Merge pull request #787 from ARMmbed/dev/yanesca/mbedtls-2.16.9r0-pr

Prepare Release Candidate for Mbed TLS 2.16.9
This commit is contained in:
Janos Follath 2020-12-10 12:54:15 +00:00 committed by GitHub
commit 3fac0bae4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 827 additions and 526 deletions

View file

@ -1,5 +1,73 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.16.9 branch released 2020-12-11
Security
* Limit the size of calculations performed by mbedtls_mpi_exp_mod to
MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when
generating Diffie-Hellman key pairs. Credit to OSS-Fuzz.
* A failure of the random generator was ignored in mbedtls_mpi_fill_random(),
which is how most uses of randomization in asymmetric cryptography
(including key generation, intermediate value randomization and blinding)
are implemented. This could cause failures or the silent use of non-random
values. A random generator can fail if it needs reseeding and cannot not
obtain entropy, or due to an internal failure (which, for Mbed TLS's own
CTR_DRBG or HMAC_DRBG, can only happen due to a misconfiguration).
* Fix a compliance issue whereby we were not checking the tag on the
algorithm parameters (only the size) when comparing the signature in the
description part of the cert to the real signature. This meant that a
NULL algorithm parameters entry would look identical to an array of REAL
(size zero) to the library and thus the certificate would be considered
valid. However, if the parameters do not match in *any* way then the
certificate should be considered invalid, and indeed OpenSSL marks these
certs as invalid when mbedtls did not.
Many thanks to guidovranken who found this issue via differential fuzzing
and reported it in #3629.
* Zeroising of local buffers and variables which are used for calculations
in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(),
mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
functions to erase sensitive data from memory. Reported by
Johan Malmgren and Johan Uppman Bruce from Sectra.
Bugfix
* Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey()
when the input has trailing garbage. Fixes #2512.
* Fix rsa_prepare_blinding() to retry when the blinding value is not
invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
Fixes #3647.
* Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
Fix #3432.
* Correct the default IV size for mbedtls_cipher_info_t structures using
MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs.
* Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
defined. Fix contributed in #3571. Adopted for LTS branch 2.16 in #3602.
* Fix build failures on GCC 11. Fixes #3782.
* Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
(an error condition) and the second operand was aliased to the result.
* Fix a case in elliptic curve arithmetic where an out-of-memory condition
could go undetected, resulting in an incorrect result.
* In CTR_DRBG and HMAC_DRBG, don't reset the reseed interval in seed().
Fixes #2927.
* In PEM writing functions, fill the trailing part of the buffer with null
bytes. This guarantees that the corresponding parsing function can read
the buffer back, which was the case for mbedtls_x509write_{crt,csr}_pem
until this property was inadvertently broken in Mbed TLS 2.19.0.
Fixes #3682.
* Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT
option on. In this configuration key management methods that are required
for MBEDTLS_CIPHER_MODE_XTS were excluded from the build and made it fail.
Fixes #3818. Reported by John Stroebel.
Changes
* Reduce stack usage significantly during sliding window exponentiation.
Reported in #3591 and fix contributed in #3592 by Daniel Otte.
* Remove the zeroization of a pointer variable in AES rounds. It was valid
but spurious and misleading since it looked like a mistaken attempt to
zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA
Leti, France.
= mbed TLS 2.16.8 branch released 2020-09-01 = mbed TLS 2.16.8 branch released 2020-09-01
Features Features

View file

@ -1,3 +0,0 @@
Bugfix
* Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
Fix #3432.

View file

@ -1,3 +0,0 @@
Changes
* Reduce stack usage significantly during sliding window exponentiation.
Reported in #3591 and fix contributed in #3592 by Daniel Otte.

View file

@ -1,5 +0,0 @@
Changes
* Remove the zeroization of a pointer variable in AES rounds. It was valid
but spurious and misleading since it looked like a mistaken attempt to
zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA
Leti, France.

View file

@ -1,3 +0,0 @@
Bugfix
* Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
defined. Fix contributed in #3571. Adopted for LTS branch 2.16 in #3602.

View file

@ -1,3 +0,0 @@
Bugfix
* In CTR_DRBG and HMAC_DRBG, don't reset the reseed interval in seed().
Fixes #2927.

View file

@ -1,2 +0,0 @@
Bugfix
* Fix build failures on GCC 11. Fixes #3782.

View file

@ -1,6 +0,0 @@
Bugfix
* In PEM writing functions, fill the trailing part of the buffer with null
bytes. This guarantees that the corresponding parsing function can read
the buffer back, which was the case for mbedtls_x509write_{crt,csr}_pem
until this property was inadvertently broken in Mbed TLS 2.19.0.
Fixes #3682.

View file

@ -1,3 +0,0 @@
Bugfix
* Correct the default IV size for mbedtls_cipher_info_t structures using
MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs.

View file

@ -1,5 +0,0 @@
Bugfix
* Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
(an error condition) and the second operand was aliased to the result.
* Fix a case in elliptic curve arithmetic where an out-of-memory condition
could go undetected, resulting in an incorrect result.

View file

@ -1,6 +0,0 @@
Bugfix
* Fix rsa_prepare_blinding() to retry when the blinding value is not
invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
Fixes #3647.

View file

@ -49,7 +49,7 @@
*/ */
/** /**
* @mainpage mbed TLS v2.16.8 source code documentation * @mainpage mbed TLS v2.16.9 source code documentation
* *
* This documentation describes the internal structure of mbed TLS. It was * This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in * automatically generated from specially formatted comment blocks in

View file

@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need # identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces. # to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v2.16.8" PROJECT_NAME = "mbed TLS v2.16.9"
# The PROJECT_NUMBER tag can be used to enter a project or revision number. # The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or # This could be handy for archiving the generated documentation or

View file

@ -65,16 +65,16 @@
*/ */
#define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 16 #define MBEDTLS_VERSION_MINOR 16
#define MBEDTLS_VERSION_PATCH 8 #define MBEDTLS_VERSION_PATCH 9
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x02100800 #define MBEDTLS_VERSION_NUMBER 0x02100900
#define MBEDTLS_VERSION_STRING "2.16.8" #define MBEDTLS_VERSION_STRING "2.16.9"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.8" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.9"
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)

View file

@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto}) add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.8 SOVERSION 3) set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.9 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs}) target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509}) add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.8 SOVERSION 0) set_target_properties(mbedx509 PROPERTIES VERSION 2.16.9 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto) target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls}) add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.16.8 SOVERSION 12) set_target_properties(mbedtls PROPERTIES VERSION 2.16.9 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509) target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto install(TARGETS mbedtls mbedx509 mbedcrypto

View file

@ -2061,6 +2061,10 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
if( mbedtls_mpi_cmp_int( E, 0 ) < 0 ) if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
/* /*
* Init temps and window size * Init temps and window size
*/ */
@ -2337,7 +2341,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
Xp = (unsigned char*) X->p; Xp = (unsigned char*) X->p;
f_rng( p_rng, Xp + overhead, size ); MBEDTLS_MPI_CHK( f_rng( p_rng, Xp + overhead, size ) );
mpi_bigendian_to_host( X->p, limbs ); mpi_bigendian_to_host( X->p, limbs );

View file

@ -177,6 +177,9 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
t = ctx->cksum[i]; t = ctx->cksum[i];
} }
/* Zeroise variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &t, sizeof( t ) );
return( 0 ); return( 0 );
} }

