEDTLS_PLATFORM_C would build. --- tests/suites/helpers.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index edf1d12b3..d12be75ce 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -2,11 +2,12 @@ /*----------------------------------------------------------------------------*/ /* Headers */ +#include + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include -#include #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_calloc calloc From a8a318db45234b791b9afab13ec76cca9263b326 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Wed, 18 May 2016 14:38:02 -0700 Subject: [PATCH 266/399] fix indentation in output of selftest.c --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 9386a762f..3f41840e1 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1688,7 +1688,7 @@ int mbedtls_rsa_self_test( int verbose ) #if defined(MBEDTLS_SHA1_C) if( verbose != 0 ) - mbedtls_printf( "PKCS#1 data sign : " ); + mbedtls_printf( " PKCS#1 data sign : " ); mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); From 7ee51c626aa1a867ced0ebb3afe1470ee01f19a7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 00:22:37 +0100 Subject: [PATCH 267/399] Fixes whitespace errors in x509_crl.c --- library/x509_crl.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index 125a77399..7b2b4733b 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -502,14 +502,15 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s { mbedtls_pem_init( &pem ); - /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( buflen == 0 || buf[buflen - 1] != '\0' ) - ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len ); + // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated + // string + if( buflen == 0 || buf[buflen - 1] != '\0' ) + ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; + else + ret = mbedtls_pem_read_buffer( &pem, + "-----BEGIN X509 CRL-----", + "-----END X509 CRL-----", + buf, NULL, 0, &use_len ); if( ret == 0 ) { From 99239d6ff1cb28fbfb5ce4622507e2c43cb66987 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 22:12:18 +0100 Subject: [PATCH 268/399] Fixes RC4 config dependencies in tests in ssl-opt.h Adds dependencies on MBEDTLS_REMOVE_ARC4_CIPHERSUITES for tests that require RC4 to be disabled (the default config). --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b939c7158..d926d718a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -611,12 +611,14 @@ run_test "Default, DTLS" \ # Tests for rc4 option +requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES run_test "RC4: server disabled, client enabled" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1 \ -s "SSL - The server has no ciphersuites in common" +requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES run_test "RC4: server half, client enabled" \ "$P_SRV arc4=1" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ From 7c0ad8b8cf665afa434c1581f89ff83f5fe55322 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 22:15:34 +0100 Subject: [PATCH 269/399] Adds parallel builds to basic-build-test.sh To speed up test time, added parallel builds --- tests/scripts/basic-build-test.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index d961230ed..010c0c67f 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -2,6 +2,8 @@ # basic-build-tests.sh # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2016, ARM Limited, All Rights Reserved # # Purpose @@ -40,7 +42,7 @@ export CFLAGS=' --coverage -g3 -O0 ' make clean scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE -make +make -j # Step 2 - Execute the tests From 80d70cb4681771bb3b0f1c4254a55f3084549eb4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 23:43:11 +0100 Subject: [PATCH 270/399] Updates copyright and attribution in comment header in ssl-opt.sh --- tests/ssl-opt.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d926d718a..07627b01c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1,12 +1,23 @@ #!/bin/sh -# Test various options that are not covered by compat.sh +# ssl-opt.sh # -# Here the goal is not to cover every ciphersuite/version, but -# rather specific options (max fragment length, truncated hmac, etc) -# or procedures (session resumption from cache or ticket, renego, etc). +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Executes tests to prove various TLS/SSL options and extensions. +# +# The goal is not to cover every ciphersuite/version, but instead to cover +# specific options (max fragment length, truncated hmac, etc) or procedures +# (session resumption from cache or ticket, renego, etc). +# +# The tests assume a build with default options, with exceptions expressed +# with a dependency. The tests focus on functionality and do not consider +# performance. # -# Assumes a build with default options. set -u From 3b36bd12f6f2aa7fa271371502f19c31683e2175 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 20 May 2016 00:00:37 +0100 Subject: [PATCH 271/399] Adds casts to zeroize functions to allow building as C++ --- library/aes.c | 2 +- library/arc4.c | 2 +- library/asn1parse.c | 2 +- library/blowfish.c | 2 +- library/camellia.c | 2 +- library/ccm.c | 2 +- library/cipher.c | 2 +- library/des.c | 2 +- library/sha1.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/aes.c b/library/aes.c index ec9313de3..36660306e 100644 --- a/library/aes.c +++ b/library/aes.c @@ -56,7 +56,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/arc4.c b/library/arc4.c index ff0e993e7..05b33d3fd 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -49,7 +49,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) diff --git a/library/asn1parse.c b/library/asn1parse.c index b37523def..e59d2509f 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -45,7 +45,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/blowfish.c b/library/blowfish.c index 89be4d122..9003f0dfe 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -41,7 +41,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/camellia.c b/library/camellia.c index e015ca24b..d50513fd0 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -50,7 +50,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/ccm.c b/library/ccm.c index 3463a0b32..13a8fd1a2 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -51,7 +51,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } #define CCM_ENCRYPT 0 diff --git a/library/cipher.c b/library/cipher.c index ccc068503..0dc51520f 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -51,7 +51,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } static int supported_init = 0; diff --git a/library/des.c b/library/des.c index 61f214af3..09f95cfc3 100644 --- a/library/des.c +++ b/library/des.c @@ -50,7 +50,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/sha1.c b/library/sha1.c index 8c77cbaa8..2ccf2a2f5 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -49,7 +49,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* From 12833ed3c82acee7509587029d755fe10be2fc10 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 20 May 2016 00:19:09 +0100 Subject: [PATCH 272/399] Adds additional casts to calloc calls Casts added to allow compilation of the library as C++ --- library/asn1parse.c | 3 ++- library/asn1write.c | 4 +++- library/bignum.c | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/library/asn1parse.c b/library/asn1parse.c index e59d2509f..ffa2f5299 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -269,7 +269,8 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p, /* Allocate and assign next pointer */ if( *p < end ) { - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1, + sizeof( mbedtls_asn1_sequence ) ); if( cur->next == NULL ) return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); diff --git a/library/asn1write.c b/library/asn1write.c index 00ed73c11..027c858e7 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -312,7 +312,9 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data { // Add new entry if not present yet based on OID // - if( ( cur = mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ) ) == NULL ) + cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1, + sizeof(mbedtls_asn1_named_data) ); + if( cur == NULL ) return( NULL ); cur->oid.len = oid_len; diff --git a/library/bignum.c b/library/bignum.c index 4536a3b86..4c99e04d6 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -120,7 +120,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) if( X->n < nblimbs ) { - if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL ) + if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); if( X->p != NULL ) @@ -158,7 +158,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) if( i < nblimbs ) i = nblimbs; - if( ( p = mbedtls_calloc( i, ciL ) ) == NULL ) + if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); if( X->p != NULL ) From 27f9ccc959d314d70646766693a1bdd3495875d8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 23 May 2016 11:13:17 +0100 Subject: [PATCH 273/399] Adds check for valgrind to ssl-opt.sh (#488) Provides graceful exit rather than fail silently if valgrind isn't installed. --- tests/ssl-opt.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 07627b01c..bfc603f9a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -551,6 +551,12 @@ if [ ! -x "$P_PXY" ]; then echo "Command '$P_PXY' is not an executable file" exit 1 fi +if [ "$MEMCHECK" -gt 0 ]; then + if which valgrind >/dev/null 2>&1; then :; else + echo "Memcheck not possible. Valgrind not found" + exit 1 + fi +fi if which $OPENSSL_CMD >/dev/null 2>&1; then :; else echo "Command '$OPENSSL_CMD' not found" exit 1 From c6dab2b029901c6e898eb6044df181faf076c1eb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 23 May 2016 14:27:02 +0100 Subject: [PATCH 274/399] Fix non compliance SSLv3 in server extension handling. The server code parses the client hello extensions even when the protocol is SSLv3 and this behaviour is non compliant with rfc6101. Also the server sends extensions in the server hello and omitting them may prevent interoperability problems. --- ChangeLog | 2 ++ library/ssl_srv.c | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3b32873b2..d9fce9234 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ Changes * Disabled SSLv3 in the default configuration. * Optimized mbedtls_mpi_zeroize() for MPI integer size. (Fix by Alexey Skalozub). + * Fix non-compliance server extension handling. Extensions for SSLv3 are now + ignored, as required by RFC6101. = mbed TLS 2.2.1 released 2016-01-05 diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9fc21a5ef..5a51cbbd2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1507,6 +1507,12 @@ read_record_header: ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL; #endif + /* Do not parse the extensions if the protocol is SSLv3 */ +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) + { +#endif + /* * Check the extension length */ @@ -1692,8 +1698,13 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } + } +#if defined(MBEDTLS_SSL_PROTO_SSL3) + } +#endif + #if defined(MBEDTLS_SSL_FALLBACK_SCSV) for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 ) { @@ -2363,6 +2374,12 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", ssl->session_negotiate->compression ) ); + /* Do not write the extensions if the protocol is SSLv3 */ +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) + { +#endif + /* * First write extensions, then the total length */ @@ -2419,6 +2436,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) p += ext_len; } +#if defined(MBEDTLS_SSL_PROTO_SSL3) + } +#endif + ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; From b19bac4d82d390003218efc15bd24d074d8fe8e8 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Sat, 14 Nov 2015 13:09:01 +0000 Subject: [PATCH 275/399] Allow test suites to be run on Windows For a start, they don't even compile with Visual Studio due to strcasecmp being missing. Secondly, on Windows Perl scripts aren't executable and have to be run using the Perl interpreter directly; thankfully CMake is able to find cygwin Perl straight away without problems. --- tests/CMakeLists.txt | 7 ++++++- tests/suites/helpers.function | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 1cca81830..23eb2a432 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -10,6 +10,11 @@ if(ENABLE_ZLIB_SUPPORT) set(libs ${libs} ${ZLIB_LIBRARIES}) endif(ENABLE_ZLIB_SUPPORT) +find_package(Perl) +if(NOT PERL_FOUND) + message(FATAL_ERROR "Cannot build test suites without Perl") +endif() + function(add_test_suite suite_name) if(ARGV1) set(data_name ${ARGV1}) @@ -19,7 +24,7 @@ function(add_test_suite suite_name) add_custom_command( OUTPUT test_suite_${data_name}.c - COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name} + COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name} DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl mbedtls suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data ) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index cc9ab7c42..8521b878c 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -28,6 +28,8 @@ #ifdef _MSC_VER #include typedef UINT32 uint32_t; +#define strncasecmp _strnicmp +#define strcasecmp _stricmp #else #include #endif From 5c1e24ca055c851953bf4a5b3215a27f9f54a00c Mon Sep 17 00:00:00 2001 From: James Cowgill Date: Thu, 17 Dec 2015 01:40:26 +0000 Subject: [PATCH 276/399] Fix build errors on x32 by using the generic 'add' instruction On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x registers (instead of %r?x registers). These registers must be accessed using "addl" instead of "addq", however the GNU assembler will acccept the generic "add" instruction and determine the correct opcode based on the registers passed to it. --- library/aesni.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/aesni.c b/library/aesni.c index 83a5868bd..1ca3c3ef5 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -100,7 +100,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, asm( "movdqu (%3), %%xmm0 \n\t" // load input "movdqu (%1), %%xmm1 \n\t" // load round key 0 "pxor %%xmm1, %%xmm0 \n\t" // round 0 - "addq $16, %1 \n\t" // point to next round key + "add $16, %1 \n\t" // point to next round key "subl $1, %0 \n\t" // normal rounds = nr - 1 "test %2, %2 \n\t" // mode? "jz 2f \n\t" // 0 = decrypt @@ -108,7 +108,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, "1: \n\t" // encryption loop "movdqu (%1), %%xmm1 \n\t" // load round key AESENC xmm1_xmm0 "\n\t" // do round - "addq $16, %1 \n\t" // point to next round key + "add $16, %1 \n\t" // point to next round key "subl $1, %0 \n\t" // loop "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key @@ -118,7 +118,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, "2: \n\t" // decryption loop "movdqu (%1), %%xmm1 \n\t" AESDEC xmm1_xmm0 "\n\t" // do round - "addq $16, %1 \n\t" + "add $16, %1 \n\t" "subl $1, %0 \n\t" "jnz 2b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key From c788b4cb5ae152b691d53cc3defc2e432dad45a9 Mon Sep 17 00:00:00 2001 From: James Cowgill Date: Thu, 17 Dec 2015 01:51:09 +0000 Subject: [PATCH 277/399] Fix segfault on x32 by using better register constraints in bn_mul.h On x32, pointers are only 4-bytes wide and need to be loaded using the "movl" instruction instead of "movq" to avoid loading garbage into the register. The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting gcc to load all the registers for us in advance (and storing them later) by using better register constraints. The b, c, D and S constraints correspond to the rbx, rcx, rdi and rsi registers respectively. --- include/mbedtls/bn_mul.h | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h index 1fc7aa68d..cac3f1457 100644 --- a/include/mbedtls/bn_mul.h +++ b/include/mbedtls/bn_mul.h @@ -162,10 +162,6 @@ #define MULADDC_INIT \ asm( \ - "movq %3, %%rsi \n\t" \ - "movq %4, %%rdi \n\t" \ - "movq %5, %%rcx \n\t" \ - "movq %6, %%rbx \n\t" \ "xorq %%r8, %%r8 \n\t" #define MULADDC_CORE \ @@ -181,12 +177,9 @@ "addq $8, %%rdi \n\t" #define MULADDC_STOP \ - "movq %%rcx, %0 \n\t" \ - "movq %%rdi, %1 \n\t" \ - "movq %%rsi, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" \ + : "+c" (c), "+D" (d), "+S" (s) \ + : "b" (b) \ + : "rax", "rdx", "r8" \ ); #endif /* AMD64 */ From c8404607eadef9748dfeb9388114eac6dedb9673 Mon Sep 17 00:00:00 2001 From: Alexey Skalozub Date: Wed, 13 Jan 2016 17:39:58 +0200 Subject: [PATCH 278/399] Move K inside MBEDTLS_SHA512_PROCESS_ALT block It is used only by `mbedtls_sha512_process()`, and in case `MBEDTLS_SHA512_PROCESS_ALT` is defined, it still cannot be reused because of `static` declaration. --- library/sha512.c | 95 ++++++++++++++++++++++++------------------------ 1 file changed, 48 insertions(+), 47 deletions(-) diff --git a/library/sha512.c b/library/sha512.c index af610bb43..0f9e1e535 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -89,53 +89,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { } #endif /* PUT_UINT64_BE */ -/* - * Round constants - */ -static const uint64_t K[80] = -{ - UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), - UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), - UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), - UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), - UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), - UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), - UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), - UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), - UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), - UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), - UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), - UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), - UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), - UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), - UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), - UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), - UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), - UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), - UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), - UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), - UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), - UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), - UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), - UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), - UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), - UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), - UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), - UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), - UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), - UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), - UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), - UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), - UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), - UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), - UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), - UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), - UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), - UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), - UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), - UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) -}; - void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) { memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); @@ -192,6 +145,54 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) } #if !defined(MBEDTLS_SHA512_PROCESS_ALT) + +/* + * Round constants + */ +static const uint64_t K[80] = +{ + UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), + UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), + UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), + UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), + UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), + UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), + UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), + UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), + UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), + UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), + UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), + UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), + UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), + UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), + UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), + UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), + UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), + UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), + UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), + UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), + UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), + UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), + UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), + UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), + UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), + UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), + UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), + UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), + UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), + UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), + UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), + UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), + UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), + UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), + UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), + UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), + UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), + UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), + UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), + UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) +}; + void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) { int i; From 2791ba1429947e4f699ea1d253db3815f2f33ff8 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 26 Jan 2016 11:39:26 +0100 Subject: [PATCH 279/399] Fix handle leak in mbedtls_platform_entropy_poll() on Windows on error --- library/entropy_poll.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 972ad2aea..e2f45c78a 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -67,7 +67,10 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len } if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE ) + { + CryptReleaseContext( provider, 0 ); return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + } CryptReleaseContext( provider, 0 ); *olen = len; From 91c68a5e150b096d59a879e0e04d2c8df2f96a3e Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:44:29 +0100 Subject: [PATCH 280/399] Shut up a clang-analyzer warning The function appears to be safe, since grow() is called with sensible arguments in previous functions. Ideally Clang would be clever enough to realise this. Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will cause the grow to fail, the affected lines in montmul won't be reached. Having this sanity check can hardly hurt though. --- library/bignum.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index d6f415c6f..4536a3b86 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1542,12 +1542,15 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) /* * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) */ -static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, +static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { size_t i, n, m; mbedtls_mpi_uint u0, u1, *d; + if( T->n < N->n + 1 || T->p == NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + memset( T->p, 0, T->n * ciL ); d = T->p; @@ -1575,12 +1578,14 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi else /* prevent timing attacks */ mpi_sub_hlp( n, A->p, T->p ); + + return( 0 ); } /* * Montgomery reduction: A = A * R^-1 mod N */ -static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; @@ -1588,7 +1593,7 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint U.n = U.s = (int) z; U.p = &z; - mpi_montmul( A, &U, N, mm, T ); + return( mpi_montmul( A, &U, N, mm, T ) ); } /* @@ -1665,13 +1670,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi else MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); - mpi_montmul( &W[1], &RR, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) ); /* * X = R^2 * R^-1 mod N = R mod N */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - mpi_montred( X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); if( wsize > 1 ) { @@ -1684,7 +1689,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); for( i = 0; i < wsize - 1; i++ ) - mpi_montmul( &W[j], &W[j], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) ); /* * W[i] = W[i - 1] * W[1] @@ -1694,7 +1699,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); - mpi_montmul( &W[i], &W[1], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) ); } } @@ -1731,7 +1736,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi /* * out of window, square X */ - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); continue; } @@ -1749,12 +1754,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi * X = X^wsize R^-1 mod N */ for( i = 0; i < wsize; i++ ) - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); /* * X = X * W[wbits] R^-1 mod N */ - mpi_montmul( X, &W[wbits], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) ); state--; nbits = 0; @@ -1767,18 +1772,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi */ for( i = 0; i < nbits; i++ ) { - mpi_montmul( X, X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); wbits <<= 1; if( ( wbits & ( one << wsize ) ) != 0 ) - mpi_montmul( X, &W[1], N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) ); } /* * X = A^E * R * R^-1 mod N = A^E mod N */ - mpi_montred( X, N, mm, &T ); + MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); if( neg ) { From e73530302698229589971c8af970c8a1b3e13222 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:48:25 +0100 Subject: [PATCH 281/399] Shut up a few clang-analyze warnings about use of uninitialized variables The functions are all safe, Clang just isn't clever enough to realise it. --- library/pkcs12.c | 2 +- library/rsa.c | 19 +++++++++++++++++-- programs/hash/generic_sum.c | 2 +- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/library/pkcs12.c b/library/pkcs12.c index 7023b9dbc..c603a1357 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -93,7 +93,7 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty unsigned char *key, size_t keylen, unsigned char *iv, size_t ivlen ) { - int ret, iterations; + int ret, iterations = 0; mbedtls_asn1_buf salt; size_t i; unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2]; diff --git a/library/rsa.c b/library/rsa.c index 18fc70212..9386a762f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -804,7 +804,12 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int ret; size_t ilen, pad_count = 0, i; unsigned char *p, bad, pad_done = 0; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1182,13 +1187,18 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int ret; size_t siglen; unsigned char *p; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char result[MBEDTLS_MD_MAX_SIZE]; unsigned char zeros[8]; unsigned int hlen; size_t slen, msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1327,10 +1337,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int ret; size_t len, siglen, asn1_len; unsigned char *p, *end; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; mbedtls_md_type_t msg_md_alg; const mbedtls_md_info_t *md_info; mbedtls_asn1_buf oid; +#ifdef __clang_analyzer__ + /* Shut up Clang, mbedtls_rsa_public/private writes to this */ + unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; +#else + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index f071d311e..7805a79bc 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -83,7 +83,7 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename ) int nb_err1, nb_err2; int nb_tot1, nb_tot2; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1], line[1024]; + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }, line[1024]; char diff; if( ( f = fopen( filename, "rb" ) ) == NULL ) From b47fd5e8c9dcf5b6fe24c582d3226b401d6d14f2 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:50:33 +0100 Subject: [PATCH 282/399] Remove a dead store to silence clang-analyze --- library/ssl_cli.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index cd39db027..509484e36 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -267,7 +267,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); #else for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { From f0021645b01186f6353e7e1af2571291acc1750a Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:51:05 +0100 Subject: [PATCH 283/399] Refactor slightly to silence a clang-analyze warning Since the buffer is used in a few places, it seems Clang isn't clever enough to realise that the first byte is never touched. So, even though the function has a correct null check for ssl->handshake, Clang complains. Pulling the handshake type out into its own variable is enough for Clang's analysis to kick in though. --- library/ssl_tls.