View file

@ -143,31 +143,34 @@ void mbedtls_md4_starts( mbedtls_md4_context *ctx )
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
const unsigned char data[64] ) const unsigned char data[64] )
{ {
uint32_t X[16], A, B, C, D; struct
{
uint32_t X[16], A, B, C, D;
} local;
GET_UINT32_LE( X[ 0], data, 0 ); GET_UINT32_LE( local.X[ 0], data, 0 );
GET_UINT32_LE( X[ 1], data, 4 ); GET_UINT32_LE( local.X[ 1], data, 4 );
GET_UINT32_LE( X[ 2], data, 8 ); GET_UINT32_LE( local.X[ 2], data, 8 );
GET_UINT32_LE( X[ 3], data, 12 ); GET_UINT32_LE( local.X[ 3], data, 12 );
GET_UINT32_LE( X[ 4], data, 16 ); GET_UINT32_LE( local.X[ 4], data, 16 );
GET_UINT32_LE( X[ 5], data, 20 ); GET_UINT32_LE( local.X[ 5], data, 20 );
GET_UINT32_LE( X[ 6], data, 24 ); GET_UINT32_LE( local.X[ 6], data, 24 );
GET_UINT32_LE( X[ 7], data, 28 ); GET_UINT32_LE( local.X[ 7], data, 28 );
GET_UINT32_LE( X[ 8], data, 32 ); GET_UINT32_LE( local.X[ 8], data, 32 );
GET_UINT32_LE( X[ 9], data, 36 ); GET_UINT32_LE( local.X[ 9], data, 36 );
GET_UINT32_LE( X[10], data, 40 ); GET_UINT32_LE( local.X[10], data, 40 );
GET_UINT32_LE( X[11], data, 44 ); GET_UINT32_LE( local.X[11], data, 44 );
GET_UINT32_LE( X[12], data, 48 ); GET_UINT32_LE( local.X[12], data, 48 );
GET_UINT32_LE( X[13], data, 52 ); GET_UINT32_LE( local.X[13], data, 52 );
GET_UINT32_LE( X[14], data, 56 ); GET_UINT32_LE( local.X[14], data, 56 );
GET_UINT32_LE( X[15], data, 60 ); GET_UINT32_LE( local.X[15], data, 60 );
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
A = ctx->state[0]; local.A = ctx->state[0];
B = ctx->state[1]; local.B = ctx->state[1];
C = ctx->state[2]; local.C = ctx->state[2];
D = ctx->state[3]; local.D = ctx->state[3];
#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z))) #define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
#define P(a,b,c,d,x,s) \ #define P(a,b,c,d,x,s) \
@ -178,22 +181,22 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
} while( 0 ) } while( 0 )
P( A, B, C, D, X[ 0], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
P( D, A, B, C, X[ 1], 7 ); P( local.D, local.A, local.B, local.C, local.X[ 1], 7 );
P( C, D, A, B, X[ 2], 11 ); P( local.C, local.D, local.A, local.B, local.X[ 2], 11 );
P( B, C, D, A, X[ 3], 19 ); P( local.B, local.C, local.D, local.A, local.X[ 3], 19 );
P( A, B, C, D, X[ 4], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 4], 3 );
P( D, A, B, C, X[ 5], 7 ); P( local.D, local.A, local.B, local.C, local.X[ 5], 7 );
P( C, D, A, B, X[ 6], 11 ); P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
P( B, C, D, A, X[ 7], 19 ); P( local.B, local.C, local.D, local.A, local.X[ 7], 19 );
P( A, B, C, D, X[ 8], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 8], 3 );
P( D, A, B, C, X[ 9], 7 ); P( local.D, local.A, local.B, local.C, local.X[ 9], 7 );
P( C, D, A, B, X[10], 11 ); P( local.C, local.D, local.A, local.B, local.X[10], 11 );
P( B, C, D, A, X[11], 19 ); P( local.B, local.C, local.D, local.A, local.X[11], 19 );
P( A, B, C, D, X[12], 3 ); P( local.A, local.B, local.C, local.D, local.X[12], 3 );
P( D, A, B, C, X[13], 7 ); P( local.D, local.A, local.B, local.C, local.X[13], 7 );
P( C, D, A, B, X[14], 11 ); P( local.C, local.D, local.A, local.B, local.X[14], 11 );
P( B, C, D, A, X[15], 19 ); P( local.B, local.C, local.D, local.A, local.X[15], 19 );
#undef P #undef P
#undef F #undef F
@ -206,22 +209,22 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
(a) = S((a),(s)); \ (a) = S((a),(s)); \
} while( 0 ) } while( 0 )
P( A, B, C, D, X[ 0], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
P( D, A, B, C, X[ 4], 5 ); P( local.D, local.A, local.B, local.C, local.X[ 4], 5 );
P( C, D, A, B, X[ 8], 9 ); P( local.C, local.D, local.A, local.B, local.X[ 8], 9 );
P( B, C, D, A, X[12], 13 ); P( local.B, local.C, local.D, local.A, local.X[12], 13 );
P( A, B, C, D, X[ 1], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 1], 3 );
P( D, A, B, C, X[ 5], 5 ); P( local.D, local.A, local.B, local.C, local.X[ 5], 5 );
P( C, D, A, B, X[ 9], 9 ); P( local.C, local.D, local.A, local.B, local.X[ 9], 9 );
P( B, C, D, A, X[13], 13 ); P( local.B, local.C, local.D, local.A, local.X[13], 13 );
P( A, B, C, D, X[ 2], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 2], 3 );
P( D, A, B, C, X[ 6], 5 ); P( local.D, local.A, local.B, local.C, local.X[ 6], 5 );
P( C, D, A, B, X[10], 9 ); P( local.C, local.D, local.A, local.B, local.X[10], 9 );
P( B, C, D, A, X[14], 13 ); P( local.B, local.C, local.D, local.A, local.X[14], 13 );
P( A, B, C, D, X[ 3], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 3], 3 );
P( D, A, B, C, X[ 7], 5 ); P( local.D, local.A, local.B, local.C, local.X[ 7], 5 );
P( C, D, A, B, X[11], 9 ); P( local.C, local.D, local.A, local.B, local.X[11], 9 );
P( B, C, D, A, X[15], 13 ); P( local.B, local.C, local.D, local.A, local.X[15], 13 );
#undef P #undef P
#undef F #undef F
@ -234,30 +237,33 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
(a) = S((a),(s)); \ (a) = S((a),(s)); \
} while( 0 ) } while( 0 )
P( A, B, C, D, X[ 0], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 0], 3 );
P( D, A, B, C, X[ 8], 9 ); P( local.D, local.A, local.B, local.C, local.X[ 8], 9 );
P( C, D, A, B, X[ 4], 11 ); P( local.C, local.D, local.A, local.B, local.X[ 4], 11 );
P( B, C, D, A, X[12], 15 ); P( local.B, local.C, local.D, local.A, local.X[12], 15 );
P( A, B, C, D, X[ 2], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 2], 3 );
P( D, A, B, C, X[10], 9 ); P( local.D, local.A, local.B, local.C, local.X[10], 9 );
P( C, D, A, B, X[ 6], 11 ); P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
P( B, C, D, A, X[14], 15 ); P( local.B, local.C, local.D, local.A, local.X[14], 15 );
P( A, B, C, D, X[ 1], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 1], 3 );
P( D, A, B, C, X[ 9], 9 ); P( local.D, local.A, local.B, local.C, local.X[ 9], 9 );
P( C, D, A, B, X[ 5], 11 ); P( local.C, local.D, local.A, local.B, local.X[ 5], 11 );
P( B, C, D, A, X[13], 15 ); P( local.B, local.C, local.D, local.A, local.X[13], 15 );
P( A, B, C, D, X[ 3], 3 ); P( local.A, local.B, local.C, local.D, local.X[ 3], 3 );
P( D, A, B, C, X[11], 9 ); P( local.D, local.A, local.B, local.C, local.X[11], 9 );
P( C, D, A, B, X[ 7], 11 ); P( local.C, local.D, local.A, local.B, local.X[ 7], 11 );
P( B, C, D, A, X[15], 15 ); P( local.B, local.C, local.D, local.A, local.X[15], 15 );
#undef F #undef F
#undef P #undef P
ctx->state[0] += A; ctx->state[0] += local.A;
ctx->state[1] += B; ctx->state[1] += local.B;
ctx->state[2] += C; ctx->state[2] += local.C;
ctx->state[3] += D; ctx->state[3] += local.D;
/* Zeroise variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &local, sizeof( local ) );
return( 0 ); return( 0 );
} }