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 19cc35792..9208ec9c8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2709,7 +2709,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) { - int ret, done = 0; + int ret, done = 0, out_msg_type; size_t len = ssl->out_msglen; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); @@ -2725,7 +2725,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) #endif if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST && + out_msg_type = ssl->out_msg[0]; + + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST && ssl->handshake == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -2752,7 +2754,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) len += 8; /* Write message_seq and update it, except for HelloRequest */ - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ) + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) { ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; @@ -2770,7 +2772,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ) + if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); } From 1b666554c9d63336ab5a90c3594064c9202374f7 Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Wed, 13 Apr 2016 11:53:27 +0100 Subject: [PATCH 284/399] Silence a clang-analyze warning The check is already effectively performed later in the function, but implicitly, so Clang's analysis fail to notice the functions are in fact safe. Pulling the check up to the top helps Clang to verify the behaviour. --- library/x509_csr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/x509_csr.c b/library/x509_csr.c index f8c45f8d2..603d06b64 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -104,7 +104,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * Check for valid input */ - if( csr == NULL || buf == NULL ) + if( csr == NULL || buf == NULL || buflen == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); mbedtls_x509_csr_init( csr ); @@ -274,14 +274,14 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz /* * Check for valid input */ - if( csr == NULL || buf == NULL ) + if( csr == NULL || buf == NULL || buflen == 0 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_init( &pem ); /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( buflen == 0 || buf[buflen - 1] != '\0' ) + if( buf[buflen - 1] != '\0' ) ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else ret = mbedtls_pem_read_buffer( &pem, From 99cff58958dce75c7d4c24093230ed34de101bf4 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 01:05:22 +0100 Subject: [PATCH 285/399] Fixes memory leak in memory_buffer_alloc.c debug Debug symbols were being leaked in memory_buffer_alloc.c --- library/memory_buffer_alloc.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index b2c775a3d..545d5a2c3 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -417,6 +417,12 @@ static void buffer_alloc_free( void *ptr ) heap.total_used -= hdr->size; #endif +#if defined(MBEDTLS_MEMORY_BACKTRACE) + free( hdr->trace ); + hdr->trace = NULL; + hdr->trace_count = 0; +#endif + // Regroup with block before // if( hdr->prev != NULL && hdr->prev->alloc == 0 ) @@ -432,9 +438,6 @@ static void buffer_alloc_free( void *ptr ) if( hdr->next != NULL ) hdr->next->prev = hdr; -#if defined(MBEDTLS_MEMORY_BACKTRACE) - free( old->trace ); -#endif memset( old, 0, sizeof(memory_header) ); } @@ -474,9 +477,6 @@ static void buffer_alloc_free( void *ptr ) if( hdr->next != NULL ) hdr->next->prev = hdr; -#if defined(MBEDTLS_MEMORY_BACKTRACE) - free( old->trace ); -#endif memset( old, 0, sizeof(memory_header) ); } @@ -491,11 +491,6 @@ static void buffer_alloc_free( void *ptr ) heap.first_free = hdr; } -#if defined(MBEDTLS_MEMORY_BACKTRACE) - hdr->trace = NULL; - hdr->trace_count = 0; -#endif - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 ) mbedtls_exit( 1 ); } From ab071351657182a8593121337e6e89f5e78cc5a9 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 15:52:52 +0100 Subject: [PATCH 286/399] Adds line number substitution in test cases Expanded generate_code.pl to substitute !LINE_NO! in test cases. --- tests/scripts/generate_code.pl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 93c003b01..9c595917e 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -95,6 +95,8 @@ for my $line (@test_cases_lines) { $line = $line."#line $index \"$test_case_file\"\n"; } + $line =~ s/!LINE_NO!/$index/; + $test_cases = $test_cases.$line; $index++; } From 525b792823a1b84c5179975d8bfe6175d5005b1d Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:31:51 +0100 Subject: [PATCH 287/399] Fixes off by 1 error reported in line number errors --- tests/scripts/generate_code.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 9c595917e..e940b5a1a 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -77,7 +77,7 @@ close(TEST_HELPERS); open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!"; my @test_main_lines = split/^/, ; my $test_main; -my $index = 1; +my $index = 2; for my $line (@test_main_lines) { $line =~ s/!LINE_NO!/$index/; $test_main = $test_main.$line; @@ -88,7 +88,7 @@ close(TEST_MAIN); open(TEST_CASES, "$test_case_file") or die "Opening test cases '$test_case_file': $!"; my @test_cases_lines = split/^/, ; my $test_cases; -my $index = 1; +my $index = 2; for my $line (@test_cases_lines) { if ($line =~ /^\/\* BEGIN_CASE .*\*\//) { From 20273ddc4c4b0ea0502be83d0b896d442d469562 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:32:44 +0100 Subject: [PATCH 288/399] Adds reporting of file/line no. in failed tests Tests in tests/suites will now report the file and line number of failed test assertions. --- tests/suites/helpers.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 8521b878c..aa8a0456c 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -59,7 +59,7 @@ typedef UINT32 uint32_t; do { \ if( ! (TEST) ) \ { \ - test_fail( #TEST ); \ + test_fail( #TEST, __LINE__, __FILE__ ); \ goto exit; \ } \ } while( 0 ) @@ -350,11 +350,11 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -static void test_fail( const char *test ) +static void test_fail( const char *test, int line_no, char* filename ) { test_errors++; if( test_errors == 1 ) mbedtls_printf( "FAILED\n" ); - mbedtls_printf( " %s\n", test ); + mbedtls_printf( " %s\n at line %d, %s\n", test, line_no, filename ); } From 4a3b023172191b9fbf2d80e32a94ac1e41e680b7 Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 21:58:19 +0100 Subject: [PATCH 289/399] Adds line numbering in errors for test helpers Adds to the 'generate_code.pl' tool, support to insert line numbers before test suite helper code. --- tests/scripts/generate_code.pl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index e940b5a1a..49af2db7f 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -90,6 +90,11 @@ my @test_cases_lines = split/^/, ; my $test_cases; my $index = 2; for my $line (@test_cases_lines) { + if ($line =~ /^\/\* BEGIN_SUITE_HELPERS .*\*\//) + { + $line = $line."#line $index \"$test_case_file\"\n"; + } + if ($line =~ /^\/\* BEGIN_CASE .*\*\//) { $line = $line."#line $index \"$test_case_file\"\n"; From 295dfa24e71dc7e2ad22e0deeb2a60fa0382b95f Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 22:15:42 +0100 Subject: [PATCH 290/399] Clarifies documentation on reported memory statistics --- include/mbedtls/memory_buffer_alloc.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h index 661bc08dc..d5df316fd 100644 --- a/include/mbedtls/memory_buffer_alloc.h +++ b/include/mbedtls/memory_buffer_alloc.h @@ -98,8 +98,10 @@ void mbedtls_memory_buffer_alloc_status( void ); /** * \brief Get the peak heap usage so far * - * \param max_used Peak number of bytes reauested by the application - * \param max_blocks Peak number of blocks reauested by the application + * \param max_used Peak number of bytes in use or committed. This + * includes bytes in allocated blocks too small to split + * into smaller blocks but larger than the requested size. + * \param max_blocks Peak number of blocks in use, including free and used */ void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); @@ -111,8 +113,10 @@ void mbedtls_memory_buffer_alloc_max_reset( void ); /** * \brief Get the current heap usage * - * \param cur_used Number of bytes reauested by the application - * \param cur_blocks Number of blocks reauested by the application + * \param cur_used Current number of bytes in use or committed. This + * includes bytes in allocated blocks too small to split + * into smaller blocks but larger than the requested size. + * \param cur_blocks Current number of blocks in use, including free and used */ void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); #endif /* MBEDTLS_MEMORY_DEBUG */ From 214f5c0af2bc34c80b227116a8027169f164ce9d Mon Sep 17 00:00:00 2001 From: SimonB Date: Mon, 2 May 2016 23:25:02 +0100 Subject: [PATCH 291/399] Additional tests to test stack buffer allocator Adds additional tests to the test suite for memory_buffer_alloc.c --- .../test_suite_memory_buffer_alloc.data | 16 ++ .../test_suite_memory_buffer_alloc.function | 218 ++++++++++++++++++ 2 files changed, 234 insertions(+) diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data index a0b046010..8d3813a7b 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.data +++ b/tests/suites/test_suite_memory_buffer_alloc.data @@ -1,2 +1,18 @@ Memory buffer alloc self test mbedtls_memory_buffer_alloc_self_test: + +Memory buffer alloc - free in middle, alloc at end +memory_buffer_alloc_free_alloc:100:100:100:0:0:1:0:0:200:0 + +Memory buffer alloc - free in middle, realloc +memory_buffer_alloc_free_alloc:100:100:100:0:0:1:0:0:100:0 + +Memory buffer alloc - free in middle, merge, realloc +memory_buffer_alloc_free_alloc:100:100:100:100:0:1:1:0:201:0 + +Memory buffer alloc - free at end, merge, realloc +memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0 + +Memory buffer alloc - Out of Memory test +memory_buffer_alloc_oom_test: + diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index 59b06431b..a36dbc3d1 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/memory_buffer_alloc.h" #define TEST_SUITE_MEMORY_BUFFER_ALLOC + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -8,9 +9,226 @@ * END_DEPENDENCIES */ +/* BEGIN_SUITE_HELPERS */ +static int check_pointer( void *p ) +{ + if( p == NULL ) + return( -1 ); + + if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 ) + return( -1 ); + + return( 0 ); +} +/* END_SUITE_HELPERS */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void mbedtls_memory_buffer_alloc_self_test( ) { TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 0 ) == 0 ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes, + int d_bytes, + int free_a, int free_b, int free_c, + int free_d, + int e_bytes, int f_bytes ) +{ + unsigned char buf[1024]; + unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL, + *ptr_e = NULL, *ptr_f = NULL; + + size_t reported_blocks; + size_t allocated_bytes = 0, reported_bytes; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + + mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS ); + + if( a_bytes > 0 ) + { + ptr_a = mbedtls_calloc( a_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_a ) == 0 ); + + allocated_bytes += a_bytes * sizeof(char); + } + + if( b_bytes > 0 ) + { + ptr_b = mbedtls_calloc( b_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_b ) == 0 ); + + allocated_bytes += b_bytes * sizeof(char); + } + + if( c_bytes > 0 ) + { + ptr_c = mbedtls_calloc( c_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_c ) == 0 ); + + allocated_bytes += c_bytes * sizeof(char); + } + + if( d_bytes > 0 ) + { + ptr_d = mbedtls_calloc( d_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_d ) == 0 ); + + allocated_bytes += d_bytes * sizeof(char); + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == allocated_bytes ); + + if( free_a ) + { + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= a_bytes * sizeof(char); + } + + if( free_b ) + { + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= b_bytes * sizeof(char); + } + + if( free_c ) + { + mbedtls_free( ptr_c ); + ptr_c = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= c_bytes * sizeof(char); + } + + if( free_d ) + { + mbedtls_free( ptr_d ); + ptr_d = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + allocated_bytes -= d_bytes * sizeof(char); + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == allocated_bytes ); + + if( e_bytes > 0 ) + { + ptr_e = mbedtls_calloc( e_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_e ) == 0 ); + } + + if( f_bytes > 0 ) + { + ptr_f = mbedtls_calloc( f_bytes, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_f ) == 0 ); + } + + /* Once blocks are reallocated, the block allocated to the memory request + * may be bigger than the request itself, which is indicated by the reported + * bytes, and makes it hard to know what the reported size will be, so + * we don't check the size after blocks have been reallocated. */ + + if( ptr_a != NULL ) + { + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_b != NULL ) + { + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_c != NULL ) + { + mbedtls_free( ptr_c ); + ptr_c = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_d != NULL ) + { + mbedtls_free( ptr_d ); + ptr_d = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_e != NULL ) + { + mbedtls_free( ptr_e ); + ptr_e = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + } + + if( ptr_f != NULL ) + { + mbedtls_free( ptr_f ); + ptr_f = NULL; + } + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 0 ); + + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + +exit: + mbedtls_memory_buffer_alloc_free( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */ +void memory_buffer_alloc_oom_test() +{ + unsigned char buf[1024]; + unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL; + size_t reported_blocks, reported_bytes; + + (void)ptr_c; + + mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + + mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS ); + + ptr_a = mbedtls_calloc( 432, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_a ) == 0 ); + + ptr_b = mbedtls_calloc( 432, sizeof(char) ); + TEST_ASSERT( check_pointer( ptr_b ) == 0 ); + + ptr_c = mbedtls_calloc( 431, sizeof(char) ); + TEST_ASSERT( ptr_c == NULL ); + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 864 ); + + mbedtls_free( ptr_a ); + ptr_a = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + mbedtls_free( ptr_b ); + ptr_b = NULL; + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + + mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); + TEST_ASSERT( reported_bytes == 0 ); + + TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 ); + +exit: + mbedtls_memory_buffer_alloc_free( ); +} +/* END_CASE */ + From 4ec1e8193ef6be447e690ad32e2e455a2b3732f5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 6 May 2016 00:22:18 +0100 Subject: [PATCH 292/399] Widens test parameters in memory alloc tests --- tests/suites/helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index aa8a0456c..edf1d12b3 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -350,7 +350,7 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -static void test_fail( const char *test, int line_no, char* filename ) +static void test_fail( const char *test, int line_no, const char* filename ) { test_errors++; if( test_errors == 1 ) From 37068a79fe27eb277a8e675b3e05af76cc64d56a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 9 May 2016 14:36:33 +0100 Subject: [PATCH 293/399] Add check to prevent enabling of RSA without selecting PKCS version(s) --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b6448ecef..8c0c68986 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -362,6 +362,11 @@ #error "MBEDTLS_RSA_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) || \ + !defined(MBEDTLS_PKCS1_V15) ) +#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled" +#endif + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) #error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" From 4fde40f656a000486c2898e8a0842ea7a92e875f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 9 May 2016 15:13:04 +0100 Subject: [PATCH 294/399] Fix logic to allow at least one PKCS version enabled --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8c0c68986..d31555df7 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -362,7 +362,7 @@ #error "MBEDTLS_RSA_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) || \ +#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \ !defined(MBEDTLS_PKCS1_V15) ) #error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled" #endif From b7584a5e37832b137d8c2a4f93f28e75aad5f140 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 10:50:43 +0100 Subject: [PATCH 295/399] Add ability to only run select numbered tests in ssl-opt.sh In order to reduce debugging time, allows you to only run interesting tests (by number) from the commandline. e.g. the command 'tests/ssl-opt.sh -n 246,258' will only run test 246 and 258 (as per the number in the log file names) --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1a91f7a6e..d2cccdb4a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -33,12 +33,15 @@ MEMCHECK=0 FILTER='.*' EXCLUDE='^$' +RUN_TEST_NUMBER='' + print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" printf " -m|--memcheck\tCheck memory leaks and errors.\n" printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n" printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" + printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" } get_options() { @@ -53,6 +56,9 @@ get_options() { -m|--memcheck) MEMCHECK=1 ;; + -n|--number) + shift; RUN_TEST_NUMBER=$1 + ;; -h|--help) print_usage exit 0 @@ -293,6 +299,13 @@ run_test() { print_name "$NAME" + # Do we only run numbered tests? + if [ "X$RUN_TEST_NUMBER" = "X" ]; then : + elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then : + else + SKIP_NEXT="YES" + fi + # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then SKIP_NEXT="NO" From e20310a9fcb2478d5d06ff349e835b9db4905932 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 11:18:17 +0100 Subject: [PATCH 296/399] Add option to print test numbers in ssl-opt.sh output Allows for easy selection of tests based on numbers for use with the '-n' option --- tests/ssl-opt.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d2cccdb4a..f62466fa8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -33,6 +33,7 @@ MEMCHECK=0 FILTER='.*' EXCLUDE='^$' +SHOW_TEST_NUMBER=0 RUN_TEST_NUMBER='' print_usage() { @@ -42,6 +43,7 @@ print_usage() { printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n" printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" + printf " -s|--show-numbers\tShow test numbers in front of test names\n" } get_options() { @@ -59,6 +61,9 @@ get_options() { -n|--number) shift; RUN_TEST_NUMBER=$1 ;; + -s|--show-numbers) + SHOW_TEST_NUMBER=1 + ;; -h|--help) print_usage exit 0 @@ -143,12 +148,19 @@ needs_more_time() { # print_name print_name() { - printf "$1 " - LEN=$(( 72 - `echo "$1" | wc -c` )) + TESTS=$(( $TESTS + 1 )) + LINE="" + + if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then + LINE="$TESTS " + fi + + LINE="$LINE$1" + printf "$LINE " + LEN=$(( 72 - `echo "$LINE" | wc -c` )) for i in `seq 1 $LEN`; do printf '.'; done printf ' ' - TESTS=$(( $TESTS + 1 )) } # fail From acaac8510e1cdb07e8c8c6a10d3f4485678e363e Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 11:47:13 +0100 Subject: [PATCH 297/399] Add option to preserve all logs in ssl-opt.sh Useful to also allow saving of correct logs in order to compare differences with failed logs --- tests/ssl-opt.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f62466fa8..0d5222673 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -36,6 +36,8 @@ EXCLUDE='^$' SHOW_TEST_NUMBER=0 RUN_TEST_NUMBER='' +PRESERVE_LOGS=0 + print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" @@ -44,6 +46,7 @@ print_usage() { printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" + printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" } get_options() { @@ -64,6 +67,9 @@ get_options() { -s|--show-numbers) SHOW_TEST_NUMBER=1 ;; + -p|--preserve-logs) + PRESERVE_LOGS=1 + ;; -h|--help) print_usage exit 0 @@ -485,6 +491,11 @@ run_test() { # if we're here, everything is ok echo "PASS" + if [ "$PRESERVE_LOGS" -gt 0 ]; then + mv $SRV_OUT o-srv-${TESTS}.log + mv $CLI_OUT o-cli-${TESTS}.log + fi + rm -f $SRV_OUT $CLI_OUT $PXY_OUT } From 80119c5d28f09210913dc192d09ecc2d498f8837 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 19:39:36 +0100 Subject: [PATCH 298/399] Fixes minor typos in comments in pk.h and ctr_drbg.c Fixes typos in PRs #475 and #437 --- include/mbedtls/pk.h | 7 ++++--- library/ctr_drbg.c | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 458bb512a..f9f9b9bb0 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -496,11 +496,12 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, * \brief Load and parse a public key * * \param ctx key to be initialized - * \param path filename to read the private key from + * \param path filename to read the public key from * * \note On entry, ctx must be empty, either freshly initialised - * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a - * specific key type, check the result with mbedtls_pk_can_do(). + * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If + * you need a specific key type, check the result with + * mbedtls_pk_can_do(). * * \note The key is also checked for correctness. * diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index aefddfa1d..6962d68b9 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -67,7 +67,7 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) } /* - * Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST + * Non-public function wrapped by mbedtls_ctr_drbg_init(). Necessary to allow NIST * tests to succeed (which require known length fixed entropy) */ int mbedtls_ctr_drbg_seed_entropy_len( From a557cfb9ad5f26a47e5018f3553551988741c146 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 20:57:03 +0100 Subject: [PATCH 299/399] Widens test bounds on memory alloc tests --- tests/suites/test_suite_memory_buffer_alloc.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function index a36dbc3d1..04dd68bec 100644 --- a/tests/suites/test_suite_memory_buffer_alloc.function +++ b/tests/suites/test_suite_memory_buffer_alloc.function @@ -212,7 +212,7 @@ void memory_buffer_alloc_oom_test() TEST_ASSERT( ptr_c == NULL ); mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks ); - TEST_ASSERT( reported_bytes == 864 ); + TEST_ASSERT( reported_bytes >= 864 && reported_bytes <= sizeof(buf) ); mbedtls_free( ptr_a ); ptr_a = NULL; From ae791249058dd7c27850bd05a8c53188ef998141 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 21:16:54 +0100 Subject: [PATCH 300/399] Disables backtrace config from basic-build-test.sh The configuration MBEDTLS_MEMORY_BACKTRACE is intended for debug and is not necessary for test coverage. Because it causes timing problems in some tests the configuration has been removed as it's not present in equivalent tests in the all.sh test script. --- tests/scripts/basic-build-test.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index d13a8e4ed..d961230ed 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -39,6 +39,7 @@ fi export CFLAGS=' --coverage -g3 -O0 ' make clean scripts/config.pl full +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE make From da01266599f541de840be52f313fd1abd7a96851 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 10 May 2016 23:47:30 +0100 Subject: [PATCH 301/399] Corrects incorrectly named function in ctr_drbg.c comment --- library/ctr_drbg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 6962d68b9..386f8adb0 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -67,8 +67,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) } /* - * Non-public function wrapped by mbedtls_ctr_drbg_init(). Necessary to allow NIST - * tests to succeed (which require known length fixed entropy) + * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow + * NIST tests to succeed (which require known length fixed entropy) */ int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *ctx, From c0715cb39f62a02c94deda09b6d9d024a2b96a56 Mon Sep 17 00:00:00 2001 From: Embedthis Software Date: Thu, 10 Sep 2015 11:45:13 -0700 Subject: [PATCH 302/399] Fix single threaded builds --- include/mbedtls/threading.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index c39cbf24d..b416d478a 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -81,6 +81,7 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * void mbedtls_threading_free_alt( void ); #endif /* MBEDTLS_THREADING_ALT */ +#if defined(MBEDTLS_THREADING_C) /* * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock * @@ -96,6 +97,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif #ifdef __cplusplus } From cfe392bdd477e9f767f950d74245192af66357cc Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 10 May 2016 16:17:27 +0100 Subject: [PATCH 303/399] Add end guard comment --- include/mbedtls/threading.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index b416d478a..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,7 +97,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#endif +#endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus } From cc4eabd22a62d7b9cfdc75f13afec5f39dedcab4 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 11 May 2016 23:15:58 +0100 Subject: [PATCH 304/399] Reverts change in commit daf534d Commit daf534d from PR #457 breaks the build. This may reintroduce a clang-analyse warning, but this is the wrong fix for that. The fix removed a call to mbedtls_ecp_curve_info_from_grp_id() to find the curve info. This fix adds that back in. --- library/ssl_cli.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 509484e36..cd39db027 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -267,6 +267,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) { + info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); #else for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { From 440ce420bd626dedd8932967c42e6ffdda213140 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 12:46:02 +0100 Subject: [PATCH 305/399] Put clang analyzer fix inside __clang_analyzer__ guard --- programs/hash/generic_sum.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 7805a79bc..d1e81d491 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -83,8 +83,13 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename ) int nb_err1, nb_err2; int nb_tot1, nb_tot2; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }, line[1024]; + char line[1024]; char diff; +#if defined(__clang_analyzer__) + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }; +#else + char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1]; +#endif if( ( f = fopen( filename, "rb" ) ) == NULL ) { From 38d188896c6ab6b1a38e934ea73212ac5707a633 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 12:46:28 +0100 Subject: [PATCH 306/399] Cleanup ifdef statements --- library/rsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 9386a762f..a6cc19b2f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -804,7 +804,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int ret; size_t ilen, pad_count = 0, i; unsigned char *p, bad, pad_done = 0; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else @@ -1193,7 +1193,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, size_t slen, msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else @@ -1340,7 +1340,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, mbedtls_md_type_t msg_md_alg; const mbedtls_md_info_t *md_info; mbedtls_asn1_buf oid; -#ifdef __clang_analyzer__ +#if defined(__clang_analyzer__) /* Shut up Clang, mbedtls_rsa_public/private writes to this */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; #else From a30a72f80f7c3b3db12c2a007eb74b87e27f610f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:52:48 +0100 Subject: [PATCH 307/399] Fix verbose test framework mote to use unmet_dep_count for index --- tests/suites/main_test.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index c5d6cd86b..edc9944b6 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -357,8 +357,8 @@ int main(int argc, const char *argv[]) { if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) { - unmet_dependencies[ i-1 ] = strdup(params[i]); - if( unmet_dependencies[ i-1 ] == NULL ) + unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); + if( unmet_dependencies[ unmet_dep_count ] == NULL ) { mbedtls_printf("FATAL: Out of memory\n"); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); From 26b60bf7d1f0f5ed9723e074618390214d84456e Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:55:37 +0100 Subject: [PATCH 308/399] Fox verbose test framework not to duplicate strings if not verbose --- tests/suites/main_test.function | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index edc9944b6..e8577d22a 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -357,6 +357,13 @@ int main(int argc, const char *argv[]) { if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED ) { + if( 0 == option_verbose ) + { + /* Only one count is needed if not verbose */ + unmet_dep_count++; + break; + } + unmet_dependencies[ unmet_dep_count ] = strdup(params[i]); if( unmet_dependencies[ unmet_dep_count ] == NULL ) { From 774180e14e71b57eebe15dd53fbde43e6dd5c8fb Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 15:59:48 +0100 Subject: [PATCH 309/399] Fix memory-leak in verbose test framework in case of unexpected input --- tests/suites/main_test.function | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index e8577d22a..f18248578 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -321,6 +321,9 @@ int main(int argc, const char *argv[]) testfile_index < testfile_count; testfile_index++ ) { + int unmet_dep_count = 0; + char *unmet_dependencies[20]; + test_filename = test_files[ testfile_index ]; file = fopen( test_filename, "r" ); @@ -333,8 +336,12 @@ int main(int argc, const char *argv[]) while( !feof( file ) ) { - int unmet_dep_count = 0; - char *unmet_dependencies[20]; + if( unmet_dep_count > 0 ) + { + mbedtls_printf("FATAL: Dep count larger than zero at start of loop\n"); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); + } + unmet_dep_count = 0; if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; @@ -399,16 +406,17 @@ int main(int argc, const char *argv[]) if( 1 == option_verbose && unmet_dep_count > 0 ) { mbedtls_fprintf( stdout, " Unmet dependencies: " ); - while( unmet_dep_count > 0) + for( i = 0; i < unmet_dep_count; i++ ) { mbedtls_fprintf(stdout, "%s ", - unmet_dependencies[unmet_dep_count - 1]); - free(unmet_dependencies[unmet_dep_count - 1]); - unmet_dep_count--; + unmet_dependencies[i]); + free(unmet_dependencies[i]); } mbedtls_fprintf( stdout, "\n" ); } fflush( stdout ); + + unmet_dep_count = 0; } else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) { @@ -434,6 +442,10 @@ int main(int argc, const char *argv[]) } } fclose(file); + + /* In case we encounter early end of file */ + for( i = 0; i < unmet_dep_count; i++ ) + free( unmet_dependencies[i] ); } mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n"); From 456fea00001c175b1143bea896c4a5bfc63e2e4e Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 12 May 2016 16:38:27 +0100 Subject: [PATCH 310/399] Amended ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index d9fce9234..c7bafeb9b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,7 @@ Bugfix * Fix issue that caused a crash if invalid curves were passed to mbedtls_ssl_conf_curves. #373 * Fix issue in ssl_fork_server which was preventing it from functioning. #429 + * Fix memory leaks in test framework Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From 1f65092d28ef7a9d52f3eaa4316ffeffbd79d806 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:16:46 +0100 Subject: [PATCH 311/399] Add fix to ignore valgrind messages related to compressed debug symbols The glibc package recently enabled compressed debug symbols but valgrind doesn't support them yet. Results in messages like: --14923-- WARNING: Serious error when reading debug info --14923-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.21.so: --14923-- Ignoring non-Dwarf2/3/4 block in .debug_info First line has 'error' in it which triggers some of the ssl-opt tests --- tests/ssl-opt.