View file

@ -142,128 +142,134 @@ void mbedtls_md5_starts( mbedtls_md5_context *ctx )
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
const unsigned char data[64] ) const unsigned char data[64] )
{ {
uint32_t X[16], A, B, C, D; struct
{
uint32_t X[16], A, B, C, D;
} local;
GET_UINT32_LE( X[ 0], data, 0 ); GET_UINT32_LE( local.X[ 0], data, 0 );
GET_UINT32_LE( X[ 1], data, 4 ); GET_UINT32_LE( local.X[ 1], data, 4 );
GET_UINT32_LE( X[ 2], data, 8 ); GET_UINT32_LE( local.X[ 2], data, 8 );
GET_UINT32_LE( X[ 3], data, 12 ); GET_UINT32_LE( local.X[ 3], data, 12 );
GET_UINT32_LE( X[ 4], data, 16 ); GET_UINT32_LE( local.X[ 4], data, 16 );
GET_UINT32_LE( X[ 5], data, 20 ); GET_UINT32_LE( local.X[ 5], data, 20 );
GET_UINT32_LE( X[ 6], data, 24 ); GET_UINT32_LE( local.X[ 6], data, 24 );
GET_UINT32_LE( X[ 7], data, 28 ); GET_UINT32_LE( local.X[ 7], data, 28 );
GET_UINT32_LE( X[ 8], data, 32 ); GET_UINT32_LE( local.X[ 8], data, 32 );
GET_UINT32_LE( X[ 9], data, 36 ); GET_UINT32_LE( local.X[ 9], data, 36 );
GET_UINT32_LE( X[10], data, 40 ); GET_UINT32_LE( local.X[10], data, 40 );
GET_UINT32_LE( X[11], data, 44 ); GET_UINT32_LE( local.X[11], data, 44 );
GET_UINT32_LE( X[12], data, 48 ); GET_UINT32_LE( local.X[12], data, 48 );
GET_UINT32_LE( X[13], data, 52 ); GET_UINT32_LE( local.X[13], data, 52 );
GET_UINT32_LE( X[14], data, 56 ); GET_UINT32_LE( local.X[14], data, 56 );
GET_UINT32_LE( X[15], data, 60 ); GET_UINT32_LE( local.X[15], data, 60 );
#define S(x,n) \ #define S(x,n) \
( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) ) ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
#define P(a,b,c,d,k,s,t) \ #define P(a,b,c,d,k,s,t) \
do \ do \
{ \ { \
(a) += F((b),(c),(d)) + X[(k)] + (t); \ (a) += F((b),(c),(d)) + local.X[(k)] + (t); \
(a) = S((a),(s)) + (b); \ (a) = S((a),(s)) + (b); \
} while( 0 ) } while( 0 )
A = ctx->state[0]; local.A = ctx->state[0];
B = ctx->state[1]; local.B = ctx->state[1];
C = ctx->state[2]; local.C = ctx->state[2];
D = ctx->state[3]; local.D = ctx->state[3];
#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
P( A, B, C, D, 0, 7, 0xD76AA478 ); P( local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478 );
P( D, A, B, C, 1, 12, 0xE8C7B756 ); P( local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756 );
P( C, D, A, B, 2, 17, 0x242070DB ); P( local.C, local.D, local.A, local.B, 2, 17, 0x242070DB );
P( B, C, D, A, 3, 22, 0xC1BDCEEE ); P( local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE );
P( A, B, C, D, 4, 7, 0xF57C0FAF ); P( local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF );
P( D, A, B, C, 5, 12, 0x4787C62A ); P( local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A );
P( C, D, A, B, 6, 17, 0xA8304613 ); P( local.C, local.D, local.A, local.B, 6, 17, 0xA8304613 );
P( B, C, D, A, 7, 22, 0xFD469501 ); P( local.B, local.C, local.D, local.A, 7, 22, 0xFD469501 );
P( A, B, C, D, 8, 7, 0x698098D8 ); P( local.A, local.B, local.C, local.D, 8, 7, 0x698098D8 );
P( D, A, B, C, 9, 12, 0x8B44F7AF ); P( local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF );
P( C, D, A, B, 10, 17, 0xFFFF5BB1 ); P( local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1 );
P( B, C, D, A, 11, 22, 0x895CD7BE ); P( local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE );
P( A, B, C, D, 12, 7, 0x6B901122 ); P( local.A, local.B, local.C, local.D, 12, 7, 0x6B901122 );
P( D, A, B, C, 13, 12, 0xFD987193 ); P( local.D, local.A, local.B, local.C, 13, 12, 0xFD987193 );
P( C, D, A, B, 14, 17, 0xA679438E ); P( local.C, local.D, local.A, local.B, 14, 17, 0xA679438E );
P( B, C, D, A, 15, 22, 0x49B40821 ); P( local.B, local.C, local.D, local.A, 15, 22, 0x49B40821 );
#undef F #undef F
#define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) #define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y))))
P( A, B, C, D, 1, 5, 0xF61E2562 ); P( local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562 );
P( D, A, B, C, 6, 9, 0xC040B340 ); P( local.D, local.A, local.B, local.C, 6, 9, 0xC040B340 );
P( C, D, A, B, 11, 14, 0x265E5A51 ); P( local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51 );
P( B, C, D, A, 0, 20, 0xE9B6C7AA ); P( local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA );
P( A, B, C, D, 5, 5, 0xD62F105D ); P( local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D );
P( D, A, B, C, 10, 9, 0x02441453 ); P( local.D, local.A, local.B, local.C, 10, 9, 0x02441453 );
P( C, D, A, B, 15, 14, 0xD8A1E681 ); P( local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681 );
P( B, C, D, A, 4, 20, 0xE7D3FBC8 ); P( local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8 );
P( A, B, C, D, 9, 5, 0x21E1CDE6 ); P( local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6 );
P( D, A, B, C, 14, 9, 0xC33707D6 ); P( local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6 );
P( C, D, A, B, 3, 14, 0xF4D50D87 ); P( local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87 );
P( B, C, D, A, 8, 20, 0x455A14ED ); P( local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED );
P( A, B, C, D, 13, 5, 0xA9E3E905 ); P( local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905 );
P( D, A, B, C, 2, 9, 0xFCEFA3F8 ); P( local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8 );
P( C, D, A, B, 7, 14, 0x676F02D9 ); P( local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9 );
P( B, C, D, A, 12, 20, 0x8D2A4C8A ); P( local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A );
#undef F #undef F
#define F(x,y,z) ((x) ^ (y) ^ (z)) #define F(x,y,z) ((x) ^ (y) ^ (z))
P( A, B, C, D, 5, 4, 0xFFFA3942 ); P( local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942 );
P( D, A, B, C, 8, 11, 0x8771F681 ); P( local.D, local.A, local.B, local.C, 8, 11, 0x8771F681 );
P( C, D, A, B, 11, 16, 0x6D9D6122 ); P( local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122 );
P( B, C, D, A, 14, 23, 0xFDE5380C ); P( local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C );
P( A, B, C, D, 1, 4, 0xA4BEEA44 ); P( local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44 );
P( D, A, B, C, 4, 11, 0x4BDECFA9 ); P( local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9 );
P( C, D, A, B, 7, 16, 0xF6BB4B60 ); P( local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60 );
P( B, C, D, A, 10, 23, 0xBEBFBC70 ); P( local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70 );
P( A, B, C, D, 13, 4, 0x289B7EC6 ); P( local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6 );
P( D, A, B, C, 0, 11, 0xEAA127FA ); P( local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA );
P( C, D, A, B, 3, 16, 0xD4EF3085 ); P( local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085 );
P( B, C, D, A, 6, 23, 0x04881D05 ); P( local.B, local.C, local.D, local.A, 6, 23, 0x04881D05 );
P( A, B, C, D, 9, 4, 0xD9D4D039 ); P( local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039 );
P( D, A, B, C, 12, 11, 0xE6DB99E5 ); P( local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5 );
P( C, D, A, B, 15, 16, 0x1FA27CF8 ); P( local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8 );
P( B, C, D, A, 2, 23, 0xC4AC5665 ); P( local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665 );
#undef F #undef F
#define F(x,y,z) ((y) ^ ((x) | ~(z))) #define F(x,y,z) ((y) ^ ((x) | ~(z)))
P( A, B, C, D, 0, 6, 0xF4292244 ); P( local.A, local.B, local.C, local.D, 0, 6, 0xF4292244 );
P( D, A, B, C, 7, 10, 0x432AFF97 ); P( local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97 );
P( C, D, A, B, 14, 15, 0xAB9423A7 ); P( local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7 );
P( B, C, D, A, 5, 21, 0xFC93A039 ); P( local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039 );
P( A, B, C, D, 12, 6, 0x655B59C3 ); P( local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3 );
P( D, A, B, C, 3, 10, 0x8F0CCC92 ); P( local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92 );
P( C, D, A, B, 10, 15, 0xFFEFF47D ); P( local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D );
P( B, C, D, A, 1, 21, 0x85845DD1 ); P( local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1 );
P( A, B, C, D, 8, 6, 0x6FA87E4F ); P( local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F );
P( D, A, B, C, 15, 10, 0xFE2CE6E0 ); P( local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0 );
P( C, D, A, B, 6, 15, 0xA3014314 ); P( local.C, local.D, local.A, local.B, 6, 15, 0xA3014314 );
P( B, C, D, A, 13, 21, 0x4E0811A1 ); P( local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1 );
P( A, B, C, D, 4, 6, 0xF7537E82 ); P( local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82 );
P( D, A, B, C, 11, 10, 0xBD3AF235 ); P( local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235 );
P( C, D, A, B, 2, 15, 0x2AD7D2BB ); P( local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB );
P( B, C, D, A, 9, 21, 0xEB86D391 ); P( local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391 );
#undef F #undef F
ctx->state[0] += A; ctx->state[0] += local.A;
ctx->state[1] += B; ctx->state[1] += local.B;
ctx->state[2] += C; ctx->state[2] += local.C;
ctx->state[3] += D; ctx->state[3] += local.D;
/* Zeroise variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &local, sizeof( local ) );
return( 0 ); return( 0 );
} }

View file

@ -247,7 +247,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
unsigned int iteration_count, unsigned int iteration_count,
uint32_t key_length, unsigned char *output ) uint32_t key_length, unsigned char *output )
{ {
int ret, j; int ret = 0, j;
unsigned int i; unsigned int i;
unsigned char md1[MBEDTLS_MD_MAX_SIZE]; unsigned char md1[MBEDTLS_MD_MAX_SIZE];
unsigned char work[MBEDTLS_MD_MAX_SIZE]; unsigned char work[MBEDTLS_MD_MAX_SIZE];
@ -269,16 +269,16 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
// U1 ends up in work // U1 ends up in work
// //
if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 ) if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 ) if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 ) if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 ) if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
return( ret ); goto cleanup;
memcpy( md1, work, md_size ); memcpy( md1, work, md_size );
@ -287,13 +287,13 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
// U2 ends up in md1 // U2 ends up in md1
// //
if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 ) if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 ) if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 ) if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
return( ret ); goto cleanup;
// U1 xor U2 // U1 xor U2
// //
@ -312,7 +312,12 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p
break; break;
} }
return( 0 ); cleanup:
/* Zeroise buffers to clear sensitive data from memory. */
mbedtls_platform_zeroize( work, MBEDTLS_MD_MAX_SIZE );
mbedtls_platform_zeroize( md1, MBEDTLS_MD_MAX_SIZE );
return( ret );
} }
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)

View file

@ -147,30 +147,33 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
const unsigned char data[64] ) const unsigned char data[64] )
{ {
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; struct
{
uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
} local;
GET_UINT32_LE( X[ 0], data, 0 ); GET_UINT32_LE( local.X[ 0], data, 0 );
GET_UINT32_LE( X[ 1], data, 4 ); GET_UINT32_LE( local.X[ 1], data, 4 );
GET_UINT32_LE( X[ 2], data, 8 ); GET_UINT32_LE( local.X[ 2], data, 8 );
GET_UINT32_LE( X[ 3], data, 12 ); GET_UINT32_LE( local.X[ 3], data, 12 );
GET_UINT32_LE( X[ 4], data, 16 ); GET_UINT32_LE( local.X[ 4], data, 16 );
GET_UINT32_LE( X[ 5], data, 20 ); GET_UINT32_LE( local.X[ 5], data, 20 );
GET_UINT32_LE( X[ 6], data, 24 ); GET_UINT32_LE( local.X[ 6], data, 24 );
GET_UINT32_LE( X[ 7], data, 28 ); GET_UINT32_LE( local.X[ 7], data, 28 );
GET_UINT32_LE( X[ 8], data, 32 ); GET_UINT32_LE( local.X[ 8], data, 32 );
GET_UINT32_LE( X[ 9], data, 36 ); GET_UINT32_LE( local.X[ 9], data, 36 );
GET_UINT32_LE( X[10], data, 40 ); GET_UINT32_LE( local.X[10], data, 40 );
GET_UINT32_LE( X[11], data, 44 ); GET_UINT32_LE( local.X[11], data, 44 );
GET_UINT32_LE( X[12], data, 48 ); GET_UINT32_LE( local.X[12], data, 48 );
GET_UINT32_LE( X[13], data, 52 ); GET_UINT32_LE( local.X[13], data, 52 );
GET_UINT32_LE( X[14], data, 56 ); GET_UINT32_LE( local.X[14], data, 56 );
GET_UINT32_LE( X[15], data, 60 ); GET_UINT32_LE( local.X[15], data, 60 );
A = Ap = ctx->state[0]; local.A = local.Ap = ctx->state[0];
B = Bp = ctx->state[1]; local.B = local.Bp = ctx->state[1];
C = Cp = ctx->state[2]; local.C = local.Cp = ctx->state[2];
D = Dp = ctx->state[3]; local.D = local.Dp = ctx->state[3];
E = Ep = ctx->state[4]; local.E = local.Ep = ctx->state[4];
#define F1( x, y, z ) ( (x) ^ (y) ^ (z) ) #define F1( x, y, z ) ( (x) ^ (y) ^ (z) )
#define F2( x, y, z ) ( ( (x) & (y) ) | ( ~(x) & (z) ) ) #define F2( x, y, z ) ( ( (x) & (y) ) | ( ~(x) & (z) ) )
@ -180,12 +183,12 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
#define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) ) #define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) )
#define P( a, b, c, d, e, r, s, f, k ) \ #define P( a, b, c, d, e, r, s, f, k ) \
do \ do \
{ \ { \
(a) += f( (b), (c), (d) ) + X[r] + (k); \ (a) += f( (b), (c), (d) ) + local.X[r] + (k); \
(a) = S( (a), (s) ) + (e); \ (a) = S( (a), (s) ) + (e); \
(c) = S( (c), 10 ); \ (c) = S( (c), 10 ); \
} while( 0 ) } while( 0 )
#define P2( a, b, c, d, e, r, s, rp, sp ) \ #define P2( a, b, c, d, e, r, s, rp, sp ) \
@ -200,22 +203,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
#define K 0x00000000 #define K 0x00000000
#define Fp F5 #define Fp F5
#define Kp 0x50A28BE6 #define Kp 0x50A28BE6
P2( A, B, C, D, E, 0, 11, 5, 8 ); P2( local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8 );
P2( E, A, B, C, D, 1, 14, 14, 9 ); P2( local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9 );
P2( D, E, A, B, C, 2, 15, 7, 9 ); P2( local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9 );
P2( C, D, E, A, B, 3, 12, 0, 11 ); P2( local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11 );
P2( B, C, D, E, A, 4, 5, 9, 13 ); P2( local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13 );
P2( A, B, C, D, E, 5, 8, 2, 15 ); P2( local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15 );
P2( E, A, B, C, D, 6, 7, 11, 15 ); P2( local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15 );
P2( D, E, A, B, C, 7, 9, 4, 5 ); P2( local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5 );
P2( C, D, E, A, B, 8, 11, 13, 7 ); P2( local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7 );
P2( B, C, D, E, A, 9, 13, 6, 7 ); P2( local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7 );
P2( A, B, C, D, E, 10, 14, 15, 8 ); P2( local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8 );
P2( E, A, B, C, D, 11, 15, 8, 11 ); P2( local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11 );
P2( D, E, A, B, C, 12, 6, 1, 14 ); P2( local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14 );
P2( C, D, E, A, B, 13, 7, 10, 14 ); P2( local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14 );
P2( B, C, D, E, A, 14, 9, 3, 12 ); P2( local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12 );
P2( A, B, C, D, E, 15, 8, 12, 6 ); P2( local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6 );
#undef F #undef F
#undef K #undef K
#undef Fp #undef Fp
@ -225,22 +228,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
#define K 0x5A827999 #define K 0x5A827999
#define Fp F4 #define Fp F4
#define Kp 0x5C4DD124 #define Kp 0x5C4DD124
P2( E, A, B, C, D, 7, 7, 6, 9 ); P2( local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9 );
P2( D, E, A, B, C, 4, 6, 11, 13 ); P2( local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13 );
P2( C, D, E, A, B, 13, 8, 3, 15 ); P2( local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15 );
P2( B, C, D, E, A, 1, 13, 7, 7 ); P2( local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7 );
P2( A, B, C, D, E, 10, 11, 0, 12 ); P2( local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12 );
P2( E, A, B, C, D, 6, 9, 13, 8 ); P2( local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8 );
P2( D, E, A, B, C, 15, 7, 5, 9 ); P2( local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9 );
P2( C, D, E, A, B, 3, 15, 10, 11 ); P2( local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11 );