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0d5222673..78ca1cac7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -439,32 +439,33 @@ run_test() { # check other assertions # lines beginning with == are added by valgrind, ignore them + # lines with 'Serious error when reading debug info', are valgrind issues as well while [ $# -gt 0 ] do case $1 in "-s") - if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else + if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else fail "-s $2" return fi ;; "-c") - if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else + if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else fail "-c $2" return fi ;; "-S") - if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then + if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then fail "-S $2" return fi ;; "-C") - if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then + if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then fail "-C $2" return fi From 362689d5a7bc4eedc459988064d48d267bccb01c Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:33:25 +0100 Subject: [PATCH 312/399] Split test into valgrind and no-valgrind version Running valgrind on: "DTLS client reconnect from same port: reconnect, nbio" results in timeouts. New version added that runs only under valgrind. Original only runs when valgrind is not used --- tests/ssl-opt.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 78ca1cac7..de5072441 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -147,6 +147,13 @@ not_with_valgrind() { fi } +# skip the next test if valgrind is NOT in use +only_with_valgrind() { + if [ "$MEMCHECK" -eq 0 ]; then + SKIP_NEXT="YES" + fi +} + # multiply the client timeout delay by the given factor for the next test needs_more_time() { CLI_DELAY_FACTOR=$1 @@ -3095,13 +3102,22 @@ run_test "DTLS client reconnect from same port: reconnect" \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" -run_test "DTLS client reconnect from same port: reconnect, nbio" \ +not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) +run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 0 \ -S "The operation timed out" \ -s "Client initiated reconnection from same port" +only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout +run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ + "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ + "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ + 0 \ + -S "The operation timed out" \ + -s "Client initiated reconnection from same port" + run_test "DTLS client reconnect from same port: no cookies" \ "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ From dc08545395d904af86c94fae68443840592426ff Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 13 May 2016 10:50:41 +0100 Subject: [PATCH 313/399] Update ChangeLog to reflect --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index c7bafeb9b..2d4600562 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,7 @@ Bugfix mbedtls_ssl_conf_curves. #373 * Fix issue in ssl_fork_server which was preventing it from functioning. #429 * Fix memory leaks in test framework + * Fix test in ssl-opt.sh that does not run properly with valgrind Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From 930a3701e7266afff26be9629951de7373e88350 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Wed, 18 May 2016 14:38:02 -0700 Subject: [PATCH 314/399] fix indentation in output of selftest.c --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index a6cc19b2f..79f86c306 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1688,7 +1688,7 @@ int mbedtls_rsa_self_test( int verbose ) #if defined(MBEDTLS_SHA1_C) if( verbose != 0 ) - mbedtls_printf( "PKCS#1 data sign : " ); + mbedtls_printf( " PKCS#1 data sign : " ); mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); From 97e829038aab73ed374a36cb433e23049b96db9e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 00:22:37 +0100 Subject: [PATCH 315/399] Fixes whitespace errors in x509_crl.c --- library/x509_crl.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index 125a77399..7b2b4733b 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -502,14 +502,15 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s { mbedtls_pem_init( &pem ); - /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( buflen == 0 || buf[buflen - 1] != '\0' ) - ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len ); + // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated + // string + if( buflen == 0 || buf[buflen - 1] != '\0' ) + ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; + else + ret = mbedtls_pem_read_buffer( &pem, + "-----BEGIN X509 CRL-----", + "-----END X509 CRL-----", + buf, NULL, 0, &use_len ); if( ret == 0 ) { From a410af537a9b02991b951e312e9695dd69bfaded Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 22:12:18 +0100 Subject: [PATCH 316/399] Fixes RC4 config dependencies in tests in ssl-opt.h Adds dependencies on MBEDTLS_REMOVE_ARC4_CIPHERSUITES for tests that require RC4 to be disabled (the default config). --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index de5072441..50d457c4c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -611,12 +611,14 @@ run_test "Default, DTLS" \ # Tests for rc4 option +requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES run_test "RC4: server disabled, client enabled" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1 \ -s "SSL - The server has no ciphersuites in common" +requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES run_test "RC4: server half, client enabled" \ "$P_SRV arc4=1" \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ From cbb9075c54dd1940dd499d814a55bf45729b7903 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 22:15:34 +0100 Subject: [PATCH 317/399] Adds parallel builds to basic-build-test.sh To speed up test time, added parallel builds --- tests/scripts/basic-build-test.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index d961230ed..010c0c67f 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -2,6 +2,8 @@ # basic-build-tests.sh # +# This file is part of mbed TLS (https://tls.mbed.org) +# # Copyright (c) 2016, ARM Limited, All Rights Reserved # # Purpose @@ -40,7 +42,7 @@ export CFLAGS=' --coverage -g3 -O0 ' make clean scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE -make +make -j # Step 2 - Execute the tests From 58eddef8b2a3140b6a224ef2332fdc114cbe1ef8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 19 May 2016 23:43:11 +0100 Subject: [PATCH 318/399] Updates copyright and attribution in comment header in ssl-opt.sh --- tests/ssl-opt.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 50d457c4c..0edb783f8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1,12 +1,23 @@ #!/bin/sh -# Test various options that are not covered by compat.sh +# ssl-opt.sh # -# Here the goal is not to cover every ciphersuite/version, but -# rather specific options (max fragment length, truncated hmac, etc) -# or procedures (session resumption from cache or ticket, renego, etc). +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Executes tests to prove various TLS/SSL options and extensions. +# +# The goal is not to cover every ciphersuite/version, but instead to cover +# specific options (max fragment length, truncated hmac, etc) or procedures +# (session resumption from cache or ticket, renego, etc). +# +# The tests assume a build with default options, with exceptions expressed +# with a dependency. The tests focus on functionality and do not consider +# performance. # -# Assumes a build with default options. set -u From 88ffc089bc43d0219225276abaf2d963ba915568 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 20 May 2016 00:00:37 +0100 Subject: [PATCH 319/399] Adds casts to zeroize functions to allow building as C++ --- library/aes.c | 2 +- library/arc4.c | 2 +- library/asn1parse.c | 2 +- library/blowfish.c | 2 +- library/camellia.c | 2 +- library/ccm.c | 2 +- library/cipher.c | 2 +- library/des.c | 2 +- library/sha1.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/aes.c b/library/aes.c index ec9313de3..36660306e 100644 --- a/library/aes.c +++ b/library/aes.c @@ -56,7 +56,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/arc4.c b/library/arc4.c index ff0e993e7..05b33d3fd 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -49,7 +49,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) diff --git a/library/asn1parse.c b/library/asn1parse.c index b37523def..e59d2509f 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -45,7 +45,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/blowfish.c b/library/blowfish.c index 89be4d122..9003f0dfe 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -41,7 +41,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/camellia.c b/library/camellia.c index e015ca24b..d50513fd0 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -50,7 +50,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/ccm.c b/library/ccm.c index 3463a0b32..13a8fd1a2 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -51,7 +51,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } #define CCM_ENCRYPT 0 diff --git a/library/cipher.c b/library/cipher.c index ccc068503..0dc51520f 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -51,7 +51,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } static int supported_init = 0; diff --git a/library/des.c b/library/des.c index 61f214af3..09f95cfc3 100644 --- a/library/des.c +++ b/library/des.c @@ -50,7 +50,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* diff --git a/library/sha1.c b/library/sha1.c index 8c77cbaa8..2ccf2a2f5 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -49,7 +49,7 @@ /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; + volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } /* From 29176897a179c593caad22ba259ab3009dd7cd19 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 20 May 2016 00:19:09 +0100 Subject: [PATCH 320/399] Adds additional casts to calloc calls Casts added to allow compilation of the library as C++ --- library/asn1parse.c | 3 ++- library/asn1write.c | 4 +++- library/bignum.c | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/library/asn1parse.c b/library/asn1parse.c index e59d2509f..ffa2f5299 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -269,7 +269,8 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p, /* Allocate and assign next pointer */ if( *p < end ) { - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1, + sizeof( mbedtls_asn1_sequence ) ); if( cur->next == NULL ) return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); diff --git a/library/asn1write.c b/library/asn1write.c index 00ed73c11..027c858e7 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -312,7 +312,9 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data { // Add new entry if not present yet based on OID // - if( ( cur = mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ) ) == NULL ) + cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1, + sizeof(mbedtls_asn1_named_data) ); + if( cur == NULL ) return( NULL ); cur->oid.len = oid_len; diff --git a/library/bignum.c b/library/bignum.c index 4536a3b86..4c99e04d6 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -120,7 +120,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) if( X->n < nblimbs ) { - if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL ) + if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); if( X->p != NULL ) @@ -158,7 +158,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) if( i < nblimbs ) i = nblimbs; - if( ( p = mbedtls_calloc( i, ciL ) ) == NULL ) + if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); if( X->p != NULL ) From 3c0d7b8bdcf66a2bfe4121dc16f3e8dd34916af9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 23 May 2016 11:13:17 +0100 Subject: [PATCH 321/399] Adds check for valgrind to ssl-opt.sh (#488) Provides graceful exit rather than fail silently if valgrind isn't installed. --- tests/ssl-opt.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0edb783f8..863524200 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -551,6 +551,12 @@ if [ ! -x "$P_PXY" ]; then echo "Command '$P_PXY' is not an executable file" exit 1 fi +if [ "$MEMCHECK" -gt 0 ]; then + if which valgrind >/dev/null 2>&1; then :; else + echo "Memcheck not possible. Valgrind not found" + exit 1 + fi +fi if which $OPENSSL_CMD >/dev/null 2>&1; then :; else echo "Command '$OPENSSL_CMD' not found" exit 1 From 584a547873b596e90674d29b1b54bf50288474bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 23 May 2016 16:24:52 +0100 Subject: [PATCH 322/399] Fix whitespace and formatting in ssl_srv.c --- library/ssl_srv.c | 257 +++++++++++++++++++++++----------------------- 1 file changed, 127 insertions(+), 130 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 5a51cbbd2..727104529 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1512,195 +1512,192 @@ read_record_header: if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) { #endif - - /* - * Check the extension length - */ - ext_offset = comp_offset + 1 + comp_len; - if( msg_len > ext_offset ) - { - if( msg_len < ext_offset + 2 ) + /* + * Check the extension length + */ + ext_offset = comp_offset + 1 + comp_len; + if( msg_len > ext_offset ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if( msg_len < ext_offset + 2 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + ext_len = ( buf[ext_offset + 0] << 8 ) + | ( buf[ext_offset + 1] ); + + if( ( ext_len > 0 && ext_len < 4 ) || + msg_len != ext_offset + 2 + ext_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } } + else + ext_len = 0; - ext_len = ( buf[ext_offset + 0] << 8 ) - | ( buf[ext_offset + 1] ); + ext = buf + ext_offset + 2; + MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len ); - if( ( ext_len > 0 && ext_len < 4 ) || - msg_len != ext_offset + 2 + ext_len ) + while( ext_len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - } - else - ext_len = 0; + unsigned int ext_id = ( ( ext[0] << 8 ) + | ( ext[1] ) ); + unsigned int ext_size = ( ( ext[2] << 8 ) + | ( ext[3] ) ); - ext = buf + ext_offset + 2; - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len ); - - while( ext_len != 0 ) - { - unsigned int ext_id = ( ( ext[0] << 8 ) - | ( ext[1] ) ); - unsigned int ext_size = ( ( ext[2] << 8 ) - | ( ext[3] ) ); - - if( ext_size + 4 > ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - switch( ext_id ) - { + if( ext_size + 4 > ext_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + switch( ext_id ) + { #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) ); - if( ssl->conf->f_sni == NULL ) - break; + case MBEDTLS_TLS_EXT_SERVERNAME: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) ); + if( ssl->conf->f_sni == NULL ) + break; - ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); + case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); #if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; + renegotiation_info_seen = 1; #endif - ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) - case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); + case MBEDTLS_TLS_EXT_SIG_ALG: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - break; + if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) + break; #endif - ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) ); + case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) ); - ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); - ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; + case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); + ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; - ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) ); + case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) ); - ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); - ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); + case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); - ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); + case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); - ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) ); + case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) ); - ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); + case MBEDTLS_TLS_EXT_SESSION_TICKET: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); - ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); + case MBEDTLS_TLS_EXT_ALPN: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); - ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ - default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", - ext_id ) ); + default: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", + ext_id ) ); + } + + ext_len -= 4 + ext_size; + ext += 4 + ext_size; + + if( ext_len > 0 && ext_len < 4 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } } - - ext_len -= 4 + ext_size; - ext += 4 + ext_size; - - if( ext_len > 0 && ext_len < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - } - - } - #if defined(MBEDTLS_SSL_PROTO_SSL3) } #endif From 768594d772c114d6ca47063d822cb3805014b7ef Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 23 May 2016 00:22:58 +0100 Subject: [PATCH 323/399] Removes yotta from bump_version.sh Yotta version is independent of the mbed TLS version so shouldn't be set by this script. Also adds a header, copyright and attribution to the script. --- scripts/bump_version.sh | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 97d2f1f87..fc8b800c4 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -1,4 +1,17 @@ #!/bin/bash +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# Sets the version numbers in the source code to those given. +# +# Usage: bump_version.sh [ --version ] [ --so-crypto ] +# [ --so-x509 ] [ --so-tls ] +# [ -v | --verbose ] [ -h | --help ] +# VERSION="" SOVERSION="" @@ -109,10 +122,6 @@ mv tmp include/mbedtls/version.h sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp mv tmp tests/suites/test_suite_version.data -[ $VERBOSE ] && echo "Bumping version in yotta/data/module.json" -sed -e "s/\"version\": \".\{1,\}\"/\"version\": \"$VERSION\"/g" < yotta/data/module.json > tmp -mv tmp yotta/data/module.json - [ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h" for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h; do @@ -128,3 +137,4 @@ scripts/generate_features.pl [ $VERBOSE ] && echo "Re-generating visualc files" scripts/generate_visualc_files.pl + From 65b1fa6b0765af2a2129992ecb1b6bd569494986 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 23 May 2016 23:18:26 +0100 Subject: [PATCH 324/399] Fixes warnings found by Clang static analyser Also removes annotations in the code to avoid warnings which don't appear to be needed. --- library/havege.c | 2 ++ library/rsa.c | 15 --------------- tests/suites/main_test.function | 5 +++++ 3 files changed, 7 insertions(+), 15 deletions(-) mode change 100644 => 100755 library/rsa.c diff --git a/library/havege.c b/library/havege.c index 7623bc067..2b75ef7bd 100644 --- a/library/havege.c +++ b/library/havege.c @@ -174,6 +174,8 @@ static void havege_fill( mbedtls_havege_state *hs ) PTX = U1 = 0; PTY = U2 = 0; + (void)PTX; + memset( RES, 0, sizeof( RES ) ); while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 ) diff --git a/library/rsa.c b/library/rsa.c old mode 100644 new mode 100755 index 79f86c306..e26d0df7d --- a/library/rsa.c +++ b/library/rsa.c @@ -804,12 +804,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int ret; size_t ilen, pad_count = 0, i; unsigned char *p, bad, pad_done = 0; -#if defined(__clang_analyzer__) - /* Shut up Clang, mbedtls_rsa_public/private writes to this */ - unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; -#else unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; -#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1193,12 +1188,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, size_t slen, msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; -#if defined(__clang_analyzer__) - /* Shut up Clang, mbedtls_rsa_public/private writes to this */ - unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; -#else unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; -#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1340,12 +1330,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, mbedtls_md_type_t msg_md_alg; const mbedtls_md_info_t *md_info; mbedtls_asn1_buf oid; -#if defined(__clang_analyzer__) - /* Shut up Clang, mbedtls_rsa_public/private writes to this */ - unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { }; -#else unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; -#endif if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index f18248578..ac5322e45 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -83,6 +83,7 @@ int dep_check( char *str ) return( 1 ); DEP_CHECK_CODE +#line !LINE_NO! "main_test.function" return( DEPENDENCY_NOT_SUPPORTED ); } @@ -96,8 +97,12 @@ int dispatch_test(int cnt, char *params[50]) #if defined(TEST_SUITE_ACTIVE) ret = DISPATCH_TEST_SUCCESS; + // Cast to void to avoid compiler warnings + (void)ret; + DISPATCH_FUNCTION { +#line !LINE_NO! "main_test.function" mbedtls_fprintf( stdout, "FAILED\nSkipping unknown test function '%s'\n", params[0] ); From 2917b9e5de6cd774d0358928dc6309b5a235f70e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 25 May 2016 00:59:37 +0100 Subject: [PATCH 325/399] Clarified function param in dhm.h --- include/mbedtls/dhm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index cd056d1b4..d7ab1522e 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -221,7 +221,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, * \param ctx DHM context * \param x_size private value size in bytes * \param output destination buffer - * \param olen must be equal to ctx->P.len + * \param olen must be at least equal to the size of P, ctx->len * \param f_rng RNG function * \param p_rng RNG parameter * From 9fa2e86d93b9b6e04c0a797b34aaf7b6066fbb25 Mon Sep 17 00:00:00 2001 From: -~- redtangent ~-~ Date: Thu, 26 May 2016 10:07:49 +0100 Subject: [PATCH 326/399] Add missing mbedtls_time_t definitions (#493) Add missing mbedtls_time_t definitions to sample applications and the error.c generation script. Fixes #490. --- library/error.c | 1 + programs/pkey/dh_client.c | 1 + programs/pkey/dh_genprime.c | 1 + programs/pkey/dh_server.c | 1 + programs/ssl/dtls_client.c | 1 + programs/ssl/dtls_server.c | 1 + programs/ssl/ssl_fork_server.c | 1 + scripts/data_files/error.fmt | 1 + 8 files changed, 8 insertions(+) diff --git a/library/error.c b/library/error.c index debda1d78..4718b514d 100644 --- a/library/error.c +++ b/library/error.c @@ -34,6 +34,7 @@ #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf +#define mbedtls_time_t time_t #endif #if defined(MBEDTLS_ERROR_C) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 59c4fa8c2..230bf4d7c 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -30,6 +30,7 @@ #else #include #define mbedtls_printf printf +#define mbedtls_time_t time_t #endif #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 6005a62f5..d30c73bf7 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -30,6 +30,7 @@ #else #include #define mbedtls_printf printf +#define mbedtls_time_t time_t #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 83b0b4456..cb156f79b 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -30,6 +30,7 @@ #else #include #define mbedtls_printf printf +#define mbedtls_time_t time_t #endif #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index b37eb838c..14fb61202 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,6 +31,7 @@ #include #define mbedtls_printf printf #define mbedtls_fprintf fprintf +#define mbedtls_time_t time_t #endif #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index df0fc780a..1d6eb3bea 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -31,6 +31,7 @@ #include #define mbedtls_printf printf #define mbedtls_fprintf fprintf +#define mbedtls_time_t time_t #endif #if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 545e2fbf3..363f38f73 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -31,6 +31,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_time_t time_t #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index bd6ef0138..a08742c83 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -34,6 +34,7 @@ #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf +#define mbedtls_time_t time_t #endif #if defined(MBEDTLS_ERROR_C) From e021a4be13d856df5d1b405fe5deb40fb5ccedaf Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 11:25:44 +0100 Subject: [PATCH 327/399] Introduce platform-layer functions for reading/writing seed from NV Introduces mbedtls_nv_seed_read() and mbedtls_nv_seed_write(). The platform-layer functions are only available when MBEDTLS_ENTROPY_NV_SEED is enabled. --- include/mbedtls/check_config.h | 34 ++++++++++++- include/mbedtls/config.h | 25 ++++++++++ include/mbedtls/platform.h | 53 +++++++++++++++++++- library/platform.c | 89 +++++++++++++++++++++++++++++++++- 4 files changed, 198 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d31555df7..b36e27b0e 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -3,7 +3,7 @@ * * \brief Consistency checks for configuration options * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -357,6 +357,38 @@ #error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites" #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\ + ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) ) +#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\ + !defined(MBEDTLS_ENTROPY_NV_SEED) +#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\ + !defined(MBEDTLS_PLATFORM_NV_SEED_ALT) +#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\ + !defined(MBEDTLS_PLATFORM_NV_SEED_ALT) +#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\ + ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\ + defined(MBEDTLS_PLATFORM_NV_SEED_ALT) ) +#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously" +#endif + +#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\ + ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\ + defined(MBEDTLS_PLATFORM_NV_SEED_ALT) ) +#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0efee0454..fcc4a80e9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -156,6 +156,7 @@ //#define MBEDTLS_PLATFORM_FPRINTF_ALT //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT +//#define MBEDTLS_PLATFORM_NV_SEED_ALT /** * \def MBEDTLS_DEPRECATED_WARNING @@ -799,6 +800,25 @@ */ //#define MBEDTLS_ENTROPY_FORCE_SHA256 +/** + * \def MBEDTLS_ENTROPY_NV_SEED + * + * Enable the non-volatile (NV) seed file-based entropy source. + * (Also enables the NV seed read/write functions in the platform layer) + * + * This is crucial (if not required) on systems that do not have a + * cryptographic entropy source (in hardware or kernel) available. + * + * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C + * + * Note: If you use the default implementation functions that read a seedfile + * with regular fopen(), please make sure you make a seedfile with the + * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at + * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from + * and written to or you will get an entropy source error! + */ +//#define MBEDTLS_ENTROPY_NV_SEED + /** * \def MBEDTLS_MEMORY_DEBUG * @@ -2473,6 +2493,9 @@ //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ @@ -2485,6 +2508,8 @@ //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ /* Note: your snprintf must correclty zero-terminate the buffer! */ //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 039cb587a..10137d781 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -3,7 +3,7 @@ * * \brief mbed TLS Platform abstraction layer * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -76,12 +76,22 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) #define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */ #endif +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) +#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read +#endif +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) +#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write +#endif +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE) +#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" +#endif #else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) #include MBEDTLS_PLATFORM_STD_MEM_HDR #endif #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ + /* \} name SECTION: Module settings */ /* @@ -262,6 +272,47 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time #endif /* MBEDTLS_PLATFORM_TIME_MACRO */ #endif /* MBEDTLS_PLATFORM_TIME_ALT */ +/* + * The function pointers for reading from and writing a seed file to + * Non-Volatile storage (NV) in a platform-independent way + * + * Only enabled when the NV seed entropy source is enabled + */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) +#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) +/* Internal standard platform definitions */ +int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ); +int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ); +#endif + +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) +extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ); +extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ); + +/** + * \brief Set your own seed file writing/reading functions + * + * \param nv_seed_read_func the seed reading function implementation + * \param nv_seed_write_func the seed writing function implementation + * + * \return 0 + */ +int mbedtls_platform_set_nv_seed( + int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), + int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) + ); +#else +#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \ + defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) +#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO +#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO +#else +#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read +#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write +#endif +#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 89a2bd65d..68ca45d10 100644 --- a/library/platform.c +++ b/library/platform.c @@ -1,7 +1,7 @@ /* * Platform abstraction layer * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -213,4 +213,91 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time } #endif /* MBEDTLS_PLATFORM_TIME_ALT */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) +#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) +/* Default implementations for the platform independent seed functions use + * standard libc file functions to read from and write to a pre-defined filename + */ +int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) +{ + FILE *file; + size_t n; + + if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL ) + return -1; + + if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) + { + fclose( file ); + return -1; + } + + fclose( file ); + return( n ); +} + +int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) +{ + FILE *file; + size_t n; + + if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL ) + return -1; + + if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len ) + { + fclose( file ); + return -1; + } + + fclose( file ); + return( n ); +} +#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ + +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) +/* + * Make dummy function to prevent NULL pointer dereferences + */ +static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len ) +{ + ((void) buf); + ((void) buf_len); + return( -1 ); +} + +#define MBEDTLS_PLATFORM_STD_NV_SEED_READ platform_nv_seed_read_uninit +#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_READ */ + +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) +/* + * Make dummy function to prevent NULL pointer dereferences + */ +static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len ) +{ + ((void) buf); + ((void) buf_len); + return( -1 ); +} + +#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE platform_nv_seed_write_uninit +#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */ + +int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) = + MBEDTLS_PLATFORM_STD_NV_SEED_READ; +int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) = + MBEDTLS_PLATFORM_STD_NV_SEED_WRITE; + +int mbedtls_platform_set_nv_seed( + int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), + int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) ) +{ + mbedtls_nv_seed_read = nv_seed_read_func; + mbedtls_nv_seed_write = nv_seed_write_func; + return( 0 ); +} +#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #endif /* MBEDTLS_PLATFORM_C */ From 54c43fca365bff61c093d746e00c0b04037c3284 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 11:29:42 +0100 Subject: [PATCH 328/399] Introduce mbedtls_nv_seed_poll() entropy polling function --- include/mbedtls/entropy_poll.h | 12 +++++++++++- library/entropy.c | 7 ++++++- library/entropy_poll.c | 28 +++++++++++++++++++++++++++- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index dc1191134..123f09c2b 100644 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -3,7 +3,7 @@ * * \brief Platform-specific and custom entropy polling functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -82,6 +82,16 @@ int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen ); #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) +/** + * \brief Entropy poll callback for a non-volatile seed file + * + * \note This must accept NULL as its first argument. + */ +int mbedtls_nv_seed_poll( void *data, + unsigned char *output, size_t len, size_t *olen ); +#endif + #ifdef __cplusplus } #endif diff --git a/library/entropy.c b/library/entropy.c index cdbd35c34..e93ed4f14 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -1,7 +1,7 @@ /* * Entropy accumulator implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -94,6 +94,11 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) MBEDTLS_ENTROPY_MIN_HARDWARE, MBEDTLS_ENTROPY_SOURCE_STRONG ); #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) + mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL, + MBEDTLS_ENTROPY_BLOCK_SIZE, + MBEDTLS_ENTROPY_SOURCE_STRONG ); +#endif #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ } diff --git a/library/entropy_poll.c b/library/entropy_poll.c index e2f45c78a..fcb7d8b33 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -1,7 +1,7 @@ /* * Platform-specific and custom entropy polling functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -37,6 +37,9 @@ #if defined(MBEDTLS_HAVEGE_C) #include "mbedtls/havege.h" #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) +#include "mbedtls/platform.h" +#endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) @@ -222,4 +225,27 @@ int mbedtls_havege_poll( void *data, } #endif /* MBEDTLS_HAVEGE_C */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) +int mbedtls_nv_seed_poll( void *data, + unsigned char *output, size_t len, size_t *olen ) +{ + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; + ((void) data); + + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + + if( len < use_len ) + use_len = len; + + memcpy( output, buf, use_len ); + *olen = use_len; + + return( 0 ); +} +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #endif /* MBEDTLS_ENTROPY_C */ From 7da307105c19f1477fca3d61c812c7560e0b4cc5 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 11:30:54 +0100 Subject: [PATCH 329/399] Automatically update NV seed on initial entropy run Update the NV entropy seed before generating any entropy for outside use. The reason this is triggered here and not in mbedtls_entropy_init(), is that not all entropy sources mights have been added at that time. --- include/mbedtls/entropy.h | 14 +++++++++++++- library/entropy.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 00de9a6e5..c9bd9613d 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -3,7 +3,7 @@ * * \brief Entropy accumulator implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -208,6 +208,18 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ); int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, const unsigned char *data, size_t len ); +#if defined(MBEDTLS_ENTROPY_NV_SEED) +/** + * \brief Trigger an update of the seed file in NV by using the + * current entropy pool. + * + * \param ctx Entropy context + * + * \return 0 if successful + */ +int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ); +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #if defined(MBEDTLS_FS_IO) /** * \brief Write a seed file diff --git a/library/entropy.c b/library/entropy.c index e93ed4f14..1982b1096 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -54,6 +54,10 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +#if defined(MBEDTLS_ENTROPY_NV_SEED) +static int initial_entropy_run = 0; +#endif + #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) @@ -277,6 +281,18 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) if( len > MBEDTLS_ENTROPY_BLOCK_SIZE ) return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); +#if defined(MBEDTLS_ENTROPY_NV_SEED) + /* Update the NV entropy seed before generating any entropy for outside + * use. + */ + if( initial_entropy_run == 0 ) + { + initial_entropy_run = 1; + if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 ) + return( ret ); + } +#endif + #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) return( ret ); @@ -351,6 +367,27 @@ exit: return( ret ); } +#if defined(MBEDTLS_ENTROPY_NV_SEED) +int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) +{ + int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; + unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ]; + + /* Read new seed and write it to NV */ + if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + return( ret ); + + if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) + return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); + + /* Manually update the remaining stream with a separator value to diverge */ + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + return( 0 ); +} +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #if defined(MBEDTLS_FS_IO) int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ) { From a9c321cef594438a4f8c03c0aae9665f6cc4c6d1 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 11:44:12 +0100 Subject: [PATCH 330/399] Add MBEDTLS_FS_IO guard on default NV seed defines in platform.h The default implementation won't work without MBEDTLS_FS_IO, so leave undefined otherwise. --- include/mbedtls/platform.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 10137d781..5fa01b5b3 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -76,6 +76,7 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) #define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */ #endif +#if defined(MBEDTLS_FS_IO) #if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) #define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read #endif @@ -85,6 +86,7 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE) #define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" #endif +#endif /* MBEDTLS_FS_IO */ #else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) #include MBEDTLS_PLATFORM_STD_MEM_HDR From 960292337c461f99070c677bfaeab3016222b4b2 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 15:25:50 +0100 Subject: [PATCH 331/399] Initial entropy run should be context specific Otherwise test influence each other. Is a change to the context but only if the NV seed feature is enabled --- include/mbedtls/entropy.h | 3 +++ library/entropy.c | 8 ++------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index c9bd9613d..fed0494ed 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -134,6 +134,9 @@ typedef struct #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; /*!< mutex */ #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) + int initial_entropy_run; +#endif } mbedtls_entropy_context; diff --git a/library/entropy.c b/library/entropy.c index 1982b1096..dc2a00c85 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -54,10 +54,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(MBEDTLS_ENTROPY_NV_SEED) -static int initial_entropy_run = 0; -#endif - #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) @@ -285,9 +281,9 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) /* Update the NV entropy seed before generating any entropy for outside * use. */ - if( initial_entropy_run == 0 ) + if( ctx->initial_entropy_run == 0 ) { - initial_entropy_run = 1; + ctx->initial_entropy_run = 1; if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 ) return( ret ); } From ffbfb4c24cc3007de9d53e9410b8265423541633 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 15:36:18 +0100 Subject: [PATCH 332/399] Add test cases for NV seed functionality A standard 'test' that writes a seed file is added so that regular tests still can succeed. This is in lieu of a 'SUITE_PRE_CODE' kind of arrangement where a suite can run code before (and after) all other code runs. A test is added that checks if we can read and write the standard NV seed file A test is added that actually checks if the entropy and seed file values that are the result of just using the NV seed are the same as the manual calculation. --- tests/suites/test_suite_entropy.data | 15 ++ tests/suites/test_suite_entropy.function | 203 +++++++++++++++++++++++ 2 files changed, 218 insertions(+) diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 833eef565..5ca99f85c 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -1,3 +1,6 @@ +Create NV seed_file +nv_seed_file_create: + Entropy write/update seed file entropy_seed_file:"data_files/entropy_seed":0 @@ -37,5 +40,17 @@ entropy_threshold:16:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED Entropy thershold #4 entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED +Check NV seed standard IO +entropy_nv_seed_std_io: + +Check NV seed manually #1 +entropy_nv_seed:"00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF" + +Check NV seed manually #2 +entropy_nv_seed:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + +Check NV seed manually #3 +entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + Entropy self test entropy_selftest: diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 3b739cce9..999b5f667 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/entropy.h" +#include "mbedtls/entropy_poll.h" /* * Number of calls made to entropy_dummy_source() @@ -33,6 +34,86 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } + +/* + * Ability to clear entropy sources to allow testing with just predefined + * entropy sources. This function or tests depending on it might break if there + * are internal changes to how entropy sources are registered. + * + * To be called immediately after mbedtls_entropy_init(). + * + * Just resetting the counter. New sources will overwrite existing ones. + * This might break memory checks in the future if sources need 'free-ing' then + * as well. + */ +static void entropy_clear_sources( mbedtls_entropy_context *ctx ) +{ + ctx->source_count = 0; +} + +/* + * NV seed read/write functions that use a buffer instead of a file + */ +static unsigned char buffer_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + +static int buffer_nv_seed_read( unsigned char *buf, size_t buf_len ) +{ + if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + memcpy( buf, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + return( 0 ); +} + +static int buffer_nv_seed_write( unsigned char *buf, size_t buf_len ) +{ + if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + memcpy( buffer_seed, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + return( 0 ); +} + +/* + * NV seed read/write helpers that fill the base seedfile + */ +static int write_nv_seed( unsigned char *buf, size_t buf_len ) +{ + FILE *f; + + if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + if( ( f = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL ) + return( -1 ); + + if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != + MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + fclose( f ); + + return( 0 ); +} + +static int read_nv_seed( unsigned char *buf, size_t buf_len ) +{ + FILE *f; + + if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + if( ( f = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL ) + return( -1 ); + + if( fread( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != + MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + fclose( f ); + + return( 0 ); +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -160,6 +241,10 @@ void entropy_threshold( int threshold, int chunk_size, int result ) if( result >= 0 ) { TEST_ASSERT( ret == 0 ); +#if defined(MBEDTLS_ENTROPY_NV_SEED) + // Two times as much calls due to the NV seed update + result *= 2; +#endif TEST_ASSERT( entropy_dummy_calls == (size_t) result ); } else @@ -172,6 +257,124 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ +void nv_seed_file_create() +{ + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + TEST_ASSERT( write_nv_seed( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ +void entropy_nv_seed_std_io() +{ + unsigned char io_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + memset( io_seed, 1, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( check_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + mbedtls_platform_set_nv_seed( mbedtls_platform_std_nv_seed_read, + mbedtls_platform_std_nv_seed_write ); + + /* Check if platform NV read and write manipulate the same data */ + TEST_ASSERT( write_nv_seed( io_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + TEST_ASSERT( mbedtls_nv_seed_read( check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == + MBEDTLS_ENTROPY_BLOCK_SIZE ); + + TEST_ASSERT( memcmp( io_seed, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + + memset( check_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + /* Check if platform NV write and raw read manipulate the same data */ + TEST_ASSERT( mbedtls_nv_seed_write( io_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == + MBEDTLS_ENTROPY_BLOCK_SIZE ); + TEST_ASSERT( read_nv_seed( check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + + TEST_ASSERT( memcmp( io_seed, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_SHA512_C */ +void entropy_nv_seed( char *read_seed_str ) +{ + mbedtls_sha512_context accumulator; + mbedtls_entropy_context ctx; + + unsigned char header[2]; + unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char empty[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char read_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + memset( entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( buffer_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + // Set the initial NV seed to read + unhexify( read_seed, read_seed_str ); + memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + // Make sure we read/write NV seed from our buffers + mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write ); + + mbedtls_entropy_init( &ctx ); + entropy_clear_sources( &ctx ); + + TEST_ASSERT( mbedtls_entropy_add_source( &ctx, mbedtls_nv_seed_poll, NULL, + MBEDTLS_ENTROPY_BLOCK_SIZE, + MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 ); + + // Do an entropy run + TEST_ASSERT( mbedtls_entropy_func( &ctx, entropy, sizeof( entropy ) ) == 0 ); + + // Determine what should have happened with manual entropy internal logic + // Only use the SHA-512 version to check + + // Init accumulator + header[1] = MBEDTLS_ENTROPY_BLOCK_SIZE; + mbedtls_sha512_starts( &accumulator, 0 ); + + // First run for updating write_seed + header[0] = 0; + mbedtls_sha512_update( &accumulator, header, 2 ); + mbedtls_sha512_update( &accumulator, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + mbedtls_sha512_finish( &accumulator, buf ); + + memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) ); + mbedtls_sha512_starts( &accumulator, 0 ); + mbedtls_sha512_update( &accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_seed, 0 ); + + // Second run for actual entropy (triggers mbedtls_entropy_update_nv_seed) + header[0] = MBEDTLS_ENTROPY_SOURCE_MANUAL; + mbedtls_sha512_update( &accumulator, header, 2 ); + mbedtls_sha512_update( &accumulator, empty, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + header[0] = 0; + mbedtls_sha512_update( &accumulator, header, 2 ); + mbedtls_sha512_update( &accumulator, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + mbedtls_sha512_finish( &accumulator, buf ); + + mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_entropy, 0 ); + + // Check result of both NV file and entropy received with the manual calculations + TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + + mbedtls_entropy_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void entropy_selftest( ) { From 38f314550a17b4d3fbec7f3ab16e8b0316e95f2c Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 15:58:12 +0100 Subject: [PATCH 333/399] Update features file --- library/version_features.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index b852ca81a..a9b1c5345 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -66,6 +66,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) "MBEDTLS_PLATFORM_SNPRINTF_ALT", #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) + "MBEDTLS_PLATFORM_NV_SEED_ALT", +#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ @@ -291,6 +294,9 @@ static const char *features[] = { #if defined(MBEDTLS_ENTROPY_FORCE_SHA256) "MBEDTLS_ENTROPY_FORCE_SHA256", #endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) + "MBEDTLS_ENTROPY_NV_SEED", +#endif /* MBEDTLS_ENTROPY_NV_SEED */ #if defined(MBEDTLS_MEMORY_DEBUG) "MBEDTLS_MEMORY_DEBUG", #endif /* MBEDTLS_MEMORY_DEBUG */ From 4a6c6fc72d248ae9fa8ec92e72416353b80886d3 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 16:34:25 +0100 Subject: [PATCH 334/399] Properly gate NV_SEED additions in test suite --- tests/suites/test_suite_entropy.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 999b5f667..82f83325d 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -35,6 +35,7 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } +#if defined(MBEDTLS_ENTROPY_NV_SEED) /* * Ability to clear entropy sources to allow testing with just predefined * entropy sources. This function or tests depending on it might break if there @@ -114,6 +115,7 @@ static int read_nv_seed( unsigned char *buf, size_t buf_len ) return( 0 ); } +#endif /* MBEDTLS_ENTROPY_NV_SEED */ /* END_HEADER */ /* BEGIN_DEPENDENCIES From b598c293ceedbbd72a217730e57759274de147c8 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 16:57:11 +0100 Subject: [PATCH 335/399] Fix dependency guard for test --- tests/suites/test_suite_entropy.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 82f83325d..cb83a8fe4 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -270,7 +270,7 @@ void nv_seed_file_create() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO:MBEDTLS_PLATFORM_NV_SEED_ALT */ void entropy_nv_seed_std_io() { unsigned char io_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; From 0febc80396dc42c3ccc0af41522954504c5bb747 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 3 Jun 2016 15:40:57 +0100 Subject: [PATCH 336/399] Address issues find by manual coverity scan. --- library/debug.c | 2 +- library/ssl_tls.c | 2 +- programs/aes/crypt_and_hash.c | 19 ++++++++++++++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index a032478da..a9cd814be 100644 --- a/library/debug.c +++ b/library/debug.c @@ -86,7 +86,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, char str[DEBUG_BUF_SIZE]; int ret; - if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold ) + if( NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || level > debug_threshold ) return; va_start( argp, format ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9208ec9c8..80a908d9c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5773,7 +5773,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, { mbedtls_ecjpake_role role; - if( ssl->handshake == NULL && ssl->conf == NULL ) + if( ssl->handshake == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 102144eca..4af39a542 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -184,7 +184,12 @@ int main( int argc, char *argv[] ) mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] ); goto exit; } - mbedtls_md_setup( &md_ctx, md_info, 1 ); + + if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 ) + { + mbedtls_fprintf( stderr, "mbedtls_md_setup unsuccessful: This shouldn't happen.\n" ); + goto exit; + } /* * Read the secret key and clean the command line. @@ -399,6 +404,18 @@ int main( int argc, char *argv[] ) goto exit; } + /* + * Make coverity happy. + */ + if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 ) + { + mbedtls_fprintf( stderr, "mbedtls_cipher_get_block_size returned with 0. This shouldn't happen.\n" ); + goto exit; + } + + /* + * Check the file size. + */ if( ( ( filesize - mbedtls_md_get_size( md_info ) ) % mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 ) { From 50cdede726a868cc8a05cb2af226d327733884c6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 6 Jun 2016 20:15:33 +0100 Subject: [PATCH 337/399] Revert accidental changes to file mode of rsa.c --- library/rsa.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 library/rsa.c diff --git a/library/rsa.c b/library/rsa.c old mode 100755 new mode 100644 From dc7b15c11f5818c380d2196075435e61995c4dfc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 31 May 2016 14:03:54 +0100 Subject: [PATCH 338/399] Address user reported coverity issues. --- include/mbedtls/cipher.h | 1 + library/base64.c | 2 +- library/camellia.c | 50 ++++++++++++++++++------------------ library/cipher.c | 34 ++++++++++++++++-------- library/ecp.c | 4 ++- library/error.c | 2 ++ library/x509_crt.c | 16 ++++++++++-- programs/pkey/dh_client.c | 1 + programs/pkey/dh_genprime.c | 1 + programs/pkey/dh_server.c | 2 ++ programs/pkey/pk_sign.c | 1 + programs/pkey/rsa_decrypt.c | 1 + programs/pkey/rsa_encrypt.c | 1 + programs/pkey/rsa_sign.c | 1 + programs/pkey/rsa_sign_pss.c | 1 + programs/pkey/rsa_verify.c | 1 + programs/test/selftest.c | 3 ++- 17 files changed, 81 insertions(+), 41 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 70000f5e6..c9675544a 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -57,6 +57,7 @@ #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ +#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */ #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */ #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */ diff --git a/library/base64.c b/library/base64.c index 3432e5fcd..5cb12cba7 100644 --- a/library/base64.c +++ b/library/base64.c @@ -97,7 +97,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, n *= 4; - if( dlen < n + 1 ) + if( ( dlen < n + 1 ) || ( NULL == dst ) ) { *olen = n + 1; return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); diff --git a/library/camellia.c b/library/camellia.c index d50513fd0..ac6f96a83 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -963,38 +963,38 @@ int mbedtls_camellia_self_test( int verbose ) mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); - memcpy( src, camellia_test_cbc_iv, 16 ); - memcpy( dst, camellia_test_cbc_iv, 16 ); - memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); - - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); - } else { - mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); - } - - for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { + memcpy( src, camellia_test_cbc_iv, 16 ); + memcpy( dst, camellia_test_cbc_iv, 16 ); + memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - memcpy( iv , src, 16 ); - memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); - memcpy( dst, camellia_test_cbc_plain[i], 16 ); - } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ - memcpy( iv , dst, 16 ); - memcpy( src, camellia_test_cbc_plain[i], 16 ); - memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); + mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); + } else { + mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); } - mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); + for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { - if( memcmp( buf, dst, 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if( v == MBEDTLS_CAMELLIA_DECRYPT ) { + memcpy( iv , src, 16 ); + memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); + memcpy( dst, camellia_test_cbc_plain[i], 16 ); + } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ + memcpy( iv , dst, 16 ); + memcpy( src, camellia_test_cbc_plain[i], 16 ); + memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); + } - return( 1 ); + mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); + + if( memcmp( buf, dst, 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } } - } if( verbose != 0 ) mbedtls_printf( "passed\n" ); diff --git a/library/cipher.c b/library/cipher.c index 0dc51520f..bbe40eb39 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -252,6 +252,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i size_t ilen, unsigned char *output, size_t *olen ) { int ret; + size_t block_size = 0; if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) { @@ -259,10 +260,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i } *olen = 0; + block_size = mbedtls_cipher_get_block_size( ctx ); if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) { - if( ilen != mbedtls_cipher_get_block_size( ctx ) ) + if( ilen != block_size ) return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); *olen = ilen; @@ -285,8 +287,13 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i } #endif + if ( 0 == block_size ) + { + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + } + if( input == output && - ( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) ) + ( ctx->unprocessed_len != 0 || ilen % block_size ) ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } @@ -300,9 +307,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) || + ilen + ctx->unprocessed_len <= block_size ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) ) + ilen + ctx->unprocessed_len < block_size ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); @@ -314,22 +321,22 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * Process cached data first */ - if( ctx->unprocessed_len != 0 ) + if( 0 != ctx->unprocessed_len ) { - copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len; + copy_len = block_size - ctx->unprocessed_len; memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, copy_len ); if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, + ctx->operation, block_size, ctx->iv, ctx->unprocessed_data, output ) ) ) { return( ret ); } - *olen += mbedtls_cipher_get_block_size( ctx ); - output += mbedtls_cipher_get_block_size( ctx ); + *olen += block_size; + output += block_size; ctx->unprocessed_len = 0; input += copy_len; @@ -341,9 +348,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i */ if( 0 != ilen ) { - copy_len = ilen % mbedtls_cipher_get_block_size( ctx ); + if( 0 == block_size ) + { + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + } + + copy_len = ilen % block_size; if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) - copy_len = mbedtls_cipher_get_block_size( ctx ); + copy_len = block_size; memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len ); diff --git a/library/ecp.c b/library/ecp.c index 19bb4882e..f51f2251e 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1827,7 +1827,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, /* [M225] page 5 */ size_t b; - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); + } while( mbedtls_mpi_bitlen( d ) == 0); /* Make sure the most significant bit is nbits */ b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */ diff --git a/library/error.c b/library/error.c index 4718b514d..4bd15bfee 100644 --- a/library/error.c +++ b/library/error.c @@ -183,6 +183,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); + if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) ) + mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" ); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) diff --git a/library/x509_crt.c b/library/x509_crt.c index c3adf7c86..af6c2a4a5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -970,7 +970,9 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { int success = 0, first_error = 0, total_failed = 0; +#if defined(MBEDTLS_PEM_PARSE_C) int buf_format = MBEDTLS_X509_FORMAT_DER; +#endif /* * Check for valid input @@ -988,10 +990,12 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s { buf_format = MBEDTLS_X509_FORMAT_PEM; } -#endif if( buf_format == MBEDTLS_X509_FORMAT_DER ) return mbedtls_x509_crt_parse_der( chain, buf, buflen ); +#else + return mbedtls_x509_crt_parse_der( chain, buf, buflen ); +#endif #if defined(MBEDTLS_PEM_PARSE_C) if( buf_format == MBEDTLS_X509_FORMAT_PEM ) @@ -1064,7 +1068,6 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s success = 1; } } -#endif /* MBEDTLS_PEM_PARSE_C */ if( success ) return( total_failed ); @@ -1072,6 +1075,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s return( first_error ); else return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); +#endif /* MBEDTLS_PEM_PARSE_C */ } #if defined(MBEDTLS_FS_IO) @@ -1353,6 +1357,14 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, p = buf; n = size; + if( NULL == crt ) + { + ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); + MBEDTLS_X509_SAFE_SNPRINTF; + + return( (int) ( size - n ) ); + } + ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", prefix, crt->version ); MBEDTLS_X509_SAFE_SNPRINTF; diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 230bf4d7c..8ebf34a77 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -125,6 +125,7 @@ int main( void ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index d30c73bf7..072fe138f 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -172,6 +172,7 @@ int main( int argc, char **argv ) ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); + fclose( fout ); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index cb156f79b..7eef845df 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -132,6 +132,7 @@ int main( void ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } @@ -157,6 +158,7 @@ int main( void ) mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 ) { mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 322e8aff0..daf08a905 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -142,6 +142,7 @@ int main( int argc, char *argv[] ) if( fwrite( buf, 1, olen, f ) != olen ) { mbedtls_printf( "failed\n ! fwrite failed\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 94431e0ce..194f2de40 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -116,6 +116,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 796343f1b..d3e415a2b 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -110,6 +110,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index e897c6519..da723412b 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -98,6 +98,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index c045a04c1..7b6f14dd8 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -153,6 +153,7 @@ int main( int argc, char *argv[] ) if( fwrite( buf, 1, olen, f ) != olen ) { mbedtls_printf( "failed\n ! fwrite failed\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index ade36dc83..8bc51d85e 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -89,6 +89,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 6ca07bba2..7698b629f 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -397,6 +397,7 @@ int main( int argc, char *argv[] ) if( suites_failed > 0) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); - mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); + /* return() is here to prevent compiler warnings */ + return( 0 ); } From d3644651500a2a6e40d604c9b8e0b29d4f48823c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 6 Jun 2016 13:18:39 +0100 Subject: [PATCH 339/399] Make basic-build-test.sh clean up after itself. --- tests/scripts/basic-build-test.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 010c0c67f..9fab39637 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -36,10 +36,13 @@ if [ -d library -a -d include -a -d tests ]; then :; else exit 1 fi +CONFIG_H='include/mbedtls/config.h' +CONFIG_BAK="$CONFIG_H.bak" # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' make clean +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE make -j @@ -204,3 +207,9 @@ rm compat-test-$TEST_OUTPUT rm cov-$TEST_OUTPUT cd .. + +make clean + +if [ -f "$CONFIG_BAK" ]; then + mv "$CONFIG_BAK" "$CONFIG_H" +fi From f5e1101b8f3112a9b2cd3d5c6a4aee73f57e55f9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 7 Jun 2016 10:29:05 +0100 Subject: [PATCH 340/399] Make error messages in crypt_and_hash better. --- programs/aes/crypt_and_hash.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 4af39a542..a14d20c10 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -187,7 +187,7 @@ int main( int argc, char *argv[] ) if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 ) { - mbedtls_fprintf( stderr, "mbedtls_md_setup unsuccessful: This shouldn't happen.\n" ); + mbedtls_fprintf( stderr, "mbedtls_md_setup failed\n" ); goto exit; } @@ -404,12 +404,9 @@ int main( int argc, char *argv[] ) goto exit; } - /* - * Make coverity happy. - */ if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 ) { - mbedtls_fprintf( stderr, "mbedtls_cipher_get_block_size returned with 0. This shouldn't happen.\n" ); + mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" ); goto exit; } From 2a9ef7445d69b70330ec36e870d115dd82284c74 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 7 Jun 2016 10:59:03 +0100 Subject: [PATCH 341/399] Update documentation for MBEDTLS_ENTROPY_NV_SEED --- include/mbedtls/config.h | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index fcc4a80e9..86d8aa4bd 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -811,11 +811,20 @@ * * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C * - * Note: If you use the default implementation functions that read a seedfile + * \note The read/write functions that are used by the entropy source are + * determined in the platform layer, and can be modified at runtime and/or + * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. + * + * \note If you use the default implementation functions that read a seedfile * with regular fopen(), please make sure you make a seedfile with the * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from - * and written to or you will get an entropy source error! + * and written to or you will get an entropy source error! The default + * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE + * bytes from the file. + * + * \note The entropy collector will write to the seed file before entropy is + * given to an external source, to update it. */ //#define MBEDTLS_ENTROPY_NV_SEED From c568762a5c3b09fb1e6f263f832b7486db542a86 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 7 Jun 2016 11:06:09 +0100 Subject: [PATCH 342/399] Fix dependency on MBEDTLS_ENTROPY_SHA512_ACCUMULATOR in test suite --- tests/suites/test_suite_entropy.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index cb83a8fe4..d1ef94b6e 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -300,7 +300,7 @@ void entropy_nv_seed_std_io() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_SHA512_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ void entropy_nv_seed( char *read_seed_str ) { mbedtls_sha512_context accumulator; From 041435a19f0adc0499d62f0b7e2efa399989f593 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 6 Jun 2016 20:15:33 +0100 Subject: [PATCH 343/399] Revert accidental changes to file mode of rsa.c --- library/rsa.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 library/rsa.c diff --git a/library/rsa.c b/library/rsa.c old mode 100755 new mode 100644 From 78da223f68e039f9e94cdaff35314779b9d126a9 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 6 Jun 2016 20:15:33 +0100 Subject: [PATCH 344/399] Revert accidental changes to file mode of rsa.c --- library/rsa.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 library/rsa.c diff --git a/library/rsa.c b/library/rsa.c old mode 100755 new mode 100644 From ce52d7823c0c8dc4011ba841cda28050ced336fb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 31 May 2016 14:03:54 +0100 Subject: [PATCH 345/399] Address user reported coverity issues. --- include/mbedtls/cipher.h | 1 + library/base64.c | 2 +- library/camellia.c | 50 ++++++++++++++++++------------------ library/cipher.c | 34 ++++++++++++++++-------- library/ecp.c | 4 ++- library/error.c | 2 ++ library/x509_crt.c | 16 ++++++++++-- programs/pkey/dh_client.c | 1 + programs/pkey/dh_genprime.c | 1 + programs/pkey/dh_server.c | 2 ++ programs/pkey/pk_sign.c | 1 + programs/pkey/rsa_decrypt.c | 1 + programs/pkey/rsa_encrypt.c | 1 + programs/pkey/rsa_sign.c | 1 + programs/pkey/rsa_sign_pss.c | 1 + programs/pkey/rsa_verify.c | 1 + programs/test/selftest.c | 3 ++- 17 files changed, 81 insertions(+), 41 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 70000f5e6..c9675544a 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -57,6 +57,7 @@ #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ +#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */ #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */ #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */ diff --git a/library/base64.c b/library/base64.c index 3432e5fcd..5cb12cba7 100644 --- a/library/base64.c +++ b/library/base64.c @@ -97,7 +97,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, n *= 4; - if( dlen < n + 1 ) + if( ( dlen < n + 1 ) || ( NULL == dst ) ) { *olen = n + 1; return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); diff --git a/library/camellia.c b/library/camellia.c index d50513fd0..ac6f96a83 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -963,38 +963,38 @@ int mbedtls_camellia_self_test( int verbose ) mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); - memcpy( src, camellia_test_cbc_iv, 16 ); - memcpy( dst, camellia_test_cbc_iv, 16 ); - memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); - - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); - } else { - mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); - } - - for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { + memcpy( src, camellia_test_cbc_iv, 16 ); + memcpy( dst, camellia_test_cbc_iv, 16 ); + memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - memcpy( iv , src, 16 ); - memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); - memcpy( dst, camellia_test_cbc_plain[i], 16 ); - } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ - memcpy( iv , dst, 16 ); - memcpy( src, camellia_test_cbc_plain[i], 16 ); - memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); + mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); + } else { + mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); } - mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); + for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { - if( memcmp( buf, dst, 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if( v == MBEDTLS_CAMELLIA_DECRYPT ) { + memcpy( iv , src, 16 ); + memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); + memcpy( dst, camellia_test_cbc_plain[i], 16 ); + } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ + memcpy( iv , dst, 16 ); + memcpy( src, camellia_test_cbc_plain[i], 16 ); + memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); + } - return( 1 ); + mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); + + if( memcmp( buf, dst, 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } } - } if( verbose != 0 ) mbedtls_printf( "passed\n" ); diff --git a/library/cipher.c b/library/cipher.c index 0dc51520f..bbe40eb39 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -252,6 +252,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i size_t ilen, unsigned char *output, size_t *olen ) { int ret; + size_t block_size = 0; if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) { @@ -259,10 +260,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i } *olen = 0; + block_size = mbedtls_cipher_get_block_size( ctx ); if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) { - if( ilen != mbedtls_cipher_get_block_size( ctx ) ) + if( ilen != block_size ) return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); *olen = ilen; @@ -285,8 +287,13 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i } #endif + if ( 0 == block_size ) + { + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + } + if( input == output && - ( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) ) + ( ctx->unprocessed_len != 0 || ilen % block_size ) ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } @@ -300,9 +307,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) || + ilen + ctx->unprocessed_len <= block_size ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) ) + ilen + ctx->unprocessed_len < block_size ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); @@ -314,22 +321,22 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * Process cached data first */ - if( ctx->unprocessed_len != 0 ) + if( 0 != ctx->unprocessed_len ) { - copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len; + copy_len = block_size - ctx->unprocessed_len; memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, copy_len ); if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, + ctx->operation, block_size, ctx->iv, ctx->unprocessed_data, output ) ) ) { return( ret ); } - *olen += mbedtls_cipher_get_block_size( ctx ); - output += mbedtls_cipher_get_block_size( ctx ); + *olen += block_size; + output += block_size; ctx->unprocessed_len = 0; input += copy_len; @@ -341,9 +348,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i */ if( 0 != ilen ) { - copy_len = ilen % mbedtls_cipher_get_block_size( ctx ); + if( 0 == block_size ) + { + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + } + + copy_len = ilen % block_size; if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) - copy_len = mbedtls_cipher_get_block_size( ctx ); + copy_len = block_size; memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len ); diff --git a/library/ecp.c b/library/ecp.c index 19bb4882e..f51f2251e 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1827,7 +1827,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, /* [M225] page 5 */ size_t b; - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); + } while( mbedtls_mpi_bitlen( d ) == 0); /* Make sure the most significant bit is nbits */ b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */ diff --git a/library/error.c b/library/error.c index 4718b514d..4bd15bfee 100644 --- a/library/error.c +++ b/library/error.c @@ -183,6 +183,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); + if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) ) + mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" ); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) diff --git a/library/x509_crt.c b/library/x509_crt.c index c3adf7c86..af6c2a4a5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -970,7 +970,9 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { int success = 0, first_error = 0, total_failed = 0; +#if defined(MBEDTLS_PEM_PARSE_C) int buf_format = MBEDTLS_X509_FORMAT_DER; +#endif /* * Check for valid input @@ -988,10 +990,12 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s { buf_format = MBEDTLS_X509_FORMAT_PEM; } -#endif if( buf_format == MBEDTLS_X509_FORMAT_DER ) return mbedtls_x509_crt_parse_der( chain, buf, buflen ); +#else + return mbedtls_x509_crt_parse_der( chain, buf, buflen ); +#endif #if defined(MBEDTLS_PEM_PARSE_C) if( buf_format == MBEDTLS_X509_FORMAT_PEM ) @@ -1064,7 +1068,6 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s success = 1; } } -#endif /* MBEDTLS_PEM_PARSE_C */ if( success ) return( total_failed ); @@ -1072,6 +1075,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s return( first_error ); else return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); +#endif /* MBEDTLS_PEM_PARSE_C */ } #if defined(MBEDTLS_FS_IO) @@ -1353,6 +1357,14 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, p = buf; n = size; + if( NULL == crt ) + { + ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); + MBEDTLS_X509_SAFE_SNPRINTF; + + return( (int) ( size - n ) ); + } + ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", prefix, crt->version ); MBEDTLS_X509_SAFE_SNPRINTF; diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 230bf4d7c..8ebf34a77 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -125,6 +125,7 @@ int main( void ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index d30c73bf7..072fe138f 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -172,6 +172,7 @@ int main( int argc, char **argv ) ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); + fclose( fout ); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index cb156f79b..7eef845df 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -132,6 +132,7 @@ int main( void ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } @@ -157,6 +158,7 @@ int main( void ) mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 ) { mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 322e8aff0..daf08a905 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -142,6 +142,7 @@ int main( int argc, char *argv[] ) if( fwrite( buf, 1, olen, f ) != olen ) { mbedtls_printf( "failed\n ! fwrite failed\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 94431e0ce..194f2de40 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -116,6 +116,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 796343f1b..d3e415a2b 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -110,6 +110,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index e897c6519..da723412b 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -98,6 +98,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index c045a04c1..7b6f14dd8 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -153,6 +153,7 @@ int main( int argc, char *argv[] ) if( fwrite( buf, 1, olen, f ) != olen ) { mbedtls_printf( "failed\n ! fwrite failed\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index ade36dc83..8bc51d85e 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -89,6 +89,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 6ca07bba2..7698b629f 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -397,6 +397,7 @@ int main( int argc, char *argv[] ) if( suites_failed > 0) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); - mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); + /* return() is here to prevent compiler warnings */ + return( 0 ); } From c4191e475bd53294c9929981723b1df1c215513a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 6 Jun 2016 13:18:39 +0100 Subject: [PATCH 346/399] Make basic-build-test.sh clean up after itself. --- tests/scripts/basic-build-test.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 010c0c67f..9fab39637 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -36,10 +36,13 @@ if [ -d library -a -d include -a -d tests ]; then :; else exit 1 fi +CONFIG_H='include/mbedtls/config.h' +CONFIG_BAK="$CONFIG_H.bak" # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' make clean +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE make -j @@ -204,3 +207,9 @@ rm compat-test-$TEST_OUTPUT rm cov-$TEST_OUTPUT cd .. + +make clean + +if [ -f "$CONFIG_BAK" ]; then + mv "$CONFIG_BAK" "$CONFIG_H" +fi From 79f58995c9d2e0aace924b69d50909501e07b416 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 6 Jun 2016 20:15:33 +0100 Subject: [PATCH 347/399] Revert accidental changes to file mode of rsa.c From 12e2bf848d7651ee9979d2823a49844ac9cf9344 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 8 Jun 2016 19:00:23 +0100 Subject: [PATCH 348/399] Removes target_config.h file from default and thread configs target_config.h is no longer needed for target/platform configurations so this change removes it from the default and platform configurations for mbed builds. --- configs/config-thread.h | 4 ---- include/mbedtls/config.h | 6 +----- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index 453b17f0a..3193a0404 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -85,10 +85,6 @@ /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif - #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0efee0454..0a8c05699 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2513,11 +2513,7 @@ /* X509 options */ //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ -/* \} name SECTION: Module configuration options */ - -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif +/* \} name SECTION: Customisation configuration options */ /* * Allow user to override any previous default. From 53de78444c657a7bfc374cbdb991567cbade8d0c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 8 Jun 2016 15:29:18 +0100 Subject: [PATCH 349/399] Add entropy safety switch. Add a switch that turns entropy collecting off entirely, but enables mbed TLS to run in an entirely unsafe mode. Enables to test mbed TLS on platforms that don't have their entropy sources integrated yet. --- include/mbedtls/check_config.h | 11 +++++++++++ include/mbedtls/config.h | 23 +++++++++++++++++++++++ include/mbedtls/entropy_poll.h | 8 ++++++++ library/entropy.c | 5 +++++ library/entropy_poll.c | 16 ++++++++++++++++ scripts/config.pl | 2 ++ 6 files changed, 65 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d31555df7..407cd571a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -130,6 +130,17 @@ #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif +#if defined(MBEDTLS_TEST_WO_ENTROPY) +#warning "MBEDTLS_TEST_WO_ENTROPY defined, this build provides no security!" +#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) +#error "MBEDTLS_TEST_WO_ENTROPY defined, but not all prerequisites" +#endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + defined(MBEDTLS_HAVEGE_C) +#error "MBEDTLS_TEST_WO_ENTROPY defined, but entropy sources too" +#endif +#endif + #if defined(MBEDTLS_GCM_C) && ( \ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) ) #error "MBEDTLS_GCM_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0efee0454..c42b88d74 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -278,6 +278,29 @@ //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT +/** + * \def MBEDTLS_TEST_WO_ENTROPY + * + * Enable testing mbed TLS without access to any entropy. This enables testing + * the library before the platforms entropy sources are integrated (, see for + * example the MBEDTLS_ENTROPY_HARDWARE_ALT or the MBEDTLS_ENTROPY_NV_SEED + * switch). + * + * WARNING! This switch is extremely DANGEROUS, don't use it in production code + * under any circumstances. This switch nullifies any security provided by the + * library. + */ +//#define MBEDTLS_TEST_WO_ENTROPY + + +/** + * \def MBEDTLS_ENTROPY_NV_SEED + * + * Strong software entropy source. It is not yet implemented, + * adding it because it is mutually exclusive with MBEDTLS_TEST_WO_ENTROPY. + */ +//#define MBEDTLS_ENTROPY_NV_SEED + /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT * diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index dc1191134..3fcfef269 100644 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -43,6 +43,14 @@ extern "C" { #define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */ #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ +/** + * \brief Entropy poll callback that provides 0 entropy. + */ +#if defined(MBEDTLS_TEST_WO_ENTROPY) + int mbedtls_zero_entropy_poll( void *data, + unsigned char *output, size_t len, size_t *olen ); +#endif + #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) /** * \brief Platform-specific entropy poll callback diff --git a/library/entropy.c b/library/entropy.c index cdbd35c34..381f73094 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -73,6 +73,11 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_havege_init( &ctx->havege_data ); #endif +#if defined(MBEDTLS_TEST_WO_ENTROPY) + mbedtls_entropy_add_source( ctx, mbedtls_zero_entropy_poll, NULL, + 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); +#endif + #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL, diff --git a/library/entropy_poll.c b/library/entropy_poll.c index e2f45c78a..79efb87e9 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -188,6 +188,22 @@ int mbedtls_platform_entropy_poll( void *data, #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ +#if defined(MBEDTLS_TEST_WO_ENTROPY) +int mbedtls_zero_entropy_poll( void *data, + unsigned char *output, size_t len, size_t *olen ) +{ + ((void) data); + *olen = 0; + + if( len < sizeof(unsigned char) ) + return( 0 ); + + *olen = sizeof(unsigned char); + + return( 0 ); +} +#endif + #if defined(MBEDTLS_TIMING_C) int mbedtls_hardclock_poll( void *data, unsigned char *output, size_t len, size_t *olen ) diff --git a/scripts/config.pl b/scripts/config.pl index a6dcfe7d7..ea7782108 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -18,6 +18,7 @@ # # Things that shouldn't be enabled with "full". # +# MBEDTLS_TEST_WO_ENTROPY # MBEDTLS_DEPRECATED_REMOVED # MBEDTLS_HAVE_SSE2 # MBEDTLS_PLATFORM_NO_STD_FUNCTIONS @@ -69,6 +70,7 @@ Options EOU my @excluded = qw( +MBEDTLS_TEST_WO_ENTROPY MBEDTLS_DEPRECATED_REMOVED MBEDTLS_HAVE_SSE2 MBEDTLS_PLATFORM_NO_STD_FUNCTIONS From 8eb64132da7ee43a7bcceebca050312b3a301b8f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 3 Jun 2016 15:40:57 +0100 Subject: [PATCH 350/399] Address issues find by manual coverity scan. --- library/debug.c | 2 +- library/ssl_tls.c | 2 +- programs/aes/crypt_and_hash.c | 19 ++++++++++++++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index a032478da..a9cd814be 100644 --- a/library/debug.c +++ b/library/debug.c @@ -86,7 +86,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, char str[DEBUG_BUF_SIZE]; int ret; - if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold ) + if( NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || level > debug_threshold ) return; va_start( argp, format ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9208ec9c8..80a908d9c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5773,7 +5773,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, { mbedtls_ecjpake_role role; - if( ssl->handshake == NULL && ssl->conf == NULL ) + if( ssl->handshake == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 102144eca..4af39a542 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -184,7 +184,12 @@ int main( int argc, char *argv[] ) mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] ); goto exit; } - mbedtls_md_setup( &md_ctx, md_info, 1 ); + + if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 ) + { + mbedtls_fprintf( stderr, "mbedtls_md_setup unsuccessful: This shouldn't happen.\n" ); + goto exit; + } /* * Read the secret key and clean the command line. @@ -399,6 +404,18 @@ int main( int argc, char *argv[] ) goto exit; } + /* + * Make coverity happy. + */ + if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 ) + { + mbedtls_fprintf( stderr, "mbedtls_cipher_get_block_size returned with 0. This shouldn't happen.\n" ); + goto exit; + } + + /* + * Check the file size. + */ if( ( ( filesize - mbedtls_md_get_size( md_info ) ) % mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 ) { From f991128d40cfca5b585130702d630c12625dcc61 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 6 Jun 2016 20:15:33 +0100 Subject: [PATCH 351/399] Revert accidental changes to file mode of rsa.c --- library/rsa.