P2( B, C, D, E, A, 12, 7, 14, 7 ); P2( local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7 );
P2( A, B, C, D, E, 0, 12, 15, 7 ); P2( local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7 );
P2( E, A, B, C, D, 9, 15, 8, 12 ); P2( local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12 );
P2( D, E, A, B, C, 5, 9, 12, 7 ); P2( local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7 );
P2( C, D, E, A, B, 2, 11, 4, 6 ); P2( local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6 );
P2( B, C, D, E, A, 14, 7, 9, 15 ); P2( local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15 );
P2( A, B, C, D, E, 11, 13, 1, 13 ); P2( local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13 );
P2( E, A, B, C, D, 8, 12, 2, 11 ); P2( local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11 );
#undef F #undef F
#undef K #undef K
#undef Fp #undef Fp
@ -250,22 +253,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
#define K 0x6ED9EBA1 #define K 0x6ED9EBA1
#define Fp F3 #define Fp F3
#define Kp 0x6D703EF3 #define Kp 0x6D703EF3
P2( D, E, A, B, C, 3, 11, 15, 9 ); P2( local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9 );
P2( C, D, E, A, B, 10, 13, 5, 7 ); P2( local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7 );
P2( B, C, D, E, A, 14, 6, 1, 15 ); P2( local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15 );
P2( A, B, C, D, E, 4, 7, 3, 11 ); P2( local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11 );
P2( E, A, B, C, D, 9, 14, 7, 8 ); P2( local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8 );
P2( D, E, A, B, C, 15, 9, 14, 6 ); P2( local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6 );
P2( C, D, E, A, B, 8, 13, 6, 6 ); P2( local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6 );
P2( B, C, D, E, A, 1, 15, 9, 14 ); P2( local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14 );
P2( A, B, C, D, E, 2, 14, 11, 12 ); P2( local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12 );
P2( E, A, B, C, D, 7, 8, 8, 13 ); P2( local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13 );
P2( D, E, A, B, C, 0, 13, 12, 5 ); P2( local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5 );
P2( C, D, E, A, B, 6, 6, 2, 14 ); P2( local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14 );
P2( B, C, D, E, A, 13, 5, 10, 13 ); P2( local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13 );
P2( A, B, C, D, E, 11, 12, 0, 13 ); P2( local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13 );
P2( E, A, B, C, D, 5, 7, 4, 7 ); P2( local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7 );
P2( D, E, A, B, C, 12, 5, 13, 5 ); P2( local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5 );
#undef F #undef F
#undef K #undef K
#undef Fp #undef Fp
@ -275,22 +278,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
#define K 0x8F1BBCDC #define K 0x8F1BBCDC
#define Fp F2 #define Fp F2
#define Kp 0x7A6D76E9 #define Kp 0x7A6D76E9
P2( C, D, E, A, B, 1, 11, 8, 15 ); P2( local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15 );
P2( B, C, D, E, A, 9, 12, 6, 5 ); P2( local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5 );
P2( A, B, C, D, E, 11, 14, 4, 8 ); P2( local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8 );
P2( E, A, B, C, D, 10, 15, 1, 11 ); P2( local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11 );
P2( D, E, A, B, C, 0, 14, 3, 14 ); P2( local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14 );
P2( C, D, E, A, B, 8, 15, 11, 14 ); P2( local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14 );
P2( B, C, D, E, A, 12, 9, 15, 6 ); P2( local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6 );
P2( A, B, C, D, E, 4, 8, 0, 14 ); P2( local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14 );
P2( E, A, B, C, D, 13, 9, 5, 6 ); P2( local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6 );
P2( D, E, A, B, C, 3, 14, 12, 9 ); P2( local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9 );
P2( C, D, E, A, B, 7, 5, 2, 12 ); P2( local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12 );
P2( B, C, D, E, A, 15, 6, 13, 9 ); P2( local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9 );
P2( A, B, C, D, E, 14, 8, 9, 12 ); P2( local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12 );
P2( E, A, B, C, D, 5, 6, 7, 5 ); P2( local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5 );
P2( D, E, A, B, C, 6, 5, 10, 15 ); P2( local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15 );
P2( C, D, E, A, B, 2, 12, 14, 8 ); P2( local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8 );
#undef F #undef F
#undef K #undef K
#undef Fp #undef Fp
@ -300,33 +303,36 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
#define K 0xA953FD4E #define K 0xA953FD4E
#define Fp F1 #define Fp F1
#define Kp 0x00000000 #define Kp 0x00000000
P2( B, C, D, E, A, 4, 9, 12, 8 ); P2( local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8 );
P2( A, B, C, D, E, 0, 15, 15, 5 ); P2( local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5 );
P2( E, A, B, C, D, 5, 5, 10, 12 ); P2( local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12 );
P2( D, E, A, B, C, 9, 11, 4, 9 ); P2( local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9 );
P2( C, D, E, A, B, 7, 6, 1, 12 ); P2( local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12 );
P2( B, C, D, E, A, 12, 8, 5, 5 ); P2( local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5 );
P2( A, B, C, D, E, 2, 13, 8, 14 ); P2( local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14 );
P2( E, A, B, C, D, 10, 12, 7, 6 ); P2( local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6 );
P2( D, E, A, B, C, 14, 5, 6, 8 ); P2( local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8 );
P2( C, D, E, A, B, 1, 12, 2, 13 ); P2( local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13 );
P2( B, C, D, E, A, 3, 13, 13, 6 ); P2( local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6 );
P2( A, B, C, D, E, 8, 14, 14, 5 ); P2( local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5 );
P2( E, A, B, C, D, 11, 11, 0, 15 ); P2( local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15 );
P2( D, E, A, B, C, 6, 8, 3, 13 ); P2( local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13 );
P2( C, D, E, A, B, 15, 5, 9, 11 ); P2( local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11 );
P2( B, C, D, E, A, 13, 6, 11, 11 ); P2( local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11 );
#undef F #undef F
#undef K #undef K
#undef Fp #undef Fp
#undef Kp #undef Kp
C = ctx->state[1] + C + Dp; local.C = ctx->state[1] + local.C + local.Dp;
ctx->state[1] = ctx->state[2] + D + Ep; ctx->state[1] = ctx->state[2] + local.D + local.Ep;
ctx->state[2] = ctx->state[3] + E + Ap; ctx->state[2] = ctx->state[3] + local.E + local.Ap;
ctx->state[3] = ctx->state[4] + A + Bp; ctx->state[3] = ctx->state[4] + local.A + local.Bp;
ctx->state[4] = ctx->state[0] + B + Cp; ctx->state[4] = ctx->state[0] + local.B + local.Cp;
ctx->state[0] = C; ctx->state[0] = local.C;
/* Zeroise variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &local, sizeof( local ) );
return( 0 ); return( 0 );
} }

View file

@ -155,35 +155,40 @@ void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] ) const unsigned char data[64] )
{ {
uint32_t temp, W[16], A, B, C, D, E; struct
{
uint32_t temp, W[16], A, B, C, D, E;
} local;
SHA1_VALIDATE_RET( ctx != NULL ); SHA1_VALIDATE_RET( ctx != NULL );
SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
GET_UINT32_BE( W[ 0], data, 0 ); GET_UINT32_BE( local.W[ 0], data, 0 );
GET_UINT32_BE( W[ 1], data, 4 ); GET_UINT32_BE( local.W[ 1], data, 4 );
GET_UINT32_BE( W[ 2], data, 8 ); GET_UINT32_BE( local.W[ 2], data, 8 );
GET_UINT32_BE( W[ 3], data, 12 ); GET_UINT32_BE( local.W[ 3], data, 12 );
GET_UINT32_BE( W[ 4], data, 16 ); GET_UINT32_BE( local.W[ 4], data, 16 );
GET_UINT32_BE( W[ 5], data, 20 ); GET_UINT32_BE( local.W[ 5], data, 20 );
GET_UINT32_BE( W[ 6], data, 24 ); GET_UINT32_BE( local.W[ 6], data, 24 );
GET_UINT32_BE( W[ 7], data, 28 ); GET_UINT32_BE( local.W[ 7], data, 28 );
GET_UINT32_BE( W[ 8], data, 32 ); GET_UINT32_BE( local.W[ 8], data, 32 );
GET_UINT32_BE( W[ 9], data, 36 ); GET_UINT32_BE( local.W[ 9], data, 36 );
GET_UINT32_BE( W[10], data, 40 ); GET_UINT32_BE( local.W[10], data, 40 );
GET_UINT32_BE( W[11], data, 44 ); GET_UINT32_BE( local.W[11], data, 44 );
GET_UINT32_BE( W[12], data, 48 ); GET_UINT32_BE( local.W[12], data, 48 );
GET_UINT32_BE( W[13], data, 52 ); GET_UINT32_BE( local.W[13], data, 52 );
GET_UINT32_BE( W[14], data, 56 ); GET_UINT32_BE( local.W[14], data, 56 );
GET_UINT32_BE( W[15], data, 60 ); GET_UINT32_BE( local.W[15], data, 60 );
#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
#define R(t) \ #define R(t) \
( \ ( \
temp = W[( (t) - 3 ) & 0x0F] ^ W[( (t) - 8 ) & 0x0F] ^ \ local.temp = local.W[( (t) - 3 ) & 0x0F] ^ \
W[( (t) - 14 ) & 0x0F] ^ W[ (t) & 0x0F], \ local.W[( (t) - 8 ) & 0x0F] ^ \
( W[(t) & 0x0F] = S(temp,1) ) \ local.W[( (t) - 14 ) & 0x0F] ^ \
local.W[ (t) & 0x0F], \
( local.W[(t) & 0x0F] = S(local.temp,1) ) \
) )
#define P(a,b,c,d,e,x) \ #define P(a,b,c,d,e,x) \
@ -193,35 +198,35 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
(b) = S((b),30); \ (b) = S((b),30); \
} while( 0 ) } while( 0 )
A = ctx->state[0]; local.A = ctx->state[0];
B = ctx->state[1]; local.B = ctx->state[1];
C = ctx->state[2]; local.C = ctx->state[2];
D = ctx->state[3]; local.D = ctx->state[3];
E = ctx->state[4]; local.E = ctx->state[4];
#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define K 0x5A827999 #define K 0x5A827999
P( A, B, C, D, E, W[0] ); P( local.A, local.B, local.C, local.D, local.E, local.W[0] );
P( E, A, B, C, D, W[1] ); P( local.E, local.A, local.B, local.C, local.D, local.W[1] );
P( D, E, A, B, C, W[2] ); P( local.D, local.E, local.A, local.B, local.C, local.W[2] );
P( C, D, E, A, B, W[3] ); P( local.C, local.D, local.E, local.A, local.B, local.W[3] );
P( B, C, D, E, A, W[4] ); P( local.B, local.C, local.D, local.E, local.A, local.W[4] );
P( A, B, C, D, E, W[5] ); P( local.A, local.B, local.C, local.D, local.E, local.W[5] );
P( E, A, B, C, D, W[6] ); P( local.E, local.A, local.B, local.C, local.D, local.W[6] );
P( D, E, A, B, C, W[7] ); P( local.D, local.E, local.A, local.B, local.C, local.W[7] );
P( C, D, E, A, B, W[8] ); P( local.C, local.D, local.E, local.A, local.B, local.W[8] );
P( B, C, D, E, A, W[9] ); P( local.B, local.C, local.D, local.E, local.A, local.W[9] );
P( A, B, C, D, E, W[10] ); P( local.A, local.B, local.C, local.D, local.E, local.W[10] );
P( E, A, B, C, D, W[11] ); P( local.E, local.A, local.B, local.C, local.D, local.W[11] );
P( D, E, A, B, C, W[12] ); P( local.D, local.E, local.A, local.B, local.C, local.W[12] );
P( C, D, E, A, B, W[13] ); P( local.C, local.D, local.E, local.A, local.B, local.W[13] );
P( B, C, D, E, A, W[14] ); P( local.B, local.C, local.D, local.E, local.A, local.W[14] );
P( A, B, C, D, E, W[15] ); P( local.A, local.B, local.C, local.D, local.E, local.W[15] );
P( E, A, B, C, D, R(16) ); P( local.E, local.A, local.B, local.C, local.D, R(16) );
P( D, E, A, B, C, R(17) ); P( local.D, local.E, local.A, local.B, local.C, R(17) );
P( C, D, E, A, B, R(18) ); P( local.C, local.D, local.E, local.A, local.B, R(18) );
P( B, C, D, E, A, R(19) ); P( local.B, local.C, local.D, local.E, local.A, R(19) );
#undef K #undef K
#undef F #undef F
@ -229,26 +234,26 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
#define F(x,y,z) ((x) ^ (y) ^ (z)) #define F(x,y,z) ((x) ^ (y) ^ (z))
#define K 0x6ED9EBA1 #define K 0x6ED9EBA1
P( A, B, C, D, E, R(20) ); P( local.A, local.B, local.C, local.D, local.E, R(20) );
P( E, A, B, C, D, R(21) ); P( local.E, local.A, local.B, local.C, local.D, R(21) );
P( D, E, A, B, C, R(22) ); P( local.D, local.E, local.A, local.B, local.C, R(22) );
P( C, D, E, A, B, R(23) ); P( local.C, local.D, local.E, local.A, local.B, R(23) );
P( B, C, D, E, A, R(24) ); P( local.B, local.C, local.D, local.E, local.A, R(24) );
P( A, B, C, D, E, R(25) ); P( local.A, local.B, local.C, local.D, local.E, R(25) );
P( E, A, B, C, D, R(26) ); P( local.E, local.A, local.B, local.C, local.D, R(26) );
P( D, E, A, B, C, R(27) ); P( local.D, local.E, local.A, local.B, local.C, R(27) );
P( C, D, E, A, B, R(28) ); P( local.C, local.D, local.E, local.A, local.B, R(28) );
P( B, C, D, E, A, R(29) ); P( local.B, local.C, local.D, local.E, local.A, R(29) );
P( A, B, C, D, E, R(30) ); P( local.A, local.B, local.C, local.D, local.E, R(30) );
P( E, A, B, C, D, R(31) ); P( local.E, local.A, local.B, local.C, local.D, R(31) );
P( D, E, A, B, C, R(32) ); P( local.D, local.E, local.A, local.B, local.C, R(32) );
P( C, D, E, A, B, R(33) ); P( local.C, local.D, local.E, local.A, local.B, R(33) );
P( B, C, D, E, A, R(34) ); P( local.B, local.C, local.D, local.E, local.A, R(34) );
P( A, B, C, D, E, R(35) ); P( local.A, local.B, local.C, local.D, local.E, R(35) );
P( E, A, B, C, D, R(36) ); P( local.E, local.A, local.B, local.C, local.D, R(36) );
P( D, E, A, B, C, R(37) ); P( local.D, local.E, local.A, local.B, local.C, R(37) );
P( C, D, E, A, B, R(38) ); P( local.C, local.D, local.E, local.A, local.B, R(38) );
P( B, C, D, E, A, R(39) ); P( local.B, local.C, local.D, local.E, local.A, R(39) );
#undef K #undef K
#undef F #undef F
@ -256,26 +261,26 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
#define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) #define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
#define K 0x8F1BBCDC #define K 0x8F1BBCDC
P( A, B, C, D, E, R(40) ); P( local.A, local.B, local.C, local.D, local.E, R(40) );
P( E, A, B, C, D, R(41) ); P( local.E, local.A, local.B, local.C, local.D, R(41) );
P( D, E, A, B, C, R(42) ); P( local.D, local.E, local.A, local.B, local.C, R(42) );
P( C, D, E, A, B, R(43) ); P( local.C, local.D, local.E, local.A, local.B, R(43) );
P( B, C, D, E, A, R(44) ); P( local.B, local.C, local.D, local.E, local.A, R(44) );
P( A, B, C, D, E, R(45) ); P( local.A, local.B, local.C, local.D, local.E, R(45) );
P( E, A, B, C, D, R(46) ); P( local.E, local.A, local.B, local.C, local.D, R(46) );
P( D, E, A, B, C, R(47) ); P( local.D, local.E, local.A, local.B, local.C, R(47) );
P( C, D, E, A, B, R(48) ); P( local.C, local.D, local.E, local.A, local.B, R(48) );
P( B, C, D, E, A, R(49) ); P( local.B, local.C, local.D, local.E, local.A, R(49) );
P( A, B, C, D, E, R(50) ); P( local.A, local.B, local.C, local.D, local.E, R(50) );
P( E, A, B, C, D, R(51) ); P( local.E, local.A, local.B, local.C, local.D, R(51) );
P( D, E, A, B, C, R(52) ); P( local.D, local.E, local.A, local.B, local.C, R(52) );
P( C, D, E, A, B, R(53) ); P( local.C, local.D, local.E, local.A, local.B, R(53) );
P( B, C, D, E, A, R(54) ); P( local.B, local.C, local.D, local.E, local.A, R(54) );
P( A, B, C, D, E, R(55) ); P( local.A, local.B, local.C, local.D, local.E, R(55) );
P( E, A, B, C, D, R(56) ); P( local.E, local.A, local.B, local.C, local.D, R(56) );
P( D, E, A, B, C, R(57) ); P( local.D, local.E, local.A, local.B, local.C, R(57) );
P( C, D, E, A, B, R(58) ); P( local.C, local.D, local.E, local.A, local.B, R(58) );
P( B, C, D, E, A, R(59) ); P( local.B, local.C, local.D, local.E, local.A, R(59) );
#undef K #undef K
#undef F #undef F
@ -283,35 +288,38 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
#define F(x,y,z) ((x) ^ (y) ^ (z)) #define F(x,y,z) ((x) ^ (y) ^ (z))
#define K 0xCA62C1D6 #define K 0xCA62C1D6
P( A, B, C, D, E, R(60) ); P( local.A, local.B, local.C, local.D, local.E, R(60) );
P( E, A, B, C, D, R(61) ); P( local.E, local.A, local.B, local.C, local.D, R(61) );
P( D, E, A, B, C, R(62) ); P( local.D, local.E, local.A, local.B, local.C, R(62) );
P( C, D, E, A, B, R(63) ); P( local.C, local.D, local.E, local.A, local.B, R(63) );
P( B, C, D, E, A, R(64) ); P( local.B, local.C, local.D, local.E, local.A, R(64) );
P( A, B, C, D, E, R(65) ); P( local.A, local.B, local.C, local.D, local.E, R(65) );
P( E, A, B, C, D, R(66) ); P( local.E, local.A, local.B, local.C, local.D, R(66) );
P( D, E, A, B, C, R(67) ); P( local.D, local.E, local.A, local.B, local.C, R(67) );
P( C, D, E, A, B, R(68) ); P( local.C, local.D, local.E, local.A, local.B, R(68) );
P( B, C, D, E, A, R(69) ); P( local.B, local.C, local.D, local.E, local.A, R(69) );
P( A, B, C, D, E, R(70) ); P( local.A, local.B, local.C, local.D, local.E, R(70) );
P( E, A, B, C, D, R(71) ); P( local.E, local.A, local.B, local.C, local.D, R(71) );
P( D, E, A, B, C, R(72) ); P( local.D, local.E, local.A, local.B, local.C, R(72) );
P( C, D, E, A, B, R(73) ); P( local.C, local.D, local.E, local.A, local.B, R(73) );
P( B, C, D, E, A, R(74) ); P( local.B, local.C, local.D, local.E, local.A, R(74) );
P( A, B, C, D, E, R(75) ); P( local.A, local.B, local.C, local.D, local.E, R(75) );
P( E, A, B, C, D, R(76) ); P( local.E, local.A, local.B, local.C, local.D, R(76) );
P( D, E, A, B, C, R(77) ); P( local.D, local.E, local.A, local.B, local.C, R(77) );
P( C, D, E, A, B, R(78) ); P( local.C, local.D, local.E, local.A, local.B, R(78) );
P( B, C, D, E, A, R(79) ); P( local.B, local.C, local.D, local.E, local.A, R(79) );
#undef K #undef K
#undef F #undef F
ctx->state[0] += A; ctx->state[0] += local.A;
ctx->state[1] += B; ctx->state[1] += local.B;
ctx->state[2] += C; ctx->state[2] += local.C;
ctx->state[3] += D; ctx->state[3] += local.D;
ctx->state[4] += E; ctx->state[4] += local.E;
/* Zeroise buffers and variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &local, sizeof( local ) );
return( 0 ); return( 0 );
} }