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 library/rsa.c diff --git a/library/rsa.c b/library/rsa.c old mode 100755 new mode 100644 From 98e28a74e33f32bcb855e16f8d5d2016b2102129 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 31 May 2016 14:03:54 +0100 Subject: [PATCH 352/399] Address user reported coverity issues. --- include/mbedtls/cipher.h | 1 + library/base64.c | 2 +- library/camellia.c | 50 ++++++++++++++++++------------------ library/cipher.c | 34 ++++++++++++++++-------- library/ecp.c | 4 ++- library/error.c | 2 ++ library/x509_crt.c | 16 ++++++++++-- programs/pkey/dh_client.c | 1 + programs/pkey/dh_genprime.c | 1 + programs/pkey/dh_server.c | 2 ++ programs/pkey/pk_sign.c | 1 + programs/pkey/rsa_decrypt.c | 1 + programs/pkey/rsa_encrypt.c | 1 + programs/pkey/rsa_sign.c | 1 + programs/pkey/rsa_sign_pss.c | 1 + programs/pkey/rsa_verify.c | 1 + programs/test/selftest.c | 3 ++- 17 files changed, 81 insertions(+), 41 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 70000f5e6..c9675544a 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -57,6 +57,7 @@ #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ +#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */ #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */ #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */ diff --git a/library/base64.c b/library/base64.c index 3432e5fcd..5cb12cba7 100644 --- a/library/base64.c +++ b/library/base64.c @@ -97,7 +97,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, n *= 4; - if( dlen < n + 1 ) + if( ( dlen < n + 1 ) || ( NULL == dst ) ) { *olen = n + 1; return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); diff --git a/library/camellia.c b/library/camellia.c index d50513fd0..ac6f96a83 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -963,38 +963,38 @@ int mbedtls_camellia_self_test( int verbose ) mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); - memcpy( src, camellia_test_cbc_iv, 16 ); - memcpy( dst, camellia_test_cbc_iv, 16 ); - memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); - - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); - } else { - mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); - } - - for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { + memcpy( src, camellia_test_cbc_iv, 16 ); + memcpy( dst, camellia_test_cbc_iv, 16 ); + memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - memcpy( iv , src, 16 ); - memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); - memcpy( dst, camellia_test_cbc_plain[i], 16 ); - } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ - memcpy( iv , dst, 16 ); - memcpy( src, camellia_test_cbc_plain[i], 16 ); - memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); + mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); + } else { + mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); } - mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); + for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { - if( memcmp( buf, dst, 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if( v == MBEDTLS_CAMELLIA_DECRYPT ) { + memcpy( iv , src, 16 ); + memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); + memcpy( dst, camellia_test_cbc_plain[i], 16 ); + } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ + memcpy( iv , dst, 16 ); + memcpy( src, camellia_test_cbc_plain[i], 16 ); + memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); + } - return( 1 ); + mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); + + if( memcmp( buf, dst, 16 ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } } - } if( verbose != 0 ) mbedtls_printf( "passed\n" ); diff --git a/library/cipher.c b/library/cipher.c index 0dc51520f..bbe40eb39 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -252,6 +252,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i size_t ilen, unsigned char *output, size_t *olen ) { int ret; + size_t block_size = 0; if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) { @@ -259,10 +260,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i } *olen = 0; + block_size = mbedtls_cipher_get_block_size( ctx ); if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) { - if( ilen != mbedtls_cipher_get_block_size( ctx ) ) + if( ilen != block_size ) return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); *olen = ilen; @@ -285,8 +287,13 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i } #endif + if ( 0 == block_size ) + { + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + } + if( input == output && - ( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) ) + ( ctx->unprocessed_len != 0 || ilen % block_size ) ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } @@ -300,9 +307,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && - ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) || + ilen + ctx->unprocessed_len <= block_size ) || ( ctx->operation == MBEDTLS_ENCRYPT && - ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) ) + ilen + ctx->unprocessed_len < block_size ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); @@ -314,22 +321,22 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * Process cached data first */ - if( ctx->unprocessed_len != 0 ) + if( 0 != ctx->unprocessed_len ) { - copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len; + copy_len = block_size - ctx->unprocessed_len; memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, copy_len ); if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, + ctx->operation, block_size, ctx->iv, ctx->unprocessed_data, output ) ) ) { return( ret ); } - *olen += mbedtls_cipher_get_block_size( ctx ); - output += mbedtls_cipher_get_block_size( ctx ); + *olen += block_size; + output += block_size; ctx->unprocessed_len = 0; input += copy_len; @@ -341,9 +348,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i */ if( 0 != ilen ) { - copy_len = ilen % mbedtls_cipher_get_block_size( ctx ); + if( 0 == block_size ) + { + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + } + + copy_len = ilen % block_size; if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) - copy_len = mbedtls_cipher_get_block_size( ctx ); + copy_len = block_size; memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len ); diff --git a/library/ecp.c b/library/ecp.c index 19bb4882e..f51f2251e 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1827,7 +1827,9 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, /* [M225] page 5 */ size_t b; - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); + } while( mbedtls_mpi_bitlen( d ) == 0); /* Make sure the most significant bit is nbits */ b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */ diff --git a/library/error.c b/library/error.c index 4718b514d..4bd15bfee 100644 --- a/library/error.c +++ b/library/error.c @@ -183,6 +183,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); + if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) ) + mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" ); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) diff --git a/library/x509_crt.c b/library/x509_crt.c index c3adf7c86..af6c2a4a5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -970,7 +970,9 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { int success = 0, first_error = 0, total_failed = 0; +#if defined(MBEDTLS_PEM_PARSE_C) int buf_format = MBEDTLS_X509_FORMAT_DER; +#endif /* * Check for valid input @@ -988,10 +990,12 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s { buf_format = MBEDTLS_X509_FORMAT_PEM; } -#endif if( buf_format == MBEDTLS_X509_FORMAT_DER ) return mbedtls_x509_crt_parse_der( chain, buf, buflen ); +#else + return mbedtls_x509_crt_parse_der( chain, buf, buflen ); +#endif #if defined(MBEDTLS_PEM_PARSE_C) if( buf_format == MBEDTLS_X509_FORMAT_PEM ) @@ -1064,7 +1068,6 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s success = 1; } } -#endif /* MBEDTLS_PEM_PARSE_C */ if( success ) return( total_failed ); @@ -1072,6 +1075,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s return( first_error ); else return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); +#endif /* MBEDTLS_PEM_PARSE_C */ } #if defined(MBEDTLS_FS_IO) @@ -1353,6 +1357,14 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, p = buf; n = size; + if( NULL == crt ) + { + ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); + MBEDTLS_X509_SAFE_SNPRINTF; + + return( (int) ( size - n ) ); + } + ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", prefix, crt->version ); MBEDTLS_X509_SAFE_SNPRINTF; diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 230bf4d7c..8ebf34a77 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -125,6 +125,7 @@ int main( void ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index d30c73bf7..072fe138f 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -172,6 +172,7 @@ int main( int argc, char **argv ) ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); + fclose( fout ); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index cb156f79b..7eef845df 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -132,6 +132,7 @@ int main( void ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } @@ -157,6 +158,7 @@ int main( void ) mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 ) { mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 322e8aff0..daf08a905 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -142,6 +142,7 @@ int main( int argc, char *argv[] ) if( fwrite( buf, 1, olen, f ) != olen ) { mbedtls_printf( "failed\n ! fwrite failed\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 94431e0ce..194f2de40 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -116,6 +116,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 796343f1b..d3e415a2b 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -110,6 +110,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index e897c6519..da723412b 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -98,6 +98,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index c045a04c1..7b6f14dd8 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -153,6 +153,7 @@ int main( int argc, char *argv[] ) if( fwrite( buf, 1, olen, f ) != olen ) { mbedtls_printf( "failed\n ! fwrite failed\n\n" ); + fclose( f ); goto exit; } diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index ade36dc83..8bc51d85e 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -89,6 +89,7 @@ int main( int argc, char *argv[] ) ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); goto exit; } diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 6ca07bba2..7698b629f 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -397,6 +397,7 @@ int main( int argc, char *argv[] ) if( suites_failed > 0) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); - mbedtls_exit( MBEDTLS_EXIT_SUCCESS ); + /* return() is here to prevent compiler warnings */ + return( 0 ); } From 7ccac85fbc621d5533af7462d1ae379a36a5cd36 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 6 Jun 2016 13:18:39 +0100 Subject: [PATCH 353/399] Make basic-build-test.sh clean up after itself. --- tests/scripts/basic-build-test.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 010c0c67f..9fab39637 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -36,10 +36,13 @@ if [ -d library -a -d include -a -d tests ]; then :; else exit 1 fi +CONFIG_H='include/mbedtls/config.h' +CONFIG_BAK="$CONFIG_H.bak" # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' make clean +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE make -j @@ -204,3 +207,9 @@ rm compat-test-$TEST_OUTPUT rm cov-$TEST_OUTPUT cd .. + +make clean + +if [ -f "$CONFIG_BAK" ]; then + mv "$CONFIG_BAK" "$CONFIG_H" +fi From 352dbe233490c00fc3eabc300ebfea48ee1d0d67 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 7 Jun 2016 10:29:05 +0100 Subject: [PATCH 354/399] Make error messages in crypt_and_hash better. --- programs/aes/crypt_and_hash.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 4af39a542..a14d20c10 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -187,7 +187,7 @@ int main( int argc, char *argv[] ) if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 ) { - mbedtls_fprintf( stderr, "mbedtls_md_setup unsuccessful: This shouldn't happen.\n" ); + mbedtls_fprintf( stderr, "mbedtls_md_setup failed\n" ); goto exit; } @@ -404,12 +404,9 @@ int main( int argc, char *argv[] ) goto exit; } - /* - * Make coverity happy. - */ if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 ) { - mbedtls_fprintf( stderr, "mbedtls_cipher_get_block_size returned with 0. This shouldn't happen.\n" ); + mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" ); goto exit; } From b1007af2ef67eaa7f2974978bb8b565f20514b8c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 6 Jun 2016 20:15:33 +0100 Subject: [PATCH 355/399] Revert accidental changes to file mode of rsa.c From 8795c4d5d5c43c94c3ec816179cd34b3fe8f0e32 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 6 Jun 2016 20:15:33 +0100 Subject: [PATCH 356/399] Revert accidental changes to file mode of rsa.c From c4205ae7f07e14bda8bdac59562ba23baa617f62 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 8 Jun 2016 19:00:23 +0100 Subject: [PATCH 357/399] Removes target_config.h file from default and thread configs target_config.h is no longer needed for target/platform configurations so this change removes it from the default and platform configurations for mbed builds. --- configs/config-thread.h | 4 ---- include/mbedtls/config.h | 6 +----- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index 453b17f0a..3193a0404 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -85,10 +85,6 @@ /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif - #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 86d8aa4bd..8b6de1bec 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2547,11 +2547,7 @@ /* X509 options */ //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ -/* \} name SECTION: Module configuration options */ - -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif +/* \} name SECTION: Customisation configuration options */ /* * Allow user to override any previous default. From f93b8bc2e0f1c60df99f0fbfc91cd7fc9fab1aa3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 9 Jun 2016 13:54:15 +0100 Subject: [PATCH 358/399] Add requirements for the entropy safety switch in documentation. --- include/mbedtls/config.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c42b88d74..f800f1346 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -286,6 +286,8 @@ * example the MBEDTLS_ENTROPY_HARDWARE_ALT or the MBEDTLS_ENTROPY_NV_SEED * switch). * + * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + * * WARNING! This switch is extremely DANGEROUS, don't use it in production code * under any circumstances. This switch nullifies any security provided by the * library. From 51bcd9355bac3c12f4e0855662d83a973215245e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 9 Jun 2016 13:55:37 +0100 Subject: [PATCH 359/399] Update version features. --- library/version_features.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index b852ca81a..a1c1507e5 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -156,6 +156,12 @@ static const char *features[] = { #if defined(MBEDTLS_AES_DECRYPT_ALT) "MBEDTLS_AES_DECRYPT_ALT", #endif /* MBEDTLS_AES_DECRYPT_ALT */ +#if defined(MBEDTLS_TEST_WO_ENTROPY) + "MBEDTLS_TEST_WO_ENTROPY", +#endif /* MBEDTLS_TEST_WO_ENTROPY */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) + "MBEDTLS_ENTROPY_NV_SEED", +#endif /* MBEDTLS_ENTROPY_NV_SEED */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) "MBEDTLS_ENTROPY_HARDWARE_ALT", #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ From 06c54000f36cf9a5a760fe5fa3458a2697725467 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 9 Jun 2016 13:57:40 +0100 Subject: [PATCH 360/399] Add test for the entropy safety switch feature. --- tests/scripts/all.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5ecf868b3..9f4881b46 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -265,6 +265,22 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib +msg "build: full config with MBEDTLS_TEST_WO_ENTROPY (ASan build)" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_TEST_WO_ENTROPY +scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +scripts/config.pl set MBEDTLS_ENTROPY_C +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT +scripts/config.pl unset MBEDTLS_HAVEGE_C +CC=gcc cmake -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . +make + +msg "test: MBEDTLS_TEST_WO_ENTROPY - main suites and selftest (ASan build)" +make test +programs/test/selftest + if uname -a | grep -F Linux >/dev/null; then msg "build/test: make shared" # ~ 40s cleanup From d2e7ff746df0a868eb2f0d665536167864382024 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 9 Jun 2016 14:12:02 +0100 Subject: [PATCH 361/399] Fix test message for entropy safety switch. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9f4881b46..b9ba6c5af 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -265,7 +265,7 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib -msg "build: full config with MBEDTLS_TEST_WO_ENTROPY (ASan build)" +msg "build: default config with MBEDTLS_TEST_WO_ENTROPY (ASan build)" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TEST_WO_ENTROPY From cf0a9f96c520f84a4299f68213dc0dbe06a273d0 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 11:25:44 +0100 Subject: [PATCH 362/399] Introduce platform-layer functions for reading/writing seed from NV Introduces mbedtls_nv_seed_read() and mbedtls_nv_seed_write(). The platform-layer functions are only available when MBEDTLS_ENTROPY_NV_SEED is enabled. --- include/mbedtls/check_config.h | 34 ++++++++++++- include/mbedtls/config.h | 25 ++++++++++ include/mbedtls/platform.h | 53 +++++++++++++++++++- library/platform.c | 89 +++++++++++++++++++++++++++++++++- 4 files changed, 198 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 407cd571a..63f93ec16 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -3,7 +3,7 @@ * * \brief Consistency checks for configuration options * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -368,6 +368,38 @@ #error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites" #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\ + ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) ) +#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\ + !defined(MBEDTLS_ENTROPY_NV_SEED) +#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\ + !defined(MBEDTLS_PLATFORM_NV_SEED_ALT) +#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\ + !defined(MBEDTLS_PLATFORM_NV_SEED_ALT) +#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\ + ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\ + defined(MBEDTLS_PLATFORM_NV_SEED_ALT) ) +#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously" +#endif + +#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\ + ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\ + defined(MBEDTLS_PLATFORM_NV_SEED_ALT) ) +#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f800f1346..3e12f43dd 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -156,6 +156,7 @@ //#define MBEDTLS_PLATFORM_FPRINTF_ALT //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT +//#define MBEDTLS_PLATFORM_NV_SEED_ALT /** * \def MBEDTLS_DEPRECATED_WARNING @@ -824,6 +825,25 @@ */ //#define MBEDTLS_ENTROPY_FORCE_SHA256 +/** + * \def MBEDTLS_ENTROPY_NV_SEED + * + * Enable the non-volatile (NV) seed file-based entropy source. + * (Also enables the NV seed read/write functions in the platform layer) + * + * This is crucial (if not required) on systems that do not have a + * cryptographic entropy source (in hardware or kernel) available. + * + * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C + * + * Note: If you use the default implementation functions that read a seedfile + * with regular fopen(), please make sure you make a seedfile with the + * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at + * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from + * and written to or you will get an entropy source error! + */ +//#define MBEDTLS_ENTROPY_NV_SEED + /** * \def MBEDTLS_MEMORY_DEBUG * @@ -2498,6 +2518,9 @@ //#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ /* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ @@ -2510,6 +2533,8 @@ //#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ /* Note: your snprintf must correclty zero-terminate the buffer! */ //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 039cb587a..10137d781 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -3,7 +3,7 @@ * * \brief mbed TLS Platform abstraction layer * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -76,12 +76,22 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) #define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */ #endif +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) +#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read +#endif +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) +#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write +#endif +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE) +#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" +#endif #else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) #include MBEDTLS_PLATFORM_STD_MEM_HDR #endif #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ + /* \} name SECTION: Module settings */ /* @@ -262,6 +272,47 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time #endif /* MBEDTLS_PLATFORM_TIME_MACRO */ #endif /* MBEDTLS_PLATFORM_TIME_ALT */ +/* + * The function pointers for reading from and writing a seed file to + * Non-Volatile storage (NV) in a platform-independent way + * + * Only enabled when the NV seed entropy source is enabled + */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) +#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) +/* Internal standard platform definitions */ +int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ); +int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ); +#endif + +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) +extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ); +extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ); + +/** + * \brief Set your own seed file writing/reading functions + * + * \param nv_seed_read_func the seed reading function implementation + * \param nv_seed_write_func the seed writing function implementation + * + * \return 0 + */ +int mbedtls_platform_set_nv_seed( + int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), + int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) + ); +#else +#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \ + defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) +#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO +#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO +#else +#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read +#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write +#endif +#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 89a2bd65d..68ca45d10 100644 --- a/library/platform.c +++ b/library/platform.c @@ -1,7 +1,7 @@ /* * Platform abstraction layer * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -213,4 +213,91 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time } #endif /* MBEDTLS_PLATFORM_TIME_ALT */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) +#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) +/* Default implementations for the platform independent seed functions use + * standard libc file functions to read from and write to a pre-defined filename + */ +int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) +{ + FILE *file; + size_t n; + + if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL ) + return -1; + + if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) + { + fclose( file ); + return -1; + } + + fclose( file ); + return( n ); +} + +int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) +{ + FILE *file; + size_t n; + + if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL ) + return -1; + + if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len ) + { + fclose( file ); + return -1; + } + + fclose( file ); + return( n ); +} +#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ + +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) +/* + * Make dummy function to prevent NULL pointer dereferences + */ +static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len ) +{ + ((void) buf); + ((void) buf_len); + return( -1 ); +} + +#define MBEDTLS_PLATFORM_STD_NV_SEED_READ platform_nv_seed_read_uninit +#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_READ */ + +#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) +/* + * Make dummy function to prevent NULL pointer dereferences + */ +static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len ) +{ + ((void) buf); + ((void) buf_len); + return( -1 ); +} + +#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE platform_nv_seed_write_uninit +#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */ + +int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) = + MBEDTLS_PLATFORM_STD_NV_SEED_READ; +int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) = + MBEDTLS_PLATFORM_STD_NV_SEED_WRITE; + +int mbedtls_platform_set_nv_seed( + int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), + int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) ) +{ + mbedtls_nv_seed_read = nv_seed_read_func; + mbedtls_nv_seed_write = nv_seed_write_func; + return( 0 ); +} +#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #endif /* MBEDTLS_PLATFORM_C */ From 9988d6bbd98c538f3f5d9fcb70e7b6a0ab1e7298 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 11:29:42 +0100 Subject: [PATCH 363/399] Introduce mbedtls_nv_seed_poll() entropy polling function --- include/mbedtls/entropy_poll.h | 12 +++++++++++- library/entropy.c | 7 ++++++- library/entropy_poll.c | 28 +++++++++++++++++++++++++++- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index 3fcfef269..a2acc1aff 100644 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -3,7 +3,7 @@ * * \brief Platform-specific and custom entropy polling functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -90,6 +90,16 @@ int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen ); #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) +/** + * \brief Entropy poll callback for a non-volatile seed file + * + * \note This must accept NULL as its first argument. + */ +int mbedtls_nv_seed_poll( void *data, + unsigned char *output, size_t len, size_t *olen ); +#endif + #ifdef __cplusplus } #endif diff --git a/library/entropy.c b/library/entropy.c index 381f73094..d42ca159b 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -1,7 +1,7 @@ /* * Entropy accumulator implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -99,6 +99,11 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) MBEDTLS_ENTROPY_MIN_HARDWARE, MBEDTLS_ENTROPY_SOURCE_STRONG ); #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) + mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL, + MBEDTLS_ENTROPY_BLOCK_SIZE, + MBEDTLS_ENTROPY_SOURCE_STRONG ); +#endif #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ } diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 79efb87e9..1ddbdc7af 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -1,7 +1,7 @@ /* * Platform-specific and custom entropy polling functions * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -37,6 +37,9 @@ #if defined(MBEDTLS_HAVEGE_C) #include "mbedtls/havege.h" #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) +#include "mbedtls/platform.h" +#endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) @@ -238,4 +241,27 @@ int mbedtls_havege_poll( void *data, } #endif /* MBEDTLS_HAVEGE_C */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) +int mbedtls_nv_seed_poll( void *data, + unsigned char *output, size_t len, size_t *olen ) +{ + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; + ((void) data); + + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + + if( len < use_len ) + use_len = len; + + memcpy( output, buf, use_len ); + *olen = use_len; + + return( 0 ); +} +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #endif /* MBEDTLS_ENTROPY_C */ From d5c9f6d2265d019010dbee9763897160f706f462 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 11:30:54 +0100 Subject: [PATCH 364/399] Automatically update NV seed on initial entropy run Update the NV entropy seed before generating any entropy for outside use. The reason this is triggered here and not in mbedtls_entropy_init(), is that not all entropy sources mights have been added at that time. --- include/mbedtls/entropy.h | 14 +++++++++++++- library/entropy.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 00de9a6e5..c9bd9613d 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -3,7 +3,7 @@ * * \brief Entropy accumulator implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -208,6 +208,18 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ); int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, const unsigned char *data, size_t len ); +#if defined(MBEDTLS_ENTROPY_NV_SEED) +/** + * \brief Trigger an update of the seed file in NV by using the + * current entropy pool. + * + * \param ctx Entropy context + * + * \return 0 if successful + */ +int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ); +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #if defined(MBEDTLS_FS_IO) /** * \brief Write a seed file diff --git a/library/entropy.c b/library/entropy.c index d42ca159b..d8c5c5104 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -54,6 +54,10 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +#if defined(MBEDTLS_ENTROPY_NV_SEED) +static int initial_entropy_run = 0; +#endif + #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) @@ -282,6 +286,18 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) if( len > MBEDTLS_ENTROPY_BLOCK_SIZE ) return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); +#if defined(MBEDTLS_ENTROPY_NV_SEED) + /* Update the NV entropy seed before generating any entropy for outside + * use. + */ + if( initial_entropy_run == 0 ) + { + initial_entropy_run = 1; + if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 ) + return( ret ); + } +#endif + #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) return( ret ); @@ -356,6 +372,27 @@ exit: return( ret ); } +#if defined(MBEDTLS_ENTROPY_NV_SEED) +int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) +{ + int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; + unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ]; + + /* Read new seed and write it to NV */ + if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + return( ret ); + + if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) + return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); + + /* Manually update the remaining stream with a separator value to diverge */ + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + return( 0 ); +} +#endif /* MBEDTLS_ENTROPY_NV_SEED */ + #if defined(MBEDTLS_FS_IO) int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ) { From 66fdf34e81aeb3cad5b47491c62ca71b1e1bd0c7 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 11:44:12 +0100 Subject: [PATCH 365/399] Add MBEDTLS_FS_IO guard on default NV seed defines in platform.h The default implementation won't work without MBEDTLS_FS_IO, so leave undefined otherwise. --- include/mbedtls/platform.