View file

@ -209,77 +209,104 @@ static const uint32_t K[] =
#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define R(t) \ #define R(t) \
( \ ( \
W[t] = S1(W[(t) - 2]) + W[(t) - 7] + \ local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
S0(W[(t) - 15]) + W[(t) - 16] \ S0(local.W[(t) - 15]) + local.W[(t) - 16] \
) )
#define P(a,b,c,d,e,f,g,h,x,K) \ #define P(a,b,c,d,e,f,g,h,x,K) \
do \ do \
{ \ { \
temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \ local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
temp2 = S2(a) + F0((a),(b),(c)); \ local.temp2 = S2(a) + F0((a),(b),(c)); \
(d) += temp1; (h) = temp1 + temp2; \ (d) += local.temp1; (h) = local.temp1 + local.temp2; \
} while( 0 ) } while( 0 )
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] ) const unsigned char data[64] )
{ {
uint32_t temp1, temp2, W[64]; struct
uint32_t A[8]; {
uint32_t temp1, temp2, W[64];
uint32_t A[8];
} local;
unsigned int i; unsigned int i;
SHA256_VALIDATE_RET( ctx != NULL ); SHA256_VALIDATE_RET( ctx != NULL );
SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
for( i = 0; i < 8; i++ ) for( i = 0; i < 8; i++ )
A[i] = ctx->state[i]; local.A[i] = ctx->state[i];
#if defined(MBEDTLS_SHA256_SMALLER) #if defined(MBEDTLS_SHA256_SMALLER)
for( i = 0; i < 64; i++ ) for( i = 0; i < 64; i++ )
{ {
if( i < 16 ) if( i < 16 )
GET_UINT32_BE( W[i], data, 4 * i ); GET_UINT32_BE( local.W[i], data, 4 * i );
else else
R( i ); R( i );
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] ); P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3]; local.temp1 = local.A[7]; local.A[7] = local.A[6];
A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1; local.A[6] = local.A[5]; local.A[5] = local.A[4];
local.A[4] = local.A[3]; local.A[3] = local.A[2];
local.A[2] = local.A[1]; local.A[1] = local.A[0];
local.A[0] = local.temp1;
} }
#else /* MBEDTLS_SHA256_SMALLER */ #else /* MBEDTLS_SHA256_SMALLER */
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
GET_UINT32_BE( W[i], data, 4 * i ); GET_UINT32_BE( local.W[i], data, 4 * i );
for( i = 0; i < 16; i += 8 ) for( i = 0; i < 16; i += 8 )
{ {
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] ); P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] ); local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] ); P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] ); local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] ); P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] ); local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] ); P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] ); local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
} }
for( i = 16; i < 64; i += 8 ) for( i = 16; i < 64; i += 8 )
{ {
P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] ); P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] ); local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] ); P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] ); local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] ); P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] ); local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] ); P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] ); local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
} }
#endif /* MBEDTLS_SHA256_SMALLER */ #endif /* MBEDTLS_SHA256_SMALLER */
for( i = 0; i < 8; i++ ) for( i = 0; i < 8; i++ )
ctx->state[i] += A[i]; ctx->state[i] += local.A[i];
/* Zeroise buffers and variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &local, sizeof( local ) );
return( 0 ); return( 0 );
} }

View file

@ -243,8 +243,11 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
const unsigned char data[128] ) const unsigned char data[128] )
{ {
int i; int i;
uint64_t temp1, temp2, W[80]; struct
uint64_t A, B, C, D, E, F, G, H; {
uint64_t temp1, temp2, W[80];
uint64_t A, B, C, D, E, F, G, H;
} local;
SHA512_VALIDATE_RET( ctx != NULL ); SHA512_VALIDATE_RET( ctx != NULL );
SHA512_VALIDATE_RET( (const unsigned char *)data != NULL ); SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
@ -261,56 +264,67 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define P(a,b,c,d,e,f,g,h,x,K) \ #define P(a,b,c,d,e,f,g,h,x,K) \
do \ do \
{ \ { \
temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \ local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
temp2 = S2(a) + F0((a),(b),(c)); \ local.temp2 = S2(a) + F0((a),(b),(c)); \
(d) += temp1; (h) = temp1 + temp2; \ (d) += local.temp1; (h) = local.temp1 + local.temp2; \
} while( 0 ) } while( 0 )
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
{ {
GET_UINT64_BE( W[i], data, i << 3 ); GET_UINT64_BE( local.W[i], data, i << 3 );
} }
for( ; i < 80; i++ ) for( ; i < 80; i++ )
{ {
W[i] = S1(W[i - 2]) + W[i - 7] + local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
S0(W[i - 15]) + W[i - 16]; S0(local.W[i - 15]) + local.W[i - 16];
} }
A = ctx->state[0]; local.A = ctx->state[0];
B = ctx->state[1]; local.B = ctx->state[1];
C = ctx->state[2]; local.C = ctx->state[2];
D = ctx->state[3]; local.D = ctx->state[3];
E = ctx->state[4]; local.E = ctx->state[4];
F = ctx->state[5]; local.F = ctx->state[5];
G = ctx->state[6]; local.G = ctx->state[6];
H = ctx->state[7]; local.H = ctx->state[7];
i = 0; i = 0;
do do
{ {
P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++; P( local.A, local.B, local.C, local.D, local.E,
P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++; local.F, local.G, local.H, local.W[i], K[i] ); i++;
P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++; P( local.H, local.A, local.B, local.C, local.D,
P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++; local.E, local.F, local.G, local.W[i], K[i] ); i++;
P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++; P( local.G, local.H, local.A, local.B, local.C,
P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++; local.D, local.E, local.F, local.W[i], K[i] ); i++;
P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++; P( local.F, local.G, local.H, local.A, local.B,
P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++; local.C, local.D, local.E, local.W[i], K[i] ); i++;
P( local.E, local.F, local.G, local.H, local.A,
local.B, local.C, local.D, local.W[i], K[i] ); i++;
P( local.D, local.E, local.F, local.G, local.H,
local.A, local.B, local.C, local.W[i], K[i] ); i++;
P( local.C, local.D, local.E, local.F, local.G,
local.H, local.A, local.B, local.W[i], K[i] ); i++;
P( local.B, local.C, local.D, local.E, local.F,
local.G, local.H, local.A, local.W[i], K[i] ); i++;
} }
while( i < 80 ); while( i < 80 );
ctx->state[0] += A; ctx->state[0] += local.A;
ctx->state[1] += B; ctx->state[1] += local.B;
ctx->state[2] += C; ctx->state[2] += local.C;
ctx->state[3] += D; ctx->state[3] += local.D;
ctx->state[4] += E; ctx->state[4] += local.E;
ctx->state[5] += F; ctx->state[5] += local.F;
ctx->state[6] += G; ctx->state[6] += local.G;
ctx->state[7] += H; ctx->state[7] += local.H;
/* Zeroise buffers and variables to clear sensitive data from memory. */
mbedtls_platform_zeroize( &local, sizeof( local ) );
return( 0 ); return( 0 );
} }

View file

@ -1088,6 +1088,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
if( crt->sig_oid.len != sig_oid2.len || if( crt->sig_oid.len != sig_oid2.len ||
memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
sig_params1.tag != sig_params2.tag ||
sig_params1.len != sig_params2.len || sig_params1.len != sig_params2.len ||
( sig_params1.len != 0 && ( sig_params1.len != 0 &&
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )

View file

@ -157,7 +157,11 @@ cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
all_final += cli-rsa-sha256.crt.der all_final += cli-rsa-sha256.crt.der
cli-rsa.key.der: $(cli_crt_key_file_rsa) cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der
hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@
all_final += cli-rsa-sha256-badalg.crt.der
cli-rsa.key.der: $(cli_crt_key_file_rsa)
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
all_final += cli-rsa.key.der all_final += cli-rsa.key.der

Binary file not shown.