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 10137d781..5fa01b5b3 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -76,6 +76,7 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) #define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */ #endif +#if defined(MBEDTLS_FS_IO) #if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) #define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read #endif @@ -85,6 +86,7 @@ extern "C" { #if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE) #define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" #endif +#endif /* MBEDTLS_FS_IO */ #else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ #if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) #include MBEDTLS_PLATFORM_STD_MEM_HDR From fc9c7c8bf4463bd7f55224af3158b0afa009365c Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 15:25:50 +0100 Subject: [PATCH 366/399] Initial entropy run should be context specific Otherwise test influence each other. Is a change to the context but only if the NV seed feature is enabled --- include/mbedtls/entropy.h | 3 +++ library/entropy.c | 8 ++------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index c9bd9613d..fed0494ed 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -134,6 +134,9 @@ typedef struct #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; /*!< mutex */ #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) + int initial_entropy_run; +#endif } mbedtls_entropy_context; diff --git a/library/entropy.c b/library/entropy.c index d8c5c5104..1a7b9ab25 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -54,10 +54,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } -#if defined(MBEDTLS_ENTROPY_NV_SEED) -static int initial_entropy_run = 0; -#endif - #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) @@ -290,9 +286,9 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) /* Update the NV entropy seed before generating any entropy for outside * use. */ - if( initial_entropy_run == 0 ) + if( ctx->initial_entropy_run == 0 ) { - initial_entropy_run = 1; + ctx->initial_entropy_run = 1; if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 ) return( ret ); } From 1779026037a2416ea1a980e6febff79a9f03a081 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 15:36:18 +0100 Subject: [PATCH 367/399] Add test cases for NV seed functionality A standard 'test' that writes a seed file is added so that regular tests still can succeed. This is in lieu of a 'SUITE_PRE_CODE' kind of arrangement where a suite can run code before (and after) all other code runs. A test is added that checks if we can read and write the standard NV seed file A test is added that actually checks if the entropy and seed file values that are the result of just using the NV seed are the same as the manual calculation. --- tests/suites/test_suite_entropy.data | 15 ++ tests/suites/test_suite_entropy.function | 203 +++++++++++++++++++++++ 2 files changed, 218 insertions(+) diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 833eef565..5ca99f85c 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -1,3 +1,6 @@ +Create NV seed_file +nv_seed_file_create: + Entropy write/update seed file entropy_seed_file:"data_files/entropy_seed":0 @@ -37,5 +40,17 @@ entropy_threshold:16:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED Entropy thershold #4 entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED +Check NV seed standard IO +entropy_nv_seed_std_io: + +Check NV seed manually #1 +entropy_nv_seed:"00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF" + +Check NV seed manually #2 +entropy_nv_seed:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + +Check NV seed manually #3 +entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + Entropy self test entropy_selftest: diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 3b739cce9..999b5f667 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/entropy.h" +#include "mbedtls/entropy_poll.h" /* * Number of calls made to entropy_dummy_source() @@ -33,6 +34,86 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } + +/* + * Ability to clear entropy sources to allow testing with just predefined + * entropy sources. This function or tests depending on it might break if there + * are internal changes to how entropy sources are registered. + * + * To be called immediately after mbedtls_entropy_init(). + * + * Just resetting the counter. New sources will overwrite existing ones. + * This might break memory checks in the future if sources need 'free-ing' then + * as well. + */ +static void entropy_clear_sources( mbedtls_entropy_context *ctx ) +{ + ctx->source_count = 0; +} + +/* + * NV seed read/write functions that use a buffer instead of a file + */ +static unsigned char buffer_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + +static int buffer_nv_seed_read( unsigned char *buf, size_t buf_len ) +{ + if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + memcpy( buf, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + return( 0 ); +} + +static int buffer_nv_seed_write( unsigned char *buf, size_t buf_len ) +{ + if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + memcpy( buffer_seed, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + return( 0 ); +} + +/* + * NV seed read/write helpers that fill the base seedfile + */ +static int write_nv_seed( unsigned char *buf, size_t buf_len ) +{ + FILE *f; + + if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + if( ( f = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL ) + return( -1 ); + + if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != + MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + fclose( f ); + + return( 0 ); +} + +static int read_nv_seed( unsigned char *buf, size_t buf_len ) +{ + FILE *f; + + if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + if( ( f = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL ) + return( -1 ); + + if( fread( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != + MBEDTLS_ENTROPY_BLOCK_SIZE ) + return( -1 ); + + fclose( f ); + + return( 0 ); +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -160,6 +241,10 @@ void entropy_threshold( int threshold, int chunk_size, int result ) if( result >= 0 ) { TEST_ASSERT( ret == 0 ); +#if defined(MBEDTLS_ENTROPY_NV_SEED) + // Two times as much calls due to the NV seed update + result *= 2; +#endif TEST_ASSERT( entropy_dummy_calls == (size_t) result ); } else @@ -172,6 +257,124 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ +void nv_seed_file_create() +{ + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + TEST_ASSERT( write_nv_seed( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ +void entropy_nv_seed_std_io() +{ + unsigned char io_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + memset( io_seed, 1, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( check_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + mbedtls_platform_set_nv_seed( mbedtls_platform_std_nv_seed_read, + mbedtls_platform_std_nv_seed_write ); + + /* Check if platform NV read and write manipulate the same data */ + TEST_ASSERT( write_nv_seed( io_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + TEST_ASSERT( mbedtls_nv_seed_read( check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == + MBEDTLS_ENTROPY_BLOCK_SIZE ); + + TEST_ASSERT( memcmp( io_seed, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + + memset( check_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + /* Check if platform NV write and raw read manipulate the same data */ + TEST_ASSERT( mbedtls_nv_seed_write( io_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == + MBEDTLS_ENTROPY_BLOCK_SIZE ); + TEST_ASSERT( read_nv_seed( check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + + TEST_ASSERT( memcmp( io_seed, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_SHA512_C */ +void entropy_nv_seed( char *read_seed_str ) +{ + mbedtls_sha512_context accumulator; + mbedtls_entropy_context ctx; + + unsigned char header[2]; + unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char empty[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char read_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; + unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + memset( entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( buffer_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + // Set the initial NV seed to read + unhexify( read_seed, read_seed_str ); + memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + // Make sure we read/write NV seed from our buffers + mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write ); + + mbedtls_entropy_init( &ctx ); + entropy_clear_sources( &ctx ); + + TEST_ASSERT( mbedtls_entropy_add_source( &ctx, mbedtls_nv_seed_poll, NULL, + MBEDTLS_ENTROPY_BLOCK_SIZE, + MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 ); + + // Do an entropy run + TEST_ASSERT( mbedtls_entropy_func( &ctx, entropy, sizeof( entropy ) ) == 0 ); + + // Determine what should have happened with manual entropy internal logic + // Only use the SHA-512 version to check + + // Init accumulator + header[1] = MBEDTLS_ENTROPY_BLOCK_SIZE; + mbedtls_sha512_starts( &accumulator, 0 ); + + // First run for updating write_seed + header[0] = 0; + mbedtls_sha512_update( &accumulator, header, 2 ); + mbedtls_sha512_update( &accumulator, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + mbedtls_sha512_finish( &accumulator, buf ); + + memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) ); + mbedtls_sha512_starts( &accumulator, 0 ); + mbedtls_sha512_update( &accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_seed, 0 ); + + // Second run for actual entropy (triggers mbedtls_entropy_update_nv_seed) + header[0] = MBEDTLS_ENTROPY_SOURCE_MANUAL; + mbedtls_sha512_update( &accumulator, header, 2 ); + mbedtls_sha512_update( &accumulator, empty, MBEDTLS_ENTROPY_BLOCK_SIZE ); + + header[0] = 0; + mbedtls_sha512_update( &accumulator, header, 2 ); + mbedtls_sha512_update( &accumulator, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ); + mbedtls_sha512_finish( &accumulator, buf ); + + mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_entropy, 0 ); + + // Check result of both NV file and entropy received with the manual calculations + TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 ); + + mbedtls_entropy_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void entropy_selftest( ) { From bddf9ab8ff44361754991f3ff58a7eaa0c4c83fb Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 15:58:12 +0100 Subject: [PATCH 368/399] Update features file --- library/version_features.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index a1c1507e5..a00ae27d2 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -66,6 +66,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) "MBEDTLS_PLATFORM_SNPRINTF_ALT", #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) + "MBEDTLS_PLATFORM_NV_SEED_ALT", +#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ @@ -297,6 +300,9 @@ static const char *features[] = { #if defined(MBEDTLS_ENTROPY_FORCE_SHA256) "MBEDTLS_ENTROPY_FORCE_SHA256", #endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */ +#if defined(MBEDTLS_ENTROPY_NV_SEED) + "MBEDTLS_ENTROPY_NV_SEED", +#endif /* MBEDTLS_ENTROPY_NV_SEED */ #if defined(MBEDTLS_MEMORY_DEBUG) "MBEDTLS_MEMORY_DEBUG", #endif /* MBEDTLS_MEMORY_DEBUG */ From b3dc82284682d4de342114b52dff07b7a51a3d48 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 16:34:25 +0100 Subject: [PATCH 369/399] Properly gate NV_SEED additions in test suite --- tests/suites/test_suite_entropy.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 999b5f667..82f83325d 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -35,6 +35,7 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } +#if defined(MBEDTLS_ENTROPY_NV_SEED) /* * Ability to clear entropy sources to allow testing with just predefined * entropy sources. This function or tests depending on it might break if there @@ -114,6 +115,7 @@ static int read_nv_seed( unsigned char *buf, size_t buf_len ) return( 0 ); } +#endif /* MBEDTLS_ENTROPY_NV_SEED */ /* END_HEADER */ /* BEGIN_DEPENDENCIES From 5a0392a5c0a25cd0e8d020dfcfa02e8f6b795b57 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 1 Jun 2016 16:57:11 +0100 Subject: [PATCH 370/399] Fix dependency guard for test --- tests/suites/test_suite_entropy.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 82f83325d..cb83a8fe4 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -270,7 +270,7 @@ void nv_seed_file_create() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO:MBEDTLS_PLATFORM_NV_SEED_ALT */ void entropy_nv_seed_std_io() { unsigned char io_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; From 71a597a2baac4b16fd87f707a01ce3c709fb7fbf Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 7 Jun 2016 10:59:03 +0100 Subject: [PATCH 371/399] Update documentation for MBEDTLS_ENTROPY_NV_SEED --- include/mbedtls/config.h | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3e12f43dd..b1f2451ee 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -836,11 +836,20 @@ * * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C * - * Note: If you use the default implementation functions that read a seedfile + * \note The read/write functions that are used by the entropy source are + * determined in the platform layer, and can be modified at runtime and/or + * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. + * + * \note If you use the default implementation functions that read a seedfile * with regular fopen(), please make sure you make a seedfile with the * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from - * and written to or you will get an entropy source error! + * and written to or you will get an entropy source error! The default + * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE + * bytes from the file. + * + * \note The entropy collector will write to the seed file before entropy is + * given to an external source, to update it. */ //#define MBEDTLS_ENTROPY_NV_SEED From bd43f6c0096a681ec0c73403f4ed128829c6f0c1 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 7 Jun 2016 11:06:09 +0100 Subject: [PATCH 372/399] Fix dependency on MBEDTLS_ENTROPY_SHA512_ACCUMULATOR in test suite --- tests/suites/test_suite_entropy.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index cb83a8fe4..d1ef94b6e 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -300,7 +300,7 @@ void entropy_nv_seed_std_io() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_SHA512_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ void entropy_nv_seed( char *read_seed_str ) { mbedtls_sha512_context accumulator; From 30b5f978eb3a294e18c65876df61e86d74200107 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 8 Jun 2016 19:00:23 +0100 Subject: [PATCH 373/399] Removes target_config.h file from default and thread configs target_config.h is no longer needed for target/platform configurations so this change removes it from the default and platform configurations for mbed builds. --- configs/config-thread.h | 4 ---- include/mbedtls/config.h | 6 +----- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index 453b17f0a..3193a0404 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -85,10 +85,6 @@ /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif - #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b1f2451ee..ab351fb6d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2572,11 +2572,7 @@ /* X509 options */ //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ -/* \} name SECTION: Module configuration options */ - -#if defined(TARGET_LIKE_MBED) -#include "mbedtls/target_config.h" -#endif +/* \} name SECTION: Customisation configuration options */ /* * Allow user to override any previous default. From 72ff973d2296554587f6fc367d8d2a5daf07ed1f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 6 Jun 2016 20:15:33 +0100 Subject: [PATCH 374/399] Revert accidental changes to file mode of rsa.c From ab5df40054e95181d08cf008c79a26533e7bcb6c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 11 Jun 2016 02:31:21 +0100 Subject: [PATCH 375/399] Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY Following review and for clarity, changed the name of the feature to 'null entropy'. --- include/mbedtls/check_config.h | 15 +++++++-------- include/mbedtls/config.h | 28 ++++++++++------------------ include/mbedtls/entropy_poll.h | 2 +- library/entropy.c | 8 +++++++- library/entropy_poll.c | 3 ++- library/version_features.c | 6 +++--- scripts/config.pl | 4 ++-- tests/scripts/all.sh | 6 +++--- 8 files changed, 35 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 63f93ec16..a95af6ca4 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -130,15 +130,14 @@ #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif -#if defined(MBEDTLS_TEST_WO_ENTROPY) -#warning "MBEDTLS_TEST_WO_ENTROPY defined, this build provides no security!" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) -#error "MBEDTLS_TEST_WO_ENTROPY defined, but not all prerequisites" -#endif -#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ - defined(MBEDTLS_HAVEGE_C) -#error "MBEDTLS_TEST_WO_ENTROPY defined, but entropy sources too" +#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \ + ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) ) +#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites" #endif +#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \ + ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + defined(MBEDTLS_HAVEGE_C) ) +#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too" #endif #if defined(MBEDTLS_GCM_C) && ( \ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ab351fb6d..1aa86bf1b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -280,29 +280,21 @@ //#define MBEDTLS_AES_DECRYPT_ALT /** - * \def MBEDTLS_TEST_WO_ENTROPY + * \def MBEDTLS_TEST_NULL_ENTROPY * - * Enable testing mbed TLS without access to any entropy. This enables testing - * the library before the platforms entropy sources are integrated (, see for - * example the MBEDTLS_ENTROPY_HARDWARE_ALT or the MBEDTLS_ENTROPY_NV_SEED - * switch). + * Enables testing and use of mbed TLS without any configured entropy sources. + * This permits use of the library on platforms before an entropy source has + * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the + * MBEDTLS_ENTROPY_NV_SEED switches). + * + * WARNING! This switch MUST be disabled in production builds, and is suitable + * only for development. + * Enabling the switch negates any security provided by the library. * * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES * - * WARNING! This switch is extremely DANGEROUS, don't use it in production code - * under any circumstances. This switch nullifies any security provided by the - * library. */ -//#define MBEDTLS_TEST_WO_ENTROPY - - -/** - * \def MBEDTLS_ENTROPY_NV_SEED - * - * Strong software entropy source. It is not yet implemented, - * adding it because it is mutually exclusive with MBEDTLS_TEST_WO_ENTROPY. - */ -//#define MBEDTLS_ENTROPY_NV_SEED +//#define MBEDTLS_TEST_NULL_ENTROPY /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index a2acc1aff..d7aa88c5b 100644 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -46,7 +46,7 @@ extern "C" { /** * \brief Entropy poll callback that provides 0 entropy. */ -#if defined(MBEDTLS_TEST_WO_ENTROPY) +#if defined(MBEDTLS_TEST_NULL_ENTROPY) int mbedtls_zero_entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen ); #endif diff --git a/library/entropy.c b/library/entropy.c index 1a7b9ab25..49710de90 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -27,6 +27,12 @@ #if defined(MBEDTLS_ENTROPY_C) +#if defined(MBEDTLS_TEST_NULL_ENTROPY) +#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****" +#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****" +#warning "**** NOT SUITABLE FOR PRODUCTION ****" +#endif + #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" @@ -73,7 +79,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_havege_init( &ctx->havege_data ); #endif -#if defined(MBEDTLS_TEST_WO_ENTROPY) +#if defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_zero_entropy_poll, NULL, 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); #endif diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 1ddbdc7af..ed80babe1 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -191,11 +191,12 @@ int mbedtls_platform_entropy_poll( void *data, #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ -#if defined(MBEDTLS_TEST_WO_ENTROPY) +#if defined(MBEDTLS_TEST_NULL_ENTROPY) int mbedtls_zero_entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen ) { ((void) data); + ((void) output); *olen = 0; if( len < sizeof(unsigned char) ) diff --git a/library/version_features.c b/library/version_features.c index a00ae27d2..37b30a951 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -159,9 +159,9 @@ static const char *features[] = { #if defined(MBEDTLS_AES_DECRYPT_ALT) "MBEDTLS_AES_DECRYPT_ALT", #endif /* MBEDTLS_AES_DECRYPT_ALT */ -#if defined(MBEDTLS_TEST_WO_ENTROPY) - "MBEDTLS_TEST_WO_ENTROPY", -#endif /* MBEDTLS_TEST_WO_ENTROPY */ +#if defined(MBEDTLS_TEST_NULL_ENTROPY) + "MBEDTLS_TEST_NULL_ENTROPY", +#endif /* MBEDTLS_TEST_NULL_ENTROPY */ #if defined(MBEDTLS_ENTROPY_NV_SEED) "MBEDTLS_ENTROPY_NV_SEED", #endif /* MBEDTLS_ENTROPY_NV_SEED */ diff --git a/scripts/config.pl b/scripts/config.pl index ea7782108..84ec38ed7 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -18,7 +18,7 @@ # # Things that shouldn't be enabled with "full". # -# MBEDTLS_TEST_WO_ENTROPY +# MBEDTLS_TEST_NULL_ENTROPY # MBEDTLS_DEPRECATED_REMOVED # MBEDTLS_HAVE_SSE2 # MBEDTLS_PLATFORM_NO_STD_FUNCTIONS @@ -70,7 +70,7 @@ Options EOU my @excluded = qw( -MBEDTLS_TEST_WO_ENTROPY +MBEDTLS_TEST_NULL_ENTROPY MBEDTLS_DEPRECATED_REMOVED MBEDTLS_HAVE_SSE2 MBEDTLS_PLATFORM_NO_STD_FUNCTIONS diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b9ba6c5af..209c106c1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -265,10 +265,10 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib -msg "build: default config with MBEDTLS_TEST_WO_ENTROPY (ASan build)" +msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" cleanup cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_TEST_WO_ENTROPY +scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.pl set MBEDTLS_ENTROPY_C scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED @@ -277,7 +277,7 @@ scripts/config.pl unset MBEDTLS_HAVEGE_C CC=gcc cmake -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . make -msg "test: MBEDTLS_TEST_WO_ENTROPY - main suites and selftest (ASan build)" +msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites and selftest (ASan build)" make test programs/test/selftest From 4157b6004d9f1de98a1c2fb71ec57ef073f13dd8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 12 Jun 2016 00:31:33 +0100 Subject: [PATCH 376/399] Renames null entropy source function for clarity --- include/mbedtls/entropy_poll.h | 2 +- library/entropy.c | 2 +- library/entropy_poll.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h index d7aa88c5b..430e8651c 100644 --- a/include/mbedtls/entropy_poll.h +++ b/include/mbedtls/entropy_poll.h @@ -47,7 +47,7 @@ extern "C" { * \brief Entropy poll callback that provides 0 entropy. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) - int mbedtls_zero_entropy_poll( void *data, + int mbedtls_null_entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen ); #endif diff --git a/library/entropy.c b/library/entropy.c index 49710de90..282640f2d 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -80,7 +80,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) #endif #if defined(MBEDTLS_TEST_NULL_ENTROPY) - mbedtls_entropy_add_source( ctx, mbedtls_zero_entropy_poll, NULL, + mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); #endif diff --git a/library/entropy_poll.c b/library/entropy_poll.c index ed80babe1..a116e605d 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -192,7 +192,7 @@ int mbedtls_platform_entropy_poll( void *data, #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) -int mbedtls_zero_entropy_poll( void *data, +int mbedtls_null_entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen ) { ((void) data); From 124646e4b55fff9836d141215acfe5e9fc305bc0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 12 Jun 2016 11:56:03 +0100 Subject: [PATCH 377/399] Updates version feature list for NV Seed --- library/version_features.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/version_features.c b/library/version_features.c index 37b30a951..5d20ba019 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -162,9 +162,6 @@ static const char *features[] = { #if defined(MBEDTLS_TEST_NULL_ENTROPY) "MBEDTLS_TEST_NULL_ENTROPY", #endif /* MBEDTLS_TEST_NULL_ENTROPY */ -#if defined(MBEDTLS_ENTROPY_NV_SEED) - "MBEDTLS_ENTROPY_NV_SEED", -#endif /* MBEDTLS_ENTROPY_NV_SEED */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) "MBEDTLS_ENTROPY_HARDWARE_ALT", #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ From d96e52609337454ce6aae3df4eb8025f5c268229 Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Fri, 17 Jun 2016 14:40:41 +0000 Subject: [PATCH 378/399] ssl.h: tidy up the documentation comments (#505) ssl.h: Tidy up and correct documentation errors. --- include/mbedtls/ssl.h | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 96643eb46..0c1365c5d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -232,7 +232,7 @@ * Signaling ciphersuite values (SCSV) */ #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ -#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */ +#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< RFC 7507 section 2 */ /* * Supported Signature and Hash algorithms (For TLS 1.2) @@ -466,7 +466,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * \param buf Buffer to write the received data to * \param len Length of the receive buffer * \param timeout Maximum nomber of millisecondes to wait for data - * 0 means no timeout (potentially wait forever) + * 0 means no timeout (potentially waiting forever) * * \return The callback must return the number of bytes received, * or a non-zero error code: @@ -514,9 +514,9 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx, * * \return This callback must return: * -1 if cancelled (fin_ms == 0), - * 0 if none of the delays is passed, - * 1 if only the intermediate delay is passed, - * 2 if the final delay is passed. + * 0 if none of the delays have passed, + * 1 if only the intermediate delay has passed, + * 2 if the final delay has passed. */ typedef int mbedtls_ssl_get_timer_t( void * ctx ); @@ -958,7 +958,7 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); * \note No copy of the configuration context is made, it can be * shared by many mbedtls_ssl_context structures. * - * \warning Modifying the conf structure after is has been used in this + * \warning Modifying the conf structure after it has been used in this * function is unsupported! * * \param ssl SSL context @@ -1024,6 +1024,7 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); * * MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, * handshake is aborted if verification failed. + * (default on client) * * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at @@ -1161,14 +1162,14 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, * \brief Callback type: generate and write session ticket * * \note This describes what a callback implementation should do. - * This callback should generate and encrypted and + * This callback should generate an encrypted and * authenticated ticket for the session and write it to the * output buffer. Here, ticket means the opaque ticket part * of the NewSessionTicket structure of RFC 5077. * * \param p_ticket Context for the callback - * \param session SSL session to bo written in the ticket - * \param start Start of the outpur buffer + * \param session SSL session to be written in the ticket + * \param start Start of the output buffer * \param end End of the output buffer * \param tlen On exit, holds the length written * \param lifetime On exit, holds the lifetime of the ticket in seconds @@ -1419,7 +1420,7 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi #if defined(MBEDTLS_SSL_PROTO_DTLS) /** - * \brief Set retransmit timeout values for the DTLS handshale. + * \brief Set retransmit timeout values for the DTLS handshake. * (DTLS only, no effect on TLS.) * * \param conf SSL configuration @@ -1517,7 +1518,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session /** * \brief Set the list of allowed ciphersuites and the preference * order. First in the list has the highest preference. - * (Overrides all version specific lists) + * (Overrides all version-specific lists) * * The ciphersuites array is not copied, and must remain * valid for the lifetime of the ssl_config. @@ -1897,8 +1898,8 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, * \param protos Pointer to a NULL-terminated list of supported protocols, * in decreasing preference order. The pointer to the list is * recorded by the library for later reference as required, so - * the lifetime of the table should be as long as the - * SSL configuration structure. + * the lifetime of the table must be atleast as long as the + * lifetime of the SSL configuration structure. * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ @@ -2012,7 +2013,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems * \brief Disable or enable support for RC4 * (Default: MBEDTLS_SSL_ARC4_DISABLED) * - * \warning Use of RC4 in DTLS/TLS has been prohibited by RFC-7465 + * \warning Use of RC4 in DTLS/TLS has been prohibited by RFC 7465 * for security reasons. Use at your own risk. * * \note This function is deprecated and will likely be removed in @@ -2094,7 +2095,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets * * \warning It is recommended to always disable renegotation unless you * know you need it and you know what you're doing. In the - * past, there has been several issues associated with + * past, there have been several issues associated with * renegotiation or a poor understanding of its properties. * * \note Server-side, enabling renegotiation also makes the server @@ -2334,8 +2335,8 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); * \brief Perform a single step of the SSL handshake * * \note The state of the context (ssl->state) will be at - * the following state after execution of this function. - * Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. + * the next state after execution of this function. Do not + * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. * * \note If this function returns something other than 0 or * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context @@ -2356,11 +2357,13 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); * \brief Initiate an SSL renegotiation on the running connection. * Client: perform the renegotiation right now. * Server: request renegotiation, which will be performed - * during the next call to mbedtls_ssl_read() if honored by client. + * during the next call to mbedtls_ssl_read() if honored by + * client. * * \param ssl SSL context * - * \return 0 if successful, or any mbedtls_ssl_handshake() return value. + * \return 0 if successful, or any mbedtls_ssl_handshake() return + * value. * * \note If this function returns something other than 0 or * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context From 4ae869139a23789f07545241f362a97f04229133 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 21 Jun 2016 10:09:25 +0100 Subject: [PATCH 379/399] Adds 'get' command to scripts/config.pl to retrieve config state Adds 'get' command to indicate if the option is enabled in the given configuration file, and to returns it's value if one has been set. --- scripts/config.pl | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 84ec38ed7..04a9a7452 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -7,12 +7,13 @@ # Purpose # # Comments and uncomments #define lines in the given header file and optionally -# sets their value. This is to provide scripting control of what preprocessor -# symbols, and therefore what build time configuration flags are set in the -# 'config.h' file. +# sets their value or can get the value. This is to provide scripting control of +# what preprocessor symbols, and therefore what build time configuration flags +# are set in the 'config.h' file. # # Usage: config.pl [-f | --file ] [-o | --force] -# [set | unset | full | realfull] +# [set | unset | get | +# full | realfull] # # Full usage description provided below. # @@ -43,18 +44,23 @@ use strict; my $config_file = "include/mbedtls/config.h"; my $usage = < | --file ] [-o | --force] - [set | unset | full | realfull] + [set | unset | get | + full | realfull] Commands - set [ to + set [] - Uncomments or adds a #define for the to the configuration file, and optionally making it of . If the symbol isn't present in the file an error is returned. - unset - Comments out any #define present in the - configuration file. + unset - Comments out the #define for the given symbol if + present in the configuration file. + get - Finds the #define for the given symbol, returning + an exitcode of 0 if the symbol is found, and -1 if + not. The value of the symbol is output if one is + specified in the configuration file. full - Uncomments all #define's in the configuration file - excluding some reserved symbols, until the + excluding some reserved symbols, until the 'Module configuration options' section realfull - Uncomments all #define's with no exclusions @@ -122,7 +128,7 @@ while ($arg = shift) { die $usage if @ARGV; } - elsif ($action eq "unset") { + elsif ($action eq "unset" || $action eq "get") { die $usage unless @ARGV; $name = shift; @@ -195,6 +201,11 @@ for my $line (@config_lines) { $line .