View file

@ -22,10 +22,16 @@ dhm_do_dhm:10:"3":10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
Diffie-Hellman zero modulus Diffie-Hellman zero modulus
dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman load parameters from file Diffie-Hellman MPI_MAX_SIZE modulus
dhm_make_public:MBEDTLS_MPI_MAX_SIZE:10:"5":0
Diffie-Hellman MPI_MAX_SIZE + 1 modulus
dhm_make_public:MBEDTLS_MPI_MAX_SIZE + 1:10:"5":MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Diffie-Hellman load parameters from file [#1]
dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128 dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
Diffie-Hellman load parameters from file Diffie-Hellman load parameters from file [#2]
dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256 dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
Diffie-Hellman selftest Diffie-Hellman selftest

View file

@ -206,6 +206,36 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void dhm_make_public( int P_bytes, int radix_G, char *input_G, int result )
{
mbedtls_mpi P, G;
mbedtls_dhm_context ctx;
unsigned char output[MBEDTLS_MPI_MAX_SIZE];
mbedtls_mpi_init( &P );
mbedtls_mpi_init( &G );
mbedtls_dhm_init( &ctx );
TEST_ASSERT( mbedtls_mpi_lset( &P, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &G, radix_G, input_G ) == 0 );
TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 );
TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ),
output, sizeof(output),
&rnd_pseudo_rand,
NULL ) == result );
exit:
mbedtls_mpi_free( &P );
mbedtls_mpi_free( &G );
mbedtls_dhm_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void dhm_file( char * filename, char * p, char * g, int len ) void dhm_file( char * filename, char * p, char * g, int len )
{ {

View file

@ -673,16 +673,36 @@ mbedtls_mpi_exp_mod:10:"-23":10:"13":10:"29":10:"":10:"5":0
Base test mbedtls_mpi_exp_mod #5 (Negative exponent) Base test mbedtls_mpi_exp_mod #5 (Negative exponent)
mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #7 (Negative base + exponent) Base test mbedtls_mpi_exp_mod #6 (Negative base + exponent)
mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_exp_mod: MAX_SIZE exponent
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:10:"":0
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 exponent
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:10:10:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_exp_mod: MAX_SIZE modulus
mbedtls_mpi_exp_mod_size:2:2:MBEDTLS_MPI_MAX_SIZE:10:"":0
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 modulus
mbedtls_mpi_exp_mod_size:2:2:MBEDTLS_MPI_MAX_SIZE + 1:10:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_exp_mod: MAX_SIZE exponent and modulus
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:10:"":0
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 exponent and modulus
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:MBEDTLS_MPI_MAX_SIZE + 1:10:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_exp_mod #1 Test mbedtls_mpi_exp_mod #1
depends_on:MPI_MAX_BITS_LARGER_THAN_792
mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0 mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0
Test mbedtls_mpi_exp_mod (Negative base) Test mbedtls_mpi_exp_mod (Negative base)
mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"":10:"1":0 mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"":10:"1":0
Test mbedtls_mpi_exp_mod (Negative base) Test mbedtls_mpi_exp_mod (Negative base) [#2]
depends_on:MPI_MAX_BITS_LARGER_THAN_792
mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0 mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
Base test GCD #1 Base test GCD #1
@ -923,6 +943,48 @@ mbedtls_mpi_set_bit:16:"00":32:1:16:"0100000000":0
Test bit set (Invalid bit value) Test bit set (Invalid bit value)
mbedtls_mpi_set_bit:16:"00":5:2:16:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA mbedtls_mpi_set_bit:16:"00":5:2:16:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Fill random: 0 bytes
mpi_fill_random:0:0:0
Fill random: 1 byte, good
mpi_fill_random:1:1:0
Fill random: 2 bytes, good, no leading zero
mpi_fill_random:2:2:0
Fill random: 2 bytes, good, 1 leading zero
mpi_fill_random:2:256:0
Fill random: MAX_SIZE - 7, good
mpi_fill_random:MBEDTLS_MPI_MAX_SIZE - 7:MBEDTLS_MPI_MAX_SIZE - 7:0
Fill random: MAX_SIZE, good
mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:0
Fill random: 1 byte, RNG failure
mpi_fill_random:1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 2 bytes, RNG failure after 1 byte
mpi_fill_random:2:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 4 bytes, RNG failure after 3 bytes
mpi_fill_random:4:3:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 8 bytes, RNG failure after 7 bytes
mpi_fill_random:8:7:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 1 bytes
mpi_fill_random:16:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 8 bytes
mpi_fill_random:16:8:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 15 bytes
mpi_fill_random:16:15:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: MAX_SIZE bytes, RNG failure after MAX_SIZE-1 bytes
mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE-1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
MPI Selftest MPI Selftest
depends_on:MBEDTLS_SELF_TEST depends_on:MBEDTLS_SELF_TEST
mpi_selftest: mpi_selftest:

View file

@ -1,5 +1,10 @@
/* BEGIN_HEADER */ /* BEGIN_HEADER */
#include "mbedtls/bignum.h" #include "mbedtls/bignum.h"
#include "mbedtls/entropy.h"
#if MBEDTLS_MPI_MAX_BITS > 792
#define MPI_MAX_BITS_LARGER_THAN_792
#endif
typedef struct mbedtls_test_mpi_random typedef struct mbedtls_test_mpi_random
{ {
@ -43,6 +48,22 @@ int mbedtls_test_mpi_miller_rabin_determinizer( void* state,
return( 0 ); return( 0 );
} }
/* Random generator that is told how many bytes to return. */
static int f_rng_bytes_left( void *state, unsigned char *buf, size_t len )
{
size_t *bytes_left = state;
size_t i;
for( i = 0; i < len; i++ )
{
if( *bytes_left == 0 )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
buf[i] = *bytes_left & 0xff;
--( *bytes_left );
}
return( 0 );
}
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
@ -1114,6 +1135,40 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void mbedtls_mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes,
int radix_RR, char * input_RR, int exp_result )
{
mbedtls_mpi A, E, N, RR, Z;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z );
/* Set A to 2^(A_bytes - 1) + 1 */
TEST_ASSERT( mbedtls_mpi_lset( &A, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &A, ( A_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &A, 0, 1 ) == 0 );
/* Set E to 2^(E_bytes - 1) + 1 */
TEST_ASSERT( mbedtls_mpi_lset( &E, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &E, ( E_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 1 ) == 0 );
/* Set N to 2^(N_bytes - 1) + 1 */
TEST_ASSERT( mbedtls_mpi_lset( &N, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &N, ( N_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 );
if( strlen( input_RR ) )
TEST_ASSERT( mbedtls_mpi_read_string( &RR, radix_RR, input_RR ) == 0 );
TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result );
exit:
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z );
}
/* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y, void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y,
char * input_Y, int radix_A, char * input_A, char * input_Y, int radix_A, char * input_A,
@ -1255,6 +1310,37 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void mpi_fill_random( int wanted_bytes, int rng_bytes, int expected_ret )
{
mbedtls_mpi X;
int ret;
size_t bytes_left = rng_bytes;
mbedtls_mpi_init( &X );
ret = mbedtls_mpi_fill_random( &X, wanted_bytes,
f_rng_bytes_left, &bytes_left );
TEST_ASSERT( ret == expected_ret );
if( expected_ret == 0 )
{
/* mbedtls_mpi_fill_random is documented to use bytes from the RNG
* as a big-endian representation of the number. We know when
* our RNG function returns null bytes, so we know how many
* leading zero bytes the number has. */
size_t leading_zeros = 0;
if( wanted_bytes > 0 && rng_bytes % 256 == 0 )
leading_zeros = 1;
TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros ==
(size_t) wanted_bytes );
TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes );
}
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void mpi_selftest( ) void mpi_selftest( )
{ {

View file

@ -1,8 +1,8 @@
Check compiletime library version Check compiletime library version
check_compiletime_version:"2.16.8" check_compiletime_version:"2.16.9"
Check runtime library version Check runtime library version
check_runtime_version:"2.16.8" check_runtime_version:"2.16.9"
Check for MBEDTLS_VERSION_C Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0 check_feature:"MBEDTLS_VERSION_C":0

View file

@ -1884,6 +1884,10 @@ X509 File parse (trailing spaces, OK)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509parse_crt_file:"data_files/server7_trailing_space.crt":0 x509parse_crt_file:"data_files/server7_trailing_space.crt":0
X509 File parse (Algorithm Params Tag mismatch)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH
X509 Get time (UTC no issues) X509 Get time (UTC no issues)
depends_on:MBEDTLS_X509_USE_C depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0 x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0