= "\n"; $done = 1; } + } elsif (!$done && $action eq "get") { + if ($line =~ /^\s*#define\s*$name\s*(.*)\s*\b/) { + $value = $1; + $done = 1; + } } print $config_write $line; @@ -214,6 +225,15 @@ if ($action eq "set"&& $force_option && !$done) { close $config_write; +if ($action eq "get" && $done) { + if ($value ne '') { + print $value; + } + exit 0; +} else { + exit -1; +} + if ($action eq "full" && !$done) { die "Configuration section was not found in $config_file\n"; From 1ceab6e43ae01054ba1c0c7c031e89453ee1a0d6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 21 Jun 2016 10:14:00 +0100 Subject: [PATCH 380/399] Adds a check and warning for the null entropy option If the option MBEDTLS_TEST_NULL_ENTROPY is enabled, the cmake generated makefile will generate an error unless a UNSAFE_BUILD switch is also enabled. Equally, a similar warning will always be generated if the Makefile is built, and another warning is generated on every compilation of entropy.c. This is to ensure the user is aware of what they're doing when they enable the null entropy option. --- CMakeLists.txt | 30 ++++++++++++++++++++++++++++++ Makefile | 16 +++++++++++++++- library/entropy.c | 6 +++--- 3 files changed, 48 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 094d9069b..7ae33ccb6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,6 +6,7 @@ option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF) option(ENABLE_PROGRAMS "Build mbed TLS programs." ON) +option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) # the test suites currently have compile errors with MSVC if(MSVC) @@ -14,6 +15,35 @@ else() option(ENABLE_TESTING "Build mbed TLS tests." ON) endif() +find_package(Perl) +if(PERL_FOUND) + + # If NULL Entropy is configured, display an appropriate warning + execute_process(COMMAND ${PERL_EXECUTABLE} scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY + RESULT_VARIABLE result) + if(${result} EQUAL 0) + message(WARNING "\ + ******************************************************* + **** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! + **** THIS BUILD HAS NO DEFINED ENTROPY SOURCES + **** AND IS *NOT* SUITABLE FOR PRODUCTION USE + *******************************************************") + if(NOT UNSAFE_BUILD) + message(FATAL_ERROR "\ +\n\ +Warning! You have enabled MBEDTLS_TEST_NULL_ENTROPY. \ +This option is not safe for production use and negates all security \ +It is intended for development use only. \ +\n\ +To confirm you want to build with this option, re-run cmake with the \ +option: \n\ + cmake -DUNSAFE_BUILD=ON ") + + return() + endif() + endif() +endif() + set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" FORCE) diff --git a/Makefile b/Makefile index 7f03115b0..128362774 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ PREFIX=mbedtls_ .PHONY: all no_test programs lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean -all: programs tests +all: programs tests post_build no_test: programs @@ -53,6 +53,20 @@ uninstall: done endif +WARNING_BORDER =*******************************************************\n +NULL_ENTROPY_WARN_L1=**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****\n +NULL_ENTROPY_WARN_L2=**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****\n +NULL_ENTROPY_WARN_L3=**** AND IS *NOT* SUITABLE FOR PRODUCTION USE ****\n + +NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER) + +# Post build steps +post_build: + # If NULL Entropy is configured, display an appropriate warning + -scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ + echo '$(NULL_ENTROPY_WARNING)' + + clean: $(MAKE) -C library clean $(MAKE) -C programs clean diff --git a/library/entropy.c b/library/entropy.c index 282640f2d..45c894b1d 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -28,9 +28,9 @@ #if defined(MBEDTLS_ENTROPY_C) #if defined(MBEDTLS_TEST_NULL_ENTROPY) -#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****" -#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****" -#warning "**** NOT SUITABLE FOR PRODUCTION ****" +#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! " +#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES " +#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE " #endif #include "mbedtls/entropy.h" From 45103f3e15ccd16e873d985814843674ee47d115 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 21 Jun 2016 14:47:11 +0100 Subject: [PATCH 381/399] Changes multiline string (for CMake >3.0) to list (for CMake 2.8) --- CMakeLists.txt | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7ae33ccb6..0a02ef1c1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,6 +15,18 @@ else() option(ENABLE_TESTING "Build mbed TLS tests." ON) endif() +# Warning string - created as a list for compatibility with CMake 2.8 +set(WARNING_BORDER "*******************************************************\n") +set(NULL_ENTROPY_WARN_L1 "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined!\n") +set(NULL_ENTROPY_WARN_L2 "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES\n") +set(NULL_ENTROPY_WARN_L3 "**** AND IS *NOT* SUITABLE FOR PRODUCTION USE\n") + +set(NULL_ENTROPY_WARNING "${WARNING_BORDER}" + "${NULL_ENTROPY_WARN_L1}" + "${NULL_ENTROPY_WARN_L2}" + "${NULL_ENTROPY_WARN_L3}" + "${WARNING_BORDER}") + find_package(Perl) if(PERL_FOUND) @@ -22,12 +34,8 @@ if(PERL_FOUND) execute_process(COMMAND ${PERL_EXECUTABLE} scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY RESULT_VARIABLE result) if(${result} EQUAL 0) - message(WARNING "\ - ******************************************************* - **** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! - **** THIS BUILD HAS NO DEFINED ENTROPY SOURCES - **** AND IS *NOT* SUITABLE FOR PRODUCTION USE - *******************************************************") + message(WARNING ${NULL_ENTROPY_WARNING}) + if(NOT UNSAFE_BUILD) message(FATAL_ERROR "\ \n\ From dd9895d8101f17ce804830472cbb140eba1c46a0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 21 Jun 2016 15:12:00 +0100 Subject: [PATCH 382/399] Fix config.pl to return successful exitcode for full and realfull --- scripts/config.pl | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 04a9a7452..6f11d0ee8 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -225,13 +225,16 @@ if ($action eq "set"&& $force_option && !$done) { close $config_write; -if ($action eq "get" && $done) { - if ($value ne '') { - print $value; +if ($action eq "get") { + if($done) { + if ($value ne '') { + print $value; + } + exit 0; + } else { + # If the symbol was not found, return an error + exit -1; } - exit 0; -} else { - exit -1; } if ($action eq "full" && !$done) { From efc665f80f58e2a6a1328a8c7959e8db08952e71 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 22 Jun 2016 00:18:50 +0100 Subject: [PATCH 383/399] Fix mbedtls_ssl_set_hostname documentation --- include/mbedtls/ssl.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0c1365c5d..82c07607f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1781,10 +1781,11 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** - * \brief Set hostname for ServerName TLS extension + * \brief Set the hostname to check against the received server + * certificate. It sets the ServerName TLS extension too, + * if the extension is enabled. * (client-side only) * - * * \param ssl SSL context * \param hostname the server hostname * From 4b541bec0fdaf5f5c0a605b43862db27b4e1f99d Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Wed, 22 Jun 2016 18:48:16 +0300 Subject: [PATCH 384/399] Fix unused variable in AES selftest when CBC and CFB disabled (#393) This commit fixes following warning: > CC: aes.c > aes.c: In function 'mbedtls_aes_self_test': > aes.c:1225:19: error: unused variable 'iv' [-Werror=unused-variable] > unsigned char iv[16]; > ^ > cc1: all warnings being treated as errors --- library/aes.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/aes.c b/library/aes.c index 36660306e..a186dee98 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1222,7 +1222,9 @@ int mbedtls_aes_self_test( int verbose ) int ret = 0, i, j, u, v; unsigned char key[32]; unsigned char buf[64]; +#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) unsigned char iv[16]; +#endif #if defined(MBEDTLS_CIPHER_MODE_CBC) unsigned char prv[16]; #endif From 02c4a380134243eebba273dd2b1931748dc668f6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 23 Jun 2016 02:41:31 +0100 Subject: [PATCH 385/399] Corrects missing dependency for MBEDTLS_CIPHER_MODE_CBC in some tests --- tests/suites/test_suite_pkcs5.data | 16 ++++++++-------- tests/suites/test_suite_xtea.function | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index bf1624838..7c989d62c 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -19,7 +19,7 @@ depends_on:MBEDTLS_SHA1_C pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3" PBES2 Decrypt (OK) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" PBES2 Decrypt (bad params tag) @@ -47,7 +47,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (bad PBKDF2 params salt: not an octet string) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" PBES2 Decrypt (bad PBKDF2 params salt: overlong) @@ -63,7 +63,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (OK, PBKDF2 params explicit keylen) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong) @@ -71,7 +71,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence) @@ -103,7 +103,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:"" PBES2 Decrypt (bad enc_scheme_alg params: not an octet string) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:"" PBES2 Decrypt (bad enc_scheme_alg params: overlong) @@ -111,13 +111,13 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:"" PBES2 Decrypt (bad password) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" PBES2 Decrypt (bad iter value) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index 68ab54332..e294a9bd2 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -59,7 +59,7 @@ void xtea_decrypt_ecb( char *hex_key_string, char *hex_src_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string ) { @@ -90,7 +90,7 @@ void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void xtea_decrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string ) { From 6dc7c9c5e1a5eb29c63b492c5b9fec65dece06bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 19 Jun 2016 22:49:58 +0100 Subject: [PATCH 386/399] Adds checks to 1.3->2.0 API migration script --- scripts/rename.pl | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/scripts/rename.pl b/scripts/rename.pl index c169078e3..c29519eef 100755 --- a/scripts/rename.pl +++ b/scripts/rename.pl @@ -1,12 +1,25 @@ #!/usr/bin/perl - -# rename identifiers (functions, types, enum constant, etc) -# on upgrades of major version according to a list +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# This script migrates application source code from the mbed TLS 1.3 API to the +# mbed TLS 2.0 API. +# +# The script processes the given source code and renames identifiers - functions +# types, enums etc, as +# +# Usage: rename.pl [-f datafile] [-s] [--] [filenames...] +# use warnings; use strict; use utf8; +use Path::Class; use open qw(:std utf8); my $usage = "Usage: $0 [-f datafile] [-s] [--] [filenames...]\n"; @@ -45,15 +58,28 @@ my $space = qr/\s+/; my $idnum = qr/[a-zA-Z0-9_]+/; my $symbols = qr/[-!#\$%&'()*+,.\/:;<=>?@[\\\]^_`{|}~]+|"/; +my $lib_include_dir = dir($0)->parent->parent->subdir('include', 'mbedtls'); +my $lib_source_dir = dir($0)->parent->parent->subdir('library'); + # if we replace inside strings, we don't consider them a token my $token = $do_strings ? qr/$space|$idnum|$symbols/ : qr/$string|$space|$idnum|$symbols/; my %warnings; +# If no files were passed, exit... +if ( not defined($ARGV[0]) ){ die $usage; } + while( my $filename = shift ) { print STDERR "$filename... "; + + if( dir($filename)->parent eq $lib_include_dir || + dir($filename)->parent eq $lib_source_dir ) + { + die "Script cannot be executed on the mbed TLS library itself."; + } + if( -d $filename ) { print STDERR "skip (directory)\n"; next } open my $rfh, '<', $filename or die; From b6a73c9b76d60798ca41a2c5371a12dda8802dfa Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 18 Jun 2016 22:45:37 +0100 Subject: [PATCH 387/399] Add provision to create the entropy seedfile for selftest sample In the selftest sample application, if no seedfile is present, one will be created so the test can execute. --- programs/test/selftest.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 7698b629f..16c469a56 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -26,6 +26,7 @@ #endif #include "mbedtls/entropy.h" +#include "mbedtls/entropy_poll.h" #include "mbedtls/hmac_drbg.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/dhm.h" @@ -100,6 +101,40 @@ static int run_test_snprintf( void ) test_snprintf( 5, "123", 3 ) != 0 ); } +/* + * Check if a seed file is present, and if not create one for the entropy + * self-test. If this fails, we attempt the test anyway, so no error is passed + * back. + */ +#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && \ + !defined(MBEDTLS_NO_PLATFORM_ENTROPY) +static void create_entropy_seed_file( void ) +{ + int result; + size_t output_len = 0; + unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + /* Attempt to read the entropy seed file. If this fails - attempt to write + * to the file to ensure one is present. */ + result = mbedtls_platform_std_nv_seed_read( seed_value, + MBEDTLS_ENTROPY_BLOCK_SIZE ); + if( 0 == result ) + return; + + result = mbedtls_platform_entropy_poll( NULL, + seed_value, + MBEDTLS_ENTROPY_BLOCK_SIZE, + &output_len ); + if( 0 != result ) + return; + + if( MBEDTLS_ENTROPY_BLOCK_SIZE != output_len ) + return; + + mbedtls_platform_std_nv_seed_write( seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE ); +} +#endif + int main( int argc, char *argv[] ) { int v, suites_tested = 0, suites_failed = 0; @@ -331,6 +366,11 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_ENTROPY_C) + +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) + create_entropy_seed_file(); +#endif + if( mbedtls_entropy_self_test( v ) != 0 ) { suites_failed++; From b2c81b12bb2ed3de607e130b06abd77631316f7f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 23 Jun 2016 13:56:06 +0100 Subject: [PATCH 388/399] Added target_config.h as a custom header for yotta use --- include/mbedtls/config.h | 3 +++ yotta/data/adjust-config.sh | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1aa86bf1b..3b7c85b39 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2566,6 +2566,9 @@ /* \} name SECTION: Customisation configuration options */ +/* Target and application specific configurations */ +//#define YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE "target_config.h" + /* * Allow user to override any previous default. * diff --git a/yotta/data/adjust-config.sh b/yotta/data/adjust-config.sh index 170d3070a..6580c0900 100755 --- a/yotta/data/adjust-config.sh +++ b/yotta/data/adjust-config.sh @@ -14,6 +14,10 @@ conf() { $SCRIPT -f $FILE $@ } + +# Set the target specific header +conf set YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE \"target_config.h\" + # not supported on mbed OS, nor used by mbed Client conf unset MBEDTLS_NET_C conf unset MBEDTLS_TIMING_C From 71ebc58932b78e412f1ba8693da5a8bf7e506f9a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 23 Jun 2016 20:02:07 +0100 Subject: [PATCH 389/399] Changes to check-names.sh script to accept yotta constants --- tests/scripts/check-names.sh | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 7e67cefa8..191594ce0 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -1,7 +1,23 @@ #!/bin/sh - +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# +# Purpose +# +# This script confirms that the naming of all symbols and identifiers in mbed +# TLS are consistent with the house style and are also self-consistent. +# set -eu +if grep --version|head -n1|grep GNU >/dev/null; then :; else + echo "This script requires GNU grep." + exit 1 +fi + +printf "Analysing source code...\n" + tests/scripts/list-macros.sh tests/scripts/list-enum-consts.pl tests/scripts/list-identifiers.sh @@ -9,7 +25,7 @@ tests/scripts/list-symbols.sh FAIL=0 -printf "Exported symbols declared in header: " +printf "\nExported symbols declared in header: " UNDECLARED=$( diff exported-symbols identifiers | sed -n -e 's/^< //p' ) if [ "x$UNDECLARED" = "x" ]; then echo "PASS" @@ -24,7 +40,7 @@ diff macros identifiers | sed -n -e 's/< //p' > actual-macros for THING in actual-macros enum-consts; do printf "Names of $THING: " test -r $THING - BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) + BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) if [ "x$BAD" = "x" ]; then echo "PASS" else @@ -66,6 +82,7 @@ else FAIL=1 fi +printf "\nOverall: " if [ "$FAIL" -eq 0 ]; then rm macros actual-macros enum-consts identifiers exported-symbols echo "PASSED" From e7be5bdb968c33322857034c78263065575f5eff Mon Sep 17 00:00:00 2001 From: Brian J Murray Date: Thu, 23 Jun 2016 12:57:03 -0700 Subject: [PATCH 390/399] Fixed unchecked calls to mbedtls_md_setup in rsa.c (#502) * Fixed unchecked calls to mbedtls_md_setup in rsa.c: * style fixes --- library/rsa.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index e26d0df7d..fd2f5418a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -558,7 +558,11 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, memcpy( p, input, ilen ); mbedtls_md_init( &md_ctx ); - mbedtls_md_setup( &md_ctx, md_info, 0 ); + if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + { + mbedtls_md_free( &md_ctx ); + return( ret ); + } // maskedDB: Apply dbMask to DB // @@ -728,7 +732,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, hlen = mbedtls_md_get_size( md_info ); mbedtls_md_init( &md_ctx ); - mbedtls_md_setup( &md_ctx, md_info, 0 ); + if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + { + mbedtls_md_free( &md_ctx ); + return( ret ); + } + /* Generate lHash */ mbedtls_md( md_info, label, label_len, lhash ); @@ -972,7 +981,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, p += slen; mbedtls_md_init( &md_ctx ); - mbedtls_md_setup( &md_ctx, md_info, 0 ); + if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + { + mbedtls_md_free( &md_ctx ); + return( ret ); + } // Generate H = Hash( M' ) // @@ -1245,7 +1258,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); mbedtls_md_init( &md_ctx ); - mbedtls_md_setup( &md_ctx, md_info, 0 ); + if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + { + mbedtls_md_free( &md_ctx ); + return( ret ); + } mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); From 36b0c55cad118af77f6adae94e73807b23cd26db Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 23 Jun 2016 21:57:06 +0100 Subject: [PATCH 391/399] Fix for config.pl if no arguments are passed --- scripts/config.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/config.pl b/scripts/config.pl index 6f11d0ee8..8921a874a 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -145,6 +145,9 @@ while ($arg = shift) { } } +# If no command was specified, exit... +if ( not defined($action) ){ die $usage; } + # Check the config file is present if (! -f $config_file) { From 3d26513650f3078c6d82648326052ef02b01e4d6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 23 Jun 2016 21:57:06 +0100 Subject: [PATCH 392/399] Fix for config.pl if no arguments are passed --- scripts/config.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/config.pl b/scripts/config.pl index 6f11d0ee8..8921a874a 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -145,6 +145,9 @@ while ($arg = shift) { } } +# If no command was specified, exit... +if ( not defined($action) ){ die $usage; } + # Check the config file is present if (! -f $config_file) { From 284b4c9927bd91aac259b0d58597d7739408aa38 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 26 Jun 2016 13:10:00 +0100 Subject: [PATCH 393/399] Fixes all.sh script for filesystem IO test build MBEDTLS_ENTROPY_NV_SEED is dependent on platform code unless an alternative implementation is provided, therefore needs to be disabled in the disabled filesystem IO build. --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 469827e11..f9ee2ee7f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -232,6 +232,7 @@ scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO CC=gcc CFLAGS='-Werror -O0' make From eebf1b93809afc06b702be2f98212b2157ba983e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 27 Jun 2016 01:42:39 +0100 Subject: [PATCH 394/399] Various fixes for NV SEED feature in all.sh --- tests/scripts/all.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f9ee2ee7f..5031d2aad 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -243,6 +243,7 @@ cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED CC=gcc CFLAGS='-Werror -O0' make msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s @@ -276,7 +277,7 @@ scripts/config.pl set MBEDTLS_ENTROPY_C scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT scripts/config.pl unset MBEDTLS_HAVEGE_C -CC=gcc cmake -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . +CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . make msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites and selftest (ASan build)" @@ -303,6 +304,7 @@ scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # following things are not in the default config scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c From cff625f841175d6ce60a0c7536d86fd087232018 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 27 Jun 2016 15:15:11 +0100 Subject: [PATCH 395/399] Fixes break in mingw build Postbuild step failed when building with mingw --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 128362774..7f334ee27 100644 --- a/Makefile +++ b/Makefile @@ -62,10 +62,11 @@ NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WA # Post build steps post_build: +ifndef WINDOWS # If NULL Entropy is configured, display an appropriate warning -scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ echo '$(NULL_ENTROPY_WARNING)' - +endif clean: $(MAKE) -C library clean From 1c71965d462a5f2d034093c9245fed728d60fcee Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 27 Jun 2016 19:02:12 +0100 Subject: [PATCH 396/399] Fixes armcc builds in all.sh MBEDTLS_NV_SEED needs to be disabled in builds without filesystem IO. --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5031d2aad..526239768 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -323,6 +323,7 @@ scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_HAVE_TIME scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY From 905cef6c2ce5092d7b0aba6b29848fa4a4782ad7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 27 Jun 2016 19:36:45 +0100 Subject: [PATCH 397/399] Changed library version number to 2.3.0 --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 10 +++++----- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 9643a6fb3..b13083cbe 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -21,7 +21,7 @@ */ /** - * @mainpage mbed TLS v2.2.1 source code documentation + * @mainpage mbed TLS v2.3.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 2fc0b7f90..253e1844f 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.2.1" +PROJECT_NAME = "mbed TLS v2.3.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index ea2966e8a..b40aa5103 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -38,17 +38,17 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 2 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_MINOR 3 +#define MBEDTLS_VERSION_PATCH 0 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02020100 -#define MBEDTLS_VERSION_STRING "2.2.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.2.1" +#define MBEDTLS_VERSION_NUMBER 0x02030000 +#define MBEDTLS_VERSION_STRING "2.3.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.3.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 71d54857c..6aeb38525 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -139,15 +139,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.2.1 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.3.0 SOVERSION 0) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.2.1 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.3.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.2.1 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.3.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index ac13f11b4..f9c20116c 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.2.1" +check_compiletime_version:"2.3.0" Check runtime library version -check_runtime_version:"2.2.1" +check_runtime_version:"2.3.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 46125fbb73897c3fbc1eccc98b61a49bbd232d56 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 27 Jun 2016 19:43:55 +0100 Subject: [PATCH 398/399] Updates ChangeLog with final changes for release --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index af857e08f..1ef952c89 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x branch += mbed TLS 2.3.0 branch released 2016-06-28 Security * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt @@ -38,6 +38,7 @@ Bugfix * Fix issue in ssl_fork_server which was preventing it from functioning. #429 * Fix memory leaks in test framework * Fix test in ssl-opt.sh that does not run properly with valgrind + * Fix unchecked calls to mmbedtls_md_setup(). Fix by Brian Murray. #502 Changes * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, From 85c2a928ed352845793db000e78e2b42c8dcf055 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 27 Jun 2016 19:50:36 +0100 Subject: [PATCH 399/399] Update yotta version --- yotta/data/module.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yotta/data/module.json b/yotta/data/module.json index f3037835f..0b8b82283 100644 --- a/yotta/data/module.json +++ b/yotta/data/module.json @@ -1,6 +1,6 @@ { "name": "mbedtls", - "version": "2.3.0", + "version": "2.3.1", "description": "The mbed TLS crypto/SSL/TLS library", "licenses": [ {